Samsung Secures Court Order to Halt Impending Worker Strike, Poland Switches from Signal to State App

Grafana Labs Declines to Pay Ransom Following Theft of Its Source Code

• Grafana Labs refused ransom demands after hackers stole portions of its code.
• Attackers obtained access through a compromised GitHub token and attempted extortion.
• The company confirmed customer data remained unaffected and revoked the credential.

USA, May 18 (TNGB) – Grafana Labs stated that hackers used a stolen GitHub token to access its environment and download sections of the codebase before issuing ransom demands. The firm declined to make any payment and instead focused on remediation steps including token revocation and enhanced monitoring. Officials noted that no customer data was compromised during the incident. The company followed standard guidance against engaging with extortion attempts and communicated the event transparently to stakeholders.

Refusal to pay ransoms for stolen source code maintains a consistent stance against rewarding unauthorized access attempts.

Why This Matters: Public refusal to pay extortion demands can discourage similar targeting of open-source and developer-focused organizations.

Windows Boot Partition Space Issues Block Microsoft’s May Security Update

• Insufficient space on Windows boot partitions prevented installation of the May update.
• Errors appeared during the download and apply phases on affected devices.
• Microsoft deployed server-side mitigations to address the storage-related failures.

USA, May 18 (TNGB) – Some Windows 11 systems encountered boot partition or EFI System Partition space shortages that blocked successful installation of the May 2026 security update KB5089549. The problem triggered errors such as 0x800f0922 when the update process required more temporary storage than available on the protected partition. Microsoft activated Known Issue Rollback mechanisms delivered automatically to many devices to resolve the conflicts. Users were advised that restarts could help apply the fixes more quickly in remaining cases.

Partition sizing decisions made during initial system setup can create downstream obstacles during large cumulative update installations.

Why This Matters: Storage constraints on protected system areas can delay security protections and require manual intervention or automated workarounds.

Poland Instructs Officials to Abandon Signal for Government Built Messaging App

• Poland directed government officials to stop using the Signal messaging application.
• A domestically developed secure alternative will replace it for official communications.
• The policy emphasizes national control over tools handling sensitive government information.

WARSAW, May 18 (TNGB) – Polish authorities instructed public officials to discontinue use of the Signal encrypted messaging app in favor of a state-developed alternative designed for secure internal communications. The directive prioritizes reliance on domestically controlled infrastructure for handling official exchanges. Implementation will occur across agencies according to specific timelines and security assessments. Officials cited concerns over foreign platform dependencies and the need for assured sovereignty in digital tools.

National governments increasingly seek messaging platforms under direct domestic oversight to manage sensitive communications.

Why This Matters: Shifts to state-controlled communication tools can alter how officials exchange information and affect interoperability with external partners.

Samsung Secures Court Order to Halt Impending Worker Strike

• Samsung obtained a court injunction blocking planned strike action by workers.
• The order prevents work stoppages at key manufacturing and production sites.
• Labor discussions continue while the legal restriction remains in effect.

SEOUL, May 18 (TNGB) – Samsung received a court injunction that prohibits imminent strike action by employees at major facilities. The ruling came amid ongoing labor negotiations over wages and working conditions that threatened disruption to semiconductor and electronics production. Company management welcomed the decision as protection for operational continuity. Union representatives expressed concerns that the order limits their leverage during talks.

Court interventions in labor disputes can preserve short-term production stability while negotiations address underlying compensation and condition issues.

Why This Matters: Legal blocks on strikes maintain supply chain continuity but can intensify tensions if core worker concerns remain unresolved.

NGINX Rift Exploit Targets Vulnerable Servers Immediately After Disclosure

• Attackers quickly targeted servers exposed by the NGINX Rift vulnerability.
• The flaw affected specific configurations of the widely used web server software.
• Security teams urged immediate patching and configuration reviews on exposed systems.

USA, May 18 (TNGB) – Malicious actors began scanning and exploiting the NGINX Rift vulnerability on internet-facing servers shortly after public disclosure of the issue. The flaw permitted unauthorized actions on certain configurations of the popular web server. Administrators received urgent recommendations to apply available patches and verify settings to reduce exposure. Active exploitation attempts increased rapidly in the hours following the initial reports.

Swift attacker response to newly disclosed vulnerabilities underscores the value of automated update processes for critical infrastructure components.

Why This Matters: Rapid exploitation windows after disclosure emphasize the need for continuous monitoring and fast remediation in production server environments.

