Trellix Source Code Breach Highlights Growing Supply Chain Threats – Dark Reading
Info is scant, but such breaches can reveal where a security product’s controls are located and how detections are designed, giving attackers a leg up. – Read More
May 2026
Research Hub Bridges Cybersecurity Gap for Under-Resourced Organizations – Dark Reading
The UC Berkeley Center for Long-Term Cybersecurity (CLTC) offers tools and support to schools, local governments, and non-profits as they defend themselves against a growing volume of cyberattacks. – Read…
Edge browser leaves passwords exposed in plain text, says researcher – CSO Online
A Norwegian researcher has identified an issue with Microsoft Edge’s Password Manager that could be a serious concern for businesses. Tom Jøran Sønstebyseter Rønning found that passwords are being saved…
CISA mulls new three-day remediation deadline for critical flaws – CSO Online
Experts have mixed reactions to a report that the US Cybersecurity and Infrastructure Security Agency (CISA) is considering reducing the timeline in which government agencies must address critical vulnerabilities from…
Why Security Leadership Makes or Breaks a Pen Test – Dark Reading
Well-run security drills go beyond checking audit boxes to identify and address trouble spots. Effective leaders can ensure proper scope, access, and follow-through, but it’s not easy. – Read More
CISA pushes critical infrastructure operators to prepare to work in isolation – CSO Online
The US Cybersecurity and Infrastructure Security Agency (CISA) has unveiled a new national initiative aimed at helping critical infrastructure operators withstand and recover from major cyberattacks by preparing to operate…
Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE – The Hacker News
The Apache Software Foundation (ASF) has released security updates to address several security vulnerabilities in the HTTP Server, including a severe vulnerability that could potentially lead to remote code execution…
DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware – The Hacker News
A newly identified supply chain attack targeting DAEMON Tools software has compromised its installers to serve a malicious payload, according to findings from Kaspersky. “These installers are distributed from the…
Oracle will patch more often to counter AI cybersecurity threat – CSO Online
Oracle plans to issue security patches for its ERP, database, and other software on a monthly cycle, rather than quarterly, to respond to the increased pace of AI-enabled software vulnerability…
Charting Change in Legal: AI-first law firms, big tech, and the future of legal work – Legal IT Insider
In Episode 57 of Charting Change in Legal, legal industry analyst Ari Kaplan and Legal IT Insider’s editor Caroline Hill take on topics including how artificial intelligence is reshaping law…
Microsoft Edge Stores Passwords in Process Memory, Posing Enterprise Risk – Dark Reading
A proof-of-concept exploit (PoC) shows how someone with admin privileges can exploit the issue to steal passwords, and thus use them to engage in further malicious activity. – Read More
Children in need – Law Gazette – Features
The government is committed to modernising youth justice, report Eduardo Reyes and Sian Harrison. But this will require ‘resource, training and culture change’. – Read More
China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions – The Hacker News
A sophisticated China-nexus advanced persistent threat (APT) group has been attributed to attacks targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe…
The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed – The Hacker News
Every AI tool, workflow automation, and productivity app your employees connected to Google or Microsoft this year left something behind: a persistent OAuth token with no expiration date, no automatic…
How the Story of a USB Penetration Test Went Viral – Dark Reading
Two decades ago Dark Reading posted its first blockbuster — a column by a pen tester who sprinkled rigged thumb drives around a credit union parking lot and let curious…