NUSK Labs

🚨 Global law enforcement froze $12M in stolen crypto. Operation Atlantic exposed $45M via approval‑phishing scams across 30 countries. Cybersecurity = financial security. 🌍 Reference: securityweek.com/international-… #CryptoSecurity #ThreatIntelligence

🚨 TeamPCP poisons 500+ open source tools! GitHub breach hits 3,800 repos. Self‑feeding malware loop infects dev tools, steals creds, repeats. Supply chain nightmare unfolding🔒 Reference: technology.org/2026/05/22/tea… #CyberAttack #GitHub #TeamPCP

@The_Cyber_News When the security tool itself becomes the attack surface, defenders have a serious problem. Actively exploited Defender 0-days + SYSTEM privilege escalation =patching can’t wait this time.

🚨 New Microsoft Defender Zero‑Days Actively Exploited in the Wild Source: cybersecuritynews.com/microsoft-defe… Two newly disclosed Microsoft Defender vulnerabilities are being actively exploited in the wild, enabling local attackers to elevate privileges to SYSTEM and potentially disrupt endpoint protection across Windows environments. The bugs, tracked as CVE‑2026‑41091 (Elevation of Privilege) and CVE‑2026‑45498 (Denial of Service), were published on May 19, 2026, and affect core Microsoft Defender components used across all supported Windows versions. The U.S. Cybersecurity and Infrastructure Security Agency has added both CVE‑2026‑41091 and CVE‑2026‑45498 to its Known Exploited Vulnerabilities (KEV) Catalog, underscoring confirmed in‑the‑wild abuse. #cybersecuritynews #Windows

@The_Cyber_News 🚨 5,500+ GitHub repos compromised in under SIX hours. This is no longer “just malware.” This is automated supply-chain warfare operating at cloud speed.

🚨 Megalodon Malware Compromised 5,500+ GitHub Repos Within 6 Hours Source: cybersecuritynews.com/megalodon-malw… A sweeping automated supply chain attack codenamed "Megalodon" struck GitHub on May 18, 2026, injecting malicious CI/CD backdoors into over 5,500 repositories in less than six hours, marking one of the most aggressive GitHub Actions poisoning campaigns ever recorded. Between approximately 11:36 and 17:48 UTC on May 18, 2026, the Megalodon campaign pushed 5,718 malicious commits to 5,561 GitHub repositories using throwaway accounts with randomized eight-character usernames. The attacker forged author identities build-bot, auto-ci, ci-bot, pipeline-bot, with emails build-system@noreply.dev and ci-bot@automated.dev, mimicking routine automated CI maintenance. #cybersecuritynews

@The_Cyber_News WebRTC use-after-free bugs are becoming a recurring nightmare. One malicious webpage + unpatched browser = potential full compromise. Update Chrome NOW before exploit chains start circulating publicly.

⚠️ Critical Chrome Vulnerabilities Enable Remote Code Execution Attacks – Patch Now! Source: cybersecuritynews.com/critical-chrom… Google has released an urgent security update for Chrome, addressing 16 vulnerabilities, including two rated Critical, that could allow attackers to execute arbitrary code on affected systems. The Stable channel has been updated to 148.0.7778.178/179 for Windows and Mac, and 148.0.7778.178 for Linux, with the rollout expected to complete over the coming days. Use-after-free bugs are particularly dangerous because they allow threat actors to manipulate freed memory regions, often leading to full system compromise when successfully chained with other exploits. #cybersecuritynews #Chrome

🚨 GitHub rocked by TeamPCP breach! 4,000 internal repos allegedly stolen. Hackers demand $50K or threaten a free leak. Supply chain nightmare unfolding🔒 Reference: thenews.com.pk/latest/1403175… #CyberAttack #GitHub #TeamPCP

@The_Cyber_News 600+ compromised npm packages overnight should terrify every developer team. Not because of the malware itself, but because a single stolen CI/CD token can now cascade across entire ecosystems within minutes.

