[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f6xj-Bmf7UMf1JTqhSxoeEmhgwzuTQadl8YytG99OYbo":3,"$f6ximpnJsNd5_Lf3G00HEZ33pOIyuvS0umlqXrntW0nE":192},{"items":4},[5,11,17,23,29,35,41,47,53,59,65,70,76,80,86,92,98,104,110,116,122,128,134,140,144,150,156,162,167,172,177,182,187],{"id":6,"name":7,"slug":8,"description":9,"icon":9,"sort_order":10},"80544778-fabb-4dcd-aa35-17492e5dcf4f","Vulnerabilities","vulnerabilities",null,10,{"id":12,"name":13,"slug":14,"description":15,"icon":9,"sort_order":16},"574f766a-fb3f-487c-8d2c-0720ae75471b","Zero-day","zero-day","Zero-day exploits and active exploitation",11,{"id":18,"name":19,"slug":20,"description":21,"icon":9,"sort_order":22},"26b0b636-0e31-4db1-bffb-61bdf9f20a58","Supply Chain","supply-chain","Supply chain attacks, dependency poisoning, build compromise",12,{"id":24,"name":25,"slug":26,"description":27,"icon":9,"sort_order":28},"6cbdd207-aaa1-4176-9534-e156b125e917","Nation-state","nation-state","State-sponsored campaigns, APT operations, cyber warfare",13,{"id":30,"name":31,"slug":32,"description":33,"icon":9,"sort_order":34},"c5eccf7c-abbc-4bd3-bbed-e6da5cba8e73","Incident Response","incident-response","IR playbooks, post-incident analysis, forensics",14,{"id":36,"name":37,"slug":38,"description":39,"icon":9,"sort_order":40},"2c8f44d4-b56e-47cf-9677-04f22c9ee78d","Identity & Access","identity-access","IAM, MFA bypass, credential theft, authentication",15,{"id":42,"name":43,"slug":44,"description":45,"icon":9,"sort_order":46},"d6f63bb8-0801-486a-be7f-171400700454","IoT\u002FOT","iot-ot","IoT\u002FOT security, industrial control systems, embedded devices",16,{"id":48,"name":49,"slug":50,"description":51,"icon":9,"sort_order":52},"0493c7e9-989a-4692-b4e6-136f5ec09675","Cryptography","cryptography","Encryption, quantum threats, protocol weaknesses",17,{"id":54,"name":55,"slug":56,"description":57,"icon":9,"sort_order":58},"53f9c4b6-8bc6-4964-9169-d09e5cd41d72","Compliance","compliance","GDPR, NIS2, SEC rules, regulatory frameworks",18,{"id":60,"name":61,"slug":62,"description":63,"icon":9,"sort_order":64},"ade75414-7914-4e23-a450-48b64546ee70","Open Source","open-source","OSS vulnerabilities, package security, dependency risks",19,{"id":66,"name":67,"slug":68,"description":9,"icon":9,"sort_order":69},"2e06f76c-d5b9-4f54-9eef-4d3447b10730","Breaches","breaches",20,{"id":71,"name":72,"slug":73,"description":74,"icon":9,"sort_order":75},"3f0f8451-91df-4b6c-9a73-ef3b2509b7f1","GDPR","gdpr","EU General Data Protection Regulation",30,{"id":77,"name":78,"slug":79,"description":9,"icon":9,"sort_order":75},"89f78b1c-3503-45a1-9fc7-e23d2ce1c6d5","Malware","malware",{"id":81,"name":82,"slug":83,"description":84,"icon":9,"sort_order":85},"5d60956f-4c0c-47c3-8db1-94240f816ce1","CCPA\u002FCPRA","ccpa-cpra","California Consumer Privacy Act",31,{"id":87,"name":88,"slug":89,"description":90,"icon":9,"sort_order":91},"fbace4ad-a9f5-407c-b73c-88cd9d221ecc","HIPAA","hipaa","US Health Insurance Portability and Accountability Act",32,{"id":93,"name":94,"slug":95,"description":96,"icon":9,"sort_order":97},"4fd32ef4-29b8-4ee4-b88f-ecfb77fbf9c1","NIS2","nis2","EU Network and Information Security Directive",33,{"id":99,"name":100,"slug":101,"description":102,"icon":9,"sort_order":103},"09099139-1092-4178-99da-99332cd1582f","PCI-DSS","pci-dss","Payment Card Industry Data Security Standard",34,{"id":105,"name":106,"slug":107,"description":108,"icon":9,"sort_order":109},"ca424fe9-cd56-4073-9d6a-9bb050d4bb8f","DORA","dora","Digital Operational Resilience Act",35,{"id":111,"name":112,"slug":113,"description":114,"icon":9,"sort_order":115},"d95477d7-eb04-4fad-a2dc-be1428040ce7","Privacy Fines","privacy-fines","DPA enforcement actions and penalties",36,{"id":117,"name":118,"slug":119,"description":120,"icon":9,"sort_order":121},"23e81061-ab06-449f-8807-cbe4bc305045","UK Data Protection","uk-data-protection","UK GDPR and Data Protection Act 2018",37,{"id":123,"name":124,"slug":125,"description":126,"icon":9,"sort_order":127},"f22671ea-092b-4568-aede-526bb16dedd5","EU AI Act","eu-ai-act","EU AI Act — artificial intelligence regulation and compliance",38,{"id":129,"name":130,"slug":131,"description":132,"icon":9,"sort_order":133},"ef42c16c-f41b-4794-8148-5fa5cb7b41b0","Cyber Resilience Act","eu-cyber-resilience-act","EU Cyber Resilience Act (CRA) — product cybersecurity requirements",39,{"id":135,"name":136,"slug":137,"description":138,"icon":9,"sort_order":139},"6e35e56d-89a7-4c72-9501-954aa9dd3449","EU Cybersecurity Act","eu-cybersecurity-act","EU Cybersecurity Act — ENISA mandate and certification schemes",40,{"id":141,"name":142,"slug":143,"description":9,"icon":9,"sort_order":139},"7d8b5ab8-ea0b-4ced-ae97-ec251b86993a","Ransomware","ransomware",{"id":145,"name":146,"slug":147,"description":148,"icon":9,"sort_order":149},"233dac9c-6b5b-4d83-9d6b-902ec3ffd7f2","DSA\u002FDMA","dsa-dma","EU Digital Services Act \u002F Digital Markets Act",41,{"id":151,"name":152,"slug":153,"description":154,"icon":9,"sort_order":155},"217d3263-c763-41ca-875e-06901f522fe0","NIST","nist","NIST CSF, 800-series, US federal cybersecurity standards",42,{"id":157,"name":158,"slug":159,"description":160,"icon":9,"sort_order":161},"a53e88d4-7e4c-481a-b387-3ea4c84f4919","SEC Cyber Rules","sec-cyber","SEC cyber disclosure rules and enforcement",43,{"id":163,"name":164,"slug":165,"description":9,"icon":9,"sort_order":166},"c5c77cdb-f7d7-4990-9436-c81dcbff1163","Policy","policy",50,{"id":168,"name":169,"slug":170,"description":9,"icon":9,"sort_order":171},"02371804-cf6d-4449-98de-f1a2d4d9b266","Tools","tools",60,{"id":173,"name":174,"slug":175,"description":9,"icon":9,"sort_order":176},"c70f3a41-2f0c-4608-870d-b8cbcd8be076","Cloud