InfoSec News Nuggets – 05/19/2026

By MaryOn May 19, 2026 Nx Console VS Code Extension Compromised A compromised version of the Nx Console VS Code extension, version 18.95.0, was briefly published with malicious code targeting developer credentials, cloud tokens, CI/CD secrets, Kubernetes credentials, 1Password data, and AI coding assistant configuration files. The extension has more than 2.2 million installs, and the malicious version executed when a developer opened a workspace. Teams that installed the affected version should assume compromise, rotate secrets, and review downstream package publishing activity, as developer workstations are increasingly a high-value supply chain target.   Critical Vulnerability Exposes Industrial Robot Fleets to Hacking Universal Robots patched CVE-2026-8153, a critical command injection vulnerability in PolyScope 5 that could allow an unauthenticated attacker with network access to execute commands on a robot controller. The flaw affects the Dashboard Server interface and could let an attacker compromise a single cobot or potentially pivot to connected equipment in a flat OT network. Industrial robots connected to broader production networks shouldn’t be treated as isolated equipment, and teams should verify they’re running patched firmware and that robot controllers are properly segmented.   SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access Researchers disclosed multiple vulnerabilities in the SEPPMail Secure E-Mail Gateway, including flaws that could allow remote code execution, unauthorized access to appliance functions, arbitrary file reads, and access to mail traffic handled by the gateway. Email security appliances are attractive targets because they sit in a trusted position and process sensitive communications by design. Organizations using SEPPMail should confirm they’re on patched versions and review gateway access logs for suspicious activity.   US Probes Automatic Tank Gauge System Breaches, Exposing OT Risks Across Critical Infrastructure U.S. officials are investigating cyber intrusions targeting automatic tank gauge systems used by gas stations to monitor fuel levels, with some exposed systems found to lack password protection and potentially allowing attackers to manipulate displayed fuel readings — though officials said physical fuel levels weren’t changed. The incidents highlight how small, internet-exposed OT devices can create real operational risk when they’re unmanaged, poorly segmented, or treated as low priority. Critical infrastructure operators should treat even peripheral monitoring devices as part of their attack surface and ensure basic access controls are in place.   SHub macOS Infostealer Variant Spoofs Apple Security Updates A new SHub macOS infostealer variant called Reaper uses fake Apple security update prompts and malicious AppleScript execution to steal browser data, cryptocurrency wallet contents, password manager artifacts, iCloud information, Telegram sessions, and developer configuration files. The malware also installs persistence mechanisms and can serve as a backdoor for additional payloads. macOS infostealers are becoming increasingly effective at bypassing user expectations and platform mitigations, particularly through fake update flows and trusted-looking app lures — users should be skeptical of any security update prompt that doesn’t originate from System Settings. CATEGORIESInfoSec News Nuggets TAGSAboutDFIRATGnews nuggetsSHub SHARE FACEBOOK TWITTER LINKEDIN PINTEREST STUMBLEUPON EMAIL