Daily Security Feed - 2026-05-20

Security Feed Digest (2026-05-20)

Hacker News: Best

• Tesla’s lithium refinery discharges 231,000 gallons of polluted wastewater a day — Tue, 19 May 2026 19:52:49 +0000
• Minnesota becomes first state to ban prediction markets — Tue, 19 May 2026 19:13:26 +0000
• Google changes its search box — Tue, 19 May 2026 18:34:27 +0000
• Gemini 3.5 Flash — Tue, 19 May 2026 17:43:45 +0000
• I’ve built a virtual museum with nearly every operating system you can think of — Tue, 19 May 2026 15:53:38 +0000
• I’ve joined Anthropic — Tue, 19 May 2026 15:07:45 +0000
• OpenBSD 7.9 — Tue, 19 May 2026 13:11:51 +0000
• Apple unveils new accessibility features — Tue, 19 May 2026 12:04:18 +0000
• Show HN: Gaussian Splat of a Strawberry — Tue, 19 May 2026 10:38:47 +0000
• CISA Admin Leaked AWS GovCloud Keys on GitHub — Tue, 19 May 2026 07:45:53 +0000
• Mini Shai-Hulud Strikes Again: 314 npm Packages Compromised — Tue, 19 May 2026 05:04:49 +0000
• Peter Neumann has died — Tue, 19 May 2026 03:17:45 +0000
• The last six months in LLMs in five minutes — Tue, 19 May 2026 01:30:42 +0000
• Pope Leo XIV’s first encyclical Magnifica humanitas to be published May 25 — Mon, 18 May 2026 23:18:10 +0000
• Click (2016) — Mon, 18 May 2026 23:03:02 +0000
• The FBI Wants to Buy Nationwide Access to License Plate Readers — Mon, 18 May 2026 19:28:59 +0000
• We let AIs run radio stations — Mon, 18 May 2026 18:12:18 +0000
• AI eats the world (Spring 26) [pdf] — Mon, 18 May 2026 12:49:28 +0000

BleepingComputer

• Max-severity flaw in ChromaDB for AI apps allows server hijacking — Tue, 19 May 2026 18:25:49 -0400
• Cybercrime service disrupted for abusing Microsoft platform to sign malware — Tue, 19 May 2026 17:47:31 -0400
• Discord rolls out end-to-end encryption on voice, video calls — Tue, 19 May 2026 16:37:45 -0400
• FBI: Americans lost over $388 million to scams using crypto ATMs in 2025 — Tue, 19 May 2026 15:45:39 -0400
• Microsoft Self-Service Password Reset abused in Azure data theft attacks — Tue, 19 May 2026 15:35:32 -0400
• Microsoft plans to improve Windows 11 driver quality in 2026 — Tue, 19 May 2026 12:22:30 -0400
• Microsoft blames macOS update for undismissible Teams location prompts — Tue, 19 May 2026 12:10:47 -0400
• New Shai-Hulud malware wave compromises 600 npm packages — Tue, 19 May 2026 10:30:22 -0400
• 7-Eleven confirms data breach claimed by the ShinyHunters gang — Tue, 19 May 2026 10:16:41 -0400
• Critical Microsoft Vulnerabilities Doubled: From Exposure to Escalation — Tue, 19 May 2026 10:00:10 -0400
• Webinar: The hidden bottlenecks in network incident response — Tue, 19 May 2026 08:14:22 -0400
• Microsoft confirms patching issues in restricted Windows networks — Tue, 19 May 2026 07:22:15 -0400

Darkreading

• Verizon DBIR: Enterprises Face a Dangerous Vulnerability Glut — Tue, 19 May 2026 21:55:35 GMT
• Windows Zero-Day Barrage Continues After Patch Tuesday — Tue, 19 May 2026 21:06:54 GMT
• CISA Exposes Secrets, Credentials in ‘Private’ Repo — Tue, 19 May 2026 19:49:53 GMT
• Stealer Spoofs Google, Microsoft & Apple, Then Backdoors macOS — Tue, 19 May 2026 19:49:40 GMT
• Looking Back, Looking Forward: Digesting a Dynamic Bouillabaisse of Cyber Evolution — Tue, 19 May 2026 13:28:43 GMT
• Is 2026 the Year AI Bills of Materials Get Real? — Mon, 18 May 2026 21:44:53 GMT
• [Virtual Event] Anatomy of a Data Breach: What to Do if it Happens to You — 2026-06-18T15:00:00.000Z

