9,385Articles
91Days
85Feeds
🚨 CISA KEV 100[−]
2 Jul KEVSharePoint RCE CVE-2026-45659 Added to CISA KEV After Active ExploitationThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-4565…THEHACKERNEWS.COM
2 Jul KEVU.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalogU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Microsoft SharePoint Server flaw, tracked as CVE-2026-4565…SECURITYAFFAIRS.COM
30 Jun KEVHow CISA BOD 26-04 redefines vulnerability management metrics for security leadersCISA’s BOD 26-04 changes how federal agencies patch and how security leaders must measure, justify, and communicate cyber risk to executives and boards. Key takeaways BOD 26-04 requires agencies to make and defend risk-based vulnerability prioritization decisions, including decis…TENABLE.COM
30 Jun KEVU.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalogU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a SimpleHelp flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a SimpleHelp flaw, tracked as CVE-2026-48558 (CVSS score v3.1 …SECURITYAFFAIRS.COM
29 Jun KEVModernizing Global Vulnerability Standards For The Age Of AIAs AI-driven vulnerability discovery accelerates, the cybersecurity ecosystem is being forced to examine whether the standards, disclosure processes, and prioritization frameworks defenders rely on can still keep pace. Many of those systems were built around human-speed discovery…RAPID7.COM
29 Jun KEVJSP webshells being dropped on unpatched PTC Windchill instancesThe US Cybersecurity and Infrastructure Security Agency (CISA) added a vulnerability (CVE-2026-12569) in Windchill and FlexPLM, two product lifecycle management software platforms developed by PTC, to its Known Exploited Vulnerabilities (KEV) catalog. Entries in the KEV catalog d…HELPNETSECURITY.COM
26 Jun KEVFirst-Ever Exploitation of PTC Windchill Vulnerability Discovered in the WildCISA has added the remote code execution flaw CVE-2026-12569 to its Known Exploited Vulnerabilities catalog. The post First-Ever Exploitation of PTC Windchill Vulnerability Discovered in the Wild appeared first on SecurityWeek .SECURITYWEEK.COM
26 Jun KEVCISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks ContinueThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical remote code execution vulnerability impacting PTC Windchill PDMlink and PTC FlexPLM enterprise Product Data Management (PDM) and Product Lifecycle Management (PLM) software to its Known …THEHACKERNEWS.COM
26 Jun KEVWeekly Metasploit Update: Modules for Audiobookshelf, LiteLLM, Next.js, Dalfox and moreHelp shape the future of Metasploit Framework We are planning future work in relation to the evasion capabilities present in Metasploit Framework, and how they function/are presented to users. We are currently accepting responses to our feedback form, which means that you can sha…RAPID7.COM
25 Jun KEVCISA Adds Two Known Exploited Vulnerabilities to CatalogCISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation.   CVE-2026-12569 PTC Windchill and FlexPLM Improper Input Validation Vulnerability CVE-2026-20230 Cisco Unified Communications Manager Serv…CISA.GOV
24 Jun KEVAttackers exploit Cisco Unified CM flaw weeks after patch releaseA critical Cisco Unified CM vulnerability is now under active exploitation, weeks after the company issued patches warning it could allow attackers to gain root access. Threat intelligence firm Defused reported the exploitation on June 23. The company said it observed the activit…CSOONLINE.COM
19 Jun KEVUnauthenticated RCE in Splunk Enterprise under active attack (CVE-2026-20253)CISA has added CVE-2026-20253, a critical, remotely exploitable vulnerability in Splunk Enterprise, to its Known Exploited Vulnerabilities catalog, and ordered US federal civilian agencies to apply mitigations by June 21, 2026. In-the-wild exploitation has also been confirmed by …HELPNETSECURITY.COM
17 Jun KEVWhat 22,000 breaches teach us about incident preparednessThe 2026 Verizon Data Breach Investigations Report analyzed more than 22,000 confirmed data breaches across 145 countries. Its findings point to a single uncomfortable truth: organizations cannot patch fast enough to prevent every incident. Exploitation of vulnerabilities surged …CSOONLINE.COM
17 Jun KEVOperationalize CISA BOD 26-04 with Tenable OneCISA’s new directive officially ends federal agencies’ reliance on static vulnerability scores. Learn how Tenable One helps federal agencies pivot to dynamic asset exposure, threat validation, and AI-powered automation to meet compressed compliance timelines. Key takeaways CISA’s…TENABLE.COM
15 Jun KEVCISA Adds Two Known Exploited Vulnerabilities to CatalogCISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-20262 Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability CVE-2026-54420 LiteSpeed cPanel Plugin UNIX Symbolic Link…CISA.GOV
11 Jun KEVCISA Directs Federal Agencies to Prioritize Security Patches Based on RiskThe new BOD 26-04 requires agencies to review and update vulnerability management policies with a focus on KEV catalog entries. The post CISA Directs Federal Agencies to Prioritize Security Patches Based on Risk appeared first on SecurityWeek .SECURITYWEEK.COM
11 Jun KEVTrolling Microsoft With Vulnerabilities - PSW #930In the security news: - Trolling Microsoft With Vulnerabilities - Fable 5 loves guardrails - Binwalk vulnerability - EMBA and local models - EDRChoker - AI worms - Interesting Arista vulnerability added to KEV - BOD 26-04 and stakeholder specific vulnerability categorization - Br…YOUTUBE.COM
11 Jun KEVCISA BOD 26-04: Frequently asked questions about the new risk-based patching directiveCISA issued BOD 26-04, which replaces BOD 22-01 with a four-variable vulnerability prioritization model requiring federal agencies to patch the most dangerous vulnerabilities in as few as three days. Key takeaways BOD 26-04 replaces BOD 22-01 with a four-variable risk model that …TENABLE.COM
10 Jun KEVCVE-2026-10520, CVE-2026-10523 - Multiple critical vulnerabilities affecting Ivanti SentryOverview On June 9, 2026, Ivanti published a security advisory for two critical vulnerabilities affecting Ivanti Sentry (formerly known as MobileIron Sentry), which per the vendor website is an “in-line gateway that manages, encrypts, and secures traffic between the mobile device…RAPID7.COM
10 Jun KEVCISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active ExploitationThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation. The list of vulnerabilities is as follows - CVE-2026-20245 (CVSS score: 7.8)…THEHACKERNEWS.COM
10 Jun KEVCISA tells agencies to patch smarter, not harder — foreshadowing broader industry practiceSecurity teams’ patching practices have come under intense pressure over the past year, as active exploitation is up, time-to-exploit windows are accelerating, and vulnerabilities have become attackers’ top initial access vector of choice. Last year, organizations fully remediate…CSOONLINE.COM
9 Jun KEVAI worm prototype shows attackers don’t need Mythos to take over your networkResearchers from the University of Toronto developed a computer worm prototype powered by an AI agent that successfully self-replicated to different systems within a simulated computer network. The worm used a free large language model (LLM) running on local hardware and exploite…CSOONLINE.COM
9 Jun KEVLiteLLM vulnerability under active attack, CISA warns (CVE-2026-42271)A command injection vulnerability (CVE-2026-42271) in BerryAI’s LiteLLM open-source AI gateway is being exploited by attackers, the US Cybersecurity and Infrastructure Security Agency (CISA) confirmed by adding the flaw to its Known Exploited Vulnerabilities catalog on Mond…HELPNETSECURITY.COM
9 Jun KEVMicrosoft’s June 2026 Patch Tuesday Addresses 198 CVEs ( CVE-2026-49160, CVE-2026-50507)32 Critical 166 Important 0 Moderate 0 Low Microsoft addresses 198 CVEs in the largest Patch Tuesday release, including three zero-days. Microsoft patched 198 CVEs in its June 2026 Patch Tuesday release, with 32 rated critical and 166 rated as important. Our counts omitted 6 CVEs…TENABLE.COM
9 Jun KEVPatch Tuesday - June 2026Microsoft is publishing 200 vulnerabilities on June 2026 Patch Tuesday . Microsoft is not aware of exploitation in the wild for any of these vulnerabilities, and is aware of public disclosure for three. This is similar to last month’s Patch Tuesday, however several of last month’…RAPID7.COM
8 Jun KEVCritical Check Point VPN Zero-Day Exploited in the Wild (CVE-2026-50751)Overview On June 8, 2026, Check Point published a security advisory for CVE-2026-50751 , a critical authentication bypass vulnerability affecting Check Point Remote Access VPN, Mobile Access, and Spark Firewall products. The vulnerability affects deployments configured to use the…RAPID7.COM
6 Jun KEVCISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV CatalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting SolarWinds Serv-U multi-protocol file server software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability…THEHACKERNEWS.COM
4 Jun KEVCISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV CatalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting Mirasvit Cache Warmer, a popular Magento full-page cache extension, to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the …THEHACKERNEWS.COM
4 Jun KEVThe June 2026 AI Executive Order: What federal agencies need to know and how Tenable can helpOn June 2, 2026, the White House signed an Executive Order directing federal agencies to harden their systems with AI-enabled cyber defenses and to stand up a new AI cybersecurity clearinghouse — most of it on a 30-day clock. Here’s what the EO requires and how Tenable can help. …TENABLE.COM
2 Jun KEVAttackers exploit Palo Alto GlobalProtect flaw days after disclosureA Palo Alto Networks vulnerability that allows attackers to establish unauthorized VPN access into corporate networks is being actively exploited in the wild, weeks after the company disclosed the flaw as a medium-severity issue and said it was unaware of any attacks. However, ac…CSOONLINE.COM
2 Jun KEVOracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active ExploitationThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw impacting Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. The vulnerability, CVE-2024-21182 (CVSS …THEHACKERNEWS.COM
2 Jun KEVTwo-year old Oracle WebLogic Server vulnerability is being exploitedUS federal government departments have been given until Thursday to patch a two-year old high severity vulnerability in Oracle WebLogic Server that could allow an unauthenticated attacker to access critical data. The vulnerability, CVE-2024-21182 , was added Monday to the Cyberse…CSOONLINE.COM
1 Jun KEVCISA adds critical Palo Alto Networks firewall flaw to KEV as company, researchers warn of exploitationThe vulnerability in a vital defensive technology creates serious risks for federal networks, CISA said.CYBERSECURITYDIVE.COM
27 May KEVInside the customer environment: Where threat actors, vulnerabilities, and exposed assets intersectTenable Research has developed a graph-based model linking 600+ threat groups to real-world customer exposures. It reveals which vulnerabilities sit at the intersection of severity, active exploitation, and organizational risk. Key takeaways The "patch everything" strategy is dea…TENABLE.COM
26 May KEVVulnerabilities have become cyber attackers’ No. 1 door to the enterprisePatching practices are coming under intense pressure of late, as time-to-exploit windows accelerate — a new reality likely to worsen as AI assistance in attack chains rises. Now cyber defenders have another cause for flaw alarm: Vulnerability exploitation has significantly pulled…CSOONLINE.COM
23 May KEVCISA to allow researchers to report vulnerabilities to exploited bugs catalogThe Cybersecurity and Infrastructure Security Agency (CISA) announced the creation of a nomination form on Thursday that they said enables “researchers, vendors, and industry partners” to report bugs that need to be added to the Known Exploited Vulnerabilities catalog.THERECORD.MEDIA
23 May KEVDrupal Core SQL Injection Bug Actively Exploited, Added to CISA KEVThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw impacting Drupal Core to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2026-908…THEHACKERNEWS.COM
22 May KEVCISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEVThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Langflow and Trend Micro Apex One to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities in question are list…THEHACKERNEWS.COM
22 May KEVCISA’s new KEV nomination form opens reporting to vendors and researchersThe Cybersecurity and Infrastructure Security Agency launched a new nomination form that lets researchers, vendors, and industry partners report known exploited vulnerabilities for possible inclusion in its KEV catalog. The form gives outside contributors a direct way to submit v…HELPNETSECURITY.COM
22 May KEVU.S. CISA adds Trend Micro Apex One and Langflow to its Known Exploited Vulnerabilities catalogU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Trend Micro Apex One and Langflow flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws …SECURITYAFFAIRS.COM
22 May KEVCISA Adds Langflow Origin Validation Flaw to Known Exploited Vulnerabilities CatalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Langflow vulnerability, tracked as CVE-2025-34291, to its Known Exploited Vulnerabilities (KEV) Catalog, highlighting active exploitation risks and urging immediate remediation. The vulnerabilit…GBHACKERS.COM
21 May KEVMicrosoft Defender vulnerabilities exploited in the wild (CVE-2026-41091, CVE-2026-45498)Attackers are exploiting two Microsoft Defender vulnerabilities (CVE-2026-41091 and CVE-2026-45498), Microsoft acknowledged and CISA confirmed by adding them to its Known Exploited Vulnerabilities catalog. The vulnerabilities CVE-2026-41091 allows for local privilege elevation (L…HELPNETSECURITY.COM
21 May KEVMini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaignA self-propagating worm has compromised more than 170 npm and PyPI packages, defeating provenance attestation and breaching OpenAI and Mistral AI. Here is what you need to know. Key takeaways Mini Shai-Hulud is a self-propagating worm by TeamPCP that steals developer and cloud cr…TENABLE.COM
21 May KEVMicrosoft Defender vulnerabilities are being exploited in the wildCISA added seven known exploited vulnerabilities to its KEV catalog, including two Microsoft Defender flaws.MALWAREBYTES.COM
21 May KEVU.S. CISA adds Microsoft and Adobe flaws to its Known Exploited Vulnerabilities catalogU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft and Adobe flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploi…SECURITYAFFAIRS.COM
19 May KEVKey findings from the Verizon DBIR 2026: Slower vulnerability remediation meets faster exploitationThe 2026 Verizon Data Breach Investigations Report (DBIR) reveals a troubling trend: vulnerability exploitation has surged to become the number one initial access vector while remediation rates have worsened. Key takeaways Vulnerability exploitation has surged to become the leadi…TENABLE.COM
16 May KEVU.S. CISA adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Exchange Server, tracked as CVE-202…SECURITYAFFAIRS.COM
15 May KEVCISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access ExploitsThe U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed vulnerability impacting Cisco Catalyst SD-WAN Controller to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remedi…THEHACKERNEWS.COM
15 May KEVCisco warns of an actively exploited SD-WAN flaw with max severityCisco has disclosed a max-severity authentication bypass vulnerability affecting its Catalyst SD-WAN Controller and Catalyst SD-WAN Manager platforms, warning that the flaw has already been found to be exploited in the wild. The disclosure follows an earlier authentication bypass…CSOONLINE.COM
15 May KEVCVE-2026-20182: Cisco Catalyst SD-WAN Auth Bypass Added to CISA KEVCVE-2026-20182: Cisco Catalyst SD-WAN Auth Bypass Added to CISA KEV Cisco has disclosed CVE-2026-20182, a critical authentication bypass affecting Cisco Catalyst SD-WAN Controller (formerly vSmart) and Cisco Catalyst SD-WAN Manager (formerly vManage). The flaw is in the peering a…SOCRADAR.IO
14 May KEVFragnesia (CVE-2026-46300): Frequently asked questions about new Linux Kernel XFRM ESP-in-TCP privilege escalationA new Linux kernel local privilege escalation exploit with a public proof-of-concept targets the same subsystem as Dirty Frag but requires a separate patch. Key Takeaways CVE-2026-46300 (Fragnesia) is the latest high severity local privilege escalation vulnerability in the Linux …TENABLE.COM
14 May KEVU.S. CISA adds a flaw in Cisco Catalyst SD-WAN  to its Known Exploited Vulnerabilities catalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Cisco Catalyst SD-WAN to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Cisco Catalyst SD-WAN, tracked as CVE-2026-20182 …SECURITYAFFAIRS.COM
14 May KEVFrequently asked questions about the continued exploitation of Cisco Catalyst SD-WAN vulnerabilities (CVE-2026-20182)Multiple critical authentication bypass vulnerabilities in Cisco Catalyst SD-WAN Controller and Manager are under active exploitation by multiple threat clusters, including CVE-2026-20182, which has been exploited as a zero-day by a sophisticated threat actor. Key Takeaways CVE-2…TENABLE.COM
12 May KEVWhy patching SLAs should be the floor, not the strategyI’ve been a CISO for two separate companies, know several CISOs personally, and interact with many others through various cybersecurity forums. We all have one thing in common. We can tell you our patching SLA numbers off the top of our heads. Ninety-five percent of criticals clo…CSOONLINE.COM
12 May KEVHow Rapid7 is bringing Cyber GRC closer to security operationsSabeen Malik is VP, Global Government Affairs and Public Policy at Rapid7. ⠀ Security teams need a better way to connect what they detect, what they fix, and what they can prove. The pace of modern security operations no longer works in defenders’ favor. IBM’s Cost of a Data Brea…RAPID7.COM
11 May KEVU.S. CISA adds a flaw in BerriAI LiteLLM to its Known Exploited Vulnerabilities catalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in BerriAI LiteLLM to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in BerriAI LiteLLM, tracked as CVE-2026-42208 (CVSS score …SECURITYAFFAIRS.COM
8 May KEVYour refresh plan has a CVE blind spotThe conversation is straightforward, but the problem behind it is not. The customer bought servers in 2017 and typically refresh every five to six years. Generally, around the 2022 to 2023 timeframe, they would have looked to buy new. Historically, that is what would have happene…CSOONLINE.COM
8 May KEVCVE-2026-6973: Authenticated Admin RCE In Ivanti EPMM Added to CISA KEVCVE-2026-6973: Authenticated Admin RCE In Ivanti EPMM Added to CISA KEV Ivanti has patched CVE-2026-6973, a high-severity remote code execution (RCE) vulnerability affecting Ivanti Endpoint Manager Mobile (EPMM) on-prem deployments. The vulnerability has been exploited in the wil…SOCRADAR.IO
8 May KEVWhy the approaching flood of vulnerabilities changes everything — and what to do about itAI-driven discovery, NIST’s retreat from universal enrichment, and the end of “good enough” vulnerability management Key takeaways AI-driven discovery tools are accelerating CVE volume, resulting in an expected deluge of 59,000 disclosed vulnerabilities this year.   NIST has…TENABLE.COM
8 May KEVDirty Frag (CVE-2026-43284, CVE-2026-43500): Frequently asked questions about this Linux kernel privilege escalation vulnerability chainWeeks after the Copy Fail vulnerability was revealed, a new Linux kernel escalation vulnerability has been uncovered. Dubbed “Dirty Frag,” this flaw could allow a local user to gain root access on affected Linux distributions. Public exploit code has been released prior to patche…TENABLE.COM
8 May KEVFive new holes, one exploited, found in Ivanti Endpoint Manager MobileThe five new vulnerabilities discovered in Ivanti’s on-premises mobile endpoint management solution are a “classic example of the legacy trap” that CSOs must avoid, says an expert. “Patch today to survive the weekend,” said Robert Enderle of the Enderle Group, “but start planning…CSOONLINE.COM
7 May KEVU.S. CISA adds a flaw in Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities catalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in the Palo Alto Networks PAN-OS, tracked as CVE-…SECURITYAFFAIRS.COM
7 May KEVU.S. CISA adds a flaw in Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities catalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in the Ivanti Endpoint Manager Mobile…SECURITYAFFAIRS.COM
5 May KEVCISA mulls new three-day remediation deadline for critical flawsExperts have mixed reactions to a report that the US Cybersecurity and Infrastructure Security Agency (CISA) is considering reducing the timeline in which government agencies must address critical vulnerabilities from two weeks to only three days. The current 14-day window applie…CSOONLINE.COM
4 May KEVU.S. CISA adds a flaw in Linux Kernel to its Known Exploited Vulnerabilities catalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Linux Kernel to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in the Linux Kernel, tracked as CVE-2026-31431 (CVSS score of …SECURITYAFFAIRS.COM
3 May KEVCISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEVThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed security flaw impacting various Linux distributions to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, t…THEHACKERNEWS.COM
3 May KEVU.S. CISA adds a flaw in WebPros cPanel to its Known Exploited Vulnerabilities catalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in WebPros cPanel to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Defender, tracked as CVE-2026-41940 (CVSS score…SECURITYAFFAIRS.COM
30 Apr KEVCopy Fail (CVE-2026-31431): Frequently asked questions about Linux kernel privilege escalation vulnerabilityA flaw in the Linux kernel present since 2017 allows a local user to gain root access on virtually every major Linux distribution. A public exploit is available and reported to work reliably. Key Takeaways CVE-2026-31431 is a high severity local privilege escalation vulnerability…TENABLE.COM
29 Apr KEVU.S. CISA adds Microsoft Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalogU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect f…SECURITYAFFAIRS.COM
29 Apr KEVCISA Adds Actively Exploited ConnectWise and Windows Flaws to KEVThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities are l…THEHACKERNEWS.COM
29 AprCISA adds Microsoft, ConnectWise vulnerabilities to active exploitation catalogRussia has used one of the flaws, security experts said, while North Korea has used the other.CYBERSECURITYDIVE.COM
27 Apr KEVAs the NVD scales back CVE enrichment, here’s what Tenable customers need to knowNIST’s shift toward selective CVE enrichment creates significant visibility gaps for teams relying solely on the National Vulnerability Database. As AI accelerates vulnerability disclosure rates, organizations need independent, high-fidelity intelligence to prioritize risks that …TENABLE.COM
27 Apr KEVTeamPCP Supply Chain Campaign: Update 008 - 26-Day Pause Ends with Three Concurrent Compromises (Checkmarx KICS, Bitwarden CLI Cascade, xinference PyPI), CanisterSprawl npm Worm Identified, and Tier 1 Coverage Returns, (Mon, Apr 27th)This update succeeds&#;x26;#;xc2;&#;x26;#;xa0; TeamPCP Supply Chain Campaign Update 007 , published April 8, 2026, which left the campaign in credential-monetization mode following the Cisco source code theft via Trivy-linke…ISC.SANS.EDU
26 Apr KEVSecurity Affairs newsletter Round 574 by Pierluigi Paganini – INTERNATIONAL EDITIONA new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. CISA adds SimpleHelp, Sa…SECURITYAFFAIRS.COM
25 Apr KEVCISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal DeadlineThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added four vulnerabilities impacting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X series routers to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.…THEHACKERNEWS.COM
25 Apr KEVU.S. CISA adds SimpleHelp, Samsung, and D-Link flaws to its Known Exploited Vulnerabilities catalogU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SimpleHelp, Samsung, and D-Link flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SimpleHelp, Samsung, and D-Link flaws to its Known Exploi…SECURITYAFFAIRS.COM
23 Apr KEVU.S. CISA adds a flaw in Microsoft Defender to its Known Exploited Vulnerabilities catalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Microsoft Defender to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Defender, tracked as CVE-2026-33825 (CVSS s…SECURITYAFFAIRS.COM
22 Apr KEVAnthropic bets on EPSS for the coming bug surgeAnthropic’s Mythos has intensified a problem that vulnerability management programs were already struggling to contain: too many vulnerabilities and not enough clarity about which ones matter. What changes with Mythos — and the AI-based class of vulnerability discovery systems it…CSOONLINE.COM
22 Apr KEVCISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlinessubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2026/04/cisa-adds-8-exploited-flaws-to-kev-sets.htmlSH.ITJUST.WORKS
21 Apr KEVCISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal DeadlinesThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including three flaws impacting Cisco Catalyst SD-WAN Manager, citing evidence of active exploitation. The list of vuln…THEHACKERNEWS.COM
21 Apr KEVU.S. CISA adds Cisco Catalyst, Kentico Xperience, PaperCut NG/MF, Synacor ZCS, Quest KACE SMA, and JetBrains TeamCity flaws to its Known Exploited Vulnerabilities catalogU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco Catalyst, Kentico Xperience, PaperCut NG/MF, Synacor ZCS, Quest KACE SMA, and JetBrains TeamCity flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency…SECURITYAFFAIRS.COM
21 Apr KEVTrust Lags Behind Technology.Anthropic’s Mythos proves irresistible despite claimed supply chain risks.Iran claims U.S. backdoors hit its networks. New Coast Guard rules target maritime OT security. A fresh NGate Android malware variant emerges. Thousands of ActiveMQ servers face active exploitation risk. CI…THECYBERWIRE.COM
17 Apr KEVApache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active ExploitationA recently disclosed high-severity security flaw in Apache ActiveMQ Classic has come under active exploitation in the wild, per the U.S. Cybersecurity and Infrastructure Security Agency (CISA). To that end, the agency has added the vulnerability, tracked as CV…THEHACKERNEWS.COM
17 Apr KEVU.S. CISA adds a flaw in Apache ActiveMQ to its Known Exploited Vulnerabilities catalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Apache ActiveMQ to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Apache ActiveMQ, tracked as CVE-2026-34197 (CVSS score o…SECURITYAFFAIRS.COM
15 Apr KEVRisky Business #833 -- The Great Mythos Freakout of 2026On this week’s show, Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover: Everyone has an opinion about Claude Mythos… even though almost nobody has used it yet CISA adds a 2009 Excel bug to the KEV list, u wot? Adobe also parties like it…RISKY.BIZ
15 Apr KEVU.S. CISA adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalogU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Laravel Livewire and …SECURITYAFFAIRS.COM
14 Apr KEVCISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe SoftwareThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2026-21643 (CVSS score: 9.1) …THEHACKERNEWS.COM
14 Apr KEVHow AI is transforming threat detectionArtificial intelligence is rapidly reshaping how security teams detect and hunt cyber threats by helping analyze vast volumes of security data, uncovering subtle signs of malicious activity, and identifying potential attacks faster than traditional tools or human analysts alone. …CSOONLINE.COM
14 Apr KEVU.S. CISA adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalogU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Laravel Livewire…SECURITYAFFAIRS.COM
14 Apr KEVClaude Mythos: Prepare for your board’s cybersecurity questions about the latest AI model from AnthropicWith the Federal Reserve Chairman meeting with bank CEOs to discuss the security implications of Claude Mythos, you can bet that your board of directors will ask you about the impact of the AI model on your cybersecurity strategy. Here’s how to prepare.  Key takeaways Anthro…TENABLE.COM
13 Apr KEVCISA Adds Seven Known Exploited Vulnerabilities to CatalogCISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2012-1854 Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability CVE-2020-9715 Adobe Acrobat Use-After-Free Vulner…CISA.GOV
10 Apr KEVAnalysis of one billion CISA KEV remediation records exposes limits of human-scale securityAnalysis of 1 billion CISA KEV remediation records reveal a breaking point for human-scale security. Qualys shows most critical flaws are exploited before defenders can patch them. [...]BLEEPINGCOMPUTER.COM
10 Apr KEVBreaking the Patch Sound Barrier: Your Vulnerability Remediation Will Not Keep Up AI Exploit Speed.Breaking the Patch Sound Barrier: Your Vulnerability Remediation Will Not Keep Up AI Exploit Speed. So? Many years ago while at Gartner , I wrote a blog post where I defined the concept of the “Patch Sound Barrier.” ( original via Archive if you don’t believe that I was that smar…MEDIUM.COM
9 Apr KEVPatch windows collapse as time-to-exploit acceleratesThe gap between vulnerability disclosure and exploitation is drastically decreasing, putting security teams’ patching practices on notice. According to Rapid7’s latest Cyber Threat Landscape Report , confirmed exploitation of newly disclosed high- and critical-severity vulnerabil…CSOONLINE.COM
9 Apr KEVWhat to Know About CyberAv3ngers: The IRGC-Linked Group Targeting Critical InfrastructureAn Iran-affiliated threat group has evolved from defacing water utility displays to deploying custom ICS malware and exploiting Rockwell Automation PLCs across multiple U.S. critical infrastructure sectors. Key takeaways: CyberAv3ngers is a state-directed threat group operating u…TENABLE.COM
8 Apr KEVTeamPCP Supply Chain Campaign: Update 007 - Cisco Source Code Stolen via Trivy-Linked Breach, Google GTIG Tracks TeamPCP as UNC6780, and CISA KEV Deadline Arrives with No Standalone Advisory, (Wed, Apr 8th)This is the seventh update to the TeamPCP supply chain campaign threat intelligence report,&#;x26;#;xc2;&#;x26;#;xa0; "When the Security Scanner Became the Weapon" &#;x26;#;xc2;&#;x26…ISC.SANS.EDU
8 Apr KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-1340 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability This type of vulnerability is a frequent attack vector for malici…CISA.GOV
7 Apr KEVCISA Alerts Defenders to Actively Exploited Fortinet Zero-Day VulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical zero-day vulnerability in Fortinet products. The agency officially added the flaw to its Known Exploited Vulnerabilities (KEV) catalog on April 6, 2026, indicating that t…GBHACKERS.COM
6 Apr KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-35616 - Fortinet FortiClient EMS Improper Access Control Vulnerability This type of vulnerability is a frequent attack vector for malicio…CISA.GOV
6 Apr KEVCVE-2026-35616: Fortinet FortiClientEMS improper access control vulnerability exploited in the wildExploitation has been observed for CVE-2026-35616, a critical improper access control zero-day vulnerability affecting Fortinet FortiClientEMS devices. Key takeaways: CVE-2026-35616, an improper access control vulnerability, has been exploited in the wild as a zero-day.   Pu…TENABLE.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 2614[−]
3 JulRansomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain CredentialsThreat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777) vulnerability to obtain initial access. "Although tactics differ between affiliates, common patterns emerged in tradecraft through use of legitimate Remo…THEHACKERNEWS.COM
3 JulCVE-2026-53049 gfs2: add some missing log lockingInformation published.MSRC.MICROSOFT.COM
3 JulCVE-2026-53045 memory: tegra124-emc: Fix dll_change checkInformation published.MSRC.MICROSOFT.COM
3 JulCVE-2026-53039 ocfs2: validate group add input before cachingInformation published.MSRC.MICROSOFT.COM
3 JulCVE-2026-52992 fs/adfs: validate nzones in adfs_validate_bblk()Information published.MSRC.MICROSOFT.COM
3 JulCVE-2026-53016 crypto: ccp - copy IV using skcipher ivsizeInformation published.MSRC.MICROSOFT.COM
3 Jul KEVNew CitrixBleed-like NetScaler flaw sees exploit attempts in the wildCitrix NetScaler appliances have been a constant target for attackers in recent years, most recently through an information leak vulnerability dubbed CitrixBleed 3, the latest in a series of NetScaler memory overreads going back to 2023. This week, Citrix patched yet another Citr…CSOONLINE.COM
3 JulAI helps find flaws in FatFs library used in millions of devicesResearchers at runZero have disclosed seven security vulnerabilities in the widely used FatFs filesystem library, warning that the flaws could expose millions of embedded devices to attacks through malicious USB drives, SD cards, and, in some cases, firmware update mechanisms. Th…CYBERINSIDER.COM
2 JulSandbox bypass flaws in Cursor IDE highlight prompt injection as an RCE vectorResearchers have discovered two vulnerabilities in the widely used Cursor AI-enabled integrated development environment (IDE) that can be exploited through prompt injection to achieve remote code execution (RCE). The two flaws, tracked as CVE-2026-50548 and CVE-2026-50549 , allow…CSOONLINE.COM
2 Jul KEVCISA Warns of Actively Exploited Microsoft SharePoint VulnerabilityCISA says threat actors are exploiting a recently patched SharePoint remote code execution vulnerability (CVE-2026-45659). The post CISA Warns of Actively Exploited Microsoft SharePoint Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
2 JulVU#639124: Multiple local privilege escalation vulnerabilities in Little Orbits GameFirst Anti-CheatOverview The GamersFirst Anti-Cheat (GFAC) driver GFAC.sys contains multiple local privilege escalations and denial-of-service vulnerabilities stemming from insecure handling of user-controlled input through a minifilter communication port. A local attacker can abuse these flaws …KB.CERT.ORG
1 JulCitrix Patches Six NetScaler Flaws Allowing File Read and Denial-of-ServiceCitrix on Tuesday released security updates to address multiple flaws in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that could be exploited by an attacker to facilitate arbitrary file reads or trigger a denial-of-service (DoS) condition. T…THEHACKERNEWS.COM
1 JulCVE-2026-6450 CRL critical extension bypass in ParseCRL_ExtensionsInformation published.MSRC.MICROSOFT.COM
1 JulCVE-2026-6331 HMAC zero-length tag forgery in EVP_DigestVerifyFinalInformation published.MSRC.MICROSOFT.COM
1 JulCVE-2026-10592 Wildcard DNS SAN bypasses CA name-constraint checksInformation published.MSRC.MICROSOFT.COM
1 JulCVE-2026-7531 Use-after-free in PQC hybrid key-share handlingInformation published.MSRC.MICROSOFT.COM
1 JulCISA Warns BlueHammer Flaw Is Now Exploited in Ransomware AttacksCISA confirms BlueHammer (CVE-2026-33825) is now used in ransomware attacks to gain SYSTEM privileges through Microsoft Defender. BlueHammer, tracked as CVE-2026-33825, has moved from proof-of-concept noise to real ransomware attacks in the wild, the US CISA confirms. BlueHammer …SECURITYAFFAIRS.COM
1 JulProgress Kemp LoadMaster Pre-Auth RCE Flaw Faces Active Exploitation AttemptsA recently disclosed critical security flaw impacting Progress Kemp LoadMaster is seeing active exploitation attempts, according to an advisory from eSentire's Threat Response Unit (TRU). The Canadian cybersecurity company said it identified exploitation attempts targeting CVE-20…THEHACKERNEWS.COM
1 JulCritical Cursor Flaws Could Let Prompt Injection Escape Sandbox and Run CommandsTwo flaws in Cursor, an AI code editor, could let a single, ordinary-looking prompt break out of the editor's safety sandbox and run any command on a developer's computer. There is no click to fall for and no approval box to ignore. Cato AI Labs found the pair and named them…THEHACKERNEWS.COM
1 Jul KEVOracle E-Business Suite Flaw Under Active Attack, 950 Systems ExposedOracle E-Business Suite flaw CVE-2026-46817 is under active attack, with about 950 vulnerable internet-facing instances still exposed. This week, Defused Cyber researchers warned that a critical vulnerability in Oracle E-Business Suite, tracked as CVE-2026-46817, is being activel…SECURITYAFFAIRS.COM
30 Jun KEVOracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the WildA critical security flaw impacting Oracle E-Business Suite has come under active exploitation in the wild, according to Defused Cyber. The vulnerability, tracked as CVE-2026-46817 (CVSS score: 9.8), refers to an improper privilege management and authentication flaw in Oracle Paym…THEHACKERNEWS.COM
30 JunApple Patches 30+ iOS, macOS, Safari Flaws, Including AI-Discovered WebKit BugsApple on Monday released security updates for iOS, macOS, and the Safari web browser to address over three dozen flaws, including four vulnerabilities in WebKit that were discovered using artificial intelligence (AI) tools like Anthropic Claude and OpenAI Codex Security. The WebK…THEHACKERNEWS.COM
30 JunCVE-2026-41991 Predictable Temporary File in GNU gzipInformation published.MSRC.MICROSOFT.COM
30 JunCVE-2026-41992 Global Buffer Overflow in GNU gzipInformation published.MSRC.MICROSOFT.COM
30 JunCVE-2026-11979 Stack-Based Buffer Overflow in libxml2Information published.MSRC.MICROSOFT.COM
30 JunProgress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-AuthA critical vulnerability in Progress Kemp LoadMaster can let an unauthenticated attacker execute arbitrary commands as root on the appliance by sending a crafted request to its API. The flaw, tracked as CVE-2026-8037, carries a CVSS score of 9.8 according to ZDI. A patc…THEHACKERNEWS.COM
30 Jun KEVAttackers actively exploit the Oracle E-Business Suite flaw CVE-2026-46817Attackers are exploiting a critical flaw in Oracle E-Business Suite, CVE-2026-46817, that allows remote, unauthenticated attackers to take over Oracle Payments. A critical vulnerability in Oracle E-Business Suite, tracked as CVE-2026-46817, is being actively exploited in the wild…SECURITYAFFAIRS.COM
30 JunSimpleHelp vulnerability exploited to deliver mighty Djinn Stealer (CVE-2026-48558)Attackers are exploiting CVE-2026-48558, a recently patched authentication bypass vulnerability in SimpleHelp RMM, to drop the novel Djinn Stealer malware on victim computers. The malware is capable of targeting Windows, macOS, and Linux systems, and “collects credentials a…HELPNETSECURITY.COM
30 JunAttackers Exploit SimpleHelp CVE-2026-48558 to Deploy TaskWeaver and Djinn StealerAn unknown threat actor has been observed exploiting a recently disclosed maximum-severity security flaw in SimpleHelp to deliver two previously unreported malware families, TaskWeaver and Djinn Stealer. The intrusion involves the exploitation of CVE-2026-48558 (CVSS score: 10.0)…THEHACKERNEWS.COM
30 Jun KEVBlueHammer Vulnerability Exploited in Ransomware AttacksThe Microsoft Defender vulnerability CVE-2026-33825 was exploited in the wild as a zero-day before patches were released. The post BlueHammer Vulnerability Exploited in Ransomware Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
30 JunOracle E-Business Suite Payments flaw under attack (CVE-2026-46817)Exploitation attempts targeting a critical vulnerability (CVE-2026-46817) in Oracle Payments, the payment-processing module within Oracle’s E-Business Suite (EBS), have been spotted over the weekend, threat intelligence company Defused warned on Monday. The detected exploit…HELPNETSECURITY.COM
30 JunCVE-2026-42910 Windows Hotpatch Monitoring Service Elevation of Privilege VulnerabilityUpdated an acknowledgement. This is an informational change only.MSRC.MICROSOFT.COM
30 JunLangflow RCE Exploited to Deploy Monero Miner on Exposed AI App EndpointsThreat actors are continuing to exploit a critical Langflow vulnerability as part of fresh attacks designed to deliver a Monero cryptocurrency miner. The activity has been found to weaponize CVE-2026-33017 (CVSS score: 9.3), an unauthenticated remote code execution (RCE) vulnerab…THEHACKERNEWS.COM
30 JunCitrixBleed To Infinity And Beyond (Citrix NetScaler Pre-Auth Memory Overread CVE-2026-8451)Well, well, well - once again, the cat has dragged us in and spat us out. Today, we find ourselves questioning the reality we sit within. Must it be so predictable, and why us? “But watchTowr, what do you mean?” Well, if you’re here, you likely fitLABS.WATCHTOWR.COM
30 Jun KEVCitrix patches a new NetScaler flaw with echoes of CitrixBleedThe bulletin includes six NetScaler issues, but attention is centered on a high-severity flaw with similarities to earlier actively exploited bugs. The post Citrix patches a new NetScaler flaw with echoes of CitrixBleed appeared first on CyberScoop .CYBERSCOOP.COM
29 JunPublic PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH FlawA public proof-of-concept is now out for CVE-2026-55200, a critical flaw in libssh2 that lets a malicious or compromised SSH server trigger memory corruption on a connecting client, with possible code execution. No credentials, no user interaction. The bug affects every release u…THEHACKERNEWS.COM
29 JunCVE-2026-52910 bpf: Free reuseport cBPF prog after RCU grace period.Information published.MSRC.MICROSOFT.COM
29 JunCVE-2026-52909 ip6_vti: set netns_immutable on the fallback device.Information published.MSRC.MICROSOFT.COM
29 JunHackers now exploit critical Oracle E-Business flaw in attacksAttackers have begun exploiting a critical vulnerability (CVE-2026-46817) in the Oracle E-Business Suite (EBS) financial application, according to threat intelligence company Defused. [...]BLEEPINGCOMPUTER.COM
29 JunCritical SimpleHelp flaw exploited to deploy new stealer malwareHackers are exploiting a recently disclosed critical vulnerability (CVE-2026-48558) in SimpleHelp to deploy Djinn Stealer, a previously undocumented cross-platform information stealer targeting Windows, macOS, and Linux. [...]BLEEPINGCOMPUTER.COM
29 JunEnterprise Tech In, Shell Out (Progress Kemp LoadMaster Uninitialized Heap to Pre-Auth RCE CVE-2026-8037)Welcome back to another watchTowr Labs blog post. This time, we're looking at Progress Kemp LoadMaster, a load balancer that sits at the edge of a lot of enterprise networks. Edge appliances have a habit of becoming the way in rather than the thing keeping people out, andLABS.WATCHTOWR.COM
29 Jun'Djinn' Stealer Targets Cloud, AI CredentialsThe infostealer was delivered via CVE-2026-48558, a critical authentication bypass vulnerability in SimpleHelp, targeting credentials linking development and admin environments to wider enterprise systems.DARKREADING.COM
28 JunCVE-2026-46245 drm/amd/display: Fix dc_link NULL handling in HPD initInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-46244 netfilter: nft_inner: Fix IPv6 inner_thoff desyncInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-52953 iommu/vt-d: Fix oops due to out of scope accessInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53005 af_unix: Drop all SCM attributes for SOCKMAP.Information published.MSRC.MICROSOFT.COM
28 JunCVE-2026-52912 netfilter: nf_queue: hold bridge skb->dev while queuedInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53213 drm/vc4: fix krealloc() memory leakInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-52931 batman-adv: tp_meter: avoid use of uninit sender varsInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-52915 netfilter: ip6t_hbh: reject oversized option listsInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53194 USB: serial: kl5kusb105: fix bulk-out buffer overflowInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53254 Bluetooth: RFCOMM: validate skb length in MCC handlersInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53120 PCI: use generic driver_override infrastructureInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-52934 batman-adv: tvlv: reject oversized TVLV packetsInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53267 netfilter: nft_ct: bail out on template ct in get evalInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53249 ipv4: restrict IPOPT_SSRR and IPOPT_LSRR optionsInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53139 drm/v3d: Skip CSD when it has zeroed workgroupsInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53177 bnxt_en: Fix NULL pointer dereferenceInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53214 ipv6: Fix a potential NPD in cleanup_prefix_route()Information published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53107 wifi: libertas: don't kill URBs in interrupt contextInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53220 netfilter: revalidate bridge portsInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53228 ipv6: sit: reload inner IPv6 header after GSO offloadsInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53132 vsock/virtio: fix potential unbounded skb queueInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-52937 tap: fix stack info leak in tap_ioctl() SIOCGIFHWADDRInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53106 bpf: Do not allow deleting local storage in NMIInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53217 net: mvpp2: sync RX data at the hardware packet offsetInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-52926 batman-adv: clear current gateway during teardownInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53157 net: phonet: free phonet_device after RCU grace periodInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-57452 Vim: Out-of-bounds Read with libsodium-encrypted FilesInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-55693 Vim: Out-of-bounds Write in Spell File Word CountInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53253 Bluetooth: bnep: reject short frames before parsingInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53025 greybus: raw: fix use-after-free on cdev closeInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53215 net: mvpp2: refill RX buffers before XDP or skb useInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-55892 Vim: Out-of-bounds Write in Spell File Prefix DumpInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-57454 Vim: Out-of-bounds Read with Text PropertiesInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-46243 smb: client: reject userspace cifs.spnego descriptionsInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53227 net: openvswitch: fix possible kfree_skb of ERR_PTRInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-52913 batman-adv: v: stop OGMv2 on disabled interfaceInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-52921 netfilter: ipset: stop hash:* range iteration at endInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53270 ipvs: clear the svc scheduler ptr early on editInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-48142 NGINX ngx_http_charset_module vulnerabilityInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53236 tcp: restrict SO_ATTACH_FILTER to priv usersInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53118 vdpa: use generic driver_override infrastructureInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53266 netfilter: bridge: make ebt_snat ARP rewrite writableInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53138 drm/amd/display: Bound VBIOS record-chain walk loopsInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53182 wifi: nl80211: reject oversized EMA RNR listsInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-11972 tarfile opened in streaming mode mishandles EOFInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-52924 sctp: purge outqueue on stale COOKIE-ECHO handlingInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53018 f2fs: avoid reading already updated pages during GCInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53184 udp: clear skb->dev before running a sockmap verdictInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-52923 ipc: limit next_id allocation to the valid ID rangeInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53192 ALSA: timer: Fix UAF at snd_timer_user_params()Information published.MSRC.MICROSOFT.COM
28 JunCVE-2026-52960 ceph: put folios not suitable for writebackInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53133 RDMA/umem: Fix truncation for block sizes >= 4GInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53009 ice: fix double-free of tx_buf skbInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53015 erofs: unify lcn as u64 for 32-bit platformsInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-52922 batman-adv: dat: handle forward allocation errorInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53000 netfilter: nat: use kfree_rcu to release opsInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53225 sctp: fix uninit-value in __sctp_rcv_asconf_lookup()Information published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53258 wifi: fix leak if split 6 GHz scanning failsInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53183 mptcp: allow subflow rcv wnd to shrinkInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53226 gpio: rockchip: fix generic IRQ chip leak on removeInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53108 powerpc/64s: Fix unmap race with PMD migration entriesInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53091 net: pull headers in qdisc_pkt_len_segs_init()Information published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53232 net: phy: clean the sfp upstream if phy probing failsInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-52962 ceph: fix a buffer leak in __ceph_setxattr()Information published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53070 sctp: disable BH before calling udp_tunnel_xmit_skb()Information published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53156 nvmem: core: fix use-after-free bugs in error pathsInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-57451 Vim: Out-of-bounds Read in Text Property CountInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53296 mailbox: mailbox-test: free channels on probe errorInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53297 net: mana: Guard mana_remove against double invocationInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53293 drm/amdgpu: fix AMDGPU_INFO_READ_MMR_REGInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53294 mailbox: mailbox-test: don't free the reused channelInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53295 mailbox: add sanity check for channel arrayInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2026-53279 drm/gma500/oaktrail_lvds: fix hang on init failureInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2024-42123 drm/amdgpu: fix double free err_addr pointer warningsInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2024-42155 s390/pkey: Wipe copies of protected- and secure-keysInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2024-42139 ice: Fix improper extts handlingInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2024-50225 btrfs: fix error propagation of split biosInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2024-53084 drm/imagination: Break an object reference loopInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2024-50090 drm/xe/oa: Fix overflow in oa batch bufferInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2024-27010 net/sched: Fix mirred deadlock on device recursionInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2024-27079 iommu/vt-d: Fix NULL domain on device releaseInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2024-53187 io_uring: check for overflows in io_pin_pagesInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2024-56544 udmabuf: change folios array from kmalloc to kvmallocInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2024-56702 bpf: Mark raw_tp arguments with PTR_MAYBE_NULLInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2024-49990 drm/xe/hdcp: Check GSC structure validityInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2024-47703 bpf, lsm: Add check for BPF LSM return valueInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2024-46681 pktgen: use cpus_read_lock() in pg_net_init()Information published.MSRC.MICROSOFT.COM
28 JunCVE-2024-46701 libfs: fix infinite directory reads for offset dirInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2024-46775 drm/amd/display: Validate function returnsInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2024-46705 drm/xe: reset mmio mappings with devmInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2024-46778 drm/amd/display: Check UnboundedRequestEnabled's valueInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2023-6606 Kernel: out-of-bounds read vulnerability in smbcalcsizeInformation published.MSRC.MICROSOFT.COM
28 JunCVE-2025-21833 iommu/vt-d: Avoid use of NULL after WARN_ON_ONCEInformation published.MSRC.MICROSOFT.COM
27 JunBypassing Windows authentication reflection mitigations for SYSTEM shells - Part ②In part 1 of this blogpost series, we proved our initial theory that the patch for CVE-2025-33073 was insufficient, by disclosing a trivial NTLM reflection vulnerability leading to LPE. In this second part, we turn to Kerberos and explain how we achieved a full-blown RCE primitiv…SYNACKTIV.COM
27 JunBypassing Windows authentication reflection mitigations for SYSTEM shells - Part 1A year ago, authentication reflection vulnerabilities resurfaced as a powerful attack vector through the discovery of CVE-2025-33073 by several security researchers, including us. This logical vulnerability allowed taking over almost any Windows machine without any user interacti…SYNACKTIV.COM
27 JunPaint it blue: Attacking the bluetooth stackBluetooth has always been an attractive target to attackers since it is present almost everywhere (TV, automotive charger, connected fridge, etc.). This is especially true on mobile devices, as it runs as a privileged process with a potential access to microphone, address book, e…SYNACKTIV.COM
27 JunSniffing Authentication References on macOSCVE-2017-7170 was a local priv-esc vulnerability that affected OSX/macOS for over a decade! Here (for the first time!), we dive into the technical details of finding the bug, the core flaw, and exploitation.OBJECTIVE-SEE.ORG
27 JunRootpipe Reborn (Part II)@CodeColorist continues writing about bugs, such as CVE-2019-8521 and CVE-2019-8565 that provide a mechanism to elevate privileges to root on macOS.OBJECTIVE-SEE.ORG
27 JunFrom the Top to the Bottom; Tracking down CVE-2017-7149High Sierra suffered from a nasty bug (CVE-2017-7149) that afforded local attackers access to the contents of encrypted APFS volumes.OBJECTIVE-SEE.ORG
27 JunCVE-2015-3673: Goodbye Rootpipe...(for now?)Details on bypassing Apple's original rootpipe patchOBJECTIVE-SEE.ORG
27 JunDirtyClone: Fourth Linux Kernel Flaw in Six Weeks Escalates to RootDirtyClone: a Linux kernel privilege escalation that silently rewrites executables in memory, leaving no disk trace. Patch now. JFrog Security Research published a working exploit walkthrough on June 25 for CVE-2026-43503 (CVSS score of 8.8), a Linux kernel privilege escalation t…SECURITYAFFAIRS.COM
26 JunSynology issues critical fix for MailPlus Server vulnerabilitiesSynology has has fixed critical vulnerabilities in MailPlus Server, a software package used to run private email infrastructure on Synology NAS devices. The security update fixes three flaws: CVE-2026-13136, stemming from faulty authorization checks, may allow remote attackers to…HELPNETSECURITY.COM
26 JunNew DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned PacketsDirtyClone is a new Linux kernel privilege escalation in the DirtyFrag family. JFrog Security Research published a working exploit walkthrough for the flaw on June 25, the first public demonstration for this variant. Tracked as CVE-2026-43503 (CVSS 8.8), it le…THEHACKERNEWS.COM
26 JunNew Linux pedit COW Exploit Enables Root Access by Poisoning Cached BinariesA flaw in the Linux kernel's traffic-control subsystem can let a local unprivileged user gain root on affected systems. CVE-2026-46331, nicknamed "pedit COW," is an out-of-bounds write in the packet-editing action (act_pedit) that corrupts shared page-cache memory. A public,…THEHACKERNEWS.COM
26 JunAmazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP ConfigsA high-severity flaw in Amazon Q Developer let a malicious repository run commands and steal a developer's cloud credentials. The path was short: a developer opens the repo, trusts the workspace, and Amazon Q does the rest. Amazon has patched it. Tracked as CVE-2026-12957&nb…THEHACKERNEWS.COM
26 JunChromium: CVE-2026-13027 Use after free in FileSystemThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
26 JunChromium: CVE-2026-13026 Use after free in Digital CredentialsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
26 JunChromium: CVE-2026-13025 Insufficient validation of untrusted input in DevToolsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
26 JunChromium: CVE-2026-13024 Insufficient validation of untrusted input in NavigationThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
26 JunChromium: CVE-2026-13023 Uninitialized Use in GPUThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
26 JunChromium: CVE-2026-13022 Inappropriate implementation in AutofillThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
26 JunChromium: CVE-2026-13021 Inappropriate implementation in DeviceBoundSessionCredentialsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
26 JunChromium: CVE-2026-13036 Use after free in BlinkThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
26 JunChromium: CVE-2026-13035 Use after free in BluetoothThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
26 JunChromium: CVE-2026-13034 Inappropriate implementation in PasswordsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
26 JunChromium: CVE-2026-13033 Out of bounds read in Blink>InterestGroupsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
26 JunChromium: CVE-2026-13031 Use after free in BlinkThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
26 JunChromium: CVE-2026-13029 Use after free in Web AuthenticationThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
26 JunChromium: CVE-2026-13038 Use after free in AutofillThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
26 Jun KEVHackers exploit critical PTC Windchill PLM software flawHackers are exploiting a critical vulnerability recently patched in PTC Windchill and FlexPLM, two product lifecycle management solutions used by organizations across a range of industries, including defense, aerospace, automotive, medical, electronics, industrial machinery, and …CSOONLINE.COM
25 JunCisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root AccessAn unknown threat actor exploited a recently disclosed high-severity security flaw impacting Cisco Catalyst SD-WAN as a zero-day at least two months before it was publicly disclosed, according to new findings from Google-owned Mandiant. The vulnerability, tracked as CVE-2026-2024…THEHACKERNEWS.COM
25 JunCVE-2026-45637 Microsoft DWM Core Library Elevation of Privilege VulnerabilityUpdated an acknowledgement. This is an informational change only.MSRC.MICROSOFT.COM
25 JunCVE-2026-11816 Path Traversal in keras-team/kerasInformation published.MSRC.MICROSOFT.COM
25 JunWhy patch directives only go so farSix weeks of undetected access through a compromised VPN exposes why patching isn't a solution for the organizations already breached. The post Why patch directives only go so far appeared first on CyberScoop .CYBERSCOOP.COM
25 JunLantronix Serial-to-IP Converter Flaw Exploited in Attacks After OT Threat WarningThe exploited flaw, CVE-2025-67038, is one of the vulnerabilities disclosed in April as part of the BRIDGE:BREAK research project. The post Lantronix Serial-to-IP Converter Flaw Exploited in Attacks After OT Threat Warning appeared first on SecurityWeek .SECURITYWEEK.COM
24 JunHole in widely-used FFmpeg codec could crash media servers or enable RCEA newly discovered critical vulnerability in the FFmpeg media processing framework bundled in a huge number of open source and commercial applications points, again, to the need for CSOs to have strategies to deal with software supply chain vulnerabilities, which should include d…CSOONLINE.COM
24 JunHackers Exploiting Cisco Unified CM VulnerabilityCisco noted that a PoC had been available for CVE-2026-20230 when it announced patches in early June. The post Hackers Exploiting Cisco Unified CM Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
24 JunCisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to RootThreat actors have begun to exploit a recently disclosed critical security flaw impacting Cisco Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME). The vulnerability, tracked as CVE-2026-20230 (CVSS score: 8.…THEHACKERNEWS.COM
24 Jun KEVCisco Unified CM flaw actively exploited to drop webshells (CVE-2026-20230)CVE-2026-20230, a server-side request forgery (SSRF) vulnerability affecting Cisco’s Unified Communications Manager (Unified CM), is being exploited to drop webshells and achieve remote code execution capability on the underlying server. “Our honeypots are seeing auto…HELPNETSECURITY.COM
24 Jun KEVHow much cyber risk does AI create for organizations? 457 million security issues. Here’s what you can do about it.Over a 30 day period, Tenable detected 457 million AI-related security issues among 7,000-plus organizations, an average of 62,000 exposures per organization. If we didn’t already know that shadow AI was a problem, data like this makes it clear every organization needs to visuali…TENABLE.COM
24 Jun KEVCISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively ExploitedThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday warned of active exploitation of a critical security flaw impacting Lantronix EDS5000 Series devices, urging Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 26, 2026. The vuln…THEHACKERNEWS.COM
24 JunMandiant reveals how Cisco SD-WAN zero-day attacks gained root accessNew details have been revealed on how hackers exploited a Cisco Catalyst SD-WAN vulnerability tracked as CVE-2026-20245 in zero-day attacks to create rogue root accounts on targeted devices. [...]BLEEPINGCOMPUTER.COM
23 JunCVE-2026-42915 Microsoft Windows VMSwitch Denial of Service VulnerabilityUpdated an acknowledgement. This is an informational change only.MSRC.MICROSOFT.COM
23 JunCisco Unified CM flaw CVE-2026-20230 now exploited in attacksA high-severity SSRF vulnerability, tracked as CVE-2026-20230, in Cisco Unified Communications Manager Server is now being exploited in attacks. [...]BLEEPINGCOMPUTER.COM
22 JunVU#226679: Microsoft WinRE allows for bypass of UEFI/BIOS password enforcementOverview Microsoft Windows Recovery Environment (WinRE) provides a mechanism for recovering and repairing Windows systems using an alternate boot environment. Under certain platform implementations, access to WinRE may allow an attacker to bypass firmware security controls, inclu…KB.CERT.ORG
22 JunFFmpeg ‘PixelSmash’ bug triggers code execution on media file openA critical vulnerability in FFmpeg, the widely used open-source multimedia framework, can be exploited through a specially crafted video file to achieve remote code execution (RCE). Tracked as CVE-2026-8461 and dubbed “PixelSmash,” the flaw affects FFmpeg's MagicYUV decoder. The …CYBERINSIDER.COM
22 JunVU#936962: Multiple file parsing vulnerabilities in FastStone Image Viewer 8.3.0.0Overview Two vulnerabilities have been identified in FastStone Image Viewer 8.3 that may allow remote code execution or control-flow corruption when processing specially crafted image files. The affected components include the JPEG 2000 (JP2) parser and the PSD file parser. An at…KB.CERT.ORG
20 JunHackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API KeysThreat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites. The vulnerability, tracked as CVE-2026-4020 (CVSS score: 5.3), is a medium-severity information disclosure flaw that can allow unauthe…THEHACKERNEWS.COM
19 JunApple Patches Beats Studio Buds Flaw Letting Nearby Attackers Spy via MicrophoneApple has updated its Beats Studio Buds wireless earbuds to patch a high-severity vulnerability that could be exploited by nearby hackers to eavesdrop on users. The vulnerability, tracked as CVE-2025-20701 (CVSS score: 8.8), refers to a case of incorrect authorization impacting t…THEHACKERNEWS.COM
19 JunCVE-2026-45469 Microsoft Excel Remote Code Execution VulnerabilityMicrosoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not nee…MSRC.MICROSOFT.COM
19 JunCVE-2026-45472 Microsoft Office Remote Code Execution VulnerabilityMicrosoft is announcing the availability of the security updates for Microsoft Office for Android. Customers running affected Microsoft Office for Android software should install the update for their product to be protected from this vulnerability.MSRC.MICROSOFT.COM
19 JunCVE-2026-45471 Microsoft Word Remote Code Execution VulnerabilityMicrosoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not nee…MSRC.MICROSOFT.COM
19 JunCVE-2026-45474 Microsoft Office Remote Code Execution VulnerabilityMicrosoft is announcing the availability of the security updates for Microsoft Office for Android. Customers running affected Microsoft Office for Android software should install the update for their product to be protected from this vulnerability.MSRC.MICROSOFT.COM
19 JunCVE-2026-45486 Microsoft Word Remote Code Execution VulnerabilityMicrosoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not nee…MSRC.MICROSOFT.COM
19 JunCVE-2026-45485 Microsoft Office Information Disclosure VulnerabilityMicrosoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not nee…MSRC.MICROSOFT.COM
19 JunCVE-2026-44817 Microsoft Excel Remote Code Execution VulnerabilityMicrosoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not nee…MSRC.MICROSOFT.COM
19 JunCVE-2026-44818 Microsoft Excel Remote Code Execution VulnerabilityMicrosoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not nee…MSRC.MICROSOFT.COM
19 JunCVE-2026-44819 Microsoft Office Remote Code Execution VulnerabilityMicrosoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not nee…MSRC.MICROSOFT.COM
19 JunCVE-2026-44820 Microsoft Excel Remote Code Execution VulnerabilityMicrosoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not nee…MSRC.MICROSOFT.COM
19 JunCVE-2026-44821 Microsoft Office Information Disclosure VulnerabilityMicrosoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not nee…MSRC.MICROSOFT.COM
19 JunCVE-2026-44823 Microsoft Excel Remote Code Execution VulnerabilityMicrosoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not nee…MSRC.MICROSOFT.COM
19 JunCVE-2026-44824 Microsoft Office Remote Code Execution VulnerabilityMicrosoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not nee…MSRC.MICROSOFT.COM
19 JunCVE-2026-45456 Microsoft Outlook and Word Remote Code Execution VulnerabilityMicrosoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not nee…MSRC.MICROSOFT.COM
19 JunCVE-2026-45458 Microsoft Outlook and Word Remote Code Execution VulnerabilityMicrosoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not nee…MSRC.MICROSOFT.COM
19 JunCVE-2026-45460 Microsoft Office Information Disclosure VulnerabilityMicrosoft is announcing the availability of the security updates for Microsoft Office for Android. Customers running affected Microsoft Office for Android software should install the update for their product to be protected from this vulnerability.MSRC.MICROSOFT.COM
19 JunCVE-2026-45461 Microsoft Office Remote Code Execution VulnerabilityMicrosoft is announcing the availability of the security updates for Microsoft Office for Android. Customers running affected Microsoft Office for Android software should install the update for their product to be protected from this vulnerability.MSRC.MICROSOFT.COM
19 JunCVE-2026-45466 Microsoft Word Information Disclosure VulnerabilityMicrosoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not nee…MSRC.MICROSOFT.COM
19 JunCVE-2026-45643 Microsoft Word Remote Code Execution VulnerabilityMicrosoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not nee…MSRC.MICROSOFT.COM
19 JunCVE-2026-45645 Microsoft Office Remote Code Execution VulnerabilityMicrosoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not nee…MSRC.MICROSOFT.COM
19 JunCVE-2026-45649 Office for Android Spoofing VulnerabilityMicrosoft is announcing the availability of the security updates for Microsoft Word, PowerPoint, Excel for Android. Customers running affected Microsoft Office for Android software should install the update for their product to be protected from this vulnerability.MSRC.MICROSOFT.COM
19 JunCVE-2026-44822 Microsoft Excel Information Disclosure VulnerabilityMicrosoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not nee…MSRC.MICROSOFT.COM
19 JunCVE-2026-45455 Microsoft Excel Information Disclosure VulnerabilityMicrosoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not nee…MSRC.MICROSOFT.COM
19 JunCVE-2026-45457 Microsoft Word Remote Code Execution VulnerabilityMicrosoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not nee…MSRC.MICROSOFT.COM
19 JunCVE-2026-45459 Microsoft Excel Security Feature Bypass VulnerabilityMicrosoft is announcing the availability of the security updates for Microsoft Office for Mac. Customers running affected Mac software should install the update for their product to be protected from this vulnerability. Customers running other Microsoft Office software do not nee…MSRC.MICROSOFT.COM
19 JunCVE-2026-45463 Microsoft Office Remote Code Execution VulnerabilityMicrosoft is announcing the availability of the security updates for Microsoft Office for Android. Customers running affected Microsoft Office for Android software should install the update for their product to be protected from this vulnerability.MSRC.MICROSOFT.COM
19 JunChromium: CVE-2026-12439 Use after free in Digital CredentialsCorrected CVE title. This is an informational change only.MSRC.MICROSOFT.COM
19 JunChromium: CVE-2026-12440 Use after free in DigitalCredentialsCorrected CVE title. This is an informational change only.MSRC.MICROSOFT.COM
19 JunChromium: CVE-2026-12445 Use after free in ExtensionsCorrected CVE title. This is an informational change only.MSRC.MICROSOFT.COM
19 JunChromium: CVE-2026-12446 Insufficient data validation in PasswordsCorrected CVE title. This is an informational change only.MSRC.MICROSOFT.COM
19 JunChromium: CVE-2026-12451 Use after free in DigitalCredentialsCorrected CVE title. This is an informational change only.MSRC.MICROSOFT.COM
19 JunChromium: CVE-2026-12441 Use after free in File InputCorrected CVE title. This is an informational change only.MSRC.MICROSOFT.COM
19 JunChromium: CVE-2026-12447 Heap buffer overflow in WebRTCCorrected CVE title. This is an informational change only.MSRC.MICROSOFT.COM
19 JunChromium: CVE-2026-12443 Use after free in Web AuthenticationCorrected CVE title. This is an informational change only.MSRC.MICROSOFT.COM
19 JunChromium: CVE-2026-12452 Use after free in DownloadsCorrected CVE title. This is an informational change only.MSRC.MICROSOFT.COM
19 JunChromium: CVE-2026-12453 Insufficient validation of untrusted input in InputCorrected CVE title. This is an informational change only.MSRC.MICROSOFT.COM
19 JunChromium: CVE-2026-12455 Use after free in Tab StripCorrected CVE title. This is an informational change only.MSRC.MICROSOFT.COM
19 JunChromium: CVE-2026-12456 Insufficient validation of untrusted input in ExtensionsCorrected CVE title. This is an informational change only.MSRC.MICROSOFT.COM
19 JunChromium: CVE-2026-12458 Incorrect security UI in PasswordsCorrected CVE title. This is an informational change only.MSRC.MICROSOFT.COM
19 JunChromium: CVE-2026-12457 Insufficient data validation in ExtensionsCorrected CVE title. This is an informational change only.MSRC.MICROSOFT.COM
19 JunChromium: CVE-2026-12459 Inappropriate implementation in SerialCorrected CVE title. This is an informational change only.MSRC.MICROSOFT.COM
19 JunChromium: CVE-2026-12460 Insufficient policy enforcement in File System AccessCorrected CVE title. This is an informational change only.MSRC.MICROSOFT.COM
19 JunChromium: CVE-2026-12462 Use after free in MediaCorrected CVE title. This is an informational change only.MSRC.MICROSOFT.COM
19 JunChromium: CVE-2026-12464 Use after free in BrowserCorrected CVE title. This is an informational change only.MSRC.MICROSOFT.COM
19 JunChromium: CVE-2026-12463 Inappropriate implementation in ViewsCorrected CVE title. This is an informational change only.MSRC.MICROSOFT.COM
19 JunChromium: CVE-2026-12465 Insufficient validation of untrusted input in MetricsCorrected CVE title. This is an informational change only.MSRC.MICROSOFT.COM
19 JunChromium: CVE-2026-12454 Race in Safe BrowsingCorrected CVE title. This is an informational change only.MSRC.MICROSOFT.COM
19 JunChromium: CVE-2026-12467 Use after free in ExtensionsCorrected CVE title. This is an informational change only.MSRC.MICROSOFT.COM
19 JunChromium: CVE-2026-12468 Inappropriate implementation in UpdaterCorrected CVE title. This is an informational change only.MSRC.MICROSOFT.COM
19 JunChromium: CVE-2026-12449 Use after free in ChromotingCorrected CVE title. This is an informational change only.MSRC.MICROSOFT.COM
19 JunChromium: CVE-2026-12444 Out of bounds read in ChromotingCorrected CVE title. This is an informational change only.MSRC.MICROSOFT.COM
19 JunChromium: CVE-2026-12437 Use after free in WebShareCorrected CVE title. This is an informational change only.MSRC.MICROSOFT.COM
19 JunChromium: CVE-2026-12461 Out of bounds read in WebRTCCorrected CVE title. This is an informational change only.MSRC.MICROSOFT.COM
19 JunChromium: CVE-2026-12466 Heap buffer overflow in WebRTCCorrected CVE title. This is an informational change only.MSRC.MICROSOFT.COM
19 JunCVE-2026-42903 Windows Kerberos Denial of Service VulnerabilityUpdated an acknowledgement. This is an informational change only.MSRC.MICROSOFT.COM
19 JunCVE-2026-44803 Windows Graphics Component Remote Code Execution VulnerabilityMicrosoft is announcing the availability of the security updates for Microsoft Word, PowerPoint, Excel for Android. Customers running affected Microsoft Office for Android software should install the update for their product to be protected from this vulnerability.MSRC.MICROSOFT.COM
19 JunCVE-2026-44812 Windows Graphics Component Remote Code Execution VulnerabilityMicrosoft is announcing the availability of the security updates for Microsoft Word, PowerPoint, Excel for Android. Customers running affected Microsoft Office for Android software should install the update for their product to be protected from this vulnerability.MSRC.MICROSOFT.COM
19 JunCVE-2026-53689Information published.MSRC.MICROSOFT.COM
19 JunM365 Copilot SearchLeak: Your prompt injection attack surface just got biggerA recent proof-of-concept attack against Microsoft’s M365 Copilot Enterprise highlights what could be a much broader prompt injection threat based on a common way many AI-enhanced web services operate. Dubbed SearchLeak, the attack hinged on a typical malicious objective: to leak…CSOONLINE.COM
19 Jun KEVOracle releases 245 new security patches, all rated ‘high-priority security’The Oracle Critical Security Patch update (CSPU) released this week contains 245 newly-announced fixes for supported on-premises software, some of which impact multiple products. It is in reaction to an industry trend to announce and fix security holes much more quickly , and com…CSOONLINE.COM
19 JunSplunk Enterprise Vulnerability Exploited in Attacks Days After DisclosureCISA has given federal agencies only three days to patch CVE-2026-20253, which can be exploited for unauthenticated remote code execution. The post Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure appeared first on SecurityWeek .SECURITYWEEK.COM
19 JunWeekly Metasploit Update: NTLM Relay Priv Esc, MCP Server Integration, Paperclip AI RCE Chain, and moreThis week's release includes five new modules, including a full unauthenticated RCE chain for Paperclip AI and a VS Code extension persistence technique. On the post-exploitation side, the new windows/local/ntlm_relay_2_self module coerces the local machine account to authenticat…RAPID7.COM
18 Jun KEVOracle June 2026 Critical Security Patch Update Addresses 243 CVEs (CVE-2026-35273)Oracle addresses 243 CVEs in its June 2026 Critical Security Patch Update with 245 patches, including 122 critical updates. Key Takeaways The June 2026 Critical Security Patch Update (CSPU) contains fixes for 243 unique CVEs in 245 security updates 122 issues (49.8% of all patche…TENABLE.COM
18 JunF5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code ExecutionF5 has released security updates to address two critical security flaws in NGINX Open Source that could be exploited to achieve code execution on affected systems. The vulnerabilities are listed below - CVE-2026-42530 (CVSS v4 score: 9.2) - A use-after-free vulnerability in the n…THEHACKERNEWS.COM
17 JunScam Losses Surge - Cybersecurity TodayCybersecurity Today host David Shipley reports that the FTC says Americans lost $3.5 billion to imposter scams in 2025—nearly triple 2020—with social media tied to $2.1 billion in losses and total fraud reaching about $16 billion, while the FBI estimates cyber-enabled losses near…CYBERSECURITYTODAY.LIBSYN.COM
17 Jun KEVCISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code ExecutionThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a maximum-severity security flaw impacting Widget Factory Joomla Content Editor (JCE) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability,…THEHACKERNEWS.COM
17 JunMicrosoft working on patch for RoguePlanet Defender zero-day (CVE-2026-50656)Microsoft has acknowledged the local elevation of privilege issue in Microsoft Defender that can be triggered via the “RoguePlanet” exploit, and is “working to provide a high quality security update that addresses this vulnerability.” The vulnerability, wh…HELPNETSECURITY.COM
17 JunCVE-2026-47636 Microsoft SharePoint Server Spoofing VulnerabilityAcknowledgement added. This is an informational change only.MSRC.MICROSOFT.COM
17 JunCVE-2026-45475 Microsoft Office Remote Code Execution VulnerabilityAcknowledgement added. This is an informational change only.MSRC.MICROSOFT.COM
17 JunCVE-2026-42828 Windows Projected File System Elevation of Privilege VulnerabilityAcknowledgement added. This is an informational change only.MSRC.MICROSOFT.COM
17 JunMicrosoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in DevelopmentMicrosoft has formally disclosed that it's working to release a patch to address a Defender zero-day codenamed RoguePlanet. The vulnerability has now been assigned the CVE identifier CVE-2026-50656 (CVSS score: 7.8), with the tech giant describing it as a privilege escalation fla…THEHACKERNEWS.COM
17 JunVU#380058: SignalRGB kernel driver contains improper access control and IOCTL vulnerabilitiesOverview The SignalRGB kernel driver, SignalIo.sys , contains two vulnerabilities involving improper access control and unsafe memory handling. The device object is created with an overly permissive Discretionary Access Control List (DACL) that allows user-mode processes to acces…KB.CERT.ORG
16 Jun KEVCisco Releases Security Updates for Actively Exploited SD-WAN Manager FlawCisco has released security updates for a medium-severity security flaw in Catalyst SD-WAN Manager that has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-20262, carries a CVSS score of 6.5 out of 10.0. "A vulnerability in the web UI of Cisco C…THEHACKERNEWS.COM
16 Jun KEVCISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege EscalationThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting LiteSpeed cPanel Plugin to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 18, 2026. The …THEHACKERNEWS.COM
16 JunCisco Patches Another SD-WAN Zero-Day Exploited in AttacksCisco recently became aware of the exploitation of CVE-2026-20262, a Catalyst SD-WAN Manager zero-day that allows arbitrary file write. The post Cisco Patches Another SD-WAN Zero-Day Exploited in Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
16 JunCisco patches SD-WAN flaw amid evidence of active exploitationCisco has released fixes for a vulnerability in its Catalyst SD-WAN Manager software after becoming aware of limited exploitation of the flaw, which could allow an authenticated attacker to create or overwrite files that may later be used to gain root privileges. The vulnerabilit…CSOONLINE.COM
16 JunAttackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last WeekBad actors are exploiting multiple security vulnerabilities in Fortinet FortiSandbox, according to threat intelligence firm Defused Cyber. In a post shared on X, the company said it has observed exploitation of CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089 over the past 24 h…THEHACKERNEWS.COM
16 Jun KEVCISA warns of another cPanel plugin flaw exploited in attacksThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. government agencies three days to secure their servers against an actively exploited vulnerability (CVE-2026-54420) in the LiteSpeed cPanel user-end plugin. [...]BLEEPINGCOMPUTER.COM
16 JunCisco discloses second exploited SD-WAN vulnerability in two weeks (CVE-2026-20262)Cisco has revealed another Catalyst SD-WAN Manager vulnerability (CVE-2026-20262) that its Product Security Incident Response Team observed being exploited by attackers. But the associated security advisory also states that “the vulnerability was found during internal secur…HELPNETSECURITY.COM
16 JunSimpleHelp RMM flaw could give attackers full access to managed endpoints (CVE-2026-48558)A critical vulnerability (CVE-2026-48558) in SimpleHelp, a popular remote monitoring and management (RMM) tool, can be exploited remotely by unauthenticated attackers to create a new “Technician” account and use it to remote into managed endpoints, execute scripts, an…HELPNETSECURITY.COM
16 JunAttackers are exploiting FortiSandbox vulnerabilitiesAttackers have been spotted exploiting three vulnerabilities (CVE-2026-39813, CVE-2026-39808, CVE-2026-25089) in FortiSandbox, a platform that other Fortinet security products depend on for threat verdicts to enforce blocking decisions and trigger automated responses. The warning…HELPNETSECURITY.COM
15 JunPalo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN FlawPalo Alto Networks has revealed that it has observed "active exploitation" of a recently disclosed PAN-OS vulnerability by an unknown threat actor to obtain unauthorized access to GlobalProtect portals. The vulnerability in question is CVE-2026-0257 (CVSS score: 7.8), an authenti…THEHACKERNEWS.COM
15 JunChromium: CVE-2026-12012 Use after free  NetworkThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-12008 Use after free  DigitalCredentialsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-12019 Out of bounds write  CodecsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-12016 Insufficient validation of untrusted input  DevToolsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-12015 Use after free  AutofillThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-12018 Inappropriate implementation  MojoThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-12007 Use after free  CoreThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-12017 Insufficient validation of untrusted input  ExtensionsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-12014 Use after free  CastThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-12013 Use after free  MediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-12010 Heap buffer overflow  GPUThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-12009 Insufficient validation of untrusted input  AccessibilityThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-12011 Use after free  WebMIDIThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/search/label/Desktop%20Update) for more information.MSRC.MICROSOFT.COM
15 JunLangflow RCE under active attack months after a patch was shippedEnterprises using the open-source AI orchestration platform Langflow are being urged to patch a high-severity path traversal flaw amid active exploitation, despite a fix having been available for more than two months. The bug, which stems from improper handling of filenames in La…CSOONLINE.COM
15 JunCisco fixes SD-WAN vManage flaw exploited in zero-day attacksCisco has released security updates to address a vulnerability in the Catalyst SD-WAN Manager, tracked as CVE-2026-20262, that was exploited in attacks to escalate to root privileges. [...]BLEEPINGCOMPUTER.COM
15 JunAI vulnerability discovery is pushing 2026 CVEs toward 66,000Vulnerability disclosures are piling up faster in 2026 than anyone expected at the start of the year. The running count for the first few months sits well above the original projection, and the Forum of Incident Response and Security Teams (FIRST) now expects the year to land nea…HELPNETSECURITY.COM
15 JunChromium: CVE-2026-11628 Use after free in OzoneThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11629 Use after free in OzoneThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11631 Use after free in AuraThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11630 Use after free in File InputThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11632 Use after free in TabStripThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11633 Use after free in BluetoothThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11634 Use after free in GamepadThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11635 Use after free in BluetoothThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11639 Use after free in CompositingThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11637 Use after free in ViewsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11636 Use after free in AutofillThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11638 Use after free in PrintingThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11641 Use after free in BluetoothThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11640 Integer overflow in libyuvThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11642 Use after free in Web AppsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11645 Out of bounds memory access in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11643 Use after free in ProxyThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11644 Use after free in ViewsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11646 Use after free in ViewTransitionsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11657 Use after free in PaymentsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11658 Insufficient validation of untrusted input in ExtensionsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11660 Insufficient validation of untrusted input in New Tab PageThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11661 Use after free in ViewsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11659 Insufficient validation of untrusted input in UIThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11663 Use after free in SkiaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11662 Type Confusion in BindingsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11664 Use after free in PaymentsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11665 Out of bounds read in DawnThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11666 Insufficient validation of untrusted input in InputThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11668 Uninitialized Use in CodecsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11669 Integer overflow in MediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11667 Out of bounds read in WebRTCThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11670 Use after free in PDFThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11671 Use after free in NavigationThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11672 Out of bounds write in GPUThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11673 Use after free in InterestGroupsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11675 Insufficient validation of untrusted input in SkiaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11674 Use after free in Guest ViewThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11676 Insufficient validation of untrusted input in DawnThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11677 Race in NetworkThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11678 Integer overflow in libyuvThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11679 Use after free in CodecsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11681 Use after free in OzoneThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11682 Insufficient validation of untrusted input in ViewsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11680 Use after free in MediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11683 Use after free in WebCodecsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11684 Insufficient policy enforcement in NetworkThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11687 Use after free in DawnThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11686 Insufficient validation of untrusted input in DawnThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11688 Object lifecycle issue in SVGThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11685 Insufficient data validation in MediaCaptureThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11689 Insufficient validation of untrusted input in PasswordsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11690 Out of bounds read and write in MediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11691 Insufficient validation of untrusted input in New Tab PageThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11692 Use after free in Read AnythingThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11693 Inappropriate implementation in PluginsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11694 Use after free in ServiceWorkerThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11695 Inappropriate implementation in PasswordsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11696 Uninitialized Use in VideoThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11697 Insufficient validation of untrusted input in UIThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11698 Use after free in BluetoothThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11699 Use after free in BluetoothThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11700 Use after free in TracingThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11647 Use after free in PrintingThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11648 Use after free in FullScreenThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11651 Use after free in NetworkThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11649 Use after free in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11652 Use after free in ExtensionsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11650 Use after free in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11653 Insufficient validation of untrusted input in ExtensionsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11654 Use after free in CameraCaptureThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11656 Use after free in ServiceWorkerThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
15 JunChromium: CVE-2026-11655 Integer overflow in MediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
13 JunCVE-2026-45445 AES-OCB IV Ignored on EVP_Cipher() PathInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2026-45447 Heap Use-After-Free in the PKCS7_verify() FunctionInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2026-52859 Vim: Out-of-bounds Read in Terminal Screen SnapshotInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2026-9076 Out-of-Bounds Read in CMS Password-Based DecryptionInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2026-34180 Heap Buffer Over-read in ASN.1 Content ParsingInformation published.MSRC.MICROSOFT.COM
13 JunCritical Splunk Enterprise Flaw Lets Attackers Run Code Without AuthenticationSplunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution. The vulnerability, tracked as CVE-2026-20253, is rated 9.8 on the CVSS scoring system. …THEHACKERNEWS.COM
12 JunShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach UniversitiesThe ShinyHunters extortion crew exploited an unpatched flaw in Oracle PeopleSoft to break into enterprise systems, steal data, and demand payment to keep it private. The campaign hit universities hardest. Google's Mandiant attributes it to the group it tracks as UNC6240, and date…THEHACKERNEWS.COM
12 JunGoogle Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHuntersOracle has mitigated CVE-2026-35273, but it has not publicly confirmed the vulnerability’s in-the-wild exploitation. The post Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters appeared first on SecurityWeek .SECURITYWEEK.COM
12 Jun KEVOracle PeopleSoft zero‑day fuels ShinyHunters extortion spreeA newly disclosed Oracle PeopleSoft zero-day became the weapon of choice in a recent ShinyHunters extortion campaign that primarily targeted universities and other educational institutes. Attackers exploited the critical remote code execution (RCE) flaw in PeopleSoft’s Environmen…CSOONLINE.COM
12 Jun KEVResearchers release details, PoC for exploited Check Point VPN flaw (CVE-2026-50751)WatchTowr researchers have disclosed a technical analysis and a “Detection Artefact Generator” for CVE-2026-50751, an authentication bypass flaw in Check Point’s Remote Access VPN and Mobile Access, which the vendor confirmed to be actively exploited. The attack…HELPNETSECURITY.COM
12 Jun KEVActive Exploitation of Oracle PeopleSoft Zero-Day (CVE-2026-35273)Overview On June 10, 2026, Oracle published a security alert for CVE-2026-35273 , a critical vulnerability in the Updates Environment Management component of PeopleSoft Enterprise PeopleTools. Oracle released an out-of-band patch the same day as the advisory, underscoring the urg…RAPID7.COM
12 JunGoogle warns of Oracle PeopleSoft attacks hitting universitiesGoogle's Mandiant and Google Threat Intelligence Group (GTIG) say the ShinyHunters extortion group exploited a critical Oracle PeopleSoft vulnerability as a zero-day to compromise education institutes. The activity, tracked as UNC6240, was observed between May 27 and June 9 and i…CYBERINSIDER.COM
11 JunMicrosoft Patches Exploited Exchange Server VulnerabilityThe company warned about zero-day attacks exploiting the Exchange Server vulnerability CVE-2026-42897 on May 14. The post Microsoft Patches Exploited Exchange Server Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
11 JunCVE-2026-42536 Apache HTTP Server: mod_xml2enc heap overflowInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2026-46433 lldpd: Heap OOB Read in VLAN Decapsulation memmoveInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2026-29170 Apache HTTP Server: mod_proxy_ftp XSSInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2026-29167 Apache HTTP Server: mod_ldap per-dir use-after-freeInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2026-34355 Apache HTTP Server: mod_proxy_html buffer overflowInformation published.MSRC.MICROSOFT.COM
11 JunChina-linked recon botnet outpaces enterprise defensesA botnet made up of compromised small office and Internet of Things devices has grown into a larger reconnaissance network capable of rapidly identifying vulnerable internet-facing systems after public vulnerability disclosures, researchers said. The botnet, tracked by Lumen’s Bl…CSOONLINE.COM
11 Jun KEVOracle PeopleSoft servers under attack, Oracle pushes out-of-band security alertA zero-day vulnerability (CVE-2026-35273) in Oracle PeopleSoft PeopleTools is being exploited in the wild, Charles Carmakal, CTO at cybersecurity firm Mandiant, part of Google Cloud, warned today. The warning comes a day after Oracle published an out-of-band security alert about …HELPNETSECURITY.COM
11 JunOracle Addresses PeopleSoft Vulnerability Amid Reports of Zero-Day AttacksOracle has released a patch for CVE-2026-35273, but it has not said whether it’s a zero-day exploited in ShinyHunters attacks. The post Oracle Addresses PeopleSoft Vulnerability Amid Reports of Zero-Day Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
11 JunVU#862559: crypton-x509-validation Haskell libraries do not enforce X.509 NameConstraintsOverview A vulnerability has been discovered in the Haskell TLS software stack, commonly used by applications built in the Haskell programming language to securely connect to servers over the internet. Specifically, the libraries "crypton-x509-validation" fail to enforce a key se…KB.CERT.ORG
11 Jun KEVOracle mitigates PeopleSoft zero-day exploited in data theft attacksOracle is warning about a critical PeopleSoft Suite zero-day vulnerability tracked as CVE-2026-35273 that allows unauthenticated remote code execution, with the flaw actively exploited in ShinyHunter data theft attacks. [...]BLEEPINGCOMPUTER.COM
10 Jun KEVAI Worms, Hacks, and Insurance ShiftsInstagram AI Support Hack Hits 20,225 Accounts; AI Worm 'Hades' Lies to Security Tools; Chrome Zero-Day Patch Host David Shipley reports Meta says 20,225 Instagram accounts were hijacked after an AI support tool was tricked into sending reset links to attacker-controlled emails, …CYBERSECURITYTODAY.LIBSYN.COM
10 JunCVE-2026-46285 mtd: docg3: fix use-after-free in docg3_release()Information published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46312 media: videobuf2: Set vma_flags in vb2_dma_sg_mmapInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46301 spi: topcliff-pch: fix use-after-free on unbindInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2025-71315 drm/vkms: Convert to DRM's vblank timerInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46296 spi: s3c64xx: fix NULL-deref on driver unbindInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46299 hfsplus: fix held lock freed on hfsplus_fill_super()Information published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46323 net: gro: don't merge zcopy skbsInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46320 tap: free page on error paths in tap_get_user_xdp()Information published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46307 wifi: ath5k: do not access array OOBInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46306 flow_dissector: do not dissect PPPoE PFC framesInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46322 tun: free page on build_skb failure in tun_xdp_one()Information published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46330 Revert "net/smc: Introduce TCP ULP support"Information published.MSRC.MICROSOFT.COM
10 Jun KEVMicrosoft feud escalates as researcher drops new Windows zero-dayThe long-running feud between Microsoft and security researcher Nightmare Eclipse has entered a new chapter. Eclipse, who has spent the past several months publicly releasing unpatched Windows vulnerabilities while sparring with Microsoft over vulnerability disclosure practices, …CSOONLINE.COM
10 Jun KEVCritical Ivanti Sentry flaw allows root-level remote code execution (CVE-2026-10520)Ivanti has patched two critical vulnerabilities (CVE-2026-10520 and CVE-2026-10523) in Ivanti Sentry and has urged customers to implement the fix right away. Though the vulnerabilities are not known to be actively exploited, security researchers have already released technical de…HELPNETSECURITY.COM
10 JunJune Patch Tuesday marks a ‘new normal’ with over 200 CVEs, 32 rated ‘critical’June’s Patch Tuesday security updates have arrived, with SAP fixing four critical vulnerabilities and Microsoft addressing over 200 CVEs. Microsoft’s to-do list includes fixes for three zero days, 32 patches rated as ‘critical’, and a batch of other high-risk vulnerabilities that…CSOONLINE.COM
10 JunIvanti, Fortinet, and SAP Release Patches for Multiple Critical VulnerabilitiesFortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure. The security flaw patched by Fortinet relates to a command injection vulnerability in FortiSand…THEHACKERNEWS.COM
10 JunUnpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCEA high-severity unpatched security flaw in Langflow, an open-source low-code platform to build artificial intelligence (AI) applications, has come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability in question is CVE-2026-5027 (CVSS sco…THEHACKERNEWS.COM
10 JunMicrosoft-signed UEFI bootloaders vulnerable to Secure Boot bypassMicrosoft has released security updates to address a Secure Boot bypass vulnerability affecting multiple Microsoft-signed UEFI shim bootloaders used by Linux distributions, recovery tools, and enterprise software. The flaw, tracked as CVE-2026-8863, could allow attackers to execu…CYBERINSIDER.COM
10 JunIvanti patches critical Sentry flaws that lead to full device takeoverIT software provider Ivanti fixed two vulnerabilities in Ivanti Sentry, a secure mobile gateway appliance formerly called MobileIron Sentry. The flaws could allow unauthenticated remote attackers to gain complete control of deployments. One of the vulnerabilities, CVE-2026-10523,…CSOONLINE.COM
10 JunPath traversal flaw in AI dev platform Langflow exploited in attacksAttackers are actively exploiting CVE-2026-5027, a high-severity path traversal vulnerability in the AI development platform Langflow, to write arbitrary files on exposed servers. [...]BLEEPINGCOMPUTER.COM
9 JunOne-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now PublicSecurity researchers have published a detailed, working exploit for a Linux kernel use-after-free that lets an unprivileged local user escalate to root and break out of a container. The flaw, CVE-2026-23111, sits in the kernel's nf_tables packet-filtering code and was patched ups…THEHACKERNEWS.COM
9 JunGoogle Patches 5th Chrome Zero-Day Exploited in 2026The vulnerability is tracked as CVE-2026-11645 and it was reported in late April by an anonymous researcher. The post Google Patches 5th Chrome Zero-Day Exploited in 2026 appeared first on SecurityWeek .SECURITYWEEK.COM
9 Jun KEVLiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCEThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity flaw impacting BerriAI LiteLLM to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-42271 (CVSS score: …THEHACKERNEWS.COM
9 JunCVE-2026-11463 USCiLab Cereal Shared Pointer type confusionInformation published.MSRC.MICROSOFT.COM
9 JunCVE-2026-49975 Apache HTTP Server: mod_http2 denial of serviceInformation published.MSRC.MICROSOFT.COM
9 Jun KEVGoogle Releases Patch for Chrome Vulnerability Exploited in the WildThe flaw, CVE-2026-11645, can allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML pageINFOSECURITY-MAGAZINE.COM
9 Jun KEVCheck Point warns of ransomware-linked attacks exploiting outdated VPN protocolCheck Point has issued emergency hotfixes for a pair of vulnerabilities affecting VPN deployments that still use the deprecated Internet Key Exchange version 1 (IKEv1) protocol, warning that one of the flaws is already being exploited in the wild. The more serious issue allows at…CSOONLINE.COM
9 Jun KEVGoogle patches Chrome zero-day exploited in the wild (CVE-2026-11645)Google has fixed 74 vulnerabilities in Chrome, including a high-severity zero-day (CVE-2026-11645) that has been exploited in the wild. “Google is aware that an exploit for CVE-2026-11645 exists in the wild,” the company said in a Monday security advisory. The fix has…HELPNETSECURITY.COM
9 JunWinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in UkraineTwo Russia-aligned cyber attack campaigns have continued to exploit a security flaw in WinRAR to target Ukrainian organisations, almost a year after patches for the vulnerability were released. The activity has been attributed by Trend Micro to Earth Dahu (aka Gamaredon) and SHAD…THEHACKERNEWS.COM
9 Jun KEVChrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch NowGoogle has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2026-11645 (CVSS score: 8.8), has been described as an out-of-bounds memory access in V8, Chrome'…THEHACKERNEWS.COM
9 JunRussian Attackers Weaponize WinRAR Flaw Against Ukrainian OrgsTwo separate campaigns target CVE-2025-8088, fixed last July, to conduct data theft and cyberespionage against military and government targets in Ukraine.DARKREADING.COM
9 JunVeeam Backup & Replication RCE Flaw Lets Domain Users Run Remote CodeVeeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote code execution. Tracked as CVE-2026-44963, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10.0. "A vulnerability allowing remote …THEHACKERNEWS.COM
9 JunVU#616257: Microsoft-signed UEFI shim bootloaders vulnerable to Secure Boot bypassOverview Microsoft-signed UEFI bootloaders of the open-source shim project, primarily from version 0.9 and earlier, were identified as vulnerable to Secure Boot bypass. To mitigate this risk, the affected bootloaders will be added to the Microsoft UEFI Forbidden Signature Databas…KB.CERT.ORG
8 Jun KEVCISA: Patch actively exploited SolarWinds Serv-U DoS vulnerability (CVE-2026-28318)A vulnerability (CVE-2026-28318) that can be exploited to crash SolarWinds Serv-U file transfer servers is being leveraged by attackers in the wild, the US Cybersecurity and Infrastructure Security Agency (CISA) confirmed on Friday. The agency has ordered US federal civilian agen…HELPNETSECURITY.COM
8 JunGoogle Protocol Buffers flaw turns schemas into shellsA widely used JavaScript implementation of Google’s Protocol Buffers format is placing too much trust in untrusted data, exposing affected applications to remote code execution and other attacks. Researchers at Cyera have disclosed six vulnerabilities affecting “ protobuf.js ,” a…CSOONLINE.COM
