May 2026 – Page 15

Making Vulnerable Drivers Exploitable Without Hardware – The BYOVD Perspective

1 Introduction

This article provides a technical analysis of how many Windows kernel mode drivers can be interacted with from user mode without the hardware they were developed for. This work was motivated by driver-oriented vulnerability research and the need to evaluate the exploitability of individual findings, which frequently affect code whose reachability is hardware-gated. The

‘First VPN’ Cybercrime Service Disrupted, Administrator Arrested

The FBI says First VPN has been used by dozens of ransomware groups for network reconnaissance and intrusions.

The post ‘First VPN’ Cybercrime Service Disrupted, Administrator Arrested appeared first on SecurityWeek.

US and Canada arrest and charge suspected Kimwolf botnet admin

U.S. and Canadian authorities arrested and charged a Canadian man with operating the KimWolf distributed denial-of-service (DDoS) botnet, which infected nearly two million devices worldwide. […]

Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks

The U.S. Department of Justice (DoJ) on Thursday announced the arrest of a Canadian man in connection with allegedly operating a distributed denial-of-service (DDoS) botnet known as Kimwolf.

In tandem, Jacob Butler (aka Dort), 23, Ottawa, Canada, has been charged with offenses related to the development and operation of the botnet. Kimwolf is assessed to be a variant of AISURU.

“Kimwolf

TrendAI Patches Apex One Zero-Day Exploited in the Wild

CVE-2026-34926 is a directory traversal flaw that can be exploited against the on-premise version of Apex One.

The post TrendAI Patches Apex One Zero-Day Exploited in the Wild appeared first on SecurityWeek.

Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack

Hackers accessed Grafana’s GitHub repositories after a token compromised in the TanStack attack was not rotated.

The post Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack appeared first on SecurityWeek.

CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Langflow and Trend Micro Apex One to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

The vulnerabilities in question are listed below –

CVE-2025-34291 (CVSS score: 9.4) – An origin validation error vulnerability in Langflow that could

Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access

Cisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload that could allow an unauthenticated, remote attacker to access sensitive data.

Tracked as CVE-2026-20223 (CVSS score: 10.0), the vulnerability arises from insufficient validation and authentication when accessing REST API endpoints.

“An attacker could exploit this vulnerability if they are able to send

Google accidentally exposed details of unfixed Chromium flaw

Google has accidentally leaked details about an unfixed issue in Chromium that keeps JavaScript running in the background even when the browser is closed, allowing remote code execution on the device. […]

Apple blocked over $11 billion in App Store fraud in 6 years

Apple revealed that it blocked over $11 billion in fraudulent App Store transactions over the last six years, more than $2.2 billion in potentially fraudulent App Store transactions in 2025 alone. […]

Month: May 2026