Verizon DBIR Crowns Vulnerability Exploits as Top Breach Vector; Microsoft Disrupts Fox Tempest Malware-Signing Service
Summary
In the latest cybersecurity intelligence for May 19, 2026, the landscape shifts as the Verizon DBIR reports vulnerability exploitation has surpassed stolen credentials as the primary breach cause for the first time. Concurrently, Microsoft took down the 'Fox Tempest' malware-signing-as-a-service operation, a key enabler for ransomware gangs. Other major developments include a sophisticated supply chain attack on TanStack's npm packages, a new Windows 11 zero-day exploit named 'MiniPlasma', and the emergence of 'WantToCry' ransomware targeting exposed SMB services. These events highlight a trend towards faster, more complex attacks, increasing pressure on organizations to accelerate patch management and secure their software supply chains.
Today New Articles
The 2026 Verizon Data Breach Investigations Report (DBIR) marks a historic shift in the threat landscape. For the first time in 19 years, the exploitation of software vulnerabilities is the leading cause of data breaches, responsible for 31% of incidents. This...
Microsoft Takes Down 'Fox Tempest' Cybercrime Service That Sold Forged Code-Signing Certificates
Microsoft has executed a legal and technical takedown of 'Fox Tempest,' a financially motivated cybercrime group that ran a sophisticated malware-signing-as-a-service (MSaaS). The group sold counterfeit code-signing certificates for up to $9,500, allowing othe...
New 'WantToCry' Ransomware Uses Exposed SMB Services for Novel Remote Encryption Attacks
A new ransomware strain named 'WantToCry' is actively targeting systems with exposed Server Message Block (SMB) services. According to SophosLabs, the attackers brute-force credentials to gain access, then exfiltrate files to their own servers for encryption....
AI-Powered Cyberattacks Are Overwhelming Critical Infrastructure Defenses, Experts Warn
Security experts are sounding the alarm that AI-powered cyberattacks are becoming too fast and complex for human-led security teams to handle, particularly in critical infrastructure sectors. As operators of hospitals, utilities, and power grids connect more o...
XCSSET Malware Detailed: A Supply Chain Attack on macOS Developers via Xcode Projects
Security firm ADEX has published a deep-dive analysis of the XCSSET macOS malware, detailing how it conducts supply chain attacks against developers. The malware injects itself into Xcode projects and uses a self-propagating mechanism to spread to other projec...
EU Cybersecurity Centre Opens Call for Experts to Oversee Billions in Digital Funding
The European Cybersecurity Competence Centre (ECCC) has launched a call for independent cybersecurity experts to assist in evaluating and monitoring projects funded under the multi-billion Euro Digital Europe and Horizon Europe programs. Professionals with at...
Japan Introduces New National Strategy to Defend Critical Infrastructure from Cyberattacks
The Japanese government has adopted a new, comprehensive package of measures to strengthen the cyber defenses of its critical infrastructure. The strategy, targeting 15 industry sectors including finance and medicine, is a direct response to the rising risk of...
Not So Gentle: 'The Gentlemen' Ransomware Gang Hacked, Internal Operations Exposed
The ransomware-as-a-service (RaaS) group known as 'The Gentlemen' has reportedly suffered a major breach of its own internal systems. The compromise has given security researchers at Check Point an unprecedented look inside the gang's operations, including aff...
Article Updates
Update:Check Point Research reports new AI-powered exploits. 'Claw Chain' (CVE-2026-44112, CVSS 9.6) vulnerabilities were found in the OpenClaw autonomous AI agent platform, allowing sandbox bypass and full control. Additionally, an AI-assisted exploit was demonstrat...
Post-Shai-Hulud: npm Attacks Evolve with Wormable Malware and CI/CD Persistence
Update:Recent campaigns like TeamPCP and 'mini Shai-Hulud' exemplify a strategic shift by threat actors to target developer workstations directly. These environments are now considered the 'epicenter' for compromising the entire software delivery lifecycle, as they c...
‘Mini Shai-Hulud’ Supply Chain Attack Hits 170+ Open-Source Packages via GitHub Actions
Update:New details from TanStack confirm the 'Mini Shai-Hulud' campaign compromised 42 of their npm packages on May 11, 2026, publishing 84 malicious versions. The attack leveraged GitHub Actions cache poisoning and, critically, the theft of a short-lived OIDC token...
The Agentic Era: Frontier AI Models Fuel a Surge in Vulnerability Discovery
Update:Security experts, including Check Point's Yochai Corem, warn that the 'agentic speed' of AI-powered attacks, which can autonomously chain exploits and pivot rapidly, creates a critical mismatch with slow, manual human remediation cycles. This asymmetry is now...
New 'MiniPlasma' Windows Zero-Day Resurrects Patched Flaw for Full System Control
Update:The 'MiniPlasma' zero-day exploit's proof-of-concept has been further verified by multiple independent security researchers, confirming its reliability on fully patched Windows 11 systems. This widespread confirmation significantly increases the urgency, with...