Security & IT News

Convenience store chain giant 7-Eleven confirmed that its systems were breached in a cyberattack claimed by the ShinyHunters extortion group last month. [...]

Torrance, United States / California, 19th May 2026, CyberNewswire

Microsoft's total vulnerability count stayed steady in 2025, but critical flaws surged year over year. BeyondTrust breaks down why attackers are increasingly focused on privilege escalation and identity abuse. [...]

New York, United States, 19th May 2026, CyberNewswire

AI-powered vulnerability scanning leaves no excuse for unpatched bugs as the EU Cyber Resilience Act pushes firms toward secure-by-design software

IT teams are increasingly overwhelmed by alerts from disconnected systems, forcing responders to manually coordinate investigations during network incidents. This webinar explores how automation and AI-assisted workflows can help reduce response delays and improve operational coordination. [...]

p a href= https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-139-05.json strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of this vulnerability could allow an attacker to take control of the victim's browser. /strong /p p The following versions of Kieback amp; Peter DDC Building Controllers are affected: /p ul li DDC4002 lt;=1.12.14 (CVE-2026-4293) /li li DDC4100 lt;=1.12.14 (CVE-2026-4293) /li li DDC4200 lt;=1.12.14 (CVE-2026-4293) /li li DDC4200-L lt;=1.12.14 (CVE-2026-4293) /li li DDC4400 lt;=1.12.14 (CVE-2026-4293) /li li DDC4002e lt;=1.23.4 (CVE-2026-4293) /li li DDC4200e lt;=1.23.4 (CVE-2026-4293) /li li DDC4400e lt;=1.23.4 (CVE-2026-4293) /li li DDC4020e lt;=1.23.4 (CVE-2026-4293) /li li DDC4040e lt;=1.23.4 (CVE-2026-4293) /li li DDC520 lt;=1.24.1 (CVE-2026-4293) /li /ul div class= csaf-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priority= persist CVSS /th th role= columnheader Vendor /th th role= columnheader Equipment /th th role= columnheader Vulnerabilities /th /tr /thead tbody tr td v3 5.3 /td td Kieback amp; Peter /td td Kieback amp; Peter DDC Building Controllers /td td Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Commercial Facilities, Communications, Financial Services, Food and Agriculture, Government Services and Facilities, Healthcare and Public Health, Information Technology /li li strong Countries/Areas Deployed: /strong Austria, China, France, Germany, United Arab Emirates /li li strong Company Headquarters Location: /strong Germany /li /ul hr h2 Vulnerabilities /h2 div class= csaf-accordion p a class= csaf-accordion-toggle-all href= # Expand All + /a /p div class= csaf-accordion-item h3 a class= csaf-accordion-toggle href= # CVE-2026-4293 /a /h3 div class= csaf-accordion-content p The affected products are vulnerable to cross-site scripting (XSS), enabling JavaScript to be executed by the victim's browser, which allows the attacker to control the browser. /p p a href= https://www.cve.org/CVERecord?id=CVE-2026-4293 View CVE Details /a /p hr h4 Affected Products /h4 h5 Kieback amp; Peter DDC Building Controllers /h5 div class= ics-vendor-version-status div class= ics-vendor strong Vendor: /strong br Kieback amp; Peter /div div class= ics-version strong Product Version: /strong br Kieback amp; Peter DDC4002: lt;=1.12.14, Kieback amp; Peter DDC4100: lt;=1.12.14, Kieback amp; Peter DDC4200: lt;=1.12.14, Kieback amp; Peter DDC4200-L: lt;=1.12.14, Kieback amp; Peter DDC4400: lt;=1.12.14, Kieback amp; Peter DDC4002e: lt;=1.23.4, Kieback amp; Peter DDC4200e: lt;=1.23.4, Kieback amp; Peter DDC4400e: lt;=1.23.4, Kieback amp; Peter DDC4020e: lt;=1.23.4, Kieback amp; Peter DDC4040e: lt;=1.23.4, Kieback amp; Peter DDC520: lt;=1.24.1 /d

