May 21, 2026 by sig9

Hacker Wars - May 21, 2026

bulletin-feature-image

Your daily dose of infosec chaos

Supply chain attacks are back on the menu, zero-days are getting patched faster than you can say “CVE” and someone found a nine-year-old kernel bug hiding in plain sight. Just another Thursday in infosec.

GitHub Got Breached Through a VS Code Extension

Hackers compromised GitHub’s internal repositories by poisoning the Nx Console VS Code extension, which an employee had installed. The malicious extension gave attackers access to 3,800 internal repos, because apparently we’re still trusting random extensions with our crown jewels.

What to do: Audit your VS Code extensions list and remove anything you don’t actively use. Implement extension allowlisting for corporate environments.

Microsoft Patches Defender Zero-Days Being Exploited in the Wild

Microsoft rushed out patches for two Defender vulnerabilities that attackers were already exploiting in real-world attacks. The zero-days allow attackers to bypass security protections, which is ironic considering Defender is supposed to be the thing protecting you.

What to do: Update Windows Defender immediately and check that your endpoint protection definitions are current.

Nine-Year-Old Linux Kernel Bug Finally Discovered

Researchers found CVE-2026-46333, a privilege escalation vulnerability in the Linux kernel that’s been sitting there for nine years with a CVSS score of 5.5. It allows unprivileged local users to access sensitive information, because why fix bugs when you can just… not find them?

What to do: Check your Linux kernel version and apply patches from your distro. Consider running kernel hardening tools like grsecurity.

SonicWall VPN MFA Bypassed Through Incomplete Patching

Attackers brute-forced VPN credentials and bypassed MFA on SonicWall Gen6 SSL-VPN appliances to deploy ransomware tools. Turns out the patches SonicWall released earlier didn’t fully address the vulnerabilities, which is a fancy way of saying “we tried.”

What to do: If you’re running SonicWall Gen6 SSL-VPN, apply the latest patches and consider switching to certificate-based authentication instead of passwords.

That’s the chaos for today. Stay sharp out there.

Brought to you by sig9 - sig9.ch | Protecting the unseen, securing the unknown

This bulletin is provided for informational purposes. Contact us for tailored security analysis.