BuzzSec

Everything is still on fire. This week feels dumb in the worst way — bad links, weak checks, fake help desks, shady forum posts, and people turning supply chain attacks into some cursed little game for clout and cash. Half of it feels new. Half of it feels like crap we should have fixed years ago. The mess keeps getting louder: users get tricked, boxes get popped, tools meant for normal work from The Hacker News https://thehackernews.com/2026/05/threatsday-bulletin-pan-os-rce-mythos.html

This is a current list of where and when I am scheduled to speak: I’m giving a virtual talk on “The Security of Trust in the Age of AI,” hosted by the Financial Women’s Association of New York , at 6:00 PM ET on May 21, 2026. I’m speaking at the Potsdam Conference on National Cybersecurity  at the Hasso Plattner Institut in Potsdam, Germany. The event runs June 24–25, 2026, and my talk will be the evening of June 24. I’m speaking at the Digital Humanism Conference in Vienna, Austria, on Tuesday, June 26, 2026. I’m speaking at the Nuremberg Digital Festival in Nuremburg, Germany, on Wednesday, July 1, 2026. The list is maintained on this page . from Schneier on Security https://www.schneier.com/blog/archives/2026/05/upcoming-speaking-engagements-56.html

A major phishing operation is targeting soccer/football fans ahead of the 2026 FIFA World Cup, which begins in June, according to researchers at Flare. The attackers have set up at least 79 phishing sites impersonating the official FIFA website. from KnowBe4 Blog https://blog.knowbe4.com/phishing-attacks-begin-targeting-the-2026-fifa-world-cup

The Belarus-aligned threat group known as Ghostwriter has been attributed to a fresh set of attacks targeting governmental organizations in Ukraine. Active since at least 2016, Ghostwriter has been linked to both cyber espionage and influence operations targeting neighboring countries, particularly Ukraine. It's also tracked under the monikers FrostyNeighbor, PUSHCHA, Storm-0257, TA445, UAC‑0057 from The Hacker News https://thehackernews.com/2026/05/ghostwriter-targets-ukrainian.html

Researchers at Bitdefender warn that Netflix-themed phishing attacks can have far-reaching consequences if users follow poor security practices. While Netflix is generally associated with a user’s personal life, phishing attacks targeting personal accounts can put users’ employers at risk. from KnowBe4 Blog https://blog.knowbe4.com/warning-netflix-phishing-scams-can-lead-to-serious-consequences

Details have emerged about a new variant of the recent Dirty Frag Linux local privilege escalation (LPE) vulnerability that allows local attackers to gain root access, making it the third such bug to be identified in the kernel within a span of two weeks. Codenamed Fragnesia, the security vulnerability is tracked as CVE-2026-46300 (CVSS score: 7.8) and is rooted in the Linux kernel's XFRM from The Hacker News https://thehackernews.com/2026/05/new-fragnesia-linux-kernel-lpe-grants.html