8 JunQilin ransomware affiliate exploited Check Point VPN zero-day (CVE-2026-50751)A Qilin ransomware affiliate is believed to be exploiting CVE-2026-50751, an authentication bypass vulnerability in Check Point VPN Remote Access and Mobile Access, the company announced on Monday. About CVE-2026-50751 Check Point Remote Access VPN enables and secures connections…HELPNETSECURITY.COM
8 Jun KEVCritical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 SetupsCheck Point has warned of active exploitation of a critical vulnerability impacting Remote Access VPN and Mobile Access deployments that are configured to use the deprecated IKEv1 key exchange protocol. The vulnerability, tracked as CVE-2026-50751 (CVSS score: 9.3), is a case of …THEHACKERNEWS.COM
8 Jun KEVAttackers exploiting unpatched Cisco SD-WAN flawCisco warns customers of an actively exploited high-severity vulnerability in Catalyst SD-WAN Manager, an enterprise network management system that has been targeted by hackers multiple times in the past. Located in the command-line interface, the flaw allows authenticated attack…CSOONLINE.COM
6 Jun KEVCisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch AvailableCisco has warned that a high-severity security flaw impacting Catalyst SD-WAN Manager has come under active exploitation. The vulnerability, tracked as CVE-2026-20245, carries a CVSS score of 7.8 out of a maximum of 10.0. It affects the following deployment types - On-Prem Deploy…THEHACKERNEWS.COM
6 JunCritical Everest Forms Pro flaw exploited to take over WordPress sitesHackers are actively exploiting a critical vulnerability (CVE-2026-3300) in the Everest Forms Pro plugin, which lets them take complete control of a WordPress website. [...]BLEEPINGCOMPUTER.COM
5 JunHackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over SitesThreat actors are actively exploiting a critical security flaw in Everest Forms Pro, a WordPress plugin with about 4,000 active installations, to execute arbitrary code, leading to a complete site compromise. The vulnerability in question is CVE-2026-3300 (CVSS score: 9.8), a rem…THEHACKERNEWS.COM
5 JunUS government report slams NIST for NVD backlogA report from the US Commerce department’s inspector general blames the National Institute of Standards and Technology (NIST) for the ever-growing backlog of vulnerabilities for inclusion in the National Vulnerability Database (NVD). But cybersecurity practitioners say that the b…CSOONLINE.COM
5 JunCisco warns of unpatched SD-WAN zero-day exploited in attacksOn Thursday, Cisco warned of a high-severity, unpatched zero-day in the Cisco Catalyst SD-WAN Manager (tracked as CVE-2026-20245) actively exploited in attacks enabling root privilege escalation. [...]BLEEPINGCOMPUTER.COM
5 JunCisco Warns of 7th SD-WAN Zero-Day Exploited in 2026The vulnerability is tracked as CVE-2026-20245 and it can allow arbitrary command execution as root, but no patch yet. The post Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026 appeared first on SecurityWeek .SECURITYWEEK.COM
5 JunCisco SD-WAN 0-day exploited, no patch available (CVE-2026-20245)A 0-day privilege escalation vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager that has yet to be patched by Cisco is being leveraged by attackers. “To exploit this vulnerability, an attacker must have netadmin privileges on an affected system. This would requ…HELPNETSECURITY.COM
5 JunClaude Code has an MCP security problem — and your developers are already using itClaude Code is Anthropic’s AI coding assistant — a command-line tool that developers are adopting fast. It connects to external services through Model Context Protocol, the standard that lets AI tools interact with Jira, Confluence, GitHub, databases and internal APIs. When a dev…CSOONLINE.COM
5 JunThreat Brief: Active Exploitation of PAN-OS CVE-2026-0257We include indicators of activity and mitigations for PAN-OS vulnerability CVE-2026-0257. The post Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257 appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
4 JunHugging Face Transformers RCE flaw enables stealthy compromise via AI model configsA high severity vulnerability in Hugging Face Transformers enables attackers to compromise systems that use the popular Python library to test and run AI models. The flaw impacts library versions that continue to be actively downloaded and comes at a time when attackers are incre…CSOONLINE.COM
4 JunHTTP/2’s speed abused to slow webserver performance in DoS attackSecurity researchers are warning of an issue with the default HTTP/2 configuration used by major web servers which reportedly survived more than a decade of human review before showing up in Codex-assisted analysis. A flaw in the handling of the HTTP/2 protocol made a denial-of-s…CSOONLINE.COM
4 JunCisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes PublicCisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root. It is tracked as CVE-2026-20230, and proof-of-concept exploit code is already public. Cisco's PSIRT says it has no…THEHACKERNEWS.COM
4 JunSecurity Researchers Are Threat Actors - PSW #929This week in the security news: - Security Researchers Are Threat Actors according to Microsoft - Hands-free malicious firmware - If you've ever typed "ls" in Windows, this is for you - Cisco makes more patches, wants you to pay - Ambiguous Secure Boot bypass - Threat actors love…YOUTUBE.COM
3 Jun KEVGoogle June 2026 Android Update Patches 124 Flaws, One Actively ExploitedGoogle on Monday released patches for 124 security vulnerabilities impacting its Android operating system for the month of June 2026, including one high-severity flaw in the Framework component that has come under active exploitation. Tracked as CVE-2025-48595 (CVSS score: 8.4), …THEHACKERNEWS.COM
3 JunCVE-2023-1386 Qemu: 9pfs: suid/sgid bits not dropped on file writeInformation published.MSRC.MICROSOFT.COM
3 JunCVE-2020-8561 Webhook redirect in kube-apiserverInformation published.MSRC.MICROSOFT.COM
3 JunCVE-2025-5791 Users: `root` appended to group listingsInformation published.MSRC.MICROSOFT.COM
3 JunCVE-2025-1150 GNU Binutils ld libbfd.c bfd_malloc memory leakInformation published.MSRC.MICROSOFT.COM
3 JunUnpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 HashesCybersecurity researchers have disclosed details of an unpatched issue that could be exploited to disclose a user's NTLMv2 hash to the attacker. Like in the case of CVE-2026-33829, which impacted the Windows Snipping Tool's ms-screensketch: URI handler, the newly flagged issue re…THEHACKERNEWS.COM
3 JunTenable CTO Q&A: C-suite views AI as massive threat, as cyber teams adopt exposure management to counter AI attacksTenable CTO Vlad Korsunsky talks about participating in the World Economic Forum’s Annual Meeting on Cybersecurity and Tenable’s EXPOSURE 2026 conference, where he talked with global leaders about new game-changing AI threats and the groundbreaking benefits of exposure management…TENABLE.COM
3 JunVerizon VoLTE network found missing IPsec protections for SIP signalingThe CERT Coordination Center (CERT/CC) has disclosed a security issue affecting Verizon's Voice over LTE (VoLTE) infrastructure, warning that SIP signaling traffic on the carrier's IP Multimedia Subsystem (IMS) network appears to lack IPsec integrity protection required by indust…CYBERINSIDER.COM
3 JunVU#595768: Securly Chrome Extension contains multiple weak encryption and access control vulnerabilitiesOverview Version 3.0.7 of the Securly Chrome Extension contains multiple vulnerabilities involving insecure data transmission, weak cryptography, and improper access control. These issues may expose sensitive filtering rules, enable the manipulation of downloaded configuration fi…KB.CERT.ORG
2 Jun KEVOracle WebLogic Vulnerability Exploited in the WildThe vulnerability is CVE-2024-21182 and it can be exploited without authentication to hack affected WebLogic servers. The post Oracle WebLogic Vulnerability Exploited in the Wild appeared first on SecurityWeek .SECURITYWEEK.COM
2 Jun KEVGoogle fixes actively exploited Android vulnerability (CVE-2025-48595)Google has announced the June 2026 Android security updates, which fix a bucketload of vulnerabilities, including a high-severity vulnerability (CVE-2025-48595) in the Android Framework that “may be under limited, targeted exploitation.” About CVE-2025-48595 CVE-2025-…HELPNETSECURITY.COM
2 JunVU#873170: Collibra Agent contains improper authentication and path traversal vulnerabilitiesOverview The Collibra Platform Agent contains vulnerabilities that can be chained by a remote, unauthenticated attacker to achieve remote code execution. An attacker can exploit these issues by uploading a crafted ZIP archive that writes attacker-controlled files to arbitrary loc…KB.CERT.ORG
2 Jun KEVAndroid June 2026 update patches actively exploited zero-dayGoogle has released the June 2026 Android security updates, addressing dozens of vulnerabilities across the mobile operating system, including a high-severity zero-day flaw that is under active, targeted exploitation. The update also fixes multiple critical privilege-escalation a…CYBERINSIDER.COM
2 JunVU#615987: Missing IPsec Integrity Protection for IMS SIP Signaling in Verizon VoLTE DeploymentsOverview VoLTE deployments on Verizon’s IMS network have historically lacked IPsec-based integrity protection for SIP signaling, contravening well-established requirements in 3GPP TS 33.203 and GSMA IR.92. As a result, SIP messages—including registration ( REGISTER ), call setup …KB.CERT.ORG
2 JunVU#265691: Appsmiths SQL Query autocomplete renderer contains a cross site scripting vulnerabilityOverview A stored cross-site scripting (XSS) vulnerability has been discovered in Appsmith, specifically in the CodeMirror based SQL query editor’s autocomplete renderer. CVE-2026-7299 has been assigned to track the vulnerability. An attacker with developer level access to a shar…KB.CERT.ORG
2 JunAndroid Update Patches Exploited Zero-Day, 123 Other VulnerabilitiesGoogle says the Android vulnerability CVE-2025-48595 has been exploited in limited, targeted attacks. The post Android Update Patches Exploited Zero-Day, 123 Other Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
2 JunPresident Trump picks housing director Bill Pulte to serve as acting DNI.Federal watchdog warns of management issues for NIST's NVD. Spanish National Police arrest suspect in government doxxing case.THECYBERWIRE.COM
2 JunGamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against UkraineThe Russian hacking group known as Gamaredon has been attributed to the continued exploitation of a WinRAR vulnerability to deliver multiple malware families aimed at data theft and propagation. Per Sekoia, the activity involves the weaponization of CVE-2025-8088, a path traversa…THEHACKERNEWS.COM
2 JunHP Poly VoIP vulnerability sets the stage for executive voice deepfakesHP has released patches for a critical buffer overflow vulnerability in multiple IP-enabled conference phones from its Poly Voice line. The flaw allows unauthenticated attackers to obtain root privileges on the underlying operating system, potentially enabling them to execute oth…CSOONLINE.COM
2 JunCritical Kirki flaw exploited to hijack WordPress admin accountsHackers are exploiting a critical privilege escalation vulnerability (CVE-2026-8206) in the Kirki plugin for WordPress to take over any user account, including those belonging to administrators. [...]BLEEPINGCOMPUTER.COM
1 Jun KEVMicrosoft Threatens Security Researcher | Palo Alto VPN Exploited | Google Insider Trading CaseMicrosoft's dispute with a former security researcher takes a dramatic turn as the company raises the possibility of criminal action over the publication of proof-of-concept code for unpatched zero-day vulnerabilities. David Shipley examines the escalating conflict between Micros…CYBERSECURITYTODAY.LIBSYN.COM
1 JunHackers are exploiting Palo Alto GlobalProtect VPN authentication bypass (CVE-2026-0257)Authentication bypass vulnerabilities (CVE-2026-0257) in Palo Alto Networks’ firewalls that the company disclosed on May 13 have been targeted in “limited exploit attempts”. “Across multiple customers, Rapid7 observed successful exploitation via authentica…HELPNETSECURITY.COM
1 JunRecent Palo Alto Networks Vulnerability Exploited for WeeksHackers began exploiting CVE-2026-0257, an authentication bypass in Palo Alto Networks PAN-OS, four days after public disclosure. The post Recent Palo Alto Networks Vulnerability Exploited for Weeks appeared first on SecurityWeek .SECURITYWEEK.COM
1 JunFlowise’s MCP implementation can run ghost commandsEnterprises using the lightweight, open-source Flowise platform to power self-hosted AI workloads have a new near-max severity issue to worry about. Researchers at Obsidian Security have detailed a one-click remote code execution (RCE) vulnerability affecting self-hosted Flowise …CSOONLINE.COM
1 JunHow NIST fumbled management of the National Vulnerability DatabaseA US federal watchdog has outlined how the National Institute of Standards and Technology (NIST) failed to effectively manage the growing backlog of unprocessed cybersecurity vulnerabilities in the National Vulnerability Database (NVD). How the NVD crisis unfolded The NVD was est…HELPNETSECURITY.COM
1 JunCVE-2026-0826: How an Old Bug Can Feed AI-Powered ImpersonationOne of the more persistent myths in security is that old bug classes become old problems. They don’t. They just show up in different places, under different conditions, and usually at the exact moment we’ve convinced ourselves not to pay attention to them. That’s part of what mak…RAPID7.COM
1 JunCVE-2026-0826: Critical unauthenticated stack buffer overflow in HP Poly VVX and Trio VoIP Phones (FIXED)Overview Rapid7 Labs conducted a zero-day research project against an HP Poly VVX 450 Voice over Internet Protocol (VoIP) phone. This research resulted in the discovery of a critical unauthenticated stack-based buffer overflow vulnerability, CVE-2026-0826. A remote attacker can l…RAPID7.COM
1 JunCritical Windows Netlogon Vulnerability in Attackers’ CrosshairsOrganizations are advised to patch CVE-2026-41089 as soon as possible, given its severity, the potential ongoing exploitation. The post Critical Windows Netlogon Vulnerability in Attackers’ Crosshairs appeared first on SecurityWeek .SECURITYWEEK.COM
1 Jun KEVWindows Netlogon RCE exploited, domain controllers at risk (CVE-2026-41089)CVE-2026-41089, a critical Windows Netlogon RCE flaw that allows remote code execution, is now actively exploited in the wild, the Centre for Cybersecurity Belgium (CCB) warned on Friday. About CVE-2026-41089 CVE-2026-41089 is a stack-based buffer overflow vulnerability in Window…HELPNETSECURITY.COM
1 JunVU#158530: PCTCore64.sys Windows kernel driver contains missing access control vulnerabilityOverview The PCTCore64.sys Windows kernel driver from PC Tools Internet Security exposes its \\.\PCTCoreDriver device interface with no access control, allowing any user-mode process to interact with the driver and invoke privileged IOCTL (I/O Control) commands. In a Bring Your O…KB.CERT.ORG
1 JunOracle’s first monthly patch release fixes 35 flaws, including 11 rated ‘critical’Oracle has released the first security fixes in its new monthly Critical Security Patch Update (CSPU) cycle, designed to address urgent vulnerabilities that can’t wait for the company’s quarterly patching. The initial batch addresses 35 flaws, including several for which exploit …CSOONLINE.COM
1 JunWP Maps Pro Vulnerability Exploited to Take Over WordPress SitesThe security defect (CVE-2026-8732) allows unauthenticated attackers to create administrative accounts on the affected installations. The post WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites appeared first on SecurityWeek .SECURITYWEEK.COM
1 JunInspector general finds NIST mistakes have made vulnerability database ineffectiveNIST’s National Vulnerability Database (NVD) backlog mushroomed from 13,000 unprocessed security vulnerabilities in February 2024 to more than 27,000 by the end of 2025, “undermining the NVD’s utility and public trust," according to an inspector general report.THERECORD.MEDIA
1 JunAttackers are exploiting Palo Alto Networks defect that initially flew under the radarThe escalated threat posed by the defect showcases how quickly a seemingly mild vulnerability can turn into an urgent warning. The post Attackers are exploiting Palo Alto Networks defect that initially flew under the radar appeared first on CyberScoop .CYBERSCOOP.COM
30 MayPAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active ExploitationPalo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0257 (CVSS score: 7.8), refers to a case of authentication bypass that c…THEHACKERNEWS.COM
30 MayPalo Alto GlobalProtect VPN auth bypass flaw now exploited in attacksPalo Alto Networks is warning that hackers are now exploiting a PAN-OS GlobalProtect authentication bypass flaw, tracked as CVE-2026-0257, in attacks attempting to breach corporate networks. [...]BLEEPINGCOMPUTER.COM
29 MayIBM and Red Hat want to become the ‘security clearinghouse’ for open source applications in the enterpriseOpen source code is everywhere in the enterprise; it’s estimated that upwards of 90% of Fortune 500 companies have it in their software supply chains. But open source code is notoriously rife with vulnerabilities, and identifying and patching those bugs can be an endless battle f…CSOONLINE.COM
29 MayCVE-2026-46219 spi: mpc52xx: fix use-after-free on unbindInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46137 mptcp: pm: ADD_ADDR rtx: fix potential data-raceInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46172 ipv6: xfrm6: release dst on error in xfrm6_rcv_encap()Information published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46168 mptcp: fix scheduling with atomic in timestamp sockoptInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46131 KVM: x86: check for nEPT/nNPT in slow flush hypercallsInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46128 ipmi: Check event message buffer response for bad dataInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-42250 Off-by-One Leading to Out-of-Bounds Write in bzip2Information published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46191 fbcon: Avoid OOB font access if console rotation failsInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46226 spi: fsl: fix controller deregistrationInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46158 mptcp: pm: ADD_ADDR rtx: always decrease sk refcountInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46232 HID: playstation: Clamp num_touch_reportsInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46107 dm-thin: fix metadata refcount underflowInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46225 spi: rspi: fix controller deregistrationInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46236 media: rc: xbox_remote: heed DMA restrictionsInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46235 media: saa7164: add ioremap return checks and cleanupsInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46177 ipmi: Add limits to event and receive message requestsInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46170 mptcp: pm: ADD_ADDR rtx: free sk if lastInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46123 Bluetooth: virtio_bt: clamp rx length before skb_putInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46120 ip6_gre: Use cached t->net in ip6erspan_changelink().Information published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46112 RDMA/hns: Fix unlocked call to hns_roce_qp_remove()Information published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46114 RDMA/rxe: Reject non-8-byte ATOMIC_WRITE payloadsInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46153 8021q: delete cleared egress QoS mappingsInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46150 fanotify: fix false positive on permission eventsInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46181 RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event()Information published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46200 spi: mpc52xx: fix controller deregistrationInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46148 spi: microchip-core-qspi: control built-in cs manuallyInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46198 batman-adv: fix integer overflow on buff_posInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46173 exit: prevent preemption of oopsing TASK_DEAD taskInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46115 block: add pgmap check to biovec_phys_mergeableInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46185 smb/client: fix out-of-bounds read in symlink_data()Information published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46205 staging: media: atomisp: Disallow all private IOCTLsInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46234 vsock: fix buffer size clamping orderInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46171 riscv: kvm: fix vector context allocation leakInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46143 ASoC: qcom: q6apm-lpass-dai: Fix multiple graph opensInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46145 RDMA/mana: Validate rx_hash_key_lenInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46218 drm/amdgpu: Add bounds checking to ib_{get,set}_valueInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46204 drm/amdgpu/vcn4: Prevent OOB reads when parsing IBInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46233 batman-adv: bla: only purge non-released claimsInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46142 net: libwx: fix VF illegal register accessInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46144 RDMA/mana: Fix error unwind in mana_ib_create_qp_rss()Information published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46184 sound: ua101: fix division by zero at probeInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46193 xfrm: ah: account for ESN high bits in async callbacksInformation published.MSRC.MICROSOFT.COM
29 MayNotepad++ vulnerabilities could enable arbitrary code execution on Windows systemsTwo arbitrary code execution vulnerabilities in Notepad++ let local attackers run commands of their choice on Windows machines by tampering with the editor’s XML configuration files, with both flaws rated High at CVSS 7.8. The flaws, tracked as CVE-2026-48778 and CVE-2026-48800, …CSOONLINE.COM
29 MayNew infostealer reaches enterprise devices through FortiClient EMS vulnerabilityAttackers are delivering a broad-spectrum infostealer to enterprise computers by exploiting a known vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS). “The [malicious] payload was presented as a Fortinet endpoint update and executed through Fo…HELPNETSECURITY.COM
29 MayAttackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 ExploitAn unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network using a recently disclosed vulnerability. "The attacker compromi…THEHACKERNEWS.COM
29 MayFederal audit reveals NIST’s NVD is plagued by poor planning and duplicationA report from the Commerce Inspector General details how mismanagement allowed a backlog of 27,000 unprocessed security flaws to grow unchecked, while the agency duplicated work with a similar CISA program. The post Federal audit reveals NIST’s NVD is plagued by poor planni…CYBERSCOOP.COM
29 MayRapid7 Observed Exploitation of PAN-OS GlobalProtect Authentication Bypass Vulnerability (CVE-2026-0257)Overview On May 13, 2026, Palo Alto Networks published a security advisory for CVE-2026-0257, a medium severity authentication bypass affecting PAN-OS and Prisma Access when a specific configuration is present. Successful exploitation of this vulnerability allows a remote unauthe…RAPID7.COM
29 MayMetasploit Wrap Up 05/29/2026More Linux LPEs Hark the age of the Linux LPE has arrived. This week’s release follows up on recent work bringing new Linux LPEs to Metasploit users. Copy Fail seemed to have kicked off a trend of similar bugs and hot on its heels is Dirty Frag. Dirty Frag is actually two vulnera…RAPID7.COM
29 MayMicrosoft and security researcher’s dueling posts about cybersecurity disclosures get nastyMicrosoft and a prominent cybersecurity researcher have gotten into a very public and rather personal exchange of unpleasantries about what responsible cybersecurity disclosures should mean in 2026. A cybersecurity researcher going by the name Nightmare Eclipse, who has disclosed…CSOONLINE.COM
28 MayCVE-2026-45917 ipvs: do not keep dest_dst if dev is going downInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46005 xfs: fix a resource leak in xfs_alloc_buftarg()Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45930 net: mctp: ensure our nlmsg responses are initialisedInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46084 RDMA/mana_ib: Disable RX steering on RSS QP destroyInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46012 rxrpc: Fix memory leaks in rxkad_verify_response()Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46085 rxrpc: Fix rxkad crypto unalignment handlingInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46004 ALSA: caiaq: Handle probe errors properlyInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45991 udf: fix partition descriptor append bookkeepingInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46027 net/smc: avoid early lgr access in smc_clc_wait_msgInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46051 md/raid5: fix soft lockup in retry_aligned_read()Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46053 net: rds: fix MR cleanup on copy errorInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45961 gfs2: fix memory leaks in gfs2_fill_super error pathInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45940 net: stmmac: fix oops when split header is enabledInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-44708 Mistune Math Plugin XSS Escape BypassInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-44897 Mistune Heading ID Attribute Injection XSSInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46017 mm: fix deferred split queue races during migrationInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45897 netfilter: nft_counter: serialize reset with spinlockInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45986 crypto: ccree - fix a memory leak in cc_mac_digest()Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46047 net: qrtr: ns: Fix use-after-free in driver remove()Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45850 ipvs: skip ipv6 extension headers for csum checksInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46101 netfilter: reject zero shift in nft_bitwiseInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46098 net: caif: clear client service pointer on teardownInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45861 gfs2: Fix slab-use-after-free in qd_putInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46077 crypto: atmel-tdes - fix DMA sync directionInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46063 x86/shstk: Prevent deadlock during shstk sigreturnInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45963 ASoC: nau8821: Cancel delayed work on component removeInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45998 rxrpc: Fix potential UAF after skb_unshare() failureInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46023 dm mirror: fix integer overflow in create_dirty_log()Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46102 net: strparser: fix skb_head leak in strp_abort_strp()Information published.MSRC.MICROSOFT.COM
28 MayCVE-2025-71305 drm/display/dp_mst: Add protection against 0 vcpiInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46003 net: qrtr: ns: Limit the total number of nodesInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45973 RDMA/mlx5: Fix UMR hang in LAG error state unloadInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45899 ext4: drop extent cache when splitting extent failsInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46071 KVM: nSVM: Avoid clearing VMCB_LBR in vmcb12Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46049 ALSA: ctxfi: Add fallback to default RSR for S/PDIFInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45989 of: unittest: fix use-after-free in testdrv_probe()Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45855 ata: libata-scsi: avoid Non-NCQ command starvationInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45912 ext4: don't cache extent during splitting extentInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46091 media: rc: igorplugusb: heed coherency rulesInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-44899 Mistune Image Directive CSS Injection VulnerabilityInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-44898 Mistune TOC Anchor Injection XSSInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46038 net: qrtr: ns: Free the node during ctrl_cmd_bye()Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45988 rxrpc: Fix re-decryption of RESPONSE packetsInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45996 spi: imx: fix use-after-free on unbindInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45942 ext4: fix e4b bitmap inconsistency reportsInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46103 can: ucan: fix devres lifetimeInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46092 wifi: rtw88: check for PCI upstream bridge existenceInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46044 ipmi:ssif: Clean up kthread on errorsInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46072 ntfs3: add buffer boundary checks to run_unpack()Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46079 rbd: fix null-ptr-deref when device_add_disk() failsInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46099 net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnelsInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46083 spi: fix resource leaks on device setup failureInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46015 tcp: call sk_data_ready() after listener migrationInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46082 KVM: SVM: Inject #UD for INVLPGA if EFER.SVME=0Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46026 net: qrtr: ns: Limit the maximum number of lookupsInformation published.MSRC.MICROSOFT.COM
28 MayGlassWorm falls, but the repo problem is far from solvedTaking down a sprawling malware operation once signaled progress in securing the open-source ecosystem. Now, it barely registers. The GlassWorm campaign disruption comes at a moment when attackers can quickly reconstitute, and defenders are increasingly grappling with a new chall…CSOONLINE.COM
28 MayAuthenticated RCE via Argument Injection in Gogs (NOT FIXED)Overview Rapid7 Labs discovered a critical argument injection ( CWE-88 ) vulnerability in Gogs , a popular open-source self-hosted Git service. Rapid7 Labs scores this vulnerability as CVSSv4 9.4 (Critical). The vulnerability allows any authenticated user to achieve remote code e…RAPID7.COM
28 MayVU#780781: Casdoor contains multiple authentication bypass and access management vulnerabilitiesOverview Casdoor versions 2.362.0 and earlier contain several identity and access management vulnerabilities that enable broad authentication bypass and privilege escalation. These flaws relate to Casdoor’s Security Assertion Markup Language (SAML) processing, account binding, an…KB.CERT.ORG
28 MayHackers exploit FortiClient EMS flaw to push infostealer malwareHackers are exploiting an authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS) to deliver an undocumented credential stealer called EKZ. [...]BLEEPINGCOMPUTER.COM
27 May KEVCISA Orders Emergency Drupal Patch | Microsoft Server Bug | Google Fights Canada Surveillance BillCISA has ordered U.S. federal civilian agencies to urgently patch an actively exploited critical Drupal SQL injection vulnerability (CVE-2026-9082) affecting PostgreSQL-backed Drupal deployments, after Imperva reported more than 15,000 attack attempts across 65 countries. Microso…CYBERSECURITYTODAY.LIBSYN.COM
27 MayCVE-2026-9256 NGINX ngx_http_rewrite_module vulnerabilityInformation published.MSRC.MICROSOFT.COM
27 MayThe NSA, ‘Mythos’ and the quiet emergence of AI cyber doctrineFor most of my career running security operations, the shape of cyber conflict has been defined by who could move faster than the other side. Faster at identifying a vulnerability, faster at patching, faster at detecting, faster at responding. The last few months have made me ree…CSOONLINE.COM
27 MayGitea Vulnerability Exposes Private Container Images without AuthenticationCybersecurity researchers have disclosed a security flaw in Gitea, an open-source, self-hosted platform for version control, that allows unauthenticated remote attackers to pull private container images from Gitea deployments without requiring an account, password, or other crede…THEHACKERNEWS.COM
27 MayClaude now reviews and fixes vulnerabilities as you write codeAnthropic introduced a security-guidance plugin for Claude Code that reviews code changes for common vulnerabilities and helps Claude identify and fix issues during the same development session. The company says the plugin is designed to catch issues such as injection flaws, unsa…HELPNETSECURITY.COM
27 MayFastAPI-based AI tools exposed to authentication bypass by flaw in Starlette frameworkA single malformed character in a web request can let an unauthenticated attacker slip past the access controls that guard applications built on Starlette, the open-source Python framework that powers FastAPI, researchers said. The flaw, tracked as CVE-2026-48710 could allow atta…CSOONLINE.COM
27 May KEVCISA orders federal agencies to patch actively exploited cPanel plugin flaw within 4 daysThe US Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a critical vulnerability in the LiteSpeed cPanel plugin that is being actively exploited in attacks. The flaw, tracked as CVE-2026-48172, affects the LiteSpeed cPanel user-end plu…CYBERINSIDER.COM
26 MayKnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt StrikeA now-patched high-severity security flaw affecting Digital Knowledge KnowledgeDeliver, a Learning Management System (LMS) popular in Japan, was exploited as a zero-day to deliver the Godzilla web shell and ultimately facilitate the deployment of Cobalt Strike Beacon. The vulnera…THEHACKERNEWS.COM
26 MayCVE-2025-3198 GNU Binutils objdump bucomm.c display_info memory leakInformation published.MSRC.MICROSOFT.COM
26 MayHigh-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659)Microsoft has released patches for a high-severity remote code execution vulnerability (CVE-2026-45659) in SharePoint that may be exploited in low-complexity attacks. It affects the SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2…HELPNETSECURITY.COM
26 MayMicrosoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server VersionsMicrosoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in attacks without requiring any specialized conditions to be met. The vulnerability, tracked as CVE-2026-45659, carries a CVSS score of 8.8. I…THEHACKERNEWS.COM
26 May KEVActively exploited Trend Micro Apex One flaw gets CISA warning (CVE-2026-34926)A relative directory path traversal vulnerability (CVE-2026-34926) in Trend Micro’s Apex One platform has been exploited in zero-day attacks, the company confirmed. “TrendAI has observed at least one attempt to exploit this vulnerability in the wild,” Trend Micr…HELPNETSECURITY.COM
26 MayCVE-2026-45495 Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityCWE added. Informational change only.MSRC.MICROSOFT.COM
26 MayCVE-2026-45498 Microsoft Defender Denial of Service VulnerabilityCWE added. Informational change only.MSRC.MICROSOFT.COM
26 MayCVE-2026-41091 Microsoft Defender Elevation of Privilege VulnerabilityIn the Security Updates table, added links to the Release Notes. This is an informational change only.MSRC.MICROSOFT.COM
26 MayCVE-2026-45584 Microsoft Defender Remote Code Execution VulnerabilityIn the Security Updates table, added links to the Release Notes. This is an informational change only.MSRC.MICROSOFT.COM
25 MayAI Vulnerability Explosion, Kim Wolf Botnet Arrest, Ghost CMS Hack, Iran Cyber EspionageIs AI about to trigger a cybersecurity vulnerability explosion? In this episode of Cybersecurity Today, David Shipley examines what some researchers are calling the early signs of a "vulnerability apocalypse" as Anthropic's Claude-powered Project Glasswing identifies thousands of…CYBERSECURITYTODAY.LIBSYN.COM
25 MayExploitation of KnowledgeDeliver via ViewState Deserialization VulnerabilityWritten by: Takahiro Sugiyama, Peter Revelant, Mathew Potaczek Introduction In late 2025, Mandiant responded to a security incident involving a compromised web server running KnowledgeDeliver . KnowledgeDeliver is a Learning Management System (LMS) developed by Digital Knowledge …CLOUD.GOOGLE.COM
25 MayCVE-2026-43029 mptcp: fix soft lockup in mptcp_recvmsg()Information published.MSRC.MICROSOFT.COM
25 MayCVE-2026-43414 scsi: qla2xxx: Completely fix fcport double freeInformation published.MSRC.MICROSOFT.COM
25 MayAs AI speeds coding, CVE Lite CLI keeps security deliberately AI-freeAs AI coding assistants accelerate software development, one OWASP-backed open-source project is arguing that dependency security tooling still arrives too late to be truly useful. CVE Lite CLI , a JavaScript and TypeScript dependency vulnerability scanner focused on local lockfi…CSOONLINE.COM
25 MayGhost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix AttacksThreat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks. According to QiAnXin XLab, the activity involves the exploitation of CVE-2026-26980 (CVSS score: 9.4), an SQL injection …THEHACKERNEWS.COM
25 MayDrupal warns of active exploitation attempts targeting critical SQL injection flawDrupal is warning administrators that attackers are already attempting to exploit a newly disclosed SQL injection vulnerability affecting the open-source content management system just days after security patches were released. The flaw, tracked as CVE-2026-9082, impacts Drupal’s…CYBERINSIDER.COM
24 MayGhost CMS SQL injection flaw exploited in large-scale ClickFix campaignA large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. [...]BLEEPINGCOMPUTER.COM
23 MayCVE-2026-5946 Invalid handling of CLASS != INInformation published.MSRC.MICROSOFT.COM
23 MayCVE-2026-5950 Unbounded resend loop in BIND 9 resolverInformation published.MSRC.MICROSOFT.COM
23 MayCVE-2026-8711 NGINX JavaScript vulnerabilityInformation published.MSRC.MICROSOFT.COM
23 MayLiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as RootA maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild. The flaw, tracked as CVE-2026-48172 (CVSS score: 10.0), relates to an instance of incorrect privilege assignment that an attacker could abuse to ru…THEHACKERNEWS.COM
22 MayCisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data AccessCisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload that could allow an unauthenticated, remote attacker to access sensitive data. Tracked as CVE-2026-20223 (CVSS score: 10.0), the vulnerability arises from insufficient validation and authe…THEHACKERNEWS.COM
22 May KEVCISA Warns Trend Micro Apex One Vulnerability Is Being Exploited in AttacksCISA has added a newly disclosed vulnerability in Trend Micro Apex One to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is actively being exploited in real-world attacks. The issue, tracked as CVE-2026-34926, affects on-premise deployments of Trend Micr…GBHACKERS.COM
22 MayCVE-2026-43494 net/rds: reset op_nents when zerocopy page pin failsInformation published.MSRC.MICROSOFT.COM
22 MayCVE-2024-26944 btrfs: zoned: fix use-after-free in do_zone_finish()Information published.MSRC.MICROSOFT.COM
22 May KEVCISA Issues Alert on Exploited Microsoft Defender Zero-Day VulnerabilitiesCISA has issued an urgent alert warning organizations about two newly disclosed zero-day vulnerabilities affecting Microsoft Defender, both added to the Known Exploited Vulnerabilities (KEV) catalog on May 20, 2026. CVE-2026-45498: Microsoft Defender DoS Vulnerability CVE-2026-45…GBHACKERS.COM
22 MayCVE-2024-41023 sched/deadline: Fix task_struct reference leakInformation published.MSRC.MICROSOFT.COM
22 MayDrupal Vulnerability in Hacker Crosshairs Shortly After DisclosureDrupal is warning users that it has already seen attempts to exploit CVE-2026-9082 and security firms are seeing attacks against thousands of websites. The post Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure appeared first on SecurityWeek .SECURITYWEEK.COM
22 MayMetasploit Wrap Up 05/22/2026Another week, another authentication bypass Our humble Metasploit weekly(ish) blog has been blessed with a new network component vulnerability. The dynamic duo of @sfewer-r7 and @jburgess-r7 have discovered and authored the admin/networking/cisco_sdwan_vhub_auth_bypass module for…RAPID7.COM
21 MayMicrosoft is working on a patch for ‘YellowKey’ attack on Bitlocker, offers temporary fixMicrosoft says it is considering a patch for a zero-day vulnerability, dubbed YellowKey, that allows attackers with access to a Windows device to bypass Bitlocker encryption protection and read and write files. The flaw was disclosed last week, and there is already a public proof…CSOONLINE.COM
21 MayHighly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE AttacksDrupal has released security updates for a "highly critical" security vulnerability in Drupal Core that could be exploited by attackers to achieve remote code execution, privilege escalation, or information disclosure. The vulnerability, now tracked as CVE-2026-9082, carries a CV…THEHACKERNEWS.COM
21 MayCVE-2026-45585 Windows BitLocker Security Feature Bypass VulnerabilityAdded a script to implement a mitigation and removed the manual mitigations. Please read the information to decide if you need to run the provided script.MSRC.MICROSOFT.COM
21 MayCVE-2026-43618 Rsync < 3.4.3 Integer Overflow Information DisclosureInformation published.MSRC.MICROSOFT.COM
21 MayCVE-2026-32792 Packet of death with DNSCryptInformation published.MSRC.MICROSOFT.COM
21 MayCVE-2026-42959 Crash during DNSSEC validation of malicious contentInformation published.MSRC.MICROSOFT.COM
21 MayCVE-2026-45232 Rsync < 3.4.3 Off-by-One Stack Write via HTTP ProxyInformation published.MSRC.MICROSOFT.COM
21 MayCVE-2026-42534 Jostle logic bypass degrades resolution performanceInformation published.MSRC.MICROSOFT.COM
21 MayCVE-2026-40622 Another 'ghost domain names' attack variantInformation published.MSRC.MICROSOFT.COM
21 MayCVE-2026-45736 ws: Uninitialized memory disclosureInformation published.MSRC.MICROSOFT.COM
21 MayNine-Year-Old Kernel Flaw Puts Linux SSH Private Keys at RiskA newly disclosed Linux kernel vulnerability, tracked as CVE-2026-46333, poses a serious risk to SSH private keys and other sensitive credentials. The flaw, present in the kernel since 2016, allows a local attacker to escalate from a basic shell account to full root access on man…GBHACKERS.COM
21 May9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major DistrosCybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained undetected for nine years. The vulnerability, tracked as CVE-2026-46333 (CVSS score: 5.5), is a case of improper privilege management that could permit an unprivileged local user…THEHACKERNEWS.COM
21 MayCritical Vulnerability in Cisco Secure Workload Threatens Enterprise API SecurityCisco has disclosed a critical security vulnerability in its Secure Workload platform that could allow unauthenticated attackers to gain high-level administrative access to sensitive enterprise environments. The flaw, tracked as CVE-2026-20223, carries a maximum CVSS score of 10.…GBHACKERS.COM
21 May KEVMicrosoft Warns of Two Actively Exploited Defender VulnerabilitiesMicrosoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild. The former, tracked as CVE-2026-41091, is rated 7.8 on the CVSS scoring system. Successful exploitation of the flaw could allow an attacker…THEHACKERNEWS.COM
21 May KEVMicrosoft Defender Zero-Day Vulnerabilities Actively Exploited in the WildMicrosoft has disclosed two new zero-day vulnerabilities in Microsoft Defender that are actively being exploited in the wild, raising concerns among security professionals and enterprise users. The vulnerabilities, tracked as CVE-2026-41091 and CVE-2026-45498, were officially rel…GBHACKERS.COM
21 May KEVCVE-2026-9082: Highly Critical SQL Injection Vulnerability in Drupal Core (SA-CORE-2026-004)A highly critical SQL injection vulnerability in Drupal core's database abstraction layer affects sites running PostgreSQL. Key Takeaways CVE-2026-9082 is a highly critical SQL injection vulnerability in Drupal core's database abstraction API that can be exploited by unauthentica…TENABLE.COM
21 MayCisco fixed maximum severity flaw CVE-2026-20223 in Secure WorkloadCisco fixed a critical Secure Workload flaw (CVE-2026-20223) that could let attackers gain Site Admin privileges through crafted API requests. Cisco released patches for a critical vulnerability, tracked as CVE-2026-20223 (CVSS score of 10.0), in Secure Workload. The flaw stems f…SECURITYAFFAIRS.COM
21 MayUnpatched ChromaDB flaw leaves servers open to remote code executionResearchers have published details about a critical vulnerability in ChromaDB that could allow unauthenticated attackers to execute arbitrary code and access sensitive data on machines running the open-source vector database. The issue, tracked as CVE-2026-45829, is located in Ch…CSOONLINE.COM
21 MayCritical vulnerability in Cisco Secure Workload rated at maximum severityA critical vulnerability in the on-premises version of the Cisco Secure Workload security platform could allow a threat actor to obtain the privileges of a site admin, enabling them to compromise endpoints and read or modify configuration data. “CSOs need to drop what they are do…CSOONLINE.COM
21 May KEVMicrosoft patches two zero-day flaws in DefenderMicrosoft released emergency fixes for two zero-day vulnerabilities in the malware protection components of Microsoft Defender. The flaws allow local attackers to gain system-level privileges or cause the anti-malware service to stop working correctly. Both conditions are valuabl…CSOONLINE.COM
21 MayA New SonicWall Scanning Spike Echoes the Pattern That Preceded CVE-2026-0400A new SonicWall scanning surge mirrors the pattern that preceded CVE-2026-0400. GreyNoise details the activity and what defenders should watch.GREYNOISE.IO
20 MayFreePBX Security Flaw Lets Attackers Access User PortalsA critical security vulnerability has been discovered in FreePBX, a widely used open-source PBX platform, allowing unauthenticated attackers to access user portals under certain conditions. The flaw, tracked as CVE-2026-46376, carries a CVSS v4 base score of 9.1 and affects the U…GBHACKERS.COM
20 MayCVE Lite CLI: Open-source dependency vulnerability scannerDependency vulnerability scanning in JavaScript and TypeScript projects has long sat at the end of the development pipeline. Pull requests get opened, continuous integration runs, and a security scanner returns a list of CVE identifiers that developers then have to triage hours o…HELPNETSECURITY.COM
20 MayCVE-2026-43493 crypto: pcrypt - Fix handling of MAY_BACKLOG requestsInformation published.MSRC.MICROSOFT.COM
20 MayPardus Linux Vulnerability Lets Local Attackers Gain Silent Root AccessA critical privilege escalation vulnerability chain, tracked as CVE-2026-5140, has been discovered in the Pardus Linux update mechanism, allowing local users to gain full root access without authentication. The issue, rated CVSS 9.3 (Critical), affects the pardus-update package a…GBHACKERS.COM
20 MayDirtyDecrypt: PoC Released for yet another Linux flawDirtyDecrypt (CVE-2026-31635): working PoC out for a Linux kernel LPE flaw. Missing COW guard in rxgk_decrypt_skb lets local attackers reach root. After Copy Fail, Dirty Frag, and Fragnesia, here comes DirtyDecrypt, another local privilege escalation vulnerability in the kernel, …SECURITYAFFAIRS.COM
20 MayMicrosoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585)Microsoft is working on a fix for CVE-2026-45585 (aka “Yellowkey”), a vulnerability that can be used by attackers to bypass protections offered by BitLocker, the full-disk encryption feature built into Windows, and access users’ data. In the meantime, the compan…HELPNETSECURITY.COM
20 MayMicrosoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 ExploitMicrosoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week. The zero-day flaw, now tracked as CVE-2026-45585, carries a CVSS score of 6.8. It has been described as a BitLocker security feature bypass. …THEHACKERNEWS.COM
20 MayWhy some security fixes never reach your vulnerability dashboardOn April 22, for roughly 90 minutes, a malicious version of Bitwarden CLI appeared on npm. Version 2026.4.0 contained a credential-stealing payload that executed an obfuscated loader and harvested AWS, Azure, GCP, GitHub, and npm tokens from any developer machine that ran npm ins…CSOONLINE.COM
20 MayHow an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102)We explain how a flaw in ExifTool allows attackers to compromise macOS systems via a malicious image (CVE-2026-3102).SECURELIST.COM
20 MayCritical ExifTool Vulnerability Lets Hackers Compromise Macs via Malicious ImagesA newly disclosed vulnerability in ExifTool, tracked as CVE-2026-3102, exposes macOS systems to command execution attacks through malicious image metadata, highlighting ongoing risks in widely used file processing tools. ExifTool is a popular utility used across media workflows t…GBHACKERS.COM
20 MayNVIDIA Triton Inference Server Flaw Raises Risk of Unauthorized AccessNVIDIA has disclosed a critical security vulnerability in its Triton Inference Server that could allow attackers to bypass authentication and gain unauthorized access to affected systems. The flaw, tracked as CVE-2026-24207, has been assigned a CVSS v3.1 score of 9.8, indicating …GBHACKERS.COM
20 MayMicrosoft issues YellowKey mitigation, no patch yetMicrosoft acknowledged the YellowKey BitLocker bypass flaw and released mitigations, urging admins to disable autofstx.exe and enable TPM+PIN. A week after Chaotic Eclipse publicly dropped the YellowKey vulnerability, Microsoft acknowledged it and published a mitigation. Not a pa…SECURITYAFFAIRS.COM
20 MayVU#980487: Local privilege escalation in Linux Kernel (Dirty Frag)Overview A privilege escalation vulnerability, nicknamed "Dirty Frag," has been discovered in the Linux kernel versions 4.10 and later. This vulnerability is a result of chaining together two previously discovered vulnerabilities, xfrm-ESP Page-Cache Write CVE-2026-43284 and the …KB.CERT.ORG
20 MayDrupal admins rushing to patch maximum severity SQL injection vulnerabilityAdministrators of the Drupal open source content management platform are rushing to install an emergency patch issued today to fix a “highly critical” SQL injection vulnerability in the application’s core. While the vulnerability only affects websites that use the PostgreSQL data…CSOONLINE.COM
19 May KEVExchange Zero-Day Under Attack, Ransomware Gets Smarter, Fortinet Critical FlawsA dangerous new Microsoft Exchange zero-day is being actively exploited, ransomware gangs are adopting nation-state-style tactics, two fired contractors were caught deleting U.S. government databases after accidentally recording themselves on Microsoft Teams, and Fortinet has pat…CYBERSECURITYTODAY.LIBSYN.COM
19 MayCVE-2026-4873 connection reuse ignores TLS requirementInformation published.MSRC.MICROSOFT.COM
19 MayCVE-2026-6429 netrc credential leak with reused proxy connectionInformation published.MSRC.MICROSOFT.COM
19 MayCVE-2026-5545 wrong reuse of HTTP Negotiate connectionInformation published.MSRC.MICROSOFT.COM
19 MayCVE-2026-6253 proxy credentials leak over redirect-to proxyInformation published.MSRC.MICROSOFT.COM
19 MayCVE-2026-5773 wrong reuse of SMB connectionInformation published.MSRC.MICROSOFT.COM
19 MayCVE-2026-6276 stale custom cookie host causes cookie leakInformation published.MSRC.MICROSOFT.COM
19 MayCVE-2026-7168 cross-proxy Digest auth state leakInformation published.MSRC.MICROSOFT.COM
19 MayCVE-2025-1178 GNU Binutils ld libbfd.c bfd_putl64 memory corruptionInformation published.MSRC.MICROSOFT.COM
19 MayCVE-2025-0665 eventfd double closeInformation published.MSRC.MICROSOFT.COM
19 MayFour-Faith Industrial Routers Targeted in Botnet Hijacking CampaignFour-Faith industrial cellular routers are being actively targeted in a growing botnet campaign exploiting a critical authentication bypass flaw tracked as CVE-2024-9643. Security researchers warn that attackers are rapidly weaponizing the vulnerability to hijack exposed devices …GBHACKERS.COM
19 May20-Year-Old PostgreSQL Flaw Gets Public PoC Exploit for Remote Code ExecutionA newly released proof-of-concept (PoC) exploit for CVE-2026-2005 has brought renewed attention to a critical vulnerability in PostgreSQL’s pgcrypto extension, exposing systems to remote code execution (RCE). Security researchers warn that the flaw, rooted in legacy code paths da…GBHACKERS.COM
19 MayDirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE VulnerabilityProof-of-concept (PoC) exploit code has now been released for a recently patched security flaw in the Linux kernel that could allow for local privilege escalation (LPE). Dubbed DirtyDecrypt (aka DirtyCBC), the vulnerability was discovered and reported by the Zellic and V12 securi…THEHACKERNEWS.COM
19 MaymacOS flaw allowed rogue apps to access chat and browser dataResearchers at mobile privacy firm Mysk have disclosed details of a now-patched macOS vulnerability that could allow malicious apps to bypass Apple’s sandbox and privacy protections to access sensitive user data stored by messaging, productivity, and browser applications. Tracked…CYBERINSIDER.COM
19 MayContractor’s public GitHub account exposed GovCloud and CISA credentialsUntil a few days ago, a publicly-accessible GitHub repository exposed credentials for both US government AWS accounts and internal Cybersecurity and Infrastructure Security Agency (CISA) systems. That’s according to cybersecurity reporter Brian Krebs, who first broke the news ove…CSOONLINE.COM
19 May9 Year-Old PHP Vulnerability Keeps Swinging As One of the Most Targeted VulnerabilitiesCVE-2017-9841 is still a primary exploit path for several botnets. What is old is still new in the eyes of cybercrime.VULNCHECK.COM
18 May KEVExperts warn of active exploitation of critical NGINX flaw CVE-2026-42945A critical NGINX flaw (CVE-2026-42945) is actively exploited, allowing crashes or possible code execution via malicious HTTP requests. A critical vulnerability in NGINX Plus and NGINX Open, tracked as CVE-2026-42945 (CVSS v4 score of 9.2), is already being actively exploited shor…SECURITYAFFAIRS.COM
18 MayCritical Marimo RCE Flaw Could Let Attackers Execute Malicious Code RemotelyA newly disclosed critical vulnerability in the Marimo Python notebook framework is raising serious alarms across the cybersecurity community, as it allows attackers to execute arbitrary commands remotely, without authentication. Tracked as CVE-2026-39987, the flaw exposes a WebS…GBHACKERS.COM
18 MayChaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Windows security fixMiniPlasma: a Windows SYSTEM privilege escalation believed patched in 2020 (CVE-2020-17103) is still fully working on every patched Windows 11. Once again, security researcher Chaotic Eclipse has released a proof-of-concept exploit for a new Windows privilege escalation zero-day …SECURITYAFFAIRS.COM
18 May KEVVU#777338: SGLang contains two remote code execution and one path traversal vulnerabilityOverview Three vulnerabilities have been discovered in the SGLang project, two enabling remote code execution (RCE), and one regarding a path traversal vulnerability. In order for an attacker to exploit these vulnerabilities, the multimodal generation mode must be enabled, and an…KB.CERT.ORG
18 MayIvanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation FlawsIvanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities that could be exploited by bad actors to bypass authentication and execute arbitrary code. Topping the list is a critical flaw impacting Ivanti Xtraction (CVE-2026-8043, CVSS score: 9.…THEHACKERNEWS.COM
18 May KEVCritical NGINX Vulnerability Lets Hackers Launch Remote Code Execution AttacksA newly disclosed vulnerability in NGINX is already being actively exploited, raising serious concerns across the global cybersecurity community. Tracked as CVE-2026-42945, the flaw affects both NGINX Open Source and NGINX Plus, potentially allowing attackers to crash servers or …GBHACKERS.COM
18 MayGamaredon Deploys GammaDrop, GammaLoad in Phishing CampaignsGamaredon Uses GammaDrop and GammaLoad Downloaders in Multi-Stage Phishing Attacks. A sustained cyber-espionage campaign linked to the Gamaredon threat group is actively targeting Ukrainian government entities using multi-stage phishing attacks and evolving malware loaders. Gamar…GBHACKERS.COM
18 May‘Patched’ Windows bug resurfaces 6 years later as working SYSTEM-level exploitAn old elevation-of-privilege (EoV) vulnerability affecting the Cloud Filter driver “cldflt.sys” in Windows has come back to haunt Microsoft, as researchers claim it is still exploitable six years after it was supposedly patched. The flaw, originally reported to Microsoft by Goog…CSOONLINE.COM
18 MayAttackers are exploiting critical NGINX vulnerability (CVE-2026-42945)A critical NGINX vulnerability (CVE-2026-42945) disclosed last week is being exploited by attackers, VulnCheck security researcher Patrick Garrity revealed on Saturday. The vulnerability, dubbed NGINX Rift, can be reliably exploited to trigger a denial-of-service condition and ca…HELPNETSECURITY.COM
18 MayMicrosoft Exchange Zero-Day Under Attack, No Patch AvailableCVE-2026-42897 stems from a cross-site scripting (XSS) vulnerability and can allow an attacker to compromise Outlook Web Access (OWA) mailboxes.DARKREADING.COM
17 May KEVNGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCEA newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public disclosure, according to VulnCheck. The vulnerability, tracked as CVE-2026-42945 (CVSS score: 9.2), is a heap buffer overflow in ngx_http_rewr…THEHACKERNEWS.COM
17 MaySECURITY AFFAIRS MALWARE NEWSLETTER ROUND 97Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter JDownloader site hacked to replace installers with Python RAT malware     New TrickMo Variant: Device Take …SECURITYAFFAIRS.COM
16 MayCVE-2026-40460 NGINX ngx_quic_module vulnerabilityInformation published.MSRC.MICROSOFT.COM
16 MayCVE-2026-42934 NGINX ngx_http_charset_module vulnerabilityInformation published.MSRC.MICROSOFT.COM
16 MayCVE-2026-43490 ksmbd: validate inherited ACE SID lengthInformation published.MSRC.MICROSOFT.COM
16 MayCVE-2026-40701 NGINX ngx_http_ssl_module vulnerabilityInformation published.MSRC.MICROSOFT.COM
16 MayCVE-2026-42945 NGINX ngx_http_rewrite_module vulnerabilityInformation published.MSRC.MICROSOFT.COM
16 MayCVE-2026-46333 ptrace: slightly saner 'get_dumpable()' logicInformation published.MSRC.MICROSOFT.COM
16 MayLinux “ssh-keysign-pwn” Flaw Exposing Critical Authentication FilesA newly disclosed Linux kernel vulnerability, dubbed “ssh-keysign-pwn” by Qualys researchers, exposes millions of Linux systems to unauthorized access to sensitive SSH private keys and hashed passwords stored in /etc/shadow. Tracked as CVE-2026-463…GBHACKERS.COM
15 MayPalo Alto Firewalls Hit by Zero-Day Allowing Arbitrary Code Execution as RootA devastating zero-day vulnerability in Palo Alto Networks firewalls is under active exploitation by suspected state-sponsored hackers, allowing unauthenticated attackers to seize complete control of enterprise security infrastructure. The flaw, tracked as CVE-2026-0300 with a cr…GBHACKERS.COM
15 MayOn-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted EmailMicrosoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-42897 (CVSS score: 8.1), has been described as a spoofing bug stemming from a …THEHACKERNEWS.COM
15 MayNext.js Security Flaw Leaks Cloud Credentials, API Keys, and Admin InterfacesNext.js, one of the most widely used React frameworks, has been hit by a high-severity vulnerability that could allow attackers to extract sensitive cloud credentials, API keys, and even access internal admin interfaces. The flaw, tracked as CVE-2026-44578, exposes a critical wea…GBHACKERS.COM
15 MayCVE-2026-4893 CVE-2026-4893Information published.MSRC.MICROSOFT.COM
15 MayCVE-2026-2291 CVE-2026-2291Information published.MSRC.MICROSOFT.COM
15 MayCVE-2026-5172 CVE-2026-5172Information published.MSRC.MICROSOFT.COM
15 MayCVE-2026-4890 CVE-2026-4890Information published.MSRC.MICROSOFT.COM
15 MayCVE-2026-8295 Integer overflow in simdjsonInformation published.MSRC.MICROSOFT.COM
15 MayCVE-2026-4891 CVE-2026-4891Information published.MSRC.MICROSOFT.COM
15 MayCVE-2026-4892 CVE-2026-4892Information published.MSRC.MICROSOFT.COM
15 May KEVCisco Catalyst SD-WAN Controller Flaw Under Active Exploitation for Admin AccessCisco has disclosed a critical vulnerability in its Catalyst SD-WAN platform that is already being exploited in the wild, allowing attackers to gain administrative control over enterprise networks without authentication. Critical SD-WAN flaw under attack The vulnerability, tracke…GBHACKERS.COM
15 MayAmazon Redshift JDBC Driver Flaws Expose Systems to RCE AttacksAmazon Redshift users are facing a serious security risk after researchers uncovered a high-severity vulnerability that could allow attackers to execute arbitrary code on affected systems. The flaw, tracked as CVE-2026-8178, affects the widely used Amazon Redshift JDBC Driver and…GBHACKERS.COM
15 MayUnpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897)A critical cross-site scripting (XSS) vulnerability (CVE-2026-42897) in Microsoft Exchange Server is being exploited by attackers, Microsoft warned on Thursday. A permanent fix is still in the works. In the meantime, Microsoft provided temporary mitigations. About CVE-2026-42897 …HELPNETSECURITY.COM
15 May KEVPraisonAI Vulnerability Actively Exploited Within Hours of Being Made PublicA high-severity vulnerability in PraisonAI is drawing urgent attention after security researchers observed exploitation attempts within hours of public disclosure. The flaw, tracked as CVE-2026-44338 and documented in the GitHub advisory GHSA-6rmh-7xcm-cpxj, exposes a critical au…GBHACKERS.COM
15 MayVMware Fusion Flaw Could Allow Attackers to Gain Root PrivilegesA newly disclosed vulnerability in VMware Fusion has raised serious security concerns after researchers confirmed it could allow attackers to escalate privileges to root on affected systems. The flaw, tracked as CVE-2026-41702, has been rated high severity with a CVSS score of 7.…GBHACKERS.COM
15 May KEVCisco patches another actively exploited SD-WAN zero-day (CVE-2026-20182)Cisco has patched yet another Catalyst SD-WAN Controller authentication bypass vulnerability (CVE-2026-20182) that has been exploited as a zero-day by “a highly sophisticated cyber threat actor”. About CVE-2026-20182 CVE-2026-20182 – affecting both Cisco Catalys…HELPNETSECURITY.COM
15 MayCVE-2026-40379 Azure Entra ID Spoofing VulnerabilityCorrected CVE title. This is an informational change only.MSRC.MICROSOFT.COM
15 MayCVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-dayMicrosoft warned that attackers are exploiting a new Exchange Server zero-day vulnerability, tracked as CVE-2026-42897, in the wild. Microsoft warned that threat actors are actively exploiting a new Exchange Server zero-day vulnerability tracked as CVE-2026-42897 (CVSS score 8.1)…SECURITYAFFAIRS.COM
15 May KEVExchange Server zero-day vulnerability can be triggered by opening a malicious emailA newly discovered zero-day vulnerability in Microsoft Exchange Server has experts declaring an emergency and urging CSOs to think about the need to abandon on-premises email solutions. “Because it’s already being exploited in the wild, this isn’t a ‘patch next week situation; it…CSOONLINE.COM
15 MayMetasploit Wrap-Up 05/15/2026Weaponizing a text editor for fun and profit Gather round, dear readers, because today, we (by we, we mean @h00die) dropped the ultimate persistence mechanism: Vim plugin persistence. And honestly, calling it "persistence" feels redundant — Vim is already the most persistent thin…RAPID7.COM
14 MayNew Fragnesia Linux Kernel LPE Grants Root Access via Page Cache CorruptionDetails have emerged about a new variant of the recent Dirty Frag Linux local privilege escalation (LPE) vulnerability that allows local attackers to gain root access, making it the third such bug to be identified in the kernel within a span of two weeks. Codenamed Fragnesia, the…THEHACKERNEWS.COM
14 May18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCECybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open, including a critical flaw that remained undetected for 18 years. The vulnerability, discovered by depthfirst, is a heap buffer overflow issue impacting ngx_http_rewrite…THEHACKERNEWS.COM
14 May KEVLangflow CVE-2026-33017 Exploited to Steal AWS Keys, Deploy NATS WorkerLangflow instances left unpatched against CVE-2026-33017 are now being actively abused not just for remote code execution, but as launchpads to steal AWS keys and join a NATS-backed botnet-style worker pool dubbed “KeyHunter.” The vulnerability, now listed in CISA’s Known Exploit…GBHACKERS.COM
14 MayMongoDB Security Flaw Enables Arbitrary Code Execution on Vulnerable SystemsThe foundation of countless modern applications is under an emerging threat. A severe vulnerability in MongoDB could allow attackers to execute unauthorised code on targeted database servers undetected. Tracked officially as CVE-2026-8053, this critical flaw serves as a potential…GBHACKERS.COM
14 MayCritical Exim Mailer Flaw Enables Remote Code Execution AttacksA newly disclosed vulnerability in the widely used Exim mail transfer agent exposes thousands of internet-facing mail servers to unauthenticated remote code execution, threatening core email infrastructure across Linux and Unix-like systems. Tracked as CVE-2026-45185 and nickname…GBHACKERS.COM
14 MayPraisonAI vulnerability gets scanned within 4 hours of disclosureA newly disclosed authentication bypass flaw in the open-source AI orchestration framework PraisonAI was probed by internet scanners less than four hours after its public disclosure. According to Sysdig observations, roughly three hours and 44 minutes after a GitHub advisory drop…CSOONLINE.COM
14 MayPraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of DisclosureThreat actors have been observed attempting to exploit a recently disclosed security vulnerability in PraisonAI, an open-source multi-agent orchestration framework, within four hours of public disclosure. The vulnerability in question is CVE-2026-44338 (CVSS score: 7.3), a case o…THEHACKERNEWS.COM
14 MayWindows DNS Client Security Flaw Exposes Systems to Remote Code ExecutionWindows systems worldwide are at risk from a new critical flaw in the Windows DNS Client that could allow remote code execution without any user interaction. Tracked as CVE-2026-41096, the vulnerability has been rated critical with a CVSS base score of 9.8. It is patched in Micro…GBHACKERS.COM
14 MayCVE-2026-42945: NGINX Rewrite Heap Overflow Enables Remote DoS & Potential RCECVE-2026-42945: NGINX Rewrite Heap Overflow Enables Remote DoS & Potential RCE CVE-2026-42945 is a heap-based buffer overflow in NGINX that occurs in ngx_http_rewrite_module (the rewrite module). The bug is remotely reachable over HTTP and can be triggered without authenticat…SOCRADAR.IO
14 MayCritical WordPress Plugin Flaw Allows Unauthorized Access to WebsitesA critical vulnerability in a widely used WordPress plugin has exposed more than 200,000 websites to potential takeover, raising urgent concerns across the security community. Security researchers at Wordfence, using their AI-driven PRISM platform, have uncovered a severe authent…GBHACKERS.COM
14 MayNGINX Rift: an 18-year-old flaw in the world’s most deployed web server just came to lightResearchers found a critical 18-year-old buffer overflow flaw in NGINX, tracked as CVE-2026-42945 and named NGINX Rift. If you run NGINX, and statistically speaking, there is a very good chance you do, this week brought news worth stopping for. Security researchers at depthfirst …SECURITYAFFAIRS.COM
14 MayFragnesia: New Linux kernel LPE bug was spawned by Dirty Frag patch (CVE-2026-46300)Researchers have found and disclosed yet another local privilege escalation (LPE) vulnerability in the Linux kernel: CVE-2026-46300, aka “Fragnesia”. The flaw is in the same class of vulnerabilities as the recently disclosed Dirty Frag bug(s). Like Dirty Frag, it affe…HELPNETSECURITY.COM
14 MayCVE-2026-42897 Microsoft Exchange Server Spoofing VulnerabilityImproper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.MSRC.MICROSOFT.COM
14 MayCVE-2026-41615 Microsoft Authenticator Information Disclosure VulnerabilityExposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
14 MayBroadcom releases VMware Fusion security update for root access bugBroadcom patched a high-severity VMware Fusion flaw, CVE-2026-41702, that could let local attackers gain root privileges. Broadcom released a security update for VMware Fusion to address a high-severity vulnerability, tracked as CVE-2026-41702, that could allow local attackers to…SECURITYAFFAIRS.COM
14 MayCVE-2026-20182: Critical authentication bypass in Cisco Catalyst SD-WAN Controller (FIXED)Overview While researching a critical authentication bypass vulnerability, CVE-2026-20127 , which was exploited in-the-wild , Rapid7 Labs discovered a new authentication bypass vulnerability affecting Cisco Catalyst SD-WAN Controller (formerly known as vSmart), CVE-2026-20182 . T…RAPID7.COM
14 May KEVThe Dark Side of Efficiency: When Network Controllers Become "God Mode" for AttackersImagine you build a massive corporate campus with every security control money can buy. Blast resistant doors. Biometric scanners. Guards at every entrance. Maybe something similar to the infamous Death Star. On paper, it looks fantastic. Then, somewhere along the way, somebody d…RAPID7.COM
14 MayOngoing exploitation of Cisco Catalyst SD-WAN vulnerabilitiesCisco Talos is tracking the active exploitation of CVE-2026-20182, an authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage.TALOSINTELLIGENCE.COM
14 May KEVCisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin AccessCisco has released updates to address a maximum-severity authentication bypass flaw in Catalyst SD-WAN Controller that it said has been exploited in limited attacks. The vulnerability, tracked as CVE-2026-20182, carries a CVSS score of 10.0. "A vulnerability in the peering authen…THEHACKERNEWS.COM
14 MayLinux Kernel bug Fragnesia allows local root access attacksFragnesia, a new Linux kernel flaw tracked as CVE-2026-46300, could let local attackers gain root access through page cache corruption. Researchers disclosed a new Linux kernel privilege escalation vulnerability named Fragnesia, tracked as CVE-2026-46300 (CVSS score of 7.8). The …SECURITYAFFAIRS.COM
14 May KEVCVE-2026-0265: Authentication Bypass in Palo Alto Networks PAN-OSOverview On May 13, 2026, Palo Alto Networks published a security advisory for CVE-2026-0265 , a signature verification vulnerability that facilitates authentication bypass on PAN-OS , the operating system that most Palo Alto Networks firewalls run. This vulnerability allows a re…RAPID7.COM
14 MayMeet Fragnesia, the third Linux kernel vulnerability in a monthLinux admins reeling from handling last month’s CopyFail and last week’s Dirty Frag kernel vulnerabilities have a new headache to deal with: Fragnesia. “This is a significant vulnerability,” Robert Beggs , head of incident response firm DigitalDefence, told CSO . “It is bypassing…CSOONLINE.COM
14 MayAI agent finds 18-year-old remote code execution flaw in NginxResearchers have found a critical vulnerability in the widely used Nginx web server that can potentially lead to remote code execution under certain conditions. The flaw is a heap buffer overflow that has gone undetected in the program’s code for the past 18 years. Tracked as CVE…CSOONLINE.COM
13 MayMay Patch Tuesday roundup: Critical holes in Windows Netlogon, DNS, and SAP S/4HANACritical vulnerabilities in Windows Server’s networking and identity infrastructure, as well as a serious hole in Microsoft Dynamics 365 on-premises version, highlight Microsoft’s May Patch Tuesday fixes. They are among the 118 vulnerabilities identified this month by the company…CSOONLINE.COM
13 MayPatch Tuesday - May 2026Microsoft is publishing 137 vulnerabilities on May 2026 Patch Tuesday . Microsoft is not aware of exploitation in the wild or public disclosure for any of these vulnerabilities. So far this month, Microsoft has provided patches to address 133 browser vulnerabilities, which are no…RAPID7.COM
13 MayCVE-2026-43896 jq: Stack Overflow in Recursive Object MergeInformation published.MSRC.MICROSOFT.COM
13 MayCritical Fortinet vulnerabilities fixed in FortiSandbox and FortiAuthenticatorFortinet patched critical flaws in FortiSandbox and FortiAuthenticator that could let attackers remotely execute code on unpatched systems. Fortinet addressed two critical vulnerabilities affecting FortiSandbox and FortiAuthenticator. The flaws could allow attackers to execute ar…SECURITYAFFAIRS.COM
13 MayMicrosoft’s agentic security system found four critical Windows RCE flawsMicrosoft responded to growing competition in AI security by announcing that its new agentic security system helped researchers discover 16 new vulnerabilities in the Windows networking and authentication stack, including four critical remote code execution (RCE) flaws. MDASH arc…HELPNETSECURITY.COM
13 MayMicrosoft’s new AI system finds 16 Windows flaws, including four critical RCEsMicrosoft has unveiled a new AI-driven vulnerability discovery system that identified 16 previously unknown Windows vulnerabilities, including four critical remote code execution flaws, in what security analysts say could mark a major shift in how software vulnerabilities are dis…CSOONLINE.COM
13 MayQuest KACE SMA flaw CVE-2025-32975: when one unpatched tool opens the door to 60 organizationsCVE-2025-32975 is a critical flaw in Quest KACE SMA used for endpoint management. If exploited, it could impact all managed systems across organizations. CVE-2025-32975 is a critical flaw in Quest KACE SMA used for endpoint management. If exploited, it could impact all managed sy…SECURITYAFFAIRS.COM
13 MayWhen IT Support Calls: Dissecting a ModeloRAT Campaign from Teams to Domain CompromiseOverview Attackers do not need to break into the front door when they can convince employees to open it for them through the tools they already trust. In April 2026, Rapid7 investigated an enterprise intrusion that began with a Microsoft Teams message from a fake “IT Support” acc…RAPID7.COM
13 May KEVFortinet fixes two critical RCE flaws in FortiAuthenticator and FortiSandboxFortinet released a batch of patches across its products on Patch Tuesday, including two critical vulnerabilities that can lead to remote code execution. Fortinet flaws, both zero-day and n-day, have been exploited in the wild many times in the past, so companies should deploy pa…CSOONLINE.COM
12 MayLinux kernel maintainers suggest a ‘kill switch’ to protect systems until a zero-day vulnerability is patchedLinux server admins may get the ability to turn off a vulnerable function in the OS kernel until a patch for a zero-day vulnerability is ready, if a proposal from a kernel developer and maintainer is accepted by the open source community. The idea of a kill switch for privileged …CSOONLINE.COM
12 MayBitUnlocker Downgrade Attack Bypasses Windows 11 Disk Encryption in MinutesA proof-of-concept (PoC) exploit that demonstrates how attackers can bypass Windows 11 BitLocker disk encryption in under 5 minutes. Dubbed the “BitUnlocker” attack, this physical downgrade technique exploits a known vulnerability, CVE-2025-48804. Initially documented…GBHACKERS.COM
12 MayCline AI Agent Flaw Allows Attackers to Launch RCE AttacksA critical security vulnerability in the Cline AI coding assistant’s kanban package exposes developers to remote code execution, data theft, and denial-of-service attacks by simply visiting a malicious website. Security researcher Sagilayani disclosed CVE-2026-44211 on GitH…GBHACKERS.COM
12 MaycPanel flaw exposes enterprises to hosting supply-chain risksA newly disclosed cPanel vulnerability is being exploited at scale, giving attackers a route into web hosting environments that many enterprises may not monitor closely. Analysts say the risk highlights weak visibility into hosting supply chains. The flaw, tracked as CVE-2026-419…CSOONLINE.COM
12 MayCopy.Fail Linux VulnerabilityThis is the worst Linux vulnerability in years. TL;DR copy.fail is a Linux kernel local privilege escalation, not a browser or clipboard attack. Disclosed by Theori on 29 April 2026 with a working PoC. It abuses the kernel crypto API (AF_ALG sockets) plus splice() to write four b…SCHNEIER.COM
12 MayAttackers exploit cPanel CVE-2026-41940 to deploy Filemanager BackdoorAttackers are exploiting cPanel flaw CVE-2026-41940 to install the Filemanager backdoor and gain unauthorized admin access. Cybercriminals are actively exploiting the critical cPanel vulnerability CVE-2026-41940 (CVSS score of 9.3) to deploy a backdoor called Filemanager on compr…SECURITYAFFAIRS.COM
12 MayJetBrains TeamCity vulnerability allows privilege escalation, API exposure (CVE-2026-44413)JetBrains has patched a high-severity vulnerability (CVE-2026-44413) in TeamCity, its popular continuous integration and continuous delivery platform, and is urging organizations with on-premises and self-managed deployments to upgrade to the fixed version or implement a security…HELPNETSECURITY.COM
12 MayStealthy hackers exploit cPanel flaw in active backdoor campaign (CVE-2026-41940)Security researchers at XLab have outlined an active attack campaign targeting CVE-2026-41940, the recently disclosed vulnerability in cPanel & WHM, and have linked it to a stealthy hacking group that has been operating largely undetected for years. The vulnerability allows …HELPNETSECURITY.COM
12 MayCVE-2026-32204 Azure Monitor Agent Elevation of Privilege VulnerabilityExternal control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-32177 .NET Elevation of Privilege VulnerabilityHeap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-21530 Windows Rich Text Edit Elevation of Privilege VulnerabilityDouble free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-33117 Azure SDK for Java Security Feature Bypass VulnerabilityImproper authentication in Azure SDK allows an unauthorized attacker to bypass a security feature over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-33834 Windows Event Logging Service Elevation of Privilege VulnerabilityImproper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-33839 Win32k Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-33840 Win32k Elevation of Privilege VulnerabilityUse after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-33841 Windows Kernel Elevation of Privilege VulnerabilityHeap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34329 Microsoft Message Queuing (MSMQ) Remote Code Execution VulnerabilityHeap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network.MSRC.MICROSOFT.COM
12 MayCVE-2026-34330 Win32k Elevation of Privilege VulnerabilityInteger overflow or wraparound in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34331 Win32k Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34333 Windows Win32k Elevation of Privilege VulnerabilityUse after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34342 Windows Print Spooler Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34343 Windows Application Identity (AppID) Subsystem Elevation of Privilege VulnerabilityHeap-based buffer overflow in Windows Application Identity (AppID) Subsystem allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34344 Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityAccess of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34345 Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34347 Windows Win32k Elevation of Privilege VulnerabilityUse after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34350 Windows Storport Miniport Driver Denial of Service VulnerabilityNull pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-34351 Windows TCP/IP Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-35415 Windows Storage Spaces Controller Elevation of Privilege VulnerabilityInteger overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-35416 Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityUse after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-35417 Windows Win32k Elevation of Privilege VulnerabilityAccess of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-35418 Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityUse after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-35419 Windows DWM Core Library Information Disclosure VulnerabilityOut-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-35420 Windows Kernel Elevation of Privilege VulnerabilityHeap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-35421 Windows GDI Remote Code Execution VulnerabilityHeap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-35422 Windows TCP/IP Driver Security Feature Bypass VulnerabilityAuthentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-35423 Windows 11 Telnet Client Information Disclosure VulnerabilityOut-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-35424 Internet Key Exchange (IKE) Protocol Denial of Service VulnerabilityMissing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-35433 .NET Elevation of Privilege VulnerabilityImproper input validation in .NET allows an unauthorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-35438 Windows Admin Center Elevation of Privilege VulnerabilityMissing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-35439 Microsoft SharePoint Server Remote Code Execution VulnerabilityDeserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-35440 Microsoft Word Information Disclosure VulnerabilityFiles or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40360 Microsoft Excel Information Disclosure VulnerabilityOut-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40363 Microsoft Office Remote Code Execution VulnerabilityHeap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40364 Microsoft Word Remote Code Execution VulnerabilityAccess of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40366 Microsoft Word Remote Code Execution VulnerabilityUse after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40368 Microsoft SharePoint Server Remote Code Execution VulnerabilityDeserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-40374 Microsoft Power Automate Desktop Information Disclosure VulnerabilityExposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-40377 Microsoft Cryptographic Services Elevation of Privilege VulnerabilityHeap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40380 Windows Volume Manager Extension Driver Remote Code Execution VulnerabilityHeap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.MSRC.MICROSOFT.COM
12 MayCVE-2026-40399 Windows TCP/IP Elevation of Privilege VulnerabilityStack-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40405 Windows TCP/IP Denial of Service VulnerabilityNull pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-40406 Windows TCP/IP Information Disclosure VulnerabilityUse after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-40407 Windows Common Log File System Driver Elevation of Privilege VulnerabilityHeap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40408 Windows WAN ARP Driver Elevation of Privilege VulnerabilityUse after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40410 Windows SMB Client Elevation of Privilege VulnerabilityUse after free in Windows SMB Client allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40414 Windows TCP/IP Denial of Service VulnerabilityNull pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.MSRC.MICROSOFT.COM
12 MayCVE-2026-40415 Windows TCP/IP Remote Code Execution VulnerabilityUse after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-40417 Microsoft Dynamics 365 Business Central Elevation of Privilege VulnerabilityWeak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40419 Microsoft Office Click-To-Run Elevation of Privilege VulnerabilityUse after free in Microsoft Office allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40421 Microsoft Word Information Disclosure VulnerabilityExternal control of file name or path in Microsoft Office Word allows an unauthorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-41088 Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityExternal control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-41089 Windows Netlogon Remote Code Execution VulnerabilityStack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-41094 Microsoft Data Formulator Remote Code Execution VulnerabilityImproper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-41095 Data Deduplication Elevation of Privilege VulnerabilityUse after free in Data Deduplication allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-41096 Windows DNS Client Remote Code Execution VulnerabilityHeap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-41100 Microsoft 365 Copilot for Android Spoofing VulnerabilityImproper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-41101 Microsoft Word for Android Spoofing VulnerabilityImproper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-41102 Microsoft PowerPoint for Android Spoofing VulnerabilityImproper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-41109 GitHub Copilot and Visual Studio Code Security Feature Bypass VulnerabilityImproper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-41610 Visual Studio Code Security Feature Bypass VulnerabilityImproper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-41611 Visual Studio Code Remote Code Execution VulnerabilityImproper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-41612 Visual Studio Code Information Disclosure VulnerabilityRelative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-41614 M365 Copilot for Desktop Spoofing VulnerabilityImproper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-32161 Windows Native WiFi Miniport Driver Remote Code Execution VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent network.MSRC.MICROSOFT.COM
12 MayCVE-2026-32170 Windows Rich Text Edit Elevation of Privilege VulnerabilityDouble free in Windows Rich Text Edit Control allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-32185 Microsoft Teams Spoofing VulnerabilityFiles or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-42831 Microsoft Office Remote Code Execution VulnerabilityHeap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-32175 .NET Core Tampering VulnerabilityA tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited c…MSRC.MICROSOFT.COM
12 MayCVE-2026-42825 Windows Telephony Service Elevation of Privilege VulnerabilityUse after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-42896 Windows DWM Core Library Elevation of Privilege VulnerabilityInteger overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-42898 Microsoft Dynamics 365 On-Premises Remote Code Execution VulnerabilityImproper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-42899 ASP.NET Core Denial of Service VulnerabilityLoop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-33110 Microsoft SharePoint Server Remote Code Execution VulnerabilityDeserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-33112 Microsoft SharePoint Server Remote Code Execution VulnerabilityDeserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-33833 Azure Machine Learning Notebook Spoofing VulnerabilityImproper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-33835 Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityUse after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-33837 Windows TCP/IP Local Elevation of Privilege VulnerabilityHeap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-33838 Windows Message Queuing (MSMQ) Elevation of Privilege VulnerabilityDouble free in Windows Message Queuing allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34332 Windows Kernel-Mode Driver Remote Code Execution VulnerabilityUse after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-34334 Windows TCP/IP Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34336 Windows DWM Core Library Information Disclosure VulnerabilityBuffer over-read in Windows DWM Core Library allows an authorized attacker to disclose information locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34337 Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityUse after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34338 Windows Telephony Service Elevation of Privilege VulnerabilityUse after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34339 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service VulnerabilityNull pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to deny service locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34340 Windows Projected File System Elevation of Privilege VulnerabilityUse after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34341 Windows Link-Layer Discovery Protocol (LLDP) Elevation of Privilege VulnerabilityDouble free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40357 Microsoft SharePoint Server Remote Code Execution VulnerabilityDeserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-40358 Microsoft Office Remote Code Execution VulnerabilityUse after free in Microsoft Office allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40359 Microsoft Excel Remote Code Execution VulnerabilityUse after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40361 Microsoft Word Remote Code Execution VulnerabilityUse after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40362 Microsoft Excel Remote Code Execution VulnerabilityHeap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40365 Microsoft SharePoint Server Remote Code Execution VulnerabilityInsufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-40367 Microsoft Word Remote Code Execution VulnerabilityUntrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40370 SQL Server Remote Code Execution VulnerabilityExternal control of file name or path in SQL Server allows an authorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-40369 Windows Kernel Elevation of Privilege VulnerabilityUntrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40382 Windows Telephony Service Elevation of Privilege VulnerabilityUse after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40397 Windows Common Log File System Driver Elevation of Privilege VulnerabilityInteger underflow (wrap or wraparound) in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-32209 Windows Filtering Platform (WFP) Security Feature Bypass VulnerabilityImproper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40398 Windows Remote Desktop Services Elevation of Privilege VulnerabilityHeap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40401 Windows TCP/IP Denial of Service VulnerabilityNull pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40402 Windows Hyper-V Elevation of Privilege VulnerabilityUse after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40403 Windows Graphics Component Remote Code Execution VulnerabilityHeap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40413 Windows TCP/IP Denial of Service VulnerabilityNull pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.MSRC.MICROSOFT.COM
12 MayCVE-2026-40418 Microsoft Office Click-To-Run Elevation of Privilege VulnerabilityUse after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-35436 Microsoft Office Click-To-Run Elevation of Privilege VulnerabilityInsufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40420 Microsoft Office Click-To-Run Elevation of Privilege VulnerabilityImproper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-41086 Windows Admin Center in Azure Portal Elevation of Privilege VulnerabilityImproper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-41097 Secure Boot Security Feature Bypass VulnerabilityReliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40381 Azure Connected Machine Agent Elevation of Privilege VulnerabilityImproper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-41103 Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege VulnerabilityIncorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-41613 Visual Studio Code Elevation of Privilege VulnerabilitySession fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-42823 Azure Logic Apps Elevation of Privilege VulnerabilityImproper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-42830 Azure Monitor Agent Metrics Extension Elevation of Privilege VulnerabilityUntrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-42832 Microsoft Office Spoofing VulnerabilityImproper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-42833 Microsoft Dynamics 365 On-Premises Remote Code Execution VulnerabilityExecution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 MayCVE-2025-54518 AMD: CVE-2025-54518 CPU OP Cache CorruptionThis vulnerability was found and addressed by AMD. We are documenting it in the Security Update Guide to encourage customers to install the May 2026 version of Windows as soon as possible. The vulnerability assigned to this CVE is in certain processor models offered by AMD. The m…MSRC.MICROSOFT.COM
12 MayCVE-2026-42893 Microsoft Outlook for iOS Tampering VulnerabilityImproper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network.MSRC.MICROSOFT.COM
12 May KEVMicrosoft’s May 2026 Patch Tuesday Addresses 118 CVEs (CVE-2026-41103)16 Critical 102 Important 0 Moderate 0 Low Microsoft addresses 118 CVEs in its May 2026 Patch Tuesday release, with no zero-days exploited in the wild or publicly disclosed for the first time since June 2024. Microsoft patched 118 CVEs in its May 2026 Patch Tuesday release, with …TENABLE.COM
12 MayNew Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code ExecutionExim has released security updates to address a severe security issue affecting certain configurations that could enable memory corruption and potential code execution. Exim is an open-source Mail Transfer Agent (MTA) designed for Unix-like systems to receive, route, and deliver …THEHACKERNEWS.COM
12 May KEVMicrosoft May 2026 Patch Tuesday: Many fixes, but no zero-daysMicrosoft has marked May 2026 Patch Tuesday by releasing fixes for 120+ CVE-numbered vulnerabilities, none of which (for a change) are actively exploited or have been publicly disclosed. Still, some deserve more consideration and should be addressed sooner than others. Patches to…HELPNETSECURITY.COM
11 MayCVE-2026-31707 ksmbd: validate response sizes in ipc_validate_msg()Information published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43052 wifi: mac80211: check tdls flag in ieee80211_tdls_operInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43474 fs: init flags_valid before calling vfs_fileattr_getInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2025-71302 drm/panthor: fix for dma-fence safe access rulesInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43320 drm/amd/display: Fix dsc eDP issueInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43306 bpf: crypto: Use the correct destructor kfunc typeInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43311 soc/tegra: pmc: Fix unsafe generic_handle_irq() callInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-45186Information published.MSRC.MICROSOFT.COM
11 MayCVE-2026-7568 Signed integer overflow in metaphone()Information published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43053 xfs: close crash window in attr dabtree inactivationInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-31777 ALSA: ctxfi: Check the error for index mappingInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43284 xfrm: esp: avoid in-place decrypt on shared skb fragsInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43317 most: core: fix leak on early registration failureInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43321 bpf: Properly mark live registers for indirect jumpsInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43456 bonding: fix type confusion in bond_setup_by_slave()Information published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43298 drm/amdgpu: Skip vcn poison irq release on VFInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43353 i3c: mipi-i3c-hci: Fix race in DMA ring dequeueInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-7258 Out-of-bounds read in urldecode() on NetBSDInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-6722 Use-After-Free in SOAP using Apache mapInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-6735 XSS within PHP-FPM status endpointInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2025-21714 RDMA/mlx5: Fix implicit ODP use after freeInformation published.MSRC.MICROSOFT.COM
11 MayPoC Exploit Released for Android Zero-Click Flaw Enabling Remote Shell AccessPublic references indicate that a GitHub proof-of-concept is now circulating for CVE-2026-0073, the critical Android flaw documented in Google’s May 2026 security bulletin, raising the urgency for defenders with wireless ADB enabled on test or production devices. Google and multi…GBHACKERS.COM
11 May1,800+ MCP servers exposed without authentication: How zero trust can secure the AI agent revolutionWe find ourselves teetering upon a precipice of our own unwitting construction, and the vertiginous depth of our collective negligence ought to give every security practitioner profound pause. In our headlong rush to deploy AI agents across enterprise environments, we have erecte…CSOONLINE.COM
11 MayThe impact of Mythos and Florida Man, confidence gaps, phishing, & AI adoption - Erich... - ESW #458The Weekly Enterprise News This week, in the enterprise security news, 1. Copy Fail 2. The hits keep coming for CVE, NIST and NVD 3. Cyber attacks on breathalyzers 4. insurance carriers pulling support for AI 5. Florida Man pleads guilty 6. ignore the humanities at your own peril…YOUTUBE.COM
11 MaycPanel and WHM Servers Targeted in Attacks Exploiting CVE-2026-41940A critical authentication bypass vulnerability affecting cPanel and WHM servers, identified as CVE-2026-41940, is currently under active exploitation by a highly sophisticated and elusive cybercriminal syndicate known as Mr_Rot13. The vulnerability carries a maximum severity CVSS…GBHACKERS.COM
11 May KEVNew ‘Dirty Frag’ exploit targets Linux kernel for root accessA newly disclosed Linux privilege escalation issue dubbed “Dirty Frag” is giving attackers a cleaner path to post-compromise escalation to root privileges. According to Microsoft, a couple of vulnerabilities constituting the issue, affecting Linux kernel networking and memory-fra…CSOONLINE.COM
11 MayLinux developers weigh emergency “killswitch” for vulnerable kernel functionsLinux kernel developers are reviewing a proposal for an emergency risk mitigation mechanism (“Killswitch”) that would allow administrators to disable vulnerable kernel functions at runtime. The proposal, submitted by Linux kernel developer/maintainer Sasha Levin, arri…HELPNETSECURITY.COM
11 MayVU#937808: Casdoor contains Arbitrary File Write vulnerabilityOverview Casdoor contains an arbitrary file write vulnerability in the implementation of its "Local File System" storage provider. Due to insufficient sanitization of user-supplied paths, an authenticated user with file upload permissions can escape the intended storage directory…KB.CERT.ORG
11 MayVU#471747: dnsmasq contains several vulnerabilities, including attacker DNS redirect, privilege escalation, and heap manipulationOverview dnsmasq is affected by multiple memory safety and input validation vulnerabilities, including heap buffer overflows, heap corruption, and code execution flaws. Collectively, these vulnerabilities enable attackers to poison cached DNS records, bypass security controls, cr…KB.CERT.ORG
11 MaycPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager BackdoorA threat actor named Mr_Rot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor codenamed Filemanager on compromised environments. The attack exploits CVE-2026-41940, a vulnerability impacting cPanel and WebHost Manager (WHM…THEHACKERNEWS.COM
11 MayFlash Alert: EtherRat and TukTuk C2 End in The Gentleman RansomwareThe EtherRAT malware family was first reported by Sysdig back in December 2025. At that time, the initial access vector was exploitation of CVE-2025-55182 (React2Shell) targeting Linux servers. In March 2026, a Windows variant campaign was reported by Atos, with their investigati…THEDFIRREPORT.COM
10 MayCVE-2026-6665 PgBouncer buffer overflow in SCRAMInformation published.MSRC.MICROSOFT.COM
10 MayCVE-2026-6666 PgBouncer crash in kill_pool_logins_server_errorInformation published.MSRC.MICROSOFT.COM
10 MayCVE-2026-45130 Vim: Heap Buffer Overflow in spell file loadingInformation published.MSRC.MICROSOFT.COM
10 MayCVE-2026-44656 Vim: OS Command Injection via 'path' completionInformation published.MSRC.MICROSOFT.COM
10 MayCVE-2026-33811 Crash when handling long CNAME response in netInformation published.MSRC.MICROSOFT.COM
10 MayCVE-2026-39826 Escaper bypass leads to XSS in html/templateInformation published.MSRC.MICROSOFT.COM
10 MayOllama Out-of-Bounds Read Vulnerability Allows Remote Process Memory LeakCybersecurity researchers have disclosed a critical security vulnerability in Ollama that, if successfully exploited, could allow a remote, unauthenticated attacker to leak its entire process memory. The out-of-bounds read flaw, which likely impacts over 300,000 servers globally,…THEHACKERNEWS.COM
9 MaycPanel, WHM Release Fixes for Three New Vulnerabilities — Patch NowcPanel has released updates to address three vulnerabilities in cPanel and Web Host Manager (WHM) that could be exploited to achieve privilege escalation, code execution, and denial-of-service. The list of vulnerabilities is as follows - CVE-2026-29201 (CVSS score: 4.3) - An insu…THEHACKERNEWS.COM
8 May13 new critical holes in JavaScript sandbox allow execution of arbitrary codeThirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code to escape the container and do nasty things to IT environments. As a result, developers using this library in their applications are urged to update the sof…CSOONLINE.COM
8 MayPalo Alto Networks firewall flaw has been exploited for several weeksPalo Alto Networks warns that a critical zero-day vulnerability has been discovered in the PAN-OS firewall system. The vulnerability has already been exploited by suspected state-sponsored hackers for nearly a month, reports Bleeping Computer . The vulnerability, CVE-2026-0300, i…CSOONLINE.COM
8 MayPoC Exploit Released for Dirty Frag Linux Kernel VulnerabilityA proof-of-concept exploit for a new Linux kernel vulnerability class dubbed “Dirty Frag”. This universal local privilege escalation vulnerability allows attackers to obtain root access across most major Linux distributions reliably. Because a third party unexpectedly…GBHACKERS.COM
8 MayLinux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major DistributionsDetails have emerged about a new, unpatched local privilege escalation (LPE) vulnerability impacting the Linux kernel. Dubbed Dirty Frag, it has been described as a successor to Copy Fail (CVE-2026-31431, CVSS score: 7.8), a recently disclosed LPE flaw impacting the Linux kernel …THEHACKERNEWS.COM
8 MayAnother Universal Linux Local Privilege Escalation (LPE) Vulnerability: Dirty Frag, (Fri, May 8th)Less than two weeks after the public disclosure of the Copy Fail vulnerability (CVE-2026-31431), another local privilege escalation (LPE) vulnerability in the Linux kernel has been revealed. Referred to as "Dirty Frag," this vulnerability was discovered and reported by Hyunwoo Ki…ISC.SANS.EDU
8 MayCVE-2026-31717 ksmbd: validate owner of durable handle on reconnectInformation published.MSRC.MICROSOFT.COM
8 MayCritical Vulnerability in Rancher Fleet Enables Full Cluster-Admin PrivilegesThe SUSE Rancher Security team disclosed a critical vulnerability tracked as CVE-2026-41050. This severe flaw affects Rancher Fleet, a popular GitOps tool for managing Kubernetes clusters at scale. The vulnerability completely breaks the platform’s core multi-tenant isolati…GBHACKERS.COM
8 MayCVE-2025-68670: discovering an RCE vulnerability in xrdpDuring a security assessment of Kaspersky USB Redirector, we discovered CVE-2025-68670: a pre-auth RCE in the xrdp server component. Project maintainers promptly patched the vulnerability.SECURELIST.COM
8 MayYour CTEM program is probably ignoring MCP. Here’s how to fix itModel Context Protocol (MCP) is the connective tissue of modern AI tooling and has quietly become one of the most significant blind spots in modern security programs. Like shadow IT before it, shadow AI — especially as it relates to MCP risk — introduces a new class of exposures …CSOONLINE.COM
8 MayIvanti EPMM vulnerability exploited in zero-day attacks (CVE-2026-6973)Ivanti has released fixes for 5 high-severity vulnerabilities in its Endpoint Manager Mobile (EPMM) solution, one of which (CVE-2026-6973) has being exploited as a zero-day by attackers. “We are aware of a very limited number of customers exploited with CVE-2026-6973,”…HELPNETSECURITY.COM
8 MayDirty Frag: Unpatched Linux vulnerability delivers root accessA week after Copy Fail, another Linux local privilege escalation vulnerability dubbed “Dirty Frag” has been revealed, along with a PoC exploit. What is Dirty Frag In effect, Dirty Frag refers to two flaws: A xfrm-ESP Page-Cache Write vulnerability (CVE-2026-43284, aka…HELPNETSECURITY.COM
8 MayMetasploit Wrap-Up 05/08/2026Spring cleanup This week’s Metasploit updates focused on foundational improvements and expanded target reach. Key enhancements were made to the recently released Copy Fail exploit module, which now benefits from payload fixes in linux/x64/exec and linux/armle/exec. These changes …RAPID7.COM