Security","cloud-security",70,{"id":178,"name":179,"slug":180,"description":9,"icon":9,"sort_order":181},"839da5c1-3c34-47e2-9499-f7201640e3ac","AI Security","ai-security",80,{"id":183,"name":184,"slug":185,"description":9,"icon":9,"sort_order":186},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",90,{"id":188,"name":189,"slug":190,"description":9,"icon":9,"sort_order":191},"614132b8-5837-4952-b8b5-c6c9a32a1d85","Privacy","privacy",100,{"items":193,"nextOffset":69,"hasMore":533},[194,216,235,252,271,287,301,317,332,351,369,389,405,424,439,454,469,484,500,517],{"id":195,"title":196,"slug":197,"url":198,"summary":199,"ai_summary":200,"parent_article_id":9,"relation_type":9,"image_url":201,"verify_count":202,"avg_score":9,"score_count":202,"published_at":203,"ingested_at":204,"source":205,"category":209,"tags":210,"ioc_count":214,"has_awareness_lesson":215,"awareness_lesson_id":9},"31f8929b-55a0-40d2-ac68-2f2f8273f283","KongTuke hackers now use Microsoft Teams for corporate breaches","kongtuke-hackers-now-use-microsoft-teams-for-corporate-breaches-1e80b9","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fkongtuke-hackers-now-use-microsoft-teams-for-corporate-breaches\u002F","Initial access broker KongTuke has moved to Microsoft Teams for social engineering attacks, taking as little as five minutes to gain persistent access to corporate networks. [...]","Initial access broker KongTuke has shifted tactics to use Microsoft Teams for social engineering attacks against corporate networks, impersonating IT staff to trick users into running malicious PowerShell commands. The attacks deliver ModeloRAT, a Python-based remote access trojan that establishes persistent access with enhanced C2 resilience, multiple backdoor channels, and sophisticated persistence mechanisms designed to survive standard cleanup procedures. The campaign has been active since at least April 2026, with the threat actor rotating through multiple Microsoft 365 tenants to evade detection and blocking.","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2026\u002F02\u002F17\u002FMicrosoft-Teams.jpg",0,"2026-05-14T12:12:40+00:00","2026-05-14T14:00:07.396462+00:00",{"id":206,"url":207,"name":208},"0a97efc1-021e-4aee-ae8f-b1643b35de46","https:\u002F\u002Fwww.bleepingcomputer.com\u002Ffeed\u002F","BleepingComputer",{"id":66,"icon":9,"name":67,"slug":68,"description":9},[211,212,213],{"id":36,"slug":38,"name":37},{"id":77,"slug":79,"name":78},{"id":183,"slug":185,"name":184},2,false,{"id":217,"title":218,"slug":219,"url":220,"summary":221,"ai_summary":222,"parent_article_id":9,"relation_type":9,"image_url":223,"verify_count":202,"avg_score":9,"score_count":202,"published_at":224,"ingested_at":225,"source":226,"category":230,"tags":231,"ioc_count":234,"has_awareness_lesson":215,"awareness_lesson_id":9},"72092131-732c-4da8-bc61-6603e9529ad1","F5 Patches Over 50 Vulnerabilities","f5-patches-over-50-vulnerabilities-9f7ebc","https:\u002F\u002Fwww.securityweek.com\u002Ff5-patches-over-50-vulnerabilities\u002F","The company’s latest quarterly advisory describes high and medium-severity issues in BIG-IP, BIG-IQ, and NGINX. The post F5 Patches Over 50 Vulnerabilities appeared first on SecurityWeek.","F5 released security updates addressing 19 high-severity and 32 medium-severity vulnerabilities across BIG-IP, BIG-IQ, and NGINX. The most critical issue, CVE-2026-42945 in NGINX (CVSS 9.2), is a denial-of-service flaw in the rewrite module that can lead to code execution if ASLR is disabled. Other significant flaws include CVE-2026-41225 affecting iControl REST authentication and multiple RCE vulnerabilities requiring authentication.","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2023\u002F10\u002FF5-Vulnerability.jpg","2026-05-14T10:47:58+00:00","2026-05-14T12:00:25.743293+00:00",{"id":227,"url":228,"name":229},"39b11040-a763-4049-9bc5-8bbf376ca5af","https:\u002F\u002Ffeeds.feedburner.com\u002Fsecurityweek","SecurityWeek",{"id":6,"icon":9,"name":7,"slug":8,"description":9},[232,233],{"id":168,"slug":170,"name":169},{"id":6,"slug":8,"name":7},5,{"id":236,"title":237,"slug":238,"url":239,"summary":240,"ai_summary":241,"parent_article_id":9,"relation_type":9,"image_url":242,"verify_count":202,"avg_score":9,"score_count":202,"published_at":243,"ingested_at":244,"source":245,"category":246,"tags":247,"ioc_count":251,"has_awareness_lesson":215,"awareness_lesson_id":9},"467cd5e9-95a4-4512-9cfa-0cc1592a25c6","Dell confirms its SupportAssist software causes Windows BSOD crashes","dell-confirms-its-supportassist-software-causes-windows-bsod-crashes-86c1d7","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsoftware\u002Fdell-confirms-its-supportassist-software-causes-windows-bsod-crashes\u002F","Dell confirmed that its SupportAssist software is causing blue-screen crashes on some Windows systems following a wave of user reports about random reboots affecting Dell devices since Friday. [...]","Dell confirmed that its SupportAssist Remediation service version 5.5.16.0 is triggering blue-screen-of-death (BSOD) crashes on Windows 10 and Windows 11 systems. The company advised users to disable or uninstall the faulty service as a workaround while engineering works on a permanent fix. This is the latest in a series of problematic Dell software updates that have impacted customer systems over recent