🚨 600+ npm Packages Compromised in New Mini Shai-Hulud Supply Chain Attack Source: cybersecuritynews.com/600-npm-packag… A sophisticated npm supply chain campaign dubbed Mini Shai-Hulud has claimed over 600 package versions overnight, with security researchers at Socket and Endor Labs identifying 639 compromised package versions across 323 unique packages in the latest wave. The bulk of the activity targeted the @antv ecosystem, alongside packages under @lint-md, @openclaw-cn, and @starmind scopes. Malicious publish activity began at approximately 01:56 UTC on May 19, 2026, continuing until 02:56 UTC. #cybersecuritynews

@LinuxHandbook The biggest cybersecurity lesson of 2026: Most breaches don’t start with “elite hackers.” They start with exposed credentials, bad access control, and human mistakes.

One of the biggest cybersecurity embarrassments of 2026 just happened. Sensitive credentials linked to the US Cybersecurity agency (CISA) were reportedly found sitting inside a PUBLIC GitHub repository. The exposed data allegedly included: • SSH keys • Plaintext passwords • Internal system credentials • Access linked to CISA and DHS environments And the worst part? Some of it may have been publicly accessible since November 2025. According to reports, the leak came from a contractor-managed GitHub repo that was improperly secured. In simple words: someone accidentally left the digital keys to critical systems lying around on the internet. What does this mean for users? There’s currently no evidence that citizen data was stolen. But incidents like this increase risks of phishing, impersonation attacks, and future breaches. It also shows how even top cybersecurity organizations can fail basic security hygiene. The agency responsible for protecting US infrastructure got caught exposing its own credentials online. Cybersecurity isn’t just about advanced AI threats anymore. Sometimes it’s still just… human stupidity.

@The_Cyber_News If TeamPCP truly accessed 4,000 internal GitHub repos, this is no longer “just another breach.” This becomes a GLOBAL software supply-chain security event. Every developer ecosystem should be paying attention right now. #CyberSecurity #GitHub #SupplyChainSecurity

🚨 GitHub Source Code Breach - TeamPCP Claims Access to Internal Source Code Source: cybersecuritynews.com/github-source-… A notorious threat actor operating under the alias TeamPCP claims to have breached GitHub's internal systems, allegedly exfiltrating proprietary organization data and source code. According to the threat actor's post, the compromised data encompasses approximately 4,000 private repositories tied directly to GitHub's main platform. In a statement released via X (formerly Twitter), the company acknowledged the unauthorized access but sought to reassure users regarding the safety of customer data. "We are investigating unauthorized access to GitHub’s internal repositories," GitHub stated. #cybersecuritynews

Reference: cheatsheetseries.owasp.org/cheatsheets/Br…

🚨 Browser Extension Security in 5 mins: Dangerous Mistakes Developers Still Make: ⚠️ Over-permissions ⚠️ Plain HTTP leakage ⚠️ XSS via innerHTML ⚠️ DOM & Prototype skimming Unsafe message passing Extensions aren't small apps, they hold privileged browser access. Fix your code.

@TheHackersNews The scary part isn’t just the vulnerability, it’s how quickly researchers are weaponizing public patch diffs into working exploits. Patch analysis has become an offensive skillset.

🚨 Public PoC exploit code is out for DirtyDecrypt, a patched Linux kernel flaw linked to CVE-2026-31635 that could allow local privilege escalation. It affects CONFIG_RXGK-enabled systems, including Fedora, Arch Linux, and openSUSE Tumbleweed. Details: thehackernews.com/2026/05/dirtyd…

@The_Cyber_News Linus isn’t rejecting AI. He’s rejecting low-effort noise disguised as security research. An AI-generated bug report without validation, reproduction, or understanding is just technical spam that burns maintainer time.

⚠️Linus Torvalds says AI bug reports have made the Linux Security Mailing List Unmanageable Source: cybersecuritynews.com/linus-torvalds… Linus Torvalds has warned that a “continued flood” of AI‑generated bug reports is making the Linux security mailing list “almost entirely unmanageable.” The project is now tightening rules on how AI‑found issues should be reported and handled. In the Linux 7.1‑rc4 announcement, Torvalds noted that the security list is being overwhelmed by AI‑assisted reports, many of which describe the same flaws found by multiple people running the same tools. #cybersecuritynews #Linux

@IntCyberDigest What stands out most here isn’t just the exploit generation capability. It’s Cloudflare openly admitting that “organic refusals” are NOT a reliable safety boundary for cyber frontier models. That statement alone should reshape the AI security conversation.