p a href= https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-139-02.json strong View CSAF /strong /a /p h2 Summary /h2 p strong A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available. Customers are advised to consult and implement the workarounds provided in Palo Alto Networks' upstream security notifications. [1] https://security.paloaltonetworks.com/ /strong /p p The following versions of Siemens RUGGEDCOM APE1808 Devices are affected: /p ul li RUGGEDCOM APE1808 vers:all/* (CVE-2026-0300) /li /ul div class= csaf-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priority= persist CVSS /th th role= columnheader Vendor /th th role= columnheader Equipment /th th role= columnheader Vulnerabilities /th /tr /thead tbody tr td v3 10 /td td Siemens /td td Siemens RUGGEDCOM APE1808 Devices /td td Out-of-bounds Write /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Critical Manufacturing /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Germany /li /ul hr h2 Vulnerabilities /h2 div class= csaf-accordion p a class= csaf-accordion-toggle-all href= # Expand All + /a /p div class= csaf-accordion-item h3 a class= csaf-accordion-toggle href= # CVE-2026-0300 /a /h3 div class= csaf-accordion-content p A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. /p p a href= https://www.cve.org/CVERecord?id=CVE-2026-0300 View CVE Details /a /p hr h4 Affected Products /h4 h5 Siemens RUGGEDCOM APE1808 Devices /h5 div class= ics-vendor-version-status div class= ics-vendor strong Vendor: /strong br Siemens /div div class= ics-version strong Product Version: /strong br RUGGEDCOM APE1808 /div div class= ics-status strong Product Status: /strong br known_affected /div /div div class= ics-remediations h6 Remediations /h6 p strong Mitigation /strong br Disable Response Pages in the Interface Management Profile attached to every L3 interface in any zone where untrusted/internet traffic can ingress. Keep Response Pages enabled only on interfaces in trust/internal zones where legitimate users' browsers ingress /p p strong Mitigation /strong br Disable User-ID™ Authentication Portal if not required /p p strong Mitigation /strong br Restrict access to the User

p a href= https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-139-01.json strong View CSAF /strong /a /p h2 Summary /h2 p strong An update is available that resolves vulnerability in the product versions listed as affected in this advisory. A path traversal vulnerability in these products can allow unauthenticated users to gain access to restricted directories. Exploiting this vulnerability can lead to complete system compromise and exposure of sensitive information. /strong /p p The following versions of ABB CoreSense HM and CoreSense M10 are affected: /p ul li CoreSense™ HM lt;=2.3.1, 2.3.4 (CVE-2025-3465) /li li CoreSense™ M10 lt;=1.4.1.12, 1.4.1.31 (CVE-2025-3465) /li /ul div class= csaf-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priority= persist CVSS /th th role= columnheader Vendor /th th role= columnheader Equipment /th th role= columnheader Vulnerabilities /th /tr /thead tbody tr td v3 7.1 /td td ABB /td td ABB CoreSense HM and CoreSense M10 /td td Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Food and Agriculture, Commercial Facilities, Critical Manufacturing /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Switzerland /li /ul hr h2 Vulnerabilities /h2 div class= csaf-accordion p a class= csaf-accordion-toggle-all href= # Expand All + /a /p div class= csaf-accordion-item h3 a class= csaf-accordion-toggle href= # CVE-2025-3465 /a /h3 div class= csaf-accordion-content p A path traversal vulnerability in these products can allow unauthenticated users to gain access to restricted directories. Exploiting this vulnerability can lead to complete system compromise and exposure of sensitive information. /p p a href= https://www.cve.org/CVERecord?id=CVE-2025-3465 View CVE Details /a /p hr h4 Affected Products /h4 h5 ABB CoreSense HM and CoreSense M10 /h5 div class= ics-vendor-version-status div class= ics-vendor strong Vendor: /strong br ABB /div div class= ics-version strong Product Version: /strong br CoreSense™ HM lt;=2.3.1, CoreSense™ M10 lt;=1.4.1.12 /div div class= ics-status strong Product Status: /strong br fixed, known_affected /div /div div class= ics-remediations h6 Remediations /h6 p strong Vendor fix /strong br The vulnerabilities are corrected in the following version: CoreSense™ HM v2.3.4 amp; CoreSense™ M10 v1.4.1.31 ABB recommends that customers apply the update at the earliest convenience. /p /div p strong Relevant CWE: /strong a href= https://cwe.mitre.org/data/definitions/22.html CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') /a /p hr h4 Metrics /h4 div class= csaf-table csaf-metrics-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-table

