🚨 CISA KEV 1[−]
27 May KEVInside the customer environment: Where threat actors, vulnerabilities, and exposed assets intersectTenable Research has developed a graph-based model linking 600+ threat groups to real-world customer exposures. It reveals which vulnerabilities sit at the intersection of severity, active exploitation, and organizational risk. Key takeaways The "patch everything" strategy is dea…TENABLE.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 37[−]
27 May KEVCISA Orders Emergency Drupal Patch | Microsoft Server Bug | Google Fights Canada Surveillance BillCISA has ordered U.S. federal civilian agencies to urgently patch an actively exploited critical Drupal SQL injection vulnerability (CVE-2026-9082) affecting PostgreSQL-backed Drupal deployments, after Imperva reported more than 15,000 attack attempts across 65 countries. Microso…CYBERSECURITYTODAY.LIBSYN.COM
27 MayCVE-2026-43503 net: skbuff: propagate shared-frag marker through frag-transfer helpersInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-46300 net: skbuff: preserve shared-frag marker during coalescingInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-41401 libyang - Heap Use-After-Free Write in XML Metadata ParsingInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/htmlInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-39824 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windowsInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/htmlInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/htmlInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/htmlInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-39829 Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/sshInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-39830 Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/sshInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-46597 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/sshInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-39831 Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/sshInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/sshInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/sshInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-39834 Invoking infinite loop on large channel writes in golang.org/x/crypto/sshInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/sshInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agentInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-46595 Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/sshInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-39833 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agentInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-42508 Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhostsInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-9150 Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksumsInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-9149 Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv fileInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-9256 NGINX ngx_http_rewrite_module vulnerabilityInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-6402 webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS originsInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-5222 Cargo can be coerced to share credentials between registriesInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-8376 Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit buildsInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-39821 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idnaInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/htmlInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-39832 Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agentInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-8466 Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboyInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-5223 Crates in third party registries can override the cached source of other cratesInformation published.MSRC.MICROSOFT.COM
27 MayThe NSA, ‘Mythos’ and the quiet emergence of AI cyber doctrineFor most of my career running security operations, the shape of cyber conflict has been defined by who could move faster than the other side. Faster at identifying a vulnerability, faster at patching, faster at detecting, faster at responding. The last few months have made me ree…CSOONLINE.COM
