Morning Review in IT Security — May 21, 2026

Today's threat landscape continues to evolve with critical vulnerabilities affecting enterprise infrastructure, ongoing data breaches targeting government systems, and coordinated threat actor activity in the dark web marketplace. Organizations face mounting pressure to patch critical flaws and strengthen access controls as attackers exploit incomplete remediation efforts.

Hackers Bypass SonicWall VPN MFA Due to Incomplete Patching

Threat actors have successfully compromised SonicWall Gen6 SSL-VPN appliances by brute-forcing VPN credentials and bypassing multi-factor authentication protections. The attackers leveraged this access to deploy tools associated with ransomware campaigns, including Cobalt Strike. The vulnerability at the heart of these attacks stems from incomplete patching of CVE-2024-12802, leaving organizations exposed despite available security updates. Source: Hackers bypass SonicWall VPN MFA due to incomplete patching

LAPSUS$ Group Announces Joint Sale of GitHub Internal Repositories

The LAPSUS$ threat group has announced a collaborative sale with TeamPCP offering access to GitHub internal repositories. This partnership highlights the ongoing coordination between major threat actors in the underground marketplace and signals potential supply chain risks for organizations relying on GitHub infrastructure. Source: RT @DarkWebInformer: ‼️ LAPSUS$ Group announces a joint for sale post with TeamPCP for the GitHub...

Uruguay DNIC Database Breach Exposes 5.8 Million Citizen Records

A significant data breach has allegedly exposed the personal information of approximately 5.8 million Uruguayan citizens from the national identity database. The exposure of sensitive government records raises critical concerns about data protection practices and privacy safeguards for national identification systems. Source: 🚨🇺🇾 Uruguay DNIC allegedly leaked: 5.8M citizen database records exposed

Microsoft Releases Mitigations for YellowKey BitLocker Bypass Vulnerability

Microsoft has acknowledged a critical BitLocker bypass vulnerability tracked as YellowKey and has released mitigation measures to address the flaw. This vulnerability poses risks to full-disk encryption protections and underscores the importance of applying security updates promptly across Windows environments. Source: Microsoft acknowledges the YellowKey BitLocker bypass vulnerability and releases mitigations

Organizations should prioritize patching critical infrastructure, validating MFA implementations, and reviewing encryption configurations in response to today's threat developments.