Cybersecurity Newsfeed - 13/05/26
Daily cybersecurity news covering vulnerabilities, adversaries, trends, breaches, and other notable security developments.
Cybersecurity Newsfeed
📅 13/05/26
🛡️ Vulnerabilities
Microsoft May 2026 Patch Tuesday (120 Flaws): Microsoft addressed 120 vulnerabilities, including several critical flaws across the Windows ecosystem and Office suite. While no zero-days were actively exploited at release, security teams are urged to prioritize the 12 “Critical” rated vulnerabilities to mitigate ransomware risks. More info More info Fortinet Critical RCE Advisories: Fortinet issued an advisory regarding Remote Code Execution (RCE) vulnerabilities in FortiSandbox and FortiAuthenticator. These flaws allow unauthenticated attackers to execute arbitrary code with elevated privileges, potentially compromising network isolation and identity management. More info
Exim BDAT Command Vulnerability: A newly discovered vulnerability in the Exim mail transfer agent involves the improper handling of BDAT commands. This flaw could allow attackers to bypass security filters or cause a denial-of-service (DoS) condition on one of the world’s most widely used mail servers. More info
- Windows 10 KB5087544 Extended Security Update: Microsoft released the KB5087544 update, marking a critical phase in the Extended Security Update (ESU) program. These security-only patches are vital for maintaining compliance and protecting legacy systems from emerging exploits targeting older architectures. More info
🎯 Adversaries
Fake “Claude Code” Installer Targets Devs: Attackers are leveraging the popularity of Anthropic’s AI tools by creating fraudulent websites and GitHub repositories that deliver browser credential stealers. The malware harvests saved passwords, cookies, and session tokens. More info
Operation HumanitarianBait Spyware: This campaign utilizes fake humanitarian aid documents to deliver Python-based spyware. Targeting NGOs and relief workers, the malware exfiltrates sensitive files, records keystrokes, and monitors communications. More info
Trickmo Trojan Evolves with TON Blockchain: The Android banking trojan Trickmo now utilizes the TON (The Open Network) blockchain for its C2 infrastructure. This decentralized approach allows the malware to bypass traditional network defenses and IP-based blocking. More info
AI-Augmented “Vibe Hacking” in LATAM: Trend Micro identified a campaign targeting government and financial sectors using AI to generate deepfake audio and personalized phishing content. This shift signifies a new era of difficult-to-verify social engineering. More info
“ClickFix” SEO Poisoning for Mac Users: Attackers are using fake search results for Claude AI to lure Mac users to fraudulent sites. Users are prompted to “fix” a browser error by running a terminal command, which executes an infostealer script. More info
AD CS Exploitation Techniques: Palo Alto Unit 42 released an analysis of how attackers abuse misconfigured Active Directory Certificate Services (AD CS) templates to escalate privileges and achieve persistent domain dominance. More info
GhostLock Tool Abuses Windows APIs: A new tool named GhostLock leverages built-in Windows APIs to deny read/write permissions to directories. Unlike traditional ransomware, it “locks” users out of files without altering the data, bypassing some encryption-based detection. More info
📈 Trends
OpenAI “Daybreak” Secure by Design: OpenAI announced the “Daybreak” initiative, focusing on embedding security at every stage of the model lifecycle to mitigate risks like prompt injection and data poisoning. More info
Android 17 Anti-Scam Protections: The upcoming Android 17 OS will integrate advanced AI-driven detection to combat banking scams, preventing unauthorized screen sharing and interception of OTPs. More info
RubyGems Suspends New Signups: Following a surge in malicious package uploads containing backdoors, RubyGems has temporarily suspended new user signups to purge malicious content and refine verification. More info
Signal Adds Social Engineering Warnings: Signal has introduced proactive security warnings for messages from unknown contacts containing suspicious patterns, aimed at mitigating “pig butchering” and credential harvesting. More info
Pwn2Own Berlin 2026 Hits Capacity: The hacking competition is set to demonstrate a record number of zero-day exploits focusing on automotive systems, smart home devices, and enterprise hardware. More info
💥 Breaches & Leaks
UK ICO Fines South East Water £1.3M: Following a 2024 data breach exposing 664,000 customers, the utility provider was fined for failing to implement appropriate technical measures for an insecure database. More info
Skoda Online Shop Data Breach: Skoda warned customers that unauthorized actors accessed names and contact details via its official online shop. While payment info was encrypted, the data may be used for phishing. More info
Checkmarx Jenkins Package Compromised: An official Checkmarx Jenkins package was compromised with an information stealer, threatening CI/CD pipelines by exfiltrating environment variables and source code. More info
📚 Others
- Webinar: Fixing Gaps in Network Incident Response: BleepingComputer is hosting a session covering automated forensics, hybrid environment visibility, and methods for reducing mean time to remediation (MTTR). More info