27 MayGitea Vulnerability Exposes Private Container Images without AuthenticationCybersecurity researchers have disclosed a security flaw in Gitea, an open-source, self-hosted platform for version control, that allows unauthenticated remote attackers to pull private container images from Gitea deployments without requiring an account, password, or other crede…THEHACKERNEWS.COM
27 MayClaude now reviews and fixes vulnerabilities as you write codeAnthropic introduced a security-guidance plugin for Claude Code that reviews code changes for common vulnerabilities and helps Claude identify and fix issues during the same development session. The company says the plugin is designed to catch issues such as injection flaws, unsa…HELPNETSECURITY.COM
27 MayFastAPI-based AI tools exposed to authentication bypass by flaw in Starlette frameworkA single malformed character in a web request can let an unauthenticated attacker slip past the access controls that guard applications built on Starlette, the open-source Python framework that powers FastAPI, researchers said. The flaw, tracked as CVE-2026-48710 could allow atta…CSOONLINE.COM
27 May KEVCISA orders federal agencies to patch actively exploited cPanel plugin flaw within 4 daysThe US Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a critical vulnerability in the LiteSpeed cPanel plugin that is being actively exploited in attacks. The flaw, tracked as CVE-2026-48172, affects the LiteSpeed cPanel user-end plu…CYBERINSIDER.COM
⚠️ VULNERABILITY DISCLOSURE 32[−]
27 MayMicrosoft previews automatic device isolation in Defender for EndpointMicrosoft is previewing a new automatic device isolation capability in Defender for Endpoint’s auto attack disruption tool to help security pros contain cyber attacks in progress on their IT networks. The company announced the capability earlier this month in a column about new f…CSOONLINE.COM
27 MayEuropean AI adoption hits 99% with regulated data driving most policy violationsGenerative AI tools operate inside nearly every European workplace, embedded in meeting transcription services, writing assistants, coding copilots, and search features. Workers in the region pull these tools into daily routines that involve customer records, financial informatio…HELPNETSECURITY.COM
27 May KEVRisky Business #839 -- TeamPCP stole GitHub's internal reposOn this week’s show Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover: TeamPCP breached GitHub’s internal repos. Now what? Some absolute plonker glued Coruna to a hijacked npm package CISA is worried about about open source and wants th…RISKY.BIZ
27 MayVigolium: Open-source vulnerability scannerVigolium, an open-source vulnerability scanner that combines deterministic scanning with AI-driven auditing, launched its initial open-source release this month. The project ships 235+ scanner modules and an in-process agent runtime called olium that handles autonomous endpoint d…HELPNETSECURITY.COM
27 MayMytheresa - 84,108 breached accountsIn April 2026, the luxury fashion e-commerce platform Mytheresa was listed as a victim of the ShinyHunters "pay or leak" extortion group . After the ransom deadline passed, the group publicly released the data which contained 84k unique email addresses. The exposed data also incl…HAVEIBEENPWNED.COM
27 May KEVCISA Urges Immediate Patching of Exploited LiteSpeed cPanel Plugin Zero-DayResolved last week, the vulnerability was exploited in the wild as a zero-day to execute scripts with root privileges. The post CISA Urges Immediate Patching of Exploited LiteSpeed cPanel Plugin Zero-Day appeared first on SecurityWeek .SECURITYWEEK.COM
27 MayNovee’s Agentic Fix turns validated exploits into fixes through AI coding agentsNovee has announced Agentic Fix, an enhancement to its AI penetration testing platform that helps teams move from validating security findings to deploying fixes in a single step. Agentic Fix extends Novee’s platform by generating remediation guidance from the same exploit contex…HELPNETSECURITY.COM
27 MayJetico expands BestCrypt Data Shelter with zero-trust file access controlsJetico has announced the extension of BestCrypt Data Shelter to include centrally managed enterprise data access control for sensitive files. The solution allows security teams to define and enforce policies governing which applications, processes and users can access protected f…HELPNETSECURITY.COM