8 MayVU#260001: Linux kernel contains local privilege escalation vulnerability (Copy Fail)Overview A privilege escalation vulnerability has been discovered in Linux kernel versions version 4.17 (released 2017) and later. Many popular distributions and Linux-based containers are affected. This vulnerability was publicly disclosed on April 29, 2026, has been assigned CV…KB.CERT.ORG
8 MayDirty Frag: Linux Kernel Local Privilege Escalation via ESP and RxRPCUnpatched kernel flaw chain (CVE-2026-43284, CVE-2026-43500) enables root escalation on major Linux distributions.WIZ.IO
7 MayThreat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code ExecutionUnit 42 details CVE-2026-0300, a buffer overflow vulnerability in the PAN-OS User-ID Authentication Portal. Read now for details. The post Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
7 MayCisco Network Flaw Exposes Devices to Remote Denial-of-Service ExploitsCisco has issued a high-severity security advisory detailing a critical connection exhaustion vulnerability affecting its network management software. Tracked as CVE-2026-20188, this flaw carries a CVSS base score of 7.5. It directly impacts both the Cisco Crosswork Network Contr…GBHACKERS.COM
7 MayCVE-2026-43248 vhost: move vdpa group bound check to vhost_vdpaInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43245 ntfs: ->d_compare() must not blockInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43137 ASoC: SOF: Intel: hda: Fix NULL pointer dereferenceInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43153 xfs: remove xfs_attr_leaf_hasnameInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43125 dlm: validate length in dlm_search_rsb_treeInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43131 drm/amd/pm: Fix null pointer dereference issueInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43126 ALSA: mixer: oss: Add card disconnect checkpointsInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43198 tcp: fix potential race in tcp_v6_syn_recv_sock()Information published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43115 srcu: Use irq_work to start GP in tiny SRCUInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43172 wifi: iwlwifi: fix 22000 series SMEM parsingInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43107 xfrm: account XFRMA_IF_ID in aevent size calculationInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2025-71294 drm/amdgpu: fix NULL pointer issue buffer funcsInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43195 drm/amdgpu: validate user queue size constraintsInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43216 net: Drop the lock in skb_may_tx_timestamp()Information published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43083 net: ioam6: fix OOB and missing lockInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-33006 Apache HTTP Server: mod_auth_digest timing attackInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-33007 Apache HTTP Server: mod_authn_socache crashInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-29169 Apache HTTP Server: mod_dav_lock indirect lock crashInformation published.MSRC.MICROSOFT.COM
7 MayRedis Security Flaws Expose Servers to Remote Code Execution RisksRedis has disclosed and patched five security vulnerabilities, including four rated High severity, that could allow authenticated attackers to achieve remote code execution (RCE) on affected Redis servers. The advisory, published May 5, 2026, by Redis Chief Information Security O…GBHACKERS.COM
7 MayCVE-2026-34318Information published.MSRC.MICROSOFT.COM
7 MayCVE-2026-34317Information published.MSRC.MICROSOFT.COM
7 MayCVE-2026-34319Information published.MSRC.MICROSOFT.COM
7 MayCVE-2026-34875Information published.MSRC.MICROSOFT.COM
7 MayCVE-2026-34874Information published.MSRC.MICROSOFT.COM
7 MayCVE-2026-34876Information published.MSRC.MICROSOFT.COM
7 MayCVE-2026-25835Information published.MSRC.MICROSOFT.COM
7 MayCVE-2025-66442Information published.MSRC.MICROSOFT.COM
7 MayCVE-2026-34873Information published.MSRC.MICROSOFT.COM
7 MayCVE-2026-34871Information published.MSRC.MICROSOFT.COM
7 MayCVE-2026-34872Information published.MSRC.MICROSOFT.COM
7 MayCVE-2026-25834Information published.MSRC.MICROSOFT.COM
7 MayCVE-2026-25833Information published.MSRC.MICROSOFT.COM
7 MayCVE-2026-41082Information published.MSRC.MICROSOFT.COM
7 May KEVCISA Issues Warning Over Palo Alto PAN-OS Flaw Enabling Root-Level AccessThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a newly identified, severe vulnerability within Palo Alto Networks PAN-OS. Officially tracked as CVE-2026-0300, this critical flaw was aggressively added to CISA’s Known Explo…GBHACKERS.COM
7 May KEVCritical Palo Alto Networks software bug hits exposed firewallsPalo Alto Networks is warning customers about a critical buffer overflow vulnerability affecting its PAN-OS user-ID authentication portal that is already being exploited in the wild. The flaw allows attackers to execute arbitrary code with root privileges on exposed firewalls, th…CSOONLINE.COM
7 MayCVE-2026-26956: vm2 Sandbox Escape Enables Host RCE in Node.js 25CVE-2026-26956: vm2 Sandbox Escape Enables Host RCE in Node.js 25 CVE-2026-26956 is a critical sandbox escape affecting the Node.js sandbox library vm2. In vm2 3.10.4, attacker-controlled JavaScript executed through VM.run() can break out of the sandbox and reach the host process…SOCRADAR.IO
7 MayPAN-OS RCE Exploit Under Active Use Enabling Root Access and EspionagePalo Alto Networks has disclosed that threat actors may have attempted to unsuccessfully exploit a recently disclosed critical security flaw as early as April 9, 2026. The vulnerability in question is CVE-2026-0300 (CVSS score: 9.3/8.7), a buffer overflow vulnerability in the Use…THEHACKERNEWS.COM
7 MayIvanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level AccessIvanti is warning that a new security flaw impacting Endpoint Manager Mobile (EPMM) has been explored in limited attacks in the wild. The high-severity vulnerability, CVE-2026-6973 (CVSS score: 7.2), is a case of improper input validation affecting EPMM before versions 12.6.1.1, …THEHACKERNEWS.COM
7 MayOllama vulnerability highlights danger of AI frameworks with unrestricted accessA critical vulnerability in Ollama poses a direct risk of sensitive information leaks to more than 300,000 internet-exposed servers, researchers have found. The flaw, tracked as CVE-2026-7482, stems from an out-of-bounds heap read in Ollama’s model quantization pipeline. Ollama i…CSOONLINE.COM
7 MayNation-state actors exploit Palo Alto PAN-OS zero-day for weeksPalo Alto says hackers exploited PAN-OS zero-day CVE-2026-0300 for weeks, gaining root access to exposed firewalls and hiding traces. Palo Alto Networks warned that suspected state-sponsored hackers have been exploiting the critical PAN-OS zero-day CVE-2026-0300 for nearly a mont…SECURITYAFFAIRS.COM
6 MayQR Phishing Explodes, Ubuntu Under Attack, CISA Warns Critical Infrastructure Prepare for IsolationQR-code phishing is no longer a niche attack. Microsoft says QR phishing attacks jumped from 7.6 million in January to 18.7 million in March 2026 — a 146% increase in just three months. In this episode of Cybersecurity Today, David Shipley explains why QR-based attacks are bypass…CYBERSECURITYTODAY.LIBSYN.COM
6 May KEVPalo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code ExecutionPalo Alto Networks has released an advisory warning that a critical buffer overflow vulnerability in its PAN-OS software has been exploited in the wild. The vulnerability, tracked as CVE-2026-0300, has been described as a case of unauthenticated remote code execution. It carries …THEHACKERNEWS.COM
6 MayCVE-2026-43037 ip6_tunnel: clear skb2->cb[] in ip4ip6_err()Information published.MSRC.MICROSOFT.COM
6 MayCVE-2026-43964Information published.MSRC.MICROSOFT.COM
6 MayCritical Palo Alto Firewall Vulnerability Enables Attackers to Gain Root PrivilegesPalo Alto Networks has issued an urgent security advisory concerning a critical vulnerability affecting its PAN-OS software. Tracked as CVE-2026-0300, this high-severity security flaw carries a CVSS 4.0 base score of 9.3 and is currently experiencing limited active exploitation i…GBHACKERS.COM
6 MayArgo CD ServerSideDiff Flaw Allows Attackers to Extract Kubernetes SecretsA critical vulnerability has been identified in Argo CD that could allow attackers with minimal privileges to extract highly sensitive Kubernetes Secrets directly from etcd clusters. Tracked as CVE-2026-42880 and rated 9.6, this severe security flaw exposes a missing authorisatio…GBHACKERS.COM
6 May KEVPalo Alto Networks PAN-OS flaw exploited for remote code executionPalo Alto Networks warns of a critical PAN-OS flaw (CVE-2026-0300) that is under active attack, allowing unauthenticated remote code execution. Palo Alto Networks has warned that a critical PAN-OS vulnerability, tracked as CVE-2026-0300 (CVSS score of 9.3), is actively exploited …SECURITYAFFAIRS.COM
6 MayApache fixes critical HTTP/2 double-free flaw CVE-2026-23918 enabling RCEApache fixed several flaws in HTTP Server, including CVE-2026-23918 (CVSS score of 8.8), a double-free bug in HTTP/2 that could allow remote code execution. The Apache Software Foundation has released updates to fix multiple vulnerabilities in its HTTP Server, including CVE-2026-…SECURITYAFFAIRS.COM
6 May KEVWhatsApp warns of Instagram Reels bug that could load risky contentMeta has released security updates for WhatsApp addressing two vulnerabilities that could have exposed users to malicious files or attacker-controlled content on Android, iOS, and Windows devices. The company says it has not seen evidence that either flaw was exploited in the wil…CYBERINSIDER.COM
6 May KEVRoot-level RCE vulnerability in Palo Alto firewalls exploited (CVE-2026-0300)A critical vulnerability (CVE-2026-0300) affecting Palo Alto Networks firewalls is being actively exploited by attackers, the security company acknowledged today, and urged customers to implement mitigations as they are still working on fixes. About CVE-2026-0300 CVE-2026-0300 is…HELPNETSECURITY.COM
6 May KEVCritical Buffer Overflow in Palo Alto Networks PAN-OS User-ID Authentication Portal (CVE-2026-0300)Overview On May 6, 2026, Palo Alto Networks published a security advisory for CVE-2026-0300 , a critical unauthenticated buffer overflow vulnerability affecting PAN-OS PA-Series and VM-Series firewall appliances. Prisma Access, Cloud NGFW, and Panorama appliances are not affected…RAPID7.COM
6 MayPalo Alto warns of critical software bug used in firewall attacksA patch for the bug, tracked as CVE-2026-0300, has not been published yet and Palo Alto Networks said it will be included in releases over the next two weeks.THERECORD.MEDIA
6 MayCritical Buffer Overflow Vulnerability in PAN-OS Exploited in-the-WildDetect and mitigate CVE-2026-0300, a critical vulnerability in Palo Alto Networks PAN-OS User-ID Authentication Portal that allows unauthenticated attackers to achieve remote code execution (RCE) with root privileges.WIZ.IO
5 MayApache HTTP Server Vulnerability Exposes Millions to Remote Code Execution ThreatsThe Apache Software Foundation has released an urgent security update for the Apache HTTP Server to patch a severe vulnerability. Tracked as CVE-2026-23918, this flaw could allow attackers to execute malicious code remotely on affected web servers, putting millions of websites at…GBHACKERS.COM
5 May KEVWeaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug APIA critical security vulnerability in Weaver (Fanwei) E-cology, an enterprise office automation (OA) and collaboration platform, has come under active exploitation in the wild. The vulnerability (CVE-2026-22679, CVSS score: 9.8) relates to a case of unauthenticated remote code exe…THEHACKERNEWS.COM
5 MayCVE-2026-42798Information published.MSRC.MICROSOFT.COM
5 MayCVE-2026-37457Information published.MSRC.MICROSOFT.COM
5 MayMetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution AttacksThreat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, according to new findings from VulnCheck. The vulnerability in question is CVE-2026-29014 (CVSS score: 9.8), a code injection flaw that could …THEHACKERNEWS.COM
5 May KEVCritical Weaver E-cology RCE Exploit Raises Alarm for Enterprise SystemsA critical unauthenticated remote code execution vulnerability in Weaver (Fanwei) E-cology is being actively exploited in the wild, with real-world intrusion activity traced back to mid-March 2026, weeks before public awareness. Tracked as CVE-2026-22679 with a CVSS score of 9.8,…GBHACKERS.COM
5 MayAI finds 20-year-old bugs in PostgreSQL and MariaDBOpen-source databases are facing a bit of a memory problem as AI helps surface decades-old buffer overflow issues in widely used components. Security researchers have disclosed a set of high and critical-severity vulnerabilities affecting PostgreSQL and MariaDB, with two bugs rep…CSOONLINE.COM
5 MayFive ways to use Kiro and Amazon Q to strengthen your security postureA Monday morning security alert flags unauthorized access attempts, security group misconfigurations, and AWS Identity and Access Management (IAM) policy violations. Your team needs answers fast. Security teams are using Kiro and Amazon Q Developer to handle repetitive tasks—scan…AWS.AMAZON.COM
5 MayCritical Android vulnerability CVE-2026-0073 fixed by GoogleGoogle patched a critical Android flaw (CVE‑2026‑0073) that lets attackers run code remotely without user action. Google released a security update for Android to address a critical remote code execution flaw, tracked as CVE‑2026‑0073, in the System component. The bug allowed att…SECURITYAFFAIRS.COM
5 MayCritical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCEThe Apache Software Foundation (ASF) has released security updates to address several security vulnerabilities in the HTTP Server, including a severe vulnerability that could potentially lead to remote code execution (RCE). The vulnerability, tracked as CVE-2026-23918 (CVSS score…THEHACKERNEWS.COM
5 MayUnpatched flaws turn Ollama’s auto-updater into a persistent RCE vector, researchers sayResearchers at Striga have disclosed two vulnerabilities (CVE-2026-42248, CVE-2026-42249) in Ollama’s Windows auto-updater that, when chained together, may allow an attacker to covertly plant a persistent executable that runs on every login. CVE-2026-42248 and CVE-2026-4224…HELPNETSECURITY.COM
5 MayCopy Fail: What You Need to Know About the Most Severe Linux Threat in YearsCopy Fail (CVE-2026-31431) is a critical Linux kernel LPE that allows stealthy root access. This flaw impacts millions of systems. Read our analysis. The post Copy Fail: What You Need to Know About the Most Severe Linux Threat in Years appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
4 MayFreeBSD Systems at Risk From DHCP Client RCE VulnerabilityThe FreeBSD Project has issued a critical security advisory (FreeBSD-SA-26:12.dhclient) to address a severe Remote Code Execution (RCE) vulnerability in its default IPv4 DHCP client. Tracked as CVE-2026-42511, this flaw allows local network attackers to execute arbitrary code wit…GBHACKERS.COM
4 MaycPanel Vulnerability Exploited to Compromise Government and Military ServersA critical authentication bypass vulnerability in cPanel and Web Host Manager, officially tracked as CVE-2026-41940, is currently being exploited by unidentified threat actors. Security researchers at Ctrl-Alt-Intel recently uncovered an alarming campaign leveraging this vulnerab…GBHACKERS.COM
4 May KEVCISA Flags Linux Kernel Vulnerability as Threat Actors Launch AttacksThe Cybersecurity and Infrastructure Security Agency (CISA) has officially added a high-severity Linux kernel vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2026-31431, this flaw is currently being exploited in the wild by threat actors. This a…GBHACKERS.COM
4 May KEVCISA warns “Copy Fail” Linux flaw is already actively exploitedThe US Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Linux kernel flaw known as “Copy Fail” to its Known Exploited Vulnerabilities (KEV) catalog. This confirms that the issue, tracked as CVE-2026-31431, is already being actively exploited in the wil…CYBERINSIDER.COM
4 MayCritical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670)Progress Software has fixed a critical authentication bypass (CVE-2026-4670) and a privilege escalation (CVE-2026-5174) vulnerability in MOVEit Automation, exploitation of which “may lead to unauthorized access, administrative control, and data exposure.” The vulnerab…HELPNETSECURITY.COM
4 MayMultiple threat actors actively exploit cPanel vulnerability (CVE-2026-41940)The situation around the critical cPanel authentication bypass vulnerability (CVE-2026-41940) has deteriorated significantly since our initial coverage. Exploratory probing has evolved into multi-actor exploitation, leading to disrupted websites, ransomware and malware deployment…HELPNETSECURITY.COM
4 MayHackers target governments and MSPs via critical cPanel flaw CVE-2026-41940Attackers exploit a critical cPanel flaw to target government and MSP networks across Southeast Asia and several countries, including the U.S. and Canada. A threat actor is exploiting critical cPanel vulnerability CVE-2026-41940 to target government and military organizations in …SECURITYAFFAIRS.COM
4 MayMOVEit automation flaws could enable full system compromiseProgress fixes critical MOVEit Automation flaws, including an authentication bypass bug that could let attackers gain unauthorized access to systems. Progress Software addressed two vulnerabilities in MOVEit Automation, a critical authentication bypass flaw tracked as CVE-2026-46…SECURITYAFFAIRS.COM
3 MayCVE-2026-37555Information published.MSRC.MICROSOFT.COM
3 MayCVE-2026-30656Information published.MSRC.MICROSOFT.COM
3 MayCVE-2026-7598 libssh2 userauth.c userauth_password integer overflowInformation published.MSRC.MICROSOFT.COM
3 MayCVE-2025-9403 jqlang jq JSON jq_test.c run_jq_tests assertionInformation published.MSRC.MICROSOFT.COM
2 MaycPanelSniper PoC Exploit Disclosed as 44,000 Servers Reportedly CompromisedA critical zero-day vulnerability in cPanel and WebHost Manager (WHM) is under massive active exploitation following the public release of a sophisticated proof-of-concept exploit. Tracked as CVE-2026-41940, this flaw has already compromised tens of thousands of servers worldwide…GBHACKERS.COM
2 MayMassive cPanel campaign compromised 44,000 servers worldwideA surge in attacks exploiting the critical cPanel & WHM vulnerability CVE-2026-41940 has resulted in at least 44,000 compromised systems now actively scanning and launching attacks. The warning was issued by Shadowserver, which reported a sharp spike in malicious traffic tar…CYBERINSIDER.COM
1 May‘Trivial’ exploit can give attackers root access to Linux kernelCSOs must ensure their Linux-based systems block unauthorized privilege escalation until distros release patches to plug a serious kernel vulnerability affecting all Linux distributions shipped since 2017. Until fixes are available for what’s been dubbed the Copy Fail logic bug (…CSOONLINE.COM
1 MayChromium: CVE-2026-7343 Use after free in ViewsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7363 Use after free in CanvasThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7359 Use after free in ANGLEThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7333 Use after free in GPUThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7360 Insufficient validation of untrusted input in CompositingThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7344 Use after free in AccessibilityThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7358 Use after free in AnimationThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7334 Use after free in ViewsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7357 Use after free in GPUThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7356 Use after free in NavigationThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7353 Heap buffer overflow in SkiaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7351 Race in MHTMLThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7354 Out of bounds read and write in AngleThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7349 Use after free in CastThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7348 Use after free in CodecsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7335 Use after free in mediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7336 Use after free in WebRTCThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7350 Use after free in WebMIDIThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7345 Insufficient validation of untrusted input in FeedbackThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7347 Use after free in ChromotingThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7346 Inappropriate implementation in TintThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7337 Type Confusion in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7338 Use after free in CastThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7341 Use after free in WebRTCThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7340 Integer overflow in ANGLEThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7339 Heap buffer overflow in WebRTCThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7355 Use after free in MediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayWhatsApp Encryption Under Fire After Probe Shut DownA U.S. federal investigation into WhatsApp encryption was shut down before reaching a conclusion — after an internal claim suggested Meta systems may access message content in ways that conflict with public descriptions. In this episode of Cybersecurity Today, Jim Love breaks dow…CYBERSECURITYTODAY.LIBSYN.COM
1 MayCVE-2026-41526Information published.MSRC.MICROSOFT.COM
1 MayCVE-2026-40356Information published.MSRC.MICROSOFT.COM
1 MayCVE-2026-40355Information published.MSRC.MICROSOFT.COM
1 MayFederal agencies must patch cPanel bug by Sunday, CISA saysIncident responders at Rapid7 said successful exploitation of CVE-2026-41940 “grants an attacker control over the cPanel host system, its configurations and databases, and websites it manages.”THERECORD.MEDIA
1 May KEVWindows shell spoofing vulnerability puts sensitive data at riskMicrosoft and the US Cybersecurity and Infrastructure Security Agency (CISA) have sounded the alarm about a Windows shell spoofing vulnerability that is already being exploited by attackers. It is not clear by whom as yet, but the main suspects are hackers in Russia. CISA has man…CSOONLINE.COM
1 MayDangerous New Linux Exploit Gives Attackers Root Access to Countless ComputersThe exploit, dubbed CopyFail and tracked as CVE-2026-31431, allows hackers to take over PCs and data center servers. The Linux vulnerabilities have been patched—but many machines remain at risk.WIRED.COM
1 MayMetasploit Wrap-Up 05/01/2026MCP server This release our very own cdelafuente-r7 finished implementing the Metasploit MCP Server (msfmcpd), bringing Model Context Protocol support to Metasploit Framework. MCP lets AI applications like Claude, Cursor, or your own custom agents query Metasploit data. Think of …RAPID7.COM
1 MayCopy Fail: Universal Linux Local Privilege Escalation VulnerabilityDetect and mitigate Copy Fail (CVE-2026-31431), an easily exploitable vulnerability in the Linux kernel that allows escalation from an unprivileged local user account to root access.WIZ.IO
30 AprLinux Kernel 0-Day “Copy Fail” Grants Root Access Across Major Distros Since 2017Security researchers have disclosed a critical zero-day vulnerability in the Linux kernel dubbed “Copy Fail” (CVE-2026-31431), which allows unprivileged local users to gain root access. Using a tiny 732-byte Python script, attackers can exploit a logic flaw present in…GBHACKERS.COM
30 AprProFTPD SQL Injection Flaw Opens Door To Remote Code Execution AttacksA newly disclosed flaw in ProFTPD is drawing urgent attention because it can let attackers move from a simple SQL injection bug to authentication bypass, privilege escalation, and in some environments even remote code execution. Tracked as CVE-2026-42167, the issue was found in P…GBHACKERS.COM
30 AprCVE-2017-3731 Truncated packet could crash via OOB readInformation published.MSRC.MICROSOFT.COM
30 AprCVE-2026-31545 NFC: nxp-nci: allow GPIOs to sleepInformation published.MSRC.MICROSOFT.COM
30 AprCVE-2026-41607 Apache Thrift: C++ JSON OOB readInformation published.MSRC.MICROSOFT.COM
30 AprCVE-2026-41636 Apache Thrift: Node.js skip() recursionInformation published.MSRC.MICROSOFT.COM
30 AprCVE-2026-31499 Bluetooth: L2CAP: Fix deadlock in l2cap_conn_del()Information published.MSRC.MICROSOFT.COM
30 AprCVE-2026-41602 Apache Thrift: Go TFramedTransport uint32 overflowInformation published.MSRC.MICROSOFT.COM
30 AprCVE-2026-41604 Apache Thrift: Swift Range crash in skip()Information published.MSRC.MICROSOFT.COM
30 AprCVE-2026-41605 Apache Thrift: Swift Compact Protocol integer overflowInformation published.MSRC.MICROSOFT.COM
30 AprCVE-2026-41606 Apache Thrift: c_glib dispatch stack overflowInformation published.MSRC.MICROSOFT.COM
30 AprNew Linux 'Copy Fail' Vulnerability Enables Root Access on Major DistributionsCybersecurity researchers have disclosed details of a Linux local privilege escalation (LPE) flaw that could allow an unprivileged local user to obtain root. The high-severity vulnerability tracked as CVE-2026-31431 (CVSS score: 7.8) has been codenamed Copy Fail by Xint.io and Th…THEHACKERNEWS.COM
30 Apr KEVAttackers Exploit cPanel Authentication Bypass 0-Day After PoC ReleaseA critical zero-day vulnerability, tracked as CVE-2026-41940, is currently being actively exploited across the web hosting industry. This CVSS 9.8 flaw allows unauthenticated remote attackers to bypass cPanel and WHM login mechanisms, granting them full administrative control ove…GBHACKERS.COM
30 Apr KEVCritical cPanel zero-day auth bypass exploited since FebruaryA critical authentication bypass vulnerability in cPanel & WHM is being actively exploited, allowing remote attackers to gain full administrative access to affected servers without credentials. The flaw, tracked as CVE-2026-41940, has received a near-maximum severity score a…CYBERINSIDER.COM
30 AprCVE-2019-1551 rsaz_512_sqr overflow bug on x86_64Information published.MSRC.MICROSOFT.COM
30 AprPoC Disclosed for Critical Root ASUSTOR ADM RCE FlawA critical vulnerability, tracked as CVE-2026-6644, has been uncovered in ASUSTOR’s ADM (ASUSTOR Data Master) operating system. Specifically, the flaw exists within the PPTP VPN Client feature. Carrying a CVSS v4.0 score of 9.4, this OS command injection vulnerability allows an a…GBHACKERS.COM
30 AprNine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431)Security researchers at Theori have disclosed a high-severity local privilege escalation (LPE) vulnerability (CVE-2026-31431) in the Linux kernel. The flaw, nicknamed “Copy Fail”, has affected virtually every major Linux distribution shipped since 2017, and a working …HELPNETSECURITY.COM
30 Apr“Copy Fail” gives root access to all Linux systems via 732-byte exploitA new Linux kernel vulnerability dubbed “Copy Fail” enables unprivileged users to gain root access across nearly all major distributions using a tiny, highly reliable exploit, affecting systems dating back to 2017. The flaw, tracked as CVE-2026-31431, was discovered by security r…CYBERINSIDER.COM
30 AprcPanel zero-day exploited for months before patch release (CVE-2026-41940)A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel, a popular web-based control panel for managing web hosting accounts, is being exploited by attackers in the wild. What’s more, attackers didn’t have to wait for watchTowr security researchers t…HELPNETSECURITY.COM
30 AprCopy Fail: New Linux bug enables Root via page‑cache corruptionLinux flaw CVE‑2026‑31431, ‘Copy Fail,’ lets any local user write four bytes into page cache files, enabling easy escalation to root on major distros. Xint Code researchers warn of a serious Linux flaw, tracked as CVE-2026-31431 (CVSS score of 7.8), dubbed Copy Fail. …SECURITYAFFAIRS.COM
30 Apr KEVcPanel’s authentication bypass bug is being exploited in the wild, CISA warnsThe agency added the flaw to the KEV list days after hosting providers confirmed active, ongoing attacks. The post cPanel’s authentication bypass bug is being exploited in the wild, CISA warns appeared first on CyberScoop .CYBERSCOOP.COM
29 AprLiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of DisclosureIn yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI's LiteLLM Python package has come under active exploitation in the wild within 36 hours of the bug becoming public knowledge. The vulnerabil…THEHACKERNEWS.COM
29 AprGitHub.com and Enterprise Server Vulnerability Allows Remote Code ExecutionWiz Research has identified a critical remote code execution (RCE) vulnerability, tracked as CVE-2026-3854, deeply embedded within GitHub’s internal git infrastructure. This high-severity flaw enabled any authenticated user to execute arbitrary commands on backend servers u…GBHACKERS.COM
29 Apr KEVCISA Warns of Windows Shell Zero-Day Exploited in AttacksThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a newly discovered zero-day vulnerability affecting Microsoft Windows. On April 28, 2026, the agency officially added CVE-2026-32202 to its Known Exploited Vulnerabilities (KEV) catal…GBHACKERS.COM
29 AprCVE-2017-3735Information published.MSRC.MICROSOFT.COM
29 AprCVE-2017-3736Information published.MSRC.MICROSOFT.COM
29 AprCVE-2019-1547 ECDSA remote timing attackInformation published.MSRC.MICROSOFT.COM
29 AprCVE-2019-1549 Fork ProtectionInformation published.MSRC.MICROSOFT.COM
29 AprCVE-2026-31686 mm/kasan: fix double free for kasan pXdsInformation published.MSRC.MICROSOFT.COM
29 AprCVE-2026-31689 EDAC/mc: Fix error path ordering in edac_mc_alloc()Information published.MSRC.MICROSOFT.COM
29 AprCVE-2026-31549 i2c: cp2615: fix serial string NULL-deref at probeInformation published.MSRC.MICROSOFT.COM
29 AprCVE-2026-31661 wifi: brcmsmac: Fix dma_free_coherent() sizeInformation published.MSRC.MICROSOFT.COM
29 AprCVE-2026-31563 net: macb: Use dev_consume_skb_any() to free TX SKBsInformation published.MSRC.MICROSOFT.COM
29 AprCVE-2026-40225Information published.MSRC.MICROSOFT.COM
29 AprCISA, Microsoft warn of active exploitation of Windows Shell vulnerability (CVE-2026-32202)Attackers are exploiting CVE-2026-32202, a zero-click Windows Shell spoofing vulnerability that causes victims’ systems to authenticate the attacker’s server, CISA and Microsoft have warned. About CVE-2026-32202 CVE-2026-32202 stems from an incomplete patch for CVE-20…HELPNETSECURITY.COM
29 AprCVE-2026-3854 Exposes a Critical Weak Point in GitHub’s Git Push PipelineCVE-2026-3854 Exposes a Critical Weak Point in GitHub’s Git Push Pipeline A newly disclosed GitHub vulnerability, CVE-2026-3854, has drawn attention because it turned a routine git push operation into a path to remote code execution. The issue affected GitHub’s git push pipeline …SOCRADAR.IO
29 Apr KEVCISA Warns of ConnectWise ScreenConnect Flaw Exploited in AttacksThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical security flaw in ConnectWise ScreenConnect. CVE-2024-1708 is currently being exploited in real-world attacks. Because of this active threat, CISA officially added the fla…GBHACKERS.COM
29 AprCritical GitHub RCE bug exposed millions of repositoriesA critical remote code execution (RCE) vulnerability in GitHub could potentially allow attackers to execute arbitrary code on GitHub.com and GitHub Enterprise Server. Uncovered by Wiz researchers, the now-patched bug exploited how GitHub handles server-side “git push” operations.…CSOONLINE.COM
29 AprCVE-2026-42208: LiteLLM bug exploited 36 hours after its disclosureAttackers quickly exploited a critical LiteLLM flaw (CVE-2026-42208) to access and modify sensitive database data via SQL injection. Attackers rapidly exploited a critical vulnerability in LiteLLM Python package, tracked as CVE-2026-42208, just days after it became public. The vu…SECURITYAFFAIRS.COM
29 Apr KEVCVE-2026-41940: cPanel & WHM Authentication BypassOverview On April 28, 2026, cPanel issued a security update to fix a critical vulnerability affecting the cPanel & WHM and WP Squared products. In the cPanel release notes, the bug was described as "an issue with session loading and saving." CVE-2026-41940 , the identifier subseq…RAPID7.COM
28 Apr KEVMicrosoft Confirms Active Exploitation of Windows Shell CVE-2026-32202Microsoft on Monday revised its advisory for a now-patched, high-severity security flaw impacting Windows Shell to acknowledge that it has been actively exploited in the wild. The vulnerability in question is CVE-2026-32202 (CVSS score: 4.3), a spoofing vulnerability that could a…THEHACKERNEWS.COM
28 AprCritical LiteLLM Flaw Enables Database Attacks Through SQL InjectionA critical pre-authentication SQL injection vulnerability, identified as CVE-2026-42208, has been discovered in the popular LiteLLM gateway, allowing attackers to access databases without credentials. Cybercriminals have already been observed exploiting this flaw to target high-v…GBHACKERS.COM
28 AprNotepad++ Vulnerability Lets Attackers Crash App and Expose Memory DataA new string injection vulnerability, tracked as CVE-2026-3008, has been discovered in Notepad++ version 8.9.3. This critical flaw allows attackers to crash the application or to instantly and secretly extract sensitive memory information. The Cybersecurity Agency of Singapore (C…GBHACKERS.COM
28 AprInfected Cisco firewalls need cold start to clear persistent Firestarter backdoorSecurity researchers have discovered a chilling backdoor aimed at Cisco System firewalls that exploits unpatched vulnerabilities to maintain persistence, even after patching. This means that attackers can continue to access compromised devices without re-exploiting the holes. At …CSOONLINE.COM
28 AprCritical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCECybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging Face's open-source robotics platform with nearly 24,000 GitHub stars, that could be exploited to achieve remote code execution. The vulnerability in question is CVE-2026-25874 …THEHACKERNEWS.COM
28 AprHugging Face LeRobot Flaw Opens Door to Remote Code Execution AttacksA critical remote code execution (RCE) vulnerability has been uncovered in Hugging Face’s LeRobot, a popular open-source robotics machine learning framework. Tracked as CVE-2026-25874, the flaw carries a maximum CVSS severity score of 9.8 and allows unauthenticated attackers to e…GBHACKERS.COM
28 AprCritical Cursor bug could turn routine Git into RCESecurity researchers have disclosed a high-severity vulnerability affecting the Cursor IDE, allowing arbitrary code execution on a developer’s machine through a seemingly routine repository interaction. According to findings by AI pentesting platform Novee Security, once a develo…CSOONLINE.COM
28 AprResearchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git PushCybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that could allow an authenticated user to obtain remote code execution with a single "git push" command. The flaw, tracked as CVE-2026-3854 (CVS…THEHACKERNEWS.COM
28 AprCVE-2026-3854 GitHub flaw enables remote code executionCritical GitHub flaw CVE-2026-3854 lets attackers run code with a single git push, exploiting a command injection bug. Researchers found a critical vulnerability in GitHub, tracked as CVE-2026-3854, that allows remote code execution through a simple git push. The vulnerability af…SECURITYAFFAIRS.COM
28 AprSecuring GitHub: Wiz Research uncovers Remote Code Execution in GitHub.com and GitHub Enterprise Server (CVE-2026-3854)Details on CVE-2026-3854: A critical flaw in GitHub’s internal git infrastructure enabling RCE on GitHub.com and GitHub Enterprise Server.WIZ.IO
27 AprCVE-2018-0734 Timing attack against DSAInformation published.MSRC.MICROSOFT.COM
27 AprCVE-2018-0735 Timing attack against ECDSA signature generationInformation published.MSRC.MICROSOFT.COM
27 AprNessus Agent Windows Flaw Enables SYSTEM-Level Code ExecutionTenable has disclosed a high-severity security vulnerability in its Nessus Agent software for Windows that could allow attackers to execute malicious code with full SYSTEM-level privileges. The flaw, tracked as CVE-2026-33694, has been patched in the newly released Nessus Agent v…GBHACKERS.COM
27 AprMetabase Enterprise RCE Flaw Now Has Public Proof-of-Concept ExploitSecurity researchers have published a working Proof of Concept (PoC) exploit for a critical vulnerability in Metabase Enterprise. Tracked as CVE-2026-33725, this security flaw allows attackers to achieve Remote Code Execution (RCE) and read arbitrary files on targeted systems. Th…GBHACKERS.COM
27 AprAI is reshaping DevSecOps to bring security closer to the codeArtificial intelligence tools are revamping DevSecOps processes, enabling security and development teams to more effectively build safeguards into software products from the get-go. But AI’s impact on DevSecOps goes well beyond tooling and processes, altering the scope, skills, a…CSOONLINE.COM
27 AprFirefox bug CVE-2026-6770 enabled cross-site tracking and Tor fingerprintingCVE-2026-6770 let attackers fingerprint Firefox and Tor users, even in Private mode. Firefox 150 and Tor Browser 15.0.10 fixed it. A vulnerability, tracked as CVE-2026-6770, allowed attackers to fingerprint Firefox users, even in Private Browsing, and also impacted the Tor Browse…SECURITYAFFAIRS.COM
27 AprNIST NVD Update: What it Means For Vulnerability ManagementThe shift from static CVE scoring to risk-based prioritization signals a new era for Vulnerability ManagersWIZ.IO
26 AprCVE-2022-2068 The c_rehash script allows command injectionInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31557 nvmet: move async event work off nvmet-wqInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31660 nfc: pn533: allocate rx skb before consuming bytesInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31602 ALSA: ctxfi: Limit PTP to a single pageInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31637 rxrpc: reject undecryptable rxkad response ticketsInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31570 can: gw: fix OOB heap access in cgw_csum_crc8_rel()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31651 mmc: vub300: fix NULL-deref on disconnectInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-23420 wifi: wlcore: Fix a locking bugInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31672 wifi: rt2x00usb: fix devres lifetimeInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31645 net: lan966x: fix page pool leak in error pathsInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-23414 tls: Purge async_hold in tls_decrypt_async_wait()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31603 staging: sm750fb: fix division by zero in ps_to_hz()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31671 xfrm_user: fix info leak in build_report()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31612 ksmbd: validate EaNameLength in smb2_get_ea()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31662 tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSGInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31580 bcache: fix cached_dev.sb_bio use-after-free and crashInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31639 rxrpc: Fix key reference count leak from call->keyInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31657 batman-adv: hold claim backbone gateways by referenceInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31629 nfc: llcp: add missing return after LLCP_CLOSED checksInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31628 x86/CPU: Fix FPDSS on Zen1Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31630 rxrpc: proc: size address buffers for %pISpc outputInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31649 net: stmmac: fix integer underflow in chain modeInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31678 openvswitch: defer tunnel netdev_put to RCU releaseInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31673 af_unix: read UNIX_DIAG_VFS data under unix_state_lockInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31664 xfrm: clear trailing padding in build_polexpire()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31638 rxrpc: Only put the call ref if one was acquiredInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31596 ocfs2: handle invalid dinode in ocfs2_group_extendInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31581 ALSA: 6fire: fix use-after-free on disconnectInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31604 wifi: rtw88: fix device leak on probe failureInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31642 rxrpc: Fix call removal to use RCU safe deletionInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31582 hwmon: (powerz) Fix use-after-free on USB disconnectInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31676 rxrpc: only handle RESPONSE during service challengeInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31684 net: sched: act_csum: validate nested VLAN headersInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-23394 af_unix: Give up GC if MSG_PEEK intervened.Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-23362 can: bcm: fix locking for bcm_op runtime updatesInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31788 xen/privcmd: restrict usage in unprivileged domUInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-23360 nvme: fix admin queue leak on controller resetInformation published.MSRC.MICROSOFT.COM
26 AprCritical bug in CrowdStrike LogScale let attackers access filesCrowdStrike fixed CVE-2026-40050 in LogScale self-hosted, a critical flaw allowing unauthenticated file access via path traversal. CrowdStrike recently disclosed a critical vulnerability, tracked as CVE-2026-40050, affecting its LogScale self-hosted product. The flaw enables unau…SECURITYAFFAIRS.COM
25 AprCVE-2026-41080Information published.MSRC.MICROSOFT.COM
25 AprCVE-2026-5450 scanf %mc off-by-one heap buffer overflowInformation published.MSRC.MICROSOFT.COM
25 AprOver 400,000 sites at risk as hackers exploit Breeze Cache plugin flaw (CVE-2026-3844)Attackers exploit a Breeze Cache flaw (CVE-2026-3844) to upload files without login. Wordfence researchers detected over 170 attacks. Threat actors are exploiting a critical flaw, tracked as CVE-2026-3844 (CVSS score of 9.8), in the Breeze Cache WordPress plugin, allowing them to…SECURITYAFFAIRS.COM
24 AprHackers Track 900+ React2Shell Exploits via Telegram BotsHackers are using Telegram bots and AI tooling to run a structured, at-scale exploitation campaign abusing the critical React2Shell vulnerability (CVE-2025-55182), with evidence of 900+ confirmed compromises. Investigators found an exposed server tied to the Bissa scanner platfor…GBHACKERS.COM
24 AprHackers Exploit Ollama Model Uploads to Leak Server DataCybersecurity researchers have uncovered a severe, unpatched vulnerability in Ollama, a popular open-source platform used for running large language models locally. Tracked as CVE-2026-5757, this critical flaw exists in Ollama’s model quantization engine. If exploited, it allows …GBHACKERS.COM
24 AprCVE-2026-5958 Race Condition in GNU SedInformation published.MSRC.MICROSOFT.COM
24 AprCVE-2026-41989Information published.MSRC.MICROSOFT.COM
24 AprCVE-2026-41988Information published.MSRC.MICROSOFT.COM
24 AprCVE-2026-31532 can: raw: fix ro->uniq use-after-free in raw_rcv()Information published.MSRC.MICROSOFT.COM
24 AprPython Vulnerability Enables Out-of-Bounds Write on WindowsA high-severity security vulnerability has been discovered in Python’s asyncio module on Windows, potentially allowing attackers to write data beyond the boundaries of an allocated memory buffer. The flaw, tracked as CVE-2026-3298, was publicly disclosed on April 21, 2026, …GBHACKERS.COM
24 AprLMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of DisclosureA high-severity security flaw in LMDeploy, an open-source toolkit for compressing, deploying, and serving LLMs, has come under active exploitation in the wild less than 13 hours after its public disclosure. The vulnerability, tracked as CVE-2026-33626 (CVSS score: 7.5), relates t…THEHACKERNEWS.COM
24 AprHackers Exploit Cisco Firepower N-Day Flaws for Unauthorized AccessA state-sponsored threat actor known as UAT-4356 is actively exploiting known vulnerabilities in Cisco Firepower devices to deploy a sophisticated custom backdoor. UAT-4356 exploited two n-day vulnerabilities, CVE-2025-20333 and CVE-2025-20362m affecting Cisco’s Firepower e…GBHACKERS.COM
24 Apr12-year-old Pack2TheRoot bug lets Linux users gain root privileges‘Pack2TheRoot’ flaw lets local Linux users gain root via PackageKit. CVE-2026-41651 (8.8) has existed for nearly 12 years. The Pack2TheRoot flaw, tracked as CVE-2026-41651, lets unprivileged users install or remove system packages without authorization, potentially ga…SECURITYAFFAIRS.COM
24 AprMetasploit Wrap-Up 04/25/2026Check Method Visibility Metasploit has supported check methods for many years now. It’s not always desirable to jump straight into exploiting a vulnerability but instead to determine if the target is vulnerable. Metasploit tries to be very conservative with classifying a target a…RAPID7.COM
23 AprCVE-2026-35239Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-34271Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-35238Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-34267Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-22005Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-22015Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31455 xfs: stop reclaim before pushing AIL during unmountInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31476 ksmbd: do not expire session on binding failureInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31461 drm/amd/display: Fix drm_edid leak in amdgpu_dmInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31441 dmaengine: idxd: Fix memory leak when a wq is resetInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31495 netfilter: ctnetlink: use netlink policy range checksInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31448 ext4: avoid infinite loops caused by residual dataInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31477 ksmbd: fix memory leaks and NULL deref in smb2_lock()Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31450 ext4: publish jinode after initializationInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31493 RDMA/efa: Fix use of completion ctx after freeInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-34278Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-21998Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-35237Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-22009Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-34270Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-34293Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-22002Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-22017Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-34303Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-34308Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-34304Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-34276Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-22004Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-22001Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-35240Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-35236Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-40706Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-3219 pip doesn't reject concatenated ZIP and tar archivesInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31524 HID: asus: avoid memory leak in asus_report_fixup()Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31487 spi: use generic driver_override infrastructureInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31515 af_key: validate families in pfkey_send_migrate()Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31506 net: bcmasp: fix double free of WoL irqInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31462 drm/amdgpu: prevent immediate PASID reuse caseInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31523 nvme-pci: ensure we're polling a polled queueInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31497 Bluetooth: btusb: clamp SCO altsetting table indicesInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31440 dmaengine: idxd: Fix leaking event log memoryInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31431 crypto: algif_aead - Revert to operating out-of-placeInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31489 spi: meson-spicc: Fix double-put in remove pathInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31482 s390/entry: Scrub r12 register on kernel entryInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31518 esp: fix skb leak with espintcp and async cryptoInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31520 HID: apple: avoid memory leak in apple_report_fixup()Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31485 spi: spi-fsl-lpspi: fix teardown order issue (UAF)Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31528 perf: Make sure to use pmu_ctx->pmu for groupsInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31503 udp: Fix wildcard bind conflict check when using hash2Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31467 erofs: add GFP_NOIO in the bio completion if neededInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31494 net: macb: use the current queue number for statsInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-5187 Heap Out-of-Bounds Write in DecodeObjectId() in wolfSSLInformation published.MSRC.MICROSOFT.COM
23 AprApple Patches iOS Flaw That Stored Deleted Signal Notifications in FBI Forensic CaseApple has rolled out a software fix for iOS and iPadOS to address a Notification Services flaw that stored notifications marked for deletion on the device. The vulnerability, tracked as CVE-2026-28950 (CVSS score: N/A), has been described as a logging issue that has been addresse…THEHACKERNEWS.COM
23 AprAttackers Exploit LMDeploy Flaw in the Wild Within 12 Hours of AdvisoryA critical Server-Side Request Forgery (SSRF) vulnerability in LMDeploy’s vision-language module was exploited in active attacks just 12 hours and 31 minutes after its public disclosure, with no proof-of-concept code required. On April 21, 2026, GitHub published security ad…GBHACKERS.COM
23 AprApple Patches Exploited Notification Flaw, (Thu, Apr 23rd)Apple yesterday released iOS/iPadOS 26.4.2 and iOS/iPadOS 18.7.8. This update fixes a single Notification Services vulnerability, CVE-2026-28950: ISC.SANS.EDU
23 AprVU#748485: Unauthenticated configuration modification vulnerability in Central Office Services - Content Hosting ComponentOverview A security flaw exists in the configuration management endpoint of the DRC INSIGHT software, allowing an unauthenticated user with access to the same network as the server to modify the server’s configuration file. This could enable data exfiltration, traffic redirection…KB.CERT.ORG
23 ApriOS Flaw Let Deleted Notifications Linger, Apple Issues FixApple fixed an iOS flaw that kept deleted notifications on devices, allowing recovery of messages, including from apps like Signal. Apple released updates for iOS and iPadOS to address the vulnerability CVE-2026-28950, a flaw in Notification Services that stored notifications eve…SECURITYAFFAIRS.COM
23 AprUAT-4356's Targeting of Cisco Firepower DevicesCisco Talos is aware of UAT-4356's continued active targeting of Cisco Firepower devices’ Firepower eXtensible Operating System (FXOS). UAT-4356 exploited n-day vulnerabilities (CVE-2025-20333 and CVE-2025-20362) to gain unauthorized access to vulnerable devices.TALOSINTELLIGENCE.COM
22 AprCohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container EscapeA critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-5752, is rated 9.3 on the CVSS scoring system. "Sandbox escape vulnerability in Terrarium allows a…THEHACKERNEWS.COM
22 AprMicrosoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation BugMicrosoft has released out-of-band updates to address a security vulnerability in ASP.NET Core that could allow an attacker to escalate privileges. The vulnerability, tracked as CVE-2026-40372, carries a CVSS score of 9.1 out of 10.0. It's rated Important in severity. An anonymou…THEHACKERNEWS.COM
22 AprCritical Spring Authorization Server Issue Exposes Systems to XSS and SSRF AttacksA critical vulnerability, tracked as CVE-2026-22752, has been disclosed in Spring Security Authorization Server, affecting organizations running Dynamic Client Registration endpoints. The flaw allows attackers to inject malicious client metadata, potentially leading to Stored Cro…GBHACKERS.COM
22 AprCritical Bamboo Data Centre and Server Flaw Enables Command Injection AttacksAtlassian has disclosed a critical OS Command Injection vulnerability (CVE-2026-21571) in Bamboo Data Centre and Server, with a CVSS score of 9.4, enabling authenticated attackers to execute commands on affected systems remotely. The flaw, tracked as CVE-2026-21571, was published…GBHACKERS.COM
22 AprMozilla Firefox 150 Released With Fixes for Multiple Code Execution VulnerabilitiesMozilla has released Firefox 150 to patch 41 security vulnerabilities, including multiple high-severity flaws that could lead to remote code execution. Users should immediately update their browsers to protect against these critical memory corruption and use-after-free bugs. Crit…GBHACKERS.COM
22 AprVU#518910: Ollama GGUF Quantization Remote Memory LeakOverview Ollama’s model quantization engine contains a vulnerability that allows an attacker with access to the model upload interface to read and potentially exfiltrate heap memory from the server. This issue may lead to unintended behavior, including unauthorized access to sens…KB.CERT.ORG
22 AprMicrosoft out-of-band updates fixed critical ASP.NET Core privilege escalation flawMicrosoft fixed critical ASP.NET Core vulnerability, tracked as CVE-2026-40372 (CVSS score of 9.1), that lets attackers escalate privileges. Microsoft released out-of-band updates to address a serious ASP.NET Core vulnerability tracked as CVE-2026-40372 (CVSS score of 9.1). Micro…SECURITYAFFAIRS.COM
22 AprMirai Botnet exploits CVE-2025-29635 to target legacy D-Link routersMirai botnet is targeting old D-Link routers using CVE-2025-29635, a command injection flaw exploitable via crafted POST requests after public PoC disclosure. A Mirai botnet is actively exploiting a command injection vulnerability, tracked as CVE-2025-29635, in discontinued D-Lin…SECURITYAFFAIRS.COM
22 AprMicrosoft issues out-of-band patch for critical security flaw in update to ASP.NET CoreDevelopers are advised to check their applications after Microsoft revealed that last week’s ASP.NET Core update inadvertently introduced a serious security flaw into the web framework’s Data Protection Library. Microsoft describes the issue as a “regression,” coding jargon for a…CSOONLINE.COM
22 AprMicrosoft Patch Still Leaves 1,300 SharePoint Servers ExposedMore than 1,300 internet-exposed SharePoint servers remain unpatched against CVE-2026-32201, a spoofing flaw Microsoft says was exploited as a zero-day. The post Microsoft Patch Still Leaves 1,300 SharePoint Servers Exposed appeared first on TechRepublic .TECHREPUBLIC.COM
21 AprMalicious GGUF Models Could Trigger Remote Code Execution on SGLang ServersSecurity researchers have uncovered a critical vulnerability in SGLang, a widely used framework for running large language models, that allows threat actors to compromise inference servers. Tracked as CVE-2026-5760, this flaw enables Remote Code Execution (RCE) when a server load…GBHACKERS.COM
21 Apr6,000+ Publicly Exposed Apache ActiveMQ Instances Found Vulnerable to CVE-2026-34197Over 6,000 internet-facing Apache ActiveMQ servers are currently affected by a critical security flaw, leaving enterprise networks wide open to attack. The Shadowserver Foundation, a prominent nonprofit security research organization, reported finding exactly 6,364 vulnerable IP …GBHACKERS.COM
21 AprCVE-2026-41254Information published.MSRC.MICROSOFT.COM
21 AprApache Syncope RCE Vulnerability Detailed After Public Exploit Code ReleaseSecurity researchers have released full technical details and a working proof-of-concept (PoC) exploit for CVE-2025-57738, a high-severity remote code execution (RCE) vulnerability in Apache Syncope, a widely deployed open-source identity management platform used across enterpris…GBHACKERS.COM
21 AprAzure SRE Agent flaw lets outsiders silently eavesdrop on enterprise cloud operationsA high-severity authentication flaw in Microsoft’s Azure SRE Agent exposed sensitive agent data to unauthorized network access, according to a confirmed vulnerability disclosure. The issue was identified by Enclave AI researcher Yanir Tsarimi, who detailed the findings in a blog …CSOONLINE.COM
21 AprVU#414811: Terrarium contains a vulnerability that allows arbitrary code executionOverview Terrarium is a sandbox-based code execution platform that enables users to run and execute code in a controlled environment, providing a secure way to test and validate code. However, a vulnerability has been discovered in Terrarium that allows arbitrary code execution w…KB.CERT.ORG
21 AprVU#890999: Radware Alteon has a reflected XSS vulnerability that can execute JavaScript in the host browserOverview Radware Alteon has a reflected Cross-Site Scripting (XSS) vulnerability in the parameter ReturnTo of the route /protected/login. This vulnerability allows an attacker to execute JavaScript in the host browser. Description CVE-2026-5754: Reflected Cross-Site Scripting (XS…KB.CERT.ORG
21 Apr KEVThousands of Apache ActiveMQ instances still unpatched, weeks after an actively exploited hole discoveredTwo weeks after researchers using an AI tool discovered a major hole in Apache’s ActiveMQ messaging middleware, there are still thousands of unpatched instances open to the internet, more evidence that many application developers and IT leaders aren’t paying close attention to wa…CSOONLINE.COM
20 AprSecurity Researcher Goes To War Against MicrosoftMicrosoft Under Fire, NIST Scales Back NVD, FortiSandbox Critical Bugs, Vercel Breach Claims, Scattered Spider Member Pleads Guilty Host David Shipley covers five major stories: researcher "Chaotic Eclipse" publicly released Windows exploits—first "Blue Hammer," then "Red Sun," a…CYBERSECURITYTODAY.LIBSYN.COM
20 AprNIST Adopts Risk-Based NVD Model as CVE Submissions Jump 263% Since 2020According to a recent announcement from the National Institute of Standards and Technology (NIST), the agency is fundamentally restructuring how it manages the National Vulnerability Database (NVD). Driven by a massive 263% increase in Common Vulnerabilities and Exposures (CVE) s…GBHACKERS.COM
20 AprCopilot & Agentforce offen für Prompt-Injection-TricksKI-Agenten sind populär – und anfällig dafür, missbraucht zu werden. DC Studio / Shutterstock KI-Agenten fürs Enterprise können bekanntlich Arbeitsabläufe optimieren. Aber auch die Datenexfiltration – wie Sicherheitsforscher von Capsule Security herausgefunden haben. Sie haben so…CSOONLINE.COM
20 AprClaude Mythos – ist der Hype gerechtfertigt?Claude Mythos wird derzeit von ausgesuchten Organisationen getestet – in erster Linie großen Tech-Konzernen aus den USA. Anthropic | Screenshot Der Hype um Anthropics Security-Modell Mythos bekommt erste Risse: Während KI-Konkurrent OpenAI plant, mit einem eigenen Cybersecurity-f…CSOONLINE.COM
20 AprTBK DVR Vulnerability CVE-2024-3721 Exploited to Spread Nexcorium DDoS MalwareHackers are actively exploiting a critical vulnerability in TBK digital video recorder (DVR) devices to deploy a new Mirai-based botnet called Nexcorium. The campaign leverages CVE-2024-3721, an OS command injection vulnerability, highlighting how poorly secured IoT devices conti…GBHACKERS.COM
20 AprVU#915947: SGLang is vulnerable to remote code execution when rendering chat templates from a model fileOverview A remote code execution vulnerability has been discovered in the SGLang project, specifically in the reranking endpoint (/v1/rerank) . A CVE has been assigned to track the vulnerability; CVE-2026-5760. An attacker can create a malicious model for SGLang to achieve RCE. S…KB.CERT.ORG
20 AprAttackers Exploit DVR Command Injection Flaw to Deploy Mirai-Based BotnetFortiGuard Labs has identified a Mirai-based Nexcorium campaign actively exploiting CVE-2024-3721 in TBK DVR devicesINFOSECURITY-MAGAZINE.COM
20 AprCVE-2023-33538 under attack for a year, but exploitation still unsuccessfulHackers have targeted CVE-2023-33538 flaw in old TP-Link routers for a year, but no successful exploitation has been seen so far. Hackers have been trying for over a year to exploit a serious flaw, tracked as CVE-2023-33538 (CVSS score of 8.8), in outdated TP-Link routers, but so…SECURITYAFFAIRS.COM
20 AprNational Vulnerability Database (NVD) Shifts to Selective Enrichment as CVE Volume Surges | Flashpointsubmitted by kid to cybersecurity 2 points | 0 comments https://flashpoint.io/blog/national-vulnerability-database-nvd-shifts-to-selective-enrichment-as-cve-volume-surges/SH.ITJUST.WORKS
20 AprSGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model FilesA critical security vulnerability has been disclosed in SGLang that, if successfully exploited, could result in remote code execution on susceptible systems. The vulnerability, tracked as CVE-2026-5760, carries a CVSS score of 9.8 out of 10.0. It has been described as a case of c…THEHACKERNEWS.COM
19 AprCVE-2026-5160Information published.MSRC.MICROSOFT.COM
18 AprNVD shifts strategy to deal with a CVE backlog.US House extends FISA Section 702 for ten days. CISA recalls furloughed employees amid funding lapse.THECYBERWIRE.COM
18 AprMirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS BotnetThreat actors are exploiting security flaws in TBK DVR and end‑of‑life (EoL) TP-Link Wi-Fi routers to deploy Mirai-botnet variants on compromised devices, according to findings from Fortinet FortiGuard Labs and Palo Alto Networks Unit 42. The attack targeting TBK DVR devices has …THEHACKERNEWS.COM
18 AprNexcorium Mirai Variant Weaponises TBK DVR Vulnerability in Fresh IoT Botnet PushA newly discovered Mirai malware variant named Nexcorium is actively targeting unpatched Internet of Things (IoT) devices. According to recent threat research from FortiGuard Labs, attackers are exploiting a severe vulnerability in TBK DVR systems to build a massive botnet capabl…GBHACKERS.COM
17 AprCisco Warns Webex Customers Of Critical SSO ProblemWebEx SSO Vulnerability, booking.com Reservation Hijacking Risks, Windows Recall Scrutiny, and AI Vishing-as-a-Service Host Jim Love reports that Cisco disclosed a critical WebEx vulnerability (CVE-2026-2184) affecting SSO integration with Control Hub; although server-side fixes …CYBERSECURITYTODAY.LIBSYN.COM
17 AprNIST Limits CVE Enrichment After 263% Surge in Vulnerability SubmissionsThe National Institute of Standards and Technology (NIST) has announced changes to the way it handles cybersecurity vulnerabilities and exposures (CVEs) listed in its National Vulnerability Database (NVD), stating it will only enrich those that fulfil certain conditions owing to …THEHACKERNEWS.COM
17 AprCVE-2026-35469 SpdyStream: DOS on CRIInformation published.MSRC.MICROSOFT.COM
17 AprCVE-2026-41035Information published.MSRC.MICROSOFT.COM
17 AprPoC Released for FortiSandbox Flaw Enabling Arbitrary Command ExecutionA proof-of-concept (PoC) exploit has been publicly released for a critical security flaw in Fortinet’s FortiSandbox. Tracked as CVE-2026-39808, this severe vulnerability allows an unauthenticated attacker to execute arbitrary commands on the underlying operating system with…GBHACKERS.COM
17 AprWeaponized CVE-2026-39987 Pushes Blockchain Backdoor Through Hugging FaceAttackers are rapidly exploiting CVE-2026-39987 in the marimo Python notebook platform to deploy a new NKAbuse backdoor variant hosted on Hugging Face Spaces, turning AI/ML developer environments into high‑value infection points. The campaign combines pre-auth RCE, credential the…GBHACKERS.COM
17 AprAnother Microsoft Defender privilege escalation bug emerges days after patchDays after Microsoft patched a high-severity issue affecting its Windows Defender antivirus tool through April’s Patch Tuesday, researchers warn of another vulnerability that could enable SYSTEM privileges through local escalation. In a newly disclosed proof-of-concept (PoC) expl…CSOONLINE.COM
17 AprTP-Link Routers Hit by Mirai in CVE-2023-33538 AttacksHackers are actively scanning for vulnerable TP-Link home routers to push Mirai-style malware, abusing CVE-2023-33538 in a new wave of automated attacks. While the current exploit attempts are technically flawed, researchers warn that the underlying bug is real and dangerous when…GBHACKERS.COM
17 AprNIST Drops NVD Enrichment for Pre-March 2026 Vulnerabilities - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/nvd-enrichment-premarch-2026/SH.ITJUST.WORKS
17 AprChromium: CVE-2026-6296 Heap buffer overflow in ANGLEThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6363 Type Confusion in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6359 Use after free in VideoThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6364 Out of bounds read in SkiaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6362 Use after free in CodecsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6313 Insufficient policy enforcement in CORSThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6314 Out of bounds write in GPUThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6318 Use after free in CodecsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6361 Heap buffer overflow in PDFiumThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6310 Use after free in DawnThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6360 Use after free in FileSystemThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6316 Use after free in FormsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6309 Use after free in VizThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6311 Uninitialized Use in AccessibilityThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6307 Type Confusion in TurbofanThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6306 Heap buffer overflow in PDFiumThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6303 Use after free in CodecsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6308 Out of bounds read in MediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6302 Use after free in VideoThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6300 Use after free in CSSThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6304 Use after free in GraphiteThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6305 Heap buffer overflow in PDFiumThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6301 Type Confusion in TurbofanThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6317 Use after free in CastThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6312 Insufficient policy enforcement in PasswordsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6298 Heap buffer overflow in SkiaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6297 Use after free in ProxyThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6299 Use after free in PrerenderThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprCritical sandbox bypass fixed in popular Thymeleaf Java template engineMaintainers of Thymeleaf, a widely used template engine for Java web applications, fixed a rare critical vulnerability that allows unauthenticated attackers to execute malicious code on servers. The vulnerability, tracked as CVE-2026-40478, is rated 9.1 on the CVSS severity scale…CSOONLINE.COM
16 Apr KEVNginx-UI Flaw Actively Exploited to Enable Full Server TakeoverA severe vulnerability in nginx-ui, a widely used open-source web interface for managing Nginx servers, is currently being actively exploited in the wild. Tracked as CVE-2026-33032 with a maximum CVSS base score of 9.8, this critical flaw allows remote attackers to completely tak…GBHACKERS.COM
16 AprSplunk Enterprise and Cloud Platform Exposed to Dangerous RCE VulnerabilitySplunk has disclosed a high-severity vulnerability affecting both its Enterprise and Cloud Platform environments. Tracked as CVE-2026-20204, this flaw allows attackers to execute arbitrary code remotely. With a CVSS score of 7.1, the vulnerability requires immediate attention fro…GBHACKERS.COM
16 AprCisco Webex Vulnerability Allows User Impersonation AttacksCisco has released an urgent security advisory warning organizations of a critical vulnerability in its Webex communication platform. Tracked as CVE-2026-20184, this severe flaw could allow unauthenticated, remote attackers to entirely bypass security checks and impersonate any l…GBHACKERS.COM
16 AprNew PoC Exploit Published for Microsoft Defender 0-Day FlawA security researcher operating under the alias “Chaotic Eclipse” has publicly released a proof-of-concept (PoC) exploit for a vulnerability in Microsoft Defender. Published on April 15, 2026, the exploit targets a flaw in CVE-2026-33825, a recently patched vulnerabil…GBHACKERS.COM
16 AprCisco Patches Four Critical Identity Services, Webex Flaws Enabling Code ExecutionCisco has announced patches to address four critical security flaws impacting Identity Services and Webex Services that could result in arbitrary code execution and allow an attacker to impersonate any user within the service. The details of the vulnerabilities are below&nbs…THEHACKERNEWS.COM
16 AprBehind the Mythos hype, Glasswing has just one confirmed CVEEfforts to cut through the buzz surrounding Anthropic’s Mythos are emerging. As OpenAI moves to counter the hype around it with its own cybersecurity model, VulnCheck is reporting that the model’s publicly attributable output amounts to just one confirmed CVE. While Project Glass…CSOONLINE.COM
16 Apr KEVActively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeoversubmitted by kid to cybersecurity 2 points | 0 comments https://thehackernews.com/2026/04/critical-nginx-ui-vulnerability-cve.htmlSH.ITJUST.WORKS
16 AprNVD shifts strategy to deal with a CVE backlog.McGraw Hill confirms data breach. Two US nationals sentenced to prison for involvement in North Korean IT worker schemes.THECYBERWIRE.COM
16 AprToo many flaws, not enough time.NIST struggles with an NVD backlog. Cisco and Splunk ship critical patches. Researchers flag a systemic flaw in Anthropic’s MCP. ShinyHunters leak 13.5 million McGraw Hill accounts. Cargo theft goes cyber. A Tennessee hospital breach hits 337,000 patients. Two Americans are sente…THECYBERWIRE.COM
16 Apr KEVNIST cuts down CVE analysis amid vulnerability overloadOverwhelmed by an escalating volume of security flaws, the National Institute of Standards and Technology (NIST) has announced significant changes to how it handles cybersecurity vulnerabilities and exposures (CVEs). Rather than commit to providing enrichment for all entries in i…CSOONLINE.COM
16 AprCisco Systems issues three advisories for critical vulnerabilities in Webex, ISEAdmins who use Cisco Webex Services configured to use trust anchors within the SSO integration with Control Hub must install a new identity provider certificate to close a critical vulnerability, or risk losing access control. Cisco said in an advisory this week that admins must …CSOONLINE.COM
15 Apr KEVApril Patch Tuesday roundup: Zero day vulnerabilities and critical bugsA critical hole in Windows Internet Key Exchange for secure communications, an actively exploited zero day in Microsoft SharePoint and a critical SQL injection vulnerability in a SAP product are the focus of the April Patch Tuesday releases requiring immediate attention from IT s…CSOONLINE.COM
15 Apr KEVMicrosoft Patch Tuesday for April 2026 fixed actively exploited SharePoint zero-dayMicrosoft Patch Tuesday security updates for April 2026 fixed 165 vulnerabilities, including an actively exploited SharePoint zero-day. Microsoft Patch Tuesday security updates addressed 165 vulnerabilities, making it one of the largest updates by CVE count. One of the most inter…SECURITYAFFAIRS.COM
15 AprCVE-2026-33555Information published.MSRC.MICROSOFT.COM
15 AprCVE-2026-5466 wc_VerifyEccsiHash missing sanity checkInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-5194 wolfSSL ECDSA Certificate VerificationInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-5264 DTLS 1.3 ACK heap buffer overflowInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-5446 wolfSSL ARIA-GCM TLS 1.2/DTLS 1.2 GCM nonce reuseInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-5504 PKCS7 CBC Padding Oracle — Plaintext RecoveryInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-5479 wolfSSL EVP ChaCha20-Poly1305 AEAD authentication tagInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-5188 Integer underflow in X.509 SAN parsing in wolfSSLInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-5392 wolfSSL heap OOB read in PKCS7 SignedData streamingInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-35201 Discount has an Out-of-bounds Read in rdiscountInformation published.MSRC.MICROSOFT.COM
15 Apr KEVMicrosoft Warns of Actively Exploited SharePoint Server Zero-DayMicrosoft issued an urgent security update addressing an actively exploited zero-day vulnerability in its SharePoint Server platform. The flaw, officially tracked as CVE-2026-32201, allows unauthenticated attackers to conduct network-based spoofing attacks. Because threat actors …GBHACKERS.COM
15 AprWindows Active Directory Flaw Opens Door to Malicious Code ExecutionMicrosoft disclosed a critical security vulnerability within Windows Active Directory that exposes enterprise networks to severe risks. Tracked officially as CVE-2026-33826, this vulnerability allows authenticated attackers to execute malicious code remotely over an adjacent netw…GBHACKERS.COM
15 AprCopilot and Agentforce fall to form-based prompt injection tricksEnterprise AI agents are supposed to streamline workflows. Instead, two fresh findings show they can just as easily streamline data exfiltration. Security researchers have uncovered prompt-injection vulnerabilities in both Microsoft Copilot Studio and Salesforce Agentforce that a…CSOONLINE.COM
15 Apr KEVActively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server TakeoverA recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild. The vulnerability in question is CVE-2026-33032 (CVSS score: 9.8), an authentication bypass vulnerability that ena…THEHACKERNEWS.COM
15 AprApril Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and MoreA number of critical vulnerabilities impacting products from Adobe, Fortinet, Microsoft, and SAP have taken center stage in April's Patch Tuesday releases. Topping the list is an SQL injection vulnerability impacting SAP Business Planning and Consolidation and SAP Busin…THEHACKERNEWS.COM
15 Apr KEVCVE-2026-33032: severe nginx-ui bug grants unauthenticated server accessAn actively exploited critical nginx-ui flaw (CVE-2026-33032) lets attackers bypass authentication and take full control of Nginx servers. A critical vulnerability in nginx-ui, tracked as CVE-2026-33032 (CVSS score of 9.8), is being actively exploited, allowing attackers to bypas…SECURITYAFFAIRS.COM
15 AprCritical nginx UI tool vulnerability opens web servers to full compromiseSecurity vendor Pluto Security has published details of a critical vulnerability in the open-source nginx UI web server configuration tool that has been under active exploitation by cybercriminals since March. News of the flaw, identified as CVE-2026-33032 , first appeared on the…CSOONLINE.COM
14 Apr KEVShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched ServersA critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0520 (aka CNVD-2020-26585), which carries a CVSS score o…THEHACKERNEWS.COM
14 AprCVE-2025-1147 GNU Binutils nm nm.c internal_strlen buffer overflowInformation published.MSRC.MICROSOFT.COM
14 AprCVE-2025-1148 GNU Binutils ld ldelfgen.c link_order_scan memory leakInformation published.MSRC.MICROSOFT.COM
14 AprCVE-2025-11839 GNU Binutils prdbg.c tg_tag_type return valueInformation published.MSRC.MICROSOFT.COM
14 AprCVE-2026-40385Information published.MSRC.MICROSOFT.COM
14 AprCVE-2026-40393Information published.MSRC.MICROSOFT.COM
14 AprCVE-2026-31423 net/sched: sch_hfsc: fix divide-by-zero in rtsc_min()Information published.MSRC.MICROSOFT.COM
14 AprCVE-2026-40386Information published.MSRC.MICROSOFT.COM
14 AprCVE-2026-31417 net/x25: Fix overflow when accumulating packetsInformation published.MSRC.MICROSOFT.COM
14 AprCVE-2026-31414 netfilter: nf_conntrack_expect: use expect->helperInformation published.MSRC.MICROSOFT.COM
14 AprHackers Exploit Critical ShowDoc RCE Flaw in Ongoing AttacksCybersecurity researchers have highlighted a critical vulnerability in ShowDoc, a widely used online document-sharing platform designed for IT teams. Tracked as CNVD-2020-26585, this severe security flaw allows unauthenticated remote code execution (RCE) on compromised servers. T…GBHACKERS.COM
14 Apr KEVCISA Warns Fortinet SQL Injection Flaw Is Being Actively ExploitedThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical security flaw in Fortinet software. On April 13, 2026, CISA added CVE-2026-21643 to its Known Exploited Vulnerabilities (KEV) catalog. This action confirms that threat ac…GBHACKERS.COM
14 Apr KEVAttackers target unpatched ShowDoc servers via CVE-2025-0520A critical RCE flaw, tracked as CVE-2025-0520, in ShowDoc is being actively exploited, putting unpatched servers at serious risk. A critical remote code execution flaw, tracked as CVE-2025-0520 (CVSS score of 9.4), affecting ShowDoc is under active exploitation in the wild. ShowD…SECURITYAFFAIRS.COM
14 AprCritical etcd Vulnerability Allows Unauthorized Access to Sensitive Cluster APIsAn autonomous AI security agent developed by Strix has discovered a critical authentication bypass vulnerability in etcd, the widely used distributed key-value store that underpins countless backend systems worldwide. Tracked as CVE-2026-33413 and assigned a CVSS score of 8.8, th…GBHACKERS.COM
14 Apr KEVAdobe issues emergency fix for Acrobat Reader flaw exploited in the wild (CVE-2026-34621) - Help Net Securitysubmitted by kid to cybersecurity 4 points | 0 comments https://www.helpnetsecurity.com/2026/04/13/adobe-acrobat-reader-cve-2026-34621-emergency-fix/SH.ITJUST.WORKS
14 AprNew PHP Composer Flaws Enable Arbitrary Command Execution — Patches ReleasedTwo high-severity security vulnerabilities have been disclosed in Composer, a package manager for PHP, that, if successfully exploited, could result in arbitrary command execution. The vulnerabilities have been described as command injection flaws affecti…THEHACKERNEWS.COM
14 AprCVE-2026-20930 Windows Management Services Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-25250 MITRE: CVE-2026-25250 Secure Boot disable Eazy FixMissing cryptographic step in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-23653 GitHub Copilot and Visual Studio Code Information Disclosure VulnerabilityImproper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-25184 Applocker Filter Driver (applockerfltr.sys) Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Applocker Filter Driver (applockerfltr.sys) allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-20945 Microsoft SharePoint Server Spoofing VulnerabilityImproper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-23670 Windows Virtualization-Based Security (VBS) Security Feature Bypass VulnerabilityUntrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26149 Microsoft Power Apps Security Feature BypassImproper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to bypass a security feature over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-26151 Remote Desktop Spoofing VulnerabilityInsufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-26154 Windows Server Update Service (WSUS) Tampering VulnerabilityImproper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-26160 Remote Desktop Licensing Service Elevation of Privilege VulnerabilityMissing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26161 Windows Sensor Data Service Elevation of Privilege VulnerabilityUntrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26162 Windows OLE Elevation of Privilege VulnerabilityAccess of resource using incompatible type ('type confusion') in Windows OLE allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26165 Windows Shell Elevation of Privilege VulnerabilityUse after free in Windows Shell allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26166 Windows Shell Elevation of Privilege VulnerabilityDouble free in Windows Shell allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26167 Windows Push Notifications Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26174 Windows Server Update Service (WSUS) Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Server Update Service allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26175 Windows Boot Manager Security Feature Bypass VulnerabilityUse of uninitialized resource in Windows Boot Manager allows an unauthorized attacker to bypass a security feature with a physical attack.MSRC.MICROSOFT.COM
14 AprCVE-2026-26179 Windows Kernel Elevation of Privilege VulnerabilityDouble free in Windows Kernel allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26180 Windows Kernel Elevation of Privilege VulnerabilityHeap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26181 Microsoft Brokering File System Elevation of Privilege VulnerabilityUse after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26183 Remote Access Management service/API (RPC server) Elevation of Privilege VulnerabilityImproper access control in Windows RPC API allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27906 Windows Hello Security Feature Bypass VulnerabilityImproper input validation in Windows Hello allows an authorized attacker to bypass a security feature locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27907 Windows Storage Spaces Controller Elevation of Privilege VulnerabilityInteger underflow (wrap or wraparound) in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27908 Windows TDI Translation Driver (tdx.sys) Elevation of Privilege VulnerabilityUse after free in Windows TDI Translation Driver (tdx.sys) allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27915 Windows UPnP Device Host Elevation of Privilege VulnerabilityUse after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27917 Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) Elevation of Privilege VulnerabilityUse after free in Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27918 Windows Shell Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27919 Windows UPnP Device Host Elevation of Privilege VulnerabilityUntrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27921 Windows TDI Translation Driver (tdx.sys) Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27924 Desktop Window Manager Elevation of Privilege VulnerabilityUse after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27926 Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27927 Windows Projected File System Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Projected File System allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27929 Windows LUA File Virtualization Filter Driver Elevation of Privilege VulnerabilityTime-of-check time-of-use (toctou) race condition in Windows LUAFV allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27931 Windows GDI Information Disclosure VulnerabilityOut-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32071 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service VulnerabilityNull pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-32073 Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityUse after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32075 Windows UPnP Device Host Elevation of Privilege VulnerabilityUse after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32081 Package Catalog Information Disclosure VulnerabilityExposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32082 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32083 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32085 Remote Procedure Call Information Disclosure VulnerabilityExposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an authorized attacker to disclose information locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32087 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege VulnerabilityHeap-based buffer overflow in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32089 Windows Speech Brokered Api Elevation of Privilege VulnerabilityUse after free in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32090 Windows Speech Brokered Api Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32093 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32152 Desktop Window Manager Elevation of Privilege VulnerabilityUse after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32154 Desktop Window Manager Elevation of Privilege VulnerabilityUse after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32156 Windows UPnP Device Host Remote Code Execution VulnerabilityUse after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32157 Remote Desktop Client Remote Code Execution VulnerabilityUse after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-32158 Windows Push Notifications Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32159 Windows Push Notifications Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32160 Windows Push Notifications Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-0390 UEFI Secure Boot Security Feature Bypass VulnerabilityReliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32165 Windows User Interface Core Elevation of Privilege VulnerabilityUse after free in Windows User Interface Core allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32167 SQL Server Elevation of Privilege VulnerabilityImproper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32168 Azure Monitor Agent Elevation of Privilege VulnerabilityImproper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32178 .NET Spoofing VulnerabilityImproper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-32181 Connected User Experiences and Telemetry Service Denial of Service VulnerabilityImproper privilege management in Microsoft Windows allows an authorized attacker to deny service locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32183 Windows Snipping Tool Remote Code Execution VulnerabilityImproper neutralization of special elements used in a command ('command injection') in Windows Snipping Tool allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32184 Microsoft High Performance Compute (HPC) Pack Elevation of Privilege VulnerabilityDeserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32188 Microsoft Excel Information Disclosure VulnerabilityOut-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32189 Microsoft Excel Remote Code Execution VulnerabilityUse after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32192 Azure Monitor Agent Elevation of Privilege VulnerabilityDeserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32195 Windows Kernel Elevation of Privilege VulnerabilityStack-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32202 Windows Shell Spoofing VulnerabilityProtection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-32215 Windows Kernel Information Disclosure VulnerabilityInsertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32216 Windows Redirected Drive Buffering System Denial of Service VulnerabilityNull pointer dereference in Windows Redirected Drive Buffering allows an authorized attacker to deny service locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32217 Windows Kernel Information Disclosure VulnerabilityInsertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32218 Windows Kernel Information Disclosure VulnerabilityInsertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.MSRC.MICROSOFT.COM
14 AprCVE-2023-20585 AMD: CVE-2023-20585 IOMMU Write Buffer VulnerabilityThe vulnerability assigned to this CVE could lead to corruption of guest encrypted memory. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigatio…MSRC.MICROSOFT.COM
14 AprCVE-2026-32219 Microsoft Brokering File System Elevation of Privilege VulnerabilityDouble free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32220 UEFI Secure Boot Security Feature Bypass VulnerabilityImproper access control in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32221 Windows Graphics Component Remote Code Execution VulnerabilityHeap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32222 Windows Win32k Elevation of Privilege VulnerabilityUntrusted pointer dereference in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32223 Windows USB Printing Stack (usbprint.sys) Elevation of Privilege VulnerabilityHeap-based buffer overflow in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a physical attack.MSRC.MICROSOFT.COM
14 AprCVE-2026-32224 Windows Server Update Service (WSUS) Elevation of Privilege VulnerabilityUse after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32226 .NET Framework Denial of Service VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-33095 Microsoft Word Remote Code Execution VulnerabilityUse after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-33096 HTTP.sys Denial of Service VulnerabilityOut-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-33098 Windows Container Isolation FS Filter Driver Elevation of Privilege VulnerabilityUse after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-33116 .NET, .NET Framework, and Visual Studio Denial of Service VulnerabilityLoop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-33120 Microsoft SQL Server Remote Code Execution VulnerabilityUntrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-33822 Microsoft Word Information Disclosure VulnerabilityOut-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-33826 Windows Active Directory Remote Code Execution VulnerabilityImproper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.MSRC.MICROSOFT.COM
14 AprCVE-2026-32212 Universal Plug and Play (upnp.dll) Information Disclosure VulnerabilityImproper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32631 GitHub: CVE-2026-32631 'git clone' from manipulated repositories can leak NTLM hashes[CVE-2026-32631](https://www.cve.org/CVERecord?id=CVE-2026-32631) is regarding a vulnerability where it is possible to obtain a user's NTLM hash by tricking them into cloning a malicious repository, or checking out a malicious branch that accesses an attacker-controlled server. B…MSRC.MICROSOFT.COM
14 AprCVE-2026-21637 HackerOne: CVE-2026-21637 TLS PSK/ALPN Callback Exceptions Bypass Error Handlers[CVE-2026-21637](https://www.cve.org/CVERecord?id=CVE-2026-21637) is regarding a vulnerability in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during the…MSRC.MICROSOFT.COM
14 AprCVE-2026-20928 Windows Recovery Environment Security Feature Bypass VulnerabilityImproper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack.MSRC.MICROSOFT.COM
14 AprCVE-2026-20806 Windows COM Server Information Disclosure VulnerabilityAccess of resource using incompatible type ('type confusion') in Windows COM allows an authorized attacker to disclose information locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-23657 Microsoft Word Remote Code Execution VulnerabilityUse after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-23666 .NET Framework Denial of Service VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-26143 Microsoft PowerShell Security Feature Bypass VulnerabilityImproper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26152 Microsoft Cryptographic Services Elevation of Privilege VulnerabilityInsecure storage of sensitive information in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26153 Windows Encrypted File System (EFS) Elevation of Privilege VulnerabilityOut-of-bounds read in Windows Encrypting File System (EFS) allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26156 Windows Hyper-V Remote Code Execution VulnerabilityHeap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26159 Remote Desktop Licensing Service Elevation of Privilege VulnerabilityMissing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26163 Windows Kernel Elevation of Privilege VulnerabilityDouble free in Windows Kernel allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26168 Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26169 Windows Kernel Memory Information Disclosure VulnerabilityBuffer over-read in Windows Kernel Memory allows an authorized attacker to disclose information locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26170 PowerShell Elevation of Privilege VulnerabilityImproper input validation in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26172 Windows Push Notifications Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26173 Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26176 Windows Client Side Caching driver (csc.sys) Elevation of Privilege VulnerabilityHeap-based buffer overflow in Windows Client Side Caching driver (csc.sys) allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26177 Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityUse after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26178 Windows Advanced Rasterization Platform Elevation of Privilege VulnerabilityInteger size truncation in Windows Advanced Rasterization Platform (WARP) allows an unauthorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26182 Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityUse after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26184 Windows Projected File System Elevation of Privilege VulnerabilityBuffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27909 Windows Search Service Elevation of Privilege VulnerabilityUse after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27910 Windows Installer Elevation of Privilege VulnerabilityImproper handling of insufficient permissions or privileges in Windows Installer allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27911 Windows User Interface Core Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27912 Windows Kerberos Elevation of Privilege VulnerabilityImproper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network.MSRC.MICROSOFT.COM
14 AprCVE-2026-27913 Windows BitLocker Security Feature Bypass VulnerabilityImproper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27914 Microsoft Management Console Elevation of Privilege VulnerabilityImproper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27916 Windows UPnP Device Host Elevation of Privilege VulnerabilityUse after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27920 Windows UPnP Device Host Elevation of Privilege VulnerabilityUntrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27922 Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityUse after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27923 Desktop Window Manager Elevation of Privilege VulnerabilityUse after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27925 Windows UPnP Device Host Information Disclosure VulnerabilityUse after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to disclose information over an adjacent network.MSRC.MICROSOFT.COM
14 AprCVE-2026-27928 Windows Hello Security Feature Bypass VulnerabilityImproper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-27930 Windows GDI Information Disclosure VulnerabilityOut-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32068 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32069 Windows Projected File System Elevation of Privilege VulnerabilityDouble free in Windows Projected File System allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32070 Windows Common Log File System Driver Elevation of Privilege VulnerabilityUse after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32072 Active Directory Spoofing VulnerabilityImproper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32074 Windows Projected File System Elevation of Privilege VulnerabilityDouble free in Windows Projected File System allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32076 Windows Storage Spaces Controller Elevation of Privilege VulnerabilityOut-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32077 Windows UPnP Device Host Elevation of Privilege VulnerabilityUntrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32078 Windows Projected File System Elevation of Privilege VulnerabilityUse after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32079 Web Account Manager Information Disclosure VulnerabilityExposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32080 Windows WalletService Elevation of Privilege VulnerabilityUse after free in Windows WalletService allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32084 Windows Print Spooler Information Disclosure VulnerabilityExposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32086 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32088 Windows Biometric Service Security Feature Bypass VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Biometric Service allows an unauthorized attacker to bypass a security feature with a physical attack.MSRC.MICROSOFT.COM
14 AprCVE-2026-32091 Microsoft Brokering File System Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32149 Windows Hyper-V Remote Code Execution VulnerabilityImproper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32150 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32151 Windows Shell Information Disclosure VulnerabilityExposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-32153 Windows Speech Runtime Elevation of Privilege VulnerabilityUse after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32155 Desktop Window Manager Elevation of Privilege VulnerabilityUse after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32162 Windows COM Elevation of Privilege VulnerabilityAcceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32163 Windows User Interface Core Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32164 Windows User Interface Core Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32171 Azure Logic Apps Elevation of Privilege VulnerabilityInsufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-32176 SQL Server Elevation of Privilege VulnerabilityImproper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32190 Microsoft Office Remote Code Execution VulnerabilityUse after free in Microsoft Office allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32196 Windows Admin Center Spoofing VulnerabilityImproper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-32197 Microsoft Excel Remote Code Execution VulnerabilityUse after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32198 Microsoft Excel Remote Code Execution VulnerabilityUse after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32199 Microsoft Excel Remote Code Execution VulnerabilityUse after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32200 Microsoft PowerPoint Remote Code Execution VulnerabilityUse after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32201 Microsoft SharePoint Server Spoofing VulnerabilityImproper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-26171 .NET Denial of Service VulnerabilityUncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-32203 .NET and Visual Studio Denial of Service VulnerabilityStack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-32225 Windows Shell Security Feature Bypass VulnerabilityProtection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-33099 Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityUse after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-33100 Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityUse after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-33101 Windows Print Spooler Elevation of Privilege VulnerabilityUse after free in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-33103 Microsoft Dynamics 365 (On-Premises) Information Disclosure VulnerabilityImproper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-33104 Win32k Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-33114 Microsoft Word Remote Code Execution VulnerabilityUntrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-33115 Microsoft Word Remote Code Execution VulnerabilityUse after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-33827 Windows TCP/IP Remote Code Execution VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-33824 Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution VulnerabilityDouble free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-33829 Windows Snipping Tool Spoofing VulnerabilityExposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-32214 Universal Plug and Play (upnp.dll) Information Disclosure VulnerabilityImproper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-33825 Microsoft Defender Elevation of Privilege VulnerabilityInsufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 Apr KEVMicrosoft’s April 2026 Patch Tuesday Addresses 163 CVEs (CVE-2026-32201)8 Critical 154 Important 1 Moderate 0 Low Microsoft addresses 163 CVEs in the April 2026 Patch Tuesday release, including two zero-day vulnerabilities, one of which was exploited in the wild. Microsoft patched 163 CVEs in its April 2026 Patch Tuesday release, with eight rated cri…TENABLE.COM
13 Apr KEVAdobe Fixes Actively Exploited Zero-Day in Acrobat ReaderAdobe has released an emergency security update to address a critical zero-day vulnerability in Acrobat and Reader for Windows and macOS. According to Adobe’s APSB26-43 bulletin, the flaw is currently being exploited in the wild, prompting a Priority 1 rating from the compa…GBHACKERS.COM
13 AprWordPress Plugin Vulnerability Enables Admin Takeover via Auth BypassA newly disclosed vulnerability, tracked as CVE-2026-1492, has been identified in the User Registration & Membership plugin for WordPress, exposing websites to critical authentication bypass and privilege escalation risks. Affecting versions up to 5.1.2, the vulnerability all…GBHACKERS.COM
13 Apr KEVMarimo RCE Vulnerability Exploited Within 10 Hours of Public DisclosureA critical remote code execution (RCE) vulnerability in the open-source Python notebook platform Marimo was actively exploited less than 10 hours after its public disclosure. The flaw, initially tracked as GHSA-2679-6mx9-h9xc and later assigned CVE-2026-39987, carries a critical …GBHACKERS.COM
13 AprCritical Axios Vulnerability Enables Remote Code Execution, PoC ReleasedA critical security vulnerability has been discovered in Axios, one of the most widely used HTTP client libraries, exposing applications to Remote Code Execution (RCE) and full cloud infrastructure compromise. Tracked as CVE-2026-40175, this flaw carries a critical CVSS 3.1 score…GBHACKERS.COM
13 AprSeven IBM WebSphere Liberty flaws can be chained into full takeoverSecurity researchers are warning of a set of flaws affecting IBM WebSphere Liberty, a lightweight, modular Java application server, that can be chained into a full server compromise. The flaws, a total of seven, that led to the ultimate compromise of the server were initiated by …CSOONLINE.COM
13 Apr KEVCritical flaw in Marimo Python notebook exploited within 10 hours of disclosureA critical pre-authentication remote code execution vulnerability in Marimo, an open-source Python notebook platform owned by AI cloud company CoreWeave, was exploited in the wild less than 10 hours after its public disclosure, according to the Sysdig Threat Research Team. The vu…CSOONLINE.COM
13 AprAdobe rolls out emergency fix for Acrobat, Reader zero-day flawAdobe has released an emergency security update for Acrobat Reader to fix a vulnerability, tracked as CVE-2026-34621, that has been exploited in zero-day attacks since at least December. [...]BLEEPINGCOMPUTER.COM
12 Apr KEVAdobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621Adobe has released emergency updates to fix a critical security flaw in Acrobat Reader that has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2026-34621, carries a CVSS score of 8.6 out of 10.0. Successful exploitation of…THEHACKERNEWS.COM
12 AprCVE-2026-40226Information published.MSRC.MICROSOFT.COM
12 AprAdobe Patches Reader Zero-Day Exploited for MonthsThe vulnerability is tracked as CVE-2026-34621 and Adobe has confirmed that it can be exploited for arbitrary code execution. The post Adobe Patches Reader Zero-Day Exploited for Months appeared first on SecurityWeek .SECURITYWEEK.COM
12 Apr KEVAdobe fixes actively exploited Acrobat Reader flaw CVE-2026-34621Adobe addressed a critical Acrobat Reader vulnerability, tracked as CVE-2026-34621, which is actively exploited to run malicious code. Adobe released emergency updates to address a critical vulnerability, tracked as CVE-2026-34621 (CVSS score of 8.6), in Adobe Acrobat Reader, whi…SECURITYAFFAIRS.COM
11 AprJeff Williams CTO Cofounder of Contrast Security and OWASP co-founder on Mythos and AI SecurityAI-Powered AppSec, OWASP Origins, and Anthropic's "Mythos" Model: Jeff Williams on What Changes Next Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integ…CYBERSECURITYTODAY.LIBSYN.COM
11 AprCVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tarInformation published.MSRC.MICROSOFT.COM
11 AprCVE-2026-32281 Inefficient policy validation in crypto/x509Information published.MSRC.MICROSOFT.COM
11 AprCVE-2026-32280 Unexpected work during chain building in crypto/x509Information published.MSRC.MICROSOFT.COM
10 AprJuniper Networks Default Credential Vulnerability Allows Unauthorized Full AccessJuniper Networks has issued a critical security alert regarding a severe vulnerability in its Support Insights (JSI) Virtual Lightweight Collector (vLWC). Tracked as CVE-2026-33784, this default credential flaw carries a near-maximum CVSS v3.1 severity score of 9.8. If left unres…GBHACKERS.COM
