Close Menu

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    CISA warns admins to patch actively exploited SharePoint flaws

    July 15, 2026

    ​ ​AsyncAPI npm packages infected with credential-stealing malware

    July 15, 2026

    We built a vulnerability vending machine: AI tokens in, zero-days out

    July 15, 2026
    Facebook X (Twitter) Instagram
    • Demos
    • Technology
    • Gaming
    • Buy Now
    Facebook X (Twitter) Instagram Pinterest Vimeo
    Canadian Cyber WatchCanadian Cyber Watch
    • Home
    • News
    • Alerts
    • Tips
    • Tools
    • Industry
    • Incidents
    • Events
    • Education
    Subscribe
    Canadian Cyber WatchCanadian Cyber Watch
    Home»News»InfoSec News Nuggets 05/18/2026 – AboutDFIR
    News

    InfoSec News Nuggets 05/18/2026 – AboutDFIR

    adminBy adminMay 18, 2026No Comments3 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Exploitation of Critical NGINX Vulnerability Begins

    Threat actors have started exploiting CVE-2026-42945, the critical NGINX rewrite module flaw disclosed and patched last week. The vulnerability is an 18-year-old heap buffer overflow in ngx_http_rewrite_module that can be triggered by a single unauthenticated HTTP request, capable of causing denial of service on default configurations and potentially allowing remote code execution if ASLR is disabled and specific rewrite configurations are in place. Teams running NGINX or NGINX Plus should patch quickly, review rewrite rules for unnamed captures like $1 or $2, and watch for crash or probing activity against internet-facing systems.

     

    Tycoon2FA Hijacks Microsoft 365 Accounts via Device-Code Phishing

    The Tycoon2FA phishing kit has added OAuth device-code phishing to compromise Microsoft 365 accounts, even when users complete MFA through Microsoft’s legitimate login flow. The campaign abuses Trustifi click-tracking URLs and tricks victims into authorizing attacker-controlled devices through microsoft.com/devicelogin — bypassing the normal assumption that MFA stops account takeover. Defenders should restrict device-code flows in Conditional Access policies, tighten OAuth consent settings, and monitor Entra ID logs for unusual deviceCode authentication events.

     

    MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems

    A researcher released proof-of-concept exploit code for MiniPlasma, an unpatched Windows privilege escalation issue affecting the Cloud Files Mini Filter Driver (cldflt.sys). The flaw, originally reported to Microsoft by Google Project Zero in 2020 and believed to be patched, has been confirmed by independent researchers to work reliably on current fully patched Windows 11 builds. This isn’t remote initial access by itself, but it can turn a limited foothold into full endpoint control — teams should track Microsoft guidance and watch for exploitation attempts tied to cldflt.sys.

     

    201 Arrested in INTERPOL Disruption of Phishing and Fraud Networks

    INTERPOL’s Operation Ramz led to 201 arrests across 13 countries in the MENA region and disrupted phishing, malware, and cyber scam infrastructure in the first operation of its scale coordinated by INTERPOL in the region. Authorities also identified 382 additional suspects, nearly 3,900 victims, and seized 53 servers along with hard drives containing phishing software, scripts, and banking data. Large coordinated takedowns like this one can temporarily reduce criminal capacity while producing intelligence — including victim identification and infrastructure mapping — that fuels future investigations.

     

    Kazuar: Anatomy of a Nation-State Botnet

    Microsoft detailed how Secret Blizzard, also known as Turla, has evolved Kazuar from a traditional backdoor into a modular peer-to-peer botnet built for long-term stealth and persistence. The malware separates functions across modules and limits external command-and-control exposure by using a leader-based communication model, making it significantly harder to detect and disrupt than conventional C2-dependent implants. State-backed actors engineering resilience directly into their tooling means defenders need to prioritize endpoint hardening, EDR visibility, and long-term anomaly detection rather than relying on simple C2 blocking.

     



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleSAP security advisory – May 2026 monthly rollup (AV26-447)
    Next Article Siemens SIMATIC | CISA
    admin
    • Website

    Related Posts

    News

    CISA warns admins to patch actively exploited SharePoint flaws

    July 15, 2026
    News

    ​ ​AsyncAPI npm packages infected with credential-stealing malware

    July 15, 2026
    News

    We built a vulnerability vending machine: AI tokens in, zero-days out

    July 15, 2026
    Add A Comment

    Comments are closed.

    Demo
    Top Posts

    Catchy & Intriguing

    March 17, 202677 Views

    The Canadian Password Playbook: Navigating Compliance and Building Strong Passwords

    March 25, 202634 Views

    IP Address Investigations and Local OSINT

    March 20, 202634 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Latest Reviews
    85
    Featured

    Pico 4 Review: Should You Actually Buy One Instead Of Quest 2?

    January 15, 2021 Featured
    8.1
    Uncategorized

    A Review of the Venus Optics Argus 18mm f/0.95 MFT APO Lens

    January 15, 2021 Uncategorized
    8.9
    Editor's Picks

    DJI Avata Review: Immersive FPV Flying For Drone Enthusiasts

    January 15, 2021 Editor's Picks

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    Demo
    Most Popular

    Catchy & Intriguing

    March 17, 202677 Views

    The Canadian Password Playbook: Navigating Compliance and Building Strong Passwords

    March 25, 202634 Views

    IP Address Investigations and Local OSINT

    March 20, 202634 Views
    Our Picks

    CISA warns admins to patch actively exploited SharePoint flaws

    July 15, 2026

    ​ ​AsyncAPI npm packages infected with credential-stealing malware

    July 15, 2026

    We built a vulnerability vending machine: AI tokens in, zero-days out

    July 15, 2026

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Facebook X (Twitter) Instagram Pinterest
    • Home
    • Technology
    • Gaming
    • Phones
    • Buy Now
    © 2026 ThemeSphere. Designed by ThemeSphere.

    Type above and press Enter to search. Press Esc to cancel.