‼️🚨 BREAKING: Cloudflare's CISO just published what Anthropic's unreleased Mythos did against more than 50 of their own production repos. According to him, Mythos is too powerful and must "include additional safeguards" before releasing to the public. Turns out the model can chain multiple low-severity bugs into a single severe exploit with a working PoC, where previous frontier models would stop at "interesting bug, unclear if exploitable." At triage time, that means fewer hedged findings and less time spent asking "is this even real?" A finding that arrives with a PoC is a finding you can act on. Cloudflare is also explicit about the safety side. The Mythos Preview build provided for Project Glasswing did not include the safeguards present in generally available models like Opus 4.7 or GPT-5.5. The model's organic refusals are real, but Cloudflare states they are not consistent enough to serve as a complete safety boundary on their own, and that any cyber frontier model made generally available in the future must ship with additional safeguards on top of that baseline. Interesting detail: Cloudflare was not on the original Project Glasswing launch partner list with Apple, AWS, Google, Microsoft, CrowdStrike, and others. Instead they got invited later on.

@The_Cyber_News The most dangerous vulnerabilities are the ones everyone thought were already fixed. MiniPlasma shows how silent patch regressions or incomplete fixes can leave critical attack paths alive for years inside trusted Windows components like cldflt.sys.

🚨 New Windows 'MiniPlasma' Zero-Day Let Attackers Gain SYSTEM Access Source: cybersecuritynews.com/windows-minipl… A critical Windows privilege escalation zero-day vulnerability dubbed "MiniPlasma" has emerged with a public proof-of-concept exploit that allows attackers to achieve SYSTEM-level privileges on fully patched Windows systems. The flaw targets the cldflt.sys Cloud Filter driver's HsmOsBlockPlaceholderAccess routine, which was initially discovered and reported to Microsoft by Google Project Zero researcher James Forshaw in September 2020. Microsoft assigned CVE-2020-17103 to the vulnerability and reportedly fixed it in December 2020 as part of its Patch Tuesday updates. #cybersecuritynews #Windows

@TheHackersNews Modern attackers don’t need to breach production directly anymore. Compromise a trusted GitHub Action → steal CI secrets → pivot into cloud infrastructure, registries, and deployments. The software supply chain has officially become an identity and trust battlefield.

🚨 Popular GitHub Action compromised in supply chain attack. All existing tags for actions-cool/issues-helper were moved to a malicious imposter commit that steals CI/CD credentials from GitHub Actions runners. Full details: thehackernews.com/2026/05/github…

@TheHackersNews “Developer laptops are just endpoints” is one of the most dangerous assumptions in modern security. They now contain code, credentials, automation, AI agents, deployment context, and organizational trust all in one place. Excellent analysis.

🚨 Developer laptops just became the new front line of supply chain attacks. Attackers are stealing GitHub tokens, cloud creds, SSH keys & registry tokens directly from dev workstations — then publishing malicious packages. Three separate campaigns hit npm, PyPI, and Docker Hub in just 48 hours. Supply chain attacks now start before code reaches Git. Full story → thehackernews.com/2026/05/develo…

🚨 $10 Million stolen from THORChain. 36 BTC + $7M in other coins were siphoned before the network auto‑halted. Crypto platforms are under siege. User funds may be “safe,” but trust isn’t. Reference: therecord.media/more-than-10-m… #CryptoHack #CyberSecurity

🚨 Java developers: stop duplicate input checks! Use Bean Validation as a set of rules, applied everywhere. @Pattern @Size @Digits @Past/@Future @Min/@Max Source: cheatsheetseries.owasp.org/cheatsheets/Be… #Java #cyber #owasp

@The_Cyber_News The most dangerous vulnerabilities are often the ones hiding in “small race conditions” for YEARS. Six years later and now attackers can potentially steal SSH keys and shadow hashes? That’s terrifying.

⚠️ Critical Linux Kernel Flaw ‘ssh-keysign-pwn’ Exposes SSH Keys and Shadow Passwords Source: cybersecuritynews.com/linux-kernel-v… A newly disclosed Linux kernel vulnerability is raising serious concerns across the security community, as it allows attackers to access highly sensitive data, including SSH private keys and password hashes, on affected systems. Tracked as CVE-2026-46333, the flaw has been nicknamed “ssh-keysign-pwn” and impacts a wide range of Linux distributions. The GitHub PoC ssh-keysign-pwn demonstrates exactly how to weaponize this race condition on pre‑31e62c2ebbfd kernels. #cybersecuritynews #Linux