10 AprCVE-2026-40025 Sleuth Kit APFS Keybag Parser Out-of-Bounds ReadInformation published.MSRC.MICROSOFT.COM
10 AprCVE-2026-40024 Sleuth Kit tsk_recover Path TraversalInformation published.MSRC.MICROSOFT.COM
10 AprCVE-2026-39881 Vim Ex command injection in Vims NetBeans integrationInformation published.MSRC.MICROSOFT.COM
10 AprCVE-2026-23403 apparmor: fix memory leak in verify_headerInformation published.MSRC.MICROSOFT.COM
10 AprCVE-2026-23409 apparmor: fix differential encoding verificationInformation published.MSRC.MICROSOFT.COM
10 AprCVE-2026-23410 apparmor: fix race on rawdata dereferenceInformation published.MSRC.MICROSOFT.COM
10 AprNew React Server Components Flaw Could Let Attackers Trigger DoSA newly disclosed high-severity vulnerability in React Server Components could allow unauthenticated attackers to trigger a Denial of Service (DoS) condition. Tracked as CVE-2026-23869, this flaw poses a significant risk to web applications using specific server-side rendering pa…GBHACKERS.COM
10 AprHPE Aruba Private 5G Vulnerability Opens Door to Credential Theft AttacksA newly disclosed security flaw in HPE Aruba Networking Private 5G Core On-Prem is putting enterprise networks at severe risk of credential theft. Documented under the security bulletin HPESBNW05032EN_US, this vulnerability targets the platform’s graphical user interface an…GBHACKERS.COM
10 AprMarimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of DisclosureA critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from Sysdig. The vulnerability in question is CVE-2026-39987 (CVSS score: …THEHACKERNEWS.COM
10 AprClaude uncovers a 13‑year‑old ActiveMQ RCE bug within minutesAnthropic’s Claude dug up a critical remote code execution (RCE) bug that sat quietly inside Apache ActiveMQ Classic for over a decade. Researchers at Horizon3.ai say that it only took minutes for their team to work out an exploit chain for the bug with the help of AI. The resear…CSOONLINE.COM
10 AprHackers Exploit GitHub Copilot Flaw to Exfiltrate Sensitive DataA high-severity flaw in GitHub Copilot Chat recently allowed attackers to silently steal sensitive data like API keys and private source code. Tracked as CVE-2025-59145 with a critical CVSS score of 9.6, this vulnerability required no malicious code execution. Instead, hackers us…GBHACKERS.COM
10 AprBringing Rust to the Pixel BasebandPosted by Jiacheng Lu, Software Engineer, Google Pixel Team Google is continuously advancing the security of Pixel devices. We have been focusing on hardening the cellular baseband modem against exploitation. Recognizing the risks associated within the complex modem firmware, Pix…SECURITY.GOOGLEBLOG.COM
10 AprOld Docker authorization bypass pops up despite previous patchResearchers warn about a new vulnerability that allows attackers to bypass authorization plug-ins in Docker Engine and gain root-level access to host systems. The flaw has the same root cause as another authorization bypass vulnerability patched in 2024, but the underlying proble…CSOONLINE.COM
10 AprChromium: CVE-2026-5899 Incorrect security UI in History NavigationThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5897 Incorrect security UI in DownloadsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5898 Incorrect security UI in OmniboxThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5896 Policy bypass in AudioThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5894 Inappropriate implementation in PDFThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5893 Race in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5891 Insufficient policy enforcement in browser UIThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5892 Insufficient policy enforcement in PWAsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5886 Out of bounds read in WebAudioThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5888 Uninitialized Use in WebCodecsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5890 Race in WebCodecsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5884 Insufficient validation of untrusted input in MediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5885 Insufficient validation of untrusted input in WebMLThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5895 Incorrect security UI in OmniboxThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5883 Use after free in MediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5887 Insufficient validation of untrusted input in DownloadsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5889 Cryptographic Flaw in PDFiumThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5880 Incorrect security UI in browser UIThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5879 Insufficient validation of untrusted input in ANGLEThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5882 Incorrect security UI in FullscreenThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5881 Policy bypass in LocalNetworkAccessThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5876 Side-channel information leakage in NavigationThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5878 Incorrect security UI in BlinkThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5877 Use after free in NavigationThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5874 Use after free in PrivateAIThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5871 Type Confusion in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5872 Use after free in BlinkThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5873 Out of bounds read and write in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5875 Policy bypass in BlinkThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5869 Heap buffer overflow in WebMLThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5870 Integer overflow in SkiaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5868 Heap buffer overflow in ANGLEThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5864 Heap buffer overflow in WebAudioThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5862 Inappropriate implementation in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5867 Heap buffer overflow in WebMLThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5860 Use after free in WebRTCThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5863 Inappropriate implementation in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5858 Heap buffer overflow in WebMLThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5859 Integer overflow in WebMLThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5861 Use after free in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5918 Inappropriate implementation in NavigationThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5919 Insufficient validation of untrusted input in WebSocketsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5913 Out of bounds read in BlinkThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5915 Insufficient validation of untrusted input in WebMLThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5914 Type Confusion in CSSThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5911 Policy bypass in ServiceWorkersThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5909 Integer overflow in MediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5912 Integer overflow in WebRTCThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5910 Integer overflow in MediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5908 Integer overflow in MediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5907 Insufficient data validation in MediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5904 Use after free in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5865 Type Confusion in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5906 Incorrect security UI in OmniboxThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5905 Incorrect security UI in PermissionsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5900 Policy bypass in DownloadsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5866 Use after free in MediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5903 Policy bypass in IFrameSandboxThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5902 Race in MediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5901 Policy bypass in DevToolsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprCVE-2026-33119 Microsoft Edge (Chromium-based) for Android Spoofing VulnerabilityUser interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.MSRC.MICROSOFT.COM
10 AprCVE-2026-33118 Microsoft Edge (Chromium-based) Spoofing VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 Apr KEVFortinet EMS Zero-Day, Anthropic's AI Finds Thousands of Bugs, Iranian Hackers Target US ICSFortinet EMS Zero-Day Exploited, Anthropic's AI Finds Thousands of Bugs, and Iranian Hackers Target US ICS Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one…CYBERSECURITYTODAY.LIBSYN.COM
9 AprPalo Alto Cortex XSOAR Flaw in Microsoft Teams Integration Lets Attackers Access DataPalo Alto Networks has released a high-priority security update to address a serious vulnerability in its Cortex XSOAR and Cortex XSIAM platforms. Tracked as CVE-2026-0234, this security flaw exists within the Microsoft Teams integration. If successfully exploited, it allows an u…GBHACKERS.COM
9 AprCVE-2026-31789 Heap Buffer Overflow in Hexadecimal ConversionInformation published.MSRC.MICROSOFT.COM
9 AprCVE-2026-28387 Potential Use-after-free in DANE Client CodeInformation published.MSRC.MICROSOFT.COM
9 AprCVE-2026-28388 NULL Pointer Dereference When Processing a Delta CRLInformation published.MSRC.MICROSOFT.COM
9 Apr KEVCISA Issues Warning on Critical Ivanti EPMM Flaw Exploited in Ongoing AttacksThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a critical security flaw in Ivanti Endpoint Manager Mobile (EPMM). The agency recently added the vulnerability, identified as CVE-2026-1340, to its Known Exploited Vulnerabilities (KE…GBHACKERS.COM
9 AprTechnical Details Released for Critical Cisco SSM Command Execution VulnerabilitySecurity researchers have published technical details regarding a highly critical vulnerability in the Cisco Smart Software Manager On-Prem (SSM On-Prem). Tracked as CVE-2026-20160, this flaw carries a near-maximum CVSS score of 9.8. It allows remote, unauthenticated attackers to…GBHACKERS.COM
9 Apr KEVVulnerability-Lookup 4.4.0submitted by cm0002 to cybersecurity 1 points | 0 comments https://github.com/vulnerability-lookup/vulnerability-lookup/releases/tag/v4.4.0 We are pleased to announce the release of Vulnerability-Lookup 4.4.0 ! This release introduces public disclosure list views , enhanced sight…INFOSEC.PUB
9 Apr KEVHackers have been exploiting an unpatched Adobe Reader vulnerability for monthsAdobe Reader vulnerabilities have been exploited for decades by threat actors taking advantage of the universal use of the utility to fool employees into downloading infected PDF documents through phishing lures. Now a security researcher says a Reader hole has been quietly explo…CSOONLINE.COM
9 AprVU#536588: Multiple Heap Buffer Overflows in Orthanc DICOM ServerOverview Multiple vulnerabilities have been identified in Orthanc DICOM Server version, 1.12.10 and earlier, that affect image decoding and HTTP request handling components. These vulnerabilities include heap buffer overflows, out-of-bounds reads, and resource exhaustion vulnerab…KB.CERT.ORG
8 AprClaude Identifies Critical 13-Year-Old RCE Vulnerability in Apache ActiveMQAn AI assistant recently uncovered a critical remote code execution (RCE) vulnerability in Apache ActiveMQ Classic that went unnoticed for 13 years. Tracked as CVE-2026-34197, this flaw allows attackers to force the message broker to download a remote configuration file and execu…GBHACKERS.COM
8 AprCVE-2026-35177 Path traversal issue with zip.vim in VimInformation published.MSRC.MICROSOFT.COM
8 AprDocker Authorization Bypass Flaw Exposed Hosts to Potential AttackersA high-severity security vulnerability has been discovered in Docker Engine, exposing hosts to potential authorization bypass attacks. Tracked as CVE-2026-34040, the flaw allows attackers to evade authorization plugins (AuthZ) by manipulating API request bodies. While the base li…GBHACKERS.COM
8 AprMultiple OpenSSL Flaws Expose Sensitive Data in RSA KEM HandlingA newly disclosed flaw in OpenSSL could allow attackers to access sensitive data stored in application memory. Tracked as CVE-2026-31790, this moderate-severity vulnerability affects the handling of RSA Key Encapsulation Mechanism (KEM) RSASVE encapsulation. OpenSSL issued the se…GBHACKERS.COM
8 AprHackers exploit a critical Flowise flaw affecting thousands of AI workflowsThreat actors have found a way to inject arbitrary JavaScript into the Flowise low-code platform for building custom LLM and agentic systems. The code injection was possible due to a design oversight, rated at max-severity, in the platform’s custom MCP node, which acts as a plug-…CSOONLINE.COM
8 AprDocker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Accesssubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2026/04/docker-cve-2026-34040-lets-attackers.htmlSH.ITJUST.WORKS
7 Apr50,000 WordPress Sites Running Ninja Forms Vulnerable to Critical File Upload RCEA severe security flaw has been discovered in the Ninja Forms File Upload plugin, a widely utilized WordPress add-on that allows website administrators to accept documents, images, and other media from their visitors. Tracked officially as CVE-2026-0740, this unauthenticated arbi…GBHACKERS.COM
7 AprFlowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances ExposedThreat actors are exploiting a maximum-severity security flaw in Flowise, an open-source artificial intelligence (AI) platform, according to new findings from VulnCheck. The vulnerability in question is CVE-2025-59528 (CVSS score: 10.0), a code injection vulnerability that c…THEHACKERNEWS.COM
7 AprCVE-2026-35386Information published.MSRC.MICROSOFT.COM
7 AprCVE-2026-34743 XZ Utils: Buffer overflow in lzma_index_append()Information published.MSRC.MICROSOFT.COM
7 AprCVE-2026-31410 ksmbd: use volume UUID in FS_OBJECT_ID_INFORMATIONInformation published.MSRC.MICROSOFT.COM
7 AprCVE-2026-35388Information published.MSRC.MICROSOFT.COM
7 AprCVE-2026-35387Information published.MSRC.MICROSOFT.COM
7 AprCVE-2026-35385Information published.MSRC.MICROSOFT.COM
7 Apr KEVAttackers Exploit Flowise Injection Vulnerability as 15,000+ Instances Remain ExposedA critical security flaw in Flowise, a popular open-source AI development platform, is currently being exploited in the wild. Tracked as CVE-2025-59528, this code injection vulnerability carries a maximum CVSS score of 10.0. It allows remote attackers to execute malicious code an…GBHACKERS.COM
7 AprDocker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host AccessA high-severity security vulnerability has been disclosed in Docker Engine that could permit an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The vulnerability, tracked as CVE-2026-34040 (CVSS score: 8.8), stems from an incomplete fix&nb…THEHACKERNEWS.COM
7 AprMax severity Flowise RCE vulnerability now exploited in attacksHackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for building custom LLM apps and agentic systems to execute arbitrary code. [...]BLEEPINGCOMPUTER.COM
7 AprFortinet releases emergency hotfix for FortiClient EMS zero-day flawHackers have been exploiting a critical vulnerability in FortiClient Endpoint Management Server (FortiClient EMS) since at least the end of March. Fortinet has published an advisory and released an emergency hotfix that can be applied to affected deployments until a patched versi…CSOONLINE.COM
6 Apr2,000+ FortiClient EMS Instances Exposed Online as Attackers Exploit Active RCE FlawCybersecurity researchers have issued an urgent warning for organizations using Fortinet’s FortiClient Enterprise Management Server (EMS). Over 2,000 instances of this critical administrative tool are currently exposed to the public internet. Threat actors are actively expl…GBHACKERS.COM
6 AprCritical Dgraph Database Flaw Allowed Attackers to Bypass AuthenticationA newly discovered critical vulnerability in the open-source Dgraph database system leaves servers exposed to complete system takeovers. Tracked as CVE-2026-34976 and carrying a maximum CVSS score of 10.0, this missing authorization flaw allows remote, unauthenticated attackers t…GBHACKERS.COM
6 Apr6 ways attackers abuse AI services to hack your businessAttackers are starting to exploit AI systems to mount attacks in the same way they once relied on built-in enterprise tools such as PowerShell. Instead of relying on malware, cybercriminals are increasingly abusing AI tools enterprises depend on — a trend some experts describe as…CSOONLINE.COM
6 AprNew multilingual severity classifiers for vulnerability analysissubmitted by cm0002 to cybersecurity 1 points | 0 comments https://www.vulnerability-lookup.org/2026/04/06/russian-severity-classifier/ 🚀 We’ve just published a new article introducing a Russian-language severity classifier, along with improved English and Chinese models for vuln…INFOSEC.PUB
6 Apr KEVIranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical InfrastructureAdvisory at a Glance Title Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure Original Publication April 7, 2026 Executive Summary Iran-affiliated advanced persistent threat (APT) actors are conducting exploitation activity ta…CISA.GOV
6 AprZDI-26-257: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigne…ZERODAYINITIATIVE.COM
6 AprZDI-26-256: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigne…ZERODAYINITIATIVE.COM
6 AprZDI-26-255: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigne…ZERODAYINITIATIVE.COM
6 AprZDI-26-254: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigne…ZERODAYINITIATIVE.COM
5 Apr KEVFortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMSFortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild. The vulnerability, tracked as CVE-2026-35616 (CVSS score: 9.1), has been described as a pre-authentication API access bypas…THEHACKERNEWS.COM
5 AprCVE-2026-35414Information published.MSRC.MICROSOFT.COM
5 AprCVE-2026-23442 ipv6: add NULL checks for idev in SRv6 pathsInformation published.MSRC.MICROSOFT.COM
5 AprCVE-2026-35535Information published.MSRC.MICROSOFT.COM
5 AprCVE-2026-34979 OpenPrinting CUPS: Heap overflow in `get_options()`Information published.MSRC.MICROSOFT.COM
5 AprHackers exploit React2Shell in automated credential theft campaignHackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell (CVE-2025-55182) in vulnerable Next.js apps. [...]BLEEPINGCOMPUTER.COM
⚠️ VULNERABILITY DISCLOSURE 2169[−]
3 JulTeams battles bots, Bioshocking AI browser guardrails, Fortibleed fuels ransomwareTeams cracks down on meeting bots, AI guardrails get bypassed, FortiBleed fuels ransomware, and Nissan confirms PeopleSoft breach Microsoft rolls out a new Teams admin policy, "Manage External Bots and Their Access to Meetings," to detect third‑party bots, hold them in the lobby …CYBERSECURITYTODAY.LIBSYN.COM
3 JulOrganizations struggle to prioritize known cyber risksOrganizations collect more cyber risk data than ever, with many still struggling to build a unified view of their exposure. The latest State of Threat Management report from Filigran found that security teams continue to work across disconnected tools, leaving important context s…HELPNETSECURITY.COM
3 JulCritical Cursor AI Code Editor Flaws Could Lead to OS-Level Remote Code ExecutionThe DuneSlide vulnerabilities enable zero-click prompt injection attacks that escape Cursor's sandbox and execute arbitrary code on the underlying operating system. The post Critical Cursor AI Code Editor Flaws Could Lead to OS-Level Remote Code Execution appeared first on Securi…SECURITYWEEK.COM
3 JulPamStealer Uses Fake Maccy Sites and PAM Checks to Steal Mac Login PasswordsCybersecurity researchers have flagged a new macOS information stealer called PamStealer that employs a series of clever tricks to infect systems and siphon sensitive data. The stealer, discovered by Jamf Threat Labs, is distributed as a compiled AppleScript (.scpt) file imperson…THEHACKERNEWS.COM
3 JulLaw enforcememt operation disrupted Malicious Residential Proxy Networks NetNutGoogle disrupted NetNut, a major proxy network that routed internet traffic through compromised home devices used by cybercriminals. Google has disrupted NetNut, one of the world’s largest residential proxy networks. The service routed internet traffic through home devices,…SECURITYAFFAIRS.COM
3 JulAgentic AI Used to Conduct Ransomware Attack via LangflowAttack demonstrates how LLM agents can combine known exploitation techniques with real-time reasoning to automate complex, multi-stage intrusions. The post Agentic AI Used to Conduct Ransomware Attack via Langflow appeared first on SecurityWeek .SECURITYWEEK.COM
3 JulFlock Cameras Can Surveil Cars Without License PlatesThis is from a 2024 company presentation : Officers can also tap into data showing a car’s decals, bumper stickers, back and top racks—along with temporary and unique state tags. Flock calls it a “Vehicle Fingerprint” and it’s touted as a way for law…SCHNEIER.COM
3 JulThe Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel IncidentVercel breach happened after an employee used an unvetted AI tool. Attackers exploited it as a trusted link to access systems, steal data, and extort $2M. The Vercel breach of April 2026 did not begin with a classic zero-day exploit, a misconfigured cloud bucket, or a sophisticat…SECURITYAFFAIRS.COM
3 JulJADEPUFFER: First End-to-End AI-Driven Ransomware OperationSysdig reports an AI agent ran a full ransomware attack end-to-end, exploiting flaws, stealing creds, moving laterally, and encrypting data without humans. Sysdig’s Threat Research Team has documented what it assesses to be the first ransomware operation driven end-to-end b…SECURITYAFFAIRS.COM
3 JulVerified X ad spreads Mac malware, while ConsentFix steals Microsoft accountsTwo new campaigns show how cybercriminals are increasingly relying on social engineering instead of software exploits to compromise devices and accounts.MALWAREBYTES.COM
3 JulHK: Shun Hing Group data breach affects 920,000 customers, 1.05m files encrypted in cyber attackErwin Wong reports: Shun Hing Group has confirmed that its computer systems were compromised by hackers in March, resulting in a significant data breach affecting customers and staff. Founded in 1953 by the late Dr William Mong, Shun Hing Group has grown into a leading and divers…DATABREACHES.NET
3 JulAdobe premieres a second Patch Tuesday each month to deliver fixes fasterAdobe will now issue security patches for its products twice as often to deal with the increasing pace of software vulnerability discovery and exploitation. This follows Oracle’s decision to increase its quarterly patch program to a monthly one. Adobe issues patches on the second…CSOONLINE.COM
3 JulEveryone Owns Security—Or Nobody DoesMany e-commerce sites rely on multiple third-party providers for hosting, application development, payment processing, JavaScript, and other core functions. That convenience creates a shared responsibility problem. When a vulnerability, outage, or compliance issue occurs, each ve…YOUTUBE.COM
3 JulMicrosoft 365 users fall victim to one-in-a-million password spray attackMicrosoft users have been hit by a massive, automated password spray attack. Among those targeted by the attack were clients of security company Huntress. It reported that the attackers made 81 million attempts to log into its customers’ accounts between June 12 and 26 — and succ…CSOONLINE.COM
3 JulIn Other News: Canadian Hacker Jailed, Open Source Zero-Days, Two Sentenced for ATM JackpottingNoteworthy stories that might have slipped under the radar: Anonymous-linked Canadian hacker jailed, researcher drops zero-days in open source projects, Venezuelans sentenced in the US over ATM jackpotting. The post In Other News: Canadian Hacker Jailed, Open Source Zero-Days, Tw…SECURITYWEEK.COM
2 JulUnpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes ClustersArgo CD, a widely used tool for deploying software to Kubernetes, has an unpatched flaw in its repo-server component that lets an unauthenticated attacker run code, provided they can reach the component's internal network port. Synacktiv, which found the bug, says it can lead to …THEHACKERNEWS.COM
2 JulGitHub’s new tool helps prevent costly open-source license violationsGitHub’s Open Source Program Office (OSPO) uses the new GitHub License Compliance feature, now in public preview, to manage thousands of open-source dependencies and identify dependencies whose licenses require review. The feature is available to GitHub Advanced Security cu…HELPNETSECURITY.COM
2 JulDrawing a digital line for geofencing.This week, Dave and Ben take a look at the Supreme Court's recent ruling that has significantly changed how the law enforcement must approach collecting user location data. Alongside this conversation, Ben also sits down with former Congressman and current President of Americans …THECYBERWIRE.COM
2 JulWhat the AI patch gap means for enterprise securityOpen-source maintainers are receiving more vulnerability reports than they can act on, and a rising share now comes from an AI system working at machine speed. Over roughly two months this spring, Anthropic’s Claude Mythos Preview combed through more than 23,000 open-source…HELPNETSECURITY.COM
2 JulNew ChocoPoC RAT Targets Vulnerability Researchers via Fake PoC Exploit ReposAttackers are hiding a data-stealing trojan inside fake exploit code aimed at the people who hunt bugs for a living. The malware, called ChocoPoC, travels in Python proof-of-concept (PoC) repositories on GitHub that claim to exploit hot new CVEs. Run one, and it quietly lifts you…THEHACKERNEWS.COM
2 JulExploring cross-domain & cross-forest RBCD: part 2Kerberos delegation capabilities in Linux-based tooling have been extended to allow impersonating any user within a forest. This assumed identity can then be leveraged to access resources across any domain within that forest, or even in a remote forest, provided that a trust rela…SYNACKTIV.COM
2 JulAI Agent Exploits Langflow RCE to Automate Database Ransomware AttackSecurity firm Sysdig says it has found what it believes is the first ransomware attack run from start to finish by an AI agent. Its Threat Research Team calls the operator JADEPUFFER and says a large language model handled the whole job: breaking in, stealing credential…THEHACKERNEWS.COM
2 JulAdobe fixed multiple maximum-severity flaws in ColdFusion and Campaign ClassicAdobe fixed multiple critical flaws, including max severity bugs in ColdFusion and Campaign Classic that could lead to remote code execution Adobe has released security updates for ColdFusion and Campaign Classic, fixing multiple critical vulnerabilities, including seven maximum-…SECURITYAFFAIRS.COM
2 JulArgo CD flaw shows why GitOps infrastructure should be treated as tier zeroA newly disclosed vulnerability in Argo CD is drawing attention to the security risks of GitOps platforms, with researchers warning that the flaw could allow attackers who gain a foothold inside a Kubernetes cluster to execute code and manipulate application deployments. Security…CSOONLINE.COM
2 JulField reports from Patch the PlanetWe’re running Patch the Planet , an ongoing collaboration with OpenAI that pairs Trail of Bits engineers directly with more than 30 open-source projects. Its goal is to front-run a serious problem facing open-source maintainers: highly capable models like GPT-5.5-Cyber will soon …TRAILOFBITS.COM
2 Jul KEVCISA: Microsoft SharePoint RCE flaw now actively exploitedCISA warned on Wednesday that attackers have begun exploiting a high-severity Microsoft SharePoint remote code execution vulnerability patched in May. [...]BLEEPINGCOMPUTER.COM
2 JulCisco Confirms In-the-Wild Exploitation of Unified CM VulnerabilityA PoC exploit has been available since public disclosure, and the first exploitation attempts were observed last week. The post Cisco Confirms In-the-Wild Exploitation of Unified CM Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
2 JulCisco finally confirms attackers exploiting Unified CM flawCisco confirmed that attackers are now exploiting a Unified Communications Manager (Unified CM) vulnerability patched in early June. [...]BLEEPINGCOMPUTER.COM
2 JulResearcher Behind 'Exploitarium' Explains Release of Undisclosed Zero-Day ExploitsInfosecurity spoke with the researcher who dumped over 30 proof-of-concept exploits without disclosing the vulnerabilities firstINFOSECURITY-MAGAZINE.COM
2 JulAnthropic's AI Finds Bugs. IBM Bets $5B It Can Fix Them.IBM and Red Hat assign 20,000 engineers to the new Project Lightwell service as Anthropic's Mythos findings ignite debate over how to secure the open-source software supply chain.DARKREADING.COM
2 JulNew iboss platform gives organizations instant visibility into AI tools and usageiboss has launched the AI Security Platform, a new service that gives any organization visibility into the AI tools its people are using, free of charge. Signup is instant, deployment takes an afternoon, and a complete AI footprint appears within hours. Organizations that want to…HELPNETSECURITY.COM
2 JulNew CitrixBleed Vulnerability Exploited Immediately After Public DisclosureHackers are targeting NetScaler appliances using public PoC code to retrieve arbitrary memory content in the HTTP response. The post New CitrixBleed Vulnerability Exploited Immediately After Public Disclosure appeared first on SecurityWeek .SECURITYWEEK.COM
2 JulFormalizing Red Teaming Offensive Methodology as a Multi-Agent AI ArchitectureThreat actors are integrating AI into their exploit chains, accelerating reconnaissance, automating vulnerability discovery, and scaling social engineering in ways that compress the timeline between initial access and impact. The barrier to sophisticated offensive operations is d…RAPID7.COM
2 JulCisco confirms exploitation of critical Unified CM flaw.DHS investigates hack of information-sharing network. Suspected Scattered Spider member extradited to the US.THECYBERWIRE.COM
2 JulFortiBleed campaign traced to INC and Lynx ransomware operationsResearchers are also investigating the role of a suspected zero-day vulnerability.CYBERSECURITYDIVE.COM
2 JulApple’s Hide My Email doesn&#8217;t hide it very wellA year ago a researcher found a vulnerability in Apple's Hide My Email feature and now he's tired of waiting for a fix.MALWAREBYTES.COM
2 JulFrom Cloud to Chaos: Defining Shared Responsibility for AI SecurityFor 15 years (!), many of us who have touched cloud security have struggled with the shared responsibility model for cloud security. As with many “cyber things,” the theory is simple. Multiple vendors, consulting firms, and industry bodies have published deceptively clear matrice…MEDIUM.COM
2 JulCatan and MouseWhat do board games and cybersecurity have in common? Pattern recognition. Strategy. Adaptation. In this week’s Threat Source Bill explores why curiosity may be a defender’s most valuable skill.TALOSINTELLIGENCE.COM
2 JulApple Reverses Age-Old Patch Policy to Keep Up With AIExpect more compressed patching cycles from Apple going forward, as attackers leverage artificial intelligence to reduce time to exploit.DARKREADING.COM
2 JulFortiBleed Actors Collaborating With Inc, Lynx Ransomware GangsAfter gaining a foothold in thousands of Fortinet firewalls, the attackers are starting to monetize that access, and are also piling on a Nextcloud zero-day bug.DARKREADING.COM
2 JulGlobal Schools Holdings Cites Two Injunctions in a Bid to Chill Our Reporting. It Won’t Work.My About page is pretty clear about legal threats: If you want to send me legal threats about my reporting or comments, knock yourself out, but don’t be surprised to see me report on your threat, any confidentiality sig blocks you may attach notwithstanding. I have been threatene…DATABREACHES.NET
2 JulThe people's AI?OpenAI considers an equity plan to share AI wealth with the public. Cisco confirms active exploitation of its unified CM platform. Researchers discover autonomous ransomware. The Vect ransomware operation partners with TeamPCP. The FortiBleed credential-harvesting campaign is lin…THECYBERWIRE.COM
2 JulLaunch of UK's National Cyber Action Plan delayed amid Labour leadership crisisThe plan had been due for publication on Monday, the sources said. It has been postponed amid the uncertainty over the governing Labour Party’s leadership contest, which opens July 9.THERECORD.MEDIA
2 JulLinux Tech Segment & Vulnerabilities Galore - PSW #933This week we have a technical segment based on the response to "Atomic Arch", an updated open-source tool to help you catch malicious packages. In the security news: - Exploitarium - A hot messy summer of vulnerabilities - AI Squatting - Linux LPE - no shortage of those - Fingerp…YOUTUBE.COM
2 JulDefense Gap in AI Security RaceAI is improving offensive security capabilities like vulnerability discovery and exploit generation at a rapid pace. Offensive work can tolerate high error rates, since only occasional success is needed. Defensive security cannot operate that way—detection, patching, and response…YOUTUBE.COM
1 JulPhantom Squatting: AI-Hallucinated Domains as a Software Supply Chain VectorAttackers can exploit LLM domain hallucinations through phantom squatting to target supply chains. Read the analysis to learn more. The post Phantom Squatting: AI-Hallucinated Domains as a Software Supply Chain Vector appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
1 JulMicrosoft wants to stop unwanted bots from entering Teams meetingsA new Microsoft Teams admin policy, Manage external bots and their access to meetings, gives organizations greater visibility and control over external bots in meetings. The policy identifies bots and applies safeguards before they are admitted. Microsoft will begin retiring the …HELPNETSECURITY.COM
1 Jul KEVDetection engineering: A programmatic approach to identifying cyber threatsDetection engineering, which was once a niche practice among mostly large companies, appears to have evolved into a capability that organizations across industries now consider essential to their security operations. What is detection engineering? Detection engineering is about c…CSOONLINE.COM
1 JulNika: Open-source code analysis toolMany serious security bugs in web applications sit across several files at once. Request data enters through a controller, moves through data objects and service layers, and turns dangerous only when it reaches a sensitive operation such as a database query or a file action. A sc…HELPNETSECURITY.COM
1 JulRisky Bulletin: Researcher drops giant cache of zero-daysAn anonymous researcher has dropped a giant cache of zero-day exploits, a sensitive DHS network got hacked, the US Supreme Court restricts geofence warrants, and security firm Huntress has denied accusations of a malicious insider.RISKY.BIZ
1 JulAnthropic Restores Claude Fable 5 After U.S. Lifts Jailbreak-Linked Export ControlsAnthropic is putting Claude Fable 5 back online worldwide. On June 30, the U.S. Commerce Department lifted the export controls it had imposed on Fable and its more tightly controlled sibling Mythos 5 about two and a half weeks earlier. Fable 5 returns to users on Wednesday, …THEHACKERNEWS.COM
1 JulCasey Ellis on How AI Is Reshaping Vulnerability Research and PatchingIn this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠⁠Sherrod DeGrippo⁠ sits down with Casey Ellis, founder of Bugcrowd and co-founder of disclose.io, to explore how AI is reshaping vulnerability research, bug bounty programs, and the future of cyber defense. The…THECYBERWIRE.COM
1 JulClaude Sonnet 5 includes safeguards against dangerous cyber useAnthropic has introduced Claude Sonnet 5, the latest version of its general-purpose AI model, with improved reasoning, coding, tool use, and knowledge work capabilities. The model can make plans, use tools such as browsers and terminals, and complete tasks autonomously. Scores fo…HELPNETSECURITY.COM
1 JulPerformance Through People as Executives Struggle and Mentorship Matters - Greg Hoffman - BSW #454One of the biggest questions most executives ask is "Why does it still feel this hard when the talent is clearly there?" The answer, in almost every case, is not a people problem. It is an environment problem. And environment is something a leader can build. Greg Hoffman, Preside…YOUTUBE.COM
1 JulClaude Helped a Hacker Find a Way to Issue Tickets to Almost Every US Music FestivalA researcher found that using Anthropic’s Claude Opus 4.7, he could break into the website of Front Gate—used by every festival from Lollapalooza to Bonnaroo—and freely issue any ticket he chose.WIRED.COM
1 JulGuardFall Flaw Hits 10 of 11 Popular Open-Source AI AgentsResearchers found a shell injection flaw in 10 of 11 popular open-source AI agents, allowing attackers to bypass command filters. Adversa AI just published a survey, titled “GuardFall: a universal shell injection vulnerability in open-source AI agents,” of eleven open…SECURITYAFFAIRS.COM
1 JulNetzilo adds runtime governance for AI agents across major platformsNetzilo has announced expanded AI agent governance and runtime enforcement capabilities for Amazon Bedrock AgentCore and other major AI agent harnesses. As enterprises move AI agents from experimentation into production, agents are becoming a new enterprise edge. They operate acr…HELPNETSECURITY.COM
1 JulIntruder offers Free security plan for lean IT and security teamsIntruder has announced the launch of its Free plan, providing security, IT, and DevOps teams ongoing access to professional-grade vulnerability management, cloud security, and attack surface management at no cost. Smaller organizations face the same threats as Fortune 500 compani…HELPNETSECURITY.COM
1 JulRustDuck: The Botnet That’s Still Small but Engineering Like It Plans to GrowRustDuck is a small, evolving DDoS botnet migrating to Rust. It uses advanced encryption, anti-analysis evasion, and exploits known IoT flaws. Since February 2026, researchers at QiAnXin’s XLab have been tracking a new malware family, called RustDuck, that hijacks routers, …SECURITYAFFAIRS.COM
1 JulOver 900 Oracle E-Business instances exposed to ongoing attacksOver 900 Oracle E-Business Suite (EBS) instances have been found exposed online amid ongoing attacks exploiting a critical security flaw. [...]BLEEPINGCOMPUTER.COM
1 JulBioShocking: when “gaming” AI agents is no longer a gameResearchers warned AI vendors about a proof-of-concept called BioShiocking that tricks agents by gamifying the outcome.MALWAREBYTES.COM
1 JulU.S. lifting export control restrictions on Anthropic’s Mythos, FableThe company and the Commerce Department say they have reached an agreement that will see the AI models released publicly with new guardrails and classifiers. The post U.S. lifting export control restrictions on Anthropic’s Mythos, Fable appeared first on CyberScoop .CYBERSCOOP.COM
1 JulCaught in the Octopus Trap: Unauthenticated RCE in Argo CD with CodeQLSynacktiv has discovered an unauthenticated arbitrary code execution vulnerability in ArgoCD's repo-server component, potentially allowing full cluster compromise. This article explains how the vulnerability was identified using CodeQL, details the exploitation process to gain co…SYNACKTIV.COM
1 JulAdobe Patches 7 CVSS 10.0 Flaws in ColdFusion and Campaign ClassicAdobe has released patches for multiple maximum-severity security flaws impacting Adobe ColdFusion and Adobe Campaign Classic. The ColdFusion updates "resolves critical and important vulnerabilities that could lead to arbitrary code execution, privilege escalation, arbitrary file…THEHACKERNEWS.COM
1 JulCritical flaw in Oracle E-Business Suite is under immediate threatResearchers warn that successful exploitation of the vulnerability could allow an attacker to compromise Oracle Payments.CYBERSECURITYDIVE.COM
1 Jul5 Myths About AI in the SOC Security Teams Need to RethinkAI is now part of almost every conversation in security operations. Most teams are already investing in it, experimenting with it, or trying to understand where it fits. The challenge is not whether to adopt AI, but how to apply it in a way that actually improves outcomes. At the…RAPID7.COM
1 JulWebinar: Why traditional email security is no longer enoughModern phishing, business email compromise, and account takeover attacks increasingly exploit trusted identities and legitimate business workflows, making them harder for traditional email defenses to detect. This webinar explores how behavioral AI can help organizations automate…BLEEPINGCOMPUTER.COM
1 JulResearchers spot exploitation of another critical Oracle defectThe defect impacts a popular collection of business applications that attackers have hit before in widespread attack sprees. The post Researchers spot exploitation of another critical Oracle defect appeared first on CyberScoop .CYBERSCOOP.COM
1 JulThe AI lock comes off.The US restores exports of Anthropic’s most advanced AI models. Adobe and Citrix rush out critical patches. RustDuck emerges as a fast-evolving DDoS threat. The Gentlemen raise the stakes with a new EDR-killing exploit. Rocket lab bets big on Iridium. Researchers unveil browser-o…THECYBERWIRE.COM
1 JulNew ChocoPoC malware targets researchers via trojanized PoC exploitsMultiple weaponized proof-of-concept (PoC) exploits on GitHub were found delivering a Python-based remote access trojan (RAT) named ChocoPoC that can execute commands and steal sensitive data in a campaign believed to target cybersecurity researchers. [...]BLEEPINGCOMPUTER.COM
1 JulOONI: LaLiga piracy blocks disrupted over 500,000 legitimate sitesThe Open Observatory of Network Interference (OONI) reports that Spain's IP-based anti-piracy blocking campaign against unauthorized LaLiga streams caused widespread collateral damage. Specifically, the actions have temporarily disrupted access to more than half a million legitim…CYBERINSIDER.COM
1 JulKubota says hackers had month-long access to network systemsKubota North America Corporation disclosed that hackers had access to some of its network systems for more than a month earlier this year. [...]BLEEPINGCOMPUTER.COM
30 JunMalicious Perplexity Chrome Extension Intercepted Searches and Address Bar InputMicrosoft has found a malicious Chrome extension that posed as the AI search engine Perplexity and quietly logged what people searched for. It routed every query and every character typed into the address bar through an attacker-controlled server before redirecting users to real …THEHACKERNEWS.COM
30 JunCybersecurity jobs available right now: June 30, 2026AI Offensive Security Engineer AGAPI | UAE | On-site – View job details As an AI Offensive Security Engineer, you will leverage AI and LLMs to accelerate offensive security research, exploit development, vulnerability discovery, and security automation. You will v…HELPNETSECURITY.COM
30 JunVulnerability reports are arriving faster than GitHub can review themAcross the open source world, people are reporting software flaws in record numbers, and the systems built to verify those reports are straining under the weight. The GitHub Advisory Database, which feeds automated security alerts to millions of projects, has reached a point wher…HELPNETSECURITY.COM
30 JunHottest cybersecurity open-source tools of the month: June 2026Presented here is a curated selection of noteworthy open-source cybersecurity solutions that have drawn recognition for their ability to enhance security postures across diverse settings. OWASP Agent Memory Guard: Stop AI agents from being weaponized through their own memory AI a…HELPNETSECURITY.COM
30 JunOpenClaw for iOS: The viral open-source AI agent comes to iPhone and iPadOpenClaw, a self-hosted personal AI assistant that connects to existing chat apps, is now available on iPhone, iPad and Apple Watch. The release brings chat, real-time voice conversations, approvals, device capabilities, and private automations to iOS. Connecting OpenClaw to iPho…HELPNETSECURITY.COM
30 JunReducing Attack Surface & Evaluating Efficiency in Agents - ASW #389SquidBleed reveals another vuln that's been lurking for decades, but its real lesson is in managing an attack surface. Regardless of whatever programming language you use, removing code is one of the best security steps you can take, followed by changing default configs to turn o…YOUTUBE.COM
30 JunHow ransomware syndicates weaponize corporate-style organizationFrom outsourced labor to tiered pricing models, an inside look at how today's top ransomware threats operate less like rogue hackers and more like Fortune 500 companies. The post How ransomware syndicates weaponize corporate-style organization appeared first on CyberScoop .CYBERSCOOP.COM
30 JunCISA: Windows BlueHammer flaw now exploited by ransomware gangsCISA confirmed on Monday that ransomware gangs are now exploiting a Microsoft Defender privilege escalation vulnerability, dubbed BlueHammer, that has previously been abused in zero-day attacks. [...]BLEEPINGCOMPUTER.COM
30 JunCritical SimpleHelp Vulnerability Exploited for Malware DeliveryThe threat actor is focused on collecting credentials, SSH keys, cryptocurrency wallets, and development tooling. The post Critical SimpleHelp Vulnerability Exploited for Malware Delivery appeared first on SecurityWeek .SECURITYWEEK.COM
30 JunShipping post-quantum cryptography to PythonPost-quantum cryptography is now one pip-install away for the entire Python ecosystem. With funding from the Sovereign Tech Agency , we implemented support for ML-KEM, the NIST-standard key-establishment primitive, and ML-DSA, the NIST-standard digital-signature primitive, in pyc…TRAILOFBITS.COM
30 JunCloser than Cuba: the Able Archer Nuclear Crisis of 1983It's November of 1983, the closest the world came to nuclear war, some may argue even closer than the Cuban Missile Crisis of 1962. Yet the Able Archer 1983 exercise incident is relatively unknown by comparison. A series of events that started with the Soviet shootdown of a Korea…THECYBERWIRE.COM
30 JunMalicious Chromium extension spoofs Perplexity AI to hijack browser searchesGoogle has removed a malicious browser extension masquerading as Perplexity AI after Microsoft researchers found it was intercepting users’ search traffic and routing queries through attacker-controlled servers before forwarding them to legitimate search engines. Microsoft Threat…CSOONLINE.COM
30 JunInsurance giant Aflac discloses data breach after subsidiary hackAmerican insurance giant Aflac has disclosed a new data breach after attackers breached its Japan subsidiary's systems and stole personal and bank account information. [...]BLEEPINGCOMPUTER.COM
30 JunHacker Conversations: Chris Thompson, Former Head of IBM X-Force Red, Co-Founder of RemoteThreatChris Thompson's journey took him from hacking game controls as a teenager to founding IBM’s X-Force Red team. The post Hacker Conversations: Chris Thompson, Former Head of IBM X-Force Red, Co-Founder of RemoteThreat appeared first on SecurityWeek .SECURITYWEEK.COM
30 JunExploitation of Recent Oracle E-Business Suite Vulnerability BeginsThe critical-severity defect allows unauthenticated attackers to take over the E-Business Suite’s Payments product. The post Exploitation of Recent Oracle E-Business Suite Vulnerability Begins appeared first on SecurityWeek .SECURITYWEEK.COM
30 JunDecades-Old Bash Tricks Expose AI Coding Agents to Supply Chain AttacksDecades-old Bash shell tricks can bypass safeguards in most open source AI coding agents, potentially turning malicious repositories into supply chain attack vectors. The post Decades-Old Bash Tricks Expose AI Coding Agents to Supply Chain Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
30 JunAikido Security acquires Root to expand backported fixes for open source vulnerabilitiesAikido Security has acquired Root, uniting behind a shared mission to make it easy for developers and agents to build with secure open source and tackle the growing threat of supply chain attacks. Open source is the foundation of almost every application in the world, and it has …HELPNETSECURITY.COM
30 JunJamf enables AI Governance and shadow AI detection on MacJamf has announced general availability of AI Governance, a new capability within Jamf for Mac that enables IT and security teams to discover actively-used AI tools, enforce policy controls, and generate audit-ready reporting. Many organizations struggle to confidently audit and …HELPNETSECURITY.COM
30 JunInsurance giant Aflac discloses data breach at Japan subsidiarySergiu Gatlan reports: American insurance giant Aflac has disclosed a new data breach after attackers breached its Japan subsidiary’s systems and stole personal and bank account information. Aflac (short for American Family Life Assurance Company) is a Fortune 500 company a…DATABREACHES.NET
30 JunGuardFall Exposes Open-Source AI Coding Agents to Decades-Old Shell Injection RisksThe safety check that is supposed to stop an AI coding agent from running a dangerous command can be walked straight past using a shell trick that has been public for decades. New research from Adversa AI, which is named the bypass GuardFall, found it works against ten of th…THEHACKERNEWS.COM
30 Jun KEVUS Supreme Court rules that geofence searches generally require warrants.Maximum-severity SimpleHelp flaw is now actively exploited. US government offers $10 million reward for info on Russian state-backed hackers.THECYBERWIRE.COM
30 JunCritical flaw in SimpleHelp exploited in attacks targeting sensitive credentialsResearchers found two previously undisclosed malware samples used to steal AI assistant tokens and other valuable secrets.CYBERSECURITYDIVE.COM
30 JunNissan Discloses Employee Data Breach Linked to Oracle Zero-DayNissan says employees' data was stolen via the Oracle PeopleSoft zero-day campaignINFOSECURITY-MAGAZINE.COM
30 JunCritical SimpleHelp Vulnerability Exploited For Malware DeliveryAttackers exploited a critical SimpleHelp RMM bug to deploy TaskWeaver and Djinn Stealer malwareINFOSECURITY-MAGAZINE.COM
30 JunFake Perplexity extension on Chrome Web Store tracked searchesA malicious extension in the Chrome Web Store is masquerading as the Perplexity AI answer engine, intercepting search traffic and collecting browsing information. [...]BLEEPINGCOMPUTER.COM
30 JunThe Human Element: Building A Trusted Workforce in the Age of DPRK Employment FraudFrom Nisos: Earlier this year, our DPRK employment fraud investigation revealed how North Korean operatives infiltrate US companies at industrial scale. In June, we released Part 2 of our research, featured on Nicole Perlroth’s “To Catch a Thief” podcast, that t…DATABREACHES.NET
30 JunThe Fall of XSS Forum: From DaMaGeLaB to the 2025 takedownRansomnews has published a history and analysis of XSS Forum from its inception to its seizure in 2025. There is so much that is interesting and informative in their report that it’s hard to know what to mention here, but here are just two portions below: As an overview: XS…DATABREACHES.NET
30 JunHackers Steal Data of 4.38 Million Aflac Japan CustomersHackers stole data from 4.38 million Aflac Japan customers after accessing its systems for 10 days before the breach was detected. Aflac Japan disclosed that hackers stole the personal information of 4.38 million customers and agents after gaining access to its systems between Ju…SECURITYAFFAIRS.COM
30 JunKaspersky Lab experts have discovered a new attack vector and toolkit for compromising corporate Gmail accountsKaspersky Labs writes: It is used by the ToddyCat group. Kaspersky Lab experts have discovered a new attack vector and toolkit for compromising corporate Gmail accounts. Using this toolkit, attackers can access user accounts via an API, read conversations, and harvest data from c…DATABREACHES.NET
30 Jun KEVAnton’s Security Blog Quarterly Q2 2026My Anton’s Security Blog Quarterly covers both Anton on Security and my posts from Google Cloud blog , Google Cloud community blog , and our Cloud Security Podcast ( subscribe on Spotify, now with VIDEO ). Top 10 posts with the most lifetime views (excluding paper announcement bl…MEDIUM.COM
30 JunThe court draws a privacy line.The Supreme Court limits geofence warrants. DHS moves to expand CISA. The State Department offers $10 million for Russian hackers. A legal theory could reshape EU-U.S. data sharing. Plus, cyberattacks hit D.C. housing, Oracle and SimpleHelp flaws face active exploitation, malware…THECYBERWIRE.COM
30 JunScammers race to cash in on Venezuelan earthquake disasterScammers wasted no time exploiting Venezuela's devastating earthquake, with researchers uncovering 212 newly-registered relief-themed domains in just five days. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
30 JunFake Bug Report Hijacks AI Coding Agents at Scale"Agentjacking" is the latest demonstration of how easily attackers can exploit an AI agent's inability to differentiate between content and instructions.DARKREADING.COM
30 JunUK journalists and NGOs risk terrorism prosecutions under new security billMEE reports: New national security legislation being rushed through the UK’s parliament could criminalise British foreign correspondents and NGO workers engaging with designated state-backed groups, experts warn. The National Security (State Threats) Bill, which is moving t…DATABREACHES.NET
30 JunThe Green Shirt AI JailbreakAn LLM refused a request until the prompt included fabricated internal reasoning claiming the action was acceptable because of a "green shirt." The model then complied, illustrating how prompt-based attacks can bypass intended restrictions. Unlike traditional software exploits, m…YOUTUBE.COM
30 JunUS Supreme Court limits police access to people’s location historyThe US Supreme Court has ruled that law enforcement's acquisition of historical location data through geofence warrants constitutes a Fourth Amendment search, marking a major victory for digital privacy. While the Court stopped short of declaring geofence warrants unconstitutiona…CYBERINSIDER.COM
30 JunAnthropic to restore Claude Fable access on WednesdayAnthropic has confirmed that the Department of Commerce has lifted export controls on Claude's two most powerful models, Fable 5 and Mythos 5. [...]BLEEPINGCOMPUTER.COM
30 JunXSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’tPolice arrested the alleged admin of XSS.is, a major cybercrime forum whose trusted escrow service helped power the underground economy. On 22 July 2025, French and Ukrainian police arrested a 38-year-old man in Kyiv and shut down XSS.is, the most influential Russian-language cyb…SECURITYAFFAIRS.COM
30 Jun KEVSN 1085: A SOTA State-Sponsored Campaign - AI's New Superpower: Loop EngineeringAI is now uncovering and fixing thousands of hidden software bugs faster than humans can keep up, but not everyone is playing by the rules. Find out how state-sponsored attackers and careless disclosures are turning the cybersecurity playbook upside down. Win10's popularity force…TWIT.TV
29 JunSponsored: Corelight’s blueprint for AI-era defenceIn this sponsored interview James Wilson chats with Corelight’s VP of Product Vijit Nair about defence strategies for the AI era. When agents can find and exploit vulnerabilities at machine speed, you need to balance between proactive and reactive measures. On the proactive side,…RISKY.BIZ
29 JunUS Restricts Frontier AI modelsUS Loosens Anthropic Claude Mythos Access, Unpatchable iPhone Exploit Emerges, and CISO Burnout Drives Fractional Shift Washington granted a partial reprieve allowing Anthropic's Claude Mythos to be released to more than 100 approved U.S. firms and institutions after export contr…CYBERSECURITYTODAY.LIBSYN.COM
29 JunDarkMoon: Open-source AI pentesting platformPenetration testing has long run on expert time, with specialists spending days probing a network or web application by hand. Manual engagements stretch across weeks, expert consultants run into thousands of dollars a day, and results vary with the tester. Automation promises to …HELPNETSECURITY.COM
29 JunFrom mythos to reality: Why the 2026 state of pentesting report proves the need for programmatic defensesAI can find zero-days in minutes. Your defense strategy must evolve now.CYBERSECURITYDIVE.COM
29 JunFixing pentesting, Meta is destroying its engineering org, the weekly news - ESW #465Interview with Adriel Desautels - the pentest is broken Adriel joins us for a discussion on the state of penetration testing, why it hasn't done much to help security teams over the last 20 years, and why AI won't save it. Segment Resources: - https://hbr.org/2026/04/boards-are-f…YOUTUBE.COM
29 JunUS Federal Insurance Regulator Confirms Data Breach Via Oracle FlawAn attacker has exploited a zero day in Oracle Peoplesoft to gain access to the IT systems of the NAIC, the standard-setting association for the US federal insurance systemINFOSECURITY-MAGAZINE.COM
29 JunRobot Police OfficersWe’ve taken one small step towards robot police officers: a drone capable of disarming a suspect: In a June 22 video posted on the Sacramento County Sheriff’s Office’s Instagram page, an officer wearing goggles can be seen operating a drone to retrieve a knife from an armed…SCHNEIER.COM
29 JunMozilla warns of indirect prompt injection risk in AI coding agentsA malicious GitHub repository can silently compromise a developer’s machine without containing a single line of malicious code, security researchers at Mozilla’s Zero Day Investigative Network (0DIN) warned. The attack The proof-of-concept attack targets AI-powered co…HELPNETSECURITY.COM
29 Jun‘DirtyClone’ Linux Kernel Vulnerability Leads to Root AccessA variant of DirtyFrag, the flaw allows unprivileged local users to manipulate the Linux page cache and gain root privileges. The post ‘DirtyClone’ Linux Kernel Vulnerability Leads to Root Access appeared first on SecurityWeek .SECURITYWEEK.COM
29 JunThe Red Agent POV: Exploiting Broken Object-Level Authorization in an Airline GraphQL APIPart 2: How the Red Agent bypassed backend resolvers to expose an entire airline booking database in fifteen minutesWIZ.IO
29 Jun236,000 DCloud Uni-App Sites Used in Crypto Scams, Phishing, and Wallet DrainersNew findings unearthed by Infoblox show that more than 236,000 websites are using investment scam templates built using a legitimate Chinese open-source, cross-platform application development framework called DCloud Uni-App. The templates power bogus cryptocurrency exchanges, mu…THEHACKERNEWS.COM
29 JunCharting your way in: Helm template injectionDuring the audit of a Kubernetes cluster, we encountered an injection in a Helm template applied through ArgoCD. To our surprise, very few resources exist regarding YAML injection in vulnerable Helm templates. In this blog post, we will explore this kind of vulnerability and how …SYNACKTIV.COM
29 JunUK businesses fear stigma of ransomwareAlex Scroxton reports: Fear of stigmatisation is likely leading businesses across the UK to drastically underreport data on ransomware attacks, especially when they have paid a ransom to a cyber criminal gang, as admission of such is often seen as supporting further criminal acti…DATABREACHES.NET
29 JunCentral Bank of Libya investigates alleged data leak after cyberattackSafaAlharathy reports: Libya’s central bank (CBL) says it is investigating data published on the dark web following a recent cyberattack. In a statement, the bank said its technical teams, working with international experts, were analysing the data to determine its nature and whe…DATABREACHES.NET
29 JunZA: Copying the wrong person on an email could be considered a data breach in South AfricaJan Vermeulen reports: Misdirected internal emails that expose personal information can trigger mandatory data breach reporting under South Africa’s data privacy law, POPIA, even when the disclosure was accidental. Armand Swart, Hlonelwa Lutuli, and Isabella Keeves from Werksmans…DATABREACHES.NET
29 JunOne Honeypot Ends the AttackMany attackers spend their first moments inside a compromised network performing discovery. According to this red team perspective, a properly deployed honeypot or canary token can immediately reveal that activity. That means organizations don't always have to catch every exploit…YOUTUBE.COM
29 JunFactoring RSA Keys with Many ZerosInteresting research on a new class of weak RSA keys: keys with lots of zeros. It turns out that these keys are out in the wild. The badkeys project is an open-source service that checks public keys for known vulnerabilities. While developing this tool, Hanno collected a massive …SCHNEIER.COM
29 JunInside the Advisory Database and what happens when vulnerability volume breaks recordsThe GitHub Advisory Database is processing more vulnerability reports than ever before. Here's what's driving the surge, how we're responding, and how the community can help. The post Inside the Advisory Database and what happens when vulnerability volume breaks records appeared …GITHUB.BLOG
29 JunUS racks up about 400 wins over illegal World Cup streaming sitesThe World Cup’s organizing body, FIFA, helped identify hundreds of domains taken down in an action organized by the U.S., along with the help of U.S. broadcaster NBC Universal and other entities.THERECORD.MEDIA
29 JunNissan hit by Oracle PeopleSoft cyberattack exposing internal dataNissan North America has informed employees that a cyberattack targeting Oracle PeopleSoft systems exposed sensitive personnel records, making the automaker one of the latest known victims linked to a broader campaign exploiting a critical vulnerability in the widely used HR plat…CYBERINSIDER.COM
29 JunNI: Updated warning to parents over schools cyber attackNiall Glynn and Auryn Cox report: The number of schools in Northern Ireland affected by a recent cyber-attack is larger than previously thought. In a letter issued by the Education Authority (EA) on Thursday, some parents were warned that their child’s personal data may hav…DATABREACHES.NET
29 JunMOVEit Breach Defendants Lose 2nd Bid to Toss Negligence ClaimsChristopher Brown reports: Bellwether defendants in multi-district litigation over a massive data breach of Progress Software’s MOVEit file-transfer application failed to convince a federal court to toss negligence claims against them under the laws of California, Indiana, Michig…DATABREACHES.NET
29 JunAI behind the velvet rope.The White House keeps frontier AI models on a short leash. Russian threat actors increasingly target secure messaging platforms. DirtyClone is a high-severity Linux kernel privilege escalation flaw. An investigation claims federal websites are violating privacy rules. Microsoft d…THECYBERWIRE.COM
29 JunNissan discloses employee data breach linked to Oracle zero-day attacksNissan is warning that it suffered a data breach affecting current and former employees after threat actors exploited an Oracle PeopleSoft vulnerability in data theft attacks previously linked to the ShinyHunters extortion group. [...]BLEEPINGCOMPUTER.COM
29 JunNAIC says public data stolen in ShinyHunters' PeopleSoft breachThe National Association of Insurance Commissioners (NAIC) says the ShinyHunters extortion group stole only publicly available data, outdated logs, and configuration files after breaching its systems by exploiting a zero-day vulnerability in an Oracle PeopleSoft server. [...]BLEEPINGCOMPUTER.COM
29 JunStop Building a 2003 SOC with AI: A Modern People & Process Framework (Part 1)One particular aspect of an agentic or AI-powered SOC (but NOT “humanless SOC ”) has bothered me over the last few months: specifically, the people and process side of such a SOC. If you recall my blog posts ( part 1 , part 2 and this video ) about AI SOC readiness, I hinted at c…MEDIUM.COM
29 JunVulnerabilities Expose Private Data in Indian Government SystemsOne critical vulnerability, among many discovered by a researcher, could have allowed anyone to walk in and take over a national government portal.DARKREADING.COM
29 JunEXCLUSIVE: Top-100 Law Firm Fox Rothschild Suffers Data Breach and Leak by Silent Ransom GroupFox Rothschild is a top-100 law firm whose articles and resources have been cited on DataBreaches.net and PogoWasRight.org dozens of times over the years. This time, however, they are the subject of a post because they were victims of a data breach by a well-known group that targ…DATABREACHES.NET
28 JunWeek in review: Fortibleed campaign’s impact on orgs, Cisco Unified CM flaw exploitedHere’s an overview of some of last week’s most interesting news, articles, interviews and videos: Encrypted DNS still tells an eavesdropper where to look Encrypted DNS runs across much of the Internet. DNS over TLS, HTTPS, and QUIC keep the contents of a query away from anyone wa…HELPNETSECURITY.COM
28 JunData breach exposes up to 14.2 million email logins at six ISPsJapanese telecommunications operator KDDI Corporation disclosed a data breach where threat actors gained access to one of its email systems used by five other internet service providers (ISPs) in the country. [...]BLEEPINGCOMPUTER.COM
28 JunAssuranceAmerica breach may have affected more than 1.1 million people in seven statesKrys Shahin and Christopher Buchanan report: State officials are warning at least 1.1 million people across seven states may be impacted by an AssuranceAmerica data breach. Notices about the breach were sent to California, Massachusetts, Nebraska, South Carolina, Texas, Vermont, …DATABREACHES.NET
28 JunNZ pharmacy scrambles to scrub internet of patients’ private messagesMary Argue reports: A Wellington pharmacy at the centre of a data leak says sensitive patient information has now been scrubbed from the internet. Unichem Petone said it was contacting 29 patients affected by what it described as an error on the website that saw patients’ p…DATABREACHES.NET
28 JunSysco - 2,691,852 breached accountsIn June 2026, the food distribution company Sysco was targeted by a ShinyHunters "pay or leak" extortion campaign . Data was subsequently published containing 2.7M unique email addresses belonging to staff and customers. The data also contained largely corporate contact informati…HAVEIBEENPWNED.COM
28 JunKDDI Data Breach Impacts up to 14.2 Million Email Accounts at Six ISPsKDDI Corporation disclosed a breach affecting up to 14.2 million email accounts after attackers exploited a vulnerability in third-party software. KDDI Corporation disclosed a data breach that exposed up to 14.2 million email accounts across six Japanese internet service provider…SECURITYAFFAIRS.COM
28 JunA KDDI data breach has put up to 14.2 million ISP email logins at risk across JapanJames Whitmore reports: Data breach at Japanese telecoms operator KDDI may have exposed up to 14.22 million email addresses and passwords linked to ISP mail services, after attackers gained unauthorised access to a system used by six providers in Japan. KDDI said it confirmed the…DATABREACHES.NET
27 JunWhy Car Dealerships Are Prime Cyber Targets: Fraud, Resilience, and Security Leadership with Jennifer HuttonCybersecurity Today would like to than Material Security for their support of this podcast. On Cybersecurity Today on the Weekend, the host speaks with Jennifer Hutton, a cybersecurity leader in the car dealership sector, about how she entered cybersecurity through increasing cyb…CYBERSECURITYTODAY.LIBSYN.COM
27 Jun KEVKlue supply-chain attack impacts cybersecurity firms.Tata Electronics and Bajaj Auto continue recovery from cyberattacks. CISA warns of actively exploited PTC and Cisco vulnerabilities.THECYBERWIRE.COM
27 JunSurviving the surge of new Linux LPE : Defense in Depth not deadThanks to AI-assisted vulnerability research and kernel patch diffing that breaks "responsible disclosure" embargos, it's quite the overwhelming time for defenders. There's been a weekly reveal of new Linux critical vulnerabilities, with full exploit scripts made public days befo…SYNACKTIV.COM
27 JunExploiting the Tesla Wall Connector from its charge port connector - Part 2: bypassing the anti-downgradeIn a previous article, we presented an attack against the Tesla Wall Connector Gen 3 used during Pwn2Own Automotive 2025. The exploit chain relied on a simple fact: there was no anti-downgrade mechanism. Once we could speak UDS over the charging cable, we could just write an old,…SYNACKTIV.COM
27 JunMake it Blink: Over-the-Air Exploitation of the Philips Hue BridgeThe year-end edition of Pwn2Own took place in Cork, Ireland. For the first time, this event featured smart home devices, including the Amazon Smart Plug, Home Assistant Green, and the Philips Hue Bridge. The attack scenario defined by the ZDI involved an adversary with access to …SYNACKTIV.COM
27 JunExploring cross-domain & cross-forest RBCDThe Resource-based Constrained Delegation (RBCD) attack is well-known from pentesters and attackers: by editing the msDS-AllowedToActOnBehalfOfOtherIdentity attribute of a machine account, an attacker can impersonate users on said machine. Even though this attack mechanism has be…SYNACKTIV.COM
27 Junmitmproxy for fun and profit: Interception and Analysis of Application TrafficA solid understanding of the protocols used by applications is a necessary prerequisite when assessing application security. In recent projects, we have had to intercept various types of network traffic across different platforms, including Linux, Android, and iOS. The purpose of…SYNACKTIV.COM
27 JunBeyond ACLs: Mapping Windows Privilege Escalation Paths with BloodHoundWindows privileges are special rights that grant processes the ability to perform sensitive operations. Some privileges allow bypassing standard Access Control List (ACL) checks, which can lead to significant security implications. While privileges like SeDebugPrivilege, SeImpers…SYNACKTIV.COM
27 JunOn the clock: Escaping VMware Workstation at Pwn2Own Berlin 2025At Pwn2Own Berlin 2025, we exploited VMware Workstation by abusing a Heap-Overflow in its PVSCSI controller implementation. The vulnerable allocation landed in the LFH allocator of Windows 11, whose exploit mitigations posed a major challenge. We overcame this through a complex i…SYNACKTIV.COM
27 JunLivewire: remote command execution through unmarshalingLivewire revolutionizes Laravel development by enabling real-time, interactive web interfaces using only PHP and Blade, removing the need of heavy JavaScript frameworks. Its innovative hydration system seamlessly instantiate and restores component states, supporting complex data …SYNACKTIV.COM
27 JunExploiting Anno 1404Anno 1404 is a strategy game developed by Related Designs and published by Ubisoft. It is a real-time strategy game that focuses on city management and construction. The Anno 1404: Venice expansion, released in 2010, includes an online and local area network multiplayer mode. Dur…SYNACKTIV.COM
27 Jun2025 Winter Challenge: QuinindromeA few months have passed and the first snowflakes have fallen since the end of the Synacktiv Summer Challenge. This event was a success, with one of the participants even finding a zero-day vulnerability while working on his solution! Although it hasn't been made public yet, it w…SYNACKTIV.COM
27 JunBreaking the BeeStation: Inside Our Pwn2Own 2025 Exploit JourneyThis article documents our successful exploitation at Pwn2Own Ireland 2025 against the BeeStation Plus. We walk through the full vulnerability research process, including attack surface enumeration, code auditing, exploit development, and ultimately obtaining a root shell on the …SYNACKTIV.COM
27 JunSite Unseen: Enumerating and Attacking Active Directory SitesActive Directory Sites are a feature allowing to optimize network performance and bandwidth usage in AD internal environments. They are commonly implemented by large, geographically dispersed organizations spanning across multiple countries or continents. Sites did not receive mu…SYNACKTIV.COM
27 Junappledb_rs, a research support tool for Apple platformsOver the years, research on Apple platforms has become significantly more complex, largely due to the numerous countermeasures deployed by the Cupertino company. To address this challenge during our missions on these platforms, we developed appledb_rs: an open-source tool (https:…SYNACKTIV.COM
27 JunThe 'S' in Zoom, Stands for SecurityToday we uncover two (local) security flaws in Zoom's latest macOS client. First, a privilege escalation vulnerability, and second, a method to surreptitiously access a user's webcam and microphone (via Zoom).OBJECTIVE-SEE.ORG
27 Jun[0day] Abusing XLM Macros in SYLK FilesA 0day logic flaw in Microsoft Excel leads to 'remote' code execution on macOS, via malicious macros.OBJECTIVE-SEE.ORG
27 JunBurned by Fire(fox) (Part III)Recently, an attacker targeted (Mac) users via a Firefox 0day. In this third post, we analyze a second backdoor used in the attack, detailing its persistence, capabilities, and ultimate identify it a new variant of the cross-platform Mokes malware!OBJECTIVE-SEE.ORG
27 JunBurned by Fire(fox) (Part II)Recently, an attacker targeted (Mac) users via a Firefox 0day. In this second post, we fully reverse OSX.NetWire.A, revealing (for the first time!), its inner workings and complex capabilities.OBJECTIVE-SEE.ORG
27 JunBurned by Fire(fox) (Part I)Recently, an attacker targeted (Mac) users via a Firefox 0day. In this first post, we triage and identify the malware (OSX.NetWire.A) utilized in this attack, identifying its methods of persistence, and more!OBJECTIVE-SEE.ORG
27 Jun[0day] Mojave's Sandbox is LeakyThe macOS sandbox is seeks to prevent malicious applications from surreptitiously spy on unsuspecting users. Turns out, it's trivial to sidestep some of these protections, resulting in significant privacy implications!OBJECTIVE-SEE.ORG
27 JunRemote Mac Exploitation Via Custom URL SchemesThe WINDSHIFT APT group is successfully infecting Macs with a novel infection mechanism. By abusing custom URL scheme handlers and minimal user interaction, Macs can be remotely compromised!OBJECTIVE-SEE.ORG
27 Jun[0day] Synthetic RealityIf you can programmatically generate synthetic mouse clicks, you can break macOS! Approving kernel extensions, dismissing privacy alerts, and much more more...OBJECTIVE-SEE.ORG
27 JunEscaping the Microsoft Office SandboxImagine you've gained remote code execution on a Mac via a malicious Word document. Turns out, you're still stuck in a sandbox. However, via a faulty regex, you can escape and persist!OBJECTIVE-SEE.ORG
27 Jun[0day] Bypassing SIP via SandboxingIn this guest blog post @CodeColorist writes about a neat macOS vulnerability. Ironically, by abusing security mechanisms such as sandboxing, macOS can be coerced to load an untrusted library, into a SIP-entitled process!OBJECTIVE-SEE.ORG
27 JunAn Unpatched Kernel BugOn my flight to ShmooCon, I managed to panic my fully-patched MacBook. Here we analyze the kernel panic report, finding that Apple's AMDRadeonX4150 kext is responsible for the crash.OBJECTIVE-SEE.ORG
27 JunTwo Bugs, One Func(), part threeAnalyzing code within the macOS kernel audit subsystem uncovered an exploitable heap overflow.OBJECTIVE-SEE.ORG
27 JunNew Attack, Old TricksA Word document targets Mac users with malicious macros and an open-source payload.OBJECTIVE-SEE.ORG
27 Jun[0day] Bypassing Apple's System Integrity ProtectionRead how an attacker can bypass Apple's SIP, via the local OS upgrade processOBJECTIVE-SEE.ORG
27 JunPhoenix: RootPipe lives! ...even on OS X 10.10.3Exploiting RootPipe on OS X 10.10.3OBJECTIVE-SEE.ORG
27 JunNAIC suspends investment risk designations after cyber attackThe National Association of Insurance Commissioners (NAIC) is the U.S. standard-setting and regulatory support organization. It is governed by the chief insurance regulators from the 50 states, the District of Columbia, and five U.S. territories. The organization serves the publi…DATABREACHES.NET
26 JunMalware gaslights AIMac Malware Gaslights AI, Major Info-Stealer Takedown, OpenAI's Patch the Planet, and FortiBleed Fallout Mac malware called "Gaslight," attributed to North Korea-aligned actors, plants fake system messages designed to derail AI-based analysis while stealing data and exfiltrating …CYBERSECURITYTODAY.LIBSYN.COM
26 JunGDPR at 10: Landmark data protections, increasing business burdenTen years have passed since the General Data Protection Regulation (GDPR) came into force, and the results are mixed. While data protection has become more firmly established in European companies — and beyond — than ever before, the business world remains critical of the regulat…CSOONLINE.COM
26 JunModelplane: Open-source control plane for AI inferenceOrganizations that run open-weight models on hardware they own operate GPU fleets spread across clouds, neoclouds, and on-premise data centers. Each fleet handles model placement, replica scaling, infrastructure provisioning, weight distribution, and traffic routing. Teams have b…HELPNETSECURITY.COM
26 JunNew infosec products of the month: June 2026Here’s a look at the most interesting products from the past month, featuring releases from AISLE, Asimily, Blue Planet, depthfirst, Diligent, Drata, Elastic, Filigran, Flip, Hyland, IDnow, Legit Security, MazeBolt, Noma, Qodo, Ridge Security, Tigera, and WitnessAI. Asimily turns…HELPNETSECURITY.COM
26 JunWhat CISOs need to tell the board about zero trust in OT: A 90-day communication and action planI work as a principal specialist at a pipeline operator where Operational Technology (OT) is the backbone of the business. I do not report to the board or act as a CISO, but the issues that get raised to those levels affect my job every single day. Since the Colonial pipeline ran…CSOONLINE.COM
26 JunProposed US law would make AI risk reporting a legal obligationUS lawmakers on Thursday introduced a bill that would require developers of advanced AI models to report major safety and security incidents to the Commerce Department, establishing a federal oversight framework for high-risk AI systems. The proposed AI Incident Reporting Act wou…CSOONLINE.COM
26 JunMythos is a signal, not a siren: What frontier AI should change for CISOsWhen a new AI capability starts making headlines, I see the same pattern play out in boardrooms and executive staff meetings. The technology is introduced as a looming breakthrough for attackers. The conversation quickly shifts to worst-case scenarios. Then security leaders are a…CSOONLINE.COM
26 JunJapanese telco suffers breach exposing 14.2 million email passwordsKDDI has disclosed that an email system it operates for internet service providers (ISPs) was breached in a cyberattack, potentially exposing email account information belonging to customers of six Japanese service providers. The company says the intrusion exploited a vulnerabili…CYBERINSIDER.COM
26 JunLinux Foundation Unveils New Open Source Security Project AkritesIt will provide the tools and channels to report, patch, and disclose open source software vulnerabilities. The post Linux Foundation Unveils New Open Source Security Project Akrites appeared first on SecurityWeek .SECURITYWEEK.COM
26 JunRansomware gangs find Europe’s weakest link in third-party suppliersRansomware attacks against European organizations increased during the first months of 2026, with third-party suppliers becoming a major entry point for attackers. Black Kite examined 2,066 ransomware incidents across 31 countries between January 2025 and April 2026 in its 2026 E…HELPNETSECURITY.COM
26 JunCritical open-source projects get a new security frameworkOpen source software projects are getting a new framework for handling security vulnerabilities as AI shortens the time between flaw discovery and exploitation. The Linux Foundation has launched Akrites, an industry initiative that brings together technology companies, financial …HELPNETSECURITY.COM
26 JunCyberattacks pose a ‘threat to life’ in AustraliaAustralia’s Security Intelligence Organization (ASIO) has uncovered an attack on a critical infrastructure operator’s network. State-sponsored actors had compromised the network and were preparing to sabotage it, according to its director general, Mike Burgess. Other countries fa…CSOONLINE.COM
26 JunStop Chasing Every New ThreatCybersecurity teams naturally focus on new vulnerabilities, exploits, and attack techniques. But basic practices like patch management, firmware updates, and consistent security hygiene still prevent many successful compromises. Organizations that maintain strong fundamentals are…YOUTUBE.COM
26 JunMore Klue Breach Victims Identified as Hackers Get HackedRoughly two dozen companies have notified their customers of the Klue-Salesforce incident impact. The post More Klue Breach Victims Identified as Hackers Get Hacked appeared first on SecurityWeek .SECURITYWEEK.COM
26 Jun KEVTata Electronics and Bajaj Auto continue recovery from cyberattacks.Threat actors target critical infrastructure across Southeast Asia. CISA warns of actively exploited PTC vulnerability. Polish police disrupt SIM-swapping gang.THECYBERWIRE.COM
26 JunSoftware, AI companies form alliance to tackle open-source security flawsThe emergence of frontier AI models has increased the speed and capabilities of malicious hackers.CYBERSECURITYDIVE.COM
26 JunAmazon Q Flaw Enabled Cloud Credential Theft via Malicious RepositoriesAWS has patched the vulnerability and published its own advisory to inform customers about the potential impact. The post Amazon Q Flaw Enabled Cloud Credential Theft via Malicious Repositories appeared first on SecurityWeek .SECURITYWEEK.COM
26 JunMalware authors subvert AI detection systemsEnterprises that have turned to AI in order to boost their security defenses may have to reconsider their approach. Malware containing code that commands LLM-assisted products to abort their analysis or refuse to implement it is already circulating, according to a post from secur…CSOONLINE.COM
26 JunUnpatched macOS bug could allow tampering trusted applicationsSecurity duo Mysk has disclosed an unpatched macOS vulnerability that they say allows web-installed applications to silently modify other apps' binaries, potentially bypassing key macOS security protections. In a post published on X, Mysk said the issue affects macOS 26 and macOS…CYBERINSIDER.COM
26 JunCisco Adds NHI to Security Stack With Astrix, WideField AcquisitionsCisco joins a growing list of security platform providers who are betting that securing the agentic workforce means turning identity into the primary control plane.DARKREADING.COM
26 Jun KEVCISA sets urgent deadline to fix Cisco flaw exploited in attacksThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) is giving federal agencies until Sunday to patch a vulnerability in Cisco Unified Communications Manager Server that is being actively exploited. [...]BLEEPINGCOMPUTER.COM
26 JunThe Chinese Control the Majority of Argentina’s Squid FleetChinese companies control nearly two-thirds of Argentina’s own squid fleet.SCHNEIER.COM
26 Jun KEVFactory reset required.Tata Electronics and Bajaj Auto continue recovery from cyberattacks. FCC tightens undersea cable rules to bolster national security. CISA warns of actively exploited PTC vulnerability. Gamaredon expands toolkit, hides behind legitimate services. Iran-linked hackers turn public wa…THECYBERWIRE.COM
25 JunInteresting Paper Exploring Prompt InjectionThis is a fascinating explotation of how LLMs fall for prompt injection attacks. It turns out that they learn to recognize the style of text in different role/instruction blocks, and not just the tags. Their conclusion: Role tags were a formatting trick that became the security a…SCHNEIER.COM
25 JunRethinking the balance between AI oversight and innovationThe new CIO mandate is clear: facilitate AI adoption across the enterprise at speed. According to CIO.com’s State of the CIO survey, CEOs’ to p priority for their IT executives is to capitalize on AI . From researching to evaluating AI products, CIOs are now the central figures i…CSOONLINE.COM
25 JunGRC is broken. FedRAMP 20x might fix itWe are auditing a curated version of history. I’ve worked in security long enough now to know something most of us don’t really say out loud. A lot of compliance is theatre. Not all of it, and not all auditors or frameworks, but enough of it that most experienced CISOs know exact…CSOONLINE.COM
25 JunThe Policy Nobody Actually EnforcedMany organizations generate least-privilege IAM policies but never deploy them. That leaves existing permissions available for attackers to abuse after compromising workloads like CI/CD runners. Instead of depending on thousands of manually applied policies, Sandy Bird describes …YOUTUBE.COM
25 JunCloud Visibility, Fortibleed, hacking things the easy way - Sandy Bird - PSW #932First up is Sandy Bird from Sonrai discussing how to protect our cloud infrastructure! This segment is sponsored by Sonrai Security. Visit https://securityweekly.com/sonrai to learn more about them! Next up in the security news: - Help, I am Fortibleeding - Cisco SD-WAN needs hel…YOUTUBE.COM
25 JunYour Small Business Is a TargetMore than 90% of the economy depends on small and medium-sized businesses. At the same time, critical infrastructure spans far beyond power grids or defense systems. It includes industries like healthcare, financial services, food and agriculture, IT, communications, water, and c…YOUTUBE.COM
25 JunBeyond IOCs: AI-enabled threat intelligenceIn this week’s newsletter, Martin considers how AI will help threat intelligence by creating an easily queryable data source of intelligence reports.TALOSINTELLIGENCE.COM
25 JunBeware of &#8220;Parcel Expert&#8221; job offers: They&#8217;re parcel mule scamsMost parcel mule scams start with fake job offers that trick victims into handling stolen goods.MALWAREBYTES.COM
25 JunFraud goes door-to-door.This week, hosts of N2K CyberWire ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ and⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠…THECYBERWIRE.COM
25 JunCisco Vulnerability Exploited Months Before Disclosure, Google WarnsA high-severity flaw in Cisco Catalyst SD-WAN Manager disclosed in early June was exploited as early as MarchINFOSECURITY-MAGAZINE.COM
25 JunTrust in Automated AI Vulnerability Scanning Collapses to 9%, New Study FindsCobalt study finds 20-percentage-point drop in number of organizations relying solely on AI automation for testingINFOSECURITY-MAGAZINE.COM
25 JunShopify Shop app users are seeing fake orders in purchase historiesScammers are placing fake purchase receipts inside Shopify's Shop app, exploiting users' trust in order-tracking applications to lure them into calling fraudulent customer support numbers. The campaign moves the long-running fake invoice scam beyond email, placing fraudulent rece…CYBERINSIDER.COM
25 JunJapan’s army used USB drives with Chinese malware for a yearJapan's Ground Self-Defense Force (JGSDF) reportedly used counterfeit USB flash drives infected with malware linked to previously identified Chinese threat activity on computers connected to sensitive military networks for nearly a year before the devices were discovered. Accordi…CYBERINSIDER.COM
25 JunCal Water Says No OT Systems Breached in Iranian Handala CyberattackMandiant has helped the California water utility investigate the cyberattack launched by Iranian hacker group Handala. The post Cal Water Says No OT Systems Breached in Iranian Handala Cyberattack appeared first on SecurityWeek .SECURITYWEEK.COM
25 Jun25-Year-Old Vulnerability Patched in CurlThe latest version of the open source data transfer tool resolves 18 medium and low-severity vulnerabilities. The post 25-Year-Old Vulnerability Patched in Curl appeared first on SecurityWeek .SECURITYWEEK.COM
25 JunLocal Police Collusion Hampers Crackdown on Asian Scam CentersWith tens of billions of dollars flowing into regional economies from cybercrime, scam centers continue to flourish, despite international and law-enforcement efforts.DARKREADING.COM
25 JunExperts on Experts: Why AI and Compliance Are Forcing A New Security Operating ModelThis week on Experts on Experts, I sat down with Sabeen Malik , Rapid7’s VP of Global Government Affairs and Public Policy, to discuss a shift security leaders can’t afford to treat as separate threads: frontier AI, vulnerability discovery, cybersecurity compliance, and operation…RAPID7.COM
25 JunNVIDIA GEN3C: Unauthenticated RCE via Pickle Deserialization in the Inference APIVulnCheck's Initial Access Intelligence team details an unauthenticated remote code execution in NVIDIA's GEN3C, where two FastAPI inference endpoints deserialize raw HTTP request bodies with pickle.loads() with no authentication.VULNCHECK.COM
24 JunMeta pauses employee monitoring program after data protections failAn extensive program at Meta to gather a wide range of data from employees to train its AI model has been frozen after employees reportedly broke through its guardrails and accessed restricted data, and then did so again after Meta claimed to have fixed the vulnerability. Whether…CSOONLINE.COM
24 JunAnthropic’s Mythos Model Found Vulnerabilities in Classified US Government Systems, Official SaysCome vulnerabilities were found within hours, but that does not mean the model was able to exploit them within that time, the official said. The post Anthropic’s Mythos Model Found Vulnerabilities in Classified US Government Systems, Official Says appeared first on SecurityWeek .SECURITYWEEK.COM
24 JunCybersecurity jobs available right now: June 24, 2026Application Security Leader DriveNets | Israel | Hybrid – View job details As an Application Security Leader, you will define security requirements, drive secure coding practices, oversee vulnerability management, and integrate security testing and automation into…HELPNETSECURITY.COM
24 JunRisky Business #843 -- Fortibleed is kinda awesome, actuallyOn this week’s show special guest co-host Rob Joyce joins Patrick Gray and James Wilson to discuss the week’s cybersecurity news. Rob served as an advisor to Donald Trump during his first term as president and also served at NSA for 34 years. While at the agency, Joyce led Tailor…RISKY.BIZ
24 JunPraxen: Open-source AI agent behavior verificationPraxen is an open-source tool with a simple job: it checks whether an AI agent does what it claims to do. The tool takes an agent’s declared policy, looks at how the agent operates, and points out every spot where the two drift apart. It is the reference implementation of A…HELPNETSECURITY.COM
24 JunBrinqa BYOAI lets organizations use any AI platform with trusted risk dataBrinqa BYOAI (Bring Your Own AI), a capability that enables organizations to connect any AI agent, large language model (LLM), or automation platform to Brinqa’s exposure intelligence layer. As enterprises adopt AI, they need to ensure that AI systems use accurate, up-to-date ris…HELPNETSECURITY.COM
24 JunWebinar Today: Modern Exposure Validation in the AI EraThe exploit timeline collapsed. Make sure your validation didn't. The post Webinar Today: Modern Exposure Validation in the AI Era appeared first on SecurityWeek .SECURITYWEEK.COM
24 JunKahneman, ‘Where’s Waldo’ and the Nexus pass: A CISO’s mental model for the AI eraSecurity awareness training as a defense against phishing is dead. It has been dead for a while. The industry never held a funeral because the training budget is comfortable, the compliance box gets checked and no CISO wants to tell the board that the program everyone funds does …CSOONLINE.COM
24 JunThe Strategic Human Firewall as AI Impacts Regulations, Cyber Pros, and Employees - BSW #453The 2026 Verizon DBIR has arrived and the results are in... Even with a substantial increase in Exploitation of Vulnerabilities, All Credential Abuse is still the top initial access vector for breaches, which means the human is still the weakest link. Why haven't security awarene…YOUTUBE.COM
24 JunOpen-source security is posing challenges governments can’t easily solveA diffuse landscape, fruitful targets, companies not stepping up, AI’s influence and flagging U.S. government efforts all figure into a shifting threat. The post Open-source security is posing challenges governments can’t easily solve appeared first on CyberScoop .CYBERSCOOP.COM
24 JunLastPass customer data exposed through Klue supply chain attackLastPass disclosed that attackers used OAuth tokens compromised in a supply chain attack on Klue, a market intelligence platform that integrates with CRM and sales tools across organizations, to access customer data stored in its Salesforce environment. “On June 12th LastPass was…HELPNETSECURITY.COM
24 JunHow a malicious AI agent skill passed security checks and reached 26,000 usersA fake AI agent skill that passed security checks reached over 26,000 users through Instagram, highlighting new risks as enterprises rely on AI-driven tools. Some of the agents involved were tied to corporate accounts, AIR said . The company said a similar attack could have expos…CSOONLINE.COM
24 JunExploitable CI/CD Vulnerabilities Expose Millions of Repositories to HijackingThe security defects allow unauthenticated users to take control of the open source software supply chain. The post Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking appeared first on SecurityWeek .SECURITYWEEK.COM
24 JunBeyondTrust, LastPass Impacted by Klue-Salesforce IncidentOver a dozen Klue customers have confirmed that hackers stole data from their Salesforce instances. The post BeyondTrust, LastPass Impacted by Klue-Salesforce Incident appeared first on SecurityWeek .SECURITYWEEK.COM
24 JunApple's MacOS Gap Lets Users Disable Security ToolsAttackers can exploit the issue to disable security and integrated browser tools without needing administrator privileges or kernel exploits.DARKREADING.COM
24 JunIn a first, a court takedown goes after two cybercrime tools at onceMicrosoft, with law enforcement and industry partners, disrupted more than 200 command and control servers for Amadey and StealC, often used in conjunction. The post In a first, a court takedown goes after two cybercrime tools at once appeared first on CyberScoop .CYBERSCOOP.COM
24 JunCordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain AttacksCybersecurity researchers have flagged a new class of CI/CD workflow weakness that allows attackers to hijack workflows and compromise open-source supply chains. The "critical exploitable pattern" has been codenamed Cordyceps by Novee Security. The issue can allow full attacker c…THEHACKERNEWS.COM
24 JunmacOS Weaknesses Chained to Silently Disable Endpoint Security AgentsA standard non-admin account is sufficient to conduct an attack that exploits legitimate OS behavior rather than software vulnerabilities. The post macOS Weaknesses Chained to Silently Disable Endpoint Security Agents appeared first on SecurityWeek .SECURITYWEEK.COM
24 JunCISA warns of max severity Ubiquiti flaws exploited in attacksThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of hackers actively exploiting flaws in Ubiquity UniFi OS and Lantronix serial-to-ethernet servers. [...]BLEEPINGCOMPUTER.COM
24 JunMicrosoft and Allies Smash Shared Infrastructure of Amadey and StealC MalwareHundreds of C&C servers were disrupted in an operation involving law enforcement and several cybersecurity companies. The post Microsoft and Allies Smash Shared Infrastructure of Amadey and StealC Malware appeared first on SecurityWeek .SECURITYWEEK.COM
24 JunAmadey, StealC, and SocGholist malware disrupted by ‘Operation Endgame’A coordinated international law enforcement and private-sector operation has dismantled major parts of the infrastructure behind the SocGholish, Amadey, and StealC malware families, seizing more than €41 million ($47 million) in cryptocurrency and disrupting hundreds of servers t…CYBERINSIDER.COM
24 JunLaw enforcement hits StealC and Amadey malware networksOperation Endgame, the largest international law enforcement operation aimed at disrupting ransomware and cybercrime infrastructure across the world, has claimed its latest targets: StealC and Amadey. The notice on disrupted websites (Source: Microsoft) While developed by separat…HELPNETSECURITY.COM
24 JunLastPass says Klue breach affected customer information, but passwords remain secure.Attackers begin exploiting Cisco Unified CM vulnerability. Alleged criminal marketplace administrator extradited to the US. Business news: Accenture acquires Dragos, runZero, and NetRise for more than $4 billion.THECYBERWIRE.COM
24 JunAmadey and StealC Malware Network Disrupted, 27M Stolen Credentials RecoveredA coordinated law enforcement operation, in partnership with private sector companies, including Bitdefender, Bitsight, ESET, and Microsoft, has resulted in the takedown of criminal infrastructure powering Amadey and StealC. "The main common goal was to disrupt the 'assembly line…THEHACKERNEWS.COM
24 JunScattered Spider duo convicted over $38M Transport for London attackTwo members of the Scattered Spide r cybercrime collective have admitted launching a cyberattack against Transport for London (TfL) that caused millions in damages. Thalha Jubair, 20, from East London, and Owen Flowers, 18, from Walsall, West Midlands, were due to stand trial for…CSOONLINE.COM
24 JunRansomware Will Hit You TwiceRansomware incidents are often treated as one-time events: pay, decrypt, recover, move on. But this conversation challenges that assumption. If the underlying vulnerability or access path isn’t fixed, attackers can return quickly and repeat the attack. In some scenarios, paying a…YOUTUBE.COM
24 JunWhen Information Becomes the Attack Surface – Understanding AI Agent TrapsFrom hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI. The post When Information Becomes the Attack Surface – Understanding AI Agent Traps appeared first on SecurityWeek .SECURITYWEEK.COM
24 JunMalicious hackers exploit Cisco zero-day for highest access level at communications service providerMandiant detailed the incident in a blog post Wednesday, but it’s unclear who was behind it or if they managed to get broad visibility into the victim’s internal traffic. The post Malicious hackers exploit Cisco zero-day for highest access level at communications service provider…CYBERSCOOP.COM
24 JunRestrict AWS Management Console access to expected networks with sign-in resource-based policies and RCPsAmazon Web Services (AWS) recently announced support for resource-based policies and resource control policies (RCPs) for AWS Sign-In. By using resource-based policies and RCPs, you can restrict access to the AWS Management Console sign-in and aws login CLI sessions to requests f…AWS.AMAZON.COM
24 Jun KEVKlue me in on the breach.LastPass says Klue breach affected customer information, but passwords remain secure. Attackers begin exploiting Cisco Unified CM vulnerability. CISA flags actively exploited Ubiquiti and Lantronix flaws, urges rapid patching. DifyTap flaws could expose private AI conversations a…THECYBERWIRE.COM
24 JunThree ‘cybercrime as a service’ operations undercut by Microsoft, law enforcementMicrosoft touted its latest action against malware infrastructure as a new approach aimed at the full cybercrime "supply chain." Europol said more than 300 servers were targeted.THERECORD.MEDIA
24 JunCNAPP evolution: How Microsoft aligns with leading cloud risk management platformsLearn how CNAPP platforms are helping organizations prioritize exploitable risks, reduce exposure, and operationalize security across the application lifecycle. The post CNAPP evolution: How Microsoft aligns with leading cloud risk management platforms appeared first on Microsoft…MICROSOFT.COM
23 JunChange your cyber risk strategy to meet AI threats, Five Eyes countries warn CSOsCSOs must re-write their cyber risk strategies because threat actors are increasing using AI to evade defenses, says a group of national cybersecurity agencies – a call that one expert immediately complained is too vague to be of use. In its call to action on Monday , the group w…CSOONLINE.COM
23 JunFree, no-signup World Cup streams serve scams instead of footballResearchers at Malwarebytes identified dozens of websites claiming to offer free access to FIFA World Cup matches. Instead of streaming games, the sites directed visitors through a chain of advertising pages designed to generate revenue for their operators. Fake World Cup streami…HELPNETSECURITY.COM
23 JunA $1,400 experiment in AI security auditing outperformed OpenAI’s Codex SecurityA research team has built a system that teaches AI agents to hunt for software bugs by writing the audit method down as plain text. The system, called EVOHUNT, keeps the underlying AI model fixed and improves only an external “playbook” that tells the agent how to wor…HELPNETSECURITY.COM
23 JunResidential proxy SDKs are hiding in LG and Samsung smart TV appsSmart TVs in living rooms run small apps that show fish tanks, clocks, solitaire games, and slideshows of puppies. A share of those apps can also send other people’s internet traffic out through the home connection. Spur Intelligence scanned 6,038 apps across LG webOS and S…HELPNETSECURITY.COM
23 JunCybersecurity is no longer about protection. It’s about survival.For years, cybersecurity professionals have been repeating the same warning: Every company will eventually be breached. Fine. Let’s accept that. Then why do so many organizations still behave as if the near sole purpose of cybersecurity is to prevent the breach from ever happenin…CSOONLINE.COM
23 JunOpenAI wants AI to fix vulnerabilities, not just find themOpenAI expanded Daybreak, its cybersecurity initiative that combines AI models, Codex Security, security researchers, maintainers, industry partners, and access controls to support vulnerability discovery and remediation. Organizations can use the initiative to identify, validate…HELPNETSECURITY.COM
23 JunPhishing hides in routine Microsoft 365 workflowsAttackers are abusing Outlook Groups and Microsoft 365 collaboration features to make phishing campaigns appear routine, according to Fortra. “The technique shifts malicious intent away from a single phishing email into a trusted productivity workflow. A user may see what l…HELPNETSECURITY.COM
23 JunHow AI Is Reshaping Identity Security at the Infrastructure Layer - Ev Kontsevoy, Neha... - ASW #388Appsec has seen machine identities from daemons and processes to services, microservices, and cloud accounts. And now we have agents. Ev Kontsevoy talks about what it means to have engineers and agents interacting in an environment, and why a focus on actions can be more effectiv…YOUTUBE.COM
23 JunHack The Box adds crisis simulations and SOC training to strengthen cyber readinessHack The Box (HTB) has announced new capabilities to help security leaders gain greater visibility into skills, performance and operational readiness. As AI transforms cyberattacks and cybersecurity operations, HTB is expanding its cyber readiness platform to help organizations i…HELPNETSECURITY.COM
23 JunOpenAI rolls out AI-led push to fix open-source software flawsOpenAI has launched a program with cybersecurity firm Trail of Bits to use AI to find and fix vulnerabilities in widely used open-source software, as enterprises face growing risks from flaws buried deep in their software supply chains. The initiative, called Patch the Planet , u…CSOONLINE.COM
23 JunPutin’s Paramilitary 2.0Since its emergence in 2014, the Wagner Group operated as the Kremlin's shadow army, deploying mercenaries across Africa and the Middle East. It gave Vladimir Putin plausible deniability, expanding Moscow's geopolitical influence by propping up leaders through military assistance…THECYBERWIRE.COM
23 JunLastPass says customer data exposed in Klue supply chain breachLastPass has disclosed that customer contact and CRM data were exposed after attackers compromised Klue, a third-party market intelligence platform used by its go-to-market teams. According to a security advisory published by LastPass, the company was notified on June 12 about a …CYBERINSIDER.COM
23 JunFFmpeg PixelSmash Flaw Allows RCE on Video Players, Media Servers, NAS AppliancesAttackers can send crafted media files to execute code in any application that uses FFmpeg’s libavcodec library. The post FFmpeg PixelSmash Flaw Allows RCE on Video Players, Media Servers, NAS Appliances appeared first on SecurityWeek .SECURITYWEEK.COM
23 JunUnpatched SharePoint servers opened the door to multiple attackers, Microsoft findsWhat began as a routine ransomware investigation uncovered two unrelated attackers operating inside the same victim network at the same time, each obscuring the other’s activity and complicating the response. The discovery emerged during a Microsoft Detection and Response Team (D…CSOONLINE.COM
23 JunWhat the Miasma campaign reveals about the new supply chain threat model and the underground market for developer credentialsA stolen session cookie sat in underground markets for seven weeks before attackers used it to poison 32 Red Hat packages in the npm software registry, an example of the industrial approach behind modern supply chain attacks. Key takeaways Miasma is a self-propagating npm worm de…TENABLE.COM
23 JunEight-Year-Old Samsung KNOX Flaw Exposed Millions of Galaxy Devices to Kernel AttacksThe high-severity use-after-free vulnerability in Samsung's KNOX security framework affected Android-powered Galaxy devices from the S9 through S25. The post Eight-Year-Old Samsung KNOX Flaw Exposed Millions of Galaxy Devices to Kernel Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
23 JunAlgerian Man Extradited to US for Running Cybercrime Marketplaces26-year-old Abdellah Belmili faces up to 30 years in prison for allegedly operating the marketplaces Market0Day and Spoxy. The post Algerian Man Extradited to US for Running Cybercrime Marketplaces appeared first on SecurityWeek .SECURITYWEEK.COM
23 JunLastPass confirms data breach in Klue supply chain attackLastPass announced that hackers accessed customer data from its Salesforce environment after stealing the company's OAuth tokens in the Klue supply chain attack earlier this month. [...]BLEEPINGCOMPUTER.COM
23 JunUsing Reddit to manipulate AI search results is surprisingly easyA Reddit comment that takes only a few seconds to write can end up influencing the answers generated by AI research tools. A Cornell Tech study found that a short snippet of user-generated text, sometimes as little as 13 words, was enough to affect the output of deep-research age…HELPNETSECURITY.COM