years.","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2026\u002F05\u002F14\u002FDell.jpg","2026-05-14T10:03:39+00:00","2026-05-14T12:00:07.981461+00:00",{"id":206,"url":207,"name":208},{"id":6,"icon":9,"name":7,"slug":8,"description":9},[248,249,250],{"id":168,"slug":170,"name":169},{"id":18,"slug":20,"name":19},{"id":30,"slug":32,"name":31},1,{"id":253,"title":254,"slug":255,"url":256,"summary":257,"ai_summary":258,"parent_article_id":9,"relation_type":9,"image_url":259,"verify_count":202,"avg_score":9,"score_count":202,"published_at":260,"ingested_at":261,"source":262,"category":266,"tags":267,"ioc_count":214,"has_awareness_lesson":215,"awareness_lesson_id":9},"e4ccef1b-9702-4a75-9091-9b670d042d7d","Your iPhone Gets Stolen. Then the Hacking Begins","your-iphone-gets-stolen-then-the-hacking-begins-1d03ce","https:\u002F\u002Fwww.wired.com\u002Fstory\u002Fyour-iphone-gets-stolen-then-the-hacking-begins\u002F","A bustling underground ecosystem is providing criminals with the tools to unlock iPhones—and wage phishing attacks against their contacts to access bank accounts and more.","Researchers at Infoblox have uncovered a thriving underground market across Telegram and the web where criminals purchase affordable unlocking tools and phishing kits designed to compromise stolen iPhones. The ecosystem includes phishing pages mimicking Apple's Find My service, jailbreak tools, and voice-calling scripts, with traffic to phishing domains increasing 350% year-over-year. Stolen phones worth $50–$200 when locked can fetch $500–$1,000 when unlocked, incentivizing thieves to gain access to bank accounts and crypto wallets.","https:\u002F\u002Fmedia.wired.com\u002Fphotos\u002F6a04f441c21c453beb0a3dc7\u002Fmaster\u002Fpass\u002FGettyImages-2234913437.jpg","2026-05-14T10:00:00+00:00","2026-05-14T12:00:11.062265+00:00",{"id":263,"url":264,"name":265},"d07afc53-ce64-45ba-ad4e-22e642c981fb","https:\u002F\u002Fwww.wired.com\u002Ffeed\u002Fcategory\u002Fsecurity\u002Flatest\u002Frss","WIRED Security",{"id":77,"icon":9,"name":78,"slug":79,"description":9},[268,269,270],{"id":36,"slug":38,"name":37},{"id":188,"slug":190,"name":189},{"id":183,"slug":185,"name":184},{"id":272,"title":273,"slug":274,"url":275,"summary":276,"ai_summary":277,"parent_article_id":9,"relation_type":9,"image_url":278,"verify_count":202,"avg_score":9,"score_count":202,"published_at":279,"ingested_at":280,"source":281,"category":282,"tags":283,"ioc_count":214,"has_awareness_lesson":215,"awareness_lesson_id":9},"11eba9f7-511b-4c8d-b12d-fb7072a5a474","Hackers Targeted PraisonAI Vulnerability Hours After Disclosure","hackers-targeted-praisonai-vulnerability-hours-after-disclosure-51c3b5","https:\u002F\u002Fwww.securityweek.com\u002Fhackers-targeted-praisonai-vulnerability-hours-after-disclosure\u002F","The first exploitation attempts were observed less than four hours after the authentication bypass was publicly disclosed. The post Hackers Targeted PraisonAI Vulnerability Hours After Disclosure appeared first on SecurityWeek.","PraisonAI versions 2.5.6 to 4.6.33 contained an authentication bypass (CVE-2026-44338) due to disabled Flask API authentication by default, allowing unauthenticated access to agent workflows. Within 3 hours 44 minutes of public disclosure, a scanner identified as CVE-Detector\u002F1.0 began probing internet-exposed instances for the vulnerable endpoint. Sysdig assessed the activity as reconnaissance-focused reconnaissance rather than active exploitation, but highlights the accelerated threat timeline enabled by AI-assisted tooling in the modern attack landscape.","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2025\u002F08\u002FAI-assistant-chatbot-artificial-intelligence.jpg","2026-05-14T09:45:53+00:00","2026-05-14T10:00:24.010261+00:00",{"id":227,"url":228,"name":229},{"id":12,"icon":9,"name":13,"slug":14,"description":15},[284,285,286],{"id":6,"slug":8,"name":7},{"id":178,"slug":180,"name":179},{"id":30,"slug":32,"name":31},{"id":288,"title":289,"slug":290,"url":291,"summary":292,"ai_summary":293,"parent_article_id":9,"relation_type":9,"image_url":294,"verify_count":202,"avg_score":9,"score_count":202,"published_at":295,"ingested_at":280,"source":296,"category":297,"tags":298,"ioc_count":251,"has_awareness_lesson":215,"awareness_lesson_id":9},"3a025890-2ac1-42e1-8786-7b5553294a44","High-Severity Vulnerability Patched in VMware Fusion","high-severity-vulnerability-patched-in-vmware-fusion-3f3b97","https:\u002F\u002Fwww.securityweek.com\u002Fhigh-severity-vulnerability-patched-in-vmware-fusion\u002F","The patch was announced as Broadcom is attending the Pwn2Own hacking competition in Berlin this week. The post High-Severity Vulnerability Patched in VMware Fusion appeared first on SecurityWeek.","Broadcom released a patch for CVE-2026-41702, a high-severity time-of-check time-of-use (TOCTOU) vulnerability in VMware Fusion that allows local non-administrative users to escalate privileges to root. The vulnerability was reported by Mathieu Farrell. The patch was announced as Broadcom attends Pwn2Own hacking competition in Berlin, where additional VMware patches are expected.","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2022\u002F08\u002FVMWare.jpg","2026-05-14T08:42:25+00:00",{"id":227,"url":228,"name":229},{"id":6,"icon":9,"name":7,"slug":8,"description":9},[299,300],{"id":168,"slug":170,"name":169},{"id":6,"slug":8,"name":7},{"id":302,"title":303,"slug":304,"url":305,"summary":306,"ai_summary":307,"parent_article_id":9,"relation_type":9,"image_url":308,"verify_count":202,"avg_score":9,"score_count":202,"published_at":309,"ingested_at":310,"source":311,"category":312,"tags":313,"ioc_count":316,"has_awareness_lesson":215,"awareness_lesson_id":9},"296fb746-0313-429b-917b-3918597fbd0e","New Fragnesia Linux flaw lets attackers gain root privileges","new-fragnesia-linux-flaw-lets-attackers-gain-root-privileges-4bf6ea","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fnew-fragnesia-linux-flaw-lets-attackers-gain-root-privileges\u002F","Linux distros are rolling out patches for a new high-severity kernel privilege escalation vulnerability (known as Fragnasia and tracked as CVE-2026-46300) that allows attackers to run malicious code as root. [...]","A new high-severity Linux kernel vulnerability called Fragnesia (CVE-2026-46300) allows unprivileged local attackers to gain root privileges through a logic bug in the XFRM ESP-in-TCP subsystem. Discovered by Zellic's William Bowling, the flaw enables arbitrary byte writes to the kernel page cache of read-only files and is part of the Dirty Frag vulnerability class. Linux distributions are rolling out patches, and users unable to patch immediately are advised to disable vulnerable kernel modules as a mitigation.","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2025\u002F10\u002F31\u002FLinux.jpg","2026-05-14T07:34:19+00:00","2026-05-14T08:00:21.346083+00:00",{"id":206,"url":207,"name":208},{"id":6,"icon":9,"name":7,"slug":8,"description":9},[314,315],{"id":12,"slug":14,"name":13},{"id":183,"slug":185,"name":184},3,{"id":318,"title":319,"slug":320,"url":321,"summary":322,"ai_summary":323,"parent_article_id":9,"relation_type":9,"image_url":324,"verify_count":202,"avg_score":9,"score_count":202,"published_at":325,"ingested_at":326,"source":327,"category":328,"tags":329,"ioc_count":316,"has_awareness_lesson":215,"awareness_lesson_id":9},"872ede96-6681-4aec-bfe5-dc8a27160356","Researcher Drops YellowKey, GreenPlasma Windows Zero-Days","researcher-drops-yellowkey-greenplasma-windows-zero-days-3e65bf","https:\u002F\u002Fwww.securityweek.com\u002Fresearcher-drops-yellowkey-greenplasma-windows-zero-days\u002F","YellowKey is a BitLocker bypass that requires physical access. GreenPlasma enables elevation of privileges to System. The post Researcher Drops YellowKey, GreenPlasma Windows Zero-Days appeared first on SecurityWeek.","Security researcher Chaotic Eclipse publicly released proof-of-concept exploits for two unpatched Windows zero-day vulnerabilities: YellowKey, which bypasses BitLocker encryption with physical access, and GreenPlasma, which enables privilege escalation to System level. The researcher claims YellowKey may be an intentional backdoor and has previously expressed dissatisfaction with Microsoft's vulnerability handling; security experts confirmed the exploits work against recent Windows 11 builds.","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2024\u002F10\u002FWindows-Kernel-BSOD.jpg","2026-05-14T07:27:42+00:00","2026-05-14T08:00:20.764386+00:00",{"id":227,"url":228,"name":229},{"id":12,"icon":9,"name":13,"slug":14,"description":15},[330,331],{"id":24,"slug":26,"name":25},{"id":6,"slug":8,"name":7},{"id":333,"title":334,"slug":335,"url":336,"summary":337,"ai_summary":338,"parent_article_id":9,"relation_type":9,"image_url":339,"verify_count":202,"avg_score":9,"score_count":202,"published_at":340,"ingested_at":341,"source":342,"category":346,"tags":347,"ioc_count":251,"has_awareness_lesson":215,"awareness_lesson_id":9},"49be262e-42e8-4a01-86c9-b1df7e1fd541","TeamPCP and BreachForums Launch $1,000 Contest for Supply Chain Attacks","teampcp-and-breachforums-launch-1-000-contest-for-supply-chain-attacks-0f2fdb","https:\u002F\u002Fsocket.dev\u002Fblog\u002Fteampcp-supply-chain-attack-contest?utm_medium=feed","After months of targeting security tools, CI\u002FCD workflows, and open source packages, TeamPCP is now promoting Shai-Hulud as required tooling for a competition that rewards the biggest compromise with a tiny crypto payout. According to Dark Web Informer, the competition was announced on BreachForums by an account identified as the forum’s owner, in collaboration with TeamPCP. Participants are being offered $1,000 USD in Monero to compromise open source packages with Shai-Hulud, along with the usual cybercrime forum currency of reputation and bragging rights. Source: Dark Web Informer The post says participants must use Shai-Hulud in their attacks, submit their forum handle or Breached profile, and provide “reasonable proof” of access. The winner will be determined by weekly and monthly download counts for the compromised packages. Smaller package compromises can also be combined toward the total, turning package reach into the scoreboard. Under that scoring system, a high-download package is the obvious prize. But a pile of smaller compromises can also count, giving participants a reason to go broad across the ecosystem instead of only chasing a single marquee target. The rule rewards a worm that devours indiscriminately. Source: Dark Web Informer The prize, however, is almost comically small for the kind of access TeamPCP is asking participants to burn. A successful supply chain compromise can expose CI\u002FCD secrets, cloud credentials, maintainer tokens, source code access, and downstream enterprise environments. That access is worth far more than $1,000 to actors who know how to monetize it. The contest essentially functions as a public recruitment stunt, turning supply chain compromise into a leaderboard for lower-tier actors willing to trade risk for recognition. Open Source Malware for Open Source Attacks # TeamPCP, never ones to miss a punchline, also