TanStack Considers Invitation Only Contributions Following Supply Chain Attack

• TanStack evaluates restricting pull requests to invited contributors after a supply chain incident.
• The attack raised concerns about risks in open contribution models for popular libraries.
• Maintainers seek to strengthen verification while preserving community engagement.

USA, May 18 (TNGB) – TanStack project maintainers are considering limits on pull request access to invited participants following a supply chain attack that affected the library. The incident highlighted potential risks when broad open-source contribution models allow unverified changes to reach widely used packages. Discussions focus on improved contributor verification processes without fully closing external input. The goal remains balancing security improvements with continued community participation in development.

Supply chain attacks on popular open-source projects prompt reevaluation of contribution workflows and access controls.

Why This Matters: Adjustments to contribution models in widely adopted libraries can influence both security posture and the pace of community-driven innovation.

Linus Torvalds Warns AI Generated Bug Reports Overwhelm Linux Security List

• Linus Torvalds observed that AI-generated bug reports have made the Linux security list difficult to manage.
• The volume of low-quality or irrelevant submissions increased substantially.
• Maintainers now face challenges distinguishing genuine issues from automated noise.

USA, May 18 (TNGB) – Linux creator Linus Torvalds noted that artificial intelligence generated bug reports have rendered the Linux security mailing list nearly unmanageable in its current form. The surge in automated or low-value submissions has complicated efforts to identify and address real vulnerabilities. Project maintainers explore improved filtering methods and clearer submission guidelines to restore effective communication channels. The situation reflects broader effects of AI tools on established open-source workflows.

AI assistance in software development creates secondary effects on project communication and triage processes that require active management.

Why This Matters: Managing noise from automated reports helps preserve the effectiveness of critical security discussion channels in large open-source projects.

Europe Explores Laser Communications for Growing Satellite Data Needs

• Europe tests laser-based links to handle increasing volumes of satellite data traffic.
• Optical systems promise higher bandwidth and lower interference than radio frequencies.
• Trials address technical challenges including alignment and atmospheric effects.

EUROPE, May 18 (TNGB) – European space agencies and partners conduct tests of laser communication links to accommodate rising data demands from satellite constellations. The optical approach offers significantly greater throughput potential compared with traditional radio frequency methods while reducing spectrum congestion. Engineers work through challenges such as precise beam alignment, power requirements, and performance through varying atmospheric conditions. Successful demonstrations could inform designs for future high-capacity space networks.

Laser communications provide a pathway to scale data transfer capacity as satellite deployments and bandwidth requirements continue to grow.

Why This Matters: Higher-capacity space communication technologies support expanding satellite applications in observation, connectivity, and scientific missions.

Major AI Companies Accused of Subverting Regulations Similar to Tobacco and Oil Firms

• Critics allege that leading AI companies seek to weaken or delay new regulatory frameworks.
• Comparisons point to historical patterns seen with tobacco and oil industry influence efforts.
• Lawmakers and advocacy groups examine the extent of policy engagement by major firms.

USA, May 18 (TNGB) – Observers have alleged that prominent artificial intelligence companies engage in efforts to shape or slow emerging regulatory measures in patterns reminiscent of past actions by tobacco and oil sectors. The claims include coordinated advocacy aimed at influencing legislation and oversight timelines. Policymakers continue reviewing the scope and impact of technology sector involvement in AI governance discussions. Specific evidence and company responses vary across different jurisdictions and proposals.

Scrutiny of industry influence on technology regulation helps maintain transparency in policy development processes.

Why This Matters: Understanding patterns of regulatory engagement by dominant technology firms informs debates over effective oversight of rapidly advancing AI capabilities.

Hackers Collect Over 1.2 Million Dollars for Zero Day Exploits at Pwn2Own Berlin

• Participants earned 1,298,250 dollars for discovering 47 zero-day vulnerabilities at Pwn2Own Berlin 2026.
• The contest rewarded successful exploitation of software and hardware targets.
• Findings contribute to vendor patching efforts before public disclosure.

BERLIN, May 18 (TNGB) – Researchers at the Pwn2Own Berlin 2026 event reportedly received a combined 1,298,250 dollars for identifying and demonstrating 47 zero-day vulnerabilities across various products. The competition format encourages discovery of previously unknown flaws through live exploitation attempts on secured targets. Vendors receive advance notice of findings to develop patches ahead of broader awareness. The event continues to serve as a structured channel for responsible vulnerability research and disclosure.

Financial incentives in controlled security competitions accelerate identification of critical flaws that might otherwise remain hidden longer.

Why This Matters: Structured bug bounty and contest programs provide measurable returns in vulnerability discovery that benefit overall software security when paired with timely vendor responses.