23 JunGitHub Updates actions/checkout to Block Common Pwn Request Attack PatternsGitHub is moving to strengthen software supply chain security by updating "actions/checkout" to block pwn request attacks that exploit the risky use of the "pull_request_target workflow" trigger to run malicious code with the workflow's full privileges. Effective June 18, 2026, t…THEHACKERNEWS.COM
23 JunThe Exploit Doesn't Exist. You Can Still Prove It Works Against YouAttackers can now weaponize newly disclosed vulnerabilities far faster than most organizations can patch them. Picus Security explains how security teams can validate exploitability before a public exploit even exists. [...]BLEEPINGCOMPUTER.COM
23 JunFive Eyes allies warn of dangers posed by frontier AI models.Researchers publish a new analysis of FortiBleed. BootROM exploit can bypass Apple's SecureROM. Scattered Spider members plead guilty in the UK.THECYBERWIRE.COM
23 JunKlue investigating supply chain attack that targeted Salesforce integrationsCustomer data from several prominent cybersecurity firms was among that of hundreds of potential enterprise victims.CYBERSECURITYDIVE.COM
23 JunWhy SIEM is Moving Toward Unified Security Operations: Rapid7 Named a Major Player in IDC MarketScapeRapid7 has been named a Major Player in the IDC MarketScape: Worldwide SIEM 2026 Vendor Assessment (#US54126826, June 2026). This is the first IDC SIEM MarketScape to bring the enterprise and SMB markets into a single evaluation, and we believe it arrives at a time when the way t…RAPID7.COM
23 JunTrump sets post-quantum crypto deadlines, launches broader federal quantum initiativeUS President Donald Trump on Monday signed a pair of executive orders aimed at accelerating the federal government’s transition to post-quantum cryptography while expanding US investment in quantum technologies, establishing what the administration describes as a coordinated stra…CSOONLINE.COM
23 JunAll eyes on AI.Five Eyes warns AI could supercharge cyberattacks within months. Tata Electronics confirms breach as stolen data allegedly includes Apple and Tesla documents. Researchers publish new analysis of FortiBleed. Gizmodo breach exposes readers to ClickFix malware campaign. BootROM expl…THECYBERWIRE.COM
23 JunTuring, BODS, Struwwelpeter, EO-14409, VBScript, Pixemsmash, Cloudflare, Aaran Leylan - SWN #592Turing's Entscheidungsproblem, BODS, Struwwelpeter, EO-14409, VBScript, Pixemsmash, Cloudflare, Aaran Leyland, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-592YOUTUBE.COM
23 JunScope of Salesforce Attacks Expands as Icarus Leaks DataMore victims have emerged after attackers breached application vendor Klue and used its OAuth tokens to steal customers' Salesforce data.DARKREADING.COM
22 JunStolen OAuth Tokens Hit Security Firms, AryStinger Router Botnet Emerges, AI Deepfake CyberstalkingA breach at market intelligence platform Klue allowed attackers to steal OAuth tokens linking Clue to customers' Salesforce environments, enabling quiet API-driven data extraction from firms including Huntress, Recorded Future, Tanium, and Jamf; Clue revoked tokens, removed the l…CYBERSECURITYTODAY.LIBSYN.COM
22 JunWhy Southeast Asia CISOs Need Zero Trust as Their AI Control Plane – AI Agents, Data Borders and Supply ChainsAt Zenith Live 2026 held on 16-17 June in Vienna, Zscaler sharpened a reality that Southeast Asia CIOs and CISOs are already sensing, which are, AI agents are quickly becoming digital workers inside their organisations, while regulators tighten data residency rules and supply‑cha…CSOONLINE.COM
22 JunHundreds of AI-powered iOS apps found exposing credentialsMobile app developers are packing AI features into everything from writing assistants to productivity tools and lifestyle apps. New research shows that securing access to those services remains a challenge. LLM API credential leakage via network traffic interception (Source: Rese…HELPNETSECURITY.COM
22 JunAgent Beacon: Open-source telemetry layer for AI agentsAI coding agents such as Claude Code, Codex CLI, Cursor, and Claude Cowork run on developer laptops, CI jobs, cloud environments, where they edit files, run commands, and call outside tools. Beacon, an open-source project from Asymptote Labs, configures telemetry for those runtim…HELPNETSECURITY.COM
22 JunAnatomy of a retail ransomware attack: Tabletop simulates modern mayhem methodsAttacks on AI systems and disinformation starred as key elements of a ransomware tabletop exercise CSO participated in during this month’s Infosecurity Europe conference. The “Enter the War Room” exercise — organised and run by cybersecurity vendor Semperis — featured a scenario …CSOONLINE.COM
22 Jun6 security leader tips for mastering business riskLongtime security leader Doug Kersten has expanded his list of responsibilities. As CISO of software maker Appfire, he now has accountability for business risks, such as how security tools and processes within customer products and services impact their costs and, thus, profitabi…CSOONLINE.COM
22 JunNavigating Shadow AI in the Enterprise, Verizon's SECOND 2026 report, and the news - ESW #464Interview with Ankita Gupta, CEO of Akto _How to Navigate Shadow AI Risk in the enterprise_ This week, we discuss AI governance in the enterprise, starting with the nuts and bolts of how to discover and understand shadow AI. Following that, we dive into what security and tech lea…YOUTUBE.COM
22 JunKlue Breach Enables Hackers to Compromise Cybersecurity Firms via OAuth TokensAt least five cybersecurity firms confirmed they have been affected by a breach of business intelligence platform Klue via Salesforce integrationINFOSECURITY-MAGAZINE.COM
22 JunWhat the Latest ShinyHunters Breaches Reveal About Modern CyberattacksGroups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage. The post What the Latest ShinyHunters Breaches Reveal About Modern Cyberattacks appeared first on SecurityWeek .SECURITYWEEK.COM
22 JunNew Exploit Bypasses Apple’s Boot Defenses, Affects Millions of iPhonesThe vulnerability exploited by the Usbliter8 exploit cannot be patched and a PoC exploit has been released by researchers. The post New Exploit Bypasses Apple’s Boot Defenses, Affects Millions of iPhones appeared first on SecurityWeek .SECURITYWEEK.COM
22 JunAttackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress DataVulnerable WordPress plugin iterations leak API keys, secrets, tokens, server information, and other data. The post Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data appeared first on SecurityWeek .SECURITYWEEK.COM
22 JunNew OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealerCybersecurity researchers have disclosed details of a new campaign that delivers CastleStealer by means of a previously unreported malware loader dubbed OXLOADER. According to Elastic Security Labs, the campaign leverages malicious Google Ads as a starting point to distribute the…THEHACKERNEWS.COM
22 JunThe Hidden Risk of Shadow AIShadow AI now includes far more than employees casually using ChatGPT. Organizations are seeing AI agents, MCPs, LLMs, and AI databases quietly appear across enterprise environments. The danger isn’t necessarily the technology itself. It’s visibility. Security teams often have no…YOUTUBE.COM
22 JunUnpatchable BootROM Flaw Impacts Apple A12, A13 ChipsApple BootROM exploit exposes unpatchable USB flaw on A12 and A13 devicesINFOSECURITY-MAGAZINE.COM
22 JunDecades-Old Squid Proxy Flaw ‘Squidbleed’ Can Expose User DataSquidbleed, discovered with the aid of Claude Mythos Preview, has been described as a Heartbleed-style vulnerability. The post Decades-Old Squid Proxy Flaw ‘Squidbleed’ Can Expose User Data appeared first on SecurityWeek .SECURITYWEEK.COM
22 Jun29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP RequestsA heap over-read in the Squid web proxy can leak another user's cleartext HTTP request, including any credentials or session tokens it carries, to anyone already allowed to send traffic through the same proxy. The bug traces to a 1997 FTP-parsing change and is still live in Squid…THEHACKERNEWS.COM
22 JunResearchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across TenantsCybersecurity researchers have disclosed details of four vulnerabilities in Dify, an open-source agentic workflow platform with more than 146,000 GitHub stars, that could allow attackers to stealthily read artificial intelligence (AI) conversions from other customers' application…THEHACKERNEWS.COM
22 JunAWS Continuum offers devs help with securing codeAI coding agents are making it easier than ever to produce software. Ensuring that software is secure before deployment is another matter — one that AWS thinks AI should help with too. As enterprises adopt agentic development workflows, the volume of first-party code being create…CSOONLINE.COM
22 JunKlue breach exposed Salesforce CRM data through stolen OAuth tokensAn attacker broke into competitive-intelligence vendor Klue, stole OAuth tokens its customers use to connect to Salesforce and other platforms, and accessed data across multiple customer environments prompting the company to revoke customer OAuth tokens and disable affected integ…CSOONLINE.COM
22 JunIntroducing Patch the PlanetWhat happens when you clear dozens of Trail of Bits engineers’ schedules, pair them with every open-source maintainer they can contact, and unleash the latest frontier models like GPT-5.5-Cyber on critical open-source targets? Thanks to our partnership with OpenAI and its Daybrea…TRAILOFBITS.COM
22 JunOpenAI Launches Full-Scale Effort to Patch Open-Source Bugs as It Takes on Anthropic’s MythosAmid concerns about AI models’ cybersecurity capabilities, OpenAI revealed an improved version of GPT-5.5-Cyber and its “Patch the Planet” initiative to fix open-source software bugs.WIRED.COM
22 JunMicrosoft fixes AutoGen Studio flaw that enabled code executionA vulnerability chain dubbed AutoJack in Microsoft's AutoGen Studio interface for prototyping AI agents could let attackers manipulate an agent into executing arbitrary commands on its host system simply by visiting a malicious webpage. [...]BLEEPINGCOMPUTER.COM
22 JunA new unpatchable flaw in Apple chips opens the door to an iPhone jailbreakEuropean offensive cybersecurity company Paradigm Shift released details of a flaw and a technique to exploit it that opens the door for hackers to unlock and break into older iPhones.TECHCRUNCH.COM
22 JunAI Guardrails Could BackfireAs commercial AI systems add more restrictions and moderation layers, some users are already moving toward open-source alternatives that offer fewer limitations and more control. The argument here is simple: once AI capability exists publicly, it becomes extremely difficult to su…YOUTUBE.COM
22 JunTrump administration to order agencies to speed up post-quantum migration, boost industryBoth EOs are expected to be signed as soon as Monday per an industry source with knowledge of timing. The White House has a signing ceremony scheduled this afternoon. The post Trump administration to order agencies to speed up post-quantum migration, boost industry appeared first…CYBERSCOOP.COM
22 JunFFmpeg fixes PixelSmash flaw in widely used video decoderA newly disclosed FFmpeg flaw dubbed 'PixelSmash' could be exploited for remote code execution on Jellyfin servers under certain conditions, and can also trigger a denial-of-service condition in applications like Kodi, Emby, Nextcloud, PhotoPrism, and OBS Studio. [...]BLEEPINGCOMPUTER.COM
22 JunThe Global Namespace Risk: Universal Bucket Hijacking Technique for Cloud Data ExfiltrationUnit 42 research details how attackers could exploit global name uniqueness in bucket hijacking to redirect cloud data streams across major CSPs. The post The Global Namespace Risk: Universal Bucket Hijacking Technique for Cloud Data Exfiltration appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
22 JunGitHub Actions hardens checkout security to block ‘pwn request’ attacksStung by a surge in cyberattacks that have run amok in developer environments, GitHub has strengthened the security of actions/checkout to block ‘pwn request’ attacks that exploit insecure use of the pull_request_target workflow trigger to run an attacker’s code with the workflow…CSOONLINE.COM
21 JunVulnerability response: Built for humans, outpaced by machines.For years, security teams had time between discovery and exploitation. Time to triage. Time to validate. Time to prioritize what to fix first. AI has compressed that window. Frontier models now discover and chain vulnerabilities faster than human analysts can confirm them, and th…THECYBERWIRE.COM
21 JunWeek in review: 74k Fortinet firewall credentials stolen, Splunk Enterprise RCE under active attackHere’s an overview of some of last week’s most interesting news, articles, interviews and videos: A hardware neural network backdoor that hides in plain sight Deep learning systems on edge devices often rely on third-party-designed FPGAs and ASICs for performance and efficiency, …HELPNETSECURITY.COM
20 Jun5 People You Meet In Cybersecurity - David Shipley Interviews Amy LeeIn this special Cybersecurity Today weekend interview, host David Shipley speaks with Amy Yee about leadership, resilience, and the human side of cybersecurity. Amy shares her remarkable journey from electrical engineering and venture capital to becoming the inaugural Chief Digit…CYBERSECURITYTODAY.LIBSYN.COM
20 JunUnpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot ChainSecurity researchers at Paradigm Shift have published a working exploit, dubbed usbliter8, that achieves arbitrary code execution inside the SecureROM of Apple's A12 and A13 chips. That code is burned into the silicon at manufacture. No software update can reach it…THEHACKERNEWS.COM
20 JunJCPenney - 368,418 breached accountsIn June 2026, retailer JCPenney and associated brands were targeted in a ShinyHunters "pay or leak" extortion campaign . Data allegedly obtained from JCPenney through the exploitation of a critical zero-day vulnerability in Oracle PeopleSoft was later published publicly. The expo…HAVEIBEENPWNED.COM
20 JunPeeling back Banana RAT.This week, we are joined by Tom Kellermann, Trend Micro's VP of AI Security and Threat Research, discussing their work on "Inside SHADOW-WATER-063’s Banana RAT: From Build Server to Banking Fraud." Researchers from Trend Micro's MDR team uncovered the full operation behind Banana…THECYBERWIRE.COM
20 JunAnthropic suspends Fable over US national security concerns.ShinyHunters leaks data allegedly stolen from Madison Square Garden. Law enforcement cleans up 15,000 malware-infected websites.THECYBERWIRE.COM
19 JunFriday Squid Blogging: Victims of Unregulated Squid FishingDolphins, sharks, turtles, and human workers are all victims of unregulated squid fishing fleets. Another news article . As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.SCHNEIER.COM
19 JunAutoJack Attack Lets One Web Page Hijack AI Agent for Host Code ExecutionMicrosoft researchers have detailed an exploit chain, named AutoJack, that turns an AI browsing agent into a delivery vehicle for remote code execution. Steer the agent to load an attacker's web page, and that page's JavaScript can reach a privileged local service on the sam…THEHACKERNEWS.COM
19 JunOperation Endgame Disrupts SocGholish Servers, Cleans 14,971 WordPress SitesDutch law enforcement authorities, along with counterparts from Canada , Germany, and the U.S., have disrupted malicious infrastructure associated with SocGholish and cleaned up nearly 15,000 infected WordPress websites. "With these actions we deprive cybercriminals of access to …THEHACKERNEWS.COM
19 JunSalesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer DataSalesforce has revealed that it disabled the Klue Battlecards app integration within its platform in response to a security incident impacting the competitive intelligence company on June 11, 2026. To that end, organizations will be unable to connect to Salesforce via the app unt…THEHACKERNEWS.COM
19 JunThreat actor adds advanced ‘EDR killer’ tools to ransomware-as-a-service platformOne of the world’s top ransomware groups has given its criminal affiliates access to advanced tools capable of successfully disabling many of today’s enterprise endpoint detection and response (EDR) products, new research by security company ESET has found. The group in question …CSOONLINE.COM
19 JunBreaking the SOC triangle: How AI reshapes security operations trade-offsA simple framework has always governed security operations that I call the SOC Triangle. It is a balance between quality, consistency and cost efficiency. Every SOC operates within it. Push for higher-quality investigations, deeper analysis, richer context, fewer missed signals a…CSOONLINE.COM
19 JunSecurity considerations for adopting Claude Code and Cowork for SMBsYou are a security leader at a small or medium-sized business (SMB), and your organization has decided to adopt Claude. If you are like me, after the initial “surprise” wears off, you probably want to quickly get your arms around what adopting Claude means for the business, and f…CSOONLINE.COM
19 JunMicrosoft says web-enabled AI agents can trigger host-level RCEMicrosoft is warning of a novel remote code execution (RCE) path possible through web-enabled AI agents, demonstrating the technique against AutoGen Studio, its open-source interface for building and testing multi-agent applications. The demonstration showed that a malicious webp…CSOONLINE.COM
19 JunLLMS, Identity, EDR, JiGong, QiLin, Warlock, with Rob Allen from Threatlocker - SWN #591Doug and Rob Allen talk about Identity, EDR, Your Great Aunt Ida Meets some hot firefighters, and more. Segment Resources: Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools: https://thehackernews.com/2026/04/qilin-and-warlock-ransomware-use.html This s…YOUTUBE.COM
19 JunMost Companies Needed To Be Forced#PCI #ComplianceThe clip argues that standards like PCI helped push organizations toward foundational cybersecurity practices by tying security requirements directly to payment processing and business operations. For many companies, compliance became the forcing function that mov…YOUTUBE.COM
19 JunApple patches Beats Studio Buds flaw that could turn earbuds into a wiretapApple has patched a year-old Bluetooth vulnerability that could have let nearby attackers listen through Beats Studio Buds' microphone.MALWAREBYTES.COM
19 JunCyberWire Daily at 10: A decade of leaks, espionage, and influence operations.In this special edition of CyberWire Daily’s 10th anniversary series, N2K CyberWire's ⁠Maria Varmazis⁠ and ⁠Dave Bittner⁠ discuss leaks, espionage and influence operations over the past 10 years. Together they reflect on a decade of cybersecurity developments, focusing on the piv…THECYBERWIRE.COM
19 JunAWS Unveils 'Continuum,' an AI-Powered Vulnerability Management PlatformWorking with frontier AI models, this new platform aims to help discovering, prioritizing, validating and remediating code vulnerabilitiesINFOSECURITY-MAGAZINE.COM
19 JunUnpatchable BootROM exploit for Apple A12-A13 chips now publicSecurity researchers at Paradigm Shift have disclosed usbliter8, a new SecureROM exploit affecting Apple's A12 and A13 chipsets. The proof-of-concept exploit achieves BootROM compromise through a combination of a USB controller hardware bug and a firmware configuration weakness, …CYBERINSIDER.COM
19 JunTexas exposed data of 3 million hunting and fishing license holdersThe Texas Parks and Wildlife Department (TPWD) has disclosed a cybersecurity incident affecting its hunting and fishing license system vendor, potentially exposing the personal information of more than 3 million people. The incident was identified by the Texas Cyber Command, whic…CYBERINSIDER.COM
19 JunKlue OAuth breach victim list grows as Icarus hackers claim attackMarket intelligence platform Klue has publicly confirmed a recent security incident that allowed threat actors to steal OAuth tokens used to connect to customers' Salesforce environments, as the new "Icarus" extortion group publicly claims the attack. [...]BLEEPINGCOMPUTER.COM
19 JunHackers exploit info disclosure bug in Gravity SMTP WordPress pluginThreat actors are exploiting an unauthenticated information disclosure vulnerability in the WordPress plugin Gravity SMTP, active on 100,000 sites. [...]BLEEPINGCOMPUTER.COM
19 JunTexas govt data breach exposes over 3 million driver’s licensesThe Texas Parks and Wildlife Department (TPWD) disclosed a data breach at its license system vendor that exposed personal information for more than three million individuals. [...]BLEEPINGCOMPUTER.COM
19 Jun KEVCISA: Splunk Enterprise flaw actively exploited, patch by SundayCISA has urged U.S. federal agencies to secure their systems by Sunday against a critical Splunk Enterprise vulnerability that is being exploited in attacks. [...]BLEEPINGCOMPUTER.COM
19 JunIn Other News: Apple Patches Beats Eavesdropping Flaw, DOT Closes Delta CrowdStrike Probe, AWS ContinuumOther noteworthy stories that might have slipped under the radar: Android TV botnet Popa linked to Israeli firm, Velvet Ant maintained decade-long stealth, unpatched GCP Config Connector flaw enables takeover. The post In Other News: Apple Patches Beats Eavesdropping Flaw, DOT Cl…SECURITYWEEK.COM
19 JunCryptoBandits Malware Doubles as a Backdoor, Abuses TorCryptoBandits uses a local SOCKS5 proxy for traffic routing, blending data theft with remote code execution. The post CryptoBandits Malware Doubles as a Backdoor, Abuses Tor appeared first on SecurityWeek .SECURITYWEEK.COM
19 JunCybersecurity Firms Impacted by Klue Supply Chain AttackThe hackers exfiltrated data from Salesforce instances of Klue customers, such as Huntress and Recorded Future. The post Cybersecurity Firms Impacted by Klue Supply Chain Attack appeared first on SecurityWeek .SECURITYWEEK.COM
19 Jun15,000 WordPress Websites Cleaned Up in SocGholish Botnet TakedownLaw enforcement and private partners took down 106 SocGholish C&C servers and domains as part of Operation Endgame. The post 15,000 WordPress Websites Cleaned Up in SocGholish Botnet Takedown appeared first on SecurityWeek .SECURITYWEEK.COM
19 JunKlue breach lead to Salesforce data theft, Huntress affectedCybersecurity vendor Huntress was among multiple companies hit by a breach originating at Klue, a market intelligence platform used to integrate CRM and sales data across various business tools. Huntress published a detailed account of the incident on June 18, framing it as a …HELPNETSECURITY.COM
19 JunMastodon 4.6 adds profile Collections and two-factor controlsPeople who run accounts on the open source social network Mastodon can now group profiles together and share those groups across the web. The 4.6 release centers on a feature called Collections, along with reworked profiles, email newsletters, server administration controls, and …HELPNETSECURITY.COM
19 JunGoogle sets timeline for Android developer verification enforcementAndroid’s developer verification protections will take effect on September 30, 2026, starting with users in Brazil, Indonesia, Singapore, and Thailand. Developers distributing apps through participating stores in those markets must complete the verification process by the deadlin…HELPNETSECURITY.COM
19 JunCompanies are discarding the logs they need to catch a breachMany large enterprises discard most of the log data their systems generate, and they do it on purpose to keep costs down. A Dynatrace survey of 450 senior IT leaders at large enterprises found that half of organizations drop or never collect an average of 86 percent of their logs…HELPNETSECURITY.COM
19 JunAutoJack: How a single page can RCE the host running your AI agentAutoJack is a novel exploit chain showing how a single malicious webpage can turn an AI browsing agent into a remote code execution vector on the host machine. By abusing trust in localhost, missing authentication, and unsafe parameter handling, attackers can trigger arbitrary pr…MICROSOFT.COM
18 JunThe Behavior of Coordinated SSH Brute Force Attacks over the last three months &#x5b;Guest Diary&#x5d;, (Wed, Jun 17th)[This is a Guest Diary by Adam Nason, an ISC intern as part of the SANS.edu BACS program] ISC.SANS.EDU
18 JunMost agentic AI projects in production have stalled over data problemsEnterprises are connecting AI agents to live data feeds and putting them to work on tasks that once required human review, from IT operations to software development. The number doing this in production reached 32 percent in 2026, up from 29 percent the year before, according to …HELPNETSECURITY.COM
18 JunCan Agentic AI Really Find Zero-Days? Ask the Hacker Who Won Pwn2Own Berlin 2026At Pwn2Own Berlin 2026, a security researcher used agentic AI to help her win. The AI surfaced real, verified bugs, then wrongly called her winning bug “not unexploitable in practice.” Spoiler - it was.That uneven record is exactly what security leaders need to understand about t…THECYBERWIRE.COM
18 JunNever gonna give you up, never gonna take this call.This week, hosts of N2K CyberWire ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ and⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ …THECYBERWIRE.COM
18 JunAWS Continuum brings AI models to code vulnerability managementAWS Continuum for code vulnerabilities, a system built to handle a vulnerability across its lifecycle, from discovery through to a fix, is now available in gated preview. It reasons over a customer’s environment, confirms which findings are real, and works toward resolution…HELPNETSECURITY.COM
18 JunGoogle’s open standard for AI agents to discover and verify toolsAI agents depend on tools, skills, and other agents spread across many teams, organizations, and platforms. These capabilities live in separate systems with their own registries, and an agent working in one environment has limited means to locate and connect to a resource hosted …HELPNETSECURITY.COM
18 JunCybersecurity was built for predictable systems. AI changes the rulesEvery major technology shift changes cybersecurity. I’ve spent much of my career working through major technology transitions, from the rise of the commercial internet to mobile and cloud computing. Each shift created new opportunities for innovation, but it also created new secu…CSOONLINE.COM
18 JunNew CISO appointments 2026The upper ranks of corporate security are seeing a high rate of change as companies try to adapt to the evolving threat landscape. Many companies are hiring a chief security officer (CSO) or chief information security officer (CISO) for the first time to support a deeper commitme…CSOONLINE.COM
18 JunMicrosoft warns of USB worm-like malware using Tor for stealthMicrosoft has identified a cryptocurrency clipper malware campaign, active since February 2026, that combines USB-based propagation, a Tor-hidden command-and-control infrastructure, and remote code execution capabilities. The malware steals cryptocurrency seed phrases and private…CYBERINSIDER.COM
18 JunCritical Command Execution Vulnerability Patched in Cisco ISEInsufficient validation of user input allows an attacker to gain access to the underlying OS and elevate their privileges to root. The post Critical Command Execution Vulnerability Patched in Cisco ISE appeared first on SecurityWeek .SECURITYWEEK.COM
18 Jun KEVFortiBleed campaign exposes 75,000 Fortinet firewalls worldwideA massive credential-compromise campaign dubbed “Fortibleed” has been found to expose tens of thousands of Fortinet devices worldwide, with researchers warning of persistent attacker access to affected enterprise environments. The campaign was first flagged by security researcher…CSOONLINE.COM
18 JunLATAM Infrastructure Hit by Fortinet and Ivanti ExploitsCloudSEK maps Operation Escaneo, a campaign hitting Latin American infrastructure via perimeter bugsINFOSECURITY-MAGAZINE.COM
18 JunAttackers abuse Google Ads, GitLab, and Claude to deliver malwareThreat actors are abusing trusted platforms, including Google Ads, GitLab pages, and Claude’s shared chat feature, to trick users into executing malicious commands on their systems. Disguised as popular AI developer tools, the threat actors used ClickFix social engineering attack…CSOONLINE.COM
18 JunNo Exploits RequiredFour decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures. The post No Exploits Required appeared first on SecurityWeek .SECURITYWEEK.COM
18 JuneSentire links AI-led penetration testing with MDR through Atlas PreempteSentire has announced the launch of Atlas Preempt, a component of the company’s Atlas Platform. Atlas Preempt performs continuous, AI-driven offensive testing against customer environments to identify which exposures attackers can reach and feeds that data into eSentire’s 24/7 M…HELPNETSECURITY.COM
18 JunDragonForce Hackers Abuse Microsoft Teams Relays to Hide Backdoor.Turn C2 TrafficThreat actors associated with the DragonForce ransomware have been observed using a custom Go-based remote access trojan (RAT) called Backdoor.Turn to conceal command-and-control (C2) traffic inside Microsoft Teams relay infrastructure. According to findings from Broadcom-owned S…THEHACKERNEWS.COM
18 JunMicrosoft working on a fix for RoguePlanet, a flaw that grants full PC controlMicrosoft says it's working on a fix for an unpatched Defender vulnerability that can give attackers the highest level of access on Windows.MALWAREBYTES.COM
18 JunPolice cleans nearly 15,000 SocGholish-infected sites tied to Evil CorpInternational law enforcement agencies cleaned nearly 15,000 malware-infected WordPress websites and took down more than 100 servers linked to the SocGholish botnet and the Evil Corp Russian cybercrime group. [...]BLEEPINGCOMPUTER.COM
18 JunMicrosoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2Microsoft has disclosed details of a Windows-based cryptocurrency clipper campaign that has targeted users since February 2026. "The clipper in this campaign relies on Windows Script Host and ActiveX-driven logic to launch a bundled Tor proxy and poll a hidden-service C2 [command…THEHACKERNEWS.COM
18 JunAssume You’ve Already Been HackedThe idea that an organization will “never be hacked” is becoming increasingly unrealistic. Many security teams now operate with an “assumed breach” mindset, planning around the expectation that compromise will eventually happen. That changes the entire defensive strategy. Instead…YOUTUBE.COM
18 JunKlue OAuth breach linked to 'Icarus' Salesforce data theft attacksMarket intelligence platform Klue suffered a OAuth breach that enabled the "Icarus" threat actors to steal Salesforce CRM data from multiple organizations in an ongoing extortion campaign. [...]BLEEPINGCOMPUTER.COM
18 JunLaw enforcement hits SocGholish: 106 servers down, 15,000 sites cleanedSocGholish, an operation that’s been delivering malware to users via fake software updates, has suffered a major blow: the international law enforcement coalition behind Operation Endgame has taken down 106 of its servers and domains, and cleaned up nearly 15,000 websites c…HELPNETSECURITY.COM
18 JunHow software development’s speed obsession enabled TeamPCP’s chaos crusadeThe threat group’s remarkable success targeting open-source software was inevitable and fueled by the industry’s decision to prioritize code shipping over security. The post How software development’s speed obsession enabled TeamPCP’s chaos crusade appeared first on CyberSc…CYBERSCOOP.COM
18 JunApple fixes Beats Studio Buds flaw that allowed nearby attackers to eavesdropApple has released Beats Firmware Update 1B211 to address a Bluetooth vulnerability affecting Beats Studio Buds that could allow a nearby attacker to listen through a device's microphone before it has been paired. The flaw is part of a broader set of vulnerabilities disclosed las…CYBERINSIDER.COM
18 JunWhy Security Teams Need To Start EarlierSecurity leaders are facing an unusual set of circumstances. The drumbeat for better security prioritization has been rising for years in boardrooms around the world. The desire is there, but the processes of the past aren’t meeting the needs of the new moment we find ourselves i…RAPID7.COM
18 JunThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More StoriesThe internet did not break this week. It got used exactly as designed, which is worse. Searches were siphoned through shady browser add-ons. AI chat links turned into malware delivery paths. macOS attacks ran in memory and left almost nothing behind. Cloud agents looked like help…THEHACKERNEWS.COM
18 JunLaw enforcement cleans up 15,000 malware-infected websites.Dutch police arrest alleged helpdesk scammers. The Gentlemen ransomware-as-a-service group maintains a mature suite of EDR killers.THECYBERWIRE.COM
18 Jun‘Popa’ Botnet Linked to Publicly-Traded Israeli FirmFor the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers from multiple security firms concluded t…KREBSONSECURITY.COM
18 JunSalesforce Data Thefts Continue via Klue App CompromiseKlue's Battlecards is now the third integrated application that has been compromised to steal customers' Salesforce data, and victims include Huntress, the cybersecurity vendor.DARKREADING.COM
18 JunClose Encounters of the Human KindIn the latest Threat Source, Hazel channels her inner Spielberg to explore why humans are delightfully irrational, reminding us that while security best practices are simple in theory, they’re a lot harder to pull off when you’re busy dealing with real life.TALOSINTELLIGENCE.COM
18 JunBuild your own vulnerability harnessWe break down the technical architecture behind our multi-stage vulnerability discovery harness and automated triage loop. Learn how we manage state controls, squash false positives through adversarial review, and route around LLM context limits.CLOUDFLARE.COM
18 JunFIFA Bug Exposed World Cup Streams to Remote TakeoverA hacker could have "Rickrolled" the World Cup — or worse — thanks to FIFA's unenforced Entra access controls.DARKREADING.COM
18 JunVU#457458: Vendor-signed UEFI applications found vulnerable to Secure Boot bypassOverview Multiple vendor-signed UEFI applications are vulnerable to Secure Boot bypass via a "Bring Your Own Vulnerable Driver" (BYOVD)-style attack. If a target system trusts the affected vendor’s certificate, an attacker can exploit these applications to execute arbitrary code …KB.CERT.ORG
18 JunBulgaria allowed surveillance tech firm to sell products to repressive regimes, report saysThe nonprofit Human Rights Watch obtained export licensing records covering 2018 through 2023, which show the Bulgarian government allowed the surveillance firm Circles to peddle the tech to law enforcement and intelligence agencies in several countries known for human rights abu…THERECORD.MEDIA
18 JunThe botnet browser blues.International law enforcement disrupts the SocGholish botnet. The UK’s cyber chief says cybersecurity is a contest, not a risk register. Ukraine joins the EU’s cyber reserve. The Gentlemen gang sharpens its ransomware toolkit. A WordPress supply chain attack spreads malware. Crit…THECYBERWIRE.COM
18 JunOperation Endgame 4.0 - 153,527 breached accountsOn 18 June 2026, the latest phase of Operation Endgame targeted the SocGholish malware operation , a prolific malware distribution network used to compromise systems and facilitate further cybercrime. Coordinated by international law enforcement agencies with support from Europol…HAVEIBEENPWNED.COM
18 JunRalph Lauren - 139,903 breached accountsIn June 2026, fashion retailer Ralph Lauren was targeted in a ShinyHunters "pay or leak" extortion campaign . The group subsequently published hundreds of gigabytes of data they claimed was obtained from the organisation's Salesforce instance, including 140k unique email addresse…HAVEIBEENPWNED.COM
17 JunGoogle Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket SquattingA flaw in the Google Cloud Vertex AI SDK for Python let an attacker with no access to a victim's project hijack the victim's machine learning model upload and run code inside Google's serving infrastructure. Palo Alto Networks Unit 42, which found and reported the bug through Goo…THEHACKERNEWS.COM
17 JunMicrosoft says you don’t need another email security tool; experts say, not so fastDespite best efforts by defenders, malicious emails continue to slip through the cybersecurity cracks , leading some enterprises to implement a layered “defense in depth” strategy that incorporates multiple tools. Microsoft seems to be challenging this idea, revealing that there …CSOONLINE.COM
17 JunMicrosoft AntiSSRF open-source library helps block server-side request forgeryAntiSSRF is an open-source code library from Microsoft that validates URLs and network connections to reduce server-side request forgery (SSRF) risks in web applications. It supports .NET and Node.js applications and is distributed under the MIT license. The library works as a dr…HELPNETSECURITY.COM
17 Jun144 Mastra npm Packages Compromised via Hijacked Contributor AccountAs many as 144 npm packages associated with the Mastra namespace ("@mastra/*"), a popular open-source JavaScript and TypeScript framework for building artificial intelligence (AI) applications, have been compromised as part of a software supply chain attack codenamed easy-day-js,…THEHACKERNEWS.COM
17 JunHot Cybercrime Summer:  Smishing, Supply Chains, and SleuthconIn this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠⁠Sherrod DeGrippo⁠ sits down with Aurora Johnson of SpyCloud and Amitai Cohen of Wiz ahead of SleuthCon to explore two rapidly changing corners of the cybercrime landscape. Aurora breaks down the highly organiz…THECYBERWIRE.COM
17 JunJoomla, LiteSpeed Vulnerabilities Exploited in AttacksThe flaws allow attackers to execute arbitrary PHP code and gain root privileges on shared hosting servers. The post Joomla, LiteSpeed Vulnerabilities Exploited in Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
17 JunMicrosoft working on Defender patch for RoguePlanet zero-dayMicrosoft confirmed that it's working on a security patch for a Defender zero-day vulnerability named "RoguePlanet," disclosed one week ago. [...]BLEEPINGCOMPUTER.COM
17 JunChrome and Firefox Updated to Patch Critical, High-Severity VulnerabilitiesThe browser updates address multiple memory safety bugs that could potentially lead to remote code execution. The post Chrome and Firefox Updated to Patch Critical, High-Severity Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
17 Jun5 AI risk management frameworks for shoring up key gapsOrganizations racing to embed AI into business operations are realizing that the risk management frameworks they’ve relied on for decades aren’t built for the behaviors, failure modes, and ethical complexities AI systems introduce. Fortunately, a new generation of AI-specific fra…CSOONLINE.COM
17 JunMicrosoft Working on Patch for ‘RoguePlanet’ Zero-DayThe public PoC code exploits a race condition in Microsoft Defender to spawn a command prompt with System privileges. The post Microsoft Working on Patch for ‘RoguePlanet’ Zero-Day appeared first on SecurityWeek .SECURITYWEEK.COM
17 JunThe Chainguard Athena coalition already shipped 2,000 patches across 500 open source projectsChainguard launched Athena, an industry coalition that pools open source vulnerability findings and remediates them under embargo before public disclosure. The group went live with more than two dozen member organizations. Founding members include BNY, Chainguard, Cisco, Cloudfla…HELPNETSECURITY.COM
17 JunThe Top 10 Attack Surface Exposures in 2026Breaches don't always start with a zero-day. An exposed admin panel can get brute-forced, or credentials reused from a previous attack. But when a vulnerability does drop — like MongoBleed earlier this year, which let attackers pull credentials and session tokens from server memo…THEHACKERNEWS.COM
17 Jun KEVCISA orders feds to patch max severity Joomla plugin flaw by FridayThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity flaw in the Widget Factory Joomla Content Editor (JCE) plugin that is being actively exploited in the wild. [...]BLEEPINGCOMPUTER.COM
17 JunMicrosoft Teams Relay Servers Abused in DragonForce Ransomware AttackThe attackers deployed a new Go-based backdoor that uses Microsoft Teams servers for command-and-control. The post Microsoft Teams Relay Servers Abused in DragonForce Ransomware Attack appeared first on SecurityWeek .SECURITYWEEK.COM
17 JunAI Use by the US GovernmentOn 14 April, the Trump administration quietly acknowledged the widespread use of AI to automate government processes. The office of management and budget (OMB) disclosed a staggering 3,611 active or planned use cases for AI across the federal government. The list has ballooned by…SCHNEIER.COM
17 JunGoogle’s Vertex AI SDK could allow RCE through bucket squattingA design flaw in the Vertex AI software development kit (SDK) for Python, Google Cloud’s managed platform for building, training, and deploying AI agents, could allow hijacking and poisoning of models outside of a developer’s own Google Cloud project. According to Unit 42 researc…CSOONLINE.COM
17 JunMalware à la Mode: Tracking Dropping Elephant Tradecraft Through a China-Themed Loader ChainExecutive summary Rapid7 researchers have identified a sophisticated malware campaign attributed to the threat actor "Dropping Elephant," characterized by the use of a China-themed decoy document to deliver a heavily reworked, in-memory remote access trojan (RAT). This campaign d…RAPID7.COM
17 JunFirefox AI Chatbot feature exposed users to email theft riskA vulnerability in Firefox's AI chatbot integration could allow malicious websites to inject hidden instructions into AI prompts and extract data from connected services such as email accounts. Mozilla has implemented mitigations, though the researchers who discovered the problem…CYBERINSIDER.COM
17 JunArmorCode helps product manufacturers prepare for EU Cyber Resilience Act requirementsArmorCode has announced new Cyber Resilience Act (CRA) capabilities within the ArmorCode Agentic AI Platform. The capabilities help manufacturers of products with digital elements (PDEs) prepare for the European Union’s cybersecurity regulation that will impact all sellers …HELPNETSECURITY.COM
17 JunLegit Security brings agentic AI to AppSec remediation and risk reductionLegit Security has launched new remediation agents that independently prioritize issues, generate fixes, open pull requests, and confirm results using context learned from each organization’s distinct codebase. As AI allows attackers to exploit vulnerabilities faster than ever, r…HELPNETSECURITY.COM
17 JunTenable One adds continuous security control validation to improve exposure prioritizationTenable has announced extended continuous security control and validation capabilities within the Tenable One Exposure Management Platform. With security control visibility and evidence-based, contextualized insights, Tenable One confirms which cyber exposures are accessible and …HELPNETSECURITY.COM
17 JunTigera introduces unified control plane for Kubernetes-based AI agent securityTigera has announced the general availability of Tigera Lynx, a unified control plane for Kubernetes-native AI agents. Lynx gives enterprises a single place to find every agent in their Kubernetes estate, tighten security posture, assign sandboxes, provide each agent with a crypt…HELPNETSECURITY.COM
17 JunRokarolla Android trojan targets banking and crypto users, enables device takeoverA newly discovered Android banking trojan, dubbed Rokarolla, targets 217 banking and cryptocurrency applications and can execute 137 commands on infected devices, according to researchers at Zimperium. Named after its command-and-control (C2) infrastructure, Rokarolla is primaril…HELPNETSECURITY.COM
17 JunReactive Patching Is FailingOrganizations are increasingly reconsidering support for multiple browsers as threat environments become faster and more difficult to manage. Every additional browser increases the attack surface security teams must manage. Historically, user choice often outweighed standardizati…YOUTUBE.COM
17 JunApple’s Hide My Email service will soon be easier to identify and blockApple has announced plans to consolidate the email domains used by Sign in with Apple and iCloud+ Hide My Email under a new shared domain, private.icloud.com, later this summer. The change will affect newly generated anonymous email addresses, while existing addresses will contin…CYBERINSIDER.COM
17 JunAnother healthcare firm attacked days after Novo Nordisk breachMedical technology company iRhythm Holdings disclosed a cyberattack involving certain third-party-hosted business applications that resulted in the theft of patient protected health information, proprietary data, and other personal data. The company discovered unauthorized activi…HELPNETSECURITY.COM
17 JunAttackers hit pair of critical Fortinet vulnerabilities the vendor disclosed in AprilMultiple firms have observed active exploitation of the FortiSandbox defects, and warn that the attacks originate from multiple sources, not a single campaign. The post Attackers hit pair of critical Fortinet vulnerabilities the vendor disclosed in April appeared first on CyberSc…CYBERSCOOP.COM
17 JunAI isn’t solving cybersecurity workforce woesMore than half of cybersecurity professionals say they’re thinking about leaving the industry, according to a new report.CYBERSECURITYDIVE.COM
17 JunIntroducing the Red Agent POV SeriesAn inside look at how the Red Agent, our AI-Powered Attacker, uncovers complex, exploitable risks in the wildWIZ.IO
17 JunCrypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal CommentsAn unknown threat actor has been observed leveraging paid or promoted posts on legitimate news websites to drum up buzz for their warez, according to new findings from Check Point Research. The threat actor also has at their disposal a dedicated WordPress phishing page that acts …THEHACKERNEWS.COM
17 JunBeyond the benchmark: Advancing security at AI speedRead how Microsoft Security has advanced its agentic vulnerability detection system, codename MDASH, integrating into real-world workflows across Windows, Azure, and identity systems. The post Beyond the benchmark: Advancing security at AI speed appeared first on Microsoft Securi…MICROSOFT.COM
17 JunSmashing Security podcast #472: AI gets hacked, and BitLocker gets bypassedWhat if your AI coding assistant could be tricked into stealing your own company's secrets - by reading a single booby-trapped bug report? No phishing email. No malware. No password ever stolen. Just an AI doing exactly what it was told. Meanwhile, someone themselves Nightmare Ec…GRAHAMCLULEY.COM
16 JunCybersecurity jobs available right now: June 16, 2026Android Vulnerability Researcher Byteria | USA | Remote – View job details As an Android Vulnerability Researcher, you will analyze the Android attack surface, including the Linux kernel, system services, drivers, firmware, applications, and Trusted Execution Envi…HELPNETSECURITY.COM
16 JunThe rise of machine identities and agentic AI: Securing trust in the next era of digital autonomyIn the latest episode of Identity Insider, I sat down with Chris Hughes, a cybersecurity expert who’s involved in OWASP’s work on non-human and machine identity security. Unsurprisingly, our discussion centered on the rapidly changing cybersecurity landscape, driven b…HELPNETSECURITY.COM
16 JuniRhythm discloses data breach, says hackers stole patient infoDigital healthcare company iRhythm Holdings has disclosed a data breach after hackers stole patients' personal and health information stored on third-party-hosted business applications. [...]BLEEPINGCOMPUTER.COM
16 JunReachability makes AI threat modeling worth the trustIn this interview with Help Net Security, Oscar Andersson, CTO at Oplane, explains why most scanning tools fail. They cry wolf, flagging threats that cannot run in real code. The argument centers on reachability. A finding counts only when someone walks the path to impact on a wo…HELPNETSECURITY.COM
16 JunZero trust isn’t broken. Most companies just do it wrong.Zero trust is 15 years old, and like many teenagers, it can feel misunderstood and underappreciated. The concept of zero trust was first defined by John Kindervag , a Forrester analyst at the time, as a strategy to replace the outmoded perimeter security model with a “never trust…CSOONLINE.COM
16 JunPlanning a trip? Fake travel sites are multiplying this summerCyberattacks against hospitality, travel, and recreation organizations rose 24% year over year, reaching an average of 2,291 incidents per organization each week in May 2026, according to Check Point. (Source: Check Point) “The sector has more than doubled its attack volume since…HELPNETSECURITY.COM
16 JunCritical Fortinet FortiSandbox flaws now exploited in attacksAttackers are now exploiting several critical vulnerabilities in Fortinet's FortiSandbox cyber threat detection platform, according to threat intelligence company Defused. [...]BLEEPINGCOMPUTER.COM
16 JunSoftware supply chains are heading for a transparency testSoftware supply chain visibility is becoming part of product security work as the EU Cyber Resilience Act (CRA) moves toward application in December 2027. ENISA’s SBOM Adoption State of Play 2026 shows organizations preparing for CRA obligations through SBOM tooling, automa…HELPNETSECURITY.COM
16 JunChainguard, JPMorgan, BNY Team Up to Secure Open Source from AI ThreatsAthena is a new an industry coalition to fix the vulnerabilities frontier AI models find before attackers can exploit themINFOSECURITY-MAGAZINE.COM
16 JunPickle in the Middle – Hijacking Vertex AI Model Uploads for Cross-Tenant RCEUnit 42 discovered a Vertex AI Python SDK vulnerability that allows remote code execution via bucket squatting. Read the article for more. The post Pickle in the Middle – Hijacking Vertex AI Model Uploads for Cross-Tenant RCE appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
16 JunRansomware gang abuses Microsoft Teams relays to hide malicious trafficDragonForce ransomware used a custom malware named 'Backdoor.Turn' to hide command-and-control traffic inside Microsoft Teams relay infrastructure. [...]BLEEPINGCOMPUTER.COM
16 JunChina-linked hackers target US, Canada research using legacy REDCap exploitsGoogle is warning of a cyber espionage campaign linked to a China-nexus threat actor, UNC6508, that kept close tabs on valuable US and Canadian research environments for over a year. The campaign abused REDCap, a widely adopted platform for collecting and managing research data. …CSOONLINE.COM
16 JunDragonForce Ransomware Exploited Microsoft Teams to Hide in Attack Against Major CompanyCommand and control traffic exploited a Teams visitor token to make malicious activity look legitimate to defendersINFOSECURITY-MAGAZINE.COM
16 JunWiz Exposure Management Dashboard: Your CTEM Command CenterNew exposure management dashboard helps organizations align with CTEM to stay ahead in an era of AI exploiting vulnerabilities faster than everWIZ.IO
16 JunImproving precision in CTEM: How continuous controls validation in Tenable One transforms exposure managementDiscover how continuous control validation in Tenable One can improve your CTEM program by filtering out alert noise and factoring in your active cyber defenses. Focus your team on accessible and exploitable attack paths.  Key takeaways: With vulnerability exploitation ranki…TENABLE.COM
16 JunRadware AI Xploit Shield delivers virtual patching for newly identified application and API flawsRadware has announced AI Xploit Shield, a new service that provides organizations with protection for their applications and APIs from exploitation of newly discovered vulnerabilities. As emerging frontier AI models like Mythos from Anthropic accelerate vulnerability discovery, o…HELPNETSECURITY.COM
16 JunCybercriminals mask malicious communications through Microsoft Teams relaysThe DragonForce ransomware group used a custom malware called Backdoor.Turn to hide command-and-control traffic inside Microsoft Teams relay infrastructure during an intrusion at a U.S. services company, according to Symantec. DragonForce is a ransomware-as-a-service operation th…HELPNETSECURITY.COM
16 JunIndia temporarily blocks Telegram over medical exam cheating fearsAuthorities said scammers previously exploited the feature by posting fake exam questions before the test and later replacing them with the real questions, making it look like they had leaked the exam in advance.THERECORD.MEDIA
16 JunTrump administration keeps Fable 5 restrictions in place.DragonForce ransomware operators abuse Microsoft Teams to hide C2 traffic. Ukrainian national pleads guilty to assisting in Conti ransomware attacks.THECYBERWIRE.COM
16 JunSession avoids shutdown as community donations save the projectSession, the decentralized encrypted messaging platform that warned earlier this year it could shut down due to a funding crisis, will continue operating after receiving financial support from thousands of users. The community-funded effort has provided enough resources to keep d…CYBERINSIDER.COM
16 JunThreat tactic spotlight: Subdomain takeoverIn this blog post you’ll learn how to detect and prevent subdomain takeover – a tactic where threat actors exploit dangling DNS records to redirect traffic to attacker-controlled resources. We’ll explain the issue, how the situation arises, and how you can use various AWS feature…AWS.AMAZON.COM
16 JunNo Mythos of escape.Emergency talks fail to free Anthropic’s Fable 5. Trump moves to strengthen national security systems. Microsoft patches a critical Copilot flaw. ShinyHunters weaponize a PeopleSoft zero-day. DragonForce hides in Microsoft Teams for months. Plus, Amos Stealer targets Macs, CISA i…THECYBERWIRE.COM
16 JunWhy AI Is Breaking Network-Based SASEMike Fey, co-founder and CEO of Island, joins Dave Bittner on the CyberWire Daily podcast for a sponsored Industry Voices. Mike explores why AI workflows and emerging quantum computing threats are challenging the assumptions behind traditional network-based SASE architectures. He…THECYBERWIRE.COMHTTPS:
16 JunAttackers Rarely Use Real IPsAccording to an industry study referenced in the discussion, anonymizing infrastructure such as VPNs, proxy networks, and Tor appeared in nearly all analyzed security incidents, with 94% of respondents reporting its use during attacks. Traditional IP-based detection becomes far l…YOUTUBE.COM
16 JunCyberRisk TV Live Coverage from Identiverse 2026CyberRisk TV is broadcasting live from Identiverse 2026 in Las Vegas! Join us for exclusive interviews with identity, security, and technology leaders, actionable insights, and the latest thinking from practitioners shaping the future of digital identity at the industry's premier…YOUTUBE.COM
16 JunSN 1083: Patch Tuesday à la AI - Arch Linux Repo Under SiegeThis episode unpacks the jaw-dropping surge in vulnerabilities unearthed by AI, revealing how Microsoft shattered its own patch records while adversaries and defenders race to outpace each other. The conversation gets real about whether AI is fixing our broken software or just ma…TWIT.TV
15 JunAnthropic Models Blocked, FBI Takes Down $1.9B Phishing Network, Critical Splunk Flaw, and moreThe U.S. government orders Anthropic to shut down foreign access to its Fable 5 and Mythos 5 AI models after the Pentagon labels the company a supply-chain risk. David Shipley examines what may be behind the decision and what it means for countries and businesses that depend on A…CYBERSECURITYTODAY.LIBSYN.COM
15 JunLiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway ServersA default low-privilege account on a LiteLLM proxy can climb to full admin and run code on the server by chaining three vulnerabilities, researchers at Obsidian Security disclosed LiteLLM is a widely deployed open-source AI gateway that brokers calls to more than 100 model provid…THEHACKERNEWS.COM
15 Jun⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and MoreStuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod. This week is the same lesson in a new form: phishing kits are easier to rent, AI names are useful bait, old login paths still fail…THEHACKERNEWS.COM
15 JunSniper Dz Scams Target MENA Users via Fake Facebook Offers and Browser AlertsCybersecurity researchers have disclosed details of fraudulent activity targeting users across the Middle East and North Africa by employing various fraudulent Facebook accounts impersonating politicians, public figures, and trusted organizations. "These accounts promoted fake of…THEHACKERNEWS.COM
15 JunThe US government’s Anthropic models ban was never about an AI jailbreakThe Trump administration's decision that forced Anthropic to pull its latest cybersecurity models could be reactionary, retaliatory, or both, but the message is clear: The AI industry isn't immune from U.S. government interference.TECHCRUNCH.COM
15 JunMaine forced to take down data breach portal after fake notices filed with authoritiesThe US state of Maine has taken its public data breach notification portal offline after someone submitted fraudulent breach disclosures impersonating two well-known technology companies. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
15 JunJune 2026 Stealer Logs - 56,278,397 breached accountsIn June 2026, a collection of accumulated stealer logs from various sources was added to HIBP. The corpus comprised 56M unique email addresses across hundreds of millions of stealer log records. The data also contained 124M unique passwords, which have been added to Pwned Passwor…HAVEIBEENPWNED.COM
15 JunBerkadia - 305,216 breached accountsIn March 2026, the commercial real estate finance company Berkadia was the target of a ShinyHunters "pay or leak" extortion campaign . The group subsequently published data they alleged was taken from Berkadia's Salesforce instance, including over 300k unique email addresses as w…HAVEIBEENPWNED.COM
15 JunAttackers can turn AI agent guardrails into denial-of-service weaponsAttackers can turn AI agent guardrails into denial-of-service weapons, according to new research that found a single poisoned document can dramatically slow shared AI agent workflows by trapping reasoning-based safety systems in extended thinking loops. “Reasoning-based guardrail…CSOONLINE.COM
15 JunGoverning the ghost workforceEvery enterprise security team is fighting a workforce problem they cannot see on any org chart. Bots, service accounts, API keys, OAuth tokens, machine certificates — non-human identities now outnumber human ones in most large organisations, often by a factor of ten to one. They…CSOONLINE.COM
15 JunSovereign cloud won’t fix your AI risk. Identity governance willYour board is asking. Your legal team is asking. Your auditors will be asking: Should AI workloads move to sovereign cloud, or stay on AWS, Azure or GCP? European enterprises have already run this experiment — under real regulatory pressure, with real money and real consequences.…CSOONLINE.COM
15 Jun5 runtime signals for catching a compromised AI agentIn June 2025, Simon Willison, the engineer who coined the term “prompt injection,” published a warning that circulated widely through the security community. He called it the lethal trifecta — three capabilities that, when combined in a single AI agent, create a near-guaranteed p…CSOONLINE.COM
15 JunAI Agents Break Data PerimetersThe discussion highlights a shift in security architecture driven by agentic AI systems. Instead of traditional network perimeters, the focus is moving toward data-centric security, including lineage, contextualization, and data security posture management (DSPM). As AI agents in…YOUTUBE.COM
15 JunSafe AI at scale, what happens after initial access, and the weekly enterprise news - ESW #463Interview with Shiva Pillay from Veeam Safe AI at Scale AI investment is exploding, yet nearly 90% of enterprise initiatives fail because the data powering AI cannot be trusted. That’s the uncomfortable truth the industry is facing right now. Safe AI at scale requires more than j…YOUTUBE.COM
15 JunPublic and Private Medical Community Targeted by China-Nexus Threat Actor Pursuing Artificial Intelligence, Cyber, Medical, and National Defense ResearchWritten by: Patrick Whitsell, John McGuiness Google Threat Intelligence Group (GTIG) has identified a sophisticated campaign attributed to UNC6508, a People's Republic of China (PRC)-nexus threat actor, targeting institutions in the North American academic, medical, and military …CLOUD.GOOGLE.COM
15 JunCyberattack on Russian tech firm Astral disrupts business, government services for weekAccording to customer complaints, the disruption affected a range of services used by businesses, leading to interruptions in cash register operations, difficulties selling certain regulated goods, loss of access to customer portals and corporate email and problems with electroni…THERECORD.MEDIA
15 JunAnthropic says US government forced it to disable cybersecurity AI modelsAccording to the company, the directive cited national security authorities. It appears to be the first time such authorities have been used to curtail the export of AI models rather than chips or hardware.THERECORD.MEDIA
15 JunGoogle exposes China espionage group that’s been lurking in networks undetected since 2023The revelation mirrors an alarming pattern of Chinese espionage groups dropping backdoors into critical infrastructure to intercept research and steal data with national security implications. The post Google exposes China espionage group that’s been lurking in networks undetecte…CYBERSCOOP.COM
15 JunMS-ISAC enters uncertain new era after losing federal funding and thousands of membersThe information-sharing group, a vital resource for state and local governments, has cut staff and pinned its hopes on a membership surge.CYBERSECURITYDIVE.COM
15 JunSimpleHelp bug lets hackers create rogue remote support accountsA vulnerability in the SimpleHelp remote management software allows unauthenticated attackers to create privileged technician accounts on servers using the OpenID Connect (OIDC) authentication protocol. [...]BLEEPINGCOMPUTER.COM
15 JunNew attack turned Microsoft 365 Copilot into 1-click data theft toolA critical vulnerability chain dubbed SearchLeak in Microsoft 365 Copilot Enterprise could allow attackers to steal sensitive data from a target's mailbox, OneDrive, or SharePoint account through a specially crafted URL. [...]BLEEPINGCOMPUTER.COM
15 JunInfinite Campus data breach affects 137,000 school staff accountsThe ShinyHunters extortion gang stole personal information from more than 137,000 school staff accounts in a Salesforce data theft attack that targeted the widely used Infinite Campus K-12 student information system in March. [...]BLEEPINGCOMPUTER.COM
15 JunChinese hackers breached North American research institutions via REDCap serversA China-linked cyber espionage operation targeted North American medical research institutions through compromised REDCap servers, using custom malware to gain persistent access and collect sensitive information, Google’s Threat Intelligence Group (GTIG) researchers found. …HELPNETSECURITY.COM
15 Jun1Password Credential Broker reduces secret sprawl through identity-based credential delivery1Password has announced 1Password Credential Broker, a new product that securely brokers credentials, tokens, and federated access from 1Password to trusted requesters. The 1Password Credential Broker is available in private beta today, with support for GitHub Actions and a roadm…HELPNETSECURITY.COM
15 JunPhishLumos: Exposing phishing campaigns that evade detection by hiding contentPhishing remains one of the most stubbornly persistent threats in cybersecurity: humans are tired, distracted, trusting, and susceptible to urgency and authority in ways that no amount of awareness training can completely overcome. The security community has largely accepted this…HELPNETSECURITY.COM
15 JunNIS2 is raising the bar. Here’s how to turn readiness into resilience.The NIS2 directive asks covered organizations to take a more structured approach to risk management, governance, supply chain security, and incident reporting. It expands the scope of who may be covered, raises expectations around management body accountability, introduces cleare…RAPID7.COM
15 JunDoes Your Security Programme Align With NIS2 Requirements?If your organization operates in the EU, or works with organizations that do, NIS2 is no longer something on the horizon. It is here and it applies to a far wider range of sectors than its predecessor, the original NIS Directive (Directive (EU) 2016/1148), and it comes with real …RAPID7.COM
15 JunBeyond the Score: Using AI to Translate CVEs into Real-World Business RiskSecurity leaders rarely struggle to gather data, but they often struggle to turn that data into something clear and meaningful for the business. In a typical week, a CISO might receive a report listing hundreds or even thousands of vulnerabilities, most of them accompanied by CVS…RAPID7.COM
14 JunVulnerability management at AI speed.In large enterprise software companies, vulnerability management teams are facing unprecedented speed and scale as AI accelerates both discovery and exploitation of security issues. In this episode of CyberWire-X, N2K’s ⁠Dave Bittner⁠ is joined by Adobe’s ⁠Daniel Ventura⁠, Senior…THECYBERWIRE.COM
14 JunWeek in review: Exploited Check Point VPN zero-day, Oracle PeopleSoft servers under attackHere’s an overview of some of last week’s most interesting news, articles, interviews and videos: DockSec: Open-source AI-powered Docker security scanner DockSec is an OWASP Incubator Project that combines three container security scanners with a language-model layer for explanat…HELPNETSECURITY.COM
13 JunWeekly Metasploit Update: New Kerberos/Certificate tracing options, and multiple new modulesNew Tracing Options As hard as we try to ensure that Metasploit is bug free, issues inevitably come up. Whether you’re running a module on an op or writing a new one, what we can do is make the debugging experience easier. To that end one of our two Google Summer of Code (GSoC) p…RAPID7.COM
13 JunThis Sparrow doesn't migrate.Martin Zugec⁠, Technical Solutions Director at ⁠Bitdefender⁠, discussing their work on "FamousSparrow APT Targets Azerbaijani Oil and Gas Industry." Bitdefender researchers uncovered a sustained cyber espionage campaign by the China-linked FamousSparrow group targeting an Azerbai…THECYBERWIRE.COM
13 JunShai-Hulud variant compromises dozens of open-source Microsoft packages.Patch Tuesday notes: Microsoft fixes a record 200 flaws. German court holds Google liable for AI-generated claims.THECYBERWIRE.COM
13 JunThe FCC Wants to Kill Burner PhonesPlus: AI bug hunting fuels Microsoft’s biggest-ever Patch Tuesday, ShinyHunters ransomware gang exploits an Oracle zero-day, and more.WIRED.COM
13 JunYour Replacement Phone Was ManagedA customer reportedly received a refurbished replacement phone that still contained an active Mobile Device Management (MDM) profile. MDM platforms are commonly used by enterprises to remotely manage company-owned devices, enforce policies, disable lost phones, and control access…YOUTUBE.COM
13 JunAnthropic disables new models after government calls them a national security concernThe Commerce Department’s expert control decree led to the company shutting off access to Fable 5 and Mythos 5 worldwide, drawing sharp criticism from researchers and industry analysts. The post Anthropic disables new models after government calls them a national security concern…CYBERSCOOP.COM
13 JunAmazon CEO reportedly raised Anthropic model concerns before government crackdownAmazon CEO Andy Jassy may have been the source of security concerns that led Anthropic to cut off worldwide access to two models on Friday.TECHCRUNCH.COM
12 JunAnthropic Warns AI Risks Are Real, RoguePlanet Zero-Day Drops, Crypto Laundering TakedownAnthropic is calling for governments to have the authority to stop deployment of advanced AI systems that pose unacceptable risks. CEO Dario Amodei points to the company's Mythos cybersecurity model as proof that AI has become a matter of national and strategic consequence, warni…CYBERSECURITYTODAY.LIBSYN.COM
12 JunComcast Business SecurityEdge Preferred strengthens security for small businessesComcast Business announced SecurityEdge Preferred, its most advanced network-native cybersecurity solution for small businesses. Because SecurityEdge Preferred is built directly into the Comcast Business network, security can be activated in minutes without deploying additional h…HELPNETSECURITY.COM
12 Jun‘Harvest now, decipher later’: The quantum threat few are preparing forQuantum technology may feel far off but certain risks are already with us in the form of “harvest now, decrypt later” — an attack vector in which malicious actors steal data now for a future in which they have access to quantum computational tools capable of breaking encryption d…CSOONLINE.COM
12 JunAuthorities dismantle crypto laundering service that moved €336 million for cybercriminalsAn international law enforcement operation has dismantled a cryptocurrency laundering service linked to ransomware groups and other cybercriminals that processed more than €336 million in illicit funds. The domain seizure notice (Source: Europol) Europol said the service, known a…HELPNETSECURITY.COM
12 Jun KEVCISA orders feds to patch actively exploited Ivanti flaw by SundayThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch an actively exploited Ivanti Sentry flaw within three days, as mandated by the newly issued Binding Operational Directive (BOD) 26-04. [...]BLEEPINGCOMPUTER.COM
12 JunLangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code ExecutionCybersecurity researchers have disclosed details of three now-patched security flaws impacting LangGraph, including a critical vulnerability chain that could result in remote code execution. LangGraph is an open-source framework created by LangChain to build complex, stateful, an…THEHACKERNEWS.COM
12 JunAI is exposing the biggest weakness in cybersecurity: We never built a health model. Until now!For 30 years, cybersecurity has operated like an emergency room. Reactive. Crisis-driven. Always triaging. We are extraordinarily good at it — our detection is faster, our response playbooks are sharper, our incident teams are more capable than they have ever been. When something…CSOONLINE.COM
12 JunIvanti Sentry Exploitation Attempts Hitting HoneypotsThe critical-severity OS command injection vulnerability allows attackers to execute arbitrary code with root privileges. The post Ivanti Sentry Exploitation Attempts Hitting Honeypots appeared first on SecurityWeek .SECURITYWEEK.COM
12 JunChrome 149 Update Patches 28 VulnerabilitiesThe browser refresh resolved critical and high-severity security defects, including a dozen use-after-free bugs. The post Chrome 149 Update Patches 28 Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
12 JunPrompt injection breaks today’s AI agents, study warnsToday’s AI web agents have no dependable defenses against prompt injection, according to new research showing that not a single attack scenario was consistently blocked across leading systems powered by GPT‑5 and Gemini. The findings come from StakeBench, a stakeholder-centric be…CSOONLINE.COM
12 JunPharma giant Novo Nordisk discloses breach of clinical trials dataDanish pharmaceutical giant Novo Nordisk, the world's largest producer of insulin, disclosed a data breach affecting patient information from some clinical trials. [...]BLEEPINGCOMPUTER.COM
12 Jun KEVFactoring "short-sleeve" RSA keys with polynomialsWhat happens when the bits of an RSA private key are heavily biased toward 0 instead of being randomly generated? The public key’s bits could be biased enough for us to detect these incorrectly generated keys in the wild. Together with Hanno Böck of the badkeys project, we found …TRAILOFBITS.COM
12 JunAgentjacking Attack Tricks AI Coding Agents Into Running Malicious CodeCybersecurity researchers have described what they say is a new class of attack that can trick artificial intelligence (AI) coding agents into running arbitrary code on developer machines. Called Agentjacking by Tenet Security, the attack can be triggered by means of a fake error…THEHACKERNEWS.COM
12 JunSecurity Tools Are Breaking SOCsMany organizations now operate dozens of security tools across incident response, threat intelligence, detection, investigation, and remediation. While these tools increasingly include AI features, they often lack proper integration across platforms. This creates operational frag…YOUTUBE.COM
12 JunCISA directs agencies to “patch smarter, not harder.”Anthropic rejects Fable 5 jailbreak claims. Google confirms ShinyHunters exploited a critical Oracle PeopleSoft vulnerability.THECYBERWIRE.COM
12 JunShinyHunters linked to exploitation of critical flaw in Oracle PeopleSoftMore than 100 organizations, more than two-thirds in higher education, have been notified of potential impact.CYBERSECURITYDIVE.COM
12 JunShinyHunters is actively extorting universities after exploiting an unpatched Oracle flawOracle still hasn't patched the vulnerability the group has been using in its attacks since late May. The post ShinyHunters is actively extorting universities after exploiting an unpatched Oracle flaw appeared first on CyberScoop .CYBERSCOOP.COM
12 JunphpBB forum fixes auth bypass bug lurking for a decadeA 10-year-old authentication bypass vulnerability discovered in the phpBB forum software allows an attacker to log in as any user, including administrators. [...]BLEEPINGCOMPUTER.COM
12 JunDeadline-driven defense.CISA directs agencies to “patch smarter, not harder.” The House fails to extend FISA. Europol pulls over AudiA6. GitHub announces npm security updates. Anthropic rejects Fable 5 jailbreak claims. CISA gives feds three days to patch a critical Ivanti Sentry vulnerability. Google c…THECYBERWIRE.COM
12 JunShinyHunters Uses Oracle Zero-Day to Rampage Higher EdA major bug in Oracle's ERP software disproportionately affected American universities, and hackers have capitalized by stealing gobs of data.DARKREADING.COM
12 JunGreatXML zero-day BitLocker bypass doesn’t seem to work, yetA disgruntled researcher who has been publishing zero-day Microsoft Windows vulnerabilities for the past several months released a new exploit Thursday that promises to bypass BitLocker encryption on locked devices. A well respected security expert reported that the exploit doesn…CSOONLINE.COM
12 Jun KEVShiny Hunters Hit PeopleSoftOracle mitigated a critical PeopleSoft vulnerability affecting PeopleTools versions 8.61 and 8.62. Reports indicate the vulnerability was actively exploited as a zero-day by the group known as Shiny Hunters to access organizational data. The issue was described as an unauthentica…YOUTUBE.COM
11 JunGitHub finally pulls the plug on automatic install script execution for npmThe ability for attackers to leverage automatic install script execution in npm will finally come to an end when expected changes arrive from GitHub in July. Coders will still be able to enable the function, but the default setting will block it. In V12, default settings are chan…CSOONLINE.COM
11 JunWhatsAppening here?This week, hosts of N2K CyberWire ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ and⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ alongs…THECYBERWIRE.COM
11 JunX Square Robot open sources its robot-free data collection frameworkCompanies building robots for physical work spend large amounts of time and money operating machines by hand to gather training examples. Each session with a physical robot produces a small number of demonstrations per day, which slows the growth of datasets used to train embodie…HELPNETSECURITY.COM
11 JunMax severity Ivanti Sentry vulnerability now exploited in attacksAttackers are now targeting a recently patched maximum-severity flaw in Ivanti Sentry, enabling them to execute code with root privileges on Internet-exposed secure mobile gateways. [...]BLEEPINGCOMPUTER.COM
11 JunAged-domain acquisition: The tradecraft phishing operators are using to bypass your mail filter’s reputation scoreI’ve spent the past two years working on incident response and threat intelligence, and the pattern I’m about to describe is one I keep seeing show up in cases that should have been caught at the email gateway. The kit families change. The lure templates change. The constant is t…CSOONLINE.COM
11 JunFrontier AI models offer sneak peak of seismic cyber shifts aheadThe advent of Claude Mythos combined with the release of OpenAI’s GPT-5.5 have changed the threat model for CISOs . The arrival of those frontier AI models — and the ones soon to follow — makes it much easier to discover and chain vulnerabilities at a speed and scale that will re…CSOONLINE.COM
11 Jun‘GreatXML’ Zero-Day Exploit Bypasses BitLockerThe PoC exploits Microsoft Defender’s offline scan to spawn a SYSTEM shell when rebooting in Recovery Mode. The post ‘GreatXML’ Zero-Day Exploit Bypasses BitLocker appeared first on SecurityWeek .SECURITYWEEK.COM
11 JunEnhanced License Plate TrackingThe surveillance company Leonardo wants more data : A surveillance company plans to add sensors to automatic license plate readers (ALPRs) that would mean the devices, as well as capture the license plate of passing vehicles, would also sweep up unique identifiers of mobile phone…SCHNEIER.COM
11 JunWhat SRE teams need before they trust AI agentsThe future of reliability will not be defined by whether site reliability engineering (SRE) teams use AI agents, but by the conditions under which they choose to trust them. In high-stakes systems, trust is never granted because a demo looks impressive; it is earned through obser…CSOONLINE.COM
11 JunSplunk, Palo Alto Networks Patch Severe VulnerabilitiesThe security defects could allow attackers to create or modify arbitrary files and access and modify protected resources. The post Splunk, Palo Alto Networks Patch Severe Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
11 JunAI Broke Vulnerability Management. That's Why CISOs Are Moving Budget to BAS.For thirty years, vulnerability management ran on a buffer: the months between when a vulnerability was found and when someone could figure out how to weaponize it. The solution was straightforward enough; triage by severity, schedule the fix, validate, and move on. The buffer wa…THEHACKERNEWS.COM
11 JunSignal Alums Reveal ‘Encrypted Spaces,’ a System for Making Private Collaboration AppsThe new open-source project could serve as the basis for a future of apps with features as complex as Slack, Discord, or Google Docs—but with added protection against surveillance.WIRED.COM
11 JunKyushu Electric lost backup drive containing data of 10.9 million clientsKyushu Electric Power Transmission and Distribution Co. has disclosed that an external storage device used for system backups has gone missing from a secure server room. While no evidence of data leakage has been identified so far, the company warns that the device contained pers…CYBERINSIDER.COM
11 JunVRChat discloses cloud breach exposing data of 2.4 million usersVRChat has disclosed a data breach affecting 2,436,782 users after attackers gained unauthorized access to data stored in the company's cloud environment. The incident exposed account-related information, including email addresses, usernames, login history, and linked platform id…CYBERINSIDER.COM
11 JunHackers Exploit Langflow Vulnerability for Remote Code ExecutionDisclosed in March, the security defect enables unauthenticated attackers to write files to arbitrary locations on the system. The post Hackers Exploit Langflow Vulnerability for Remote Code Execution appeared first on SecurityWeek .SECURITYWEEK.COM
11 JunCoupang hit with record $409 million data breach fine in Korea​​The Personal Information Protection Commission (PIPC), South Korea's data protection regulator, has fined e-commerce giant Coupang a record 624.6 billion won (roughly $409 million) following a massive data breach affecting more than 37 million customers [...]BLEEPINGCOMPUTER.COM
11 JunCISA tells govt agencies to patch critical exploited flaws in 3 daysThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced a new Binding Operational Directive, 26-04, that prioritizes security updates for Federal Civilian Executive Branch (FCEB) agencies. [...]BLEEPINGCOMPUTER.COM
11 JunServiceNow fixes API issue after reports of suspicious tenant activityServiceNow is notifying customers after discovering and remediating a vulnerability that could have exposed data via an unauthenticated API endpoint on affected instances. The issue emerged publicly after customers began discussing security notifications from ServiceNow and repor…CSOONLINE.COM
11 JunFrom SQLi to RCE – Exploiting LangGraph’s CheckpointerBy Yarden Porat AI agents need memory. Frameworks like LangGraph provide it through checkpointers – persistence layers that store execution state. But what happens when that persistence layer isn’t locked down? Key Points Background LangGraph is an open-source framewo…RESEARCH.CHECKPOINT.COM
11 JunCriminal AI-as-a-Service in 2026: How the Underground Market Is Operationalizing CybercrimeIntroduction The underground market for criminally oriented generative AI has moved beyond the early hype surrounding 'malicious chatbots.' The gradual integration of AI as a productivity layer within cybercrime operations has become the dominant story, indicating that while the …RAPID7.COM
11 JunAuthorities dismantle 'AudiA6' ransomware crypto-laundering serviceLaw enforcement has dismantled the “AudiA6” cryptocurrency service allegedly used by ransomware actors and other cybercriminals to launder more than $380 million. [...]BLEEPINGCOMPUTER.COM
11 JunThe Gentlemen Ransomware Claims 478 Victims, Can Spread Like a WormA new analysis of The Gentlemen operation has revealed that the financially motivated threat group initially operated as an affiliate responsible for conducting double extortion attacks, while leveraging resources from various ransomware-as-a-service (RaaS) schemes like LockBit (…THEHACKERNEWS.COM
11 JunCyber Force not included in Senate defense policy roadmapAn amendment by Sen. Kirsten Gillibrand (D-NY) to the chamber’s fiscal 2027 national defense authorization bill that would have created the digital-focused service was defeated 14-13 when the Senate Armed Services Committee took up the nearly $1.2 trillion legislation behind clos…THERECORD.MEDIA
11 JunCoupang hit by massive $456 million fine for 2025 data breach incidentSouth Korea's Personal Information Protection Commission (PIPC) has fined e-commerce giant Coupang 624.68 billion won ($456 million) after concluding that poor security practices led to a data breach affecting approximately 37.5 million people. The decision follows a November 202…CYBERINSIDER.COM
11 JunCISA orders federal agencies to “patch smarter”The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a Binding Operational Directive that will change how the US federal government approaches vulnerability management. The directive arrives as the patching problem has become nearly unmanageable, driven by a …HELPNETSECURITY.COM
11 JunNew GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML FilesSecurity researcher Chaotic Eclipse (aka Nightmare-Eclipse and MSNightmare) has released a new Windows BitLocker bypass dubbed GreatXML, a day after they published an exploit for Microsoft Defender. "This was an accidental discovery, it took a total of 4 hours to find this," the …THEHACKERNEWS.COM
11 JunNexstar investigates potential breach after ShinyHunters claims theft of 1.1M Salesforce recordsNexstar Media Group is investigating a potential cybersecurity incident after the ShinyHunters extortion group claimed to have stolen more than one million Salesforce records and additional internal corporate data from the broadcasting giant. While the threat actors have not publ…CYBERINSIDER.COM
11 JunMax-Severity Ivanti Flaw Exploited 24 Hours After DisclosureInitial methods suggest attackers had likely mapped out Ivanti's asset landscape upfront and acted quickly once the exploit became public.DARKREADING.COM
11 JunOracle warns of security bug that hackers abused to breach 100+ companiesThe tech giant warned of a security flaw that a cybercrime gang said it's exploiting as part of a mass-hacking campaign. Google said it notified more than 100 organizations that had potentially vulnerable servers.TECHCRUNCH.COM
11 JunNightmare Eclipse Trolling MicrosoftThe discussion centers on a persona called “Nightmare Eclipse,” which appears to act as a single researcher or group releasing vulnerabilities in a highly public and strategic way. This includes dropping zero-day vulnerabilities outside of standard vendor patch cycles. This style…YOUTUBE.COM
11 JunJapanese energy firm loses drive with data of 10.9 million clientsKyushu Electric Power Co., Inc. has disclosed a physical security incident that affects private data of more than 10 million customers. [...]BLEEPINGCOMPUTER.COM
10 JunEnterprises know AI-generated code is vulnerable; they’re shipping it anywayAI-generated code is riddled with security flaws, yet enterprises are shipping more of it than ever before. Why? Perhaps they’re over-confident, lack true visibility into security risks, or are simply choosing to ignore the problem and hope it goes away. It’s a dangerous game to …CSOONLINE.COM
10 JunUK move to filter photos and messages triggers encryption worries for CISOsUK Prime Minister Keir Starmer’s speech on Monday insisting that tech companies create device controls to somehow block children from viewing or creating sexually explicit imagery has raised alarms among CISOs, who worry that the same technology could undermine enterprise securit…CSOONLINE.COM
10 JunHiring Hot Takes from a Three-Time Exit CMO, Mary YangMary Yang has been a CMO in cybersecurity for 6 years, helped 3 companies exit, and now works on a fractional basis with founders and teams she wants to work with. On this CyberCMO Confidential episode, the three of them get into a discussion on hiring. Mary skips the job descrip…THECYBERWIRE.COM
10 JunProduct showcase: Staying ahead of the threat horizon with AunooAunoo is an open strategic intelligence platform that uses AI agents to monitor intelligence sources, including for cybersecurity, to compile a daily briefing and alert on defined criteria. Each source is checked for credibility and quality before it is included. The platform run…HELPNETSECURITY.COM
10 JunScams now operate like real businesses with budgets and targetsSocial media has overtaken email as a primary attack vector, showing changes in how people consume information and interact online, according to Bitdefender’s Global Scam Intelligence Report 2026. Fraud campaigns use advertisements, sponsored content, impersonation pages, a…HELPNETSECURITY.COM
10 JunSix Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoSCybersecurity researchers have flagged half a dozen vulnerabilities in protobuf.js, a JavaScript and TypeScript implementation of Protocol Buffers (Protobuf), that, if successfully exploited, could result in remote code execution (RCE) and denial-of-service (DoS) attacks. "In aff…THEHACKERNEWS.COM
10 JunNOVA microhypervisor brings AMD DMA isolation to shared AI infrastructureBlueRock has issued the latest open-source release of its NOVA Microhypervisor with DMA remapping support for AMD platforms that have IOMMU hardware virtualization. The capability is enabled by default and extends hardware-level isolation across virtual machines, devices, and mem…HELPNETSECURITY.COM
10 JunMicrosoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated WindowsThe anonymous security researcher going by the name Chaotic Eclipse (aka Nightmare-Eclipse) has released a proof-of-concept (PoC) exploit for yet another Microsoft Defender zero-day named RoguePlanet. "The exploit is a race condition, so it's a hit or miss," the researcher, who p…THEHACKERNEWS.COM
10 JunRisky Business #841 -- Microsoft gets owned and 0day'dOn this week’s show special guest co-host Chris Wade, the founder of Corellium turned Cellebrite CTO, joins Patrick Gray and James Wilson to discuss the week’s cybersecurity news. They cover: Microsoft has repos owned, GitHub tokens popped, and a new 0day dropped on them Meanwhil…RISKY.BIZ
10 JunNo Patch Planned for Exploited Arista EOS VulnerabilityOrganizations are advised to apply vendor-supplied mitigations or discontinue the vulnerable devices. The post No Patch Planned for Exploited Arista EOS Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
10 JunServiceNow Flaw Exploited to Gain Unauthorized Access to Customer InstancesServiceNow has warned about a security incident in which unknown threat actors exploited a flaw to obtain deeper unauthorized access to susceptible instances. "On June 5, 2026, ServiceNow applied a security update to hosted customer instances," the company revealed in an advisory…THEHACKERNEWS.COM
10 JunMicrosoft Fixes 200 CVEs in June Patch TuesdayMicrosoft has patched 200 vulnerabilities including three zero-daysINFOSECURITY-MAGAZINE.COM
10 JunCritical Vulnerabilities Patched in Fortinet, Ivanti ProductsTwo OS command injection flaws can be exploited remotely, without authentication, for arbitrary code execution. The post Critical Vulnerabilities Patched in Fortinet, Ivanti Products appeared first on SecurityWeek .SECURITYWEEK.COM
10 JunAI red teaming comes of ageWhen Ram Shankar Siva Kumar launched Microsoft’s AI red team in 2019, the discipline barely existed. “The running joke used to be that people who used to work in AI red teaming, you can round them up in a 14-foot catamaran,” he tells CSO. At the time, Microsoft’s approach looked …CSOONLINE.COM
10 JunInnovation Without Data Security Risk as AI Unlocks Budgets and Identity Challenges - BSW #451AI is reshaping innovation as businesses embed it into core operations and move more processes online. This transformation is often seen as a tradeoff between innovation and data risk, but that assumption is wrong. Businesses can innovate and scale in the AI era while maintaining…YOUTUBE.COM
10 JunMicrosoft patches YellowKey, GreenPlasma, MiniPlasma zero-daysOn Tuesday, Microsoft patched two zero-day vulnerabilities that let attackers gain SYSTEM privileges on fully patched Windows systems, and a third one that grants access to BitLocker-protected drives. [...]BLEEPINGCOMPUTER.COM
10 JunServiceNow Patches Vulnerability Exploited Against Some CustomersThe company updated hosted customer instances to patch a security issue it reportedly had known about since April 7. The post ServiceNow Patches Vulnerability Exploited Against Some Customers appeared first on SecurityWeek .SECURITYWEEK.COM
10 JunRubrik launches Autonomous Business Recovery to rebuild cloud applications after cyberattacksRubrik has unveiled Autonomous Business Recovery (ABR) for Cloud Applications, the agentic cyber resilience solution that recovers cloud applications from data to network, identity and configurations. The end result is a rebuild of an organization’s Minimum Viable Business …HELPNETSECURITY.COM
10 JunF5 adds AI-powered threat detection and API security for on-premises environmentsF5 has introduced new web application and API protection (WAAP) capabilities for its Application Delivery and Security Platform. The company said the updates are intended to address a threat landscape in which AI models can accelerate the time between vulnerability discovery and …HELPNETSECURITY.COM
10 JunMicrosoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE BugsMicrosoft on Tuesday released fixes for a record 206 security vulnerabilities impacting its software portfolio, including three flaws that have been publicly disclosed at the time of release. Of the 206 flaws, 39 are rated Critical, and 167 are rated Important in severity. This i…THEHACKERNEWS.COM
10 JunAutonomous AI agents duped into leaking sensitive data in phishing testAI agents given access to corporate email and business applications could become a new phishing target for attackers, according to cybersecurity researchers, after a test agent built on OpenClaw was tricked into sharing cloud credentials and customer data with an external attacke…CSOONLINE.COM
10 JunRecord Microsoft Patch Tuesday, fresh zero-dayMicrosoft marked its largest-ever Patch Tuesday this month, by shipping fixes for nearly 200 vulnerabilities. Within hours, “Nightmare Eclipse”, the researcher behind weeks of escalating Windows exploit releases, dropped a proof-of-concept exploit for a new zero-day: …HELPNETSECURITY.COM
10 JunNew Windows Zero-Day Exploit ‘RoguePlanet’ ReleasedExploiting a race condition in Microsoft Defender, the exploit leads to local privilege escalation to SYSTEM. The post New Windows Zero-Day Exploit ‘RoguePlanet’ Released appeared first on SecurityWeek .SECURITYWEEK.COM
10 JunMicrosoft’s biggest-ever Patch Tuesday fixes 206 bugs, including 3 zero-daysJune 2026 is the largest Patch Tuesday in history, fixing 206 vulnerabilities and three publicly disclosed zero-days.MALWAREBYTES.COM
10 JunAryon Security Raises $29 Million in Series A FundingIn the post-Mythos era, the company’s platform helps organizations enforce security controls across environments. The post Aryon Security Raises $29 Million in Series A Funding appeared first on SecurityWeek .SECURITYWEEK.COM
10 JunMicrosoft ships largest Patch Tuesday on record, with one bug under active attackThe release comes after Microsoft’s security leadership acknowledged last month that AI tools are driving a surge in vulnerability discovery across the industry.THERECORD.MEDIA
10 Jun KEVMicrosoft patches Exchange Server zero-day exploited in attacksMicrosoft has patched an actively exploited Exchange Server vulnerability that allows threat actors to execute arbitrary JavaScript code in cross-site scripting (XSS) attacks targeting Outlook Web Access users. [...]BLEEPINGCOMPUTER.COM
10 JunInfostealers Turn Millions of Devices Into Credential Theft MachinesAs attackers increasingly favor stolen credentials over exploits, infostealers have become a primary source of access for ransomware and other cybercrime operations. The post Infostealers Turn Millions of Devices Into Credential Theft Machines appeared first on SecurityWeek .SECURITYWEEK.COM
10 JunAISLE Snapshot keeps source code under enterprise control during vulnerability scanningAISLE has introduced AISLE Snapshot, a new offering that gives regulated and security-sensitive enterprises access to frontier-class vulnerability detection inside their own environments, at a fraction of the cost, with source code and security data that never leave their control…HELPNETSECURITY.COM
10 JunWho Runs the Ransomware Group ‘The Gentlemen?’A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paid by victims. This post e…KREBSONSECURITY.COM
10 JunThe Shadow AI ProblemOrganizations are rapidly adopting generative AI tools, but many employees are experimenting with unauthorized platforms outside official IT oversight. Security leaders are now being forced to decide which AI services meet enterprise requirements and which should be blocked. Not …YOUTUBE.COM
10 JunIdentity theft is turning into a chain reaction for victimsFor a growing number of victims, identity theft no longer ends with a fraudulent charge or a compromised account. More than one in four people who contacted the Identity Theft Resource Center during the reporting period were dealing with multiple identity-related incidents, accor…HELPNETSECURITY.COM
10 JunPatch Tuesday notes: Microsoft fixes a record 200 flaws.Nightmare Eclipse leaks another Windows zero-day. Researchers disclose two critical flaws in AI Chrome extensions. Business news: Cyera closes a $600 million Series G round.THECYBERWIRE.COM
10 JunCISA gives agencies new vulnerability remediation deadlines that take risk levels into accountThe cybersecurity agency says it wants to help network defenders prioritize the fixes that matter the most.CYBERSECURITYDIVE.COM
10 JunCISA directive orders agencies to prioritize vulnerability patching in a new wayA vulnerability that meets all four criteria would need to be fixed within three days, for instance. The post CISA directive orders agencies to prioritize vulnerability patching in a new way appeared first on CyberScoop .CYBERSCOOP.COM
10 JunNightmare-Eclipse Drops Yet Another Microsoft Exploit, RoguePlanetThe disgruntled researcher released yet another PoC for a Windows Defender bug that allows for system takeover, showing no signs of abandoning their ongoing feud with Microsoft.DARKREADING.COM
10 JunAutomated Threat Hunting: Turning Threat Intelligence into Executable Hunt PlansBlake McDermott is Senior Threat Hunter at Rapid7. Every week, threat hunt teams are faced with a steady flow of blogs, advisories, and DFIR reports containing valuable intelligence about adversary behaviors, tactics, techniques, and procedures. The challenge is turning that inte…RAPID7.COM
10 JunPhones Hacked Without ClickingNSO Group’s Pegasus spyware is once again tied to attacks involving WhatsApp. Pegasus uses zero-click exploits, meaning targets do not need to click a link or open an attachment for compromise to occur. A successful zero-click exploit against modern smartphones can provide near-t…YOUTUBE.COM
10 JunTurn specs into evals for any agent with ASSERTAdaptive Spec-driven Scoring for Evaluation and Regression Testing (ASSERT) is an open-source framework for converting natural language behavior requirements into executable evaluations of AI models and agents. The post Turn specs into evals for any agent with ASSERT appeared fir…COMMANDLINE.MICROSOFT.COM
10 JunThe patch pile reaches new heights.Patch Tuesday goes big. Congress looks to harden critical infrastructure. A new Windows zero-day drops. Mobile AI creates security blind spots. AI agents fall for phishing. Browser extensions expose millions. Spammers hide behind Google Cloud Storage. CISA crowns its cyber champi…THECYBERWIRE.COM
10 JunThe ‘Miasma’ worm source code briefly leaked on GitHubThe Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain attacks, was briefly open-sourced on GitHub. [...]BLEEPINGCOMPUTER.COM
10 JunToo Vulnerable for the C-Suite?The discussion explores how vulnerability is perceived at executive levels, especially in high-pressure leadership environments like the C-suite. Speakers argue there is a narrow balance between appearing confident and appearing weak. Leadership advice often promotes vulnerabilit…YOUTUBE.COM
9 JunMeet Hades: The malware that lies to AI security agentsThreat actors are continuing their onslaught against software supply chains, now with malware named after death itself. The newly-discovered Hades Campaign is a “highly sophisticated” supply chain compromise that targets Python developer environments and runs as soon as infected …CSOONLINE.COM
9 JunThe architecture of subtraction: Why it’s time to erase the roads, not just map the trafficThe advent of AI-assisted vulnerability discovery and autonomous exploit development has brought about a new age in cybersecurity—one in which we can no longer rely on patching as a primary defense mechanism. Patching is, by definition, a reactive approach to security. It cannot …HELPNETSECURITY.COM
9 JunTreating AI agents like service accounts for federated query securityIn this interview with Help Net Security, Paras Malhotra, CISO at Starburst, explains how the company handles data governance across federated query environments. Topics include layering Starburst’s access controls above native source permissions, tiering vendor risk across…HELPNETSECURITY.COM
9 JunMalware ships with bugs that defenders could use against itStatic analysis tools have spent years scanning legitimate software for security bugs before it goes out the door. The same scanners work on malware, and malware carries a steady supply of its own bugs. Researchers ran four of these tools across 658 leaked malware projects and fo…HELPNETSECURITY.COM
9 JunThe Anatomy of Cloud Ransomware with Matt CastriottaAre your cloud security controls actually protecting your infrastructure, or are they just keeping the lights on? With host ⁠Caleb Tolin⁠, ⁠Matt Castriotta⁠, Field CTO for Cloud at ⁠Rubrik⁠, breaks down the tactical gaps exposed when organizations blindly replicate data center mi…THECYBERWIRE.COM
9 Jun KEVGoogle patches new Chrome zero-day flaw exploited in the wildGoogle has released emergency updates to patch another Chrome zero-day vulnerability that has been exploited in the wild, the fifth such flaw patched since the start of the year. [...]BLEEPINGCOMPUTER.COM
9 JunScanner Results Are a Starting Point. Here's What Comes Next. - Federico Kirschbaum - ASW #386Most AppSec teams are working through more findings than their teams can validate. SAST surfaces thousands of potential issues. DAST generates alert volume that outpaces triage capacity. Somewhere in that output are the vulnerabilities that matter, the ones that are actually expl…YOUTUBE.COM
9 JunInfosecurity Europe: Why JLR’s CISO Enforced In-Person Password Resets Following Cyber-AttackSpeaking at Infosecurity Europe, Ashish Shrestha, former CISO at Jaguar Land Rover revealed why he wanted over 30,000 employees to change their passwords in the immediate aftermath of the incidentINFOSECURITY-MAGAZINE.COM
9 Jun KEVGoogle Chrome emergency update fixes actively exploited flaw in V8Google has released Chrome 149.0.7827.102/.103 for Windows and macOS, as well as Chrome 149.0.7827.102 for Linux, addressing 74 security vulnerabilities, including a high-severity zero-day flaw in the V8 JavaScript engine that the company says has been exploited in the wild. The …CYBERINSIDER.COM
9 JunCISA gives feds 3 days to patch Check Point VPN bug exploited as zero-dayCISA has ordered U.S. government agencies to secure their Check Point Remote Access VPN and Mobile Access deployments against a critical vulnerability exploited in zero-day attacks by Qilin ransomware affiliates. [...]BLEEPINGCOMPUTER.COM
9 Jun KEVCheck Point Warns Critical Auth Bypass Bug Exploited in the WildCheck Point says a critical vulnerability in its Remote Access VPN and Mobile Access solutions has been exploited by QilinINFOSECURITY-MAGAZINE.COM
9 JunCheck Point VPN Zero-Day Exploited in Qilin Ransomware AttacksThe authentication bypass vulnerability allows attackers to establish VPN connections without a valid password. The post Check Point VPN Zero-Day Exploited in Qilin Ransomware Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
9 JunMythos Preview can weaponize N-day vulnerabilities in hoursMythos Preview can develop working exploits from newly disclosed software vulnerabilities in hours, cutting down a process that has historically taken days or weeks, according to Anthropic. Anthropic’s recent cybersecurity research has largely focused on zero-days, vulnerab…HELPNETSECURITY.COM
9 JunThe Flip That Broke the Cali CartelNow that drug cartels can be labeled foreign terrorist organizations, how do you dismantle one? As part of his 26 years at the Drug Enforcement Administration, retired Special Agent Chris Feistl was on a team that brought the demise of the Cali Cartel in Colombia. One of the worl…THECYBERWIRE.COM
9 JunWill AI Kill the Bug Bounty Industry?Anthropic's Mythos is accelerating vulnerability discovery to machine speed, forcing the bug bounty industry and offensive security teams to adapt to a future where finding flaws is no longer the hard part. The post Will AI Kill the Bug Bounty Industry? appeared first on Security…SECURITYWEEK.COM
9 JunSecurity shifts to the human layer as AI scams surgeCybercriminals are increasingly reshaping familiar social-engineering campaigns around the way employees use AI, with separate advisories from Microsoft and Google documenting how attackers are adapting scams to AI-powered tools, trusted digital services, and changing workplace b…CSOONLINE.COM
9 Jun KEVUpdate Chrome: Google patches actively exploited vulnerability and 73 othersGoogle's latest Chrome update fixes 74 security vulnerabilities, including one under active attack.MALWAREBYTES.COM
9 JunApple Intelligence can now replace weak passwords without user interventionApple’s next generation of Apple Intelligence, the company’s personal intelligence system, expands its capabilities and introduces new security features in Passwords. Automatically Fix Passwords (Source: Apple) Introduced as a standalone app in 2024, Passwords gives users a centr…HELPNETSECURITY.COM
9 JunResearchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight ModelsUniversity of Toronto researchers have built and tested a proof-of-concept AI-driven computer worm that uses a locally hosted open-weight large language model to reason its way through a network, generate tailored attack strategies for each target it encounters, and replicate its…THEHACKERNEWS.COM
9 JunNew Platform Uses Cryptographic Invisibility to Protect AI-Built ApplicationsAtsign’s AI Architect applies cryptographic protections to agentic software development, aiming to prevent attackers from exploiting vulnerabilities by making application identities effectively invisible. The post New Platform Uses Cryptographic Invisibility to Protect AI-Built A…SECURITYWEEK.COM
9 JunSAP Patches Critical NetWeaver, Commerce VulnerabilitiesThe flaws could lead to the disclosure of sensitive information, memory corruption, and disruption of normal system usage. The post SAP Patches Critical NetWeaver, Commerce Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
9 JunHackers pose as women seeking romance to spy on Russian soldiersThe group, dubbed SiribClone by Russian cybersecurity firm F6, has been active since at least the summer of 2025 and has primarily targeted members of the Russian armed forces stationed in border regions and combat zones.THERECORD.MEDIA
9 JunWhy AI Can’t Replace PentestersA “clean” pentest report is not always enough. The real value often comes from explaining what attacks were attempted, what defenses held up, and why exploitation failed. That missing context is part of why AI alone struggles to replace experienced pentesters. Automated tools can…YOUTUBE.COM
9 Jun KEVCisco customers encounter another SD-WAN zero-day under attackThe defect marks the seventh actively exploited zero-day in Cisco SD-WANs this year, and the vendor has yet to release a patch. The post Cisco customers encounter another SD-WAN zero-day under attack appeared first on CyberScoop .CYBERSCOOP.COM
9 JunNew Veeam vulnerability exposes backup servers to RCE attacksVeeam has released security updates to patch a critical Backup & Replication security flaw that can be exploited to gain remote code execution (RCE) on domain-joined backup servers. [...]BLEEPINGCOMPUTER.COM