released Shai-Hulud as open source attack tooling, hosted on the Breached CDN. A GitHub-hosted copy circulated before being taken down, according to users tracking the repository on X. TeamPCP has been systematically targeting security tools and critical open source infrastructure. In forum posts, the group has called out security vendors directly: “These companies were built to protect your supply chains yet they can't even protect their own, the state of modern security research is a joke, as a result we're gonna be around for a long time stealing terrabytes of trade secrets with our new partners.” Socket has been tracking TeamPCP’s activity across security tools, CI\u002FCD workflows, GitHub Actions, Docker images, OpenVSX extensions, npm, PyPI, and Packagist. The group frequently targets tools that already run inside developer and enterprise environments, then uses that access to harvest credentials for follow-on attacks. Recruiting Around Stolen Access # It is possible that a $1,000 prize will not motivate skilled operators to burn high-value access. The amount is negligible compared to the value of credentials stolen from CI\u002FCD pipelines, cloud environments, maintainer accounts, and enterprise developer tooling. TeamPCP has become one of the more successful access-broker operations in recent supply chain activity because it focuses on compromising tools that already have privileged access built in. That is why these incidents keep producing downstream victims. Vect announced its TeamPCP partnership on BreachForums less than seven weeks ago, though in supply chain attack time it already feels like 84 years. Since then, ransomware and extortion claims tied to the broader TeamPCP credential-theft fallout have touched AI training data, AI model development, property management technology, manufacturing, sports data infrastructure, and government cloud platforms, with other alleged claims spanning pharmaceuticals, financial data services, and major enterprise tech. Reporting has also pointed to overlapping claims from Vect, ShinyHunters, and Lapsus$, making attribution messy even when the credential-theft pipeline traces back to the same supply chain activity. The contest extends that pipeline outward. TeamPCP has already been positioning supply chain compromise as a way to harvest credentials, expose enterprise environments, and hand access to groups that know how to monetize it. Now it is giving forum users an open source worm, a scoring system, and a reason to rack up compromises. A $1,000 prize may not bring in serious operators. It can still bring in reckless ones. For maintainers and security teams already tired of the constant stream of open source supply chain attacks, the contest adds another weight they did not need: a public incentive for copycat attempts against package ecosystems.","TeamPCP, in collaboration with BreachForums, announced a competition offering $1,000 USD in Monero to attackers who successfully compromise open source packages using their Shai-Hulud attack tool. Winners are determined by download counts of compromised packages, incentivizing both high-impact single targets and broad ecosystem compromise. The contest functions as a recruitment mechanism for lower-tier threat actors, with the prize amount negligible compared to the value of credentials stolen from CI\u002FCD pipelines and enterprise environments.","https:\u002F\u002Fcdn.sanity.io\u002Fimages\u002Fcgdhsj6q\u002Fproduction\u002Fd62d781ca0fc098a88c5bc51fdd08215d3bcb83f-1254x1254.png?w=1000&q=95&fit=max&auto=format","2026-05-14T02:49:33.417+00:00","2026-05-14T06:00:19.438984+00:00",{"id":343,"url":344,"name":345},"30adb488-0f84-4546-a81c-ab52a7489b84","https:\u002F\u002Fsocket.dev\u002Fapi\u002Fblog\u002Ffeed.atom","SocketDev",{"id":18,"icon":9,"name":19,"slug":20,"description":21},[348,349,350],{"id":77,"slug":79,"name":78},{"id":60,"slug":62,"name":61},{"id":183,"slug":185,"name":184},{"id":352,"title":353,"slug":354,"url":355,"summary":356,"ai_summary":357,"parent_article_id":9,"relation_type":9,"image_url":358,"verify_count":202,"avg_score":9,"score_count":202,"published_at":359,"ingested_at":360,"source":361,"category":365,"tags":366,"ioc_count":251,"has_awareness_lesson":215,"awareness_lesson_id":9},"2b1f8903-1d8f-47b8-9c1f-de08f4c53cdd","TeamPCP Claims Sale of Mistral AI Repositories Amid Mini Shai-Hulud Attack","teampcp-claims-sale-of-mistral-ai-repositories-amid-mini-shai-hulud-attack-f2ae58","https:\u002F\u002Fhackread.com\u002Fteampcp-mistral-ai-repositories-mini-shai-hulud-attack\u002F","TeamPCP claims to be selling alleged Mistral AI repositories on a hacker forum after the Mini Shai-Hulud attack targeted npm and PyPI ecosystems.","Following the Mini Shai-Hulud supply chain attack that poisoned npm and PyPI packages, a TeamPCP-linked threat actor claims to be selling approximately 5GB of alleged internal Mistral AI repositories for $25,000 on a hacking forum. The listing references roughly 450 repositories covering AI training, inference, fine-tuning, and enterprise projects, though the authenticity remains unverified. The claims suggest attackers are expanding beyond poisoned packages to target internal development systems and intellectual