Cybersecurity News | Daily Recap [21 May 2026]

Vendor Patches

• Cisco fixed a critical Secure Workload flaw that could grant site admin privileges, while Microsoft patched exploited Defender zero-days and mitigated the YellowKey BitLocker bypass – Cisco flaw, Cisco admin, Defender zero-days, MS patches, YellowKey
• Drupal disclosed a highly critical core flaw exposing PostgreSQL sites to RCE, and SonicWall customers were warned that incomplete patching can let attackers bypass VPN MFA – Drupal RCE, SonicWall MFA

Supply Chain & Repos

• GitHub tied a repo breach to the TanStack npm supply-chain attack, which also led to a Grafana breach after missed token rotation – GitHub breach, TanStack link, Grafana breach
• Microsoft open-sourced RAMPART and Clarity to help secure AI agents during development, as supply-chain security warnings emphasized growing visibility gaps and too many vulnerabilities – RAMPART, Clarity, Supply chain crisis

Malware & Attacks

• Chinese hackers targeted telcos with new Linux and Windows malware, highlighting continued cross-platform intrusions against telecoms – Telco malware
• Webworm deployed EchoCreep and GraphWorm backdoors through Discord and the MS Graph API, showing attackers’ use of legitimate services for stealth – Webworm backdoors
• Microsoft took down a malware-signing service used to enable ransomware attacks, disrupting infrastructure that helped attackers evade trust controls – Malware signing

Identity, Theft & Fraud

• Ukraine identified an infostealer operator tied to 28,000 stolen accounts, while a separate teen suspect was probed over a cyber-theft scheme targeting California shoppers – Infostealer ring, California theft
• Apple rejected 2 million App Store submissions in 2025 for security and fraud prevention, underscoring large-scale platform abuse filtering – App Store fraud
• A guide on crypto drainers explained how to spot wallet-emptying scams before funds are stolen – Crypto drainer

Cloud, VPN & Access Security

• Police seized First VPN, a service used in ransomware and data-theft attacks, while a separate advisory warned that incomplete SonicWall patching can break MFA protections – First VPN, SonicWall MFA
• A readiness-focused op-ed argued that false confidence in cyber posture is becoming a liability, and another piece stressed that identity alone is not enough without stronger device security – Readiness paradox, Device security

AI, Privacy & Messaging

• Discord moved all users to end-to-end encryption by default as platforms face rising pressure to harden private communications – Discord E2EE
• Microsoft also launched RAMPART and Clarity as red-team AI security tools, while a new analysis said AI-powered app attacks are getting faster, more frequent, and harder to stop – AI tools, AI attacks

Research, Funding & Devices

• Ocean emerged from stealth with $28M for an agentic email security platform, and Quantum Bridge raised $8 million for quantum-safe key distribution – Ocean funding, Quantum Bridge
• Google said its surge in Chrome vulnerability discoveries is likely driven by AI, and the open Flipper One hardware project asked the community for help building its Linux platform – Chrome AI, Flipper One

Policy & Enforcement

• The FTC warned 12 major tech firms about potential violations of the Take It Down Act, signaling tighter scrutiny of content-removal compliance – FTC warning

Cybersecurity News | Daily Recap – hendryadrian.com