9 Jun KEVShai-Hulud variant compromises dozens of open-source Microsoft packages.Check Point patches actively exploited VPN zero-day. Hacker breaches the French government's encrypted messaging app.THECYBERWIRE.COM
9 JunClaude Mythos Turns N-Days Into N-Hours With Rapid Exploit CreationPublic LLM models with safeguards turned off can also build working exploits, increasing patch gap risks. The post Claude Mythos Turns N-Days Into N-Hours With Rapid Exploit Creation appeared first on SecurityWeek .SECURITYWEEK.COM
9 JunFrench government messaging platform breached through account hijackingFrench authorities are investigating a compromise of Tchap, the government’s secure messaging platform, after hackers hijacked a user account and gained access to public chat rooms. Tchap is the French government’s messaging platform for civil servants, ministries, an…HELPNETSECURITY.COM
9 JunMicrosoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe ContinuesMicrosoft on Monday confirmed that it temporarily removed some GitHub repositories in response to a recent security incident that led to 73 of its open-source projects being compromised to inject an information stealer into the code. "Our priority is to protect customers and the …THEHACKERNEWS.COM
9 JunCISA is rethinking how it prioritizes risks and vulnerabilities for feds, private sectorActing director Nick Andersen said a binding operational directive is en route for agencies, and that more specific discussions need to happen with critical infrastructure owners. The post CISA is rethinking how it prioritizes risks and vulnerabilities for feds, private sector ap…CYBERSCOOP.COM
9 JunCheck Point warns of zero-day flaw targeted by ransomware affiliateA vulnerability in the company’s VPN deployments has faced exploitation since early May.CYBERSECURITYDIVE.COM
9 JunXBOW tests Anthropic's Mythos Preview for offensive securityAnthropic's Mythos Preview was highly effective at finding vulnerability candidates, especially when analyzing source code. XBOW explores how the model performed across exploit discovery, reverse engineering, and live-site validation. [...]BLEEPINGCOMPUTER.COM
9 JunOpenSSL Patches High-Severity Vulnerability Found With AIA total of 18 vulnerabilities have been patched in the latest OpenSSL releases, including many that were potentially discovered by AI. The post OpenSSL Patches High-Severity Vulnerability Found With AI appeared first on SecurityWeek .SECURITYWEEK.COM
9 JunMicrosoft June 2026 Patch Tuesday, (Tue, Jun 9th)Microsoft today released patches for 204 vulnerabilities. 38 of these vulnerabilities are considered critical, and three have been disclosed before today. Six of the vulnerabilities affect Microsoft cloud solutions and do not require any user action. In addition, Microsoft incorp…ISC.SANS.EDU
9 JunCISA gives US federal agencies three days to fix a VPN bug under attack by a ransomware gangCheck Point said hackers broke into dozens of organizations by exploiting a VPN bug in several of its products used across the government.TECHCRUNCH.COM
9 JunMicrosoft June 2026 Patch Tuesday fixes 3 zero-day, 200 flawsToday is Microsoft's June 2026 Patch Tuesday, with security updates for 200 flaws and three publicly disclosed zero-day vulnerabilities. [...]BLEEPINGCOMPUTER.COM
9 JunAnthropic releases Mythos-class Fable 5 model with safeguards for cyber risksAnthropic unveiled two new powerful AI models built on its previously restricted Mythos architecture: Claude Fable 5, which is being made broadly available, and Claude Mythos 5, which remains limited to a small group of cybersecurity and infrastructure partners. Anthropic describ…CSOONLINE.COM
9 JunSAP fixes critical flaws in NetWeaver and Commerce CloudSAP has released fixes for 15 vulnerabilities as part of its June 2026 Security Patch package, including four critical-severity flaws affecting SAP NetWeaver and SAP Commerce Cloud. [...]BLEEPINGCOMPUTER.COM
9 JunMicrosoft Patches 200 VulnerabilitiesThree of the vulnerabilities fixed with the latest Patch Tuesday updates were publicly disclosed before Microsoft addressed them. The post Microsoft Patches 200 Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
9 JunA checkmark for trust, a payload for theft.Miasma malware meddles with Microsoft. SAP fixes critical flaws, Google patches an exploited Chrome zero-day, CanisterWorm spreads through npm, Mac users face a new malvertising threat, France investigates a breach of its secure messaging platform, insurers rethink AI risk, the F…THECYBERWIRE.COM
9 JunServiceNow discloses security incident exposing customer dataServiceNow is warning about a security incident after attackers exploited an unauthenticated access flaw through a vulnerable API endpoint, allowing them to query data from customer instances. [...]BLEEPINGCOMPUTER.COM
9 JunBlame AI: Patch Tuesday Hits Record 206 CVEsVoluminous patch updates could soon be the norm, as artificial intelligence accelerates the speed and scale of vulnerability discovery.DARKREADING.COM
9 JunA Record-Breaking Patch Tuesday for June 2026Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company's monthly Patch Tuesday cycle. Nearly three dozen of those bugs earned Microsoft's most dire "critical…KREBSONSECURITY.COM
9 JunSN 1082: The Malicious Use of AI - Anthropic's Red Team ReportDiscover how Anthropic's secretive red team and the MITRE ATT&CK framework are mapping the chilling rise of malicious AI use, revealing cyber threats that now move faster than defenders can respond. Was a U.S. law firm right to pay a $20 million ransom. Could Cisco have yet a…TWIT.TV
8 JunGoogle Colab CLI opens runtimes to Claude Code and CodexGoogle released the Google Colab Command-Line Interface, a tool that connects local terminals to remote Colab runtimes. The CLI provides an execution platform for developers and AI agents, letting users provision compute, run local Python scripts on remote runtimes, and retrieve …HELPNETSECURITY.COM
8 JunDockSec: Open-source AI-powered Docker security scannerDockSec is an OWASP Incubator Project that combines three container security scanners with a language-model layer for explanation and remediation. Created by Advait Patel, the Python tool runs Trivy, Hadolint, and Docker Scout against a developer’s Dockerfile and image, cor…HELPNETSECURITY.COM
8 JunMeta AI Bug Exposes Over 20,000 Instagram AccountsMeta confirms an AI tool vulnerability led to unauthorized access to Instagram accounts after a failure in email verification during password resetINFOSECURITY-MAGAZINE.COM
8 Jun KEVSolarWinds Serv-U Vulnerability Exploited in the WildUnauthenticated attackers can exploit the flaw via specially crafted POST requests that crash the Serv-U service. The post SolarWinds Serv-U Vulnerability Exploited in the Wild appeared first on SecurityWeek .SECURITYWEEK.COM
8 JunOpenAI is locking down parts of ChatGPT to reduce data theft risksOpenAI has started rolling out Lockdown Mode for ChatGPT, an optional security setting that restricts access to external resources and several product capabilities. It is available for personal accounts, including Free, Go, Plus, and Pro plans, as well as self-serve ChatGPT Busin…HELPNETSECURITY.COM
8 JunUNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion CampaignCybersecurity researchers have disclosed details of a financially motivated data theft extortion campaign that has targeted dozens of organizations across professional, legal, and financial services in the U.S. between January and May 2026. The activity has been attributed by Goo…THEHACKERNEWS.COM
8 JunWhy most enterprise security teams would fail a military readiness testHave you ever watched a military cyber ops team go to work responding to a cyberattack simulation? It’s like that scene from Die Hard 4.0 when all the screens start flashing red and systems start shutting down; however, unlike the movies, where bumbling government IT workers are …CSOONLINE.COM
8 Jun15 tough cybersecurity questions every CISO must answerAs CISOs know, an effective security program cannot be static. Rather, it must adapt to the evolving threat landscape and an ever-changing business environment. To adapt and improve, CISOs must continuously evaluate their existing program. That starts with asking tough questions …CSOONLINE.COM
8 JunThe State of AI in SecOps, the Unintended Consequences of Vulnmaxxing, and the News - ESW #462Interview with Filip Stojkovski on the State of AI in SecOps Filip joins us to talk through the 2+ year rollercoaster that Security Operations tooling has been on since AI entered the chat. We discuss the AI SecOps market, which Filip closely tracks through his SecOps Unpacked pr…YOUTUBE.COM
8 JunMeta notifies 20,000 Instagram users whose accounts were hijacked via AI support botMeta has begun notifying approximately 20,000 Instagram users that their accounts may have been compromised after attackers exploited a flaw in an AI-assisted account recovery tool. The company says the vulnerability allowed unauthorized parties to obtain password reset links for…CYBERINSIDER.COM
8 JunOxford University discloses data breach after careers platform hackThe University of Oxford disclosed a new data breach last week after being informed by its third-party provider, Group GTI, that its CareerConnect career services platform had been compromised. [...]BLEEPINGCOMPUTER.COM
8 JunRidgeBot 7.0 automates Active Directory attack simulations for security validationRidge Security has announced the release of RidgeBot 7.0, an update to its automated security validation platform that introduces automated Windows Active Directory penetration testing capabilities. The new version enables organizations to conduct end-to-end domain compromise sim…HELPNETSECURITY.COM
8 JunConnectSecure’s Patch 360 gives MSPs control over patch testing and deploymentConnectSecure has announced the launch of Patch 360, a patch management solution built for managed service providers (MSPs) to reduce deployment risk while accelerating vulnerability remediation. Patch management has long followed a “deploy-and-hope” model, with teams addressing …HELPNETSECURITY.COM
8 JunThe Hardest ForkMythos is real. I know a big chunk of the industry thinks it's a marketing stunt, and I get why. I get it. But I've seen the findings, and they're bad. These aren't "whoops, this line right here is wrong, and that's RCE." They're novel combinations of a few dozen issues out of th…THEHACKERNEWS.COM
8 Jun KEVEverest Forms Vulnerability Exploited to Hack WordPress SitesThe flaw allows attackers to execute arbitrary code remotely and has been exploited in the wild for two months. The post Everest Forms Vulnerability Exploited to Hack WordPress Sites appeared first on SecurityWeek .SECURITYWEEK.COM
8 JunCheck Point links VPN zero-day attacks to Qilin ransomware gangIsraeli cybersecurity company Check Point has released security updates to patch a critical flaw affecting Remote Access VPN and Mobile Access deployments, which was exploited in zero-day attacks. [...]BLEEPINGCOMPUTER.COM
8 JunHackers used Meta’s AI support system to hijack over 20,000 Instagram accountsMeta has revealed that attackers hijacked 20,225 Instagram accounts by exploiting a flaw in the company’s AI-assisted account recovery system. According to the company, a vulnerability in High Touch Support (HTS) allowed unauthorized parties to perform password resets on In…HELPNETSECURITY.COM
8 JunNew Relic expands observability into AI-assisted software developmentNew Relic has announced AI Coding Observability, an open-source tool for monitoring AI-assisted software development workflows. As organizations adopt AI coding assistants, these tools often operate outside existing observability systems, limiting visibility into their use. AI Co…HELPNETSECURITY.COM
8 Jun⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and MoreMonday again. The weekend was meant to be quiet. It wasn't. Last week had poisoned packages, a broken AI helper, and a worm tearing through repos. The ugly part: basic tricks still worked. A chatbot got fooled. A bot token got leaked inside the malware. The same old mistakes show…THEHACKERNEWS.COM
8 JunTurning Cloudflare’s threat indicators into real-time WAF rulesCloudflare customers can now use Cloudforce One threat intelligence directly within the WAF to block high-risk traffic. By using new cf.intel fields, security teams can automate protection against specific threat actors and targeted industries in real time.CLOUDFLARE.COM
8 JunNew open-source app Loupe reveals how iPhones are fingerprintedPrivacy researchers Mysk have released Loupe, a free and open-source iOS app that shows users what information apps can learn about their devices through publicly available iOS APIs. The tool highlights how data such as language settings, device characteristics, installed apps, a…CYBERINSIDER.COM
8 JunGogs patches critical zero-day enabling remote code executionGogs has patched a critical security zero-day flaw that can allow attackers to compromise Internet-facing instances and access any repositories (including private ones). [...]BLEEPINGCOMPUTER.COM
8 JunCritical Zcash Vulnerability Found and FixedIf you’re a user—owner?—of this cryptocurrency, this is important: On May 29, the security researcher Taylor Hornby found a critical vulnerability in Zcash Orchard privacy pool using Claude Opus 4.8. The Zcash team hired Hornby specifically to look for this kind…SCHNEIER.COM
8 JunTeamPCP Supply Chain Campaign: Activity Through 2026-06-07, (Mon, Jun 8th)This diary continues the Internet Storm Center&#;x26;#;39;s tracking of the TeamPCP supply chain campaign, first documented in the SANS white paper When the Security Scanner Became the Weapon and most recently in the handler diary Activity Through 2026…ISC.SANS.EDU
8 JunWhen Executives Force AI AdoptionThe clip contrasts traditional security operations — where tooling and processes evolve from practitioner feedback — with modern AI adoption, which is often driven by executive-level spending decisions. When large AI purchases happen before teams define real operational needs, or…YOUTUBE.COM
8 JunMicrosoft’s open source tools were hacked to steal passwords of AI developersMicrosoft shut down dozens of GitHub code repositories for Azure and AI coding tools after a reported hack.TECHCRUNCH.COM
8 JunICYMI: May 2026 @AWS SecurityRead all about the latest AWS security features, compliance updates, and hands-on resources in our new, monthly digest posts. You’ll find expert blog posts, new service capabilities, code samples, and workshops. AWS Security Blog posts This month’s AWS Security Blog posts covered…AWS.AMAZON.COM
8 JunCheck Point VPN Flaw Exploited Since Early MayA newly discovered, critical zero-day vulnerability is under attack; a Qilin ransomware affiliate has been blamed for at least one incident.DARKREADING.COM
7 JunBaker Distributing - 102,935 breached accountsIn May 2026, the HVAC/R wholesale distributor Baker Distributing Company was added to the ShinyHunters data extortion group's "pay or leak" site . In early June, the group publicly published data they claimed had been obtained from Baker's SharePoint and Salesforce infrastructure…HAVEIBEENPWNED.COM
7 JunWeek in review: Cisco SD-WAN 0-day exploited, Patch Tuesday forecastHere’s an overview of some of last week’s most interesting news, articles, interviews and videos: OWASP Agent Memory Guard: Stop AI agents from being weaponized through their own memory Agent Memory Guard is an open-source runtime defense layer that sits between an agent and its …HELPNETSECURITY.COM
7 JunEmphere Raises $2.1 Million for AI-Powered Vulnerability RemediationEmphere’s solution delivers AI-driven remediation to software companies to speed up releases. The post Emphere Raises $2.1 Million for AI-Powered Vulnerability Remediation appeared first on SecurityWeek .SECURITYWEEK.COM
7 JunHands on with Intelligent Terminal, an AI-powered Windows TerminalMicrosoft has created an open-source fork of Windows Terminal called "Intelligent Terminal," and it allows you to use AI directly inside Terminal without interfering with the regular session. [...]BLEEPINGCOMPUTER.COM
6 JunCybersecurity Today Month in Review: Microsoft Zero-Days, AI DeregulationHost Jim Love and panelists David Shipley, Laura Payne, and Jeff Williams discuss a researcher ("Chaotic/Nightmare Eclipse") publicly disclosing multiple Windows zero-days affecting components including Defender and BitLocker, frustration with Microsoft's vulnerability disclosure…CYBERSECURITYTODAY.LIBSYN.COM
6 JunAI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 BugsTwo things landed within days of each other this week. A security startup reported 21 previously unknown vulnerabilities in FFmpeg, the media library inside almost everything that touches video, all of them found by an autonomous AI agent. The same week, Google shipped Chrome 149…THEHACKERNEWS.COM
6 JunMiasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain AttackMicrosoft's GitHub repositories have become the latest to fall victim to the ongoing Miasma self-replicating supply chain attack campaign. The incident impacted 73 Microsoft repositories across four of its GitHub organizations, including Azure, Azure-Samples, Microsoft, and Micro…THEHACKERNEWS.COM
6 JunPresident Trump signs an executive order on AI oversight.Anthropic is reportedly helping the NSA deploy Mythos. Acer warns of two maximum-severity zero-days.THECYBERWIRE.COM
5 JunNew HTTP/2 Bomb Attack, Trump's AI Security Reviews, Android Zero-Day & The Patching CrisisA newly disclosed attack called HTTP/2 Bomb can crash major web servers in seconds using a single computer and a modest internet connection. Researchers say the attack combines two known techniques into a powerful memory-exhaustion exploit affecting widely used platforms includin…CYBERSECURITYTODAY.LIBSYN.COM
5 JunAI tools becoming hot commodities on ransomware marketplacesSales of AI-based tools is accelerating within underground ransomware marketplaces, lowering the barrier to entry for new actors in the process. An analysis of Telegram channels, 20 dark web forums, and five underground markets by anti-ransomware platform vendor Halcyon found tha…CSOONLINE.COM
5 JunAgentGG: Open-source agentic SAST scannerStatic analysis tools have spent years matching source code against known-bad patterns and handing engineers long lists of candidate issues to triage by hand. AgentGG approaches the same job with AI agents that read the code, follow imports, walk the call graph, and confirm a fin…HELPNETSECURITY.COM
5 JunThieves can pull off keyless car theft in under a minute and here’s how to stop themA keyless car can be stolen in under a minute. Two people, a pair of cheap radio amplifiers, and a fob sitting on a hallway table inside the house. That is enough. No broken glass. No alarm. No sound. Most keyless cars remain vulnerable The vulnerability runs across the global ma…HELPNETSECURITY.COM
5 JunNew infosec products of the week: June 5, 2026Here’s a look at the most interesting products from the past week, featuring releases from Asimily, depthfirst, Diligent, Hyland, MazeBolt, and Noma. Asimily turns device risk into automated network policy Asimily has launched Segmentation Orchestration, enabling connected-device…HELPNETSECURITY.COM
5 JunChrome 149 Patches 429 VulnerabilitiesOver 100 bugs are critical or high-severity, mainly use-after-free and insufficient validation of untrusted input flaws. The post Chrome 149 Patches 429 Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
5 JunAttackers obtained encrypted password vaults from some Dashlane user accountsDashlane has disclosed new details about a brute-force attack that let a threat actor access some customer accounts and copy encrypted vaults. Dashlane said it found no evidence that the attackers compromised its internal systems. The company first acknowledged the incident on Ma…HELPNETSECURITY.COM
5 JunBinary Choice Researcher Or Threat ActorMicrosoft stated that uncoordinated vulnerability disclosures, especially those including proof-of-concept exploit code before patches exist, can create real-world risk by enabling attackers to weaponize vulnerabilities faster. The debate reflects a long-standing conflict in cybe…YOUTUBE.COM
5 JunEU unveils tech sovereignty package to cut reliance on US, Chinese suppliersThe package bundles two draft laws — a Chips Act 2.0 and a Cloud and AI Development Act (CADA) — alongside an Open Source Strategy and a roadmap for digitalizing the energy system.THERECORD.MEDIA
5 JunIn Other News: Anthropic Maps AI Threats, Unpatched Comodo Flaw, Palantir Chief Eyed for CISAOther noteworthy stories that might have slipped under the radar: Ultrahuman data leak, The Gentlemen ransomware analysis, Hola Browser bundles miner. The post In Other News: Anthropic Maps AI Threats, Unpatched Comodo Flaw, Palantir Chief Eyed for CISA appeared first on Security…SECURITYWEEK.COM
5 JunSeeking Counsel: Ongoing Targeted Campaign Against US Law FirmsWritten by: Chad Reams, Tufail Ahmed, Keith Knapp, Ashley Frazer, Tyler McLellan Introduction From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as "Luna Moth," “Chatty Spid…CLOUD.GOOGLE.COM
5 JunNightmare Eclipse incident shows the researcher-vendor fights may never fully go awayWhen a researcher went public with Microsoft vulnerabilities, it laid bare a conflict that has never really been solved. The post Nightmare Eclipse incident shows the researcher-vendor fights may never fully go away appeared first on CyberScoop .CYBERSCOOP.COM
5 JunCisco warns zero-day flaw in SD-WAN is being exploitedThe company cautioned that no current patches are available and the flaw could allow an attacker to conduct command injection attacks.CYBERSECURITYDIVE.COM
5 JunSprawling new House AI bill includes frontier model oversight, open-source security grantsThe legislation has already drawn widespread criticism for its proposal to preempt state AI laws.CYBERSECURITYDIVE.COM
5 JunAndroid Spyware Asin Targets Arabic Users via Fake News, PDF and War Map AppsArabic-speaking users have emerged as the target of a new Android spyware codenamed Asin, according to findings from ESET. The Slovakian cybersecurity company said it first detected the malware spread via multiple campaigns in early 2025, with each attack wave making use of disti…THEHACKERNEWS.COM
5 JunOWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in SecondsCVE Lite CLI is a free, open-source command line tool that scans your projects in seconds and tells you exactly which included packages contain a vulnerability. The post OWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in Seconds appeared first on Sec…SECURITYWEEK.COM
5 JunPatching fast and slow: Ruby devs delay to defend against supply chain attackThe team behind RubyGems, a package hosting site for Ruby developers, has added a new feature to bundler, a tool for managing Ruby packages (or ‘gems’) to protect developers against the recent wave of software supply chain attacks : A cooling-off period before recently updated pa…CSOONLINE.COM
5 JunBuilding secure B2C applications with fine-grained access control using Amazon Cognito and Amazon Verified PermissionsModern web applications require robust security controls to protect user data and application resources. Authentication and authorization are two fundamental pillars of application security that answer critical questions: Who are you? and What are you allowed to do? Implementing …AWS.AMAZON.COM
5 JunCISA: Hackers now exploit SolarWinds Serv-U flaw to crash serversCISA warned today that hackers are now actively exploiting a recently patched high-severity SolarWinds Serv-U flaw to crash servers. [...]BLEEPINGCOMPUTER.COM
5 Jun KEVSeven Cisco Zero-Days AlreadyThis discussion covers another actively exploited Cisco SD-WAN vulnerability affecting Cisco Catalyst SD-WAN Manager. According to the clip, this marks the seventh SD-WAN zero-day reported in 2026. Successful exploitation can allow authenticated attackers to execute commands as r…YOUTUBE.COM
5 JunLocal AI, Salesforce, Fluttershell, Aspose, http/2, Cisco, Used Tech, Josh Marpet - SWN #587Local AI, Salesforce, Fluttershell, Aspose, http/2 bomb, Passwords, Cisco, Used Tech, Josh Marpet, and More on this episode of the Security Weekly News Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-587YOUTUBE.COM
5 JunCybersecurity Hygiene Reinforced by the 2026 Verizon DBIRThe 2026 Verizon DBIR highlights how CIS Controls and CIS Benchmarks strengthen cybersecurity hygiene and defend against today’s top attacks.CISECURITY.ORG
4 JunBeware the ‘son of Mythos,’ security experts warnLONDON — Enterprise security teams were urged by security experts at Infosecurity Europe to brace for impact as both Anthrophic and OpenAI expand access to their frontier AI models for vulnerability discovery. Anthropic, in particular, is significantly expanding Project Glasswing…CSOONLINE.COM
4 JunHole in GitHub’s browser-based VSCode editor could lead to stolen tokenA vulnerability in GitHub’s browser-based VSCode editor could lead to the theft of a developer’s token under certain circumstances, says a researcher. The issue, revealed this week in a blog by Ammar Askar , has apparently been already addressed by GitHub owner Microsoft. But it …CSOONLINE.COM
4 JunHearing Is no longer believing.This week, hosts of N2K CyberWire ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ and⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ alongside ⁠⁠…THECYBERWIRE.COM
4 JunCISA directive for AI executive order to be released this week, Andersen saysThe binding operational directive will focus in part on “vulnerability alleviation and vulnerability management,” Andersen said in remarks delivered at the TechNet Cyber conference in Baltimore.THERECORD.MEDIA
4 JunCisco Warns of Available PoC for Critical Unified CM VulnerabilityThe high-severity flaw can be exploited remotely, without authentication, in server-side request forgery (SSRF) attacks. The post Cisco Warns of Available PoC for Critical Unified CM Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
4 JunVS Code Vulnerability Allows One-Click GitHub Token TheftA researcher has disclosed the full details of the vulnerability and released a PoC without notifying Microsoft in advance. The post VS Code Vulnerability Allows One-Click GitHub Token Theft appeared first on SecurityWeek .SECURITYWEEK.COM
4 JunFrom critical to controlled: Cutting vulnerabilities in a live manufacturing environmentA vulnerability scanner flags a critical CVSS 10 vulnerability on an industrial asset. The report lands in the boss’ inbox and now he wants to know why we’re sitting on a critical vulnerability. In a normal IT environment, you patch it then close the ticket and call it a day. If,…HELPNETSECURITY.COM
4 JunFake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDSCybersecurity researchers have flagged a large-scale operation that impersonates open-source and freeware projects to funnel unsuspecting users through a Traffic Distribution System (TDS) and deliver malware families like Remus Stealer, AnimateClipper, and the SessionGate framewo…THEHACKERNEWS.COM
4 JunOver 1.4 Million Accounts Disrupted in Cybercrime CrackdownLaw enforcement and tech companies disrupted infrastructure linked to scammers operating across Southeast Asia. The post Over 1.4 Million Accounts Disrupted in Cybercrime Crackdown appeared first on SecurityWeek .SECURITYWEEK.COM
4 JunCisco warns of critical Unified CM flaw with PoC exploit codeCisco has released security updates to patch a critical-severity Unified Communications Manager (Unified CM) flaw that allows attackers to gain root privileges. [...]BLEEPINGCOMPUTER.COM
4 JunInfosecurity Europe: Mythos Outperforms GPT5.5 on Google Chrome Vulnerability Exploits, Says New BenchmarkA Bugcrowd researcher has unveiled ExploitBench, an independent benchmark of AI models for vulnerability exploitationINFOSECURITY-MAGAZINE.COM
4 JunResearchers built AI worm that can adapt to infect diverse devicesResearchers at the University of Toronto have unveiled an AI-powered computer worm capable of autonomously adapting its attack methods as it moves through a network. The proof-of-concept malware was built using publicly available open-weight AI models, showing that advanced offen…CYBERINSIDER.COM
4 JunMirasvit Vulnerability Exploited to Execute Code on Magento ServersA flaw in the Full Page Cache Warmer extension can be exploited without authentication via serialized PHP object payloads. The post Mirasvit Vulnerability Exploited to Execute Code on Magento Servers appeared first on SecurityWeek .SECURITYWEEK.COM
4 JunResearcher publishes GitHub token-stealing exploit, blames Microsoft’s disclosure processThe security researcher, Ammar Askar, released the new proof-of-concept exploit on his personal blog — alongside the public tracker for issues in VS Code — giving a GitHub security contact roughly one hour's notice beforehand.THERECORD.MEDIA
4 JunHackers Are After the Gaps in Your Vulnerability Program: Here's Their PlaybookThreat actors are actively teaching newcomers how to find, exploit, and profit from vulnerable systems. Flare explores what a popular underground hacking tutorial reveals about modern attacker workflows. [...]BLEEPINGCOMPUTER.COM
4 JunHow the “Swiss Cheese” model can help you choose the right MDR providerNot all managed detection and response (MDR) solutions are equal. Finding the differences between vendors can be quite hard, and then understanding how those differences impact your business can be even harder. For instance, you may come across an MDR provider whose pricing is ba…RAPID7.COM
4 JunCrowdStrike, Palo Alto Networks defy estimates as AI fuels cyber demandThe cybersecurity sector has been under perceived pressure due to accelerating deployment of AI tools.CYBERSECURITYDIVE.COM
4 JunOpenAI responds to White House executive order on AI governanceOpenAI has proposed mandatory federal evaluations of the most capable AI models before public release while arguing that regulators should stop short of deciding whether those systems can be deployed, staking out a middle ground in the debate over how frontier AI should be govern…CSOONLINE.COM
4 JunEverest Forms Pro Vulnerability Allows Remote Code Execution on WordPress SitesCritical Everest Forms Pro RCE flaw exploited to create rogue WordPress admin accountsINFOSECURITY-MAGAZINE.COM
4 JunMeta’s own AI chatbot to blame for Instagram accounts being stolen in secondsHackers have been hijacking Instagram accounts at scale by exploiting Meta's AI support chatbot. And, as if that weren't bad enough, the technique required no technical skill whatsoever. Read more in my article on the Fortra blog.FORTRA.COM
4 JunGain visibility into DDoS attacks with flow logs in AWS Shield AdvancedReconstructing distributed denial of service (DDoS) attack traffic used to mean combining data from multiple sources after the fact. AWS Shield Advanced attack flow logs change that—they capture traffic metadata during attacks so you can pinpoint sources, verify mitigations, and …AWS.AMAZON.COM
4 JunTenable joins Anthropic’s Project Glasswing to advance AI-era cyber defenseBy participating in Project Glasswing and working with Claude Mythos Preview, Tenable can help customers better understand how emerging frontier AI models behave, their evolving risks and benefits for cybersecurity, and the kinds of controls organizations will need as AI adoption…TENABLE.COM
4 JunNot every headhunter is hiring.The Five Eyes issue a rare joint warning on China. Jen Easterly weighs in on Trump’s AI EO. Researchers warn everyday notifications can become AI attack vectors. IronWorm is a sophisticated Rust-based infostealer targeting software developers. Cisco patches a critical vulnerabili…THECYBERWIRE.COM
4 JunTrump considers Palantir exec to lead CISAShyam Sankar, the chief technology officer at Palantir Technologies, has emerged as a lead contender for the long vacant Cybersecurity and Infrastructure Security Agency (CISA) director role, according to the sources, who requested anonymity to discuss the administration’s search…THERECORD.MEDIA
3 JunAnthropic grants Project Glasswing access to 150 more companies, with a focus on critical infrastructureAnthropic on Tuesday announced that it was adding 150 more companies to its Project Glasswing AI-based vulnerability hunting initiative, with a particular focus on critical infrastructure companies including those involved in “power, water, healthcare, communications and hardware…CSOONLINE.COM
3 JunCarnival Data Breach Exposes Millions as Microsoft Backs Down on Researcher ThreatsCybersecurity Today for June 2, 2026. Microsoft has backed away from its hard-line stance against vulnerability researchers after widespread criticism from the security community. The dispute began after independent researcher Nightmare Eclipse published proof-of-concept code for…CYBERSECURITYTODAY.LIBSYN.COM
3 JunRisky Business #840 -- Microsoft walks back researcher threatsOn this week’s show special guest co-host Andy Boyd joins Patrick Gray and James Wilson to discuss the week’s cybersecurity news. Andy is the CEO of REDLattice, which makes the Paragon “intelligence collection and reconnaissance” solution. They cover: Adversaries are tracking US …RISKY.BIZ
3 JunWhat AI Security Research Actually Looks Like with John Zenick of Harmonic SecurityJohn Zenick started his cybersecurity journey modding a Nintendo Wii in middle school. He is now an AI Security Researcher at Harmonic Security and a Teaching Fellow at Harvard, and joins our show to discuss everything AI! Even though we're a marketing podcast, of course we love …THECYBERWIRE.COM
3 JunKnown vulnerabilities behind most application security incidentsEight in ten organizations took an application security hit during the past year tied to a vulnerability their team had already cataloged, according to a survey of 902 IT and security professionals conducted by the Cloud Security Alliance. The pattern points to a structural condi…HELPNETSECURITY.COM
3 JunVS Code zero-day lets hackers steal GitHub tokens in one clickA security researcher has released exploit code for a Visual Studio Code (VS Code) zero-day vulnerability that allows attackers to steal GitHub authentication tokens by tricking users into clicking a link. [...]BLEEPINGCOMPUTER.COM
3 JunSupply Chain Attacks: Open Source or Open Door?In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠⁠Sherrod DeGrippo⁠ is joined by Allie Luhrs and Mario Samolis from Microsoft Security to explore the growing threat of open source software supply chain attacks. They discuss how malicious NPM packages, comprom…THECYBERWIRE.COM
3 JunMazeBolt brings AI-generated attack simulation to DDoS security testingMazeBolt has announced the launch of RADAR VectorAI, a new MazeBolt module that creates AI-generated DDoS attacks. As AI outpaces human response, enterprises need to have access to validated DDoS vulnerability data about both known and AI-generated attack vectors. Mythos has rais…HELPNETSECURITY.COM
3 JunGoogle adds a silent check to catch scammers posing as your contactsAndroid is introducing fake call detection to help protect users from impersonation scams. The feature can detect and flag suspected spoofed calls when both parties use Phone by Google on Android 12 or later. It will roll out globally this month, starting with Pixel devices. Stor…HELPNETSECURITY.COM
3 JunAnthropic expands Project Glasswing to 150 organizations in more than 15 countriesAnthropic is expanding Project Glasswing, its cybersecurity initiative built around the Claude Mythos Preview model, by adding about 150 organizations following several weeks of work with its initial group of partners, security firms, open-source maintainers, and government agenc…HELPNETSECURITY.COM
3 JunNew HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & CloudflareCybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. The vulnerability has been codenamed HTTP/2 Bomb by Calif. "The vulnerable behavior exists in …THEHACKERNEWS.COM
3 JunLessons from the Canvas cyberattackCanvas cyberattack: Who, what, when, how? What and when? Over May 6 and 7, 2026, Canvas learning management system (LMS) users were served up a defaced web page in place of the expected login page. The altered web page displayed a warning by the ShinyHunters criminal hacker and e…CSOONLINE.COM
3 JunScaling to $100M as the Security Weekly Index Hits an All Time High - Joshua Gould - BSW #450The ultimate goal, scale a company to $100M and go IPO. Easier said than done. We've seen some make it and others that get stuck. What's he difference? Joshua Gould, CEO at thebigword, joins Business Security Weekly to discuss how to scale to $100M. From startup to platform, Josh…YOUTUBE.COM
3 JunMicrosoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure BacklashMicrosoft has responded to backlash over its initial threats of legal action against researchers who publicly disclose zero-day vulnerabilities without coordinated notification. The controversy concerns a researcher known online as Chaotic Eclipse and Nightmare Eclipse, who in re…SECURITYWEEK.COM
3 JunAI may finally unlock the cyber budgets CISOs have wanted for yearsFor nearly two decades, cybersecurity leaders have faced the same reality: No matter how catastrophic the latest breach, ransomware attack, or nation-state intrusion, security spending often struggled against competition with every other business priority. AI may finally be chang…CSOONLINE.COM
3 JunNew cyber force would cost up to $11 billion to start, commission saysThe military branch would take 12 to 18 months to get up and running and also include roughly 5,000 members of the National Guard and up to 6,000 civilians, according to the commission.THERECORD.MEDIA
3 JunNew “HTTP/2 Bomb” attack can exhaust server memory in secondsResearchers have disclosed a new denial-of-service (DoS) technique dubbed HTTP/2 Bomb, a memory-exhaustion attack that can render major web servers inaccessible within seconds. The attack affects the default HTTP/2 configurations of nginx, Apache HTTP Server, Microsoft IIS, Envoy…CYBERINSIDER.COM
3 JunPolice dismantles 9 crime groups in illegal streaming crackdownEuropean and international law enforcement agencies have dismantled nine organized crime groups and arrested 29 suspects in a major crackdown on illegal streaming operations. [...]BLEEPINGCOMPUTER.COM
3 Jun‘HTTP/2 Bomb’ Exploit Knocks Web Servers Offline in SecondsThe default HTTP/2 configuration of major web servers is vulnerable to an attack chain combining a compression bomb and a Slowloris-style hold. The post ‘HTTP/2 Bomb’ Exploit Knocks Web Servers Offline in Seconds appeared first on SecurityWeek .SECURITYWEEK.COM
3 JunMicrosoft wants to put AI agents on a short leashAs enterprises race to adopt AI agents across software development workflows, Microsoft is rolling out new controls aimed at keeping the transformation from becoming a security headache. At its annual developer conference, Microsoft Build, the company unveiled a set of initiative…CSOONLINE.COM
3 JunThe sorry state of skill distributionPublic skill marketplaces are being flooded with malicious skills that steal credentials, exfiltrate data, and hijack agents. In response, a segment of the security industry released skill scanners, a new family of tools designed to detect malicious skills before they’re installe…TRAILOFBITS.COM
3 JunAcer working to patch max severity zero-days in Wave 7 routersAcer is working to address two maximum-severity zero-day vulnerabilities affecting its Wave 7 mesh routers. [...]BLEEPINGCOMPUTER.COM
3 JunOrganizations Warned of Exploited Linux Kernel VulnerabilityAn improper authentication bug allows attackers to escalate their privileges and escape containers. The post Organizations Warned of Exploited Linux Kernel Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
3 JunBeyond the Zero-Day: See Your Network Like an Attacker | Webinar with HD MooreAssume the breach. Zero-days keep shipping, AI is writing exploits faster than anyone patches, and "patch everything in time" stopped working years ago. Stop betting the org on winning that race. You don't control which bug lands. You control what it can reach once it does. That …THEHACKERNEWS.COM
3 JunKirki, Burst Statistics WordPress Plugin Flaws in Attackers’ CrosshairsThreat actors are exploiting vulnerable Kirki and Burst Statistics deployments to elevate privileges and take over websites. The post Kirki, Burst Statistics WordPress Plugin Flaws in Attackers’ Crosshairs appeared first on SecurityWeek .SECURITYWEEK.COM
3 JunSimplify security management with CIS SecureSuite PlatformNew operating systems prioritize usability, a reality which threat actors use to exploit security gaps. Every misconfiguration creates an opportunity for compromise, and lean teams struggle in their security management efforts to harden hundreds or thousands of endpoints. CIS Sec…HELPNETSECURITY.COM
3 JunAutonomous AI-driven worm can reason its way through corporate networksResearchers at the University of Toronto, the Vector Institute, and the University of Cambridge have built and tested a proof-of-concept AI-driven worm that does not operate on a fixed list of exploits. Instead, it analyzes each target it encounters, reasons about how to attack i…HELPNETSECURITY.COM
3 JunOne-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth TokensCybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user's GitHub token. "Just by clicking a link, it's possible for an attacker to steal a GitHub token that can read and write to your repos, inc…THEHACKERNEWS.COM
3 JunInfosecurity Europe: Vulnerability Management Innovator Konvu Wins Cyber Startup AwardInaugural Infosecurity Europe Cyber Startup Award Winner Impresses Panel with Ability Help Prioritize Vulnerabilities in AI eraINFOSECURITY-MAGAZINE.COM
3 JunMicrosoft responds to security challenges facing code, AI agents, and modelsMicrosoft has introduced a series of security tools and capabilities focused on AI-driven vulnerability discovery, AI agents, and AI models. The updates include a multi-agent vulnerability discovery system, new controls for managing and securing AI agents, data protection capabil…HELPNETSECURITY.COM
3 JunCISA warns of active attacks exploiting Android, Linux bugsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are exploiting vulnerabilities in the Linux kernel and Android operating system. [...]BLEEPINGCOMPUTER.COM
3 JunWhen Pages Hijack AI ResponsesAI assistants that summarize third-party content may render markdown links and images from those sources directly in their response UI. These elements can be displayed as clickable or embedded content inside what users perceive as a trusted assistant interface. A malicious page c…YOUTUBE.COM
3 JunOver 100 Dutch hotels hit by breach exposing guest reservation dataMore than 100 hotels in the Netherlands have been impacted by a data breach that exposed guest and reservation information. The stolen data enabled cybercriminals to send convincing phishing messages to travelers, while similar incidents have also been reported by hotels in Belgi…CYBERINSIDER.COM
3 JunA Day in the Life of an MDR Analyst: Inside the Modern SOCWhat actually happens inside a SOC when an incident unfolds? Most teams see the alerts and the outcomes, but the decision-making in between is often less visible. At the Rapid7 2026 Global Cybersecurity Summit, the signature session Inside the Modern SOC: Who Carries You Through …RAPID7.COM
3 JunThe AI race gets a referee.AI oversight arrives at the White House. A Cyber Force gains momentum. Critical infrastructure comes under cyberattack. Acer faces zero-day trouble. A stock exchange executive gets spied on for months. HTTP/2 Bomb threatens web servers. Quantum’s classical side grows bigger. Brit…THECYBERWIRE.COM
2 JunTrusting the wrong package.Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Selena Larson⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Proofpoint⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ intelligence analyst and host of their podcast ⁠⁠…THECYBERWIRE.COM
2 JunDashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users DownloadedPassword manager Dashlane has disclosed that "fewer than" 20 users on the personal subscription plan had their encrypted vaults downloaded following a brute-force attack launched by an unknown party. On May 31, 2026, the company said an "external" threat actor launched a brute-fo…THEHACKERNEWS.COM
2 JunWhy you need BAS and autonomous pentesting togetherMost security teams know the drill: A new autonomous penetration testing tool gets deployed, and the first run is genuinely impressive. The dashboard surfaces critical findings, maps lateral movement paths nobody had documented before, and exposes a legacy service account that ha…HELPNETSECURITY.COM
2 Jun175: BayrobIt started with a fake car listing on eBay. What looked like a simple online scam quietly grew, over more than a decade, into one of the most sophisticated cybercrime operations the FBI had ever traced. Custom malware. Opsec off the charts. Fleets of infected computers mining cry…DARKNETDIARIES.COM
2 Jun7 tabletop exercise mistakes that sabotage incident responseDiscussion-based, low-stress simulations during which IT, legal, and other key leadership stakeholders walk through theoretical scenarios to test their preparedness for cyber incidents is a popular and highly useful tool. Yet unless tabletop training is properly handled, the resu…CSOONLINE.COM
2 JunDashlane Brute-Force Attack Leads to Limited Encrypted Vault DownloadsDashlane’s security systems automatically locked accounts to protect them against the hacking attempts. The post Dashlane Brute-Force Attack Leads to Limited Encrypted Vault Downloads appeared first on SecurityWeek .SECURITYWEEK.COM
2 JunPakistan-Linked SideCopy Targets Afghanistan Finance Ministry with Xeno RATCybersecurity researchers have disclosed details of a spear-phishing campaign likely undertaken by the Pakistan-aligned SideCopy group targeting Afghanistan's Ministry of Finance with an open-source remote access trojan called Xeno RAT. "The campaign opens with a spear phishing d…THEHACKERNEWS.COM
2 JunAttack targeting OpenAI Codex users exposes AI software supply chain risksA malicious npm package posing as a remote user interface for OpenAI Codex exfiltrated developer authentication tokens, after attackers allegedly published code to npm that was not visible in the project’s public GitHub repository. Researchers at Aikido said the package, called c…CSOONLINE.COM
2 JunThe Manhattan Institute Helped Kill DEI. Now It’s Coming for ProtestsThe right-wing think tank is actively pushing “civil terrorism”—increasing penalties for minor crimes committed while people engage in constitutionally protected free speech.WIRED.COM
2 JunRed Hat npm packages compromised in new Mini Shai-Hulud malware waveUnknown attackers have compromised 30+ Red Hat Cloud Services npm packages with malware that goes after credentials stored in developers’ build environment. What the malware stole and how it can spread further The compromised packages were published in two different GitHub …HELPNETSECURITY.COM
2 JunMicrosoft Threatening Security ResearcherAn anonymous security researcher called “Nightmare Eclipse” has been publishing a series of significant security exploits against Microsoft Windows—including one that breaks BitLocker. Microsoft has threatened legal action against the researcher. Lots of recrimi…SCHNEIER.COM
2 JunMeta AI Hands Over High-Profile Instagram Accounts to HackersExploiting a confused deputy weakness, the hackers simply asked the chatbot to link the account to a new email address. The post Meta AI Hands Over High-Profile Instagram Accounts to Hackers appeared first on SecurityWeek .SECURITYWEEK.COM
2 Jun KEVGoogle fixes one actively exploited Android zero-day, 124 flawsGoogle has released the June 2026 Android security patches to address 124 vulnerabilities, including one zero-day flaw exploited in targeted attacks. [...]BLEEPINGCOMPUTER.COM
2 JunAI-Driven Exploitation is Destroying Vulnerability Management. Here’s How to Handle It.AI-driven exploitation timelines are rapidly shrinking, and they are not going to stop shrinking. Vulnerabilities are being discovered, reproduced, and weaponized faster than ever in the history of enterprise security. As a result, the window between a vulnerability being disclos…THEHACKERNEWS.COM
2 JunInfected Red Hat npm packages expose developer credentialsDevelopers who pulled packages from Red Hat’s @redhat-cloud-services npm namespace over the weekend got a secret-stealing worm instead. Security researchers from several cybersecurity outlets are warning of a new supply chain attack compromising over 30 Red Hat Cloud Services-rel…CSOONLINE.COM
2 Jun KEVCISA flags two-year-old Oracle flaw as actively exploited in attacksCISA has ordered government agencies to secure their systems against a high-severity Oracle WebLogic Server vulnerability that was patched two years ago and is now actively exploited in attacks. [...]BLEEPINGCOMPUTER.COM
2 JunCritical Vulnerability in HP VoIP Phones Enables Enterprise Network BreachesA stack-based buffer overflow bug can be exploited for remote code execution on a vulnerable device. The post Critical Vulnerability in HP VoIP Phones Enables Enterprise Network Breaches appeared first on SecurityWeek .SECURITYWEEK.COM
2 JunCodex knowledge work expands into research, reports, and spreadsheetsOffice workers in the United States lose hours each week to email triage and to searching for files spread across disconnected systems. Roughly 40 percent of US labor, about 72 million people, works primarily with information such as analysis, documents, designs, and communicatio…HELPNETSECURITY.COM
2 JunEuro-Office adds encrypted email provider Tuta ahead of public releaseTuta has announced that it has joined the Euro-Office project, a European initiative developing an open-source, cloud-based office suite designed to reduce dependence on Microsoft and Google services. The announcement has been released just one week before the launch of Euro-Offi…CYBERINSIDER.COM
2 JunDashlane confirms user vaults were copied by hackers in recent attackDashlane has disclosed that attackers were able to download copies of encrypted password vaults for a small subset of users during a brute-force attack that targeted customer accounts over the weekend. The company says the incident did not involve a breach of its internal systems…CYBERINSIDER.COM
2 JunNoma brings visibility and access governance to AI agents and MCP serversNoma has announced the launch of Noma Agent Access Control, which helps security teams discover, govern, and enforce access policies for AI agents and Model Context Protocol (MCP) servers throughout the enterprise. AI agents and MCP servers have proliferated across developer envi…HELPNETSECURITY.COM
2 JunTuskira Quell identifies, mitigates, and validates zero-day risk before breachTuskira launched Quell, its exposure-led zero-day defense capability. Quell helps enterprises survive the window between a zero-day’s disclosure and a patch by determining which zero-days are reachable in their environment, whether existing controls would stop them, and whi…HELPNETSECURITY.COM
2 JunMeta adds stricter guardrails for teen feedsMeta has expanded its Teen Accounts 13+ content settings globally on Instagram, Facebook, and Messenger. The safeguards are designed to help young users see age-appropriate content by default. The company also introduced Limited Content on Instagram for parents seeking stricter r…HELPNETSECURITY.COM
2 JunAnthropic scales Claude Mythos to critical infrastructure in 15+ countriesAnthropic is expanding Project Glasswing, its security vulnerability program, and access to Mythos to 150 organizations across 15 countries — targeting critical infrastructure in power, water, healthcare, and communications where a cyberattack could affect 100 million people.TECHCRUNCH.COM
2 JunAnthropic shares Mythos with 150 more organizations, including critical infrastructure operatorsThe AI firm also said it’s exploring how to help open-source developers deal with a flood of vulnerability reports.CYBERSECURITYDIVE.COM
2 JunPassword manager Dashlane says hackers stole some customers’ password vaultsThe password manager giant said hackers were able to 'brute-force' its two-factor system, allowing them to access customer accounts and download their password vaults.TECHCRUNCH.COM
2 JunSecure multi-tenant AI agents with Amazon Bedrock AgentCore resource-based policiesSoftware as a service (SaaS) providers building AI-powered applications on Amazon Bedrock AgentCore often need to serve multiple tenants with distinct security requirements from a shared infrastructure. Some tenants require cross-account access from their own Amazon Web Services …AWS.AMAZON.COM
2 JunUnpatched NTLM Coercion in Windows search: URI Handler, Same Bug, No CVE, No FixThe same NTLM coercion primitive that got patched in the Snipping Tool exists in Windows Explorer's search: handler. No CVE. No fix. If your patching relies on CVE coverage, you have a blind spot.HUNTRESS.COM
2 JunTwo New Reports Offer Competing Explanations for Cybersecurity’s Growing CrisisAs AI shortens the path from vulnerability disclosure to exploitation, researchers disagree on whether the problem is inadequate security tools or inadequate operational control. The post Two New Reports Offer Competing Explanations for Cybersecurity’s Growing Crisis appear…SECURITYWEEK.COM
2 JunTrump revives parts of canceled AI order with cybersecurity-focused directiveUS President Donald Trump signed an executive order aimed at strengthening cybersecurity defenses and establishing a voluntary framework for cooperation between the federal government and developers of advanced artificial intelligence models, reviving portions of a broader AI ini…CSOONLINE.COM
2 JunThe Rise of Shadow AISecurity teams once worried about shadow IT and shadow cloud. Now a growing concern is shadow AI: employees using AI services outside approved corporate accounts and workflows. According to the discussion, a large percentage of AI usage may still be occurring through non-corporat…YOUTUBE.COM
2 JunThe bugs are piling up faster than the fixes.A federal watchdog questions NIST over its vulnerability database backlog. Google patches an Android zero-day. Citizen Lab exposes a powerful location-tracking platform. Malware hides commands in Steam comments. Researchers spot AI-assisted malware development. Attackers compromi…THECYBERWIRE.COM
2 JunSN 1081: AI Captured the Flag - Personal AI: Productivity Superpower or Privacy Threat?AI vulnerability discovery just upended the legendary Capture the Flag competitions, leaving top hackers sidelined while algorithms dominate the scoreboard. Hear why one seasoned researcher says the entire game is over for humans. As expected, UnFiOS devices are under attack. CIS…TWIT.TV
1 JunPress Release: CSO30 ASEAN & Hong Kong Awards 2026 open for nominations>The CSO30 ASEAN & Hong Kong Awards return in 2026, as an important moment to recognise the cybersecurity leaders and teams who are making resilience measurable across the region. In a landscape shaped by rapid threat evolution, board-level scrutiny and rising expectations of…CSOONLINE.COM
1 JunGoverning shadow AI without killing innovationIn this Help Net Security video, Alan Snyder, CEO at NowSecure, talks about governing shadow AI without stopping innovation. He frames the problem as two opposing forces. Companies need to adopt AI fast because attackers and competitors will outpace them otherwise, but they also …HELPNETSECURITY.COM
1 Jun145 AI laws passed in 2025 and privacy teams aren’t catching a break145 AI-related laws were enacted by state legislatures in 2025, and more than 1,000 additional bills were introduced or revised, according to DataGrail’s Privacy and AI Trends Report 2026. Average cost of manual data subject request management (Source: DataGrail) Shadow AI …HELPNETSECURITY.COM
1 JunOWASP Agent Memory Guard: Stop AI agents from being weaponized through their own memoryAI agents keep memory across sessions. Conversation history, vector stores, scratchpads, and RAG indexes persist between runs, and anything written into that store becomes a privileged input the agent reads back later. An attacker who plants text in the wrong field can override a…HELPNETSECURITY.COM
1 Jun6 critical security gaps every CISO must addressCISOs acknowledge that no organization is completely safe, but many also admit their security measures aren’t where they’d like them to be. One-third of CISOs surveyed for Proofpoint’s 2025 Voice of the CISO Report said the data within their organization is not adequately protect…CSOONLINE.COM
1 JunAsimily turns device risk into automated network policyAsimily has launched Segmentation Orchestration, enabling connected-device risk intelligence to flow directly into enforceable network policy without manual translation. No other platform combines full asset visibility, vulnerability prioritization, and segmentation orchestration…HELPNETSECURITY.COM
1 Jun KEVPalo Alto Warns High-Severity Bug Is Being Actively ExploitedA vulnerability in Palo Alto Networks’ PAN-OS software is being exploited in attacksINFOSECURITY-MAGAZINE.COM
1 JunNVIDIA goes open source with a big batch of physical AI agent toolsNVIDIA just dropped a big batch of open-source “physical AI” skills and tools, and they’re designed to make a roboticist’s life a whole lot easier. The idea? Take the messy, complicated work behind robots, self-driving cars, vision AI, and industrial digit…HELPNETSECURITY.COM
1 Jun KEVCritical WP Maps Pro Flaw Actively Exploited to Create Admin AccountsThreat actors are attempting to actively exploit a critical security flaw impacting WP Maps Pro, a WordPress plugin that has had over 15,000 sales on the Envato Market, to create malicious administrator accounts on susceptible sites. WP Maps Pro allows site owners to embed custom…THEHACKERNEWS.COM
1 JunHelping defense's use of AI catch up with offense, cost of the vulnpocalypse, news - ESW #461Interview with Evan Powell - Generative and agentic AI are improving cyberattacks faster than they're improving cyber defenses. Offensive folks have been having the most luck with AI so far, which is further eroding any advantage defenders might have had. Evan Powell joins us to …YOUTUBE.COM
1 JunTop 4 data security best practices for the AI-enabled enterpriseTo maximize AI’s value without increasing security risk, organizations must enforce best‑practice data protections across their environment.CYBERSECURITYDIVE.COM
1 JunDashlane hit by brute-force campaign triggering account suspensionsDashlane has confirmed that a brute-force attack over the weekend triggered a wave of account suspension emails, unusual login notifications, and authentication issues. The password manager says the incident was caused by attacks against individual accounts rather than a breach o…CYBERINSIDER.COM
1 JunOpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain AttackCybersecurity researchers have disclosed details of a new malicious supply chain campaign that's targeting developers using OpenAI Codex through a legitimate-looking remote web UI. The tool, named codexui-android, is advertised on GitHub and npm as a remote web UI for OpenAI Code…THEHACKERNEWS.COM
1 Jun19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Accessproof-of-concept (PoC) exploit code has been released for the CIFSwitch flaw, which allows low-privileged users to escalate to root on vulnerable Linux systems. The post 19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Access appeared first on SecurityWeek .SECURITYWEEK.COM
1 JunMicrosoft says it will not pursue security researchers after zero-day backlashMicrosoft said it is taking the feedback seriously, adding: “To be clear about our approach to legal matters, we have no intention to pursue action against individuals conducting or publishing their security research.”THERECORD.MEDIA
1 JunCritical Windows Netlogon RCE flaw now exploited in attacksThe Centre for Cybersecurity Belgium (CCB), the country's national authority for cybersecurity, warned on Friday that threat actors are now exploiting a recently patched critical Windows Netlogon vulnerability in attacks. [...]BLEEPINGCOMPUTER.COM
1 JunMicrosoft Defender Vulnerability Management gets a smarter exposure scoreMicrosoft Defender Vulnerability Management’s updated exposure score model adds vulnerability risk signals and asset context to help teams understand where risk is concentrated and which remediation actions are likely to have the greatest impact. The model is available in public …HELPNETSECURITY.COM
1 Jun KEVHorizon3.ai introduces Rapid Response to prioritize and verify vulnerability remediationHorizon3.ai has introduced Rapid Response, a capability that helps organizations assess exposure to newly disclosed threats, prioritize remediation, and verify that vulnerabilities have been addressed. Security teams are inundated with vulnerability disclosures, threat intelligen…HELPNETSECURITY.COM
1 JunMiasma: Supply Chain Attack Targeting RedHat npm PackagesDetect and mitigate malicious npm packages linked to the latest npm supply chain attack, based on the open sourced Mini Shai-Hulud malware.WIZ.IO
1 JunCritical Flowise Flaw Gives Attackers Full Server ControlObsidian publishes PoC for a 1-click Flowise RCE that can fully compromise self-hosted serversINFOSECURITY-MAGAZINE.COM
1 JunRace Against Time: Why Faster Vulnerability Alerts MatterAttackers are exploiting vulnerabilities faster than many organizations can identify and patch them. SecAlerts explains why faster vulnerability alerts can help reduce exposure and improve response times. [...]BLEEPINGCOMPUTER.COM
1 JunBrute-force attack triggers Dashlane account lockoutsPassword manager Dashlane has confirmed that a brute-force attack targeting user accounts triggered temporary account suspensions and authentication issues. The company first acknowledged the incident on May 31 after users reported receiving account suspension emails and experien…HELPNETSECURITY.COM
1 JunInsight bundles exposure management, patch operations, and XDR into one serviceInsight has launched Insight Managed Exposure Defense, a managed security service designed to help organizations identify and address vulnerabilities. The service aims to help organizations reduce exposure and implement protections without lengthy procurement processes or relianc…HELPNETSECURITY.COM
1 Jundepthfirst adds pre-install protection against malicious dependenciesdepthfirst has introduced Dependency Firewall, a product that reviews every open-source package being downloaded anywhere in a company and blocks the malicious ones before they reach the person or system that requested them. Developers, AI agents, and any employee using Claude, C…HELPNETSECURITY.COM
1 JunCato cuts vulnerability protection time to 45 minutes with agentic threat researchCato Networks announced a new capability that reduces time-to-protect for newly disclosed vulnerabilities to 45 minutes. The company attributes this reduction to the use of agentic threat research designed to accelerate protection against emerging exploits. Traditional appliance-…HELPNETSECURITY.COM
1 Jun⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and MoreMonday hit like a cron job with anger issues. A busted auth path here, a repo-side faceplant there, some "patched-ish" thing already getting chewed on in the wild, and then the usual bonus round: poisoned dev tools, sketchy forum chatter, phishing kits pretending to be productivi…THEHACKERNEWS.COM
1 JunAI Is Reviving Anomaly DetectionSecurity teams are revisiting anomaly detection using architectures inspired by modern large language models. Instead of relying on static signatures or isolated events, these “log LLMs” analyze large behavioral sequences across high-volume telemetry sources such as DNS, WAF logs…YOUTUBE.COM
1 JunPatch Now: Another Palo Alto Auth Bypass Bug Under Active ExploitExploiting the PAN-OS GlobalProtect VPN vulnerability requires certain conditions, but adversaries have done so in two attack waves that started in mid-May.DARKREADING.COM
1 JunEliminate Critical API Attack Paths with Wiz API SPMWiz API SPM is now GA, enabling customers to discover APIs, assess APIs for exploitability, and prioritize remediation to mitigate the risk of an API-related breach.WIZ.IO
1 JunVulnerability Disclosure in the Age of AINew article: “ Responsible Disclosure in the Age of AI: A Call for Urgent Action ,” by Melissa Hathaway. Abstract: Artificial intelligence is fundamentally reshaping the balance between vulnerability discovery and remediation. Frontier AI models are now capable of aut…SCHNEIER.COM
1 JunCritical Netlogon flaw is under active exploitation.Military leaders debate battlefield AI. California sues 23andMe over 2023 data breach.THECYBERWIRE.COM
1 JunBrave’s new AgentStop system reduces wasted AI battery drain by 23%Brave has introduced AgentStop, a new open-source system designed to reduce the energy consumed by local AI agents running on consumer hardware. The technology monitors AI agent behavior in real time and can terminate tasks that are unlikely to succeed, helping conserve battery l…CYBERINSIDER.COM
1 JunHackers Used Meta’s AI Support Bot to Seize Instagram AccountsThe Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions began circulating on Telegram showing how to trick Meta's "AI support assistant" b…KREBSONSECURITY.COM
1 JunDashlane password manager users locked out by brute force attacksMultiple Dashlane users have been locked out of their accounts following brute-force attacks that attempted logins from distant locations and unknown devices. [...]BLEEPINGCOMPUTER.COM
1 JunMicrosoft's Zero-Day Legal Threats Spark BacklashAfter a disgruntled security researcher published several zero-day exploits in recent weeks, Microsoft seemingly indicated criminal charges were in order.DARKREADING.COM
31 MayWeek in review: Infostealer dropped via FortiClient EMS flaw, exploited Trend Micro Apex One flawHere’s an overview of some of last week’s most interesting news, articles, interviews and videos: Coinflow CISO on crypto payments security under AI pressure Crypto payment firms sit near the top of the target list for advanced persistent threat groups, and the workload on their …HELPNETSECURITY.COM
31 MayWP Maps Pro bug exploited to create admin accounts on WordPress sitesHackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue administrator accounts without authentication. [...]BLEEPINGCOMPUTER.COM
30 MayLaw enforcement and industry disrupt criminal infrastructure.Researchers blame Iranian government for LA transit authority hack. Extortion group sends individuals to infiltrate organizations in person.THECYBERWIRE.COM
30 MayNew CIFSwitch Linux flaw gives root on multiple distributionsA newly discovered local privilege escalation vulnerability dubbed 'CIFSwitch' in the Linux kernel could allow attackers to forge CIFS authentication key descriptions, abuse the kernel's key request mechanism, and gain root privileges. [...]BLEEPINGCOMPUTER.COM
30 MayExploit Code Published for Critical Flowise RCE VulnerabilityThe one-click vulnerability allows attackers to execute arbitrary code on self-hosted Flowise servers by tricking users into importing a malicious chatflow. The post Exploit Code Published for Critical Flowise RCE Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
29 MayLack of response to critical vulnerability in Gogs is a reminder of the limits of open source projectsA newly discovered and so far unpatched critical vulnerability in the open source Gogs Git service not only demands immediate action from developers to secure their code, it also puts a spotlight on the potential issues in using self-hosted code platforms from small maintainers. …CSOONLINE.COM
29 MayBuilding a risk-based vulnerability management program that scalesIn this Help Net Security video, Shankar Somasundaram, CEO at Asimily, explains how to build a risk-based vulnerability program. He notes that vulnerabilities are exploding by an order of magnitude in the age of AI-driven attacks, with one customer finding a thousand vulnerabilit…HELPNETSECURITY.COM
29 MayGDPR set the tone for regulatory action — and the AI fine pushback to comeBig tech firms continue to push back against fines levied for alleged violations of European data protection law, in what could be a harbinger for AI regulations to come. While lawyers and experts quizzed by CSO broadly argue that big tech firms contesting data protection rules i…CSOONLINE.COM
29 MayAnthropic launches Claude Opus 4.8, prepares Mythos-class models for all customersAnthropic has released Claude Opus 4.8 and outlined plans for broader access to its Mythos-class models, which the company expects to make available to all customers in the coming weeks. Claude Opus 4.8 (Source: Anthropic) Claude Opus 4.8 is available to all users, with pricing u…HELPNETSECURITY.COM
29 MayThe Gentlemen are coming for your files, and then your networkRansomware operators have spent years refining the art of locking files. Now, some are working harder to get those lockers to every reachable system first. Microsoft’s recent warning of the Gentlemen ransomware revealed its operators using a self-propagating Go-based encryptor ca…CSOONLINE.COM
29 MayChinese Hackers Exploit Iran War to Target Maritime and Energy CompaniesESET’s 2026 APT Activity Report suggests China-backed APTs are using instability in the region to target victims, as well as continuing activity against organizations around the globeINFOSECURITY-MAGAZINE.COM
29 MayCybersecurity trends in SEC filingsIn 2023, the Securities and Exchange Commission (SEC) required public companies to include a new section in their 10-K annual filings that is devoted to cybersecurity. This section is meant to address “cybersecurity risk management, strategy, governance and incidents.” I got curi…CSOONLINE.COM
29 May KEVChrome security update addresses 22 critical severity flawsGoogle has released a major Chrome security update that fixes 151 vulnerabilities in the browser, including 22 critical-severity flaws. While no actively exploited zero-days were disclosed, the unusually large number of vulnerabilities and the predominance of internally discovere…CYBERINSIDER.COM
29 MayChrome 148 Update Patches 151 VulnerabilitiesThe browser update resolves critical-severity security defects that could potentially lead to remote code execution. The post Chrome 148 Update Patches 151 Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
29 MayLinkedIn-themed phishing abuses Adobe’s A/B testing platformA newly documented phishing campaign is targeting professionals with fake LinkedIn business emails and abusing a trusted service operated by Adobe. The attack from the victim’s perspective The attack starts with an email that looks, at first glance, like a routine business …HELPNETSECURITY.COM
29 MayGogs Zero-Day Exposes Servers to Remote Code ExecutionThe critical-severity issue, assigned a CVSS score of 9.4, is an argument injection flaw that can be exploited by authenticated attackers via pull requests with malicious branch names. The post Gogs Zero-Day Exposes Servers to Remote Code Execution appeared first on SecurityWeek …SECURITYWEEK.COM
29 MayWith Complex Cloud Integrations, Small Errors Lead to Major CompromisesResearchers discover an exploit chain combining over-permissioned roles, secrets discovery, and non-human identities that could have compromised a popular automation service.DARKREADING.COM
29 May'The Com' Cyberattacks Support Violence &amp; SexploitationYour organization's security failures have consequences for everyone else too, since this neo-Nazi-infested criminal gang uses its cyber winnings to support more violent and widespread crimes.DARKREADING.COM
29 MayMicrosoft calls zero-day releases ‘never justifiable’ as researcher threatens to drop moreEach vulnerability was published with working proof-of-concept code to the Microsoft-owned code repository GitHub, making them immediately available to both attackers and security professionals.THERECORD.MEDIA
29 MayDutch police disrupts botnet composed of 17 million devicesThe Dutch National Police and the country’s National Cyber Security Center (NCSC) have taken offline 200 servers controlling a botnet of 17 million devices, the law enforcement agency announced on Thursday. The investigation was launched after the NCSC received a report by …HELPNETSECURITY.COM
29 MayCertifiably random: Swiss researchers claim perfect random number sourceResearchers in Switzerland claim to have built a perfect random number generator from two quantum superconducting chips, a 30-meter-long pipe, and some software. The resulting device could be used to generate cryptographic keys, or to offer a “public randomness service” for lotte…CSOONLINE.COM
29 MayChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing SurfaceCybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the artificial intelligence (AI) assistant's implicit trust in Markdown links and images to trigger prompt injections and open the door to phishing attacks. The technique has been…THEHACKERNEWS.COM
29 MayTennessee man linked to 764 accused of series of crimes against children dating back to 2022Zachary Sweeney allegedly traveled to New York, Indiana, Missouri and Georgia to meet and harm numerous victims in person. The FBI began investigating him in 2023. The post Tennessee man linked to 764 accused of series of crimes against children dating back to 2022 appeared first…CYBERSCOOP.COM
29 MayMind the gap between IT and OT.Iranian hackers hit LA transit. Chinese cyber operators target Middle East infrastructure. Dutch police take down a 17-million-device botnet. Researchers uncover a phishing risk in ChatGPT. Anthropic prepares its Mythos model for release. Chrome patches 22 critical bugs. Zapier f…THECYBERWIRE.COM
29 MayYour AI Doesn’t Understand AnythingLarge language models are statistical prediction systems trained to generate likely sequences of words based on massive datasets. They do not reason, understand context, or interpret meaning the same way humans do, even when their responses sound conversational or emotionally awa…YOUTUBE.COM
28 MayEmployees are unknowingly inviting tech support impersonators into firms, says FBIOnline or telephone IT support scams have been tricking employees into downloading or clicking on malware for years. But according to the FBI, one group that targets US-based law firms has recently found success in person, by convincing firms to allow a supposed IT support person…CSOONLINE.COM
28 MayGraduation day griftsThis week, hosts of N2K CyberWire ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ and⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ alongside ⁠⁠⁠⁠⁠⁠⁠⁠…THECYBERWIRE.COM
28 MayThe bipartisan case for CISA.This week, Dave and Ben sit down to discuss a growing bipartisan effort to support CISA. Throughout the conversation, the two look at how lawmakers from both sides of the aisle are showing greater support for CISA after the Trump administration cut its budget and workforce. Both …THECYBERWIRE.COM
28 MayCompanies built AI into core systems before figuring out how to govern it70% of organizations use GenAI in live environments, and 64% have AI agents in pilot or production deployments. Some of those agents have privileged access to core systems, according to Check Point’s 2026 Cloud Security Report. Confirmed and suspected AI incidents (Source: Check …HELPNETSECURITY.COM
28 MayCanonical releases Workshop for one-command sandboxed dev environments on UbuntuCanonical released Workshop, a tool that launches sandboxed development environments on Ubuntu with a single command. Environments are configured once and reproduced on different machines, giving teams consistent setups across development workstations and deployment pipelines. A …HELPNETSECURITY.COM
28 MayHottest cybersecurity open-source tools of the month: May 2026Presented here is a curated selection of noteworthy open-source cybersecurity solutions that have drawn recognition for their ability to enhance security postures across diverse settings. Pipelock: Open-source AI agent firewall AI coding agents run with shell access, environment …HELPNETSECURITY.COM
28 MayKemper - 269,299 breached accountsIn April 2026, the American insurance holding company Kemper Corporation was named by the ShinyHunters ransomware group in a "pay or leak" extortion campaign . The attackers allegedly accessed Kemper's Salesforce environment via social engineering as part of a broader campaign ta…HAVEIBEENPWNED.COM
28 MayKetch brings multi-agent AI orchestration to enterprise privacy programsKetch has unveiled its vision for agentic privacy with the Ketch Agent Network, a multi-agent orchestration layer for enterprise privacy programs. The platform is designed to continuously reason across legal obligations, internal policies, and operational realities within a unifi…HELPNETSECURITY.COM
28 MayWhat the industrialization of exploitation means for defendersFor decades, cybersecurity was a battle of skill. Elite attackers versus elite defenders. The rules of engagement were understood, even if the playing field wasn’t level. If you hired better analysts and bought better tools, hopefully you hardened your systems well enough and bui…CSOONLINE.COM
28 MayDownload pumping: New npm deception technique for supply chain attacksLearn how attackers exploit automated bot traffic as part of software supply chain attacks to artificially inflate download counters and mask malicious payloads as legitimate. Key takeaways Volume doesn’t equal trust. Packages with numerous versions and high download counts might…TENABLE.COM
28 MayMicrosoft’s new cloud PCs place AI agents under enterprise controlsMicrosoft’s Windows 365 for Agents, a cloud PC platform for agentic workloads, runs AI agents in secure environments. Organizations can direct agents with natural language to interact with applications, browsers, files, and enterprise systems. The platform is available in public …HELPNETSECURITY.COM
28 MayOil shipments, drone makers, and a poisoned code library targeted in recent APT campaignsGeopolitical pressure drove much of the state-sponsored cyber activity recorded between October 2025 and March 2026, according to ESET’s latest APT Activity Report. Espionage groups aligned with China, North Korea, Russia, and Iran adjusted their targets to match the econom…HELPNETSECURITY.COM
28 MayThe AI governance imperative you can’t afford to ignoreCIOs rushing to roll out AI agents without real visibility into their decision-making processes are flirting with disaster. According to AI experts, deploying agents without observability processes and tools creates a ticking time bomb with the potential for huge negative consequ…CSOONLINE.COM
28 MayDICOM, Pydicom, GDCM, and Orthanc: A technical tour of what really happens in the heapThis white paper presents a concrete case study demonstrating the creation of a heap overflow vulnerability through the exploitation of the DICOM file format.TALOSINTELLIGENCE.COM
28 MayMicrosoft Condemns "Uncoordinated" Zero Day DisclosuresMicrosoft warned the disclosure of several unpatched vulnerabilities without notice has put “customers at unnecessary risk”INFOSECURITY-MAGAZINE.COM
28 MayGitea Vulnerability Exposed 30,000 Deployments to AttacksThe security flaw allowed attackers to pull private container images, exposing source code, credentials, and infrastructure. The post Gitea Vulnerability Exposed 30,000 Deployments to Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
28 May KEVCritical FortiClient EMS Vulnerability Exploited in Fresh AttacksFortinet rolled out hotfixes for the security defect in April, warning that it had been exploited in the wild as a zero-day and urging immediate patching. The post Critical FortiClient EMS Vulnerability Exploited in Fresh Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
28 MayIBM and Red Hat Commit $5 Billion to Secure Open Source Supply Chains Under “Project Lightwell”Project Lightwell is designed to fix vulnerabilities without breaking what is already in production. The post IBM and Red Hat Commit $5 Billion to Secure Open Source Supply Chains Under “Project Lightwell” appeared first on SecurityWeek .SECURITYWEEK.COM
28 MayQumulo NeuralProtect uses AI to detect and stop ransomware before encryptionQumulo has unveiled Qumulo NeuralProtect, a ransomware resilience solution built to protect data at the storage layer by detecting and stopping threats before data is encrypted, corrupted, or lost. Integrated directly into the Qumulo Data Platform, NeuralProtect inspects every fi…HELPNETSECURITY.COM
28 MayQevlar’s new AI agents correlate CVEs, incident data, and active exploitation signalsQevlar has announced a new set of AI agents designed to bridge the disconnect between Security Operations Centers (SOCs) and vulnerability management teams. The new capabilities help security teams correlate CVEs with live incident data for real-time risk prioritization, automati…HELPNETSECURITY.COM
28 MayMicrosoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account RemovalMicrosoft has come out strongly in favor of Coordinated Vulnerability Disclosure (CVD), urging the research community to share their findings and give affected vendors an opportunity to better understand the impact and address them before they are publicly disclosed. The developm…THEHACKERNEWS.COM
28 May KEVIndian CERT urges firms to contain exploited internet-facing flaws within 12 hoursIndia’s cybersecurity agency, CERT-In, has urged organizations to patch, mitigate, or isolate known exploited vulnerabilities affecting internet-facing “crown jewel” systems within 12 hours where feasible, warning that AI-assisted attacks are dramatically compressing the time bet…CSOONLINE.COM
28 MayCanadian man gets 33 years for using social media to coerce US children into sending sexual contentProsecutors said the man spent years using fake online identities to contact children and manipulate them into sending sexually explicit images and videos.THERECORD.MEDIA
28 MayDuckDuckGo sees 30% growth spike as Google forces AI on SearchDuckDuckGo says it experienced a significant spike in users following Google’s announcement of a sweeping AI-powered overhaul of Search at Google I/O 2026. According to figures shared by the privacy-focused search company, installs and visits increased sharply in the six days aft…CYBERINSIDER.COM
28 MayZapier exploit chain shows how known anti-patterns compose into critical riskA five-stage exploit chain disclosed by Token Security researchers turned a free Zapier account into write access on Zapier’s public developer SDK packages and on internal packages that load in every authenticated zapier.com session. Each link in the chain was a known anti-…HELPNETSECURITY.COM
28 MayNew Gogs zero-day flaw lets hackers get remote code executionAn unpatched zero-day vulnerability in the Gogs self-hosted Git service can allow attackers to gain remote code execution (RCE) on Internet-facing instances. [...]BLEEPINGCOMPUTER.COM
28 MayIBM and Red Hat are betting $5 billion that open source needs a security guardIBM and Red Hat announced Project Lightwell, a $5 billion commitment backed by new frontier AI capabilities and a global force of more than 20,000 engineers to help enterprises secure open source software. Together, these investments establish a new model for enterprise use of op…HELPNETSECURITY.COM
28 MayState of Post Quantum CryptographyDiscussion of PQC relevant statistics that we see across our customers and other data sources.WIZ.IO
28 MayIBM’s new $5B initiative will help enterprises rapidly patch open-source vulnerabilitiesThe tech giant’s project could make it easier for businesses to safely use open-source packages.CYBERSECURITYDIVE.COM
28 MayAttackers Move Past Typosquatting to Realistic Package ImpersonationMost malicious open source packages now mimic real code rather than rely on typosquattingINFOSECURITY-MAGAZINE.COM
28 MayThreat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential StealerThreat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server (EMS) deployments to deliver credential-stealing malware. "The campaign abused trusted endpoint management infrastructure to deliver malware across manag…THEHACKERNEWS.COM
28 MayCritical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary CodeA critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an authenticated user to execute arbitrary code under certain conditions. The security flaw, per Rapid7, is rated 9.4 on the CVSS scoring system. It does not h…THEHACKERNEWS.COM
28 MayDutch Raid Fails to Dent Russian Bulletproof HostDutch law enforcement seized 800 servers and arrested two operators of THE.Hosting but left the hosting provider's core IP address space intact.DARKREADING.COM
28 MayThe military wants to move at cyber speed.Cyber Command’s new chief pushes modernization as lawmakers warn commercial location data is exposing U.S. troops. A third-party UK visa site leaks passports and selfies. Microsoft slams unpatched zero-day disclosures. Researchers uncover a new macOS malware campaign targeting cr…THECYBERWIRE.COM
28 MayLinux Supply Chain How-To - PSW #928This week we have a technical segment focused on Linux! Paul released a script that helps you get a handle on Linux supply chain security, and new features allow you to assess the state of Secure Boot on your Linux systems (that also use MS certificates, ironically). The script i…YOUTUBE.COM
28 MayMITRE Couldn’t Scale Caldera AloneMITRE is transferring the Caldera cybersecurity platform to the Apache Foundation to encourage broader open source collaboration and long-term project support. Caldera is widely used for testing systems against the MITRE ATT&CK framework and simulating adversary behavior acro…YOUTUBE.COM
28 MayBreaking the Patch Sound Barrier Part 2: So Is The Apocalypse Coming and What Is It?So, you read my previous blog post about breaking the patch sound barrier , but it left you wanting more? Well, this is that “more.” Gemini blog illustration / steampunk vuln apoc Here are three useful ideas to advance the conversation. 1. Defining the “Vulnerability Apocalypse” …MEDIUM.COM
28 MayOracle May 2026 Critical Security Patch Update Addresses 35 CVEsOracle addresses 35 CVEs in its May 2026 Critical Security Patch Update with 35 patches, including 11 critical updates. Key Takeaways The May 2026 Critical Security Patch Update (CSPU) contains fixes for 35 unique CVEs in 35 security updates 11 issues (31.4% of all patches) were …TENABLE.COM
27 MayMicrosoft previews automatic device isolation in Defender for EndpointMicrosoft is previewing a new automatic device isolation capability in Defender for Endpoint’s auto attack disruption tool to help security pros contain cyber attacks in progress on their IT networks. The company announced the capability earlier this month in a column about new f…CSOONLINE.COM
27 MayEuropean AI adoption hits 99% with regulated data driving most policy violationsGenerative AI tools operate inside nearly every European workplace, embedded in meeting transcription services, writing assistants, coding copilots, and search features. Workers in the region pull these tools into daily routines that involve customer records, financial informatio…HELPNETSECURITY.COM
27 May KEVRisky Business #839 -- TeamPCP stole GitHub's internal reposOn this week’s show Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover: TeamPCP breached GitHub’s internal repos. Now what? Some absolute plonker glued Coruna to a hijacked npm package CISA is worried about about open source and wants th…RISKY.BIZ
27 MayVigolium: Open-source vulnerability scannerVigolium, an open-source vulnerability scanner that combines deterministic scanning with AI-driven auditing, launched its initial open-source release this month. The project ships 235+ scanner modules and an in-process agent runtime called olium that handles autonomous endpoint d…HELPNETSECURITY.COM
27 MayMytheresa - 84,108 breached accountsIn April 2026, the luxury fashion e-commerce platform Mytheresa was listed as a victim of the ShinyHunters "pay or leak" extortion group . After the ransom deadline passed, the group publicly released the data which contained 84k unique email addresses. The exposed data also incl…HAVEIBEENPWNED.COM
27 May KEVCISA Urges Immediate Patching of Exploited LiteSpeed cPanel Plugin Zero-DayResolved last week, the vulnerability was exploited in the wild as a zero-day to execute scripts with root privileges. The post CISA Urges Immediate Patching of Exploited LiteSpeed cPanel Plugin Zero-Day appeared first on SecurityWeek .SECURITYWEEK.COM
27 MayNovee’s Agentic Fix turns validated exploits into fixes through AI coding agentsNovee has announced Agentic Fix, an enhancement to its AI penetration testing platform that helps teams move from validating security findings to deploying fixes in a single step. Agentic Fix extends Novee’s platform by generating remediation guidance from the same exploit contex…HELPNETSECURITY.COM
27 MayJetico expands BestCrypt Data Shelter with zero-trust file access controlsJetico has announced the extension of BestCrypt Data Shelter to include centrally managed enterprise data access control for sensitive files. The solution allows security teams to define and enforce policies governing which applications, processes and users can access protected f…HELPNETSECURITY.COM
27 May KEVCISA gives feds 4 days to patch actively exploited cPanel plugin flawThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. federal agencies four days to secure their servers against a critical vulnerability in the LiteSpeed cPanel user-end plugin, which is actively being exploited in attacks. [...]BLEEPINGCOMPUTER.COM
27 MayFake ChatGPT and Claude installers on GitHub are dropping Deno RAT malwareAttackers are hosting counterfeit installers and plugins on GitHub and SourceForge that pose as widely used software, including ChatGPT, Claude, AutoTune, Kontakt, Ableton Live, and ZENOLOGY. The downloads deliver a backdoor called DinDoor, which then loads a remote access Trojan…HELPNETSECURITY.COM
27 MayApple makes its quantum-resistant encryption open sourceApple has published its post-quantum cryptography implementations in corecrypto, together with mathematical proofs and verification tools for independent expert evaluation, allowing external researchers to review the work and reproduce the company’s analysis. Post-quantum cryptog…HELPNETSECURITY.COM
27 MayDutch police arrest man over cyber breach at Ajax football clubThe suspect was detained in the central Dutch town of Buren, where law enforcement officers also searched his home and seized multiple digital storage devices, according to a statement released Tuesday by the Dutch National Police.THERECORD.MEDIA
27 MayCrowdStrike disrupts Glassworm botnet that preyed on open-source supply chainCrowdStrike has dismantled the Glassworm botnet in an operation aided by Google and Shadowserver, stripping the operators’ access to infrastructure that helped threat actors infect hundreds of pieces of open-source software with malware since early 2025, the company said Tuesday.…CYBERSCOOP.COM
27 MayInfosecurity Europe: Why Burnout in Cybersecurity Demands Risk-Based ResponseCybermindz warns that cybersecurity burnout is a growing risk, urging organizations to move beyond wellness initiatives and adopt a measurable, risk-based approach to workforce stressINFOSECURITY-MAGAZINE.COM
27 MayCogent targets exploit-to-remediation gap with new AI-powered security capabilitiesCogent has launched two new platform capabilities designed to reduce the time between vulnerability disclosure and confirmed remediation. Zero Day Response identifies exposure within minutes of public disclosure, without waiting for scanner signatures. Autonomous Remediation dete…HELPNETSECURITY.COM
27 MayMediaArea heap-based buffer overflow vulnerabilitiesTalos researchers find 4 heap-based buffer overflow vulnerabilities in MediaArea's MediaInfoLib.TALOSINTELLIGENCE.COM
27 MayCan you enforce strong Active Directory password rules without frustrating users?Strong Active Directory passwords don't have to come at the expense of usability. Specops Software explains how passphrases, breached password protection, and self-service resets can improve security without frustrating users. [...]BLEEPINGCOMPUTER.COM
27 MayVulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance RateNovee researchers discovered an account takeover vulnerability in the open source CFP management tool Pretalx. The post Vulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance Rate appeared first on SecurityWeek .SECURITYWEEK.COM
27 MayGoogle AI Threat Defense targets attackers using AI to find flaws fasterGoogle Cloud introduced AI Threat Defense, an automated cybersecurity platform that combines several of the company’s security assets to find, prioritize, and patch software vulnerabilities at machine speed. The product is aimed at enterprises contending with attackers who …HELPNETSECURITY.COM
27 MayCoordinated operation takes down Glassworm botnetThe botnet began in early 2025, targeting software developers across the open-source supply chain.CYBERSECURITYDIVE.COM
27 MayCrowdStrike and Google take down botnet used by hackers to target software developers in supply chain attacksCybercriminals used the Glassworm botnet to infect open source software projects with malware, and in turn hack the developers and companies that use that software.TECHCRUNCH.COM
27 MayAI-Assisted Exploit Development Outpaces Scanner DetectionAttackers are using AI to dramatically reduce the time they need to develop a working exploit for a CVE, according to new research.DARKREADING.COM
27 MayOpen Source Trust Is CollapsingDoug White talks about manually vetting software downloads from GitHub, NPM, and PyPI before allowing them onto a normal machine. That process included sandboxing the code in a Linux VM, reviewing it manually, and even using multiple AI models to inspect the files before installa…YOUTUBE.COM
27 MayGlassworm botnet targeting developers disrupted in coordinated takedownA coordinated cybersecurity operation has disrupted a botnet known as “Glassworm” that targeted software developers through malicious open-source packages, compromised GitHub repositories, and infected development tools. The takedown took place on May 26 with support from CrowdSt…CYBERINSIDER.COM
27 MayUK Cyberspying Chief Calls AI ‘an Unstoppable Force’ and Warns About RussiaThe speech is the latest in a string of warnings from intelligence experts that Russia is stepping up hostile activity in a “gray zone” that falls just below the threshold of war. The post UK Cyberspying Chief Calls AI ‘an Unstoppable Force’ and Warns About Russia appeared first …SECURITYWEEK.COM
27 MayAI chatbot recommendations lure users to cryptojacking malware sitesCybercriminals are using AI chatbot interactions alongside poisoned search results to direct users to malicious download sites in an active cryptojacking campaign, Microsoft has warned. The campaign impersonates legitimate software tools such as CrystalDiskInfo, HWMonitor, Displa…HELPNETSECURITY.COM
27 MayUK spy chief labels AI ‘unstoppable force’ with offensive, defensive ramifications for cyberspaceAnne Keast-Butler, head of the GCHQ, said her agency was developing an artificial intelligence-powered cyber shield as other nations were deploying AI in warfare. The post UK spy chief labels AI ‘unstoppable force’ with offensive, defensive ramifications for cyberspace appeared f…CYBERSCOOP.COM
27 MayReconstructing an Akira Ransomware Kill Chain from Perimeter and Endpoint Logs, (Wed, May 27th)Most Akira write-ups focus on the ransom note or the encryption routine. By the time those show up the interesting forensic work is over. The questions that matter to defenders sit earlier. How did they get in. When did they get domain admin. What did they touch before the binary…ISC.SANS.EDU
27 MayAI models more vulnerable than claimed when faced with iterative attacksCISOs relying on LLM runtime guardrails and official safety scores when making security decisions about their organizations’ AI usage and model selection are due for a wakeup call. According to a new study from Cisco, frontier models from OpenAI, Anthropic, Google, xAI, and Amazo…CSOONLINE.COM
27 MaySmashing Security podcast #469: What your Oura ring won’t tell youCISA, the US government agency whose entire job is keeping America's critical infrastructure safe from hackers, has had a contractor publish dozens of plain-text credentials to a public GitHub profile. Meanwhile, your Oura ring is quietly transmitting some of its data unencrypted…GRAHAMCLULEY.COM
27 MayAnother IT governance headache: AI-enabled sanction evasionOver the next three to five years, both governments and the private sector will need to rapidly adapt identification and mitigation protocols as adversaries move from AI-assisted to AI-enabled sanctions evasion and proliferation financing (PF), a new research paper warns. The rep…CSOONLINE.COM
26 MayProject Glasswing has uncovered 10,000 vulnerabilities: AnthropicAnthropic says it and upwards of 50 partners involved in Project Glasswing have uncovered an estimated 10,000 critical or high-severity vulnerabilities in their software offerings. The company launched the cybersecurity initiative, which is built around Claude Mythos Preview , in…CSOONLINE.COM
26 MaySecurity experts caution MFA alone can no longer stop threat actorsCybersecurity experts are warning enterprise admins about an increasing number of phishing campaigns aimed at stealing Microsoft 365 (M365) access tokens to bypass multifactor authentication login protection. Phishing kits aimed at capturing M365 tokens aren’t new; some reports s…CSOONLINE.COM
26 MayCybersecurity jobs available right now: May 26, 2026Application Security Engineer IG Group | India | Hybrid – View job details As an Application Security Engineer, you will assess the security of web, mobile, and cloud applications through penetration testing, secure code reviews, threat modeling, and architecture …HELPNETSECURITY.COM
26 May KEVCISA orders feds to patch actively exploited Drupal vulnerabilityCISA has given U.S. government agencies until Wednesday evening to secure their servers against an SQL injection vulnerability in the Drupal content management system (CMS) that it flagged as actively exploited. [...]BLEEPINGCOMPUTER.COM
26 MayCERT-In Mandates 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted AttacksThe Indian Computer Emergency Response Team (CERT-In) has issued new guidelines requiring organizations to patch critical security vulnerabilities in internet-exposed systems within 12 hours of being flagged where "feasible" to safeguard against potential threats stemming from th…THEHACKERNEWS.COM
26 MayStop treating AI governance as a review layer. Make it release infrastructureI’ve spent years building compliance into security products. FedRAMP and Department of War Impact Level authorizations, vulnerability management pipelines: They all follow the same pattern. Build the product, then prove it meets requirements. The compliance layer sits outside the…CSOONLINE.COM
26 MayAppSec Conversations on Agents, LLMs, and OWASP from RSAC - ASW #384We showcase recordings from this year's RSAC. At RSAC Conference 2026, Scott Clinton, Co-Chair and co-founder of the OWASP GenAI Security Project, shares insights from the project’s latest research, including new landscape guides and evolving approaches to securing generative and…YOUTUBE.COM
26 MayUS Law Enforcement Warns of ‘Anti-Tech Extremism’ as AI Hatred GrowsAs Americans stew over the looming risk of job-stealing AI and data centers in their back yards, the feds are raising the alarm about a new category of threat, documents obtained by WIRED show.WIRED.COM
26 MayWhat happens when security teams inherit identityAt the Span Cyber Security Arena conference, I sat down with Eric Woodruff, Chief Identity Architect at Semperis, to talk about how organizations perceive identity and the challenges those perceptions create for security. He shared his perspective on where organizations struggle …HELPNETSECURITY.COM
26 MayIndia's CERT-In Sets 12-Hour Patch Deadline for Exposed FlawsCERT-In urges 12-hour patching of exposed flaws as AI compresses exploitation timelinesINFOSECURITY-MAGAZINE.COM
26 MayAI Threat Landscape Digest March-April 2026Executive Summary During the March–April 2026 reporting period, AI use in offensive operations advanced from development and planning to real-time operational deployment. Multiple independent cases, involving individual criminal actors, mass exploitation platforms, ransomware gro…RESEARCH.CHECKPOINT.COM
26 MayOpen Source DockSec Uses AI to Cut Through Vulnerability Noise in Docker ImagesDockSec, an OWASP incubator project, correlates findings from multiple container security scanners and uses AI to generate plain-English remediation guidance and exact Dockerfile fixes. The post Open Source DockSec Uses AI to Cut Through Vulnerability Noise in Docker Images appea…SECURITYWEEK.COM
26 MayMFA Prompt Bombing: Why Your Second Factor Isn't Saving YouMulti-factor authentication (MFA) was supposed to close a critical gap in identity security. It meant that, even if an attacker possessed the account credentials, they couldn't log in without the second factor. While that logic was sound, attackers have now figured out that they …THEHACKERNEWS.COM
26 MayTrapDoor malware campaign puts developer workstations in CISO spotlightA malicious package campaign across npm, PyPI, and Crates.io has put developer workstations back under scrutiny, after researchers said it targeted developer workflows and AI coding assistant files. Researchers at Socket said the campaign, which they are tracking as TrapDoor, “sp…CSOONLINE.COM
26 MayHackers Exploited KnowledgeDeliver Zero-Day for Web Shell DeploymentHardcoded machineKey values in a configuration file enabled ViewState deserialization attacks leading to remote code execution. The post Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment appeared first on SecurityWeek .SECURITYWEEK.COM
26 MayTamnoon introduces skill-based AI orchestration for autonomous cloud defenseTamnoon has expanded its AI engine, Tami, into a skill-based orchestrator that generates customer-specific remediation skills tailored to each enterprise environment. Trained on more than 6 million real cloud fixes across 800+ accounts, Tami coordinates specialized AI skills to s…HELPNETSECURITY.COM
26 MayFake software on GitHub and SourceForge distribute Deno RATWe found fake installers and plugins for ChatGPT, Claude, AutoTune, and other popular software that can give attackers full control over your device.MALWAREBYTES.COM
26 MayHow Security Leaders Cut Through Complexity to Drive Better OutcomesSecurity leaders are operating in an environment that is only getting more complex. Expanding attack surfaces, rapid AI adoption, growing toolsets, and increasing pressure to respond faster have made it harder to maintain a clear view of risk and priorities. At the Rapid7 Global …RAPID7.COM
26 MayGitHub Actions abused by Megalodon attack to slip malicious commits into 5,500 reposA large-scale automated GitHub backdooring campaign was caught pushing thousands of malicious commits into public repositories while posing as routine CI/CD upkeep. Researchers at SafeDep observed the campaign, Megalodon, touching more than five thousand repositories over a six-h…CSOONLINE.COM
26 MayEXPOSURE 2026 prepares cybersecurity professionals for the AI eraCybersecurity leaders and practitioners brought their burning AI cybersecurity questions to EXPOSURE 2026. They left with clear answers and a blueprint for building an exposure management program. Get a recap and see highlights from the event in words and pictures.  Key take…TENABLE.COM
26 MayChinese Threat Actors Ditch Static Phishing Pages for Live Credential InterceptionAlmost all organizations impersonated by Chinese phishing platforms are non-Chinese entities, suggesting operators deliberately avoid domestic targetsINFOSECURITY-MAGAZINE.COM
26 MayAnthropic: Claude Mythos identified 10,000+ software flawsAnthropic and its Project Glasswing partners have identified more than 10,000 high- or critical-severity vulnerabilities in critical software systems, the company announced in an update on the project’s progress. Mythos identifies thousands of high-severity vulnerabilities …HELPNETSECURITY.COM
26 MayChinese phishing gangs grow into a force to be reckoned withChinese-language phishing-as-a-service (PhaaS) communities are expanding in an area historically dominated by Russian-speaking cybercriminal groups. The Google Threat Intelligence Group (GTIG) analyzed a dozen active PhaaS offerings operating in Chinese-language underground commu…HELPNETSECURITY.COM
26 MayDetectify brings AppSec automation to AI agents with MCP Server and continuous testingDetectify has unveiled the Detectify MCP (Model Context Protocol) Server, a new integration layer that brings Detectify’s security testing engines directly into AI-driven development workflows, helping coding agents find and validate exploitable vulnerabilities and interpret atta…HELPNETSECURITY.COM
26 May7-Eleven data breach exposes personal information of 185,000 applicantsConvenience store giant 7-Eleven is notifying more than 185,000 individuals that their personal information was exposed in a cybersecurity incident linked to the ShinyHunters extortion group. The company disclosed the breach in filings with multiple US state attorneys general, st…CYBERINSIDER.COM
26 MayNew phishing kit targets Microsoft 365 accounts.Anthropic says Mythos has found over 23,000 flaws in open-source software. Dutch police arrest two alleged bulletproof hosting admins.THECYBERWIRE.COM
26 MayWell-architected best practices for software supply chain securityThere have been multiple notable supply chain attacks using the npm Registry since September: Shai-Hulud, Chalk/Debug, one abusing tea.xyz tokens, and recently axios. Thanks to community efforts involving the Amazon Inspector team, the Open Source Security Foundation, and others,…AWS.AMAZON.COM
26 MayWelcoming the AWS Customer Incident Response TeamMay 26, 2026: This post was originally published in July 2022. It has been updated to reflect current engagement options, new threat intelligence resources such as the Threat Technique Catalog for AWS (TTC), additional open-source tools, and the distinction between AWS CIRT suppo…AWS.AMAZON.COM