property.","https:\u002F\u002Fhackread.com\u002Fwp-content\u002Fuploads\u002F2026\u002F05\u002Fteampcp-mistral-ai-repositories-mini-shai-hulud-attack-2.png","2026-05-14T00:37:05+00:00","2026-05-14T02:00:16.908422+00:00",{"id":362,"url":363,"name":364},"669622ac-ebeb-40b1-b887-4586dd6bb884","https:\u002F\u002Fwww.hackread.com\u002Ffeed\u002F","Hackread",{"id":18,"icon":9,"name":19,"slug":20,"description":21},[367,368],{"id":77,"slug":79,"name":78},{"id":183,"slug":185,"name":184},{"id":370,"title":371,"slug":372,"url":373,"summary":374,"ai_summary":375,"parent_article_id":9,"relation_type":9,"image_url":376,"verify_count":202,"avg_score":9,"score_count":202,"published_at":377,"ingested_at":378,"source":379,"category":383,"tags":384,"ioc_count":388,"has_awareness_lesson":215,"awareness_lesson_id":9},"8ac27af4-850b-4732-82ba-eae17c80509b","Daily Dose of Dark Web Informer - May 13th, 2026","daily-dose-of-dark-web-informer-may-13th-2026-14aa17","https:\u002F\u002Fdarkwebinformer.com\u002Fdaily-dose-of-dark-web-informer-may-13th-2026\u002F","This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X\u002FTwitter posts.","The Daily Dark Web Informer digest for May 13th, 2026 aggregates multiple threat intelligence reports including breaches at Akitatek, Vietnam's Ministry of Health, SIVVI, and others exposing hundreds of thousands of records. Notable incidents include ransomware attacks on NTN Bearing Corporation and Foxconn, a supply chain attack affecting Mistral AI, and the District Health Information Software (DHIS2) breach impacting 30+ national health systems serving 3.2 billion people. The digest also highlights a supply chain attack competition and ongoing dark web marketplace activity.","https:\u002F\u002Fstorage.ghost.io\u002Fc\u002F6b\u002F16\u002F6b16ac9c-cd67-432f-b0f3-bbec941084ff\u002Fcontent\u002Fimages\u002Fsize\u002Fw1200\u002F2026\u002F02\u002F23597862398746923879872364987342598723.png","2026-05-13T22:37:29+00:00","2026-05-13T23:00:07.865+00:00",{"id":380,"url":381,"name":382},"cbacbff4-323e-4947-9f55-74f2c7c7d1be","https:\u002F\u002Fapi.twitter.com\u002F2\u002Ftweets\u002Fsearch\u002Frecent","X \u002F Twitter",{"id":183,"icon":9,"name":184,"slug":185,"description":9},[385,386,387],{"id":66,"slug":68,"name":67},{"id":141,"slug":143,"name":142},{"id":77,"slug":79,"name":78},4,{"id":390,"title":391,"slug":392,"url":393,"summary":394,"ai_summary":395,"parent_article_id":9,"relation_type":9,"image_url":396,"verify_count":202,"avg_score":9,"score_count":202,"published_at":397,"ingested_at":398,"source":399,"category":400,"tags":401,"ioc_count":202,"has_awareness_lesson":215,"awareness_lesson_id":9},"9864f4a1-c9be-4f1b-98f4-d0d3438e15dc","West Pharmaceutical says hackers stole data, encrypted systems","west-pharmaceutical-says-hackers-stole-data-encrypted-systems-108c94","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fwest-pharmaceutical-says-hackers-stole-data-encrypted-systems\u002F","West Pharmaceutical Services disclosed that it was the target of a cyberattack that resulted in data exfiltration and system encryption. [...]","West Pharmaceutical Services, a major pharmaceutical manufacturer, disclosed a cyberattack detected on May 4, 2026, involving both data exfiltration and system encryption across its global network. The company activated incident response protocols, engaged law enforcement and Palo Alto Networks' Unit 42 for forensics, and has partially restored core manufacturing and shipping systems. No ransomware group has claimed responsibility, and the full scope of stolen data and financial impact remain under investigation.","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2026\u002F05\u002F13\u002FWest.jpg","2026-05-13T22:23:31+00:00","2026-05-14T00:00:12.577541+00:00",{"id":206,"url":207,"name":208},{"id":66,"icon":9,"name":67,"slug":68,"description":9},[402,403,404],{"id":18,"slug":20,"name":19},{"id":141,"slug":143,"name":142},{"id":30,"slug":32,"name":31},{"id":406,"title":407,"slug":408,"url":409,"summary":410,"ai_summary":411,"parent_article_id":9,"relation_type":9,"image_url":412,"verify_count":202,"avg_score":9,"score_count":202,"published_at":413,"ingested_at":414,"source":415,"category":419,"tags":420,"ioc_count":251,"has_awareness_lesson":215,"awareness_lesson_id":9},"296ff0d7-dcaf-4b95-9797-2f1c205e5bdb","Attackers Weaponize RubyGems for Data Dead Drops","attackers-weaponize-rubygems-for-data-dead-drops-a2878c","https:\u002F\u002Fwww.darkreading.com\u002Fapplication-security\u002Fattackers-weaponize-rubygems-data-dead-drops","Threat actors are publishing RubyGems packages that include scrapers targeting public-facing UK government servers, but with no clear objective.","Attackers have published RubyGems packages containing scraper code that targets public-facing UK government servers. The packages appear designed for data exfiltration or reconnaissance, though the threat actors' ultimate objective remains unclear. This represents a supply chain attack leveraging the Ruby package ecosystem.","https:\u002F\u002Feu-images.contentstack.com\u002Fv3\u002Fassets\u002Fblt6d90778a997de1cd\u002Fblt5c3a7f42da5b1b95\u002F6a04cc6a3840020cbc815a66\u002Fruby_Zerilli_Media_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale","2026-05-13T21:09:20+00:00","2026-05-13T22:00:28.605775+00:00",{"id":416,"url":417,"name":418},"28e8d270-6d05-4c98-893b-55ca7b9f8d40","https:\u002F\u002Fwww.darkreading.com\u002Frss.xml","Dark Reading",{"id":18,"icon":9,"name":19,"slug":20,"description":21},[421,422,423],{"id":77,"slug":79,"name":78},{"id":60,"slug":62,"name":61},{"id":183,"slug":185,"name":184},{"id":425,"title":426,"slug":427,"url":428,"summary":429,"ai_summary":430,"parent_article_id":9,"relation_type":9,"image_url":431,"verify_count":202,"avg_score":9,"score_count":202,"published_at":432,"ingested_at":414,"source":433,"category":434,"tags":435,"ioc_count":251,"has_awareness_lesson":215,"awareness_lesson_id":9},"6365e0df-5485-490b-a20b-af8f098fc664","Tables