p a href= https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-139-04.json strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of this vulnerability could result in information disclosure, including capture of camera account credentials. /strong /p p The following versions of ZKTeco CCTV Cameras are affected: /p ul li SSC335-GC2063-Face-0b77 Solution /li /ul div class= csaf-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priority= persist CVSS /th th role= columnheader Vendor /th th role= columnheader Equipment /th th role= columnheader Vulnerabilities /th /tr /thead tbody tr td v3 9.1 /td td ZKTeco /td td ZKTeco CCTV Cameras /td td Authentication Bypass Using an Alternate Path or Channel /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Commercial Facilities /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong China /li /ul hr h2 Vulnerabilities /h2 div class= csaf-accordion p a class= csaf-accordion-toggle-all href= # Expand All + /a /p div class= csaf-accordion-item h3 a class= csaf-accordion-toggle href= # CVE-2026-8598 /a /h3 div class= csaf-accordion-content p An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about the camera such as open services and camera account credentials. /p p a href= https://www.cve.org/CVERecord?id=CVE-2026-8598 View CVE Details /a /p hr h4 Affected Products /h4 h5 ZKTeco CCTV Cameras /h5 div class= ics-vendor-version-status div class= ics-vendor strong Vendor: /strong br ZKTeco /div div class= ics-version strong Product Version: /strong br ZKTeco SSC335-GC2063-Face-0b77 Solution: lt;V5.0.1.2.20260421 /div div class= ics-status strong Product Status: /strong br known_affected /div /div div class= ics-remediations h6 Remediations /h6 p strong Mitigation /strong br ZKTeco has patched this vulnerability in firmware version V5.0.1.2.20260421. ZKTeco recommends that users upgrade to firmware version V5.0.1.2.20260421 or later at their earliest opportunity. /p p strong Mitigation /strong br Please see the security advisory from ZKTeco here: https://www.zkteco.com/en/announcement/23 for further information. br a href= https://www.zkteco.com/en/announcement/23 https://www.zkteco.com/en/announcement/23 /a /p /div p strong Relevant CWE: /strong a href= https://cwe.mitre.org/data/definitions/288.html CWE-288 Authentication Bypass Using an Alternate Path or Channel /a /p hr h4 Metrics /h4 div class= csaf-table csaf-metrics-table table class= tablesaw tablesaw-stack data-tablesaw-mode= stack data-tablesaw-minimap thead tr th role= columnheader data-tablesaw-priority= persist CVSS Version /th th role= columnheader Base Score /th th role= columnheader Base Severity /th

Digital.ai data reveals 87% of apps were attacked over the past year

In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries. The targets of the platform received a message asking them to enter a short code at microsoft.com/devicelogin and complete their normal MFA challenge, then walked away believing they had verified a

Microsoft says customers in restricted network environments may encounter Windows Update failures after installing the January 2026 optional non-security preview updates. [...]

Not by name, but Laurie Anderson quotes me in one of the tracks of her new album: My favorite quote is from a cryptologist who said “If you think technology will solve your problems, you don’t understand technology and you don’t understand your problems.” Also in interviews : “Of course, it’s ridiculous, outrageous, blah, blah, blah,” Anderson says about the ad. ‘But, I mean, my favorite quote on this is from a cryptologist who said, ‘If you think technology will solve your problems, you don’t understand technology ­ and you don’t understand your problems.’ And I think I’m completely on board with that.” People are telling me that she has been reciting this quote in performances for years. (I lost track of her since college and her 1981 hit “ O Superman .”) The origins of the quote is from Roger Needham : If you think cryptography can solve your problem, you don’t understand your problem and you don’t understand cryptography. I modified the quote in the preface to my 2000 book Secrets and Lies : A few years ago I heard a quotation, and I am going to modify it here: If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology. I can’t tell you why me in 2000 didn’t credit Needham by name. I should have. I have used the quote pretty consistently since then. Somewhere along the line I dropped “security” from the phrase, and now say it more like Anderson quotes me: If you think technology will solve your problem, you don’t understand your problem and you don’t understand technology. I sometimes use singular and sometimes use plural. Sometimes I say “the problem” and “the technology.” But I think the quote flows better ending with just the word “technology.”

Drupal has issued an alert stating that it intends to release a "core security release" for all supported branches on May 20, 2026, from 5-9 p.m. UTC. "The Drupal Security Team urges you to reserve time for core updates at that time because exploits might be developed within hours or days," the maintainers of the PHP-based content management system (CMS) said. "Not all configurations are

There’s a quiet pattern among the agencies that consistently outperform their competitors. Their client retention rates are higher.…

Hackers are actively exploiting the Nginx Rift vulnerability affecting NGINX and F5 products, exposing servers to denial-of-service attacks.

Critical security vulnerabilities have been disclosed in SEPPMail Secure E-Mail Gateway, an enterprise-grade email security solution, that could be exploited to achieve remote code execution and enable an attacker to read arbitrary mails from the virtual appliance. "These vulnerabilities could have been exploited to read all mail traffic or as an entry vector into the internal network,"

Open source tool maker Grafana says hackers stole codebase via GitHub breach

Bridewell report calls out emergence of “fix-style” attacks