The CyberSignal (Page 13)

Latest

Line-art illustration of a rack-mounted web server with HTTP/2 data streams converging at a fractured input port, depicting Apache CVE-2026-23918.

Cyber Attacks

Apache HTTP/2 Double-Free RCE: One Version Affected, Six Days to Patch

Apache HTTP Server 2.4.66 ships with a double-free in mod_http2 — exploitable on default Debian builds and patched six days later in 2.4.67.

Line-art illustration of a partially open bank vault with code folders spilling out, depicting TeamPCP's Mistral AI source code auction.

Cyber Attacks

TeamPCP's $25K Mistral Auction: Source Code, Seven Days, and a Confirmed Breach

Mistral AI confirmed a codebase management breach as TeamPCP listed ~450 repositories at $25K buy-it-now, with a seven-day leak deadline.

Line art on bronze: an AI agent scanning a code repository while a chain of vendor nodes locks into a defensive ring around it. Red dot on the patch fix.

AI Security

OpenAI Just Launched Daybreak — and the AI Vulnerability Discovery Market Now Has Four Vendors and Twenty-Plus Partners

OpenAI launched Daybreak on May 11, 2026 — an AI vulnerability discovery platform with three GPT-5.5 models and a 20+ partner roster including Cisco, Cloudflare, CrowdStrike, Palo Alto, Snyk, Tenable, and Rapid7. The AI defender market just formed.

Line art on midnight blue: an Exchange Server with a crafted email entering OWA, JavaScript executing in the browser window. Red dot on the execution point.

Cyber Attacks

Microsoft Confirmed an Exchange Server Zero-Day Is Under Active Attack — and the 2016/2019 Patch Will Only Reach Period 2 ESU Customers

Microsoft confirmed active exploitation of CVE-2026-42897, a high-severity XSS zero-day in on-prem Exchange OWA, with no permanent patch — only EEMS mitigation. The eventual fix for Exchange 2016 and 2019 will only reach Period 2 ESU customers.

A swarm of small AI agent nodes converging on a codebase and surfacing bug markers.

AI Security

Microsoft's MDASH Found 16 of This Month's Windows Bugs. Palo Alto Found 75 in One Scan.

Microsoft's MDASH AI found 16 of May's Patch Tuesday vulnerabilities, four critical. Palo Alto scanned its codebase with frontier models including Anthropic's Mythos and found 75 flaws across 26 CVEs. AI vulnerability discovery is now operational at vendor scale.

An npm package with a hidden backdoor function siphoning secret keys out through a DNS channel.

Application Security

Three node-ipc Versions Hide a Stealer Backdoor — and the Attacker Took Over a Dead Maintainer's Domain to Publish Them

Three published versions of node-ipc — a package with 822,000 weekly downloads — hide an obfuscated stealer backdoor that exfiltrates 90 categories of developer and cloud secrets over DNS. The attacker hijacked a lapsed maintainer domain to publish them.

Two laptops feeding into a code-signing certificate vault being rotated out.

Cyber Attacks

OpenAI Is Rotating Every Code-Signing Certificate It Has — Mini Shai-Hulud Reached Two Employee Laptops

OpenAI confirmed two employee devices were compromised in the Mini Shai-Hulud supply chain attack, exposing code-signing certificates for its apps. OpenAI is rotating every certificate, and macOS users must update before June 12, 2026.

An SD-WAN controller node with an unauthenticated peer slipping past a certificate gate.

Cyber Attacks

A CVSS 10.0 Cisco SD-WAN Auth Bypass Is Under Active Attack — and UAT-8616 Has Been in This Code Since 2023

Cisco disclosed a maximum-severity authentication bypass in Catalyst SD-WAN, actively exploited as a zero-day by UAT-8616 — the same actor that has targeted this service since 2023. CISA added it to KEV, and there are no workarounds.

A telehealth platform server with patient record cards pulled out over a two-day window.

Cyber Attacks

A Telehealth Platform Lost 716,000 People's Health Data in Two Days — and Took Four Months to Say So

OpenLoop Health confirmed a January 2026 intrusion that exposed the names, birth dates, and medical information of 716,000 telehealth users. A threat actor called Stuckin2019 claims to hold data on 1.6 million. Disclosure came roughly four months after the breach.

A backdoor code window with emoji-marked comments, three target pins on Brazil, Germany, South Korea.

Threat Intelligence

Kimsuky's PebbleDash Now Hits Defense Sectors in Three Countries — And Its New Backdoor Was Coded With AI

Kaspersky found something unusual in a North Korean backdoor: comments that look written by an LLM, not a human. Combined with Kimsuky's expansion into defense targets across three countries, it is documented evidence that state malware development is borrowing AI.

A laptop with a Signal message database file being siphoned out, a backdoor injected into a system process.

Threat Intelligence

Microsoft's Kazuar Analysis Shows Russia's Secret Blizzard Wants Your Signal Desktop Files

Microsoft's new Kazuar analysis names one capability that ties it to the other Russian Signal operation in the news: Kazuar steals Signal Desktop message files. Encryption protects the conversation in transit — not the database on a compromised laptop.

NGINX server block with an exposed crack running through the rewrite module, an AI scanner beam crossing it.

Application Security

An AI Found an 18-Year-Old NGINX RCE in Six Hours — CVE-2026-42945 'NGINX Rift'

An autonomous AI was pointed at the NGINX source code and found a critical RCE that survived 18 years of human review — plus three more CVEs in the same six-hour session. NGINX runs a third of the internet's top sites. The discovery method is the bigger story.

See all