Turn on 'The Gentlemen' RaaS Gang With Data Leak","tables-turn-on-the-gentlemen-raas-gang-with-data-leak-a0ee34","https:\u002F\u002Fwww.darkreading.com\u002Fthreat-intelligence\u002Fgentlemen-raas-gang-data-leak","An OPSEC failure provides a window into what helped the ransomware group rise: a generous affiliate model, opportunistic TTPs, and an effective organizational structure.","An operational security failure has exposed internal details of The Gentlemen ransomware-as-a-service (RaaS) operation, providing insight into the group's structure, affiliate recruitment model, and tactics. The leak reveals how the gang organized itself to scale attacks through a generous affiliate commission system and opportunistic targeting. This intelligence offers security researchers and defenders a rare window into what made the group successful before the breach.","https:\u002F\u002Feu-images.contentstack.com\u002Fv3\u002Fassets\u002Fblt6d90778a997de1cd\u002Fbltd4988365b90a7362\u002F6a04c7e73c21f66c138b9490\u002FTop_hats-Guy_Corbishley-Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale","2026-05-13T20:47:46+00:00",{"id":416,"url":417,"name":418},{"id":141,"icon":9,"name":142,"slug":143,"description":9},[436,437,438],{"id":66,"slug":68,"name":67},{"id":30,"slug":32,"name":31},{"id":183,"slug":185,"name":184},{"id":440,"title":441,"slug":442,"url":443,"summary":444,"ai_summary":445,"parent_article_id":9,"relation_type":9,"image_url":446,"verify_count":202,"avg_score":9,"score_count":202,"published_at":447,"ingested_at":448,"source":449,"category":450,"tags":451,"ioc_count":251,"has_awareness_lesson":215,"awareness_lesson_id":9},"0cd6dfea-48a1-4923-9d8e-98e8ede4162d","New critical Exim mailer flaw allows remote code execution","new-critical-exim-mailer-flaw-allows-remote-code-execution-74ce92","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fnew-critical-exim-mailer-flaw-allows-remote-code-execution\u002F","A critical vulnerability affecting certain configurations of the Exim open-source mail transfer agent could be exploited by an unauthenticated remote attacker to execute arbitrary code. [...]","A critical user-after-free vulnerability (CVE-2026-45185) in Exim versions 4.97–4.99.2 compiled with GnuTLS allows unauthenticated remote attackers to execute arbitrary code by exploiting improper TLS buffer handling during BDAT chunked SMTP traffic. The flaw affects widely deployed mail servers on Linux and Unix systems, particularly in Debian and Ubuntu distributions. Exim 4.99.3 contains the fix.","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2026\u002F05\u002F13\u002Fexim.jpg","2026-05-13T20:23:50+00:00","2026-05-13T22:00:19.099076+00:00",{"id":206,"url":207,"name":208},{"id":6,"icon":9,"name":7,"slug":8,"description":9},[452,453],{"id":178,"slug":180,"name":179},{"id":60,"slug":62,"name":61},{"id":455,"title":456,"slug":457,"url":458,"summary":459,"ai_summary":460,"parent_article_id":9,"relation_type":9,"image_url":9,"verify_count":202,"avg_score":9,"score_count":202,"published_at":461,"ingested_at":462,"source":463,"category":464,"tags":465,"ioc_count":251,"has_awareness_lesson":215,"awareness_lesson_id":9},"5bed6727-5b70-4039-b895-b550a313e2bf","‼️🇺🇸 NTN Bearing Corporation of America Allegedly Hit by PayoutsKing Ransomware: 596 GB Exfiltr...","ntn-bearing-corporation-of-america-allegedly-hit-by-payoutsking-ransomware-596-g-6207d6","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2054617508674421210","‼️🇺🇸 NTN Bearing Corporation of America Allegedly Hit by PayoutsKing Ransomware: 596 GB Exfiltrated From the American Ball and Roller Bearing Manufacturer, Including US Army JLTV Program Documents\n\nhttps:\u002F\u002Ft.co\u002FWDsX3cfnv3","NTN Bearing Corporation of America, a major ball and roller bearing manufacturer, was allegedly compromised by the PayoutsKing ransomware gang, which exfiltrated approximately 596 GB of data. The stolen data reportedly includes sensitive documents related to the US Army's JLTV (Joint Light Tactical Vehicle) program, raising national security and supply chain concerns. The incident highlights the vulnerability of critical manufacturing and defense-adjacent suppliers to ransomware campaigns.","2026-05-13T17:39:21+00:00","2026-05-13T18:00:06.875238+00:00",{"id":380,"url":381,"name":382},{"id":141,"icon":9,"name":142,"slug":143,"description":9},[466,467,468],{"id":18,"slug":20,"name":19},{"id":66,"slug":68,"name":67},{"id":183,"slug":185,"name":184},{"id":470,"title":471,"slug":472,"url":473,"summary":474,"ai_summary":475,"parent_article_id":9,"relation_type":9,"image_url":476,"verify_count":202,"avg_score":9,"score_count":202,"published_at":477,"ingested_at":462,"source":478,"category":479,"tags":480,"ioc_count":251,"has_awareness_lesson":215,"awareness_lesson_id":9},"2e7925bf-ce09-4d0a-a37c-8fe67ead6036","‼️🇹🇼 FOXCONN has fallen victim to Nitrogen Ransomware\n\nData: 8TB over 11 Million files\n\nStop gu...","foxconn-has-fallen-victim-to-nitrogen-ransomware-data-8tb-over-11-million-files--25cf45","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2054613247941038255","‼️🇹🇼 FOXCONN has fallen victim to Nitrogen Ransomware\n\nData: 8TB over 11 Million files\n\nStop guessing what's redacted. Subscribers see everything → https:\u002F\u002Ft.co\u002FsZqObafYRN https:\u002F\u002Ft.co\u002FCGk69J1xqK","Taiwanese electronics manufacturing giant Foxconn has been targeted by Nitrogen ransomware, with threat actors claiming to have exfiltrated 8TB of data