BuzzSec

What happens when a phishing email looks clean enough to pass through security, but dangerous enough to expose the business after one click? That is the gap many SOCs still struggle with: the attacks that leave teams unsure what was exposed, who else was targeted, and how far the risk has spread. Early phishing detection closes that gap. It helps teams move from uncertainty to evidence faster, from The Hacker News https://thehackernews.com/2026/05/how-to-reduce-phishing-exposure-before.html

At the Milken Conference in May 2026, Robert F. Smith, founder and CEO of Vista Equity Partners, described a shift that every security leader should hear. Software, he said, has moved through three states: product, then service and now worker. "That agent, that software, actually does work." Companies that do not make the transition to software as a worker, he was blunt, risk being disintermediated entirely. He is not only right because organizations risk falling behind the competition as Al increases efficiency, but also because agentic systems have the potential to address systemic challenges many organizations are facing today. from KnowBe4 Blog https://blog.knowbe4.com/what-is-an-al-agent-in-cybersecurity

Ivanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities that could be exploited by bad actors to bypass authentication and execute arbitrary code. Topping the list is a critical flaw impacting Ivanti Xtraction (CVE-2026-8043, CVSS score: 9.6) that could be exploited to achieve information disclosure or client-side attacks. "External control of a file name from The Hacker News https://thehackernews.com/2026/05/ivanti-fortinet-sap-vmware-n8n-patch.html

It’s nasty , but it requires physical access to the computer: The exploit, named YellowKey, was published earlier this week by a researcher who goes by the alias Nightmare-Eclipse. It reliably bypasses default Windows 11 deployments of BitLocker, the full-volume encryption protection Microsoft provides to make disk contents off-limits to anyone without the decryption key, which is stored in a secured piece of hardware known as a trusted platform module (TPM). BitLocker is a mandatory protection for many organizations, including those that contract with governments. Slashdot thread . And here’s Nightmare-Eclipse’s GitHub account. from Schneier on Security https://www.schneier.com/blog/archives/2026/05/zero-day-exploit-against-windows-bitlocker.html

Cybersecurity researchers have discovered four new npm packages containing information-stealing malware, one of which is a clone of the Shai-Hulud worm open-sourced by TeamPCP. The list of identified packages is below - chalk-tempalte (825 Downloads) @deadcode09284814/axios-util (284 Downloads) axois-utils (963 Downloads) color-style-utils (934 Downloads) "One of the packages (chalk-tempalte) from The Hacker News https://thehackernews.com/2026/05/four-malicious-npm-packages-deliver.html

Chaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and GreenPlasma, has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day flaw that grants attackers SYSTEM privileges on fully patched Windows systems. Codenamed MiniPlasma, the vulnerability impacts "cldflt.sys," which refers to the Windows Cloud Files Mini Filter Driver, from The Hacker News https://thehackernews.com/2026/05/miniplasma-windows-0-day-enables-system.html