Cybersecurity threats, breaches, and analysis
On May 22, 2026, attackers rewrote every git tag across four laravel-lang Composer packages in a 15-minute window, planting a 5,900-line credential stealer in any project that ran composer install from a cold cache. Here is what happened, how to verify your install, and the CI controls that would have stopped it.
FBI IC3 logged $1.46 billion in tech-support scam losses in 2024 and the dominant attack vector is now legitimate remote-access software. Here is what changed in 2026 and how to lock it down.
Physical SIM theft is becoming irrelevant — and that should worry you. With eSIM remote provisioning, attackers can now transfer your phone number in minutes from anywhere in the world, locking you out of your banking, email, and crypto accounts. Here's exactly how the attack works in 2026, what the carriers won't tell you, and the hardening steps I've personally taken after watching a client lose access to his Twitter account in under 11 minutes.
Pig butchering crypto scams cost victims $5.8B in 2024 alone. A practical 2026 defense playbook covering the 4-phase anatomy, deepfake video call risks, regulator registry checks, the withdrawal test, and what to do in the first 48 hours if you have been hit.
On May 11 2026, Instructure paid ShinyHunters to return 3.65 TB of stolen Canvas data covering 275 million users. Paying the ransom does not protect you. A seven-day action plan plus a six-month phishing calendar for affected students, parents, and IT admins.
OAuth consent phishing bypasses MFA, hardware keys, and password managers because attackers never need your password. Here's how the attack works, why it's surging in 2026, and the four-step audit every small business owner should run this week.
CVE-2026-41940 is a CVSS 9.8 authentication bypass in cPanel/WHM actively exploited since February 2026, affecting roughly 1.5 million servers. Here are the seven defensive steps I applied across my own 7-site stack the week the patch landed.
On May 1, 2026, CISA added Copy Fail (CVE-2026-31431) to its Known Exploited Vulnerabilities catalog. Any unprivileged local user on virtually every Linux distribution shipped since 2017 can become root in seconds. Here is what I learned patching this across our Hostinger VPS fleet — what works, what gives a false sense of protection, and how to verify your systems are actually safe.
Google's Threat Intelligence Group disclosed on May 11, 2026 that a criminal group used a large language model to develop a zero-day exploit that bypassed two-factor authentication on a popular open-source admin tool. The exploit was caught before mass deployment, but the precedent is set. Here is a practical defensive playbook from 11+ years of running production infrastructure.
Your customer support chatbot can be talked into leaking customer data, issuing refunds, or running attacker tool calls — without any code exploit. This is how prompt injection actually works in 2026, and the defense layers I use across our own AI helpdesk and revenue-assistant products.
After the Salt Typhoon telecom hack, the FBI and CISA urged Americans to abandon SMS. This 2026 migration guide walks through Signal vs WhatsApp vs iMessage, replacing SMS 2FA with FIDO2 hardware keys and passkeys, and stripping SMS recovery out of high-value accounts.
In four weeks of 2026, attackers fired 7 million device code phishing attempts at Microsoft 365 users — bypassing MFA without ever asking for a password. Here is how the EvilTokens kit works, why standard 2FA does not stop it, and the five concrete defenses every M365 user should apply this week.