27 MayProofpoint Introduces Active Exploits Protection to Help Organizations Prioritize Vulnerability Patching for Real-World Attacks in the AI EraPROOFPOINT.COM
27 May KEVCISA gives feds 4 days to patch actively exploited cPanel plugin flawThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. federal agencies four days to secure their servers against a critical vulnerability in the LiteSpeed cPanel user-end plugin, which is actively being exploited in attacks. [...]BLEEPINGCOMPUTER.COM
27 MayFake ChatGPT and Claude installers on GitHub are dropping Deno RAT malwareAttackers are hosting counterfeit installers and plugins on GitHub and SourceForge that pose as widely used software, including ChatGPT, Claude, AutoTune, Kontakt, Ableton Live, and ZENOLOGY. The downloads deliver a backdoor called DinDoor, which then loads a remote access Trojan…HELPNETSECURITY.COM
27 MayApple makes its quantum-resistant encryption open sourceApple has published its post-quantum cryptography implementations in corecrypto, together with mathematical proofs and verification tools for independent expert evaluation, allowing external researchers to review the work and reproduce the company’s analysis. Post-quantum cryptog…HELPNETSECURITY.COM
27 MayDutch police arrest man over cyber breach at Ajax football clubThe suspect was detained in the central Dutch town of Buren, where law enforcement officers also searched his home and seized multiple digital storage devices, according to a statement released Tuesday by the Dutch National Police.THERECORD.MEDIA
27 MayCrowdStrike disrupts Glassworm botnet that preyed on open-source supply chainCrowdStrike has dismantled the Glassworm botnet in an operation aided by Google and Shadowserver, stripping the operators’ access to infrastructure that helped threat actors infect hundreds of pieces of open-source software with malware since early 2025, the company said Tuesday.…CYBERSCOOP.COM
27 MayInfosecurity Europe: Why Burnout in Cybersecurity Demands Risk-Based ResponseCybermindz warns that cybersecurity burnout is a growing risk, urging organizations to move beyond wellness initiatives and adopt a measurable, risk-based approach to workforce stressINFOSECURITY-MAGAZINE.COM
27 MayCogent targets exploit-to-remediation gap with new AI-powered security capabilitiesCogent has launched two new platform capabilities designed to reduce the time between vulnerability disclosure and confirmed remediation. Zero Day Response identifies exposure within minutes of public disclosure, without waiting for scanner signatures. Autonomous Remediation dete…HELPNETSECURITY.COM
27 MayMediaArea heap-based buffer overflow vulnerabilitiesTalos researchers find 4 heap-based buffer overflow vulnerabilities in MediaArea's MediaInfoLib.TALOSINTELLIGENCE.COM
27 MayCan you enforce strong Active Directory password rules without frustrating users?Strong Active Directory passwords don't have to come at the expense of usability. Specops Software explains how passphrases, breached password protection, and self-service resets can improve security without frustrating users. [...]BLEEPINGCOMPUTER.COM
27 MayVulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance RateNovee researchers discovered an account takeover vulnerability in the open source CFP management tool Pretalx. The post Vulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance Rate appeared first on SecurityWeek .SECURITYWEEK.COM
27 MayGoogle AI Threat Defense targets attackers using AI to find flaws fasterGoogle Cloud introduced AI Threat Defense, an automated cybersecurity platform that combines several of the company’s security assets to find, prioritize, and patch software vulnerabilities at machine speed. The product is aimed at enterprises contending with attackers who …HELPNETSECURITY.COM
27 MayCoordinated operation takes down Glassworm botnetThe botnet began in early 2025, targeting software developers across the open-source supply chain.CYBERSECURITYDIVE.COM
27 MayCrowdStrike and Google take down botnet used by hackers to target software developers in supply chain attacksCybercriminals used the Glassworm botnet to infect open source software projects with malware, and in turn hack the developers and companies that use that software.TECHCRUNCH.COM