comprising over 11 million files. The attack impacts a critical supplier in the global tech supply chain. Details remain limited pending further disclosure from security researchers and the company.","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHINzwVsXcAAkrrr.jpg","2026-05-13T17:22:25+00:00",{"id":380,"url":381,"name":382},{"id":141,"icon":9,"name":142,"slug":143,"description":9},[481,482,483],{"id":18,"slug":20,"name":19},{"id":66,"slug":68,"name":67},{"id":183,"slug":185,"name":184},{"id":485,"title":486,"slug":487,"url":488,"summary":489,"ai_summary":490,"parent_article_id":9,"relation_type":9,"image_url":491,"verify_count":202,"avg_score":9,"score_count":202,"published_at":492,"ingested_at":493,"source":494,"category":495,"tags":496,"ioc_count":251,"has_awareness_lesson":215,"awareness_lesson_id":9},"e72e31d9-9a42-4238-a1b4-bb083d8379c1","Foxconn Confirms North American Factories Hit by Cyberattack","foxconn-confirms-north-american-factories-hit-by-cyberattack-7e97d7","https:\u002F\u002Fwww.securityweek.com\u002Ffoxconn-confirms-north-american-factories-hit-by-cyberattack\u002F","The Nitrogen ransomware group claims to have hacked the company’s systems, stealing 8TB of data, including confidential documents. The post Foxconn Confirms North American Factories Hit by Cyberattack appeared first on SecurityWeek.","Taiwanese manufacturing giant Foxconn confirmed a cyberattack on its North American factories by the Nitrogen ransomware group, which claims to have stolen 8TB of data including confidential documents and schematics from major customers like Apple, Intel, Google, Dell, and Nvidia. The threat actor listed the company on its Tor-based leak site and published screenshots as proof. Foxconn stated it activated response protocols and factories are resuming normal production.","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2026\u002F05\u002FFoxconn.jpeg","2026-05-13T17:13:36+00:00","2026-05-13T18:00:26.268469+00:00",{"id":227,"url":228,"name":229},{"id":141,"icon":9,"name":142,"slug":143,"description":9},[497,498,499],{"id":18,"slug":20,"name":19},{"id":66,"slug":68,"name":67},{"id":183,"slug":185,"name":184},{"id":501,"title":502,"slug":503,"url":504,"summary":505,"ai_summary":506,"parent_article_id":9,"relation_type":9,"image_url":507,"verify_count":202,"avg_score":9,"score_count":202,"published_at":508,"ingested_at":509,"source":510,"category":511,"tags":512,"ioc_count":516,"has_awareness_lesson":215,"awareness_lesson_id":9},"3fd3bc5c-2676-4a16-a6bc-b89d2f444d74","Windows BitLocker zero-day gives access to protected drives, PoC released","windows-bitlocker-zero-day-gives-access-to-protected-drives-poc-released-0e4efb","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fwindows-bitlocker-zero-day-gives-access-to-protected-drives-poc-released\u002F","A cybersecurity researcher has published proof-of-concept (PoC) exploits for two unpatched Microsoft Windows vulnerabilities named YellowKey and GreenPlasma, which are a BitLocker bypass and a privilege-escalation flaw. [...]","A cybersecurity researcher operating as Chaotic Eclipse\u002FNightmare-Eclipse has published proof-of-concept exploits for two unpatched Windows zero-day vulnerabilities: YellowKey, a BitLocker bypass affecting Windows 11 and Server 2022\u002F2025, and GreenPlasma, a privilege escalation flaw in CTFMON. The researcher justified public disclosure citing dissatisfaction with Microsoft's handling of previous bug reports, and has promised further exploit releases.","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2026\u002F02\u002F13\u002FWindows-headpic.jpg","2026-05-13T16:37:49+00:00","2026-05-13T18:00:07.172458+00:00",{"id":206,"url":207,"name":208},{"id":12,"icon":9,"name":13,"slug":14,"description":15},[513,514,515],{"id":6,"slug":8,"name":7},{"id":77,"slug":79,"name":78},{"id":183,"slug":185,"name":184},6,{"id":518,"title":519,"slug":520,"url":521,"summary":522,"ai_summary":523,"parent_article_id":9,"relation_type":9,"image_url":524,"verify_count":202,"avg_score":9,"score_count":202,"published_at":525,"ingested_at":526,"source":527,"category":528,"tags":529,"ioc_count":251,"has_awareness_lesson":215,"awareness_lesson_id":9},"1ab45c4a-5862-49e2-ba35-39d644ac20ce","Akitatek Allegedly Breached Exposing 5,400 Customer Records From the French IT Services and Electronics Repair Company","akitatek-allegedly-breached-exposing-5-400-customer-records-from-the-french-it-s-5de279","https:\u002F\u002Fdarkwebinformer.com\u002Fakitatek-allegedly-breached-exposing-5-400-customer-records-from-the-french-it-services-and-electronics-repair-company\u002F","A threat actor is leaking the customer database of Akitatek, a French IT services and electronics repair company.","Threat actor ChimeraZ has leaked the customer database of Akitatek, a French IT services and electronics repair company, exposing 5,400 customer records. The dataset, published as a 1 MB JSON file, contains personally identifiable information including full names, addresses, postal codes, cities, and both mobile and landline phone numbers. The breach was disclosed on November 5, 2026.","https:\u002F\u002Fstorage.ghost.io\u002Fc\u002F6b\u002F16\u002F6b16ac9c-cd67-432f-b0f3-bbec941084ff\u002Fcontent\u002Fimages\u002F2026\u002F05\u002F1298273598273569812468712569871249783.png","2026-05-13T16:14:49+00:00","2026-05-13T17:00:07.416+00:00",{"id":380,"url":381,"name":382},{"id":66,"icon":9,"name":67,"slug":68,"description":9},[530,531,532],{"id":66,"slug":68,"name":67},{"id":188,"slug":190,"name":189},{"id":183,"slug":185,"name":184},true]