Daily Security Briefing #259

May 19, 2026 | Read Online

Rapid7’s 2026 Global Cybersecurity Summit key takeaways, VoidStealer bypasses Chrome protection, Trapdoor Android ad fraud scheme, and Microsoft Self-Service Password Reset abused in Azure data theft attacks…

Executive Summary

Cybersecurity threats continue to evolve with malicious actors adapting to disruptions. The recent GRIDTIDE campaign disruption highlights collaborative efforts between industry partners. Meanwhile, critical vulnerabilities in Claude Code have been exposed. Additionally, AI training data poisoning has become a growing concern.

Top Articles

Rapid7’s 2026 Global Cybersecurity Summit: Key Takeaways for Security Leaders The Rapid7 2026 Global Cybersecurity Summit brought together perspectives from across detection and response, exposure management, AI, and security operations. The focus was on adapting to the evolving threat landscape and keeping up with increasing speed, scale, and complexity. Rapid7 Blog

VoidStealer Bypasses Chrome Protection to Steal User Data A newly identified VoidStealer infostealer has introduced a sophisticated debugger-based technique to bypass Google Chrome’s App-Bound Encryption (ABE), enabling silent theft of session cookies, saved passwords, and payment data without requiring elevated privileges or code injection. CyberPress

Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps Cybersecurity researchers have disclosed details of a new ad fraud and malvertising operation dubbed Trapdoor targeting Android device users. The activity, per HUMAN’s Satori Threat Intelligence and Research Team, encompassed 455 malicious Android apps and 183 threat actor-owned command-and-control (C2) domains. The Hacker News

Microsoft Self-Service Password Reset abused in Azure data theft attacks A threat actor targeting Microsoft 365 and Azure production environments is stealing data in attacks that abuse legitimate applications and administration features. Bleeping Computer

DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability Proof-of-concept (PoC) exploit code has now been released for a recently patched security flaw in the Linux kernel that could allow for local privilege escalation (LPE). Dubbed DirtyDecrypt (aka DirtyCBC), the vulnerability was discovered and reported by the Zellic and V12 security team. The Hacker News

Operation Ramz Seizes 53 Servers Tied to Cyber Scams, Malware INTERPOL has announced the results of Operation Ramz, the first large-scale cybercrime operation ever coordinated across the Middle East and North Africa (MENA) region. The four-month operation targeted phishing infrastructure, malware networks, and cyber-enabled financial fraud schemes. CyberPress

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.