26 MayApple open-sources quantum-resistant encryption codeThe release includes implementations of two quantum-secure algorithms and demonstrates how formal verification caught bugs that traditional testing would have missed. The post Apple open-sources quantum-resistant encryption code appeared first on CyberScoop .CYBERSCOOP.COM
26 MayThe Hackers Behind Shai-Hulud: Lucky or Skilled?TeamPCP, the hackers behind the Shai-Hulud worm, has done significant damage to the open source ecosystem. But it's not necessarily due to skill alone.DARKREADING.COM
26 MayAttackers found a new way around MFA.The FBI warns attackers are abusing Microsoft OAuth authentication. India pushes faster patching as AI speeds up cyberattacks. Iranian hackers blend phishing with SEO poisoning. Anthropic’s AI finds thousands of open source flaws, while AI also reshapes bug bounties and fuels sup…THECYBERWIRE.COM
26 MayFake GTA 6 pre-orders and beta scams spread malware ahead of game launchCybercriminals are exploiting excitement around Grand Theft Auto 6 to spread malware, phishing pages, and fake pre-order scams ahead of the game’s official release, according to new research from NordVPN. Researchers at NordVPN’s Threat Protection team said they identified dozens…CYBERINSIDER.COM
26 MayKnowledgeDeliver flaw exploited as a zero-day to install web shellsHackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell. [...]BLEEPINGCOMPUTER.COM
26 MayAI Isn’t Creating Better HackersAaran describes a wartime-style cyber environment where experienced developers and reviewers may be unavailable, overwhelmed, or gone entirely. In that situation, junior operators end up shipping malware and attack variants rapidly using public resources, copied code, and LLM ass…YOUTUBE.COM
26 MayAmeriprise - 502,597 breached accountsIn March 2026, the financial services firm Ameriprise Financial was named by the ShinyHunters group in a "pay or leak" extortion campaign . The group claimed possession of more than 200GB of compressed data exfiltrated from Ameriprise's Salesforce environment and internal SharePo…HAVEIBEENPWNED.COM
26 MaySN 1080: Vulnerability Debt Repayment - Will Mythos Change Cybersecurity Forever?Mozilla found 271 unknown Firefox vulnerabilities in days using AI—bugs that millions of automated test runs had missed for years. Steve Gibson argues this isn't a crisis. It's the industry finally paying down decades of security debt, and for the first time, defenders may have t…TWIT.TV
25 MayTurns out the C-suite loves shadow AISenior decision-makers are the heaviest users of unapproved AI tools, and they continue using them despite being aware of the security and privacy risks linked to shadow AI, according to TrustedTech’s Shadow AI in the Workplace report. The study found that 65% of decision-makers …HELPNETSECURITY.COM
25 May2 PhaaS 2 Furious: The Evolution of Chinese-language Phishing ServicesWritten by: Jamie Collier While Russian-speaking threat actors have historically dominated the phishing-as-a-service (PhaaS) landscape, a rival ecosystem is rapidly growing within the Chinese-language underground. Google Threat Intelligence Group (GTIG) analyzed a dozen current P…CLOUD.GOOGLE.COM
25 MayOpenHack: Open-source AI-powered vulnerability researchSource-guided vulnerability research increasingly leans on coding harnesses such as Claude Code, Codex, and Cursor to drive agent-based reviews of application code. A new MIT-licensed project from the Dutch security firm Hadrian, called OpenHack, packages that approach into a fil…HELPNETSECURITY.COM
25 MayTo pay, or not to pay: 58% of CISOs say they would pay the ransom for their dataIf you were hit by ransomware tomorrow, would you pay to get your data back? That’s what more than half of CISOs in a recent survey said their organization would do. It’s a situation more companies are going to face in future. “Attacks are increasing and continuing to increase,” …CSOONLINE.COM
25 MayVisibility with EDR/MDR is still important, 'the basics' are impossible, and the news - ESW #460Interview with Rob Allen from Threatlocker This week, Rob Allen from Threatlocker is with us to discuss the importance of EDR and MDR visibility. We discuss some real world attacks and anecdotes where EDR was able to save the day when threats were missed by other controls. Topic:…YOUTUBE.COM
25 MayFake Streams, Counterfeit Merch and Other Scams: How Fraudsters Target F1 FansFrom fake F1 streams to counterfeit merch, fraudsters are exploiting fans online and the Bitdefender Cybersecurity Grand Prix Fan Threat Index details howINFOSECURITY-MAGAZINE.COM
25 MayThe AI Era Is Creating a Bug Hunting Arms RaceAs attackers ramp up their AI exploit development, the search for software vulnerabilities is changing rapidly.WIRED.COM
25 MayUS states step up cyber defenses to protect local communitiesU.S. state governments are taking on a larger role in cybersecurity to help protect local communities and essential services. Many states are building state-led cyber defense programs, including cybersecurity clinics, regional security operations centers (RSOCs), and state cyber …HELPNETSECURITY.COM
25 MayAI security needs a shift from models to systems, researchers argueEnterprises cannot secure AI agents by making the underlying models more robust and must instead enforce security controls at the system level around them, researchers behind a paper published this month argued, warning that traditional AI-security approaches are increasingly mis…CSOONLINE.COM
25 MayTeamPCP Supply Chain Campaign: Activity Through 2026-05-24, (Mon, May 25th)TeamPCP now operates across three package ecosystems in parallel, it reached GitHub&#;x26;#;39;s own internal codebase, it trojanized an officially Microsoft-published Python SDK, and it appears to have open-sourced its own framework on GitHub. ISC.SANS.EDU
25 MayTeamPCP Supply Chain Campaign: Activity Through 2026-05-24, (Mon, May 25th)TeamPCP now operates across three package ecosystems in parallel, it reached GitHub&#;x26;#;39;s own internal codebase, it trojanized an officially Microsoft-published Python SDK, and it appears to have open-sourced its own framework on GitHub. ISC.SANS.EDU
25 MayGhost CMS Vulnerability Exploited to Hack Over 700 WebsitesSites belonging to major universities such as Harvard and Oxford, as well as DuckDuckGo, have been compromised in the attack. The post Ghost CMS Vulnerability Exploited to Hack Over 700 Websites appeared first on SecurityWeek .SECURITYWEEK.COM
25 MayAuthorities seize 800 servers used for cyberattacks and disinformationDutch authorities arrested two men and seized 800 servers linked to a hosting provider that investigators say supported Russian activities aimed at undermining democracy and security through cyberattacks, disinformation, and disruption of public and economic systems. Servers seiz…HELPNETSECURITY.COM
25 May⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain ChaosMonday recap. Same mess, new week. A sketchy dev tool got people pwned, old bugs came back from the dead, and security products somehow needed protecting from themselves. A bunch of companies spent the week checking old boxes and forgotten servers they should've patched years ago…THEHACKERNEWS.COM
25 May25th May – Threat Intelligence ReportFor the latest discoveries in cyber research for the week of 25th May, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES 7-Eleven, the global convenience store chain, confirmed a breach after an unauthorized access to systems used for franchisee documents…RESEARCH.CHECKPOINT.COM
25 MayCisco refines its risk-based vulnerability disclosure for the AI eraSecurity teams already struggle with long lists of vulnerabilities and limited time to patch them. Cisco believes AI could increase that pressure by accelerating vulnerability discovery and increasing the number of findings security teams need to review. The company said it is mo…HELPNETSECURITY.COM
25 MayWhen Firewalls Become LiabilityCyber insurance providers are increasingly publishing reports explaining how ransomware attacks actually happened. In this clip, the discussion centers on Akira ransomware repeatedly targeting SonicWall firewalls — especially older or poorly maintained systems. One joke in the co…YOUTUBE.COM
24 MayThe current state of GPS following OCX with Dr. Sean Gorman, CEO of Zephr.xyz.Despite being an indispensable technology, traditional GPS remains vulnerable to exploitation and is needed for an update. In this week's episode, host Maria Varmazis sits down with ⁠Dr. Sean Gorman⁠, CEO of ⁠Zephr.xyz⁠, to discuss the current state of GPS. For decades, GPS has b…THECYBERWIRE.COM
24 MayWeek in review: GitHub breached via poisoned VS Code extension, critical NGINX flaw exploitedHere’s an overview of some of last week’s most interesting news, articles, interviews and videos: TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension Following TeamPCP’s claim that they’ve breached GitHub’s own private code repositories, the Microsoft-owned…HELPNETSECURITY.COM
24 MayWireshark 4.6.6 Released, (Sun, May 24th)Wireshark release 4.6.6 fixes 1 vulnerability and 11 bugs. ISC.SANS.EDU
23 MayGoogle leaks details for Chromium bug that can turn browsers into botsChromium — the open-source browser that underpins Google Chrome, Microsoft Edge, and Opera, among others — contains an unpatched vulnerability that attackers can exploit to execute JavaScript code persistently across browser restarts. As a result, the flaw can be used to hijack u…CSOONLINE.COM
23 MayGhosted by GrafanaToday we are joined by ⁠Sasi Levi⁠, Security Research Lead at ⁠Noma Security⁠, sharing their team's work on "GrafanaGhost: The Phantom Stealing Your Data." Researchers at Noma Security disclosed “GrafanaGhost,” a vulnerability that could allow attackers to silently exfiltrate sen…THECYBERWIRE.COM
23 MayGitHub discloses breach of 3,800 internal code repositories.CISA contractor exposed AWS GovCloud keys on GitHub. Researchers craft a kernel exploit on Apple's M5 chips, with help from Mythos.THECYBERWIRE.COM
23 MayThe FBI Wants ‘Near Real-Time’ Access to US License Plate ReadersPlus: Google publishes a live exploit for an unpatched flaw, the feds arrest two men accused of creating thousands of nonconsensual deepfake nudes, and more.WIRED.COM
23 May‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted DomainsThe stealthy vulnerability impacts roughly 88 million domains and can be exploited to bypass DNS filtering and hide command-and-control traffic. The post ‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains appeared first on SecurityWeek .SECURITYWEEK.COM
23 MayClaude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used SoftwareAnthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across some of the most "systemically" important software across the world since the cybersecurity initiative went live last month. Project Glasswin…THEHACKERNEWS.COM
23 MayShipping Vulnerable Code On PurposeA large percentage of organizations knowingly ship software with unresolved vulnerabilities in order to meet business deadlines. This clip highlights the ongoing tension between production pressure and security requirements: one side wants to release features immediately, while t…YOUTUBE.COM
22 MayMini Shai-Hulud Attack Prompts npm to Revoke 2FA-Bypass Tokensnpm has forced a platform-wide reset of granular access tokens that bypass two-factor authentication (2FA) after a wave of supply chain attacks linked to the “Mini Shai-Hulud” campaign compromised hundreds of JavaScript packages. The emergency action, rolled out on May 19, invali…GBHACKERS.COM
22 MayMegalodon Malware Rapidly Infects Over 5,500 GitHub RepositoriesA newly identified malware campaign dubbed “Megalodon” has compromised more than 5,500 GitHub repositories, raising serious concerns about the security of open-source ecosystems. Security researchers from SafeDep report that the malware spreads through malicious code injections h…GBHACKERS.COM
22 MayFBI Warns Kali365 PhaaS Platform Targets Microsoft 365 Users to Steal LoginsThe U.S. Federal Bureau of Investigation (FBI) has issued a Public Service Announcement (Alert I-052126-PSA) warning about a newly identified Phishing-as-a-Service (PhaaS) platform named Kali365, which is actively targeting Microsoft 365 users. First observed in April 2026, the p…GBHACKERS.COM
22 MayGoogle folds CodeMender into agent ecosystem amid push for AI-led AppSecGoogle is expanding the role of its CodeMender security agent from autonomous vulnerability remediation toward a larger agentic development ecosystem, signalling a broader push toward AI-driven AppSec. Months after introducing CodeMender, an AI-powered agent designed to autonomou…CSOONLINE.COM
22 MaySplunk Patches Multiple Vulnerabilities Enabling DoS Attacks and Data ExposureSplunk has released security updates to fix three newly disclosed vulnerabilities that could allow low-privileged users to access sensitive data or disrupt Splunk Enterprise deployments through denial-of-service (DoS) conditions. The patches address issues in both Splunk Enterpri…GBHACKERS.COM
22 MayIdentity as the primary attack surface: What modern breaches are really exploitingThe “retro” way “The thing about the old days is… they are the old days” – Slim Charles , The Wire Protecting a specified network perimeter was the main focus of enterprise security strategy for several decades. Businesses made significant investments in firewalls, intrusion dete…CSOONLINE.COM
22 MayHackers Use Six-Layer Persistence on FreePBX SystemsHackers are actively exploiting FreePBX systems using a highly resilient six-layer persistence mechanism. The campaign has been attributed with high confidence to the threat actor INJ3CTOR3, known for targeting VoIP infrastructure for financial gain since 2019. The operation depl…GBHACKERS.COM
22 MayWhy your AI strategy stops where the PLC starts: Hard lessons from the OT frontlinesI spent two days at a substation connecting a major offshore wind farm to the grid. The control room featured three new AI-ready dashboards and a board mandate to “leverage machine learning for resilience.” It also had a maintenance laptop running Windows 7, literally taped to th…CSOONLINE.COM
22 MayPaved With Intent: ROADtools and Nation-State Tactics in the CloudOpen-source framework ROADtools is being misused by threat actors for cloud intrusions. Learn how to identify its malicious use. The post Paved With Intent: ROADtools and Nation-State Tactics in the Cloud appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
22 MayGitLab 19.0 adds AI workflows, secrets management, and self-hosted model supportGitLab released GitLab 19.0 with expanded secrets management, agentic merge request workflows, improved CI pipeline visibility, support for self-hosted open-source models, and supply chain visibility enhancements. Engineering organizations shipping more code than ever are confron…HELPNETSECURITY.COM
22 MayRussian Hackers Exploit RDP, VPNs, Supply Chains for Initial AccessRussian state-sponsored and aligned threat groups are increasingly combining Remote Desktop Protocol (RDP), Virtual Private Networks (VPNs), supply chain compromise, and sophisticated social engineering to gain initial access to targeted networks across government, critical infra…GBHACKERS.COM
22 MayPopular npm Package “art-template” Backdoored in Watering-Hole AttackHackers compromised the popular art-template npm package to inject a stealthy backdoor that redirected users’ browsers to a malicious watering‑hole site delivering a Coruna‑class iOS exploit framework. The campaign turned a widely used JavaScript templating library into a deliver…GBHACKERS.COM
22 MayWe hardened zizmor's GitHub Actions static analyzerIn March 2026, attackers exploited a pull_request_target misconfiguration in the aquasecurity/trivy-action GitHub Action to exfiltrate organization and repository secrets, then used those credentials to backdoor LiteLLM on PyPI (see Trivy’s post-mortem for the full timeline…TRAILOFBITS.COM
22 MayKore.ai unveils AI-native platform for enterprise multiagent systemsKore.ai has launched the new-generation Kore.ai Agent Platform Artemis edition, the AI-programmable, AI-native foundation that builds, governs, and optimizes the agents, systems, and workflows running across the enterprise. The platform launches initially on Microsoft Azure, with…HELPNETSECURITY.COM
22 MayMegalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD WorkflowsCybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub repositories within a six-hour window. "Using throwaway accounts and forged author identities (build-bot, auto-ci, ci-bot, pipelin…THEHACKERNEWS.COM
22 MayMaking Vulnerable Drivers Exploitable Without Hardware - The BYOVD Perspective1 Introduction This article provides a technical analysis of how many Windows kernel mode drivers can be interacted with from user mode without the hardware they were developed for. This work was motivated by driver-oriented vulnerability research and the need to evaluate the exp…THEHACKERNEWS.COM
22 MayUpdate Chrome now: Critical bugs could let attackers run codeThis Chrome update fixes critical flaws attackers could exploit through malicious websites, but not the “Browser Fetch” vulnerability.MALWAREBYTES.COM
22 MayHackers Exploit Middle East Telecoms for Massive C2 OperationsHackers are increasingly abusing Middle East telecommunications networks and hosting providers to operate large-scale command-and-control (C2) infrastructure. The findings highlight a strategic shift away from disposable indicators toward infrastructure-level tracking, allowing d…GBHACKERS.COM
22 MayGoogle’s Exploit Code Release Raises Concern Over Unfixed Chromium Security BugGoogle’s recent release of proof-of-concept (PoC) exploit code for a still-unpatched Chromium vulnerability has sparked significant concern across the cybersecurity community. The flaw, first reported in late 2022 by security researcher Lyra Rebane, remains unresolved after more …GBHACKERS.COM
22 MayCanadian arrested for operating KimWolf botnet tied to record DDoS attackCanadian authorities have arrested a 23-year-old Ottawa man who is accused of operating the DDoS-for-hire KimWolf IoT botnet platform. The arrest follows a broader international law enforcement operation earlier this year that dismantled infrastructure tied to the KimWolf, Aisuru…CYBERINSIDER.COM
22 May$20 per zero-day is already the WordPress plugin realityVulnerability researchers have spent the past year arguing about whether AI agents can find real bugs at scale or whether they mostly generate noise. A pipeline built in three days by researchers from TrendAI and CHT Security supplies an answer, along with a price tag that the se…HELPNETSECURITY.COM
22 May KEVPresident Trump delays signing of AI executive order.CISA warns of actively exploited Trend Micro and Langflow vulnerabilities. Two Americans admit to participation in tech support scam operations.THECYBERWIRE.COM
22 MayPolice take down VPN service (this time with a good reason)European authorities have cracked down on a VPN that has been used for various criminal activities. The operation, led by investigators in France and the Netherlands with help from Europol and Eurojust, has dismantled First VPN, a service that has been heavily promoted within Rus…CSOONLINE.COM
22 MayBreaking down the new Qualcomm chip vulnerability | Kaspersky official blogKaspersky experts have discovered an unpatchable vulnerability in popular Qualcomm chips used in smartphones, cars, smart devices, industrial equipment, and much more. We explain what this vulnerability is and what device owners should do.KASPERSKY.COM
22 MayProtect your devices from IMSI catchers (ITSAP.00.106)An international mobile subscriber identity (IMSI) catcher is a type of cell site simulator (CSS) that impersonates a legitimate cell tower to exploit connected mobile devices. It is important to understand how IMSI catchers work in order to detect them and protect your sensitive…CYBER.GC.CA
22 MayCell site simulators - ITSM.00.108This publication provides information on how CSS devices work, the security risks you should consider, and the mitigation actions you can take to better protect from CSS exploitations.CYBER.GC.CA
22 MayFBI warns of Kali Oauth stealersThe FBI has warned of the danger from a new wave of phishing attack s generated by a tool called Kali365. It enables cyber criminals to obtain Microsoft 365 access tokens and bypass multi-factor authentication (MFA) protocols without intercepting the user’s credentials by capturi…CSOONLINE.COM
22 MayMicrosoft recognized as a Leader in The Forrester Wave™ for Workforce Identity Security PlatformsMicrosoft has been recognized as a Leader in The Forrester Wave™: Workforce Identity Security Platforms, Q2 2026, receiving the highest scores in both the current offering and strategy categories. The post Microsoft recognized as a Leader in The Forrester Wave™ for Workforce Iden…MICROSOFT.COM
22 MayFBI warns of Kali365 phishing-as-a-service after April Microsoft 365 attacksThe law enforcement agency published an advisory on Thursday about Kali365 — a Telegram-based service for cybercriminals that allows them to capture legitimate "OAuth" tokens enabling widespread access to Microsoft 365 environments.THERECORD.MEDIA
22 MayAI Deleted Production CodeA developer claimed that an AI coding assistant deleted roughly 30,000 lines of production code while modifying a live application. According to the story, the AI introduced unrelated changes, broke core functionality, and forced the team to roll the entire deployment back. The c…YOUTUBE.COM
21 MayNew GhostTree Attack Causes EDR Tools to Hang, Leaving Files UnscannedA newly disclosed attack technique dubbed “GhostTree” is raising concerns among defenders after researchers demonstrated how it can disrupt endpoint detection and response (EDR) tools and bypass file scanning mechanisms on Windows systems. The technique, discovered by Varonis Thr…GBHACKERS.COM
21 MayClaude Code Sandbox Flaw May Compromise User SecretsA newly disclosed security flaw in Anthropic’s Claude Code platform has exposed a critical weakness in its network sandbox, potentially allowing attackers to bypass restrictions and exfiltrate sensitive data. The issue, identified by security researcher Aonan Guan, marks the seco…GBHACKERS.COM
21 MayCyber threats push SMBs to spend more on securityCybersecurity has become a key priority for small and medium-sized businesses due to growing threats and wider AI adoption. An IDC survey of 2,200 SMBs in eight markets examined how organizations manage cyber risks, prepare for AI-related threats, and handle third-party vendor se…HELPNETSECURITY.COM
21 MayPoC Released for PinTheft Linux Flaw Enabling Root Privilege EscalationA public proof-of-concept (PoC) exploit called “PinTheft” has been released for a newly disclosed Linux kernel flaw that allows local attackers to escalate privileges to root on certain systems. PinTheft is a Linux local privilege escalation (LPE) exploit that targets a reference…GBHACKERS.COM
21 MayWantToCry Ransomware Exploits SMB to Encrypt Remote FilesA new ransomware campaign named “WantToCry” that leverages exposed Server Message Block (SMB) services to gain access and encrypt victim data without deploying traditional malware on compromised systems. This approach significantly reduces the detection surface, making it harder …GBHACKERS.COM
21 MayWindows93 / Myspace93 - 46,105 breached accountsIn January 2021, the parody site Windows93 suffered a data breach of the Myspace93 sub-site after a beta application was exploited to download server files. The compromised data was later leaked in June and included 46k Myspace93 accounts containing email and IP addresses, userna…HAVEIBEENPWNED.COM
21 MayThe friendly skies aren’t friendly.This week, hosts of N2K CyberWire ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ and⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ alongside ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠…THECYBERWIRE.COM
21 MayWhy AI changed the threat model for travel technologyIn this Help Net Security interview, Devon Bryan, SVP, Global CSO at Booking Holdings, reflects on his path from Air Force network security engineer to global CSO across financial services, hospitality, and travel technology. He discusses why the travel industry’s interconn…HELPNETSECURITY.COM
21 MayAI red teaming agents change how LLMs get testedAdversarial probing of LLMs has piled up a sprawling toolkit over the past three years. Attack techniques with names like Tree of Attacks with Pruning, Crescendo, and Skeleton Key sit alongside hundreds of prompt transforms and scoring methods across open-source frameworks includ…HELPNETSECURITY.COM
21 MayFollow the CryptoEvery threat actor leaves a financial signature. Ransomware operators, state-sponsored hackers, fraud networks — they all need to move money, and when they do, the blockchain records it permanently. ⁠Jackie Burns Koven⁠ leads cyber threat intelligence at Chainalysis, where she tr…THECYBERWIRE.COM
21 MayCritical Drupal Vulnerability Could Leave Sites Open to CyberattackThe Drupal Security Team has issued a warning about a highly critical vulnerability affecting Drupal core, with a security release scheduled for May 20, 2026 (PSA-2026-05-18). The flaw carries a severity rating of 20/25, indicating a significant risk that attackers could compromi…GBHACKERS.COM
21 MayMini Shai-Hulud Hits @antv npm Packages, Targets CI/CD SecretsAn Active and sophisticated supply chain attack targeting the widely used @antv npm ecosystem, where a threat actor compromised a maintainer account and pushed malicious package updates designed to steal sensitive CI/CD credentials. The campaign, dubbed “Mini Shai-Hulud,” demonst…GBHACKERS.COM
21 MayAI becoming an SOC imperative for curtailing emerging cyber threatsThe cybersecurity profession is on the verge of a sea change, and security pros must begin to master AI tools to combat emerging threats by building more autonomous, real-time protections. Expert panelists at a recent DTX conference session in Manchester, titled “ Bot vs Bot: Sur…CSOONLINE.COM
21 MayTerra adds continuous network exploitation validation to its platformTerra Security has announced the public preview of continuous exploitation validation for network infrastructure, now available to all customers through the Terra Platform. The launch expands Terra’s offensive security capabilities from web applications to network infrastructure …HELPNETSECURITY.COM
21 MayIndian Student Data Weaponized in Phishing and Financial Fraud CampaignsA growing trend in India where student data is increasingly being exploited for cybercrime activities, including phishing, impersonation, social engineering, and financial fraud. As educational institutions rapidly adopt digital platforms for admissions, fee payments, examination…GBHACKERS.COM
21 MayASAPP expands adversarial testing for enterprise AI systemsASAPP has launched Continuous Red Teaming, a new capability that integrates adversarial AI testing directly into ASAPP’s model evaluation framework. The new capability is built on Promptfoo, an AI security platform that helps enterprises detect and address vulnerabilities i…HELPNETSECURITY.COM
21 MayNew NGINX 0-Day RCE “nginx-poolslip” Threatens Millions of ServersA newly discovered zero-day vulnerability in NGINX, dubbed “nginx-poolslip,” is raising serious concerns across the global cybersecurity community, as it exposes millions of servers to potential remote code execution (RCE) attacks. The vulnerability affects NGINX version 1.31.0, …GBHACKERS.COM
21 MayFake Invitation Phishing Campaign Steals Credentials From U.S. OrganizationsA large-scale phishing campaign leveraging fake event invitations is actively targeting U.S. organizations, combining credential theft, OTP interception, and remote access tool abuse into a single attack chain. The campaign stands out due to its repeatable phishing framework, whi…GBHACKERS.COM
21 MayA Hacker Group Is Poisoning Open Source Code at an Unprecedented ScaleGitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.WIRED.COM
21 MayMicrosoft releases open-source tools to operationalize AI agent safetyMicrosoft has open-sourced two new tools aimed at bringing AI safety checks much earlier into the agent development lifecycle. The tools, called Rampart and Clarity, were announced this week as part of Microsoft’s broader push to operationalize safety engineering for agentic AI. …CSOONLINE.COM
21 MayApache OFBiz RCE Flaw Abuses Password-Change Restrictions for Authentication BypassA critical authentication bypass vulnerability in Apache OFBiz allows attackers to hijack forced password-change flows and achieve remote code execution (RCE) via a single HTTP request, affecting all versions before 24.09.06. Apache OFBiz RCE Flaw Apache OFBiz is an open-source E…GBHACKERS.COM
21 MayTenable One deepens third-party integrations with new Open Connector for unified risk visibilityThe days of rigid, vendor-locked security stacks are over. The Tenable One Open Connector amplifies Tenable One’s extensive capacity to ingest and consolidate third-party security data, giving you more complete visibility across your attack surface, so you can keep using your pre…TENABLE.COM
21 MayEuropol dismantles ‘First VPN’ service used by ransomware gangsEuropean law enforcement agencies have dismantled a long-running VPN service allegedly used by ransomware gangs and cybercriminals to conceal attacks, steal data, and evade investigators. The operation, coordinated by France and the Netherlands with support from Europol and Euroj…CYBERINSIDER.COM
21 MayThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New StoriesThis week starts small. A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking in. They are using the parts we already trust. That is what makes it…THEHACKERNEWS.COM
21 MaySelective HTTP Proxying in Linux, (Thu, May 21st)Recently, Rob wrote about a tool, Proxifier , that can intercept requests from specific processes. Proxifier is available for Windows, macOS, and Android. But I have not seen a generic Linux option yet. The advantage of a tool like Proxifier is the ability to target specific soft…ISC.SANS.EDU
21 MayReducing Phish-Prone Rates Without Training Fatigue: A Practical Playbook for Traditional OrganizationsPhishing remains the single biggest human-driven threat in most organizations. Yet many security leaders face a familiar problem: the stronger the push to run frequent training and simulations, the louder the employee backlash. Complaints range from “too many tests” to “training …KNOWBE4.COM
21 MayChinese APTs Share Linux Backdoor in Central Asia Telco Attacks"Showboat" doesn't show off, but clearly it doesn't need to, as it's long helped China spy on small market communications providers.DARKREADING.COM
21 MayContent Delivery Exploit Opens Websites to Brand HijackingThe Underminr domain-fronting attack allows threat actors to modify Web requests and leverage trusted websites to cloak malicious activity.DARKREADING.COM
21 MayQ1 2026 Threat Landscape Report: Zero-clicks, geopolitical tensions, and some wins for law enforcementThe first quarter of 2026 reinforced that attackers are moving faster, operating with greater coordination, and exploiting weaknesses before most organizations can respond effectively. From escalating geopolitical tensions to increasingly aggressive ransomware operations, the lat…RAPID7.COM
21 MayShowboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy BackdoorCybersecurity researchers have disclosed details of a new Linux malware dubbed Showboat that has been put to use in a campaign targeting a telecommunications provider in the Middle East since at least mid-2022. "Showboat is a modular post-exploitation framework designed for Linux…THEHACKERNEWS.COM
21 MayCybersecurity’s Hidden Communication RiskCybersecurity professionals often rely on acronyms and technical shorthand without realizing most people don’t understand them. The speaker connects this to a behavioral science concept called the “curse of experience” — experts naturally assume others share their knowledge. That…YOUTUBE.COM
21 MayUK plans for cybercrime law reform would protect almost no one, experts warnThe proposals would require researchers to cease activity the moment a vulnerability is identified, meaning they could not confirm it was real, assess its severity or determine its exploitability.THERECORD.MEDIA
21 MayAuthorities dismantle First VPN, used by ransomware actorsFirst VPN, a virtual private network service marketed to cybercriminals, promising anonymity for its users, was taken offline on May 19 and 20 as part of Operation Saffron. During the operation, French and Dutch authorities, with support from Europol and Eurojust, dismantled 33 s…HELPNETSECURITY.COM
21 May KEVCISA asks cybersecurity community to alert it to vulnerability exploitationThe agency wants to ensure that its public catalog of actively exploited flaws is as comprehensive as possible.CYBERSECURITYDIVE.COM
21 MayAttackers are bypassing MFA on SonicWall VPNs because something was wrong with previous fixAttackers bypassed MFA on patched SonicWall Gen6 VPNs because admins missed extra manual steps required to fully fix the flaw. There is a particular kind of security failure that is harder to catch than an unpatched system: a patched system where the patch did not actually work b…SECURITYAFFAIRS.COM
21 MaymacOS Kernel Memory Corruption ExploitA group used Anthropic’s Mythos AI model to help find a kernel memory corruption vulnerability and exploit on Apple’s M5. News article .SCHNEIER.COM
21 MayRobinhood Glitch Allowed Attackers to Send Phishing Emails to CustomersA phishing campaign exploited a glitch in Robinhood’s account creation process to send phishing emails from the investment platform’s own systems, SecurityWeek reports.KNOWBE4.COM
21 May KEVMicrosoft patches two actively exploited Defender vulnerabilities.Europol operation shutters First VPN. Ukrainian police identify suspected infostealer operator.THECYBERWIRE.COM
21 MayTrump Mobile exposes data of customers who ordered the T1 phoneTrump Mobile, the wireless carrier and smartphone brand tied to US President Donald Trump, is reportedly exposing sensitive customer information through an easily exploitable flaw on its website. That is according to claims made by YouTubers Coffeezilla and penguinz0, both of who…CYBERINSIDER.COM
21 MayMicrosoft open-sources tools for designing and testing AI agentsMicrosoft has open-sourced two tools aimed at bringing security discipline to AI agent development: Clarity, a structured design review tool, and RAMPART, a continuous testing framework. The release comes from Microsoft’s AI Red Team, the company’s internal unit that …HELPNETSECURITY.COM
21 MayCISA chief frets about open-source vulnerabilities, delayed security improvementsActing director Nick Andersen’s comments came as a wave of malware attacks hit tech that’s publicly available for collaboration. The post CISA chief frets about open-source vulnerabilities, delayed security improvements appeared first on CyberScoop .CYBERSCOOP.COM
21 MayThe art of being ungovernableIn this edition of the Threat Source newsletter, William explores the value of being "ungovernable" in a professional setting, sharing how challenging the status quo and seeking out the smartest people in the room can lead to a more fulfilling and successful career.TALOSINTELLIGENCE.COM
21 MayTrump postpones executive order focused on AI securityUnder a draft executive order, the NSA, Treasury Department and other federal agencies would get 90-days to test new models for cybersecurity and national security concerns. The post Trump postpones executive order focused on AI security appeared first on CyberScoop .CYBERSCOOP.COM
21 MayGlobal law enforcement operation takes First VPN offlinePolice seized First VPN in a global crackdown, exposed its cybercrime users, and shut down infrastructure tied to ransomware and data theft. A major international law enforcement operation has taken First VPN offline, a service that had become a quiet staple for ransomware crews,…SECURITYAFFAIRS.COM
21 MayLaw enforcement shuts down VPN service used by two dozen ransomware gangsFirst VPN promised hackers complete anonymity for their cyberattacks. But Europol said it was able to notify the service’s users that they have now been identified.TECHCRUNCH.COM
21 MayThat shield has cracks in it.Microsoft confirms active exploitation of two Defender flaws. Europol dismantles a VPN service tied to ransomware gangs. A nine-year-old Linux kernel bug exposes SSH keys and password hashes. Cisco patches a critical Secure Workload vulnerability, while Drupal fixes a highly crit…THECYBERWIRE.COM
21 May[Heads Up] GitHub Breach Shows Developer Tools Are Social Engineering TargetsGitHub disclosed that attackers accessed its internal repositories after compromising an employee device through a poisoned Visual Studio Code extension. The company said the activity appears limited to GitHub-owned internal repositories, with the attacker’s claim of roughly 3,80…KNOWBE4.COM
21 MayFCC, Github, MiniShai-hulud, Stated of Supply Chain, Itron, CRA, NIS2, and more!! - PSW #927In the security news this week: - FCC router bans and the hidden firmware update problem - Why extending support timelines actually improves security - Github supply chain concerns and the evolving SBOM ecosystem - CRA and NIS2 compliance deadlines are getting very real - The EU …YOUTUBE.COM
21 MayNew Verizon Report Reveals the Security Gap Attackers Are Exploiting MostVerizon’s 2026 DBIR shows vulnerability exploitation, AI-enabled attacks, third-party risk, and ransomware are reshaping cyber threats. The post New Verizon Report Reveals the Security Gap Attackers Are Exploiting Most appeared first on TechRepublic .TECHREPUBLIC.COM
21 May KEVEU’s 24-Hour Security DeadlineThe EU Cyber Resilience Act introduces a 24-hour disclosure requirement for actively exploited vulnerabilities affecting connected products sold in Europe. That includes hardware, firmware, submodules, and software dependencies. For many organizations, the challenge is not just p…YOUTUBE.COM
21 MayQuantifying 2026 Routinely Targeted Vulnerabilities (So Far)VulnCheck identified 25 CVEs disclosed in 2026 that have been routinely targeted by adversaries and researchers so far this year, drawing from a global body of exploit code and exploitation data.VULNCHECK.COM
20 MayWindows 11 BitLocker Zero-Day, TeamPCP Malware Leak, Iran Gas Station Hacks | Cybersecurity TodayA serious new Windows 11 BitLocker vulnerability, open-sourced offensive malware tools, a suspected Iranian cyber campaign targeting U.S. fuel infrastructure, and malware that appears designed to interfere with nuclear weapons simulation systems. Cybersecurity Today would like to…CYBERSECURITYTODAY.LIBSYN.COM
20 MayGitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal RepositoriesGitHub on Tuesday said it's investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform's source code and internal organizations for sale on a cybercrime forum. "While we currently have no evidence of impact…THEHACKERNEWS.COM
20 MayGrafana GitHub Breach Exposes Source Code via TanStack npm AttackGrafana Labs, on May 19, 2026, said an investigation into its recent breach found no evidence of customer production systems or operations being compromised. It said the scope of the incident is limited to the Grafana Labs GitHub environment, which includes public and private sou…THEHACKERNEWS.COM
20 MayPoC Exploit Released for DirtyDecrypt Linux Kernel VulnerabilityPoC exploit code for the DirtyDecrypt (DirtyCBC) Linux kernel vulnerability has been released publicly, turning a previously theoretical local privilege escalation into a practical, copy‑paste exploit path to root on specific Linux distributions. DirtyDecrypt (also called DirtyCB…GBHACKERS.COM
20 MayHackers Exploit MSHTA to Deploy LummaStealer and Amatera MalwareHackers are increasingly abusing the legacy Microsoft HTML Application Host (MSHTA) utility to deliver commodity malware such as LummaStealer and Amatera. Despite being tied to Internet Explorer, which was retired in 2022, MSHTA remains default in Windows, making it an attractive…GBHACKERS.COM
20 MayGitHub Source Code Reportedly Compromised, TeamPCP Claims BreachA threat actor group known as TeamPCP has claimed responsibility for a significant breach involving GitHub’s internal systems, alleging the theft of sensitive source code and proprietary organizational data. The group is currently offering the allegedly stolen dataset for sale on…GBHACKERS.COM
20 MayRisky Business #838 -- GitHub investigates possible breachOn this week’s show Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover: GitHub announced a possible breach CISA leaks important creds, keys in public repo Awful vulnerability in Bitlocker renders it useless without a PIN So. Many. Patche…RISKY.BIZ
20 MayNew NGINX Vulnerability Exposes Servers to Malicious Code ExecutionNGINX has disclosed a new high‑severity vulnerability in its JavaScript module that can allow remote attackers to crash servers and, in specific conditions, execute arbitrary code on vulnerable systems. F5 has published a security advisory (K000161307) describing a flaw in the NG…GBHACKERS.COM
20 MayAlleged Huawei zero-day blamed for the 2025 Luxembourg telecom crashA Huawei zero-day flaw reportedly caused Luxembourg’s 2025 nationwide outage, disrupting landline, 4G/5G, and emergency services On July 23, 2025, a nationwide telecom outage in Luxembourg was reportedly triggered by a previously undisclosed flaw in Huawei enterprise routers. The…SECURITYAFFAIRS.COM
20 MayInterpol's 'Operation Ramz' Pioneers Cross-Region Collabs in Middle EastWhile the numbers are modest, the crackdown on cybercrime involved 13 countries in the MENA region, the largest law enforcement collaboration to date.DARKREADING.COM
20 MayVerizon DBIR: Vulnerability Exploits Overtake Credentials as Top Access VectorVerizon DBIR finds 31% of data breaches began with software flaws last yearINFOSECURITY-MAGAZINE.COM
20 MayTeamPCP GitHub Breach: Internal GitHub Repositories Allegedly AccessedTeamPCP GitHub Breach: Internal GitHub Repositories Allegedly Accessed TeamPCP is back in the headlines, and this time the target is not a plugin, a CI/CD pipeline, or an open-source package. The group is claiming access to GitHub itself, one of the most critical pieces of infras…SOCRADAR.IO
20 MayShift to Prevention and Enforcement as We Repeat Security Mistakes With AI - Rob Allen - BSW #448Over the last decade, cybersecurity heavily invested in EDR, XDR, SIEM, telemetry, and SOC-driven operations. We stopped asking how to stop attacks and started asking how fast we could detect them. However, Mythos and frontier models have changed that paradigm. How do you detect …YOUTUBE.COM
20 MayGitHub confirms internal repository theft as TeamPCP claims attackGitHub disclosed that it is investigating unauthorized access to its internal repositories after attackers compromised an employee's device through a malicious Visual Studio Code extension. The company says there is currently no evidence that customer repositories or enterprise d…CYBERINSIDER.COM
20 MayTeamPCP breached GitHub’s internal codebase via poisoned VS Code extensionFollowing TeamPCP’s claim that they’ve breached GitHub’s own private code repositories, the Microsoft-owned company launched an investigation and confirmed the compromise. “Our current assessment is that the activity involved exfiltration of GitHub-interna…HELPNETSECURITY.COM
20 MaySHub Reaper impersonates Apple, Google, and Microsoft in one MacOS attack chainA newly disclosed macOS infostealer campaign is exploiting user trust in some of the biggest names in tech to slip past defenses. Researchers at SentinelOne have detailed a new variant of the SHub malware family, dubbed “Reaper,” that impersonates Apple, Google, and Microsoft at …CSOONLINE.COM
20 MayArmorCode gives security teams AI workers for exposure and remediationArmorCode has announced Anya Agents, a new agentic AI framework delivered on the patented ArmorCode Agentic AI Platform that enables organizations to operationalize AI-driven security workflows at enterprise scale. Built on ArmorCode’s Context Risk Graph, Anya Agents help securit…HELPNETSECURITY.COM
20 MayMicrosoft Open-Sources RAMPART and Clarity to Secure AI Agents During DevelopmentMicrosoft has unveiled two new open-source tools called RAMPART and Clarity to assist developers in better testing the security of artificial intelligence (AI) agents. RAMPART, short for Risk Assessment and Measurement Platform for Agentic Red Teaming, functions as a Pytest-nativ…THEHACKERNEWS.COM
20 MayGrafana GitHub Security Incident Reportedly Connected to TanStack npm RansomwareGrafana Labs has disclosed a targeted GitHub security incident linked to the ongoing TanStack npm supply chain ransomware campaign, raising concerns about software development pipeline security and token management practices. The company confirmed that attackers gained unauthoriz…GBHACKERS.COM
20 MayGremlin Stealer Hides C2 and Exfiltration Paths in Encrypted ResourcesA newly identified variant of the Gremlin stealer malware is leveraging advanced obfuscation techniques to conceal its command-and-control (C2) infrastructure and data exfiltration logic within encrypted .NET resource sections. This evolution highlights a significant shift toward…GBHACKERS.COM
20 MayOld Breaches Resold as New Corporate Data LeaksDark web data brokers are increasingly recycling old breach data and marketing it as fresh corporate leaks. The activity, largely observed in Chinese-language cybercrime forums and Telegram channels, is creating confusion among organizations and diverting security resources towar…GBHACKERS.COM
20 MayGitHub admits major source code leak after 3,800 internal repositories breachedMicrosoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers exfiltrated code from around 3,800 of the company’s internal repositories. News of the incident first emerged on May 19, when GitHub said it was investigating “unau…CSOONLINE.COM
20 MayImplement agentic AI in cybersecurity with Tenable Hexa AI: Reduce cyber risk at machine speedAs frontier AI models collapse the traditional exploit window, Tenable Hexa AI transforms the security operating model from manual triage to agentic orchestration. See how you can automate vulnerability remediation and super-charge exposure management with Tenable Hexa AI. Key ta…TENABLE.COM
20 MayUkraine probes teen suspect in cyber theft scheme targeting California online shoppersThe investigation began after U.S. authorities informed their Ukrainian counterparts that hackers operating from Ukraine could be involved in attacks targeting users of American e-commerce platforms, Ukraine's Prosecutor General said.THERECORD.MEDIA
20 MayCompromised coding tool helped hackers breach thousands of GitHub repositoriesThe attack is the latest example of hackers’ intense focus on open-source packages.CYBERSECURITYDIVE.COM
20 MayCarding site B1ack’s Stash dumps 4.6 Million stolen cards for freeCarding forum B1ack’s Stash claims to have released millions of stolen CVV2 payment card records for free after suspending sellers. B1ack’s Stash, one of the most active stolen card marketplaces on the dark web, has released 4.6 million credit card records for free, n…SECURITYAFFAIRS.COM
20 MayPatch Now: Critical Flaw in OT Robot OS Gives Attackers ControlAn unauthenticated attacker can exploit the command injection vulnerability to gain remote access to robotic systems, causing significant disruption to the environment.DARKREADING.COM
20 MayVerizon DBIR: Vulnerability exploitation is the dominant initial access vectorVulnerability exploitation has overtaken stolen credentials as the most common way attackers gain initial access to target networks, according to the 2026 Verizon Data Breach Investigations Report. This is the first time credential theft has been knocked off the top spot in the r…HELPNETSECURITY.COM
20 MayNanoCo lands $12 million seed funding, launches enterprise assistant built on NanoClawNanoCo announced a $12 million seed round, alongside the commercial launch of a professional assistant built on its open-source agent framework NanoClaw. Valley Capital Partners led the round. Docker, Vercel, monday.com, Slow Ventures, Clutch Capital, Factorial Capital, and Huggi…HELPNETSECURITY.COM
20 MayOperationalizing CTEM Faster: Build Surface Command Dashboards in MinutesModern attack surfaces don’t sit still. Cloud expansion, SaaS sprawl, identity complexity, and shadow IT are continuously reshaping organizational risk. For security leaders, visibility isn’t the challenge anymore, but actually operationalizing that visibility is. Surface Command…RAPID7.COM
20 MayThe cost of trusting the extension ecosystem.GitHub confirms a breach tied to a malicious VS Code extension. Anthropic fights a Pentagon blacklist as the White House weighs new AI security rules. Drupal scrambles to patch a critical flaw. Cisco Talos tracks the evolution of BadIIS malware-for-hire. Signal adds anti-phishing…THECYBERWIRE.COM
20 MayGitHub Confirms Breach, 4K Internal Repos StolenOpen source software giant GitHub confirmed a data breach this week involving the theft of thousands of repos. One threat actor — TeamPCP — took credit.DARKREADING.COM
20 MayThe AI Kill Switch ProblemThe UK is discussing cybersecurity legislation that could include emergency shutdown mechanisms — “kill switches” — for advanced AI systems that threaten national security or human life. The speaker argues that emergency stop capabilities are reasonable at the system level. AI sy…YOUTUBE.COM
20 MayPinTheft: Another Linux Privilege Escalation, Another Working Exploit, This Time Targeting ArchPinTheft is a Linux LPE flaw in the RDS subsystem with public exploit code. Arch Linux users face the highest risk and should patch immediately. The wave of Linux local privilege escalation vulnerabilities showing up with working exploit code is not slowing down. The latest is Pi…SECURITYAFFAIRS.COM
20 MayFake Android Apps Commit Carrier Billing Fraud for Premium Svcs.The disguised apps use WebView automation, JavaScript injection, and OTP interception to avoid detection and complete fraudulent subscriptions.DARKREADING.COM
20 MayIntroducing RAMPART and Clarity: Open source tools to bring safety into Agent development workflowThe AI systems shipping inside enterprises today are fundamentally different from the ones we were building even two years ago, because they have moved well past answering questions and into accessing your email, retrieving records from your CRM, writing and executing code, and t…MICROSOFT.COM
19 MayCTT - 468,124 breached accountsIn April 2026, data allegedly obtained from CTT, Portugal's national postal service, was posted to a public hacking forum . The data included 468k unique email addresses along with names, phone numbers and parcel tracking numbers which can be used to retrieve the tracking history…HAVEIBEENPWNED.COM
19 MayGitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD CredentialsIn yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious code that harvests sensitive credentials and exfiltrates them to an attacker-controlled server. "Every existing tag in the…THEHACKERNEWS.COM
19 MayCISA Admin Reportedly Exposes AWS GovCloud Credentials in Public GitHub RepositoryA significant security lapse involving the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has come to light after a contractor reportedly exposed highly sensitive AWS GovCloud credentials in a public GitHub repository. The incident, disclosed by security researchers…GBHACKERS.COM
19 MaySEPPmail Gateway Flaws Expose Organizations to RCE and Email Traffic InterceptionMultiple critical vulnerabilities in the SEPPmail Secure E-Mail Gateway are putting thousands of organizations at risk of remote code execution (RCE) and the interception of sensitive email. The flaws, tracked under several CVEs, impact widely deployed SEPPmail appliances used fo…GBHACKERS.COM
19 MayMythos Preview Automates PoC Exploit Creation for Vulnerability ResearchA new AI model from Anthropic is changing how security teams find and prove software vulnerabilities. It is raising hard questions about what happens when the same technology falls into the wrong hands. Cloudflare has published findings from its participation in Project Glasswing…GBHACKERS.COM
19 MayPublic Instagram posts provide raw material for AI phishing campaignsA handful of public Instagram posts can give attackers enough material to generate convincing phishing emails with GenAI. Research from the University of Texas at Arlington and Louisiana State University showed how public social media activity can be turned into phishing messages…HELPNETSECURITY.COM
19 MayEarbud sensors can authenticate users by their heartbeat, study findsResearchers built a continuous authentication system called AccLock that identifies a wearer by the tiny vibrations a heartbeat makes inside the ear canal. The signal comes from an accelerometer of the kind already sitting inside many wireless earbuds, so no extra hardware is nee…HELPNETSECURITY.COM
19 MayCompromised GitHub Action Steals Workflow CredentialsA widely used GitHub Action, actions-cool/issues-helper, has been compromised in a supply chain attack that exposes sensitive CI/CD secrets to an attacker-controlled domain. The attack hinges on a subtle but powerful manipulation of Git tags. Instead of altering the visible commi…GBHACKERS.COM
19 MayHackers Exploit Entra ID Accounts to Steal Microsoft 365, Azure DataHackers Abuse Microsoft Entra ID Accounts to Exfiltrate Microsoft 365 and Azure Data. A highly sophisticated cyberattack campaign carried out by a threat actor tracked as Storm-2949, targeting Microsoft Entra ID accounts to steal sensitive data from Microsoft 365 and Azure enviro…GBHACKERS.COM
19 MayProtecting the Neglected: Measuring County Cyber Risk with Dr. Ido Sivan SevillaIn this episode, host Caleb Tolin sits down with Dr. Ido Sivan Sevilla, an Assistant Professor at the Hebrew University School of Public Policy & Governance and the School of Computer Science and Engineering, to expose critical vulnerabilities within U.S. county governments. As t…THECYBERWIRE.COM
19 MayiProov brings identity verification to video meetings to reduce fraud risksiProov has launched iProov Verified Meetings, a new solution that enables organizations to verify the identity of video call participants without adding friction to the user experience. Video meetings have become a trusted and scalable communication channel, but attackers are inc…HELPNETSECURITY.COM
19 MayPostgreSQL Flaws Expose Databases to Remote Code Execution and SQL InjectionPostgreSQL has released critical security updates addressing multiple high-impact vulnerabilities that could allow remote code execution (RCE), SQL injection, and denial-of-service (DoS) attacks across widely deployed database environments. The PostgreSQL Global Development Group…GBHACKERS.COM
19 MayShai-Hulud worm copycats emerge after source code leakShai-Hulud worm copycats are already attacking NPM developers after its source code leaked, enabling fast supply chain exploitation. The first copycats of the Shai-Hulud worm have already started showing up online, only a few days after the malware’s source code was dumped on Git…SECURITYAFFAIRS.COM
19 May7 tips for accelerating cyber incident recoveryDespite strong and redundant defenses, enterprises remain vulnerable to a wide range of cyberattacks. And because attacks — and cyber incidents — are inevitable, developing an incident response and recovery process that’s quick, comprehensive, and coordinated is essential. Expedi…CSOONLINE.COM
19 MayGrafana Labs Confirms Hackers Stole Source CodeOpen source tool maker Grafana says hackers stole codebase via GitHub breachINFOSECURITY-MAGAZINE.COM
19 MaySEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic AccessCritical security vulnerabilities have been disclosed in SEPPMail Secure E-Mail Gateway, an enterprise-grade email security solution, that could be exploited to achieve remote code execution and enable an attacker to read arbitrary mails from the virtual appliance. "These vulnera…THEHACKERNEWS.COM
19 MayOperation Ramz Dismantles 53 Servers Used in Scam and Malware CampaignsA large-scale international cybercrime operation led by INTERPOL has resulted in 201 arrests and the takedown of 53 malicious servers linked to phishing, malware, and online scam campaigns across the Middle East and North Africa (MENA) region. Dubbed Operation Ramz, the init…GBHACKERS.COM
19 MayDrupal to Release Urgent Core Security Updates on May 20, Sites Told to PrepareDrupal has issued an alert stating that it intends to release a "core security release" for all supported branches on May 20, 2026, from 5-9 p.m. UTC. "The Drupal Security Team urges you to reserve time for core updates at that time because exploits might be developed within hour…THEHACKERNEWS.COM
19 MayUAC-0184 Uses Bitsadmin and HTA Files to Deliver Gated MalwareUAC-0184 uses a multi‑stage malware chain that abuses bitsadmin and HTA loaders to reach a heavily obfuscated payload bundle, ultimately hiding behind signed binaries such as VSLauncher.exe and PassMark Endpoint to gain stealthy network access on Ukrainian military networks. CERT…GBHACKERS.COM
19 MayAI Raises the Bar on Vulnerability Awareness and Secure-by-Design SoftwareAI-powered vulnerability scanning leaves no excuse for unpatched bugs as the EU Cyber Resilience Act pushes firms toward secure-by-design softwareINFOSECURITY-MAGAZINE.COM
19 MayPhishing Campaign Exploits Google AppSheets to Target Facebook AccountsResearchers at Guardo Labs are tracking a major phishing campaign that abused Google AppSheet as a relay to send phishing emails. The researchers identified more than 30,000 Facebook accounts that were compromised by this campaign. Since the emails are sent from Google’s legitima…KNOWBE4.COM
19 MayInternet Explorer may be dead, but its ghost still runs malwareMicrosoft’s aging “mshta.exe” utility, a leftover component from Internet Explorer, is still being actively abused in modern malware campaigns years after the browser itself was retired. According to new research from Bitdefender, attackers continue to abuse Microsoft HTML Applic…CSOONLINE.COM
19 MayPureLogs infostealer is stealing credentials worldwideA phishing campaign is smuggling the powerful PureLogs information stealer onto targets’ Windows machines by hiding encrypted malicious payloads inside cat photos, Fortinet researchers discovered. The attack The attack starts with a phishing email containing a TXZ archive a…HELPNETSECURITY.COM
19 MayHackers have compromised dozens of popular open source packages in an ongoing supply chain attackThe attacks are part of a wider campaign known as Mini Shai-Hulud, which has already compromised several open source projects and, in turn, developers and companies that use them.TECHCRUNCH.COM
19 MayGitHub scales back bug bounties, reminds users security is their responsibility tooFaced with the growing volume of submission to its bug bounty program, GitHub is replacing cash bounties with swag rewards for reports with low security impact — and asking researchers to stop submitting reports that are low quality or about things that aren’t its fault. The clou…CSOONLINE.COM
19 MayMini Shai-Hulud returns, compromising hundreds of npm packagesAnother malware wave is washing through open-source software repos, stealing publishing tokens, installing OS‑level backdoors and persisting in developer tools and CI pipelines. The post Mini Shai-Hulud returns, compromising hundreds of npm packages appeared first on CyberScoop .CYBERSCOOP.COM
19 MayPatch bypass allows hackers to exploit prior flaw in SonicWall SSL-VPNResearchers said a wave of attacks began in February targeting firewalls that appeared to be protected. CYBERSECURITYDIVE.COM
19 MayRapid7’s 2026 Global Cybersecurity Summit: Key Takeaways for Security LeadersSecurity teams are working in an environment where speed, scale, and complexity are all increasing at the same time. Across the Rapid7 2026 Global Cybersecurity Summit , the focus was not just on how the threat landscape is evolving, but on how teams are adapting their approach t…RAPID7.COM
19 MayTP-Link, Photoshop, OpenVPN, Norton VPN vulnerabilitiesCisco Talos’ Vulnerability Discovery & Research team recently disclosed eight vulnerabilities in TP-Link, and one each in Adobe Photoshop, OpenVPN, and Gen Digital's Norton VPN. The vulnerabilities mentioned in this blog post have been patched by their respective …TALOSINTELLIGENCE.COM
19 MayGoverning infrastructure as code using pattern-based policy as codeOrganizations often struggle to enforce security and compliance requirements consistently across their cloud infrastructure. In one environment, a workload might be deployed in an AWS Region that was never approved for that class of data. In another, a security group might allow …AWS.AMAZON.COM
19 MayTrapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 AppsCybersecurity researchers have disclosed details of a new ad fraud and malvertising operation dubbed Trapdoor targeting Android device users. The activity, per HUMAN's Satori Threat Intelligence and Research Team, encompassed 455 malicious Android apps and 183 threat actor-owned …THEHACKERNEWS.COM
19 MayMicrosoft dismantled malware-signing network Fox TempestMicrosoft disrupted Fox Tempest, a malware-signing-as-a-service (MSaaS) that allowed attackers to sign malware with fake trusted certificates. Microsoft said it disrupted a cybercrime operation run by a threat actor named Fox Tempest, which helped threat actors sign malware with …SECURITYAFFAIRS.COM
19 MayNews alert: Orchid Security study finds invisible identities now outnumber managed accountsNEW YORK, May 19, 2026, CyberNewswire— Orchid Security , the company solving identity at its core, today released its Identity Gap: 2026 Snapshot report, revealing that the majority of enterprise identity now exists outside the view of identity and access … (more…) The post…LASTWATCHDOG.COM
19 MayAntV data visualization tool the latest to be hit by ongoing npm supply chain attacksThe world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, this time targeting the widely-used AntV enterprise data visualization tool. Unlike last week’s high-profile npm attack on TanStack , which exploited a comple…CSOONLINE.COM
19 MayHuawei zero-day attack behind last year’s crash of Luxembourg's entire telecoms networkThere is no evidence that the incident has recurred, but the flaw remains unexplained and has not been publicly acknowledged by the company.THERECORD.MEDIA
19 MayCISA secrets left sitting on GitHub.A CISA contractor leaks GovCloud credentials on GitHub. INTERPOL cracks down on phishing infrastructure across the Middle East and North Africa. Microsoft patches a critical Authenticator flaw, while Poland moves officials off Signal after targeted phishing campaigns. A stealthie…THECYBERWIRE.COM
19 MayAttackers hit vulnerabilities hard last year, making exploits the top entry point for breachesVerizon’s annual Data Breach Investigations Report uncovered a surge of exploited vulnerabilities, and a growing lack of critical defect remediation industrywide. The post Attackers hit vulnerabilities hard last year, making exploits the top entry point for breaches appeared firs…CYBERSCOOP.COM
19 MayWindows Zero-Day Barrage Continues After Patch TuesdayYellowKey, GreenPlasma, and MiniPlasma add to the growing list of vulnerabilities a security researcher disclosed over the past six weeks.DARKREADING.COM
19 MayAI Spam Is Breaking Bug BountiesBug bounty programs created a structured way for security researchers to report vulnerabilities while helping software companies improve products without relying entirely on internal QA teams. The speaker argues that generative AI is now overwhelming some of these programs with l…YOUTUBE.COM
19 MayVerizon DBIR: Enterprises Face a Dangerous Vulnerability GlutVerizon's "2026 Data Breach Investigations Report" ("DBIR") finds that exploits are now involved in 31% of initial access for breaches, while patching lags too far behind the bad guys.DARKREADING.COM
19 MayMultiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code ExecutionMultiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large…CISECURITY.ORG
19 MaySN 1079: Daybreak and Codename MDASH - Microsoft's Edge Password BlunderOpenAI, Microsoft, and Google are racing to unleash next-gen AI that hunts for software vulnerabilities and hacks at scale. This episode explores how these advancements could shake up everything we thought we knew about cybersecurity. Microsoft rethinks Edge's "intended behavior"…TWIT.TV
18 MayThe Boring Stuff is Dangerous NowAI agents capable of discovering and exploiting obscure vulnerabilities are emerging alongside developers producing vast amounts of potentially flawed AI-generated code, forcing defenders to adapt accordingly.DARKREADING.COM
18 MayWhen ransomware hits, confidence doesn’t restore endpointsRansomware, supply chain vulnerabilities, insider threats, compliance failures, and software disruptions remain major concerns for security leaders, according to The Ransomware Reality: Zero Days to Recover report by Absolute Security. How CISOs currently ensure endpoint resilien…HELPNETSECURITY.COM
18 MayClaude Code Vulnerability Allows Attackers to Run Commands Through Crafted DeeplinksA recently disclosed flaw in Claude Code allowed attackers to execute arbitrary system commands using a single crafted deeplink URL, turning a convenience feature into a remote code execution (RCE) vector. The issue, documented by security researcher Joernchen, has been fixed in …GBHACKERS.COM
18 MayFormer CISA nominee Sean Plankey named US CEO of defense startupUFORCE, a London-based company founded by Ukrainians, is looking to make drones in America. The post Former CISA nominee Sean Plankey named US CEO of defense startup appeared first on CyberScoop .CYBERSCOOP.COM
18 MayCrafted JPEGs Could Trigger PHP Memory Bugs for ExploitationPHP, one of the most widely used web programming languages, is rarely viewed as a direct attack surface at its core level. Security focus typically shifts toward frameworks and third-party libraries. However, new research shows that PHP’s built-in functionality specifically the e…GBHACKERS.COM
18 MayResearchers Build First Public Apple M5 macOS Kernel Exploit with Mythos PreviewSecurity researchers have unveiled the first publicly known macOS kernel memory corruption exploit targeting Apple’s latest M5 silicon, marking a significant moment for both offensive security and Apple’s next-generation defenses. The exploit, developed in collaboration with Myth…GBHACKERS.COM
18 MayMalicious npm Packages Steal SSH Keys, Cloud Credentials, and Crypto WalletsA new supply chain attack campaign targeting developers has surfaced in the npm ecosystem, with four malicious packages discovered stealing sensitive data, including SSH keys, cloud credentials, and cryptocurrency wallets. The campaign, identified by OX Security within the past 2…GBHACKERS.COM
18 MayLyrie: Open-source autonomous pentesting agentPenetration testing has usually required weeks of manual work, specialized tooling, and teams with narrow skill sets. Lyrie, an open-source autonomous security agent built by OTT Cybersecurity, compresses that process into a command line tool and publishes the entire codebase. Th…HELPNETSECURITY.COM
18 MayAI shrinks vulnerability exploitation window to hoursTime has become organizations’ biggest vulnerability because the gap between vulnerability discovery and exploitation has narrowed to hours, according to Synack’s 2026 State of Vulnerabilities Report. Total vulnerabilities by severity (2022-2025) (Source: Synack) AI expands the a…HELPNETSECURITY.COM
18 MayCritical FunnelKit Vulnerability Puts 40,000+ WooCommerce Sites at RiskA critical security vulnerability in the Funnel Builder plugin by FunnelKit is actively being exploited, putting more than 40,000 WooCommerce websites at risk of payment data theft. The vulnerability affects all Funnel Builder versions prior to 3.15.0.3 and allows unauthenticated…GBHACKERS.COM
18 Mayn8n Security Flaws Could Let Attackers Achieve Remote Code ExecutionA set of critical vulnerabilities in the popular workflow automation platform n8n has raised serious security concerns, with researchers warning that attackers could chain multiple flaws to achieve full remote code execution (RCE) on affected systems. The issues, disclosed in mul…GBHACKERS.COM
18 May201 arrested in INTERPOL disruption of phishing and fraud networksOperation Ramz, a cybercrime initiative coordinated by INTERPOL across the MENA region, focused on disrupting phishing campaigns, malware activity, and cyber scams that caused substantial financial losses across the region. The operation resulted in the arrest of 201 individuals …HELPNETSECURITY.COM
18 MayWhy the best security investment a board can make in 2026 isn’t another toolThere is a conversation that happens in boardrooms every quarter that security leaders will recognize. The CISO presents the threat landscape. The board asks what the company needs. The answer, almost always, is another tool. Another platform, another module, another vendor to cl…CSOONLINE.COM
18 MayAI coding is fueling a secrets-sprawl crisis few CISOs are containingWhen Matt Schlicht built Moltbook, the social network where AI agents talk to one another, he didn’t write the code himself . He “just had a vision,” and vibe-coded it. The social network launched on Jan. 28, 2026, and within days, security researchers started to see serious secu…CSOONLINE.COM
18 MayAI Has a data problem, cascading breaches, and the weekly news - Dimitri Sirota - ESW #459### Interview with Dimitri Sirota from BigID Most organizations think AI risk lives in the model – or the identity. It doesn’t. It lives in the data. In this episode, BigID’s CEO reframes the conversation: why legacy access controls are breaking down, why visibility into sensitiv…YOUTUBE.COM
18 MaySecurity Researchers Find 47 Zero-Days at Pwn2Own BerlinThe research community was awarded $1.3m as it found dozens of novel vulnerabilities at Pwn2Own BerlinINFOSECURITY-MAGAZINE.COM
18 MayAttackers accessed, downloaded code from Grafana Labs’ GitHubA threat actor has managed to access Grafana Labs’ GitHub environment and download the company’s codebase, the open-source observability and data visualization firm announced on Sunday. The breach is significant given Grafana Labs’ widespread use across enterpri…HELPNETSECURITY.COM
18 MayMiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched SystemsChaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and GreenPlasma, has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day flaw that grants attackers SYSTEM privileges on fully patched Windows systems. Codena…THEHACKERNEWS.COM
18 MayFour Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS MalwareCybersecurity researchers have discovered four new npm packages containing information-stealing malware, one of which is a clone of the Shai-Hulud worm open-sourced by TeamPCP. The list of identified packages is below - chalk-tempalte (825 Downloads) @deadcode09284814/axios-util …THEHACKERNEWS.COM
18 MayZero-Day Exploit Against Windows BitLockerIt’s nasty , but it requires physical access to the computer: The exploit, named YellowKey, was published earlier this week by a researcher who goes by the alias Nightmare-Eclipse. It reliably bypasses default Windows 11 deployments of BitLocker, the full-volume encryption …SCHNEIER.COM
18 MayGremlin Stealer Hides Payloads in .NET Resources to Evade DetectionA newly discovered variant of the Gremlin Stealer is raising concerns among security researchers by adopting stealth-focused techniques that significantly reduce its detection footprint. Gremlin Stealer is an information-stealing malware actively sold on Telegram. It targets a wi…GBHACKERS.COM
18 MayNew image-based prompt injection attack targets multimodal AI modelsSecurity researchers have developed a new image-based prompt injection attack that can manipulate how multimodal AI systems interpret user instructions without modifying the original text prompt, potentially expanding security risks for AI agents and vision-language systems. In a…CSOONLINE.COM
18 MayOpen source tool maker Grafana Labs says hackers stole its code, refuses to pay ransomThe open source project said hackers stole its codebase and threatened to publish its source code if the company did not pay.TECHCRUNCH.COM
18 MayAI Security Shifts To Data ControlMost organizations today use commercial AI systems rather than hosting or training their own models. That includes platforms like OpenAI, Gemini, Microsoft Copilot, and Anthropic. This shift changes the security problem. Instead of focusing on testing model vulnerabilities, organ…YOUTUBE.COM
18 MayShinyHunters hack 7-Eleven: franchisee data and Salesforce records exposed7-Eleven confirmed a breach after ShinyHunters claimed theft of over 600,000 Salesforce records and franchisee data. 7-Eleven has confirmed a data breach after the ShinyHunters hacking group claimed it stole more than 600,000 Salesforce records containing personal and corporate i…SECURITYAFFAIRS.COM
18 May⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and MoreMonday opens with a trust problem. A mail server flaw is under active use. A network control system was targeted. Trusted packages were poisoned. A fake model page pushed a stealer. Then came the familiar ransom claim: the data was returned and deleted. The pattern is clear. One …THEHACKERNEWS.COM
18 MayResearchers craft a kernel exploit on Apple's M5 chips, with help from Mythos.Santa Clara County files lawsuit against Meta over alleged advertising practices. IBM security executive eyed for CISA director.THECYBERWIRE.COM
18 May18th May – Threat Intelligence ReportFor the latest discoveries in cyber research for the week of 18th May, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Vodafone, a major international telecom, has sustained a source code leak claimed by the Lapsus$ extortion group. The company confirme…RESEARCH.CHECKPOINT.COM
18 MayMY TAKE: AI agents force a rethink of enterprise service lines as vendors move up the tech tackORLANDO — Companies are pulling AI agents into their daily operations through a dozen side doors. Related: SaaS and AI agents converge One of them was in focus at KB4-CON , KnowBe4’s annual customer conference at the Marriott World Center … (more…) The post MY TAKE: AI agen…LASTWATCHDOG.COM
18 MayAI cyberattackers are getting better fasterThe ability of AI models to perform end-to-end, multi-stage penetration tests that match the capabilities of humans undertaking the same tasks has improved dramatically in recent months, according to new benchmarks published by the UK government’s AI Security Institute (AISI). In…CSOONLINE.COM
18 MayMicrosoft: Edge 148 will stop loading cleartext passwords in memoryMicrosoft says it is changing how Edge handles saved passwords in memory following public criticism and the release of a proof-of-concept tool that demonstrated credentials could be extracted in cleartext from the browser’s process memory. Microsoft confirmed that future versions…CYBERINSIDER.COM
18 MayAI is drowning software maintainers in junk security reportsAI-assisted vulnerability research has exploded, unleashing a firehose of low-quality reports on overworked software maintainers who are wasting hours sifting through noise instead of fixing real problems. Linus Torvalds, the Linux kernel’s creator, says the flood has made …HELPNETSECURITY.COM
18 MayGame over for 74 suspected scammers after Dutch cops plastered their faces on billboardsThe Dutch police’s Game Over?! campaign, which publicly displays images of suspected fraudsters to encourage self-surrenders and gather public tips, is proving successful, with the identities of 74 of the 100 suspects shown already identified. A digital display promoting the Dutc…HELPNETSECURITY.COM
18 MayAI Ends Productivity GuessworkAI tools and LLM-based workflows are changing how work output is produced and evaluated. Unlike traditional office environments or early remote work, output can now be tracked more directly through generated results and activity. This shifts productivity measurement away from phy…YOUTUBE.COM
18 MayGrafana confirms GitHub token breach cybercrime group claims the attackGrafana confirmed a GitHub token breach that exposed source code, but said no customer data or systems were affected. Grafana Labs confirmed a security incident after the extortion group Coinbase Cartel listed it on a leak site and claimed data theft on May 15. The breach was tri…SECURITYAFFAIRS.COM
18 MayMicrosoft May security patch fails for some due to boot partition size glitch“Something didn’t go as planned. Undoing changes.” That’s all the clue some Windows 11 users will get when Microsoft’s May Security Update fails to install because of insufficient free space on the EFI System Partition (ESP), leaving their systems unprotected by the dozens of pat…CSOONLINE.COM
18 MayThe M5 just met its memory problem.Researchers crack Apple’s M5 memory protections with a kernel exploit. An IBM Security executive emerges as a possible CISA pick. Researchers uncover four malicious npm packages. AI-generated “slop” floods bug bounty programs. Major healthcare breaches hit the HHS tracker, 7-Elev…THECYBERWIRE.COM
18 MayAI might cut false positives, but it won’t stop the slopAnthropic and OpenAI promise their latest tools will find more vulnerabilities. Cybersecurity employees say they’re already flooded with AI-generated reports. The post AI might cut false positives, but it won’t stop the slop appeared first on CyberScoop .CYBERSCOOP.COM
18 MayShai-Hulud Worm Clones Spread After Code ReleaseThe release of Shai-Hulud source code spells trouble for software developers as researchers worry the self-replicating worm could scale.DARKREADING.COM
18 MayMultiple Vulnerabilities in NGINX Could Allow for Remote Code ExecutionMultiple vulnerabilities have been discovered in NGINX, the most severe of which could allow for remote code execution. NGINX is a software used for web serving, reverse proxying, caching, and load balancing. Successful exploitation of the most severe of these vulnerabilities may…CISECURITY.ORG
18 MayHow Storm-2949 turned a compromised identity into a cloud-wide breachStorm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft without using malware. This incident shows how threat actors can exploit trusted systems to operate undetected. The post How Storm-2949 turned a compromised id…MICROSOFT.COM
17 MayPwn2Own Berlin 2026, Day Three: DEVCORE Crowned Master of Pwn, $1.298 Million TotalPwn2Own Berlin 2026 ended with 47 zero-days and $1.29M in payouts, as DEVCORE dominated the competition across all categories. Pwn2Own Berlin 2026 ended after three intense days, with participants discovering 47 unique zero-days, and earning $1,298,250 in total payouts. Pwn2Own B…SECURITYAFFAIRS.COM
17 MayGrafana GitHub Token Breach Led to Codebase Download and Extortion AttemptGrafana has disclosed that an "unauthorized party" obtained a token that granted them the ability to access the company's GitHub environment and download its codebase. "Our investigation has determined that no customer data or personal information was accessed during this inciden…THEHACKERNEWS.COM
17 MayWeek in review: Cisco patches SD-WAN 0-day, unpatched Microsoft Exchange Server flaw exploitedHere’s an overview of some of last week’s most interesting news, articles, interviews and videos: Review: Foundations of Cybersecurity, 2nd edition Jason Andress has refreshed his introductory security text for No Starch Press. He writes in the introduction that the term security…HELPNETSECURITY.COM
17 MayGitHub Actions Cache Poisoning is eating open sourcesubmitted by codeinabox to security 3 points | 0 comments https://neciudan.dev/github-actions-poisoningPROGRAMMING.DEV
17 MayPwn2Own Berlin 2026 concludes with $1.29 million paid for 47 zero-daysPwn2Own Berlin 2026 wrapped up with another string of successful enterprise-targeted exploits, bringing the contest’s final tally to $1,298,250 awarded for 47 unique zero-day vulnerabilities discovered over three days. DEVCORE secured the “Master of Pwn” title with 50.5 points an…CYBERINSIDER.COM
17 MaySecurity Affairs newsletter Round 577 by Pierluigi Paganini – INTERNATIONAL EDITIONA new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Attackers exploit Funnel Buil…SECURITYAFFAIRS.COM
17 May KEVAttackers exploit Funnel Builder bug to inject e-skimmers into e-storesAttackers are exploiting a critical flaw in the WordPress Funnel Builder plugin to inject skimming code into WooCommerce checkout pages. A critical vulnerability in the WordPress Funnel Builder plugin is being actively exploited to inject malicious JavaScript into WooCommerce che…SECURITYAFFAIRS.COM
17 MayiodéOS review: Privacy-focused Android that doesn’t get in your wayiodéOS is a privacy-oriented Android operating system developed by the French company iodé, based on the Android Open Source Project (AOSP). The project focuses on reducing user tracking and dependence on Google services while still maintaining broad Android app compatibility and…CYBERINSIDER.COM
17 MayDebian 13.5 point release lands with security fixes, bug patchesDebian 13.5 is the fifth point release for the stable distribution “trixie.” The update folds in roughly 100 Debian Security Advisories and corrections for more than 130 source packages, covering everything from the Linux kernel and Apache HTTP Server to OpenSSH, sudo…HELPNETSECURITY.COM
16 MayInside CIRA: How Canada's .ca Registry Became a Global DNS & Cybersecurity ForceDavid Shipley interviews Jon Ferguson, VP at CIRA, about how the Canadian Internet Registration Authority evolved from early paper-based .ca registrations at UBC into a 142-person, member-based not-for-profit running .ca and authoritative Anycast DNS infrastructure now supporting…CYBERSECURITYTODAY.LIBSYN.COM
16 MayJDownloader Website Hack Exposes Windows and Linux Users to Malicious InstallersA popular open-source download manager trusted by millions suddenly became a malware delivery platform after attackers compromised its official website, replacing legitimate installers with trojanized versions targeting both Windows and Linux users. The incident, confirmed by JDo…GBHACKERS.COM
16 MayOpenAI and others deal with fallout from TanStack supply-chain attack.Disgruntled researcher discloses two Windows zero-days. Microsoft warns of critical zero-day in on-prem Exchange Servers.THECYBERWIRE.COM
16 MayOpenAI hit by supply chain attack linked to malicious TanStack packagesOpenAI said the TanStack supply chain attack compromised two employee devices and exposed credentials from code repositories. OpenAI confirmed that the recent TanStack supply chain attack compromised two employee devices and exposed credential material stored in internal source c…SECURITYAFFAIRS.COM
16 MayAI Broke Patch ManagementAI systems are now discovering software vulnerabilities at a pace that is forcing major vendors to rethink how they ship security updates. The speaker points to Mozilla fixes tied to Glasswing discoveries and Oracle shifting from quarterly to monthly patching cycles. That change …YOUTUBE.COM
16 MayFunnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout SkimmingA critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild to inject malicious JavaScript code into WooCommerce checkout pages with the goal of stealing payment data. Details of the activity were published by…THEHACKERNEWS.COM
15 MayHow a Google API Key Became an $8,000 AI Bill, Meta Scam Ads Lawsuit, and 73-Second Cyber AttacksGoogle Cloud customers are reporting shocking surprise bills after compromised or misused API keys were allegedly used to access expensive Gemini AI services. In one case, Rod Dinan says his monthly Google Cloud costs jumped from under $50 to nearly $8,000. Sydney developer Isuru…CYBERSECURITYTODAY.LIBSYN.COM
15 MayThe AI oversight paradox: Is the investment worth the cost of watching it?Unlike in 2025, when AI adoption and testing drove business strategies, organizations in 2026 want proven ROI before committing budgets, according to a report by Globalization Partners. How global executives characterize their organization’s approach to AI adoption (Source: Globa…HELPNETSECURITY.COM
15 MayHackers Exploit Scheduled Tasks for Persistence in FrostyNeighbor AttacksHackers linked to the long-running FrostyNeighbor cyber‑espionage group have intensified attacks against Ukrainian government organizations, deploying updated techniques that rely on scheduled tasks for stealthy persistence and server-side validation to evade detection. FrostyNei…GBHACKERS.COM
15 MayDell SupportAssist Update Forces Windows Systems Into BSOD LoopA faulty update to Dell’s SupportAssist Remediation service is triggering widespread system crashes, forcing thousands of Dell and Alienware devices into continuous Blue Screen of Death (BSOD) loops. Affected systems repeatedly crash with the “CRITICAL_PROCESS_DIED” error, often …GBHACKERS.COM
15 MaySoap Box: Where does AI fit into cloud security?In this sponsored soap box edition of the Risky Business podcast Patrick Gray chats with Toni de la Fuente, the founder of Prowler. Prowler started off as a bunch of scripts in a trenchcoat, then became an open source cloud security tool, and it’s now a venture-funded cloud secur…RISKY.BIZ
15 MayTeamPCP Hackers Exploit CI/CD Pipelines to Steal Cloud CredentialsA financially motivated threat group known as TeamPCP is aggressively targeting modern software supply chains, abusing trusted CI/CD pipelines to steal sensitive developer and cloud credentials at scale. TeamPCP’s core strategy is simple but highly effective: compromise trusted b…GBHACKERS.COM
15 MayPwn2Own Berlin 2026, Day One: $523,000 paid out, AI products fallPwn2Own Berlin 2026 day one saw 22 entries and 24 zero-days across major software, with researchers earning $523,000 in total rewards. Day one of Pwn2Own Berlin 2026 featured 22 entries targeting widely used technologies, including browsers, operating systems, AI platforms, and N…SECURITYAFFAIRS.COM
15 MayMultiple cPanel Vulnerabilities Could Lead to Sensitive Resource ExposureMultiple newly disclosed vulnerabilities in cPanel & WHM, including the critical CVE‑2026‑41940 authentication bypass bug and a cluster of May 2026 flaws, could allow attackers to access sensitive resources and hosting accounts if servers remain unpatched. Organizations runni…GBHACKERS.COM
15 MayChina-Linked Hackers Deploy New TencShell Malware Against Global ManufacturerA suspected China-linked threat actor targeted the Indian branch of a global manufacturer leveraging an open source offensive toolkitINFOSECURITY-MAGAZINE.COM
15 MayResearchers uncover YellowKey and GreenPlasma Windows Zero-DaysResearchers disclosed two new Windows zero-days named YellowKey and GreenPlasma affecting BitLocker and the CTFMON framework. A security researcher known as Chaotic Eclipse, also called Nightmare-Eclipse, disclosed two new Windows zero-day vulnerabilities named YellowKey and Gree…SECURITYAFFAIRS.COM
15 MayMicrosoft Edge, Windows 11, and LiteLLM Fall to Exploits at Pwn2Own Berlin 2026The world’s top ethical hackers wasted no time breaking into modern software and AI systems on the opening day of Pwn2Own Berlin 2026, exposing critical zero-day vulnerabilities in Microsoft Edge, Windows 11, LiteLLM, and NVIDIA platforms. On May 14, researchers demonstrated 24 u…GBHACKERS.COM
15 May KEVEU’s Cyber Resiliency Act will put IT leaders to the testUnlike most cyber security regulations, the EU’s Cyber Resilience Act is about product safety rather than processes or certification, extending the CE mark from the physical side of products to software, firmware, backend services, and anything with a network connection. It encod…CSOONLINE.COM
15 MayThe economics of ransomware 3.0The moment every boardroom dreads There is a moment in almost every ransomware negotiation — usually around 36 hours, when legal, IT and the CFO are all in the same room — when someone says it out loud: “Let’s just see what the insurance covers.” That instinct, understandable as …CSOONLINE.COM
15 MayRocky Linux launches opt-in security repository for urgent fixesRocky Linux has introduced a Security Repository that allows the distribution to ship urgent security fixes ahead of upstream Enterprise Linux when public exploit code exists and upstream patches are unavailable. “The repository is disabled by default. That’s intentio…HELPNETSECURITY.COM
15 MayMicrosoft Warns HPE Operations Agent Abused in Malware-Free AttacksMicrosoft has revealed a stealthy intrusion campaign where attackers bypassed traditional malware and exploits, instead abusing trusted enterprise tools to silently infiltrate networks. The technique highlights a growing shift in cyberattacks where adversaries rely on legitimate …GBHACKERS.COM
15 MayAutonomous systems are finally working. Security is nextWaymo recently crossed a major milestone: Over 170 million autonomous miles driven without a single serious crash or injury. For years, autonomous driving was treated as a promise that was always just out of reach — too complex, too risky and not ready for the real world. That ar…CSOONLINE.COM
15 MayGremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource FilesUnit 42 analyzes the evolution of Gremlin stealer. This variant uses advanced obfuscation, crypto clipping and session hijacking to compromise data. The post Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
15 MayTanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS UpdatesOpenAI has disclosed that two of its employee devices in its corporate environment were impacted via the Mini Shai-Hulud supply chain attack on TanStack, but noted that no user data, production systems, or intellectual property were compromised or modified in an unauthorized mann…THEHACKERNEWS.COM
15 MayAkamai to acquire LayerX for $205 millionAkamai has entered into a definitive agreement to acquire LayerX, a provider of browser-based AI usage control and secure enterprise browser (SEB) technology. LayerX’s solutions will extend Akamai’s protection into the browser, where the majority of enterprise tasks now occur and…HELPNETSECURITY.COM
15 MayShai-Hulud Worm Steals Dev Secrets Across npm, GitHub, AWS & KubernetesShai-Hulud is a major cybersecurity threat targeting the open-source software supply chain. Security researchers are raising alarms over “Shai-Hulud,” a self-propagating npm worm designed to steal sensitive developer credentials from GitHub, AWS, Kubernetes, and local environment…GBHACKERS.COM
15 MayGoogle Project Zero Details Pixel 10 Zero-Click Exploit ChainA powerful zero-click exploit chain for the Pixel 10 that can take an attacker from a remote Dolby decoding bug to full kernel control through a single vulnerable video processing driver. The work shows both how quickly Google can now patch critical issues and how shallow mistake…GBHACKERS.COM
15 MayHackers Exploit OAuth Device Flow to Steal Microsoft 365 TokensHackers are rapidly weaponizing a little-known Microsoft authentication feature to hijack enterprise accounts, as device code phishing surges across the threat landscape. The spike in activity is closely tied to the public release of criminal toolkits and phishing-as-a-service (P…GBHACKERS.COM
15 MayMicrosoft Reports Severe Zero-Day Flaw in On-Prem Exchange ServersThe zero-day vulnerability affects on-premises installations for all versions of Exchange Server 2016, 2019 and Subscription EditionINFOSECURITY-MAGAZINE.COM
15 MayRedesigning Security Culture for the Agentic AgeThe launch of platforms like Moltbook , OpenClaw , and RentAHuman in early 2026 has provided an unsettling glimpse into the future. We are entering a phase of the digital workplace where AI agents no longer just assist us, they interact with one another, act autonomously in the p…KNOWBE4.COM
15 MayCISA orders all federal agencies to patch exploited bug in Cisco SD-WAN systems by SundayCisco released a patch for the vulnerability on Thursday, writing in an advisory that it could “allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.”THERECORD.MEDIA
15 MayResearchers claim the first macOS kernel exploit on Apple M5 chipsSecurity researchers have announced what they describe as the first public macOS kernel memory corruption exploit capable of bypassing Apple’s Memory Integrity Enforcement (MIE) protections on the latest M5 chip. The exploit chain, developed by researchers at Calif with assistanc…CYBERINSIDER.COM
15 MayHack One, Own Every MowerRobotic lawnmowers and similar IoT devices can become security risks when attackers gain firmware access or exploit weak credential practices. When devices share identical configurations or weak default credentials, compromising one unit can potentially expose entire fleets. In p…YOUTUBE.COM
15 MayCisco zero-day under ongoing attack by persistent threat groupThe threat group behind the attacks is also linked to a series of recently disclosed vulnerabilities in the vendor’s firewalls and SD-WAN systems. The post Cisco zero-day under ongoing attack by persistent threat group appeared first on CyberScoop .CYBERSCOOP.COM
15 MayFour OpenClaw Flaws Enable Data Theft, Privilege Escalation, and PersistenceCybersecurity researchers have disclosed a set of four security flaws in OpenClaw that could be chained to achieve data theft, privilege escalation, and persistence. The vulnerabilities, collectively dubbed Claw Chain by Cyera, can permit an attacker to establish a foothold, expo…THEHACKERNEWS.COM
15 MayUS orders travelers on Air Force One to throw away gifts, pins, and burner phones after China tripPeople who travelled to Beijing for a summit between the United States and China had to throw away items they received during the trip before boarding Air Force One, presumably for security reasons.TECHCRUNCH.COM
15 MayOpenAI impacted by TanStack supply-chain attack.Shai-Hulud code has been leaked. Microsoft warns of critical zero-day in on-prem Exchange Servers.THECYBERWIRE.COM
15 MayAttackers exploit critical flaw in Cisco Catalyst SD-WAN ControllerResearchers discovered the authentication bypass vulnerability while investigating a prior issue in the same service.CYBERSECURITYDIVE.COM
15 MayMullvad VPN exit IP patterns could enable user fingerprintingA researcher has disclosed a privacy weakness in Mullvad VPN that could allow users to be probabilistically identified across different VPN servers by correlating the exit IP addresses assigned to their WireGuard connections. The issue stems from how Mullvad deterministically ass…CYBERINSIDER.COM
15 MayHere’s how the FTC plans to enforce the Take It Down ActThe commission will dole out hefty fines and promises investigations for Take It Down Act violators. Experts say questions remain around the agency’s resources and priorities. The post Here’s how the FTC plans to enforce the Take It Down Act appeared first on CyberScoop .CYBERSCOOP.COM
15 MayA Vulnerability in Microsoft Exchange Server Could Allow for Arbitrary Code ExecutionA vulnerability has been discovered in Microsoft Exchange Server that could allow for arbitrary code execution. Microsoft Exchange Server is an enterprise-level email and collaboration platform developed by Microsoft that runs on Windows Server. Successful exploitation could allo…CISECURITY.ORG
15 MayOne email could be all it takes.Microsoft sounds the alarm on a critical Exchange zero-day, OpenAI and Mistral AI deal with fallout from a widening supply-chain attack campaign, and researchers uncover a thriving underground market for unlocking stolen iPhones. A stealthy macOS infostealer spreads through Click…THECYBERWIRE.COM
15 MayMicrosoft Exchange zero-day chain nets DEVCORE $200K at Pwn2OwnPwn2Own Berlin 2026 continued with another wave of successful zero-day demonstrations on Thursday, as security researchers earned $385,750 for 15 unique vulnerabilities targeting enterprise software, AI platforms, operating systems, and developer tools. The biggest payout of the …CYBERINSIDER.COM
15 MayExpired domain leads to supply chain attack on node-ipc npm packageA popular npm package called node-ipc has been compromised, with hackers publishing malicious versions that bundle credential stealing malware. The root cause of the compromise was an expired domain name that attackers managed to register in order to hijack a maintainer’s account…CSOONLINE.COM
15 MayCisco, Canvas, Microsoft, Exchange 0-Days, NPM Backdoors, GPT-5.5 and more... - SWN #581Cisco Catalyst, Canvas, Exchange 0-Days, BitLocker Bypass, Mini Shai Hulud, Node IPC, Patch Tuesday, GPT-5.5, Supply Chain Attacks, and More on the Security Weekly News Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/sw…YOUTUBE.COM
15 MayPwn2Own Berlin 2026, Day Two: $385,750 more, Microsoft Exchange falls, and the running total crosses $900KDay two of Pwn2Own Berlin 2026 saw $385,750 earned for 15 zero-days, bringing the total to $908,750 and 39 vulnerabilities over two days. During the second day of Pwn2Own Berlin 2026, security researchers earned $385,750 after successfully demonstrating 15 unique zero-day vulnera…SECURITYAFFAIRS.COM
14 MayAmazon Quick Security Flaw Allowed Restricted Users to Access AI Chat AgentsA newly disclosed security flaw in Amazon’s AI-powered business intelligence platform has revealed how restricted users could quietly bypass controls and interact with AI chat agents, despite explicit administrative denial. The issue, discovered by Fog Security researcher Jason K…GBHACKERS.COM
14 MayGitLab Security Flaw Allows Cross-Site Scripting and Unauthenticated DoSGitLab has issued an urgent security update to neutralise a massive wave of vulnerabilities. Threat actors could exploit these newly disclosed flaws to silently hijack developer sessions or completely paralyze continuous integration pipelines with unauthenticated attacks. GitLab …GBHACKERS.COM
14 MayHackers Hijack HWMonitor to Sideload Malicious DLLHackers are once again exploiting user trust in legitimate software, this time abusing the popular CPUID HWMonitor utility to deliver a stealthy remote access trojan. The malicious archive mimics a legitimate installer, highlighting how trusted tools remain a powerful lure for in…GBHACKERS.COM
14 MayPoC Released for 18-Year-Old NGINX Flaw Allowing Remote Code ExecutionA critical vulnerability in NGINX’s source code, hidden since 2008, has finally been exposed, and a working exploit is already in the wild. Security researchers at depthfirst have publicly released a proof-of-concept (PoC) exploit demonstrating unauthenticated remote code e…GBHACKERS.COM
14 MayPackagist Warns: Update Composer Now After GitHub Actions Token LeakA sudden change in GitHub’s token format has triggered an unexpected security vulnerability in Composer, exposing sensitive authentication tokens in CI/CD logs and forcing Packagist to issue an urgent warning to PHP developers worldwide. The issue stems from a mismatch between Gi…GBHACKERS.COM
14 MayNew Exim BDAT GnuTLS Vulnerability Enables Code Execution AttacksA critical, stealthy vulnerability is lurking deep within Exim, the software powering a massive share of the world’s email infrastructure. Sitting exposed on the internet’s front lines, these message transfer agents are highly lucrative targets for ruthless threat act…GBHACKERS.COM
14 MayGentlemen RaaS Exploits Fortinet and Cisco Edge Devices for Initial AccessThe Gentlemen ransomware-as-a-service (RaaS) operation is turning exposed Fortinet and Cisco edge devices into a fast lane into enterprise networks and doing it at scale. What began as a rising RaaS brand in mid‑2025 has, by early 2026, evolved into one of the most active program…GBHACKERS.COM
14 MayAbrigo - 711,099 breached accountsIn April 2026, the fintech software company Abrigo was targeted in a "pay or leak" extortion attempt by the ShinyHunters group . Shortly after, data allegedly taken from the company's Salesforce instance was published publicly and contained over 700k unique email addresses belong…HAVEIBEENPWNED.COM
14 MayWhat CISOs need to land a board roleCybersecurity leaders often have complex relationships with their boards. Many boards lack cyber expertise, and CISOs can encounter roadblocks as a result when it comes to earning board approval. Other security leaders may not have a direct line to their board, or they may be vie…CSOONLINE.COM
14 MayDeepfake sextortion forces schools to remove student photos from websitesExperts are urging schools to take down identifiable photos of students, after AI deepfakes have led to sextortion cases at UK schools.MALWAREBYTES.COM
14 MayMy relationship status is “compromised.”This week, hosts of N2K CyberWire ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ and⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ alongside ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠…THECYBERWIRE.COM
14 MayCERN’s open source KiCad library gives the world 17,000 circuit board componentsCERN has released its complete KiCad component library under an open source license, making it available to hardware designers anywhere in the world. The library, maintained by CERN’s Design Office, contains more than 17,000 electronic components in the form of schematic sy…HELPNETSECURITY.COM
14 MayOver 70% of organizations hit by identity breachesAttackers rely on stolen credentials, compromised service accounts, and social engineering attacks targeting employees, according to Sophos’ The State of Identity Security 2026 survey. What do you estimate to be the overall cost to your organization to rectify the identity breach…HELPNETSECURITY.COM
14 MayMachine identities outnumber humans 109 to 1Organizations manage an average of 109 machine identities for every human identity. AI agents account for a growing share of those identities, with companies expecting AI agent growth of 85% over the next 12 months. Machine identities are projected to increase by 77%, and human i…HELPNETSECURITY.COM
14 MayWindows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege EscalationAn anonymous cybersecurity researcher who disclosed three Microsoft Defender vulnerabilities has returned with two more zero-days involving a BitLocker bypass and a privilege escalation impacting Windows Collaborative Translation Framework (CTFMON). The security defects have been…THEHACKERNEWS.COM
14 MayMicrosoft turns Copilot Studio into an AI agent control centerThe Microsoft Copilot Studio April 2026 updates improve visibility and governance for admins and expand workflow capabilities for managing agents. Copilot surfaces agent status in the authoring experience, giving admins insight into each agent’s security and protection posture. C…HELPNETSECURITY.COM
14 MayNew Malware Framework Enables Screen Control and UAC BypassA sophisticated malware framework capable of screen control, browser artifact access, and User Account Control (UAC) bypass, highlighting how attackers are increasingly adapting open-source tools for real-world intrusions. The attack chain revealed a carefully staged operation de…GBHACKERS.COM
14 MayCanon MailSuite Security Flaw Allows Attackers to Execute Code RemotelyCanon has disclosed a critical security vulnerability in its GUARDIANWALL MailSuite product that could allow attackers to execute arbitrary code remotely, raising serious concerns for organizations relying on the platform for email security. The issue, officially announced on May…GBHACKERS.COM
14 MayHow AI Hallucinations Are Creating Real Security RisksAI hallucinations are introducing serious security risks into critical infrastructure decision-making by exploiting human trust through highly confident yet incorrect outputs. When an AI model lacks certainty, it doesn’t have a mechanism to recognize that. Instead, it generates t…THEHACKERNEWS.COM
14 MayChinese APT Exploits Microsoft Exchange to Breach Energy Sector NetworkChinese state-aligned hackers compromised a Microsoft Exchange server at a major energy firm. They repeatedly reused that same entry point to run a months‑long espionage operation, deploying the Deed RAT and Terndoor backdoors to maintain deep access across the network. The activ…GBHACKERS.COM
14 MayTeamPCP, BreachForums Launch $1K Supply-Chain Attack ContestA new cybercrime campaign is turning supply chain attacks into a public competition, as TeamPCP and BreachForums operators launch a $1,000 contest that encourages hackers to compromise open-source packages. The initiative, first highlighted by Dark Web Informer, signals an escala…GBHACKERS.COM
14 MayFlowerStorm phishing gang adopts virtual-machine obfuscation to evade email defensesA widely active phishing-as-a-service (PhaaS) operation known as FlowerStorm has begun using a browser-based virtual machine to conceal credential theft code, marking what researchers say is an escalation in phishing-kit sophistication that could make attacks harder for tradition…CSOONLINE.COM
14 MayFrontier AI models reap rapid discovery of security vulnerabilitiesSecurity teams have just a few months before AI-driven exploitation becomes the norm, researchers warn.CYBERSECURITYDIVE.COM
14 MayThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ StoriesEverything is still on fire. This week feels dumb in the worst way — bad links, weak checks, fake help desks, shady forum posts, and people turning supply chain attacks into some cursed little game for clout and cash. Half of it feels new. Half of it feels like crap we should hav…THEHACKERNEWS.COM
14 MayThe time of much patching is comingIn this week’s newsletter, Martin reflects on what the next iteration of AI tools means for vulnerability discovery and our ability to manage large-scale patch releases.TALOSINTELLIGENCE.COM
14 MayODNI taps officials to coordinate response to foreign election threatsDirector of National Intelligence Tulsi Gabbard has tapped two individuals to coordinate work across U.S. spy agencies to monitor threats to the 2026 elections, according to multiple sources familiar with the matter.THERECORD.MEDIA
14 MayRegional routing for AWS access portals: Implementing custom vanity domains for IAM Identity CenterAWS IAM Identity Center provides a web-based access portal that gives your workforce a single place to view their AWS accounts and applications. With the recent launch of IAM Identity Center multi-Region replication, customers can replicate their IAM Identity Center instance acro…AWS.AMAZON.COM
