Security & IT News

CVSSv3 Score: 9.1 A missing authorization vulnerability [CWE-862] in FortiSandbox, FortiSandbox Cloud and FortiSandbox PaaS WEB UI may allow an unauthenticated attacker to execute unauthorized code or commands via HTTP requests. Revised on 2026-05-12 00:00:00

CVSSv3 Score: 8.3 An Out-Of-Bounds Write vulnerability [CWE-787] in FortiOS capwap daemon may allow an attacker controlling an authenticated FortiAP FortiExtender or FortiSwitch to gain execution privileges on the FortiGate device Revised on 2026-05-12 00:00:00

CVSSv3 Score: 5.1 An improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability [CWE-89] in FortiNDR may allow an authenticated attacker to execute arbitrary SQL commands on selected databases and tables via specifically crafted HTTP requests. Revised on 2026-05-12 00:00:00

OpenAI has launched Daybreak, a new cybersecurity initiative that brings together frontier artificial intelligence (AI) model capabilities and Codex Security to help organizations identify and patch vulnerabilities before attackers find a way in using the same issues. "Daybreak combines the intelligence of OpenAI models, the extensibility of Codex as an agentic harness, and our partners across

Apple on Monday officially released iOS 26.5 with support for end-to-end encryption (E2EE) to Rich Communication Services (RCS) in beta as part of a "cross-industry effort" to replace traditional SMS with a more secure alternative. To that end, E2EE RCS messaging is rolling out to iPhone users running iOS 26.5 with supported carriers and Android users on the latest version of Google Messages.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

California Attorney General Rob Bonta announced a proposed $12.75 million settlement agreement with General Motors (GM) over allegations that the company violated the California Consumer Privacy Act (CCPA). [...]

Apple today released its typical feature update across it's operating systems (iOS, iPadOS, macOS, tvOS, watchOS, vision OS). With this update, Apple patched 84 different vulnerabilities. Updates are available for the 26 series of operating systems, as well as for the previous 18 version of iOS/iPadOS, and two versions back for macOS (version 14 and 15). None of the vulnerabilities has been exploited. The number of addressed vulnerabilities is about average compared to similar Apple updates. Figure: Number of Vulnerabilities patched for each security update. Last one in red at the end. iOS 26.5 and iPadOS 26.5 iOS 18.7.9 and iPadOS 18.7.9 macOS Tahoe 26.5 macOS Sequoia 15.7.7 macOS Sonoma 14.8.7 tvOS 26.5 watchOS 26.5 visionOS 26.5 CVE-2025-43524: An app may be able to break out of its sandbox. Affects Icons x x CVE-2026-28819: An app may be able to execute arbitrary code with kernel privileges. Affects Wi-Fi x x x x CVE-2026-28840: An app may be able to gain root privileges. Affects PackageKit x x CVE-2026-28846: A remote attacker may be able to cause unexpected app termination. Affects SceneKit x x x x x x x x CVE-2026-28848: A remote attacker may be able to cause unexpected system termination. Affects SMB x x CVE-2026-28870: An app may be able to access sensitive user data. Affects GeoServices x CVE-2026-28872: A remote attacker may be able to cause a denial-of-service. Affects Calendar x CVE-2026-28873: An app may be able to circumvent App Privacy Report logging. Affects Privacy x CVE-2026-28877: An app may be able to access sensitive user data. Affects Accounts x CVE-2026-28878: An app may be able to enumerate a user's installed apps. Affects Crash Reporter x CVE-2026-28882: An app may be able to enumerate a user's installed apps. Affects libxpc x CVE-2026-28883: Processing maliciously crafted web content may lead to an unexpected process crash. Affects WebKit x x x x x CVE-2026-28894: A remote attacker may be able to cause a denial-of-service. Affects Calling Framework x CVE-2026-28897: A local user may be able to cause unexpected system termination or read kernel memory. Affects Kernel x x x x x x x x CVE-2026-28901: Processing maliciously crafted web content may lead to an unexpected process crash. Affects WebKit x CVE-2026-28906: An attacker may be able to track users through their IP address. Affects Networking x x x x x x CVE-2026-28907: Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Affects WebKit x x x x x x CVE-2026-28908: An app may be able to modify protected parts of the file system. Affects Kernel x x x CVE-2026-28913: Processing maliciously crafted web content may lead to an unexpected process crash. Affects WebKit x x x x CVE-2026-28914: A maliciously crafted ZIP archive may bypass Gatekeeper checks. Affects zip x CVE-2026-28915: An app may be able to gain root privileges. Affects CUPS x x x CVE-2026-28917: Processing maliciously crafted web content may lead to a

Checkmarx warned over the weekend that a rogue version of its Jenkins Application Security Testing (AST) plugin had been published on the Jenkins Marketplace. [...]

Google researchers say hackers used AI to develop zero-day exploits, Android backdoors, and automated supply chain attacks targeting GitHub and PyPI.

