Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-days

Today is Microsoft's May 2026 Patch Tuesday, with security updates for 120 flaws and no zero-days disclosed this month.

Google: Hackers used AI to develop zero-day exploit for web admin tool

Researchers at Google Threat Intelligence Group (GTIG) say that a zero-day exploit targeting a popular open-source web ...
Bleeping Computer

New GhostLock tool abuses Windows API to block file access

A security researcher has released a proof-of-concept tool named GhostLock that demonstrates how a legitimate Windows file API can be abused in attacks to block access to files stored locally or on ...

Why Changing Passwords Doesn’t End an Active Directory Breach

Resetting a password doesn't always remove attackers from Active Directory. Specops Software explains how cached credentials ...
Bleeping Computer

TrickMo Android banker adopts TON blockchain for covert comms

A new variant of the TrickMo Android banking malware, delivered in campaigns targeting users across Europe, introduces new commands and uses The Open Network (TON) for stealthy command-and-control ...

Webinar this week: Prevention alone is not enough against modern attacks

This upcoming webinar explores how organizations need to combine security, backups, and recovery planning to reduce the ...

Police shut down reboot of Crimenetwork marketplace, arrest admin

German authorities have shut down a relaunch version of the criminal marketplace 'Crimenetwork' that generated more than 3.6 ...

Why More Analysts Won’t Solve Your SOC’s Alert Problem

Attackers move faster than overwhelmed SOC teams can realistically investigate alerts. Prophet Security breaks down how AI ...

CISA gives feds four days to patch Ivanti flaw exploited as zero-day

CISA has given U.S. federal agencies four days to secure their networks against a high-severity vulnerability in Ivanti ...

The Browser Is Breaking Your DLP: How Data Slips Past Modern Controls

Your security controls aren't failing, they're missing where most of today's work actually happens. Keep Aware shows how ...
Bleeping Computer

Fake OpenAI repository on Hugging Face pushes infostealer malware

A malicious Hugging Face repository that reached the platform’s trending list impersonated OpenAI’s “Privacy Filter” project to deliver information-stealing ...