The Hacker News

• Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps — Tue, 19 May 2026 22:08:12 +0530
• DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability — Tue, 19 May 2026 20:26:26 +0530
• The New Phishing Click: How OAuth Consent Bypasses MFA — Tue, 19 May 2026 17:00:00 +0530
• Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare — Tue, 19 May 2026 16:14:45 +0530
• SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access — Tue, 19 May 2026 14:53:15 +0530
• Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer — Tue, 19 May 2026 13:19:23 +0530
• Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials — Tue, 19 May 2026 10:58:06 +0530
• Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account — Tue, 19 May 2026 10:24:17 +0530

데일리시큐 - 최근인기기사

• 세븐일레븐, 샤이니헌터스 해킹 공격에 프랜차이즈 자료 유출 확인 — 2026-05-19 07:12:40
• 이반티·포티넷·SAP·n8n·VMware 긴급 패치…인증 우회·원격코드실행 위험 — 2026-05-19 06:41:04
• 유출된 샤이훌루드 악성코드, npm 정보탈취 공격으로 재등장 — 2026-05-19 06:19:17
• 피싱·악성코드 조직 201명 체포…인터폴 ‘램즈 작전’ 성과 — 2026-05-19 06:56:51
• 탈레스, “AI 기반 악성 봇 공격 12.5배 폭증”…인터넷 트래픽 절반 이상이 봇 — 2026-05-19 10:38:08
• 로그프레소, AI 기반 차세대 XDR ‘소나 5.0’ 출시…자율 보안 운영 시장 공략 — 2026-05-19 08:49:59
• 병원 사이버 방어, 실제 시스템 대신 ‘가상 병원’에서 먼저 검증한다 — 2026-05-19 13:42:17
• AI스페라, ‘인포시큐리티 유럽 2026’ 참가… AI 기반 공격표면관리 전략 공개 — 2026-05-19 08:45:04
• 전기차 보급사업 평가에 ‘사이버보안’ 반영…정보유출·원격제어 위험까지 검증 — 2026-05-19 13:25:39
• “내 프롬프트 속 개인정보는 안전할까”…개인정보위, 생성형 AI 이용자 보호 가이드 발간 — 2026-05-19 13:04:16

보안뉴스 > SECURITY

• [김 부장의 매일매일이 보안] #2 스마트폰 앱이 요구하는 위험한 권한들 — Tue, 19 May 2026 17:06:00 +0900
• 배일권 행정안전부 국장 “정부 인프라 잔혹사 끝낸다”… 제153차 CISO포럼 — Tue, 19 May 2026 17:01:00 +0900
• “정황 명백하면 기업 신고 없이도 직권조사”… ‘침해사고 조사 심의위원회’ 사전 가동 — Tue, 19 May 2026 16:04:00 +0900
• [배종찬의 보안 빅데이터] 북한 해커보다 백만 배 더 무서운 ‘AI 해커’ — Tue, 19 May 2026 16:01:00 +0900
• 소프트캠프, 일본 최대 공공 전시회서 “망분리 환경 AI·SaaS 보안 장벽 허물다” — Tue, 19 May 2026 15:57:00 +0900
• 데이터독, AI SOC 에이전트 출시… “위협 조사 시간 수 시간에서 30초로” — Tue, 19 May 2026 14:53:00 +0900
• 스턱스넷보다 앞선 ‘최초의 산업 사보타주’… 핵 시뮬레이션 교란한 ‘Fast16’ 실체 드러나 — Tue, 19 May 2026 14:24:00 +0900
• AI스페라, 유럽서 AI 기반 공격표면관리 ‘AITEM’ 방향성 공개 — Tue, 19 May 2026 14:18:00 +0900
• ‘착한’ AI 에이전트 골라내라… 탈레스 최신 악성 봇 보고서 발표 — Tue, 19 May 2026 14:06:00 +0900
• 로그프레소, AI 차세대 XDR ‘소나 5.0’ 출시… “자율 보안 운영 표준 제시” — Tue, 19 May 2026 13:18:00 +0900