27 MayAI-Assisted Exploit Development Outpaces Scanner DetectionAttackers are using AI to dramatically reduce the time they need to develop a working exploit for a CVE, according to new research.DARKREADING.COM
27 MayOpen Source Trust Is CollapsingDoug White talks about manually vetting software downloads from GitHub, NPM, and PyPI before allowing them onto a normal machine. That process included sandboxing the code in a Linux VM, reviewing it manually, and even using multiple AI models to inspect the files before installa…YOUTUBE.COM
27 MayGlassworm botnet targeting developers disrupted in coordinated takedownA coordinated cybersecurity operation has disrupted a botnet known as “Glassworm” that targeted software developers through malicious open-source packages, compromised GitHub repositories, and infected development tools. The takedown took place on May 26 with support from CrowdSt…CYBERINSIDER.COM
27 MayUK Cyberspying Chief Calls AI ‘an Unstoppable Force’ and Warns About RussiaThe speech is the latest in a string of warnings from intelligence experts that Russia is stepping up hostile activity in a “gray zone” that falls just below the threshold of war. The post UK Cyberspying Chief Calls AI ‘an Unstoppable Force’ and Warns About Russia appeared first …SECURITYWEEK.COM
27 MayAI chatbot recommendations lure users to cryptojacking malware sitesCybercriminals are using AI chatbot interactions alongside poisoned search results to direct users to malicious download sites in an active cryptojacking campaign, Microsoft has warned. The campaign impersonates legitimate software tools such as CrystalDiskInfo, HWMonitor, Displa…HELPNETSECURITY.COM
27 MayUK spy chief labels AI ‘unstoppable force’ with offensive, defensive ramifications for cyberspaceAnne Keast-Butler, head of the GCHQ, said her agency was developing an artificial intelligence-powered cyber shield as other nations were deploying AI in warfare. The post UK spy chief labels AI ‘unstoppable force’ with offensive, defensive ramifications for cyberspace appeared f…CYBERSCOOP.COM
27 MayReconstructing an Akira Ransomware Kill Chain from Perimeter and Endpoint Logs, (Wed, May 27th)Most Akira write-ups focus on the ransom note or the encryption routine. By the time those show up the interesting forensic work is over. The questions that matter to defenders sit earlier. How did they get in. When did they get domain admin. What did they touch before the binary…ISC.SANS.EDU
27 MayAI models more vulnerable than claimed when faced with iterative attacksCISOs relying on LLM runtime guardrails and official safety scores when making security decisions about their organizations’ AI usage and model selection are due for a wakeup call. According to a new study from Cisco, frontier models from OpenAI, Anthropic, Google, xAI, and Amazo…CSOONLINE.COM
27 MaySmashing Security podcast #469: What your Oura ring won’t tell youCISA, the US government agency whose entire job is keeping America's critical infrastructure safe from hackers, has had a contractor publish dozens of plain-text credentials to a public GitHub profile. Meanwhile, your Oura ring is quietly transmitting some of its data unencrypted…GRAHAMCLULEY.COM
27 MayAnother IT governance headache: AI-enabled sanction evasionOver the next three to five years, both governments and the private sector will need to rapidly adapt identification and mitigation protocols as adversaries move from AI-assisted to AI-enabled sanctions evasion and proliferation financing (PF), a new research paper warns. The rep…CSOONLINE.COM
📢 SECURITY ADVISORIES 4[−]
27 MayIranian intelligence service behind hack of LA transit system, researchers sayThe hacking group claimed to be a standalone hacktivist crew but actually has ties to the Ministry of Intelligence of the Islamic Republic of Iran (MOIS), researchers at Gambit Security said in a report published Tuesday.THERECORD.MEDIA
27 MayPing Identity advances agentic security with AI governance and trusted accessPing Identity announced new capabilities that extend the Ping Identity Platform for the agentic enterprise, where AI agents, automation, and developers increasingly shape how access is managed, governed, and secured across organizations. AI agents are changing both sides of the i…HELPNETSECURITY.COM
27 MayFBI warns extortion hackers are visiting US law firms to steal dataIn a public advisory issued Tuesday the FBI said a hacking group has targeted law firms using social engineering schemes to gain remote access to corporate systems and exfiltrate data.THERECORD.MEDIA
