May 2026 – Page 23

The New Phishing Click: How OAuth Consent Bypasses MFA

In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries.

The targets of the platform received a message asking them to enter a short code at microsoft.com/devicelogin and complete their normal MFA challenge, then walked away believing they had verified a

Cyber Resilience is the New Business Continuity Plan

The organizations best prepared to face disruption are those that align security, continuity and risk management around what the business cannot afford to lose.

The post Cyber Resilience is the New Business Continuity Plan appeared first on SecurityWeek.

Microsoft confirms patching issues in restricted Windows networks

Microsoft says customers in restricted network environments may encounter Windows Update failures after installing the January 2026 optional non-security preview updates. […]

Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare

Drupal has issued an alert stating that it intends to release a “core security release” for all supported branches on May 20, 2026, from 5-9 p.m. UTC.

“The Drupal Security Team urges you to reserve time for core updates at that time because exploits might be developed within hours or days,” the maintainers of the PHP-based content management system (CMS) said.

“Not all configurations are

201 Arrested in Crackdown on Cybercrime in Middle East, North Africa

The 13-country effort, named Operation Ramz, targeted cyber threats in the Middle East and North Africa region.

The post 201 Arrested in Crackdown on Cybercrime in Middle East, North Africa appeared first on SecurityWeek.

PoC Released for DirtyDecrypt Linux Kernel Vulnerability

Patched in April, the underlying vulnerability allows local attackers to elevate their privileges to root.

The post PoC Released for DirtyDecrypt Linux Kernel Vulnerability appeared first on SecurityWeek.

SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access

Critical security vulnerabilities have been disclosed in SEPPMail Secure E-Mail Gateway, an enterprise-grade email security solution, that could be exploited to achieve remote code execution and enable an attacker to read arbitrary mails from the virtual appliance.
“These vulnerabilities could have been exploited to read all mail traffic or as an entry vector into the internal network,”

Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer

Cybersecurity researchers have flagged a compromised version of the Nx Console extension that was published to the Microsoft Visual Studio Code (VS Code) Marketplace.

The extension in question is rwl.angular-console (version 18.95.0), a popular user interface and plugin for code editors like VS Code, Cursor, and JetBrains. The VS Code extension has more than 2.2 million installations. The Open

Critical Vulnerability Exposes Industrial Robot Fleets to Hacking

The vulnerability, CVE-2026-8153, affects Universal Robots PolyScope 5 and it can be exploited for OS command injection.

The post Critical Vulnerability Exposes Industrial Robot Fleets to Hacking appeared first on SecurityWeek.

GitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD Credentials

In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious code that harvests sensitive credentials and exfiltrates them to an attacker-controlled server.

“Every existing tag in the repository has been moved to point to an imposter commit that does not appear in the action’s normal commit history,

Month: May 2026