Author: ogwatermelon

May 18, 2026 Unknown threat actors have breached automatic tank gauge (ATG) systems at US gas stations in multiple states. The attackers exploited these systems to manipulate display readings on fuel tanks. However, they did not alter the actual fuel levels. The incident represents a rare case of critical infrastructure targeting with disruption rather than […]

May 5, 2026 An Iranian-nexus threat actor carried out a targeted data theft attack against the Omani government on April 8 and April 10, 2026. The attackers compromised the Ministry of Justice and Legal Affairs and exfiltrated over 26,000 user records. These records included judicial case data, committee decisions, and system registry hives. IT-security firm […]

May 21, 2026 On May 18, 2026, South African web hosting provider 1-Grid suffered a DDoS attack that disrupted its infrastructure and customer services. The attackers, operating under the alias “Black Matter,” targeted the hosting platform in an operation classified by the European Repository of Cyber Incidents (EuRepoC) as an attack on critical infrastructure. While […]

May 22, 2026 On May 21, 2026, the government of the Northern Mariana Islands — a US commonwealth in the Western Pacific — disclosed that an unknown threat actor compromised government email accounts. The incident was reported by the Office of Information Technology (OIT) after systemwide security protocols were activated. While the full scope remains […]

May 23, 2026 Drupal has confirmed that a highly critical SQL injection vulnerability (CVE-2026-9082) in its core database abstraction API is now under active attack. Disclosed on May 18, 2026, the flaw allows unauthenticated remote attackers to execute arbitrary SQL commands against Drupal sites running on PostgreSQL, with potential for remote code execution, privilege escalation, […]

May 22, 2026 On May 22, 2026, Trend Micro disclosed a zero-day vulnerability in its enterprise endpoint protection platform, Apex One. The flaw is actively being exploited in the wild. Tracked as CVE-2026-34926, it is a directory traversal vulnerability in the on-premises Apex One server. The vulnerability allows a local attacker with administrative credentials to […]

May 10, 2026 The Apache Software Foundation released an emergency security patch on May 5, 2026, to address CVE-2026-23918, a critical HTTP/2 double-free vulnerability in the Apache HTTP Server that enables remote code execution (RCE). With a CVSS v3.1 score of 8.8/10, this memory corruption flaw affects approximately 70% of web servers globally, particularly Linux-based […]

May 9, 2026 The Canvas Learning Management System (LMS) — a platform used by thousands of schools and universities worldwide — was hit by a devastating cyberattack from the ShinyHunters hacking group on May 8, 2026. The Canvas data breach disrupted education infrastructure globally, leaving nearly 9,000 educational institutions across the US, Europe, and Asia […]

May 8, 2026 A critical local privilege escalation vulnerability known as Dirty Frag (CVE-2026-43284) has been disclosed, affecting the Linux kernel’s xfrm-ESP subsystem. First reported to the Linux kernel maintainers on April 30, 2026, this vulnerability enables unauthorized users to escalate to root privileges on major Linux distributions, including Ubuntu, Debian, Cloud Linux, and others. […]

May 7, 2026 On May 4, 2026, cybersecurity giant Trellix confirmed that a source code breach had compromised its development repository, exposing intellectual property and raising alarms across the supply chain ecosystem. The attack, which occurred approximately three weeks prior to disclosure, involved unauthorized access to Trellix’s source code repository alongside systems managed by critical […]