27 MayBreaking the GlassWorm.A major takedown disrupts the GlassWorm botnet. The White House rewrites federal cyber logging rules as CISA faces cuts amid rising AI threats. Federal agencies ramp up scrutiny of so-called anti-tech extremism. GCHQ warns Russia is targeting UK infrastructure. Researchers uncove…THECYBERWIRE.COM
🔥 INCIDENT REPORTING 6[−]
27 MayLA Metro Cyberattack Linked to Iranian State-Sponsored HackersThe attack was claimed by a hacktivist group, but evidence showed it used infrastructure linked to Iranian government threat actors. The post LA Metro Cyberattack Linked to Iranian State-Sponsored Hackers appeared first on SecurityWeek .SECURITYWEEK.COM
27 May3 SOC Steps that Shut Down Incident Risks EarlyMost organizations still picture cyber defense as a fortress problem: build stronger walls, add more guards, buy another detection engine. But modern incidents rarely crash through the front gate. They drift in disguised as routine activity, hide inside legitimate processes, and …THEHACKERNEWS.COM
27 MayCrowdStrike shuts down the Glassworm botnet.Extortion group sends individuals to infiltrate organizations in person. Lithuania investigates breach of the Centre of Registers. Business news: Zscaler to acquire Symmetry Systems.THECYBERWIRE.COM
27 MayLatin American Cybercriminals Hoover Up Government DataA purported leak exposing 5.8 million records of Uruguayan citizens is the latest incident where cybercriminals targeted government agencies to monetize citizen data.DARKREADING.COM
27 MayThe Small Model CliffCASI Leaderboard, Bias Jailbreak, and Three Coordinated Supply Chain IncidentsF5.COM
27 MayRansomware Actors Show Up In Person to Steal Law Firm DataThe FBI warned that the extortion gang Silent Ransom Group is targeting law firms and socially engineering its way into servers and databases.DARKREADING.COM
🕵️ THREAT INTELLIGENCE 27[−]
27 MayISC Stormcast For Wednesday, May 27th, 2026 https://isc.sans.edu/podcastdetail/9946, (Wed, May 27th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
27 MayThe alert economy is driving security analyst burnoutIn this Help Net Security video, Ido Livneh, CEO of Jazz, explains why security analysts burn out and what leaders can do about it. The cause, he argues, is not long hours but meaningless work. Analysts spend their days closing repetitive tickets while the institutional knowledge…HELPNETSECURITY.COM
27 MayCoinflow CISO on crypto payments security under AI pressureCrypto payment firms sit near the top of the target list for advanced persistent threat groups, and the workload on their security leaders keeps growing. Malcolm Portelli, CISO at Coinflow, runs the company’s security program from Malta. Coinflow is headquartered in the Uni…HELPNETSECURITY.COM
27 MayAnthropic Releases New Claude Sandbox, Security Guidance PluginThe AI giant says the new plugin, which helps developers find vulnerabilities as they write code, has been used extensively internally. The post Anthropic Releases New Claude Sandbox, Security Guidance Plugin appeared first on SecurityWeek .SECURITYWEEK.COM
27 MayAppOmni’s Marlin AI automates SaaS threat analysis, triage, and remediation at scaleAppOmni has launched Marlin AI to transform how enterprise organizations defend complex SaaS applications. Marlin AI delivers autonomous AI-powered SaaS security that leverages AppOmni’s deep SaaS application observability. It actively correlates SaaS security indicators, perform…HELPNETSECURITY.COM
27 MayFBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal DataThe FBI has issued an alert warning of Silent Ransom Group attacks targeting law firms. The post FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal Data appeared first on SecurityWeek .SECURITYWEEK.COM
27 MayFranklin Access adds three-layer security system to Wi-Fi routersFranklin Access has launched a three-layer security system integrated into its Wi-Fi routers, delivering enterprise-grade protection for consumers and small businesses. The system runs automatically in the background, blocking millions of malicious websites in real time to protec…HELPNETSECURITY.COM