Checkmarx has confirmed that a modified version of the Jenkins AST plugin was published to the Jenkins Marketplace. "If you are using Checkmarx Jenkins AST plugin, you need to ensure that you are using the version 2.0.13-829.vc72453fa_1c16 that was published on December 17, 2025 or previously," the cybersecurity company said in a statement over the weekend. As of writing, Checkmarx has released

A threat actor named Mr_Rot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor codenamed Filemanager on compromised environments. The attack exploits CVE-2026-41940, a vulnerability impacting cPanel and WebHost Manager (WHM) that could result in an authentication bypass and allow remote attackers to gain elevated control of the control

Google on Monday disclosed that it identified an unknown threat actor using a zero-day exploit that it said was likely developed with an artificial intelligence (AI) system, marking the first time the technology has been put to use in the wild in a malicious context for vulnerability discovery and exploit generation. The activity is said to be the work of cybercrime threat actors who appear to

ThreatFabric finds new TrickMo Android banking trojan variant routing C2 through The Open Network

Two new high-severity vulnerabilities, dubbed ’Dirty Frag’ when chained, have been found in the Linux kernel, affecting most Linux distributions

A few months ago, I implemented Cloudflare's Turnstile CAPTCHA on some pages. The reason for implementing these CAPTCHAs is obvious: Bots make up a large percentage of traffic and affect site performance. So I figured it was a good time to look back and see how effective these CAPTCHA are. The quick number: Out of about 300 requests, only 1 passed the test. Or 99.7% of requests came from bots. And this is after we have been running this for a few months. Some bots may have stopped scanning the page. But what about false positives? One false positive I noted from the login page was people clicking Submit on the login form before the CAPTCHA test was completed. This was easily fixed with a bit of JavaScript, which enabled the button only after a test was completed. Some of the top offenders: 219.117.237.208. - resolves to 219.117.237.208.static.zoot.jp and appears to be some kind of spider 18.229.88.75 - an AWS host, also attempting to download our IP data 164.52.120.0/24 - Cloud provider in HK 2a03:2880:f806::/48 - Facebook Ireland So far, I have received only a few complaints about false positives (aside from the now fixed login page issue). Why I selected Turnstile over other CAPTCHA options: Cloudflare's turnstile implementation appears to have fewer privacy issues than others, like Google Recaptcha They are in my opinion, low impact to the user Implementing them on the site wasn't too difficult We already use Cloudflare as a CDN. They work well enough CAPTCHA can often be bypassed. The right CAPTCHA solution makes it hard enough for an attacker to bypass that the value of the data they would be getting is not worth the effort. -- Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu Twitter | (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Ontinue uncovers fake Claude Code installer pushing PowerShell stealer abusing Chrome's IElevator2

Romanian national Gavril Sandu faces up to 30 years in a US prison after extradition over a VOIP vishing and fake debit card fraud scheme.

Google Threat Intelligence Group details how cybercriminals attempted to launch a campaign based around an AI-developed Zero-Day targeting open-source software

The Rapid7 2026 Global Cybersecurity Summit is just around the corner, and with it, a final opportunity to join the conversations shaping how security teams are adapting to a rapidly changing landscape. Over the past few weeks, we’ve shared a preview of what to expect, from the sessions and speakers to the themes running across the agenda. What has become increasingly clear is how closely these topics are connected. Security teams are being asked to move beyond reacting to incidents and instead understand how attacks begin, how they evolve, and how decisions can be made earlier with greater confidence. What you will gain from attending Across two days, the summit is structured to reflect how security teams actually operate. The first day builds a shared understanding of how the threat landscape has shifted, while the second day offers more focused sessions tailored to both leaders and practitioners. Sessions such as The Reality of Running a SOC in 2026 and Inside the Modern SOC explore how attacks unfold in practice, following signals from initial access through to response. These discussions highlight how analysts interpret activity across identity, cloud, and endpoint environments, and how decisions are made when multiple signals compete for attention. Other sessions, including Beyond the Vulnerability List and From Cloud Exposure to Runtime Attack , focus on how exposure is changing the way teams prioritize risk. The emphasis is on understanding context and how exposed assets actually are to attackers, helping teams determine which issues are most likely to lead to impact and where effort should be focused. Alongside this, sessions like The AI Dilemma: Automating Defense Without Surrendering Judgment examine how AI is being applied within SOC workflows. The discussion moves beyond theory and looks at how teams are balancing automation with human oversight, ensuring that speed does not come at the expense of trust or accountability. What’s changing for security teams right now Security operations are evolving in response to changes in both attacker behavior and organizational complexity. Environments are more distributed, signals are more fragmented, and the time available to respond continues to shrink. As a result, the focus is shifting toward earlier action, better prioritization, and more connected decision-making. This means linking exposure with detection, reducing unnecessary noise, and building workflows that allow teams to act with clarity when it matters most. Across the summit, these ideas are explored from multiple perspectives, but they consistently point toward the same outcome. Teams that can connect context, visibility, and response are better positioned to reduce risk before it becomes an incident. Secure your place With the event approaching, this is the final opportunity to register and take part in these discussions. Whether you are responsible for strategy, operations, or day-to-day detection and response, the summit is des