Search engine DuckDuckGo would withdraw VPN from Canada if lawful-access bill passes

U.S. search engine DuckDuckGo says it is prepared to withdraw one of its key security services from Canada over the ...

Minister faces calls from MPs to amend lawful access bill to prevent compromising encryption

Public Safety Minister Gary Anandasangaree faced calls from opposition MPs Tuesday to amend the federal government’s lawful access bill to ensure that it would not break or weaken digital encryption.
Infosecurity Magazine

PureLogs Variant Steals Data via Purchase Order Lures

The PureLogs module targeted a wide range of browsers, including Google Chrome, Microsoft Edge, Brave, Opera, Yandex Browser, ...
SecurityWeek

Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment

CVE-2026-5426, a hardcoded ASP.NET machineKey in KnowledgeDeliver, was exploited as a zero-day in ViewState deserialization ...
InfoWorld

GitHub admits major source code leak after 3,800 internal repositories breached

Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers ...
The Caledonian-Record

Defesio LLC CEO Believes That Health Care Organizations And Clinics Not Using Quantum Resistant Email May Not Be Technically HIPAA Compliant Anymore.

GRANITE BAY, CA / ACCESS Newswire / May 21, 2026 / HIPAA also requires healthcare providers and organizations to implement specific administrative, physical, and technical safeguards to secure electro ...

Microsoft Exchange 0-Day Exploit Sparks Emergency Warning — Hackers Are Attacking Unpatched Servers

Microsoft Exchange Servers are under threat from a zero-day vulnerability, exploited via crafted emails. With no official ...
Hackaday

This Week In Security: Ubiquiti Fixes, And FreeBSD Joins The Club You Don’t Want To Join

Ubiquiti released a new security bulletin detailing fixes for six security issues, including one rated 9.1 (critical) and one scoring a perfect 10.0 on the CVE risk scale. The vulnerabilities ...
InfoWorld

AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks

The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, ...
Dark Reading

Fake Android Apps Commit Carrier Billing Fraud for Premium Services

The disguised apps use WebView automation, JavaScript injection, and OTP interception to avoid detection and complete fraudulent subscriptions.
The Hacker News

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.

KnowledgeDeliver flaw exploited as a zero-day to install web shells

Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell.