Latest news as of 5/21/2026, 6:20:23 AM
The Hacker News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2026-2441 (CVSS score: 8.8) - A use-after-free vulnerability in Google Chrome that could allow a remote attacker to potentially exploit heap
The Register
Sees little enterprise AI adoption other than coding assistants, buys Koi for what comes next If enterprises are implementing AI, they’re not showing it to Palo Alto Networks CEO Nikesh Arora, who on Tuesday said business adoption of the tech lags consumer take-up by at least a couple of years – except for coding assistants.…
Have I Been Pwned
In February 2026, . The exposed data, dating back to January 2026, contained over 900k unique email addresses along with names, phone numbers, physical addresses and dates of birth. Figure confirmed the incident and attributed it to a social engineering attack in which an employee was tricked into providing access. data obtained from the fintech lending platform Figure was publicly posted online
Dark Reading
After detecting a zero-day attack, the country's effective response was attributed to the tight relationship between its government and private industry.
The Register
Full scale of infections remains 'unknown' China-linked attackers exploited a maximum-severity hardcoded-credential bug in Dell RecoverPoint for Virtual Machines as a zero-day since at least mid-2024. It's all part of a long-running effort to backdoor infected machines for long-term access, according to Dell and Google's Mandiant incident response team.…
Bleeping Computer
A Spanish court has granted precautionary measures against NordVPN and ProtonVPN, ordering the two popular VPN providers to block 16 websites that facilitate piracy of football matches. [...]
Bleeping Computer
A Spanish court has granted precautionary measures against NordVPN and ProtonVPN, ordering the two popular VPN providers to block 16 websites that facilitate piracy of football matches. [...]
Dark Reading
Keenadu downloads payloads that hijack browser searches, commit ad fraud, and execute other actions without user knowledge.
Dark Reading
Russia-aligned groups are probable culprits behind the wiper attacks against renewable energy farms, a manufacturer, and a heating and power plant.
The Register
Plus 3 new goon squads targeted critical infrastructure last year Three new threat groups began targeting critical infrastructure last year, while a well-known Beijing-backed crew - Volt Typhoon - continued to compromise cellular gateways and routers, and then break into US electric, oil, and gas companies in 2025, according to Dragos' annual threat report published on Tuesday.…