IT Security Weekend Catch Up – May 23, 2026

Comments
close searching

23.05.2026 | 23:30

IT Security Weekend Catch Up – May 23, 2026
avatar

badcyber

comments

IT Security Weekend Catch Up – May 23, 2026

Afraid of missing important security news during the week? We're here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. [PL] E-vaccination card sparks controversy. Is it "coercion infrastructure"?
  2. [PL] Pegasus report before summer break. Services block declassification of data
  3. [PL] [VIDEO] ABW report: Are we safe?
  4. [PL] Who uses AI, for what, and how in public institutions?
  5. [PL] Military bets on artificial intelligence. Creates its own language model
  6. [PL] Warsaw will host NASK cybersecurity center
  7. [PL] Scams are most often run by cybercriminal corporations
  8. [PL] Estonian financial inspectorate suspends Zondacrypto license
  9. [PL] Cinkciarz.pl site CEO arrested. Lived a comfortable life in the USA
  10. Grafana says stolen GitHub token let hackers steal codebase
  11. GitHub confirms breach of 3,800 repos via malicious VSCode extension
  12. Google publishes exploit code threatening millions of Chromium users
  13. Mozilla ’ s response to the UK Department of Science, Innovation and Technology’s consultation “Growing up in the online world”
  14. Independent review confirms critical Telegram vulnerability
  15. Every voice and video call on Discord is now end-to-end encrypted

For the more technical

  1. [PL] CERT Poland releases April 2026 monthly threat report
  2. [PL] FlyHack ad offers cheap flights but delivers malicious Android app
  3. [PL] New vulnerabilities Fragnesia (CVE-2026-46300) and DirtyDecrypt (CVE-2026-31635) disclosed
  4. Open WebUI - stored XSS via file upload that leads to RCE with 1-click
  5. New Windows 'MiniPlasma' zero-day exploit gives SYSTEM access, PoC released
  6. DirtyCBC — Linux RxGK chosen-plaintext page-cache poisoning to root shell
  7. Claw Chain: Cyera research unveil four chainable vulnerabilities in OpenClaw
  8. Second time, same sandbox: Another Anthropic Claude Code network sandbox bypass enables data exfiltration
  9. Exposing Fox Tempest: A malware-signing service operation
  10. Hunting down the Google-sent phishing wave compromising 30,000+ Facebook accounts
  11. Tracking TamperedChef clusters via certificate and code reuse
  12. SEO poisoning campaign leverages Gemini and Claude Code impersonation to deliver infostealer
  13. Premium Deception: Uncovering a global Android carrier billing fraud campaign
  14. Mini Shai-Hulud hits @antv ecosystem, 639 compromised npm package versions
  15. Gremlin Stealer's evolved tactics: Hiding in plain sight with resource files
  16. Fake Microsoft Teams campaign delivers ValleyRAT via NSIS installer and DLL sideloading
  17. Inside SHADOW-WATER-063’s Banana RAT: From build server to banking fraud
  18. WantToCry ransomware remotely encrypts files
  19. CypherLoc, an advanced browser-locking scareware targeting millions
  20. Webworm: New burrowing techniques
  21. From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat
  22. Operation Dragon Whistle: UNG0002 targets Chinese academia via weaponized institutional lure
  23. Analyzing TAX#TRIDENT: Fake Indian tax lures pivot across ZIP, VBS, stego and PHP-wrapped VBS delivery
  24. How Storm-2949 turned a compromised identity into a cloud-wide breach
  25. UAC-0184: From HTA to a signed network stack

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy! 2026-05-23T23:30:00+02:00

Comments