BuzzSec

from KnowBe4 Blog https://blog.knowbe4.com/cyberheistnews-vol-16-20-heads-up-today-you-have-only-60-seconds-to-stop-that-breach-are-you-ready

Researchers at Guardo Labs are tracking a major phishing campaign that abused Google AppSheet as a relay to send phishing emails. The researchers identified more than 30,000 Facebook accounts that were compromised by this campaign. Since the emails are sent from Google’s legitimate infrastructure, they’re much more likely to land in users' inboxes. from KnowBe4 Blog https://blog.knowbe4.com/phishing-campaign-exploits-google-appsheets-to-target-facebook-accounts

Drupal has issued an alert stating that it intends to release a "core security release" for all supported branches on May 20, 2026, from 5-9 p.m. UTC. "The Drupal Security Team urges you to reserve time for core updates at that time because exploits might be developed within hours or days," the maintainers of the PHP-based content management system (CMS) said. "Not all configurations are from The Hacker News https://thehackernews.com/2026/05/drupal-to-release-urgent-core-security.html

Not by name, but Laurie Anderson quotes me in one of the tracks of her new album: My favorite quote is from a cryptologist who said “If you think technology will solve your problems, you don’t understand technology and you don’t understand your problems.” Also in interviews : “Of course, it’s ridiculous, outrageous, blah, blah, blah,” Anderson says about the ad. ‘But, I mean, my favorite quote on this is from a cryptologist who said, ‘If you think technology will solve your problems, you don’t understand technology ­ and you don’t understand your problems.’ And I think I’m completely on board with that.” People are telling me that she has been reciting this quote in performances for years. (I lost track of her since college and her 1981 hit “”https://www.youtube.com/watch?v=Vkfpi2H8tOE”>O Superman .”) The origins of the quote is from Roger Needham : If you think cryptog...

Critical security vulnerabilities have been disclosed in SEPPMail Secure E-Mail Gateway, an enterprise-grade email security solution, that could be exploited to achieve remote code execution and enable an attacker to read arbitrary mails from the virtual appliance. "These vulnerabilities could have been exploited to read all mail traffic or as an entry vector into the internal network," from The Hacker News https://thehackernews.com/2026/05/seppmail-secure-e-mail-gateway.html

Monday opens with a trust problem. A mail server flaw is under active use. A network control system was targeted. Trusted packages were poisoned. A fake model page pushed a stealer. Then came the familiar ransom claim: the data was returned and deleted. The pattern is clear. One weak dependency can leak keys. One leaked key can open cloud access. One cloud foothold can become a production from The Hacker News https://thehackernews.com/2026/05/weekly-recap-exchange-0-day-npm-worm.html