Comments on: Cyber security news May 2026 https://www.epanorama.net/blog/2026/05/03/cyber-security-news-may-2026/ All about electronics and circuit design Sun, 24 May 2026 06:39:20 +0000 hourly 1 http://wordpress.org/?v=3.9.14 By: Tomi Engdahl https://www.epanorama.net/blog/2026/05/03/cyber-security-news-may-2026/comment-page-2/#comment-1878653 Sun, 24 May 2026 06:04:34 +0000 https://www.epanorama.net/blog/?p=199639#comment-1878653 Jos jompikumpi näistä on pin-koodisi, vaihda se välittömästi – Tätä et ole tullut ajatelleeksi
https://www.iltalehti.fi/digiuutiset/a/a584db4a-607b-4b4d-bc01-cb3ed7e4190c

Puhelimen pääsykoodi ei suojaa sim-korttia lainkaan. Jos varas irrottaa sim-kortin ja siirtää sen toiseen puhelimeen, voi käydä köpelösti.

Kun puhelinliittymä vaihtuu, toimittaa operaattori asiakkaalleen sim-kortin, jonka pin-koodi on oletuksena tyypillisesti 1234 tai 0000. Koodi on tarkoitettu väliaikaiseksi, mutta valitettavan moni jättää sen vaihtamatta.

]]> By: Tomi Engdahl https://www.epanorama.net/blog/2026/05/03/cyber-security-news-may-2026/comment-page-2/#comment-1878593 Fri, 22 May 2026 20:28:41 +0000 https://www.epanorama.net/blog/?p=199639#comment-1878593 They are pitching it as an open, pocket-sized Linux computer. More: https://cnews.link/flipper-zero-linux-ai-network-analysis-security/

]]> By: Tomi Engdahl https://www.epanorama.net/blog/2026/05/03/cyber-security-news-may-2026/comment-page-2/#comment-1878558 Thu, 21 May 2026 16:03:11 +0000 https://www.epanorama.net/blog/?p=199639#comment-1878558 If accuracy isn’t the goal, what is? Vibes? Emotion? Goosebumps?
Full story: https://www.headphonesty.com/2025/07/speaker-designer-hi-fi-accuracy-myth/?utm_source=fb&utm_campaign=comment

]]> By: Tomi Engdahl https://www.epanorama.net/blog/2026/05/03/cyber-security-news-may-2026/comment-page-2/#comment-1878536 Thu, 21 May 2026 05:16:54 +0000 https://www.epanorama.net/blog/?p=199639#comment-1878536 https://cybernews.com/security/steam-vetting-free-game-drain-users-data/?utm_source=cn_facebook&utm_medium=social&utm_campaign=cybernews&utm_content=post&source=cn_facebook&medium=social&campaign=cybernews&content=post&fbclid=IwVERDUAR7ZuJleHRuA2FlbQIxMABzcnRjBmFwcF9pZAwzNTA2ODU1MzE3MjgAAR4FQY65s6KNca8fVbDxO7vyYtWP6eURyuURWnjkn5inAVvpuaa0_G1_GeTN6g_aem_nm2LXUOjZDWQu7rutw0QPw

]]> By: Tomi Engdahl https://www.epanorama.net/blog/2026/05/03/cyber-security-news-may-2026/comment-page-2/#comment-1878525 Wed, 20 May 2026 22:34:14 +0000 https://www.epanorama.net/blog/?p=199639#comment-1878525 Microsoft ditches SMS codes for sign-in, says there’s a more secure way to reach your accounts
https://cybernews.com/tech/microsoft-ditch-sms-codes-sign-in/?utm_source=cn_facebook&utm_medium=social&utm_campaign=cybernews&utm_content=post&source=cn_facebook&medium=social&campaign=cybernews&content=post&fbclid=IwVERDUAR7CJZleHRuA2FlbQIxMABzcnRjBmFwcF9pZAwzNTA2ODU1MzE3MjgAAR6BU6hqsX7bZNfjEA6AW7kyrilfvfVi4E7LG58hncpGfa5NO6K8p9Hc2ZfBTw_aem_QEpY3phT0qxDrfszn-qDtQ

]]> By: Tomi Engdahl https://www.epanorama.net/blog/2026/05/03/cyber-security-news-may-2026/comment-page-2/#comment-1878498 Wed, 20 May 2026 12:07:40 +0000 https://www.epanorama.net/blog/?p=199639#comment-1878498 https://thehackernews.com/2026/05/miniplasma-windows-0-day-enables-system.html?m=1

]]> By: Tomi Engdahl https://www.epanorama.net/blog/2026/05/03/cyber-security-news-may-2026/comment-page-2/#comment-1878484 Wed, 20 May 2026 11:47:52 +0000 https://www.epanorama.net/blog/?p=199639#comment-1878484 Sergiu Gatlan / BleepingComputer:
GitHub confirms breach of ~3,800 internal repositories after one of its employees installed a malicious VS Code extension; TeamPCP claimed responsibility
https://www.bleepingcomputer.com/news/security/github-confirms-breach-of-3-800-repos-via-malicious-vscode-extension/

]]> By: Tomi Engdahl https://www.epanorama.net/blog/2026/05/03/cyber-security-news-may-2026/comment-page-2/#comment-1878465 Wed, 20 May 2026 05:25:03 +0000 https://www.epanorama.net/blog/?p=199639#comment-1878465 https://github.com/mvt-project/mvt?fbclid=IwdGRjcAR6F1BjbGNrBHoXS2V4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHvm1zYl4rMbh0F8RMnaPEdu8MGM3zlsgzEqL2nKD0NV7nam18tvPBEejtYUt_aem_JOuTircYg-xqlBc_5fSEAw

]]> By: Tomi Engdahl https://www.epanorama.net/blog/2026/05/03/cyber-security-news-may-2026/comment-page-2/#comment-1878438 Tue, 19 May 2026 15:16:12 +0000 https://www.epanorama.net/blog/?p=199639#comment-1878438 https://www.securityweek.com/unpatched-chromadb-vulnerability-can-lead-to-server-takeover/

]]> By: Tomi Engdahl https://www.epanorama.net/blog/2026/05/03/cyber-security-news-may-2026/comment-page-2/#comment-1878437 Tue, 19 May 2026 15:15:41 +0000 https://www.epanorama.net/blog/?p=199639#comment-1878437 Vulnerabilities
Exploitation of Critical NGINX Vulnerability Begins
https://www.securityweek.com/exploitation-of-critical-nginx-vulnerability-begins/

The flaw leads to denial-of-service on default configurations and to remote code execution if ASLR is disabled.

Nginx vulnerability

The first in-the-wild attacks exploiting a critical-severity NGINX vulnerability patched last week have occurred over the weekend, VulnCheck warns.

Tracked as CVE-2026-42945 (CVSS score of 9.2) and dubbed Nginx Rift, the flaw is described as a heap buffer overflow in the ngx_http_rewrite_module component. It lurked in the NGINX code for 16 years.

Shortly after F5 released patches for the bug, Depthfirst published technical details and proof-of-concept (PoC) code targeting it. Now, VulnCheck says threat actors are already exploiting the issue in attacks.

“We’re seeing active exploitation of CVE-2026-42945 in F5 NGINX, a heap buffer overflow affecting both NGINX Plus and NGINX Open Source on VulnCheck Canaries just days after the CVE was published,” VulnCheck researcher Patrick Garrity warned.

]]>