27 MayWhat Security Leaders Should Expect from RSAC - Joseph Blankenship - BSW #449RSA Conference (RSAC) 2026, the 35th annual flagship event for cybersecurity, drew over 43,500 attendees, featuring more than 600 exhibitors, 570+ sessions, and 700+ speakers from 104 countries. It generated 370 million social media impressions. With this size and reach, what sho…YOUTUBE.COM
27 MayThe Credential Crisis: How Stolen Credentials Defeat Modern SecurityAs AI accelerates phishing, session hijacking, and credential abuse, security teams are racing to close the gap between attacker speed and defensive response. The post The Credential Crisis: How Stolen Credentials Defeat Modern Security appeared first on SecurityWeek .SECURITYWEEK.COM
27 May‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery SystemsMalicious repositories and disguised symlinks can trick AI coding agents into silently installing attacker-controlled MCP servers capable of stealing secrets, compromising CI pipelines, and deploying malicious code. The post ‘SymJack’ Attack Turns AI Coding Agents Into Supply Cha…SECURITYWEEK.COM
27 MayGlassWorm Botnet DisruptedSecurity firms took down all four command-and-control (C&C) channels used by the GlassWorm malware. The post GlassWorm Botnet Disrupted appeared first on SecurityWeek .SECURITYWEEK.COM
27 MayRevEng.AI Raises $15 Million to Hunt for Flaws and Backdoors in Software BinariesUsing an AI model called BinNet, RevEng hunts vulnerabilities and backdoors in released software binaries. The post RevEng.AI Raises $15 Million to Hunt for Flaws and Backdoors in Software Binaries appeared first on SecurityWeek .SECURITYWEEK.COM
27 MayRomanian Hacker Sentenced to Prison in US for Selling Access to State NetworkCatalin Dragomir previously pleaded guilty to selling access to an Oregon state government office’s network. The post Romanian Hacker Sentenced to Prison in US for Selling Access to State Network appeared first on SecurityWeek .SECURITYWEEK.COM
27 MayLastwall Raises $11.5 Million for Quantum-Resilient Identity PlatformThe new funding, led by BDC Capital’s StrongNorth Fund, will accelerate Lastwall’s North American expansion. The post Lastwall Raises $11.5 Million for Quantum-Resilient Identity Platform appeared first on SecurityWeek .SECURITYWEEK.COM
27 MaySecurityWeek to Host AI Risk Summit August 11-12 at the Ritz-Carlton, Half Moon BayNow in its third year, the AI Risk Summit is the leading conference that brings together CISOs, security leaders, AI researchers, developers, policymakers, and enterprise risk professionals. The post SecurityWeek to Host AI Risk Summit August 11-12 at the Ritz-Carlton, Half Moon …SECURITYWEEK.COM
27 MayeSentire launches new Atlas AI Operatives for autonomous threat detection and responseeSentire has unveiled new preempt, detect, and respond capabilities within the Atlas Platform, a unified agentic AI platform with purpose-built AI Operatives that work together in a continuous security lifecycle. Controlled autonomy SecOps The Atlas Platform delivers purpose-buil…HELPNETSECURITY.COM
27 MayFBI’s 2025 Internet Crime ReportThe 2025 Internet Crime Report was published a few weeks ago, but I only just saw it. Lots of interesting statistics. Press release . News articles .SCHNEIER.COM
27 MayDecrypting Customer Data On PurposeA telecom company asked how to “fix” an encryption problem. But according to the speaker, the real request was how to decrypt protected customer data so the company could build services and insights on top of it. The clip highlights a common security tension: businesses want more…YOUTUBE.COM
27 MayLeading AI models are more vulnerable to malicious prompts than vendors claimHackers could subvert frontier models with attacks that their developers overlook, Cisco said.CYBERSECURITYDIVE.COM
27 MayHackers are knocking on office doors pretending to be IT staffThe Silent Ransom Group (SRG) is targeting law firms using social engineering techniques and an unusual tactic for cybercriminals: showing up at victims’ offices in person while posing as IT staff, the FBI warns. The group, also known as Luna Moth, Chatty Spider, and UNC3753, has…HELPNETSECURITY.COM
27 MayCommit to Compromise: A New Threat Actor Targeting the Cryptocurrency Industry's Software Development InfrastructureWiz CIRT and Wiz Research detail JINX-0164, a threat actor using LinkedIn social engineering, custom macOS malware, and CI/CD hijacking to target cryptocurrency organizations.WIZ.IO
