Category: TheHackerNews

New Industry Data Just Released Suggests Not.

On May 19th, 2026, Orchid Security released the results of our Identity Gap: Snapshot 2026. Among the findings, “identity dark matter” (the unseen, unmanaged elements of identity) now overshadows the visible elements 57% vs. 43%. And it couldn’t have occurred at a worse time, with enterprises embracing Agent AI with both arms (and unfortunately, as

GitHub on Tuesday said it’s investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform’s source code and internal organizations for sale on a cybercrime forum.

“While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises,

AI-generated lookalike domains are now embedded inside the third-party scripts running on your web properties. Here’s why your current stack can’t see them, and what detection actually requires.
Download the CISO Expert Guide to Typosquatting in the AI Era →

TL;DR 

Typosquatting is no longer a user problem. Attackers now embed lookalike domains inside legitimate third-party scripts.

Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week.

The zero-day flaw, now tracked as CVE-2026-45585, carries a CVSS score of 6.8. It has been described as a BitLocker security feature bypass.

“Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as ‘YellowKey,'” the

Grafana Labs, on May 19, 2026, said an investigation into its recent breach found no evidence of customer production systems or operations being compromised.

It said the scope of the incident is limited to the Grafana Labs GitHub environment, which includes public and private source code along with internal GitHub repositories.

“After the initial assessment, we found that in addition to source

GitHub on Tuesday said it’s investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform’s source code and internal organizations for sale on a cybercrime forum.

“While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises,

Cybersecurity researchers have disclosed details of a new ad fraud and malvertising operation dubbed Trapdoor targeting Android device users.

The activity, per HUMAN’s Satori Threat Intelligence and Research Team, encompassed 455 malicious Android apps and 183 threat actor-owned command-and-control (C2) domains, turning the infrastructure into a pipeline for multi-stage fraud.

“Users

Proof-of-concept (PoC) exploit code has now been released for a recently patched security flaw in the Linux kernel that could allow for local privilege escalation (LPE).
Dubbed DirtyDecrypt (aka DirtyCBC), the vulnerability was discovered and reported by the Zellic and V12 security team on May 9, 2026, only to be informed by the maintainers that it was a duplicate of a vulnerability that had

In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries. 

The targets of the platform received a message asking them to enter a short code at microsoft.com/devicelogin and complete their normal MFA challenge, then walked away believing they had verified a

Drupal has issued an alert stating that it intends to release a “core security release” for all supported branches on May 20, 2026, from 5-9 p.m. UTC.

“The Drupal Security Team urges you to reserve time for core updates at that time because exploits might be developed within hours or days,” the maintainers of the PHP-based content management system (CMS) said.

“Not all configurations are