May 2026
Lone attacker published 14 malicious npm packages mimicking popular OpenSearch, Elasticsearch libraries
And then Microsoft busted them all
ICE to keep an eye on your eyes under $25M biometric scanner deal
And you thought a face recognition app was intrusive?
No fix yet for critical RCE bug in open-source Git service Gogs – exploit module is out
Researcher reported the vuln in March. Maintainers haven't responded to his messages since
23andMe inherits lawsuit over ‘disturbing’ DNA data breach
California AG claims genetics biz downplayed 2023 mega-leak while paying ransom to attacker
Dutch cops wrest 17M devices from mystery botnet’s clutches
Hosting provider pulled the plug after police traced 200 servers to the Netherlands
ChatGPT blindly trusts browser content, turning the page into a payload
You and me go ChatGPhish-ing in the dark
Russia-linked threat group put ChatGPT to work from lure to payload
Researchers say 'GREYVIBE' crew used AI tools throughout a campaign targeting Ukrainian military and government
ShinyHunters adds Charter to trophy shelf after 4.9M customer records leak
Telco giant says no sensitive data was taken, though names, addresses, phones, and emails are now out there
Microsoft tests the 15-character limit of Windows Server admins’ patience
May security update trips over hostnames of a very specific length
Carnival confirms ShinyHunters cruised off with 6M customer records after April breach
Travel and leisure giant was just one of many victims of the cybercrooks' crime spree this year