Latest IT News & Tech Trends
West Pharmaceutical Services disclosed that it was the target of a cyberattack that resulted in data exfiltration and system encryption. The company said that it detected a compromise on May 4th. An investigation into the incident determined that the attacker stole data from the network. “On May 7, 2026, West Pharmaceutical Services, Inc. determined that […it] […]
The Iran-linked hacking group MuddyWater (a.k.a. Seedworm, Static Kitten) launched a broad cyber-espionage campaign targeting at least nine high-profile organizations across multiple sectors and countries. Among the victims are a major South Korean electronics manufacturer, government agencies, an international airport in the Middle East, industrial manufacturers in Asia, and educational institutions. Researchers at Symantec say […]
A critical vulnerability affecting certain configurations of the Exim open-source mail transfer agent could be exploited by an unauthenticated remote attacker to execute arbitrary code. Identified as CVE-2026-45185, the security issue impacts some Exim versions before 4.99.3 that use the default GNU Transport Layer Security (GnuTLS) library for secure communication. It is a user-after-free (UAF) flaw triggered during the TLS […]
A cybersecurity researcher has published proof-of-concept (PoC) exploits for two unpatched Microsoft Windows vulnerabilities named YellowKey and GreenPlasma, which are a BitLocker bypass and a privilege-escalation flaw. Known as Chaotic Eclipse or Nightmare Eclipse, the researcher describes the BitLocker bypass issue as functioning like a backdoor because the vulnerable component is present only in the […]
Microsoft has addressed a known issue causing some Windows 11 systems to boot into BitLocker recovery after installing the April 2026 Windows security updates. BitLocker is a Windows security feature that encrypts storage drives to protect against data theft. It also often activates recovery mode after hardware changes or TPM (Trusted Platform Module) updates, blocking […]
OpenAI says two employees’ devices were breached in the recent TanStack supply chain attack that impacted hundreds of npm and PyPI packages, causing the company to rotate code-signing certificates for its applications as a precaution. In a security advisory published today, the company said the incident did not impact customer data, production systems, intellectual property, […]
On the first day of Pwn2Own Berlin 2026, security researchers collected $523,000 in cash awards after exploiting 24 unique zero-days. Today’s highlight was Orange Tsai’s attempt, who was awarded $175,000 in rewards after chaining 4 logic bugs to achieve a sandbox escape on Microsoft Edge. Windows 11 was also hacked three times by Angelboy and TwinkleStar03 (working with the DEVCORE Internship Program), Marcin WiÄ…zowski, […]
An 18-year-old flaw in the NGINX open-source web server, discovered using an autonomous scanning system, can be exploited for denial of service and, under certain conditions, remote code execution. The vulnerability is tracked as CVE-2026-42945 and received a critical severity rating of 9.2, based on the latest version of the Common Vulnerability Scoring System (CVSS). […]
Initial access broker KongTuke has moved to Microsoft Teams for social engineering attacks, taking as little as five minutes to gain persistent access to corporate networks. The threat actor tricks users into pasting a PowerShell command that ultimately delivers the ModeloRAT, which has been previously seen in ClickFix attacks [1, 2]. Initial access brokers (IAB) like […]
Microsoft has fixed a Windows Autopatch bug that caused driver updates restricted by administrative policies to be deployed on some Autopatch-managed Windows devices in the European Union. According to a service alert first spotted by Microsoft MVP Susan Bradley, the issue affected only a limited number of devices running client Windows platforms (i.e., Windows 11 […]
