Afternoon Review in IT Security — May 19, 2026

The afternoon security landscape on May 19, 2026, reveals active exploitation campaigns targeting critical infrastructure and emerging threats against development communities. Multiple high-impact incidents spanning web servers, macOS systems, healthcare networks, and open-source platforms demand immediate attention from security teams worldwide.

Hackers Actively Exploit 'Nginx Rift' Vulnerability Affecting NGINX, F5 Products

Threat actors are actively exploiting the Nginx Rift vulnerability, designated as CVE-2026-42945, which impacts both NGINX and F5 products. The vulnerability exposes affected servers to denial-of-service attacks, creating significant risk for organizations relying on these widely deployed web server and load balancing solutions. Source: Hackers Actively Exploit 'Nginx Rift' Vulnerability Affecting NGINX, F5 Products

New Reaper Malware Uses Fake Microsoft Domain to Steal macOS Passwords

A newly discovered malware family called Reaper has emerged with the capability to bypass Apple's macOS Tahoe 26.4 security updates. The malware operates through fake Microsoft domains including mlcrosoft.co.com and hebsbsbzjsjshduxbs.xyz, targeting macOS users to steal passwords, cryptocurrency assets, and establish persistent backdoor access. The threat also includes a variant known as SHub. Source: New Reaper Malware Uses Fake Microsoft Domain to Steal macOS Passwords

Millions Impacted Across Several US Healthcare Data Breaches

Multiple healthcare data breaches have been reported affecting millions of individuals across the United States. These incidents, which have been added to the HHS breach notification tracker, represent a significant privacy and compliance concern for the healthcare sector. The breaches impact hundreds of thousands to millions of patients whose sensitive health information has been compromised. Source: Millions Impacted Across Several US Healthcare Data Breaches

First Shai-Hulud Worm Clones Emerge

Threat actors have begun adopting the recently released Shai-Hulud malware source code in targeted attacks against NPM developers. Multiple cloned variants have been identified in the wild, including malicious packages such as axios-util, axois-utils, chalk-tempalte, and color-style-utils. This development demonstrates how publicly disclosed malware code can be rapidly weaponized by adversaries against open-source development communities. Source: First Shai-Hulud Worm Clones Emerge

The afternoon's threat intelligence reveals a coordinated landscape of attacks spanning infrastructure, endpoints, healthcare systems, and software supply chains. Organizations should prioritize patching critical vulnerabilities, implementing enhanced monitoring for malicious packages, and reviewing healthcare data protection measures in response to these emerging threats.