27 MayEvidence at the Moment of Attack. Answers at AI Speed.Wiz Sensor Forensics is now generally available - automatically capturing forensic artifacts at the moment of detection and using AI to accelerate investigation for SOC and IR teams.WIZ.IO
27 MayFBI warns US-based law firms to be on the lookout for cybercrime group that steals data in personSilent Ransom Group isn’t prolific, but it's demonstrated a knack for attacking the legal services sector with an extraordinary dual use of social engineering and in-person visits to victims’ workstations. The post FBI warns US-based law firms to be on the lookout for cybercrime …CYBERSCOOP.COM
27 MayAI’s Hype Cycle Is EndingResearchers analyzed decades of RSA Conference session titles and found that no major cybersecurity buzzword stayed dominant for more than about three years. The speaker argues AI may now be reaching that same turning point. After years of massive investment and nonstop attention…YOUTUBE.COM
27 MayOpenAI heralds cybersecurity, election interference safeguard plans for 2026 midtermsThe announcement builds on work from major tech firms in 2024 to combat AI-infused election chicanery. The post OpenAI heralds cybersecurity, election interference safeguard plans for 2026 midterms appeared first on CyberScoop .CYBERSCOOP.COM
27 MayGPU mining malware spreads via SEO poisoning, AI chatbotsThreat actors are targeting systems with high-performance computers in an ongoing cryptojacking campaign spread through a coordinated SEO poisoning operation that also manipulated AI chatbot recommendations. [...]BLEEPINGCOMPUTER.COM
27 MayOut of the Crypt: The Evolving Cyber Extortion EconomyUnit 42 explores trends in data theft and extortion, outlining key strategies for organizations as frontier AI models advance. The post Out of the Crypt: The Evolving Cyber Extortion Economy appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
🌐 CYBER THREAT LANDSCAPE 6[−]
27 MayAI Chatbot Recommendations Redirect Users to Cryptojacking Malware SitesMicrosoft has warned of an active cryptojacking campaign that makes use of artificial intelligence (AI) chatbot interactions as a mechanism for surfacing malicious download sites. "This emerging delivery technique extends social engineering beyond conventional search results and …THEHACKERNEWS.COM
27 MayCompany bragged phone mics could listen to conversations. They couldn’t.Cox Media said it could spy on users through their devices and use the information for targeted advertising, except it wasn't true.MALWAREBYTES.COM
27 MayGlassWorm Malware Takedown Disrupts Developer Supply Chain Attack InfrastructureCrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control (C2) channels associated with GlassWorm, a persistent software chain campaign targeting software developers through malicious packages and…THEHACKERNEWS.COM
27 MayCrowdStrike, Google Take Down Glassworm BotnetOperators of the malicious Glassworm botnet have been targeting software developers since at least early 2025INFOSECURITY-MAGAZINE.COM
27 MayGlassworm botnet disrupted after resilient C2 infrastructure takedownThe Glassworm botnet targeting developers in software supply-chain attacks has been disrupted after researchers took down its resilient command-and-control infrastructure relying on Solana blockchain transactions and the BitTorrent DHT network. [...]BLEEPINGCOMPUTER.COM
27 MayGrandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android UsersLatin America and Europe become the target of two banking trojan campaigns that are designed to infect Windows and Android devices with Grandoreiro and BTMOB malware, respectively. That's according to new findings from WatchGuard and ESET, which have observed the two malware fami…THEHACKERNEWS.COM
🎙️ PODCASTS 1[−]
27 MayThe Case for Internal Comms with Thereasa RoyInternal comms is one of those marketing functions that doesn't always get its own seat at the table, but probably should. Thereasa Roy, formerly Director of Technical Solutions Marketing at Trail of Bits, now Director of Product Marketing at Oversight joins Gianna to talk throug…THECYBERWIRE.COM
📡 INFOSEC NEWS 20[−]
27 MayWeekly Threat Bulletin – May 27th, 2026These are the top threats you should know about this week.F5.COM
27 MayPureLogs Variant Steals Data via Purchase Order LuresFortiGuard Labs detailed a PureLogs campaign using JavaScript, PowerShell and process hollowingINFOSECURITY-MAGAZINE.COM
