-
-
-
Glassworm Takedown: How CrowdStrike, Google, and Shadowserver Killed the “Unkillable” Developer Botnet
Yesterday at 14:00 UTC, CrowdStrike, Google, and the Shadowserver Foundation simultaneously struck all four C2 channels of the Glassworm botnet — including a Solana blockchain wallet takeover and BitTorrent DHT eclipse attack. The botnet the security community called unkillable is silent. ZOMBI is still running on infected machines and 18 months of stolen credentials remain in attacker hands.
-
Verizon DBIR 2026: Vulnerability Exploitation Overtakes Credentials as #1 Breach Vector — And Only 26% of CISA KEV Flaws Were Patched
The Verizon 2026 Data Breach Investigations Report analyzed 22,052 incidents and 12,195 confirmed breaches — the largest dataset in the report’s history. The headline finding: vulnerability exploitation has overtaken stolen credentials as the #1 initial access vector in breaches for the first time ever. Only 26% of CISA KEV vulnerabilities were fully remediated in 2025. Median remediation time grew to 43 days while exploitation timelines shrank to 5 days. Ransomware appeared in 44% of all breaches. Supply chain attacks doubled. Here is what every enterprise security team needs to act on immediately.
-
TanStack → Nx Console → GitHub: How One Poisoned VS Code Extension Breached GitHub, OpenAI, and Mistral AI in 18 Minutes
TeamPCP published a poisoned Nx Console VS Code extension for 18 minutes on May 18, 2026. In that window, VS Code auto-updated 2.2 million installs. One was a GitHub employee — giving TeamPCP access to 3,800 internal GitHub repositories. OpenAI, Mistral AI, and Grafana Labs were simultaneously hit via the same TanStack npm supply chain cascade. This is the Mini Shai-Hulud campaign operating at SolarWinds scale.
-
CVE-2026-42897: Microsoft Exchange Server Zero-Day Exploited in the Wild — No Permanent Patch, CISA Deadline May 29
CVE-2026-42897 is a CVSS 8.1 cross-site scripting zero-day in Microsoft Exchange Server’s Outlook Web Access, actively exploited in the wild. An attacker sends a crafted email — when the victim opens it in OWA, arbitrary JavaScript executes in their browser, hijacking their authenticated session. No permanent patch exists. CISA KEV listed. Federal deadline: May 29. Exchange Online is not affected. Apply the EOMT mitigation immediately.
-
AI Automation | AI News | CIO Intelligence | Cloud Infrastructure | cybersecurity | Enterprise Data & Analytics | Enterprise Technology | Uncategorized
The AI Arms Race Just Escalated: Every CIO and CTO Needs to Read This Now
SAP declares the Autonomous Enterprise. OpenAI and Anthropic launch rival $4B enterprise ventures. Microsoft commits $190B in AI CapEx. Google unveils next-gen AI chips. Agentic AI is no longer a demo — it is taking over your ERP, your finance team, and your IT infrastructure. Here is what every executive must know right now.
-
NGINX Rift (CVE-2026-42945): An 18-Year-Old Heap Overflow in the World’s Most Deployed Web Server — Public Exploit Available Now
CVE-2026-42945 NGINX Rift is a CVSS 9.2 heap buffer overflow present in every NGINX version since 2008. Unauthenticated RCE or DoS. Public PoC on GitHub. Affects NGINX Open Source 0.6.27–1.30.0 and NGINX Plus R32–R36. Patch to 1.30.1 or 1.31.0 immediately. ~34% of all internet web servers are running affected versions right now.
-
-