27 MayWindows 11 KB5089573 update released with performance improvementsMicrosoft has released the KB5089573 preview cumulative update for Windows 11 versions 25H2 and 24H2, which comes with 30 changes, including performance and reliability improvements. [...]BLEEPINGCOMPUTER.COM
27 MayFake LinkedIn emails abuse Adobe to track victimsPhishers are stealing LinkedIn credentials while abusing Adobe Target to track victims and redirect them to real LinkedIn pages.MALWAREBYTES.COM
27 May68% of UK Firms Plan to Increase Cyber Spending as AI Risks RiseUK firms plan higher cyber spending as AI adoption raises security concernsINFOSECURITY-MAGAZINE.COM
27 MayDutch police arrests suspect linked to Ajax football club hackThe Dutch National Police arrested a 35-year-old man suspected of hacking the professional football club Ajax Amsterdam (AFC Ajax) earlier this year. [...]BLEEPINGCOMPUTER.COM
27 MayIntroducing EvidenceForge: Synthetic security logs that don’t look (as) fakeEvidenceForge generates high-quality, realistic, and consistent datasets across multiple log formats, enabling teams to effectively train personnel and validate detection models without the need for complex manual simulations.TALOSINTELLIGENCE.COM
27 May5 Steps to Managing Shadow AI Tools Without Slowing Down EmployeesWhen an employee installs an AI writing assistant, connects a coding copilot to their IDE, or starts summarizing meetings with a new browser tool, they are doing exactly what a productive employee should do: finding faster ways to work. Across most organizations today, employees …THEHACKERNEWS.COM
27 MayKali365 phishing kit bypasses MFA and steals Microsoft loginsThe FBI has warned that attackers are using a new phishing kit to gain long-term access to Microsoft Outlook, Teams, and OneDrive accounts.MALWAREBYTES.COM
27 MayThousands of Fake FIFA Domains Target World Cup FansGroup-IB uncovered Ghost Stadium phishing and 4300 fake FIFA World Cup domains targeting fansINFOSECURITY-MAGAZINE.COM
27 MayFBI warns of in-person data theft attacks from extortion gangThe FBI warned on Tuesday that the Silent Ransom Group (SRG) extortion gang is now targeting U.S.-based law firms in in-person data theft attacks. [...]BLEEPINGCOMPUTER.COM
27 MayCybersecurity Evolution: How We Went From Perimeter Defense to AI-Native SecurityThe cybersecurity industry of 2006 barely resembled today's billion-dollar behemoth. As part of Dark Reading's 20th anniversary celebration, we trace the industry's evolution through a technology lens.DARKREADING.COM
27 MayInvestigating suspicious AI workflows in Microsoft Entra Agent ID: Autonomous agentsRead our primer on how to detect and respond to an autonomous agent escalating privileges and persisting in your Entra ID tenantREDCANARY.COM
27 MayDefending at Machine-Speed: Building AI Threat Readiness with WizHow Wiz helps organizations adopt an AI Operating Model for AI Threat ReadinessWIZ.IO
27 MayTechCrunch Disrupt 2026 Early Bird ticket savings end in 3 daysThere are only 3 days left to save up to $410 on your ticket to TechCrunch Disrupt 2026. Early Bird pricing ends May 29 at 11:59 p.m. PT, and once the deadline passes, ticket prices increase. If you plan to attend one of the most influential gatherings in tech this year, now is t…TECHCRUNCH.COM
27 MayRudd orders Cyber Command reviews as Pentagon presses reform agendaArmy Gen. Joshua Rudd, who took the twin-leadership reins of Cyber Command and the NSA in March, recently tapped MITRE to conduct a potentially wide-ranging review into the organization, according to three people familiar with the matter.THERECORD.MEDIA
27 MayMalicious npm Package Stole Files From Claude AI User Directory via GitHubCybersecurity researchers have discovered a new malicious package on the npm registry that comes with information stealing capabilities. According to OX Security, the package, named "mouse5212-super-formatter," is designed to upload files from "/mnt/user-data," a dedicated direct…THEHACKERNEWS.COM
27 MayRomanian national sentenced to more than 4 years for hacking Oregon government systemsDragomir was arrested in Romania in November 2024 and brought to the U.S. last year to face charges for hacking into the network belonging to Oregon’s Office of Emergency Management.THERECORD.MEDIA
27 MayZscaler intends to acquire identity mapping company Symmetry Systems.Check Point has agreed to acquire AI evaluation platform Deepchecks.THECYBERWIRE.COM