14 MayThe era of AI-powered attacks is here.Google says AI-powered cybercrime has gone industrial scale. Two new Windows zero-days emerge. Signal threatens to leave Canada over lawful access legislation. Pentagon-linked influence operations shift to paid ads. Linux admins scramble to patch a new root-level flaw. FamousSpar…THECYBERWIRE.COM
14 MayGoogle announces hackers are using AI to create zero days.Canvas pays hackers.THECYBERWIRE.COM
14 MayOpenAI asks macOS users to update after TanStack npm supply chain attackThe actions are being taken in light of an expanding supply chain campaign impacting the popular open-source library TanStack and additional npm and PyPI packages tied to several AI companies.THERECORD.MEDIA
14 May KEVMaximum Severity Cisco SD-WAN Bug Exploited in the WildThis is the second time this year a threat actor has leveraged a CVSS 10.0 vulnerability in Cisco's network control system.DARKREADING.COM
14 MayYou're not going to patch your way out of this - PSW #926This week: - New Yellowkey bitlocker bypass and what it means for you - Hackers can run you over with a robot lawnmower - FCC says new things about routers, again - Glitching with AI - almost no false positives - AI thought it was evil - DirtyFrag and the sad state of Linux LPEs …YOUTUBE.COM
14 MayBring out your dead: How agentic AI for cybersecurity helps you rid your cloud of forgotten, risky assetsTenable Hexa AI eliminates “zombie” cloud infrastructure, helping you reduce risk and make a “killing” on cost reduction. Key takeaways As AI accelerates cloud growth, zombie cloud assets multiply in your environment. You need agentic AI to prevent a cloud zombie apocalypse. Clou…TENABLE.COM
14 MayAI Just Hacked HardwareAn AI agent was used to autonomously execute a voltage fault injection attack against an ESP32 Secure Boot V1 system. It was given direct access to hardware interfaces and handled major parts of the attack chain, including tool configuration, exploit script generation, and firmwa…YOUTUBE.COM
14 MayThe First CVE Wave: Signs That AI-Assisted Vulnerability Discovery Is Reshaping Disclosure VolumesPublic CVE disclosure volumes are surging across major software suppliers and open source projects, and the evidence increasingly points to AI-assisted vulnerability discovery as the driving force.VULNCHECK.COM
14 MayOrBit (Re)turns: Tracking an open-source Linux rootkit across four years of forks and deploymentsExplore how OrBit, a two-stage malware, has changed over the last 4 years and why it matters for defenders. The post OrBit (Re)turns: Tracking an open-source Linux rootkit across four years of forks and deployments appeared first on Intezer .INTEZER.COM
13 MayCanvas Breach 'Deal' With ShinyHunters, AI Zero-Day Warning, Checkmarx Hit AgainCybersecurity Today examines a troubling set of new security developments affecting schools, software supply chains, and account security. Instructure says it reached an "agreement" with the ShinyHunters threat group after the massive Canvas breach that may have affected up to 27…CYBERSECURITYTODAY.LIBSYN.COM
13 MayResearchers open-source a Wi-Fi cyber range for security trainingWireless security training programs lean heavily on generic network labs, with Wi-Fi appearing as a checkbox alongside Bluetooth, Zigbee, and cellular. Hands-on environments dedicated to IEEE 802.11 are uncommon, even as Wi-Fi remains the default on-ramp to corporate networks and…HELPNETSECURITY.COM
13 MayRisky Business #837 -- GitHub Actions footgun claims TanStackOn this week’s show Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover: Mini Shai-Hulud and the TanStack compromise using Github Actions Instructure pays Canvas elearning platform data extortionists More Linux privilege escalation 0days!…RISKY.BIZ
13 MaySandyaa: Open-source autonomous security bug hunterSource code auditing has traditionally relied on static analyzers that flag long lists of potential issues, leaving engineers to sort bugs from noise. A new open-source project from offensive-security firm SecureLayer7 takes a different route, using LLMs to read a codebase, trace…HELPNETSECURITY.COM
13 MayClickFix Evolves Using Decade-Old Open-Source Python SOCKS5 ProxyA newly observed ClickFix campaign is pushing beyond simple user-triggered infections, introducing a more persistent and stealthy intrusion chain using PySoxy, a 10-year-old open-source Python SOCKS5 proxy. Unlike traditional ClickFix attacks that rely on a single PowerShell exec…GBHACKERS.COM
13 May KEV2026 CSO Award winners showcase business-enabling cyber innovationThe annual CSO Awards annually recognize security projects that demonstrate outstanding security leadership and business value. For this year’s program, CSO honors 64 security organizations whose hard work and innovative approaches have had a significant impact on how their enter…CSOONLINE.COM
13 MayGoogle entdeckt erstmals KI-basierten Zero-Day-ExploitWillkommen im neuen, KI-geschwängerten Bedrohungszeitalter. Gorodenkoff / Shutterstock Die Google Threat Intelligence Group (GTIG) warnt davor, dass kriminelle Hacker mittlerweile KI einsetzen – sowohl, um Schwachstellen aufzuspüren, als auch um anschließend Malware zu entwickeln…CSOONLINE.COM
13 MayNetSPI AI-powered Continuous Pentesting identifies high-impact vulnerabilitiesNetSPI launched AI-powered Continuous Pentesting offerings, designed to help organizations continuously identify, validate and reduce risk across dynamic external and cloud environments. Organizations are managing an expanding number of potential entry points as new internet-faci…HELPNETSECURITY.COM
13 MayReport: 4 in 10 UK Businesses Were Breached by Phishing Last Year43% of businesses in the UK reported a breach last year, with phishing driving the vast majority (85%) of these attacks, the Register reports. A survey by the British government found that attacks involving only phishing grew by six percent in 2025.KNOWBE4.COM
13 MayCISA’s AI SBOM guidance pushes software supply-chain oversight into new territoryThe US Cybersecurity and Infrastructure Security Agency (CISA) and its G7 cyber agency partners have released a list of minimum elements for an AI software bill of materials, a move that could help CISOs assess the security and provenance of AI systems entering enterprise environ…CSOONLINE.COM
13 MayBreaking things to keep them safe with Philippe LaulheretPhilippe shares his unique journey from French engineering school to the front lines of cybersecurity, explaining how his lifelong love for solving puzzles helps him uncover critical security flaws before they can be exploited.TALOSINTELLIGENCE.COM
13 MayClickFix finds a backup plan in PySoxy proxy chainsClickFix, a one-shot social engineering technique that tricks victims into executing malicious workflows disguised as fixes to technical issues in their systems, has got a persistence upgrade. In a one-off instance, ReliaQuest researchers have spotted an intrusion chain using sch…CSOONLINE.COM
13 MayMay 2026 Patch Tuesday: no zero-days but plenty to fixMay’s Patch Tuesday may not be the giant release many expected, but there are still plenty of important fixes that shouldn’t be ignored.MALWAREBYTES.COM
13 MayKDE gets over €1 million investment to strengthen security and core infrastructureEuropean governments and public institutions have been shifting away from proprietary software for years, and the financial infrastructure supporting open-source alternatives is growing to match. Germany’s Sovereign Tech Fund announced today that it is investing more than €…HELPNETSECURITY.COM
13 May KEVMay 2026 Patch Tuesday: 137 Vulnerabilities, No Zero-DaysMay 2026 Patch Tuesday: 137 Vulnerabilities, No Zero-Days Microsoft released its May 2026 Patch Tuesday security updates, resolving a total of 137 vulnerabilities across Windows and a broad range of Microsoft products and components. Unlike the previous several months, this relea…SOCRADAR.IO
13 MayMost Remediation Programs Never Confirm the Fix Actually WorkedSecurity teams have never had better visibility into their environments and never been worse at confirming what they fix stays fixed. Mandiant's M-Trends 2026 report puts the mean time to exploit at an estimated negative seven days. The Verizon 2025 DBIR puts median time to remed…THEHACKERNEWS.COM
13 MayMicrosoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE FlawsMicrosoft on Tuesday released patches for 138 security vulnerabilities spanning its product portfolio, although none of them have been listed as publicly known or under active attack. Of the 138 flaws, 30 are rated Critical, 104 are rated Important, three are rated Moderate, and …THEHACKERNEWS.COM
13 MayPalo Alto bets on identity security for autonomous AI with Idira launchPalo Alto Networks has launched Idira, a new identity security platform aimed at securing human users, machine identities, and AI agents amid the rising adoption of autonomous AI systems amongst enterprises. The company is positioning Idira as a next-generation identity security …CSOONLINE.COM
13 MaySecuring data centers in the agentic AI eraFind out how data center operators can protect critical building-management systems and cyber-physical infrastructure from AI-powered threats, as well as comply with evolving regulations. Key takeaways Data centers have evolved from simple storage hubs into critical national infr…TENABLE.COM
13 MayMicrosoft on pace to break annual vulnerability record as AI-driven patch wave takes holdFive months into 2026, Microsoft has already patched more than 500 vulnerabilities — although the exact monthly count varies depending on whether analysts include Edge, Chromium and fixes shipped earlier in the month.THERECORD.MEDIA
13 MayMicrosoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch TuesdayMicrosoft has unveiled a new multi-model artificial intelligence (AI)-driven system called MDASH to facilitate vulnerability discovery and remediation at scale, adding that it's being tested by some customers as part of a limited private preview. MDASH, short for multi-model agen…THEHACKERNEWS.COM
13 MayAzerbaijani Energy Firm Hit by Repeated Microsoft Exchange ExploitationA threat actor with affiliations to China has been linked to a "multi-wave intrusion" targeting an unnamed Azerbaijani oil and gas company between late December 2025 and late February 2026, marking an expansion of its targeting. The activity has been attributed by Bitdefender wit…THEHACKERNEWS.COM
13 MayWhat happens when China’s AI catches up to Mythos?The Trump-Xi summit opening in Beijing this week carries an agenda item unlike any in the history of US-China diplomacy: what to do about artificial intelligence that can autonomously find and exploit vulnerabilities in the world’s most critical software — and what happens when b…CSOONLINE.COM
13 MayHow to Identify and Exploit New VulnerabilitiesIn the ever-evolving world of cybersecurity, staying ahead of the curve is not just a goal—it’s a necessity. As new vulnerabilities emerge, the race to identify and mitigate them begins. But how do we, the guardians of the digital realm, rapidly pinpoint these threats as they bec…BLACKHILLSINFOSEC.COM
13 MayRapid7 Partner Academy: Driving Impact with Gold Stevie Award-Winning Partner Services CertificationsAt Rapid7, our commitment to our partners is built on the foundation of the PACT (Partnering with Accountability, Consistency, and Transparency) program. Central to this mission is the Rapid7 Partner Academy, which was recently honored with a Gold Stevie Award in the 2026 America…RAPID7.COM
13 MayMicrosoft Teams Vulnerability Allows Hackers to Perform Spoofing AttacksA newly discovered security flaw in Microsoft Teams for Android could allow attackers to carry out dangerous spoofing attacks. By exploiting improperly secured files, hackers can trick users and compromise sensitive corporate information. Microsoft has rapidly issued an official …GBHACKERS.COM
13 MayPatch Tuesday notes: Microsoft patches over a hundred flaws, none of which are zero-days.Foxconn confirms disruptive cyberattack as ransomware gang claims responsibility. Business news: Exaforce raises $125 million in Series B funding.THECYBERWIRE.COM
13 MayViral ‘RuView’ GitHub project uses Wi-Fi to track movement through wallsA new open-source project called “RuView” is drawing widespread attention online for demonstrating how ordinary Wi-Fi signals can be used to detect human movement, breathing patterns, and even body posture through walls without cameras or wearable devices. The project surged on G…CYBERINSIDER.COM
13 MayMicrosoft’s Patch Tuesday Update Targets 120 Security FlawsMicrosoft’s May Patch Tuesday fixes 120 flaws, including 31 remote code execution bugs, with no zero-days reported at release. The post Microsoft’s Patch Tuesday Update Targets 120 Security Flaws appeared first on TechRepublic .TECHREPUBLIC.COM
13 MayExaforce raises $125 million in Series B funding.Israeli security awareness training platform provider Frame Security emerges from stealth with $50 million.THECYBERWIRE.COM
13 MayDark Reading Celebrates 20 Years as a Leading Authority on Cybersecurity, Highlighting the People, Events, Ideas, and Technologies Shaping the Modern Risk LandscapeInforma TechTarget's flagship cybersecurity media brand launches a special content series to mark two decades as a trusted source for cybersecurity professionals.DARKREADING.COM
13 MayTables Turn on 'The Gentlemen' RaaS Gang With Data LeakAn OPSEC failure provides a window into what helped the ransomware group rise: a generous affiliate model, opportunistic TTPs, and an effective organizational structure.DARKREADING.COM
13 MayFired employee sought AI help to hide deletion of hosting firm’s customer dataThe apparent revenge deletion of US federal databases after the dismissal of twin brothers from an online hosting company is another reminder to IT and HR leaders that tough off-boarding procedures have to be implemented to prevent insider attacks. Destructive attacks either from…CSOONLINE.COM
13 MayBeyond Findings: Connecting Exploitable Risk to Cloud Context with Wiz and HackerOneSee proven, exploitable risk in the context of your full cloud environmentWIZ.IO
13 MayFragnesia: Linux Kernel Local Privilege Escalation via ESP-in-TCPA new page-cache corruption vulnerability in the Dirty Frag family enables unprivileged local attackers to achieve rootWIZ.IO
12 MayGoogle Warns Hackers Are Using AI to Build Working Zero-Day ExploitsArtificial intelligence has officially transitioned from an experimental hacking novelty into an industrial-scale weapon for cybercriminals. Google Threat Intelligence Group (GTIG) adversaries are now actively using generative AI models to discover vulnerabilities and engineer fu…GBHACKERS.COM
12 MayHEIDI: Free IDE security plugin for open-source vulnerability checksOpen-source dependencies make up a large percentage of the code in production applications, and most vulnerability checks still run late in the pipeline, inside CI/CD systems or after a release ships. Meterian is moving those checks earlier with HEIDI, a free plugin for Visual St…HELPNETSECURITY.COM
12 MayMagecart Hackers Exploit Google Tag Manager to Inject Credit Card SkimmersMagecart-style attackers are once again abusing trusted web services, this time weaponizing Google Tag Manager (GTM) to inject credit card skimmers into ecommerce websites stealthily. Because GTM is widely used and loaded from the trusted domain googletagmanager.com, malicious sc…GBHACKERS.COM
12 MayOpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch ValidationOpenAI has launched Daybreak, a new cybersecurity initiative that brings together frontier artificial intelligence (AI) model capabilities and Codex Security to help organizations identify and patch vulnerabilities before attackers find a way in using the same issues. "Daybreak c…THEHACKERNEWS.COM
12 MayOpenAI Daybreak Automates Vulnerability Detection and PatchingThe relentless race against zero-day exploits and sophisticated cyberattacks requires a revolutionary approach to software security. Defenders are constantly overwhelmed by massive backlogs of alerts and the sheer volume of code requiring manual review. Enter OpenAI Daybreak, a f…GBHACKERS.COM
12 MayClaude Chrome Extension Flaw Lets Malicious Add-Ons Steal Gmail and Drive DataA critical vulnerability dubbed “ClaudeBleed” has compromised Anthropic’s trusted AI assistant, potentially turning it into a backdoor. This severe design flaw in the Claude Chrome extension allows malicious add-ons to hijack the AI secretly. Even extensions wit…GBHACKERS.COM
12 MayOpenAI’s Daybreak uses Codex Security to identify risky attack pathsOpenAI Daybreak is the company’s cybersecurity initiative focused on building AI-assisted software defense into the development process from the start. It combines OpenAI models, Codex Security, and cyber-focused GPT-5.5 variants to help organizations identify, validate, and prio…HELPNETSECURITY.COM
12 MayCISOs step into the AI spotlightServing in the military requires a precise, tactical mindset, and that’s exactly what Barry Hensley espoused during his 24 years in the US Army , where he rose to the rank of colonel. The military “is where you earn your stripes, showing your soldiers your willingness to jump int…CSOONLINE.COM
12 MayWhy Basic Security Practices Still Work - Rob Allen - ASW #382If you have to ditch your entire appsec strategy because you expect 2026 to bring more vulns more quickly, then you probably didn't have a good strategy in the first place. Rob Allen shares how the mentality of "assume breach" doesn't have to be a defeatist attitude and can inste…YOUTUBE.COM
12 MayDeveloper workstations are the new beachheadI spent the first week of April reading three separate threat intelligence reports that, on the surface, had nothing in common. One covered a North Korean campaign that had published over 1,700 malicious packages across five open-source ecosystems. Another detailed a malware oper…CSOONLINE.COM
12 MayWannaCry, the ransomware attack that changed the history of cybersecurityWannaCry showed how unpatched flaws and leaked cyber tools can cripple global systems, reshaping cybersecurity defenses worldwide. In memory of the day the digital world was shaken, but learned to fight back. The WannaCry ransomware attack represents one of the most significant e…SECURITYAFFAIRS.COM
12 MaySix new dnsmasq vulnerabilities open the door to DNS cache poisoning, local rootRecent disclosures have revealed that open-source networking tool dnsmasq is grappling with a serious set of vulnerabilities. The problems span memory safety and input validation, with researchers identifying heap buffer overflows, heap corruption, and code execution bugs among t…HELPNETSECURITY.COM
12 MayŠkoda confirms unauthorized access to its online shopCar manufacturer Škoda discovered that attackers had exploited a vulnerability in its online shop software and gained temporary unauthorized access to the system. What happened? After discovering the incident, the company took the shop offline as a precautionary measure, fixed th…HELPNETSECURITY.COM
12 MayOpen WebUI File Upload Vulnerability Enables 1-Click RCE AttackA critical, unpatched vulnerability is actively threatening Open WebUI users, turning a simple profile picture upload into a gateway for complete system compromise. Security researchers have publicly disclosed a severe stored Cross-Site Scripting (XSS) flaw that enables 1-click R…GBHACKERS.COM
12 MayFake Claude Code takes the IElevator to your browser secretsDevelopers looking for Anthropic’s increasingly popular Claude Code tool are now being lured into downloading malware. According to researchers at Ontinue, attackers are abusing a fake Claude Code installer to deliver a previously undocumented PowerShell payload. The malware is d…CSOONLINE.COM
12 MayGo fuzzing was missing half the toolkit. We forked the toolchain to fix it.Go’s native fuzzing is useful, but it stands far behind state-of-the-art tooling that the Rust, C, and C++ ecosystems offer with LibAFL and AFL++. Path constraints are hard to solve. Structured inputs usually need handmade parsing. It doesn’t even detect several common bug …TRAILOFBITS.COM
12 MayAttackers Combine ClickFix With PySoxy Proxying to Maintain PersistenceExploitation of open-source tools allows attackers to maintain persistent access after initial social engineering, warn ReliaQuest researchersINFOSECURITY-MAGAZINE.COM
12 MayCitrix moves secure access to a flexible, credit-based consumption modelCitrix has introduced Citrix Platform Flex, a secure access platform that combines software, management, and infrastructure to deliver managed desktops, enterprise browsing, and zero-trust access in a single offering. Built around workforce personas, Platform Flex replaces one-si…HELPNETSECURITY.COM
12 MayTop 10 Deep & Dark Web ForumsTop 10 Deep Web and Dark Web Forums in 2026 The top Deep Web and Dark Web Forums actively monitored in 2026 are XSS, Exploit.in, BHF, Dread, DarkForums, Altenen, CryptBB, Cracked, and DamageLib, based on how frequently they surface in threat intelligence investigations, court rec…SOCRADAR.IO
12 MayZoom Rooms and Workplace Flaws Expose Users to Elevated Access AttacksA newly disclosed batch of vulnerabilities in Zoom’s software suite could give attackers the leverage they need to hijack systems. Zoom has released critical security updates to patch three distinct flaws affecting its Windows and iOS applications. The most dangerous of the…GBHACKERS.COM
12 MayThreat Actors Abuse Vercel AI Tools to Mass-Produce Realistic Phishing SitesThreat actors are rapidly adopting generative AI platforms to scale phishing operations, and Vercel has emerged as a powerful enabler in this shift. Vercel is a cloud-based platform designed to help developers build and deploy modern web applications quickly. Its GenAI-powered to…GBHACKERS.COM
12 MaySAP Releases Patch for Critical SQL Injection Flaw in S/4HANAA severe vulnerability has struck the heart of enterprise resource planning systems this month, threatening organizations worldwide with potential data breaches. On May 12, 2026, the software giant released its monthly security patch update to address 15 newly discovered security…GBHACKERS.COM
12 MayOpenAI introduces Daybreak cyber platform, takes on Anthropic MythosOpenAI has unveiled Daybreak, its answer to Anthropic’s Claude Mythos, amid a growing market for frontier AI-powered cyber defense platforms. The initiative combines OpenAI’s large language models, Codex’s agentic capabilities, and integrations with the broader enterprise securit…CSOONLINE.COM
12 MayGoogle Says Hackers Used AI to Build Zero-Day ExploitGoogle says hackers used AI to help build a zero-day exploit targeting 2FA, raising concerns about AI-assisted hacking. The post Google Says Hackers Used AI to Build Zero-Day Exploit appeared first on TechRepublic .TECHREPUBLIC.COM
12 MayExaforce raises $125M Series B to build AI for catching and stopping cyberattacks as they happenThe round valued the three-year-old startup at $725 million.TECHCRUNCH.COM
12 MayThe world’s most “Dangerous” AI, Anthropic’s Mythos, found only one flaw in curlAnthropic’s AI found five vulnerabilities in curl, but only one low-severity issue proved to be a real vulnerability. In April, Anthropic made considerable noise announcing Mythos, a new artificial intelligence model described as so effective at identifying vulnerabilities in cod…SECURITYAFFAIRS.COM
12 MayMullvad shares workaround for Android 16 VPN leak that remains unfixedMullvad has warned that a recently disclosed Android 16 flaw can allow malicious applications to bypass VPN protections and leak a device’s real IP address, even when Android’s strictest VPN lockdown settings are enabled. The VPN provider says the issue impacts all VPN applicatio…CYBERINSIDER.COM
12 MayExaforce raises $125 million to respond to AI-powered attacksExaforce announced a $125 million Series B financing round, one of the largest ever in the emerging AI SOC space. The round includes participation from HarbourVest, Peak XV, Mayfield, Khosla Ventures, Seligman Ventures and AICONIC. The new capital will help Exaforce scale its AI-…HELPNETSECURITY.COM
12 MayAmazon Quick authorization bypass let users reach blocked AI chat agentsEnterprises running Amazon Quick, the AWS business intelligence and agentic AI service, rely on a feature called custom permissions to restrict who inside an account can use AI chat agents. Fog Security founder Jason Kao discovered that those restrictions were enforced only in th…HELPNETSECURITY.COM
12 MayGoogle launches new Android security feature to help uncover spyware attacksIntrusion Logging is a new part of Android’s Advanced Protection Mode, which aims to help protect human rights activists, journalists, and dissidents from government spyware attack and law enforcement forensic devices.TECHCRUNCH.COM
12 MayMistral AI SDK, TanStack Router hit in npm software supply chain attackThe TeamPCP threat group has pulled off another big supply chain attack which within a few hours this week was able to successfully compromise 170 Node Package Manager (npm) and PyPI packages. The attack affected the entire TanStack Router ecosystem (@tanstack) of 42 packages, a …CSOONLINE.COM
12 MayCritical Patches Issued for Microsoft Products, May 12, 2026Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user. …CISECURITY.ORG
12 MayMultiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code ExecutionMultiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated…CISECURITY.ORG
12 MayMultiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code ExecutionMultiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Adobe After Effects is a digital effects, motion graphics, and compositing application. Adobe Commerce is a composable ecommerce solution that lets …CISECURITY.ORG
12 MayStop Chasing Individual CVEsMozilla shifted away from patching individual Firefox sandbox escape and JavaScript prototype vulnerabilities. Instead, they implemented an architectural change by freezing JavaScript prototypes. This move reduced entire classes of exploit paths rather than addressing each vulner…YOUTUBE.COM
12 May KEVWindows 11 security update fixes critical Bing and Azure flawsMicrosoft has released the May 2026 Patch Tuesday updates for Windows 11, fixing 97 security vulnerabilities across the Windows ecosystem. This month’s updates include fixes spanning Windows components, Microsoft Office, Azure services, SQL Server, SharePoint, Hyper-V, .NET, and …CYBERINSIDER.COM
12 MayMultiple Vulnerabilities in Fortinet Products Could Allow for Remote Code ExecutionMultiple vulnerabilities have been discovered in Fortinet products, the most severe of which could allow for remote code execution. * FortiAuthenticator is a centralized identity and access management (IAM) solution that secures network access by managing user identities, Multi-F…CISECURITY.ORG
12 MayHackers accessed BWH Hotels reservation system for monthsBWH Hotels says hackers accessed guest reservation data, including names and contacts, for over six months across multiple hotel brands. BWH Hotels disclosed a data breach, with threat actors having had access to guest reservation data for more than six months. The incident expos…SECURITYAFFAIRS.COM
12 MayAWS Security Agent full repository code scanning feature now available in previewToday, we’re excited to announce the preview release of full repository code review, a new capability in AWS Security Agent that performs deep, context-aware security analysis of your entire code base. AI-driven cybersecurity capabilities are advancing rapidly. AWS Security Agent…AWS.AMAZON.COM
12 May‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attackThe campaign hit major registries and hid behind legitimate-looking release signatures, showing how attackers can weaponize the software update process itself. The post ‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack appeare…CYBERSCOOP.COM
12 MayIt's Patch Tuesday for Microsoft and Not a Zero-Day In SightIt's the first time in two years with no zero-days. But with 137 flaws to patch, including nine critical ones, admins still have plenty of work to do.DARKREADING.COM
12 MayAI-Written Exploits Are HereA reported AI-assisted exploit may be a preview of where cybercrime is heading next. In this clip, the hosts discuss claims that attackers used an LLM to help generate a Python exploit targeting a vulnerability tied to two-factor authentication in an open-source administration to…YOUTUBE.COM
12 MaySN 1078: DigiCert does it right - Hugging Face Under FireDigiCert's latest security mishap triggered not just a scramble behind the scenes, but a cascading crisis that briefly wiped trust from millions of Windows systems. Find out how a single support slip, followed by Microsoft's heavy-handed response, left critical infrastructures ex…TWIT.TV
12 MayIntroducing Wiz Audit History: Track Every Change Across your EnvironmentWiz Audit History is now GA, providing a continuous, cross-cloud timeline of changes to resource configurations and findings to accelerate incident response and simplify compliance.WIZ.IO
11 MayCanvas Breach Exposes 275M Accounts | AI Targets Water Systems | GM OnStar SettlementA massive cybersecurity week. On this episode of Cybersecurity Today, David Shipley breaks down the reported breach of Instructure's Canvas learning platform, where attacks linked to the ShinyHunters extortion group may have exposed data tied to up to 275 million user accounts ac…CYBERSECURITYTODAY.LIBSYN.COM
11 MayNew cPanel and WHM Vulnerabilities Expose Servers to Code Execution and DoS AttackscPanel and WebHost Manager (WHM) are critical administrative control panels used by hosting providers globally to manage servers, websites, and databases. Due to their widespread deployment, vulnerabilities in these platforms immediately become high-value targets for threat actor…GBHACKERS.COM
11 MayJDownloader Hack Spreads New Python RATThe official JDownloader website fell victim to a sophisticated supply-chain attack, resulting in malicious installers being distributed to users worldwide. Attackers exploited an unpatched vulnerability in the site’s content management system to redirect specific download …GBHACKERS.COM
11 MaySecurity teams are turning to AI to survive alert overloadThe World Economic Forum white paper “Empowering Defenders: AI for Cybersecurity” identified AI as the biggest driver of change in cybersecurity for 94% of survey respondents. The paper found that 77% of organizations already use AI in cybersecurity, with much of the activity foc…HELPNETSECURITY.COM
11 MaymacOS Malware Abuses Google Ads and Claude Shared Chats to Deliver PayloadsThreat actors are deploying a sophisticated malvertising campaign targeting macOS users by exploiting Google Ads and legitimate Anthropic Claude shared chats. Security researcher Berk Albayrak uncovered this novel attack chain on May 10, which distributes a variant of the MacSync…GBHACKERS.COM
11 MayODINI Malware Uses CPU Magnetic Signals to Exfiltrate Data from Air-Gapped SystemsAir-gapped systems and Faraday cages have long represented the gold standard for protecting critical infrastructure and sensitive military networks. However, a groundbreaking threat known as ODINI demonstrates that even these extreme isolation measures can be compromised. Researc…GBHACKERS.COM
11 MayRustinel: Open-source endpoint detection for Windows and LinuxOpen-source endpoint detection has long been split between Windows-focused tools built around Sysmon and Linux tools built around eBPF or auditd. Defenders running mixed environments have had to stitch together separate pipelines, separate rule sets, and separate maintenance burd…HELPNETSECURITY.COM
11 MayReview: Foundations of Cybersecurity, 2nd editionJason Andress has refreshed his introductory security text for No Starch Press. He writes in the introduction that the term security now extends past data center servers to cloud resources, mobile devices, the Internet of Things, and AI. About the author Jason Andress is an exper…HELPNETSECURITY.COM
11 MayWindows CreateFileW API Flaw Could Let Attackers Lock SMB Files at ScaleThe multi-billion-dollar ransomware defence industry operates on a fundamental assumption: to cause catastrophic operational damage, malicious actors must write corrupted data to a disk. However, a newly disclosed attack technique, GhostLock, completely invalidates this foundatio…GBHACKERS.COM
11 MayCrimenetwork Bust Reveals 22,000 Members and Over 100 Illicit VendorsLaw enforcement authorities have successfully dismantled the relaunched version of “Crimenetwork,” a prominent criminal online trading platform. A 35-year-old German citizen, suspected of operating the illicit platform, was apprehended at his residence in Mallorca, Sp…GBHACKERS.COM
11 MayShinyHunters Exploits Canvas LMS Free Teacher Accounts in New BreachIn early May 2026, ShinyHunters breached Instructure’s Canvas LMS by abusing the Free-For-Teacher (FFT) account program, triggering an active extortion campaign and exposing student and faculty data across thousands of schools worldwide. ShinyHunters claimed responsibility on 3 M…GBHACKERS.COM
11 MayMythos finds a curl vulnerabilitysubmitted by codeinabox to security 4 points | 1 comments https://daniel.haxx.se/blog/2026/05/11/mythos-finds-a-curl-vulnerability/ My personal conclusion can however not end up with anything else than that the big hype around this model so far was primarily marketing. I see no e…PROGRAMMING.DEV
11 May8 guiding principles for reskilling the SOC for agentic AIAt DXC Technology, global CISO Mike Baker has established one of the largest agentic security operation centers (SOCs) in the world. To upskill the workforce as part of this journey, he embedded experts from agentic SOC vendor 7AI within his security teams. When Damon McDougald ,…CSOONLINE.COM
11 MayThe scam economy has found its AI upgradeScam attempts continue to reach consumers via email, text messages, social media, online advertising, and phone calls. The volume of exposure has remained stable over the past year, with more than half of consumers encountering scam attempts at least monthly, according to the F-S…HELPNETSECURITY.COM
11 MayMicrosoft 365 Copilot Flaws Could Let Attackers Access Sensitive DataMicrosoft has disclosed a trio of critical information disclosure vulnerabilities affecting Microsoft 365 Copilot and Copilot Chat in Microsoft Edge. Released on May 7, 2026, these security flaws pose a substantial risk to enterprise data privacy and corporate confidentiality. If…GBHACKERS.COM
11 MayAI security is repeating endpoint security’s biggest mistakeThe security industry is experiencing déjà vu, and most teams haven’t recognized it yet. If you were in the trenches during the early 2000s, you remember the antivirus arms race. IT teams buried under signature updates. Configuration baselines checked obsessively. Patch cycles tr…CSOONLINE.COM
11 MayInstructure confirms Canvas user data exposed in cyberattackInstructure has confirmed that attackers gained unauthorized access to parts of its environment and exploited a vulnerability tied to the company’s Free for Teacher support ticket system. The company says Canvas is now fully operational and that core learning data, including cour…CYBERINSIDER.COM
11 MayYour Purple Team Isn't Purple — It's Just Red and Blue in the Same RoomDefending a network at 2 am looks a lot like this: an analyst copy-pasting a hash from a PDF into a SIEM query. A red team script is being rewritten by hand so the blue team can use it. A patch waiting on a change-approval window that's longer than the exploitation window itself.…THEHACKERNEWS.COM
11 MayPHP SOAP Extension Flaw Could Let Attackers Execute Code RemotelyRecently disclosed vulnerabilities in PHP, particularly within its widely used SOAP extension, have raised significant alarms across the cybersecurity community. Among the newly identified flaws is a high-severity vulnerability that could permit attackers to achieve Remote Code E…GBHACKERS.COM
11 MayMalicious Hugging Face model masquerading as OpenAI release hits 244K downloadsA malicious Hugging Face repository posing as an OpenAI release delivered infostealer malware to Windows systems and logged 244,000 downloads before being removed, raising fresh concerns about how enterprises source and validate AI models from public repositories. The repository,…CSOONLINE.COM
11 MayHackers Observed Using AI to Develop Zero-Day for the First TimeGoogle Threat Intelligence Group details how cybercriminals attempted to launch a campaign based around an AI-developed Zero-Day targeting open-source softwareINFOSECURITY-MAGAZINE.COM
11 MayHackers Use AI for Exploit Development, Attack AutomationCyber adversaries have long used AI, but now attackers are using large language models to develop exploits and orchestrate complex attacks.DARKREADING.COM
11 MayPolice take down relaunched criminal marketplace with 22,000 users, €3.6 million in revenueGerman authorities shut down a relaunched version of the criminal marketplace Crimenetwork and arrested its suspected operator. The domain seizure notice (Source: BKA) A special unit of the Spanish National Police arrested the suspected 35-year-old German operator at his residenc…HELPNETSECURITY.COM
11 Mayfsnotify Maintainer Access Change Sparks Supply Chain Security ConcernsA dispute over maintainer access in the widely used Go library fsnotify has triggered temporary supply chain concerns after contributors were removed from the project’s GitHub organization and recent releases came under scrutiny. While no evidence suggests that any version of fsn…GBHACKERS.COM
11 MayLyrie.ai Joins First Batch of Anthropic’s Cyber Verification ProgramDubai-founded OTT Cybersecurity LLC also unveils the Agent Trust Protocol (ATP), the first open cryptographic standard for AI agent identity, scope, and action verification — slated for IETF submission. OTT Cybersecurity LLC, the company behind Lyrie.ai, today announced two miles…CSOONLINE.COM
11 MayGoogle discovers weaponized zero-day exploits created with AIThe Google Threat Intelligence Group (GTIG) today released evidence of a zero-day exploit developed by a cybercriminal group with the help of AI. It marks the first time the security research group has identified what it believes to be an AI-crafted zero-day exploit in the wild. …CSOONLINE.COM
11 MayGTIG AI Threat Tracker: Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial AccessExecutive Summary Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial work…CLOUD.GOOGLE.COM
11 MayGoogle spotted an AI-developed zero-day before attackers could use itResearchers found artifacts in the code that proved AI was heavily involved. A prominent cybercrime group planned to exploit the zero-day en masse for financial gain. The post Google spotted an AI-developed zero-day before attackers could use it appeared first on CyberScoop .CYBERSCOOP.COM
11 MayGoogle researchers uncover criminal zero-day exploit likely built with AIGoogle’s threat intelligence researchers have linked a zero-day exploit to AI-assisted development by a criminal group. The exploit targeted a popular open-source web-based system administration tool. It allowed attackers to bypass two-factor authentication once they had va…HELPNETSECURITY.COM
11 MayWhy we use CAPTCHAs, (Mon, May 11th)A few months ago, I implemented Cloudflare&#;x26;#;39;s Turnstile CAPTCHA on some pages. The reason for implementing these CAPTCHAs is obvious: Bots make up a large percentage of traffic and affect site performance. ISC.SANS.EDU
11 MayAI used to develop working zero-day exploit, researchers warnA report by GTIG shows threat groups are increasingly leveraging AI to scale attacks. The exploitation attempt was disclosed and patched, preventing a mass incident.CYBERSECURITYDIVE.COM
11 MayGoogle warns artificial intelligence is accelerating cyberattacks and zero-day exploitsGoogle says hackers now use AI to create exploits, automate attacks, evade defenses, and target AI supply chains at scale. Artificial intelligence is rapidly changing the cyber threat landscape, and a new report from the Google Cloud Threat Intelligence team highlights how attack…SECURITYAFFAIRS.COM
11 May'Dirty Frag' Exploit Poised to Blow Up on Enterprise Linux DistrosThe privilege escalation vulnerability, which is similar to other Linux flaws like Copy Fail and Dirty Pipe, may already be under limited exploitation.DARKREADING.COM
11 MayFinal Countdown: Last Chance to Join the Rapid7 Global Cybersecurity SummitThe Rapid7 2026 Global Cybersecurity Summit is just around the corner, and with it, a final opportunity to join the conversations shaping how security teams are adapting to a rapidly changing landscape. Over the past few weeks, we’ve shared a preview of what to expect, from the s…RAPID7.COM
11 MayHackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass ExploitationGoogle on Monday disclosed that it identified an unknown threat actor using a zero-day exploit that it said was likely developed with an artificial intelligence (AI) system, marking the first time the technology has been put to use in the wild in a malicious context for vulnerabi…THEHACKERNEWS.COM
11 MayIAM for MSSPs: The Hidden Risk of Blind Trust - Dustin Sachs - CSP #224Identity and access management is often sold as a technical problem, but real-world deployments tell a different story. For MSSPs managing access across multiple client environments, IAM becomes a test of trust, accountability, decision fatigue, and human behavior. In this episod…YOUTUBE.COM
11 MayRed Hat extends open source technology into spaceRed Hat and Voyager Technologies announced the successful deployment of Red Hat Enterprise Linux 10.1 and Red Hat Universal Base Image (UBI) to Voyager’s LEOcloud Space Edge IaaS Micro Datacenter aboard the International Space Station (ISS). This collaboration extends a container…HELPNETSECURITY.COM
11 MayIdentity security firm SailPoint discloses GitHub repository breachSailPoint disclosed a GitHub repository breach on April 20. The company contained the incident and said no customer data was affected. SailPoint is a cybersecurity company that provides identity security and identity governance solutions for enterprises. Its products help organiz…SECURITYAFFAIRS.COM
11 MayFCC Robocall Crackdown Raises Privacy Concerns Over Mandatory ID ChecksThe FCC’s proposed robocall crackdown could force carriers to verify customer identities, raising privacy concerns over anonymous phone use. The post FCC Robocall Crackdown Raises Privacy Concerns Over Mandatory ID Checks appeared first on TechRepublic .TECHREPUBLIC.COM
11 MayAI Isn’t Replacing CybersecurityThe speakers argue that AI in cybersecurity functions primarily as a force multiplier rather than a replacement. Experienced professionals can significantly increase their effectiveness using AI tools, but the technology is not yet replacing core human expertise. While AI has bee…YOUTUBE.COM
11 MayCalifornia hits GM with record $12.75M fine for selling driver location dataCalifornia Attorney General Rob Bonta and a coalition of state prosecutors have secured a $12.75 million settlement with General Motors over the automaker’s collection and sale of drivers’ location and behavior data. This marks the largest California Consumer Privacy Act (CCPA) p…CYBERINSIDER.COM
11 MayGoogle says cybercriminals used AI to develop zero-day exploitGoogle Threat Intelligence Group (GTIG) says it has identified what it believes is the first known case of cybercriminals using artificial intelligence to help develop a zero-day exploit intended for mass exploitation. According to Google, the exploit targeted a popular open-sour…CYBERINSIDER.COM
11 MayForeign routers get a longer lifeline.The FCC eases restrictions on foreign-made routers. Shiny Hunters hit Canvas and Zara. SailPoint discloses unauthorized access to its GitHub repositories. TrickMo Android banking malware has more tricks up its sleeve. Polish officials warn of increased targeting of ICS and public…THECYBERWIRE.COM
11 MayInside AD CS Escalation: Unpacking Advanced Misuse Techniques and ToolsUnit 42 analyzes AD CS exploitation through template misconfigurations and shadow credential misuse while offering behavioral detection for defenders. The post Inside AD CS Escalation: Unpacking Advanced Misuse Techniques and Tools appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
10 May KEVWeek in review: cPanel vulnerability actively exploited, DigiCert breach, LinkedIn job scamsHere’s an overview of some of last week’s most interesting news, articles, interviews and videos: Your work apps are quietly handing 19 data points to someone Office work in 2026 relies on mobile apps used alongside personal tools like banking and messaging. Ten widely used workp…HELPNETSECURITY.COM
10 MayOfficial JDownloader site served malware to Windows and Linux users between May 6 and May 7JDownloader website was hacked to distribute malicious Windows and Linux installers carrying a Python RAT between May 6–7, 2026. JDownloader official website was compromised in a supply chain attack that replaced legitimate Windows and Linux installers with malicious files betwee…SECURITYAFFAIRS.COM
10 MayNew cPanel vulnerabilities could allow file access and remote code executioncPanel fixed three flaws that could allow file reads, code execution, and privilege escalation. No active exploitation has been reported yet. cPanel has released security updates to fix three vulnerabilities affecting cPanel & WHM that could allow attackers to read files, exe…SECURITYAFFAIRS.COM
9 MayNVIDIA Confirms GeForce Data Breach Exposed Users’ Personal DataGFN Cloud Internet Services, operating as the regional NVIDIA GeForce NOW cloud gaming partner, GFN.AM has officially confirmed a significant data breach. The security incident exposed personal information of users registered on their streaming platform. While the company has now…GBHACKERS.COM
9 MayCybersecurity Today Month in Review: AI Coding Risks, Canvas Breach, QR Phishing SurgeThis week's panel dives into the cybersecurity stories that matter most for security leaders, IT teams, and anyone watching how AI is changing risk. Jim Love is joined by David Shipley (Beauceron Security), Laura Payne (White Tuque), and Jeff Williams (Contrast Security). Cyberse…CYBERSECURITYTODAY.LIBSYN.COM
9 MayVidar Infostealer Campaign Steals Passwords, Cookies, Crypto Wallets, and Device DataA highly evasive multi-stage malware campaign deploying the Vidar Infostealer. First discovered in late 2018 and built on the Arkei stealer source code, Vidar is notorious for aggressively harvesting user credentials, browser session cookies, cryptocurrency wallets, and detailed …GBHACKERS.COM
9 MayShinyHunters defaces Canvas portals during finals week.CISA orders Federal agencies to patch Ivanti zero-day by Sunday. Progress Software urges customers to patch critical MOVEit flaw.THECYBERWIRE.COM
8 MayBecome a millionaire by bug hunting on AndroidOver the past decade, Google has introduced a wide range of bug bounty programs for its software and services. The company has now announced that the reward for individuals who discover vulnerabilities in Android or the Chrome browser is being increased , bringing the maximum rew…CSOONLINE.COM
8 MayMeta allegedly made billions from scam advertising while online fraud explodes worldwide.In this special edition of Cybersecurity Today, David Shipley speaks with scam-fighting expert Erin West about the global fraud crisis, the rise of AI-powered scams, and why traditional law enforcement may be falling behind. Cybersecurity Today would like to thank Material Securi…CYBERSECURITYTODAY.LIBSYN.COM
8 MayNWHStealer Campaign Deploys Bun Loader, Anti-VM Evasion, and Encrypted C2A new distribution method for the NWHStealer infostealer that leverages the Bun JavaScript runtime, marking a significant evolution in the malware’s delivery infrastructure. The threat actors behind this Rust-based stealer are exploiting Bun’s relative newness and hig…GBHACKERS.COM
8 MayMultiple Critical Flaws Fixed in Next.js and React Server ComponentsVercel has released Next.js v16.2.6v16.2.6, fixing a large group of security flaws that affect modern web applications using Next.js and React Server Components. The update addresses high-, moderate-, and low-severity issues, including denial-of-service bugs, middleware bypasses,…GBHACKERS.COM
8 May423 Firefox Flaws Fixed as Browser Gains Support for Claude, Mythos, and MoreMozilla has successfully identified and patched 423 latent security vulnerabilities in Firefox using advanced artificial intelligence models, notably Claude Mythos Preview. Two weeks after initially announcing their AI-assisted security initiative, Firefox developers have shared …GBHACKERS.COM
8 MayMay 2026 Patch Tuesday forecast: AI starts driving security industry changesProject Glasswing. This is one of three major security industry changes I’ll cover today. The Anthropic Mythos vulnerability discovery model has already proven to be game changing in its ability to identify new vulnerabilities in software. Many of these vulnerabilities have exist…HELPNETSECURITY.COM
8 MayMental health apps are collecting more than emotional conversationsPeople use mental health apps to talk about depression, trauma and suicidal thoughts in moments they may not share with anyone else. Many users likely assume those conversations carry protections similar to therapy sessions. In reality, mental health apps operate without the same…HELPNETSECURITY.COM
8 MayProduct showcase: NetGuard open-source firewall for AndroidNetGuard is a free, open-source firewall for Android phones and tablets that provides users with a simple way to block internet access. Android does not allow VPN services to be chained, so the app uses the Android VPN service to route all internet traffic through itself. NetGuar…HELPNETSECURITY.COM
8 MaySnyk integrates Claude to advance AI-native application securitySnyk has announced it is leveraging Anthropic’s Claude models to advance software security. Snyk has integrated Claude into the Snyk AI Security Platform, enabling automated vulnerability discovery, prioritization, and developer-ready fixes across code, dependencies, containers, …HELPNETSECURITY.COM
8 MayFake Moustache Fools Age Checks, Sparks Online Safety Act FearsA critical gaps in age verification systems introduced under the Online Safety Act, with children easily bypassing safeguards using simple tricks including drawing fake facial hair to appear older on camera. The Online Safety Act, which came into force in July 2025, was designed …GBHACKERS.COM
8 MayTrellix Investigates RansomHouse Breach Claims Involving Source Code RepositoryLeading cybersecurity firm Trellix is actively investigating a potential security incident following claims made by the RansomHouse extortion group. The threat actors recently listed Trellix on their dark web leak site, alleging a successful cyberattack against the prominent secu…GBHACKERS.COM
8 MayPen tests show AI security flaws far more severe than legacy software bugsPenetration tests of AI-based systems are revealing a greater percentage of high-risk flaws than those discovered in legacy systems. Security consultancy Cobalt’s annual State of Pentesting Report reveals that 32% of all AI and large language model (LLM) findings are rated as hig…CSOONLINE.COM
8 MayHelping North Korean IT remote workers is becoming a fast track to prisonTwo U.S. nationals were sentenced to 18 months in prison for operating “laptop farms” that helped North Korean IT workers gain employment at nearly 70 American companies, generating more than $1.2 million for Pyongyang’s government. Although Matthew Issac Knoot of Nashville, Tenn…HELPNETSECURITY.COM
8 MayNew Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH CredentialsCybersecurity researchers have disclosed details of a new Linux backdoor named PamDOORa that's being advertised on the Rehub Russian cybercrime forum for $1,600 by a threat actor called "darkworm." The backdoor is designed as a Pluggable Authentication Module (PAM)-based post-exp…THEHACKERNEWS.COM
8 MayCline Kanban WebSocket Vulnerability Enables Malicious Sites to Take Over AI Coding AgentsCline, a widely adopted open-source AI coding agent, has recently patched a severe vulnerability in its local Kanban server. Trusted by developers with deep access to source code, cloud credentials, and terminals, Cline automates complex coding tasks. However, researchers from Oa…GBHACKERS.COM
8 MayClaude in Chrome is taking orders from the wrong extensionsAnthropic Claude’s Chrome browser extension, known as Claude in Chrome, has a bug that can allow other malicious extensions to hijack it, compromising trusted AI workflows. Researchers at LayerX Security have warned that Claude’s overly trusted browser communication flows can be …CSOONLINE.COM
8 MayDirty Frag: A new Linux privilege escalation vulnerability is already in the wildDirty Frag: unpatched Linux kernel flaw grants root access on Ubuntu, RHEL and Fedora. A working exploit is already public. Security researchers have disclosed a new unpatched vulnerability in the Linux kernel, code-named Dirty Frag, that allows an unprivileged local user to gain…SECURITYAFFAIRS.COM
8 MayFrom Cyberwar to Cognitive Warfare: The Geopolitical Impact on Cybersecurity in AfricaWe’ve long defined cybersecurity as the technical discipline of protecting networks, data and systems. But when viewed through a geopolitical lens, then this definition is no longer sufficient. What we are dealing with today goes beyond protecting organisational data, to protecti…KNOWBE4.COM
8 MayPam Backdoor Targets Linux Systems to Steal SSH CredentialsA newly observed Linux backdoor technique, dubbed Pam, is exploiting the flexibility of Pluggable Authentication Modules (PAM) to capture SSH credentials and maintain persistence on compromised systems stealthily. Since its introduction in 1991 by Linus Torvalds, Linux has been d…GBHACKERS.COM
8 MayZero Chaos: Scaling Detection Engineering at the Speed of Software, with Detection As CodeEvery engineering team in your organization ships code through a pipeline. They branch, test, review, and deploy. If something breaks, they roll back. If someone asks "what changed?", the answer is in the commit history. This isn't heroic discipline to process; it's just how soft…RAPID7.COM
8 MayMFA Alone Won’t Save YouRob Allen describes a model where SaaS applications like Office 365, GitHub, or Salesforce only accept connections from approved IP addresses routed through a trusted app or secure tunnel. That means stolen credentials alone may no longer be enough for attackers. Even successful …YOUTUBE.COM
8 MayShinyHunters defaces Canvas portals during finals week.CISA orders Federal agencies to patch Ivanti zero-day by Sunday. Sri Lankan police shut down scam center.THECYBERWIRE.COM
8 MayMultiple universities forced to reschedule final exams after Canvas cyber incidentOn Thursday, dozens of students took to social media to say they saw a message from a cybercriminal group as they navigated through Canvas, an educational platform created by Instructure that hosts teaching materials, tests, readings and more.THERECORD.MEDIA
8 MayApple and Meta warn Canada’s Bill C-22 forces encryption backdoorsApple and Meta are publicly opposing portions of Canada’s proposed lawful access legislation, warning that Bill C-22 could weaken encryption protections, introduce systemic cybersecurity risks, and force technology companies to facilitate government surveillance capabilities. The…CYBERINSIDER.COM
8 MayInsider Betting on PolymarketInsider trading is rife on Polymarket: Analysis by the Anti-Corruption Data Collective, a non-profit research and advocacy group, found that long-shot bets—­defined as wagers of $2,500 or more at odds of 35 percent or less—­on the platform had an average win rate of a…SCHNEIER.COM
8 May KEVThe four-day race you don’t want to be in.CISA orders rapid patching of actively exploited Ivanti zero-day. Canvas gets hacked during finals week. Dirty Frag is a new Linux zero-day. Researchers document a serious Claude Chrome extension bug. Meta ends Instagram encryption. PCPJack malware clean house before moving in. A…THECYBERWIRE.COM
8 MayCanvas, Shai-Hulud, QuasarRat, 0Days, Anthropic, Aaran Leyland, and EU Compliance! - SWN #579Canvas, Shai-Hulud, QuasarRat, 0Days, Anthropic, Aaran Leyland, and EU Compliance and more! Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-579YOUTUBE.COM
8 MayA Framework for AI Threat ReadinessAI models now find and exploit zero-days autonomously. This 4-pillar framework accelerates patching, analysis, and threat response.WIZ.IO
7 MayMirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS AttacksCybersecurity researchers have exposed a new Mirai-derived botnet that self-identifies as xlabs_v1 and targets internet-exposed devices running Android Debug Bridge (ADB) to enlist them in a network capable of carrying out distributed denial-of-service (DDoS) attacks. Hunt.io, wh…THEHACKERNEWS.COM
7 MayUS government agency to safety test frontier AI models before releaseThe Center for AI Standards and Innovation (CAISI), a division of the US Department of Commerce, has signed agreements with Google DeepMind, Microsoft, and xAI that would give the agency the ability to vet AI models from these organizations and others prior to their being made pu…CSOONLINE.COM
7 Mayvm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code ExecutionA dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the sandbox and execute arbitrary code on susceptible systems. vm2 is an open-source library used to run untrusted JavaScript code inside…THEHACKERNEWS.COM
7 MayCybercriminals Exploit Microsoft Teams to Phish Login Credentials and Bypass MFAIranian state-sponsored threat actors linked to MuddyWater (Seedworm) have been caught hiding behind the Chaos ransomware brand to conduct sophisticated espionage operations, using Microsoft Teams as a phishing vector to steal credentials and manipulate multi-factor authenticatio…GBHACKERS.COM
7 MayDeepFake it till you make it.This week, hosts of N2K CyberWire ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ and⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ alongside ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠…THECYBERWIRE.COM
7 MayOpen-source MCP server monitoring for Python appsPythonic Model Context Protocol servers handle tool calls, session events, module imports, and subprocess activity. BlueRock has released MCP Python Hooks, an open source runtime sensor that gives developers a way to capture those signals without modifying application code. What …HELPNETSECURITY.COM
7 MayCritical vm2 Node.js Library Flaws Enable Arbitrary Code Execution AttacksMultiple critical sandbox-escape vulnerabilities have been disclosed in vm2, one of the most widely used Node.js sandboxing libraries, allowing attackers to escape the isolated execution environment and run arbitrary commands directly on the host system. Eleven advisories were pu…GBHACKERS.COM
7 MayUAT-8302 Targets Government Agencies With Custom Malware and Open-Source ToolsA new China-linked hacking group, tracked as UAT-8302, that is using custom malware and open-source tools to spy on government organizations in South America and southeastern Europe. The campaign focuses on long-term access and data theft, combining advanced backdoors like NetDra…GBHACKERS.COM
7 MayHackers Exploit Google Ads to Steal GoDaddy ManageWP LoginsHackers are abusing Google Ads to steal GoDaddy ManageWP credentials by placing a look‑alike phishing ad above the legitimate ManageWP result and proxying victims’ logins in real time via an adversary‑in‑the‑middle (AiTM) setup. The attackers purchase a sponsored Google ads that …GBHACKERS.COM
7 MayTen years later, has the GDPR fulfilled its purpose?This year marks the 10th anniversary of the EU’s adoption of the General Data Protection Regulation , which became mandatory for all companies beginning on May 25, 2018. The aim of the GDPR was simple, but important: to improve individuals’ control over their personal data. This …CSOONLINE.COM
7 MayResearchers Spot Uptick in Use of Vercel for Phishing CampaignsCofense has warned of a “significant” increase in phishing campaigns abusing Vercel platformINFOSECURITY-MAGAZINE.COM
7 MayCallPhantom Android scam reached 7.3 million downloads on Google PlayScams targeting Android users in India and across the Asia-Pacific region have grown around a long-standing curiosity gap: the desire to look up call records tied to a phone number. A cluster of 28 fraudulent apps on Google Play exploited that gap and pulled in more than 7.3 mill…HELPNETSECURITY.COM
7 MayScammers Exploit Disposable VoIP Numbers to Bypass Reputation BlockingNew tactics used by threat actors who embed phone numbers in scam emails as a key indicator of compromise (IOC), revealing how attackers exploit VoIP infrastructure to evade detection and scale fraud operations. Telephone-oriented attack delivery (TOAD) remains a dominant phishin…GBHACKERS.COM
7 MayCISOs: Align cyber risk communication with boardroom psychologyBy now, executive boards across industries understand that cyberattacks can be costly. What they often lack, however, is a clear view of which risks pose the biggest threat to their business and why certain investments need to rise to the top. Many security leaders lose traction …CSOONLINE.COM
7 MayThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New StoriesBad week. Turns out the easiest way to get hacked in 2026 is still the same old garbage: shady packages, fake apps, forgotten DNS junk, scam ads, and stolen logins getting dumped into Discord channels like it’s normal. Some of these attack chains don’t even feel sophisticated any…THEHACKERNEWS.COM
7 MayClaude and SpaceX Join Forces to Enhance Large-Scale Compute CapacityAnthropic has officially announced a massive strategic partnership with SpaceX to expand its computing capabilities significantly. This collaboration aims to provide the necessary infrastructure to scale up the Claude artificial intelligence ecosystem. By securing dedicated compu…GBHACKERS.COM
7 MaySpring Vulnerabilities Open Door to Arbitrary File Access and GCP Secret LeaksSecurity researchers have identified four new vulnerabilities in the Spring Cloud Config Server, ranging from medium to critical severity. These newly disclosed flaws could allow attackers to access arbitrary files, leak Google Cloud Platform (GCP) secrets, and manipulate system …GBHACKERS.COM
7 MayThe AI-vs-AI battle is already happening. Watch it live at EXPOSURE 2026.Don’t singularly focus on the speed of AI attacks. You must also prepare for the shift AI is bringing to the threat landscape. Join Tenable at EXPOSURE 2026 to witness a live AI-vs-AI battle and get clarity to defend your organization against next-generation autonomous threats. K…TENABLE.COM
7 MayIf a fake moustache can fool age checks, is the Online Safety Act working?A UK report finds some progress since the Act came into force, but widespread workarounds, ongoing harm, and unresolved privacy concerns suggest the impact is still limited.MALWAREBYTES.COM
7 MayExploits and vulnerabilities in Q1 2026This report provides statistical data on published vulnerabilities and exploits we researched during Q1 2026. It also includes summary data on the use of C2 frameworks in APT attacks.SECURELIST.COM
7 MayOne House Democrat is pressing Commerce on the government’s spyware useRep. Summer Lee’s letter, first reported by CyberScoop, follows ICE confirmation of using spyware and news of a Trump ally becoming NSO Group’s executive chairman. The post One House Democrat is pressing Commerce on the government’s spyware use appeared first on CyberScoop .CYBERSCOOP.COM
7 MayHow Cloudflare responded to the “Copy Fail” Linux vulnerabilityWhen a critical Linux kernel privilege escalation was publicly disclosed, Cloudflare's security and engineering teams detected, investigated, and mitigated the threat across our global fleet, confirming zero customer impact and no malicious exploitation.CLOUDFLARE.COM
7 MayWhy Security in 2026 Requires Continuous Threat and Exposure Management (CTEM) at ScaleLet's be honest, the patching window just shrank to something no practitioner or organization can keep up with. Organizations now need to operate in an environment that must assume breach, which means fundamentals like attack surface management, micro-segmentation, identity manag…RAPID7.COM
7 MayBusinesses hide vast majority of ransomware attacks, report findsThe security firm BlackFog said the number of disclosed incidents it tracked in Q1 was roughly one-tenth of the number of undisclosed incidents.CYBERSECURITYDIVE.COM
7 MayPalo Alto Networks warns state-linked cluster behind zero-day exploitationA patch for the flaw, which hackers began targeting in early April, won’t be ready for another week.CYBERSECURITYDIVE.COM
7 MayCisco patches high-severity flaws enabling SSRF, code execution attacksCisco fixed several high‑severity flaws in its enterprise products, including SSRF bugs in Unity Connection that could enable code execution or service disruption. Cisco released patches for multiple high‑severity vulnerabilities affecting its enterprise products. Successful expl…SECURITYAFFAIRS.COM
7 MayMultiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code ExecutionMultiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large…CISECURITY.ORG
7 MayPCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud SystemsCybersecurity researchers have disclosed details of a new credential theft framework dubbed PCPJack that targets exposed cloud infrastructure and ousts any artifacts linked to TeamPCP from the environments. "The toolset harvests credentials from cloud, container, developer, produ…THEHACKERNEWS.COM
7 MayICYMI: April 2026 @AWS SecurityRead all about the latest AWS security features, compliance updates, and hands-on resources in our new, monthly digest posts. You’ll find expert blog posts, new service capabilities, code samples, and workshops. AWS Security Blog posts This month’s AWS Security Blog posts covered…AWS.AMAZON.COM
7 MayLinkedIn illegally blocking free accounts from seeing ‘who’s viewed your profile’ data, group allegesA LinkedIn feature that allows paid subscribers to view a list of visitors to their profile should be made available to all EU users free of charge to comply with the region’s General Data Protection Regulation (GDPR), a legal complaint launched by the None of Your Business (NOYB…CSOONLINE.COM
7 MayGetting Rid of Your VPN - Rob Allen - PSW #925Rob Allen from Threatlocker joins us to discuss the risks associated with VPN appliances and how to implement better security solutions that don't leave you hanging out on the open Internet. The interview segment is sponsored by ThreatLocker. Visit https://securityweekly.com/thre…YOUTUBE.COM
7 May KEVIvanti customers confront yet another actively exploited zero-dayAttackers are hitting a frequent target in the network edge space, intruding victim networks through a defect in a widely used mobile endpoint security product. The post Ivanti customers confront yet another actively exploited zero-day appeared first on CyberScoop .CYBERSCOOP.COM
7 MayRapid7 and OpenAI: Helping Defenders Move at Machine SpeedWade Woolwine is Senior Director, Product Security at Rapid7. Announcing OpenAI's Trusted Access for Cyber program CIOs and CISOs are telling us the same thing in different ways: Advances in frontier AI are accelerating the threat environment and putting pressure on security oper…RAPID7.COM
6 MayWeekly Update 502Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite It's a fascinating display of leverage: the ShinyHunters folks, with very limited resources and experience (their demographic will…TROYHUNT.COM
6 MayZero-Auth Vulnerability Enables Cross-Tenant Access at DoD ContractorA severe authorization vulnerability was recently discovered in Schemata, an AI-powered virtual training platform serving the United States Department of Defense. Security researcher Alex Schapiro, utilizing the open-source AI hacking agent Strix, identified a critical lack of AP…GBHACKERS.COM
6 MayMalicious OpenClaw Skill Targets Agentic AI Workflows to Deploy RATs and StealersOpenClaw’s agent “skill” ecosystem to deliver both Remcos RAT and a cross‑platform stealer called GhostLoader by hiding malware inside a deceptive DeepSeek integration called “DeepSeek‑Claw.” The campaign shows how agentic AI workflows with high local privileges can be quietly hi…GBHACKERS.COM
6 MayRansomware Gangs Escalate Attacks on Aviation and Aerospace SectorRansomware and data extortion groups are increasingly targeting the aviation and aerospace sector, exploiting interconnected systems, shared platforms, and identity-based access models to cause operational disruption and data compromise. Cyber risk across aviation has shifted bey…GBHACKERS.COM
6 MayRisky Business #836 -- You can't patch the bugpocalypseOn this week’s show, Patrick Gray and James Wilson are joined by special guest co-host Brad Arkin. They discuss the week’s cybersecurity news, including: The US Government says we just have to patch faster, but… Bugs in cPanel, MoveIt and all Linux distributions this week show th…RISKY.BIZ
6 MayRussia’s Forest Blizzard Is Abusing Home + Small Office Routers for Cred TheftThis week on the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠⁠Sherrod DeGrippo⁠ speaks with Danny Adamitis, Distinguished Engineer at Lumen Technologies’ Black Lotus Labs who break down how the Russian state-linked threat actor Forest Blizzard is exploiting home and small offi…THECYBERWIRE.COM
6 MayWindows Phone Link Exploited by CloudZ RAT to Steal Credentials and OTPsCybersecurity researchers have disclosed details of an intrusion that involved the use of a CloudZ remote access tool (RAT) and a previous undocumented plugin dubbed Pheno with the aim of facilitating credential theft. "According to the functionalities of the CloudZ RAT and Pheno…THEHACKERNEWS.COM
6 MaySalesforce Marketing Cloud Vulnerability Exposes Email Data RiskSalesforce Marketing Cloud (SFMC) recently patched a cluster of high‑impact vulnerabilities that could have allowed attackers to read and enumerate marketing emails and subscriber data across tenants, including Fortune 500 organizations. Modern enterprises rely on centralised mar…GBHACKERS.COM
6 MayPoisoned truth: The quiet security threat inside enterprise AIAs enterprises rush to deploy internal LLMs, AI copilots, and autonomous agents, most security conversations focus on familiar threats : prompt injection, jailbreaks, model abuse, and data exfiltration. But some security leaders argue a quieter risk deserves far more attention: w…CSOONLINE.COM
6 MayTrain like you fight: Why cyber operations teams need no-notice drillsSt. Michael’s Hospital in Toronto recently executed a full Code Orange simulation: A mass casualty emergency protocol requiring the activation of every clinical and operational team across the hospital. As a Level 1 trauma centre, it conducts large-scale exercises involving teams…CSOONLINE.COM
6 MayTeach to Sell and Two Interviews from RSAC 2026 from Dropzone AI and Microsoft - BSW #446As security leaders, we are continuously selling, maybe not as traditional sales folks, but as selling security across the organization. Whether you’re closing client deals, leading a team, running a business, or simply wanting your voice to be heard by other executives or the bo…YOUTUBE.COM
6 MayCloudZ RAT Exploits Microsoft Phone Link to Steal SMS OTPsCloudZ is a new modular remote access trojan that abuses Microsoft’s built‑in Phone Link feature to steal SMS one‑time passwords (OTPs) and other mobile notifications directly from Windows PCs, without infecting the phone itself. Microsoft Phone Link (formerly “Your Phone”) is in…GBHACKERS.COM
6 MayIntel 471 speeds threat hunting and remediation with Retroactive Threat DetectionsIntel 471 has announced Retroactive Threat Detections (RTD), a new capability within its Verity471 platform. RTD helps security teams quickly understand the impact of new threats on their environments. This transforms static intelligence reports into actionable answers within min…HELPNETSECURITY.COM
6 MayUiPath adds agentic AI capabilities to Automation Suite for government agenciesUiPath has announced the release of agentic AI capabilities on UiPath Automation Suite. The Automation Suite updates help government agencies and regulated industries accelerate agentic AI and automation adoption and are designed to address strict data sovereignty and compliance …HELPNETSECURITY.COM
6 MayNew Relic advances AI observability with new intelligence layerNew Relic has announced New Relic Knowledge, a new platform capability that integrates telemetry and knowledge sources to enhance issue detection and resolution. By combining real-time telemetry with historical incident data, system changes, and deep operational context, New Reli…HELPNETSECURITY.COM
6 MayServiceNow strengthens enterprise AI security with Autonomous Security & Risk platformServiceNow has launched Autonomous Security & Risk to govern every AI agent, identity, and connected asset. Armis delivers continuous asset intelligence across code, IT, OT, IoT, and connected assets, while Veza provides fine-grained visibility, intelligence, and governance …HELPNETSECURITY.COM
6 MayTaiwan High Speed Rail Hit by Spoofing Attack That Stops Three TrainsDuring the recent Qingming Festival holiday, the Taiwan High Speed Rail (THSR) experienced a severe cybersecurity incident that disrupted major transit operations. Three trains were suddenly forced into emergency stops, causing a 48-minute delay for passengers. Authorities have n…GBHACKERS.COM
6 MayNew malware turns Linux systems into P2P attack networksAttackers have found a new way to turn Linux systems into stealthy supply chain distribution hubs that are resistant to takedowns. Researchers from Trend Micro have disclosed a new malware framework, dubbed Quasar Linux or QLNX, describing it as a modular Linux remote access troj…CSOONLINE.COM
6 MayAttackers Continue to Pose as Help Desks in Social Engineering AttacksResearchers at Google’s Threat Intelligence Group (GTIG) are tracking a new threat actor that’s impersonating help desks to trick users into installing malware. The threat actor, which GTIG tracks as “UNC6692,” begins by sending a large volume of spam emails to the victim, then i…KNOWBE4.COM
6 MayPhishing Attack Weaponizes Calendar Invites to Steal Login CredentialsA new large-scale phishing campaign is abusing fake event invitations to compromise U.S. organizations, combining credential theft, OTP interception, and the deployment of remote monitoring and management (RMM) tools in a single operation. The campaign stands out because it blend…GBHACKERS.COM
6 MayMassive DDoS Attack Generates 2.45 Billion Requests Using 1.2 Million IP AddressesA distributed denial-of-service attack targeted a major user-generated content platform, generating an astonishing 2.45 billion malicious requests in just 5 hours. Security provider DataDome successfully intercepted the assault in real time, ensuring legitimate users experienced …GBHACKERS.COM
6 MayFEMITBOT Network Exploits Telegram Mini Apps to Spread Crypto Scams and Android MalwareA large-scale fraud and malware operation called FEMITBOT that abuses Telegram Mini Apps to steal cryptocurrency and infect Android devices. The campaign shows how trusted in-app web experiences can be turned into powerful tools for social engineering and credential theft. Telegr…GBHACKERS.COM
6 MayAnthropic’s CEO warns the “moment of danger” is real. But most are looking in the wrong place.Anthropic CEO Dario Amodei warns that AI’s rapid evolution is outpacing safety frameworks. Learn why the pace of vulnerability discovery isn't the real problem, why exposure management is now a strategic necessity, and how it can help you prioritize and remediate at scale. Key ta…TENABLE.COM
6 MayMuddying the Tracks: The State-Sponsored Shadow Behind Chaos RansomwareExecutive summary In early 2026, a sophisticated intrusion initially appearing to be a standard Chaos ransomware attack was assessed to be consistent with a targeted state-sponsored operation. While the threat actor operated under the banner of the Chaos ransomware-as-a-service (…RAPID7.COM
6 MayCloudZ Malware Abuses Phone Link to Steal SMS OTPsCisco Talos uncovers CloudZ RAT and Pheno plugin abusing Microsoft Phone Link to intercept SMS OTPsINFOSECURITY-MAGAZINE.COM
6 MayGrapheneOS fixes Android VPN leak Google refused to patchGrapheneOS has released a new update that fixes a recently disclosed Android VPN bypass vulnerability capable of leaking a user’s real IP address. The leak happens even when Android’s “Always-On VPN” and “Block connections without VPN” protections were enabled. The issue, disclos…CYBERINSIDER.COM
6 MayCISA warns of CopyFail exploitation.Attackers compromise installers for DAEMON Tools. New Linux RAT targets software developers.THECYBERWIRE.COM
6 MaySpeed, Not AI, Breaks YouThis clip argues that most enterprise breaches are driven by attack velocity, not advanced sophistication. Even AI-driven attack simulations can appear more effective than they are due to unrealistic conditions—like no defenders or penalties. Focusing too much on cutting-edge thr…YOUTUBE.COM
6 May KEVA critical Palo Alto PAN-OS zero-day is being exploited in the wildThe vendor hasn’t released a patch for the vulnerability or described the scope and objective of confirmed attacks. The post A critical Palo Alto PAN-OS zero-day is being exploited in the wild appeared first on CyberScoop .CYBERSCOOP.COM
6 MayA Vulnerability in Apache HTTP Server Could Allow for Remote Code ExecutionA vulnerability has been discovered in Apache HTTP Server with the HTTP/2 protocol that could allow for remote code execution. Apache is a free, open-source web server software that enables the delivery of web content over the internet. Successful exploitation could result in den…CISECURITY.ORG
6 MayThe exploit that writes its own story.CISA warns CopyFail is under active exploitation. Attackers compromise installers for a widely used disk imaging utility. MuddyWater masks cyberespionage as ransomware. Attackers spread malware through a fake OpenClaw plugin. Researchers ID a new Linux RAT. Vimeo blames a third p…THECYBERWIRE.COM
6 MayA Vulnerability in PAN-OS Could Allow for Remote Code ExecutionA vulnerability has been discovered in the PAN-OS Authentication Portal (aka Captive Portal) service that could allow for remote code execution. PAN-OS is the operating system that runs Palo Alto Networks next-generation firewalls. Successful exploitation could allow an unauthent…CISECURITY.ORG
5 MayAnthropic Mythos spurs White House to weigh pre-release reviews for high-risk AI modelsThe Trump administration is in early discussions about whether advanced AI models should be vetted before public release, according to reporting from the New York Times , the Wall Street Journal, and Axios . The conversations center on systems capable of facilitating cyberattacks…CSOONLINE.COM
5 MayMythbehavior under investigation.Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Selena Larson⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Proofpoint⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ intelligence analyst and host of their podcast ⁠⁠⁠⁠⁠⁠…THECYBERWIRE.COM
5 May174: Pacific RimFor six years, Sophos fought a secret cyber war against a state-backed hacking group targeting its firewalls. This forced Sophos to drastically change tactics to properly secure their firewalls. Was it ethical? Was it effective? They disrupted nine zero-day attacks, exposed who w…DARKNETDIARIES.COM
5 MayMicrosoft Details Phishing Campaign Targeting 35,000 Users Across 26 CountriesMicrosoft has disclosed details of a large-scale credential theft campaign that has leveraged a combination of code of conduct-themed lures and legitimate email services to direct users to attacker-controlled domains and steal authentication tokens. The multi-stage campaign, obse…THEHACKERNEWS.COM
5 MayThe Terrorist Designation: A New Red Line for Ransomware with Cynthia KaiserIn this episode, host⁠ ⁠Caleb Tolin⁠⁠ explores the battlefield of enterprise defense, which has moved from simple data theft to ultra heinous crimes that put patient outcomes at risk. Guest⁠ ⁠Cynthia Kaiser⁠⁠ shares Battlefield Stories from her time at the FBI and her current wor…THECYBERWIRE.COM
5 MayQualcomm Chipset Vulnerabilities Raise Alarm Over Remote Code Execution RiskQualcomm Technologies has released its May 2026 security bulletin, addressing a sweeping array of vulnerabilities across its proprietary and open-source software ecosystems. Threat actors could exploit these security gaps to compromise smartphones, automotive systems, and industr…GBHACKERS.COM
5 MayAttackers Exploit Amazon SES to Send Authenticated Phishing EmailsAttackers are increasingly abusing Amazon Simple Email Service (SES) to deliver highly convincing phishing emails that bypass traditional security controls, marking a growing trend in email-based threats. The primary goal of any phishing campaign is to evade detection while trick…GBHACKERS.COM
5 MayCritical Android Zero-Click Vulnerability Enables Remote Shell AccessGoogle has released the Android Security Bulletin for May 2026, addressing a highly critical vulnerability that allows attackers to execute code remotely without any user interaction. Published on May 4, 2026, the latest security update focuses heavily on a severe flaw located wi…GBHACKERS.COM
5 MayTrellix Reveals Unauthorized Access to Source CodeSecurity vendor Trellix has suffered a breach involving unauthorized accessINFOSECURITY-MAGAZINE.COM
5 MayCISOs step up to the security workforce challengeA robust cybersecurity program needs a range of skilled people, yet many CISOs continue to face an ongoing skills shortage — and the squeeze may only get worse as AI gains traction. Some 95% of cybersecurity practitioners and decision-makers noted at least one security skills gap…CSOONLINE.COM
5 MayKeeping Up With the OWASP GenAI Project - Scott Clinton - ASW #381Speed is the most common theme among developers and appsec teams working with LLMs and agents, from trying to keep up with patterns for deploying agents to dealing with more code faster to how the latest models impact code quality and security. The OWASP GenAI Project is helping …YOUTUBE.COM
5 MayNCSC Warns of an AI-Fuelled “Vulnerability Patch Wave”The UK's National Cyber Security Centre is urging organizations to prepare for glut of new software updatesINFOSECURITY-MAGAZINE.COM
5 MayDarkSword MalwareDarkSword is a sophisticated piece of malware —probably government designed—that targets iOS. Google Threat Intelligence Group (GTIG) has identified a new iOS full-chain exploit that leveraged multiple zero-day vulnerabilities to fully compromise devices. Based on too…SCHNEIER.COM
5 MayWhatsApp Security Flaw Enables Malicious URL Execution Through Instagram ReelsWhatsApp has recently patched two notable security vulnerabilities that could have allowed attackers to execute malicious links and disguise dangerous files. The most alarming discovery involves a flaw in how WhatsApp processes Instagram Reels. This vulnerability allows remote th…GBHACKERS.COM
5 MayEducation Sector Hit by Espionage, Phishing, and Supply Chain AttacksEducational institutions are now facing a coordinated mix of state espionage, spear‑phishing, and supply chain intrusions, even as classic ransomware and vulnerability volumes show signs of easing. Every attributed campaign was linked to state actors, with no financially motivate…GBHACKERS.COM
5 MayMicrosoft warns of global campaign stealing auth tokens from 35K usersMicrosoft revealed a phishing campaign hitting 35,000 users in 26 countries, stealing login tokens via fake code-of-conduct emails and legit services. Microsoft disclosed a major phishing campaign that targeted over 35,000 users across 26 countries in mid-April 2026. Attackers us…SECURITYAFFAIRS.COM
5 MayCloudZ malware hijacks Microsoft Phone Link to intercept SMS and OTPsA new malware campaign abuses Microsoft’s Phone Link app to intercept sensitive mobile data, including one-time passwords (OTPs), without compromising the phone itself. The attack centers on a modular malware toolkit called CloudZ RAT and a previously undocumented plugin for it, …CYBERINSIDER.COM
5 MayWe Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually IsWhile the software industry has made genuine strides over the past few decades to deliver products securely, the furious pace of AI adoption is putting that progress at risk. Businesses are moving fast to self-host LLM infrastructure, drawn by the promise of AI as a force multipl…THEHACKERNEWS.COM
5 MaySilver Fox Uses Fake Tax Notices to Drop ValleyRAT and ABCDoor BackdoorSilver Fox is running a tax‑themed phishing campaign that abuses fake notices from Indian and Russian tax authorities to drop ValleyRAT and a new Python backdoor dubbed ABCDoor, using a customized RustSL loader to evade detection and enforce strict geofencing controls. The campai…GBHACKERS.COM
5 MayCisco Acquisition of Astrix Security Signals to Strengthen on Non-Human Identity SecurityNetworking and security leader Cisco has announced its intent to acquire Astrix Security, a pioneer in Non-Human Identity (NHI) management. Announced in May 2026, this acquisition is designed to help enterprises secure the rapidly expanding “agentic workforce”, the gr…GBHACKERS.COM
5 MayStealthy malware abuses Microsoft Phone Link to siphon SMS OTPs from enterprise PCsA newly identified malware campaign is abusing Microsoft’s Phone Link feature to intercept SMS-based one-time passwords and other sensitive mobile data directly from Windows systems. The activity, first observed by Cisco Talos in January 2026, involves a remote access trojan dubb…CSOONLINE.COM
5 MayC/C++ checklist challenges, solvedWe recently added a C/C++ security checklist to the Testing Handbook and challenged readers to spot the bugs in two code samples : a deceptively simple Linux ping program and a Windows driver registry handler. If you found the inet_ntoa global buffer gotcha or the missing RTL_QUE…TRAILOFBITS.COM
5 MayUS-Targeted Phishing Campaign Exposes Credential and Remote Access Risks for CISOsA new large-scale phishing campaign is targeting U.S. organizations with fake event invitations that lead to credential theft, OTP interception, or RMM tool installation. ANY.RUN researchers found that the campaign uses a repeatable phishing framework to create event-themed lure …ANY.RUN
5 MayHow Far the US Went to Rescue Hostage Bowe BergdahlIn 2009, Bowe Bergdahl walked away from his Army post in eastern Afghanistan, only to be abducted and held hostage until 2014. He was captured by the Taliban and then handed to the Haqqani network, an aligned terrorist group. US officials said they kept Bergdahl locked in a metal…THECYBERWIRE.COM
5 MayPoC tool extracts cleartext passwords from Microsoft Edge memoryA newly released proof-of-concept (PoC) tool shows how Microsoft Edge handles saved credentials, demonstrating that passwords may be exposed in cleartext within browser process memory. The researcher behind the tool, Tom Jøran Sønstebyseter Rønning, claims the behavior is longsta…CYBERINSIDER.COM
5 MayA Walkthrough of the 2026 Global Cybersecurity Summit AgendaThe full agenda for the Rapid7 2026 Global Cybersecurity Summit is now live, and it gives a clearer sense of how the conversation around security operations is evolving. Across two days, the sessions progress from a shared understanding of how threats are changing into a more det…RAPID7.COM
5 MayFake SSA Emails Drive Venomous#Helper Phishing CampaignVenomous#Helper attackers impersonate the US Social Security Administration to deploy signed RMM software and maintain persistent access across US networksINFOSECURITY-MAGAZINE.COM
5 MayGoogle to pay up to $1.5 million for zero-click Pixel Titan M exploitsGoogle has revised its Android and Chrome Vulnerability Reward Programs (VRPs), which pay security researchers to report vulnerabilities in Android, Google hardware, and the Chrome browser. The update raises top bounties to $1.5 million and adjusts rewards for lower-complexity re…HELPNETSECURITY.COM
5 MayChina-Linked UAT-8302 Targets Governments Using Shared APT Malware Across RegionsA sophisticated China-nexus advanced persistent threat (APT) group has been attributed to attacks targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025. The activity is being tracked by Cisco Talos under the…THEHACKERNEWS.COM
5 MayOracle will patch more often to counter AI cybersecurity threatOracle plans to issue security patches for its ERP, database, and other software on a monthly cycle, rather than quarterly, to respond to the increased pace of AI-enabled software vulnerability discovery. Other software vendors, notably Microsoft, SAP, and Adobe, already release …CSOONLINE.COM
5 MayTrellix investigating breach of source code repositoryThe cybersecurity company said there is no immediate evidence of code being exploited or released.CYBERSECURITYDIVE.COM
5 MayMicrosoft Edge Stores Passwords in Process Memory, Posing Enterprise RiskA proof-of-concept exploit (PoC) shows how someone with admin privileges can exploit the issue to steal passwords, and thus use them to engage in further malicious activity.DARKREADING.COM
5 MayUK's NCSC warns of AI-driven "patch wave."Google fixes critical Android vulnerability. Trellix discloses source code breach.THECYBERWIRE.COM
5 MayApple brings end-to-end encryption to RCS messaging in iOS 26.5Apple is preparing to roll out end-to-end encryption (E2EE) for RCS messaging in iOS 26.5, now in release candidate (RC) stage, marking a long-awaited step toward secure cross-platform communication between iPhone and Android users. The feature, currently in beta, ensures that me…CYBERINSIDER.COM
5 MayTanium Atlas aims to accelerate threat response in the AI eraTanium announced Tanium Atlas, an autonomous operating system (OS) that gives a single IT or security operator the data, guidance and reach to accomplish what once required an entire team – moving from intent to outcome in a single, governed experience. Tanium Atlas is built on a…HELPNETSECURITY.COM
5 MayCISA pushes critical infrastructure operators to prepare to work in isolationThe US Cybersecurity and Infrastructure Security Agency (CISA) has unveiled a new national initiative aimed at helping critical infrastructure operators withstand and recover from major cyberattacks by preparing to operate in isolation from the internet and third-party dependenci…CSOONLINE.COM
5 MayGoogle AppSheet Abuse Helped Phish 30,000 Facebook AccountsHackers abused Google AppSheet to send Meta phishing emails, compromising 30,000 Facebook business accounts across 50 countries. The post Google AppSheet Abuse Helped Phish 30,000 Facebook Accounts appeared first on TechRepublic .TECHREPUBLIC.COM
5 MayGoogle Update: Android Flaw Could Put Billions of Devices at RiskGoogle patched an Android zero-click RCE flaw affecting multiple versions. Here’s what IT teams should know and how to reduce mobile risk. The post Google Update: Android Flaw Could Put Billions of Devices at Risk appeared first on TechRepublic .TECHREPUBLIC.COM
5 MayEdge browser leaves passwords exposed in plain text, says researcherA Norwegian researcher has identified an issue with Microsoft Edge’s Password Manager that could be a serious concern for businesses. Tom Jøran Sønstebyseter Rønning found that passwords are being saved within the browser in plain text, with the effect that any PC, particularly a…CSOONLINE.COM
5 MayCVE Disclosures Become AI PromptsAI tools are already being used to discover vulnerabilities, including RCEs, through automated auditing and analysis. This raises the possibility that vulnerability disclosures could shift from detailed human-written reports to simple, reproducible AI prompts that generate the sa…YOUTUBE.COM
5 MayStrengthening cyber defense through policy and people.Markus Rauschecker, Executive Director of the University of Maryland Center for Cyber Health and Hazard Strategies, joins Dave Bittner on the CyberWire Daily podcast for a sponsored Industry Voices. He discusses why effective cybersecurity preparedness extends beyond technology, …THECYBERWIRE.COMHTTPS:
5 MayThe fixes keep coming.Brace for an AI-driven patch surge. Google fixes a critical Android flaw. Trellix confirms a source code breach. Apache Software Foundation ships urgent fixes. Data tied to Liberty Mutual leaks. CloudZ evolves to steal OTPs. Ouroboros persistence raises the stakes. A vishing susp…THECYBERWIRE.COM
5 MayTrellix Source Code Breach Highlights Growing Supply Chain ThreatsInfo is scant, but such breaches can reveal where a security product's controls are located and how detections are designed, giving attackers a leg up.DARKREADING.COM
5 May KEVPatch in 3 Days or BreakCISA is reportedly considering reducing remediation timelines for Known Exploited Vulnerabilities (KEV) from weeks down to just three days. Shorter deadlines reduce exposure to active threats—but dramatically increase operational pressure. Security teams may support the change, b…YOUTUBE.COM
5 MaySN 1077: A Browser AI API? - End of Bug Bounties?Google is sneaking a massive 4.7GB AI model into Chrome, and Mozilla is fighting back as the future of browsers threatens to turn into an AI arms race. Find out what's really happening behind this push and why it's setting off alarm bells across the web. Hackers AI-code a portal,…TWIT.TV
4 MaySpotting third-party cyber risk before attackers doIn this Help Net Security video, Jeffrey Wheatman, SVP and Cyber Strategist at Black Kite, discusses how organizations can identify and manage third-party cyber exposures before attackers exploit them. He argues that businesses should move beyond a data-loss mindset toward one ce…HELPNETSECURITY.COM
4 MayWhat researchers learned about building an LLM security workflowSecurity operations centers are running into the same wall everywhere. Detection tools generate more alerts than analysts can work through, and the early stages of any investigation involve pulling together logs from several sources to decide whether something is worth escalating…HELPNETSECURITY.COM
4 MayReborn Gaming - 126 breached accountsIn April 2026, the gaming community Reborn Gaming suffered a data breach due to a vulnerability in cPanel and WebHost Manager (WHM) . The breach exposed 126 unique email addresses along with IP addresses and Steam IDs. Reborn Gaming self-submitted the data to Have I Been Pwned.HAVEIBEENPWNED.COM
4 MayPipelock: Open-source AI agent firewallAI coding agents run with shell access, environment variables containing API keys, and unrestricted internet connectivity, creating a single point of failure where one compromised tool call can leak credentials to an attacker-controlled domain. Pipelock, an open-source security h…HELPNETSECURITY.COM
4 MayTrellix Source Code Breach Exposes Repository to Unauthorized AccessLeading cybersecurity firm Trellix has announced a security incident involving unauthorized access to a portion of its source code repository. The breach highlights a growing trend of threat actors targeting top-tier security vendors to uncover potential software vulnerabilities.…GBHACKERS.COM
4 MayTop 10 AI Pentest ToolsTop 10 AI Pentest Tools AI pentest tools are gaining popularity in offensive security workflows. These tools accelerate reconnaissance and automate workflows, but at the same time, enable less skilled actors to execute complex attacks. Now, security teams are forced to confront a…SOCRADAR.IO
4 MayAI-Powered Threat Actors Accelerate 0-Day Discovery at Machine SpeedThreat actors are already using AI models as autonomous operators to discover and exploit 0‑days in minutes, thereby collapsing the time and cost required to run complex intrusion campaigns. This shift, first clearly visible in late 2025 operations, is forcing defenders to rethin…GBHACKERS.COM
4 MayMOVEit Authentication Bypass Vulnerability Sparks Security ConcernsProgress Software has issued a critical security alert for its MOVEit Automation software. Two severe vulnerabilities have been discovered that could allow attackers to bypass authentication and escalate their privileges. Because of the critical nature of these flaws, administrat…GBHACKERS.COM
4 May KEVCISA Alert Highlights Active Exploitation of cPanel & WHM Security BugThe US Cybersecurity and Infrastructure Security Agency (CISA) has raised the alarm over a critical security vulnerability affecting WebPros cPanel & WebHost Manager (WHM) and WP2 (WordPress Squared). On April 30, 2026, CISA officially added this flaw to its Known Exploited V…GBHACKERS.COM
4 MayNew Apache MINA Vulnerabilities Open Door to Remote Code Execution AttacksThe Apache MINA project has issued urgent security updates to address two severe vulnerabilities. These security flaws could allow malicious actors to execute unauthorized code remotely. The development team has successfully patched these issues in the newly released Apache MINA …GBHACKERS.COM
4 MayThe fake IT worker problem CISOs can’t ignoreHiring fake IT workers has been a growing problem in recent years — but it’s often a problem very few want to admit to. From Fortune 500 companies down to smaller organizations, remote hiring practices have been exploited to grant trusted access to individuals who are not who the…CSOONLINE.COM
4 MayHow CISOs should utilize data security posture management to inform riskEvery CISO eventually faces the same tension: You know your security program needs to mature, but the budget and headcount to do it all aren’t there. That tension is especially sharp when it comes to data security posture management (DSPM) . Not every organization can afford, or …CSOONLINE.COM
4 MayPost Quantum Migration Struggles, AI Threats, and Modern Defenses - ESW #457Interview with Daniel dos Santos: Post-Quantum Cryptography and the Risks No One Is Talking About Post-quantum cryptography (PQC) is quickly shifting from theory to inevitability. In this segment, Daniel dos Santos, VP of Research at Forescout, explains why PQC isn’t the most imm…YOUTUBE.COM
4 MayClaude Security enters public beta with Opus 4.7 vulnerability scanning and patchingClaude Security, previously called Claude Code Security, is in public beta for Claude Enterprise customers. Available in Claude.ai, the capability scans codebases for security vulnerabilities and suggests targeted patches for review, helping teams identify and fix issues that mig…HELPNETSECURITY.COM
4 MayCritical cPanel Vulnerability Weaponized to Target Government and MSP NetworksA previously unknown threat actor has been observed targeting government and military entities in Southeast Asia, alongside a smaller cluster of managed service providers (MSPs) and hosting providers in the Philippines, Laos, Canada, South Africa, and the U.S., by exploiting the …THEHACKERNEWS.COM
4 May276 Arrested as Authorities Dismantle Crypto Scam Centers Targeting AmericansIn an unprecedented international law enforcement operation, authorities have dismantled at least nine overseas cryptocurrency scam centers, resulting in the arrest of 276 individuals. The coordinated effort, led by the FBI, Dubai Police, and the Chinese Ministry of Public Securi…GBHACKERS.COM
4 MayAI speeds flaw discovery, forcing rapid updates, UK NCSC warnsThe UK cyber agency NCSC warns AI is speeding up vulnerability discovery, likely causing a “patch wave” of urgent software updates to fix exposed flaws. The UK’s National Cyber Security Centre (NCSC) warns that AI is rapidly accelerating the discovery of software vulnerabilities,…SECURITYAFFAIRS.COM
4 MayDigiCert suffers breach, stolen certificates used to sign malwareDigiCert has disclosed a security incident in which attackers compromised internal support systems and abused stolen certificate issuance data to obtain valid EV code signing certificates. Some of the certificates were subsequently used to sign malware tied to the Zhong Stealer f…CYBERINSIDER.COM
4 MayStronger Cybersecurity, Stronger Business: NIST Celebrates 2026 National Small Business WeekHappy National Small Business Week! For over 60 years, the U.S. Small Business Administration has led this initiative to acknowledge the critical contributions of America’s entrepreneurs and small business owners. Part of the U.S. Department of Commerce, NIST’s mission is to driv…NIST.GOV
4 MayMalicious TanStack Package Abuses Postinstall Script to Steal Developer SecretsA malicious npm package named “tanstack” has been discovered deploying a stealthy data exfiltration campaign, targeting developers through a deceptive naming strategy and a hidden postinstall script. The package, impersonating the well-known TanStack ecosystem, was weaponized to …GBHACKERS.COM
4 MaySecurity agencies draw red lines around agentic AI deploymentsWith prompt injection and other attack pathways consistently surfacing across agentic AI deployments, security watchdogs have stepped in, collectively, to draw some hard boundaries. A joint advisory from the US Cybersecurity and Infrastructure Security Agency (CISA) and internati…CSOONLINE.COM
4 MayCisco Launches AI Provenance Tool to Strengthen Security and ComplianceArtificial intelligence models are integrated into countless enterprise applications, but knowing exactly where these models come from remains a major security hurdle. Cisco recently launched the Model Provenance Kit, an open-source tool for tracing the exact lineage of AI models…GBHACKERS.COM
4 MaySecurity for AI: A strategic framework for closing the AI exposure gapAs AI adoption accelerates, CISOs face a dual challenge: fueling innovation while mitigating the risks of a rapidly expanding attack surface. Tenable’s five-step framework for securing AI offers a systematic approach to reducing AI security risks as your organization races to ach…TENABLE.COM
4 May4th May – Threat Intelligence ReportFor the latest discoveries in cyber research for the week of 4th May, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Medtronic, a global medical device maker, has disclosed a cyberattack on its corporate IT systems. An unauthorized party accessed data,…RESEARCH.CHECKPOINT.COM
4 MayQ-Day Might Come SoonerIndustry timelines for quantum risk are tightening, with some projections pointing to 2029 for a cryptographically relevant quantum computer. If Q-Day arrives sooner than expected, organizations that delayed planning could be forced into rushed migrations under pressure. Advances…YOUTUBE.COM
4 MayOwl IRD enables one-way forensic data transfer for incident response teamsOwl Cyber Defense has announced the launch of its Incident Response Diode (IRD), a pocket-sized protocol filtering diode (PFD) designed for incident response and forensics teams. The Owl IRD was developed to help users securely move evidence from compromised endpoints into truste…HELPNETSECURITY.COM
4 May KEVTwo cybersecurity pros get prison time for helping ransomware gangTwo American cybersecurity professionals were sentenced to four years in prison for facilitating BlackCat ransomware attacks in 2023. They pleaded guilty in December 2025 to one count of conspiracy to obstruct, delay, or affect commerce, or the movement of any article or commodit…HELPNETSECURITY.COM
4 May⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & MoreThis week, the shadows moved faster than the patches. While most teams were still triaging last month’s alerts, attackers had already turned control panels into kill switches, kernels into open doors, and open-source pipelines into silent delivery systems. The game has shifted fr…THEHACKERNEWS.COM
4 MayProgress Software urges customers to patch critical MOVEit flaw.Educational tech firm Instructure confirms breach. Sorry ransomware gang exploits recently disclosed cPanel vulnerability.THECYBERWIRE.COM
4 MayCritical vulnerability in cPanel leads to widespread exploitationResearchers warn that threat activity continues to surge, including brute force attacks and ransomware.CYBERSECURITYDIVE.COM
4 MayA Vulnerability in WHM cPanel and WP Squared Could Allow for Remote Code ExecutionA vulnerability has been discovered in WHM, cPanel, and WP Squared that could allow for remote code execution. WHM, cPanel, and WP Squared are Linux-based web hosting control panels for server and website management. While WHM provides server-level control, cPanel provides admini…CISECURITY.ORG
4 MayPhishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM ToolsAn active phishing campaign has been observed targeting multiple vectors since at least April 2025, with legitimate Remote Monitoring and Management (RMM) software as a way to establish persistent remote access to compromised hosts. The activity, codenamed VENOMOUS#HELPER, has im…THEHACKERNEWS.COM
4 MayHackers are still exploiting the cPanel bug to gain control of thousands of websitesDays after the disclosure of a critical vulnerability in popular web hosting software cPanel and WHM, hackers keep targeting and hacking websites.TECHCRUNCH.COM
4 MaySecurity without a login screen.Progress Software urges customers to patch a critical MOVEit authentication bypass. Washington worries about limited access to advanced AI tools. Paid influencers promote pro-American AI. CISA warns Copy Fail is under active exploitation. The Canvas educational platform suffers a…THECYBERWIRE.COM
4 MayExploit Cyber-Frenzy Threatens Millions via Critical cPanel VulnerabilityShortly after the authentication-bypass flaw was disclosed multiple proof-of-concept exploits appeared, and one researcher claims there's been zero-day activity for at least a month.DARKREADING.COM
4 May KEV‘Copy Fail’ is a real Linux security crisis wrapped in AI slopThe actively exploited defect could affect every mainstream Linux distribution built since 2017, but some researchers found Theori’s AI-generated disclosure unhelpful and lacking. The post ‘Copy Fail’ is a real Linux security crisis wrapped in AI slop appeared first o…CYBERSCOOP.COM
4 MayFrom Foundation to Force: Your Guide to Operationalizing Wiz at ScaleFollowing your foundation, operationalize Wiz across development, detection and response, and program maturity so your security program never stops getting stronger.WIZ.IO
3 MayWeek in review: High-severity LPE vulnerability in the Linux kernel, cPanel 0-day exploited for monthsHere’s an overview of some of last week’s most interesting news, articles, interviews and videos: The AI criminal mastermind is already hiring on gig platforms Labor-hire platforms let anyone with a credit card post a task and pay a stranger to complete it. The RentAHuman platfor…HELPNETSECURITY.COM
3 MayGoogle Revamps Bug Bounty Programs: Android Rewards Rise, Chrome Payouts Drop in the Age of AIGoogle revamps bug bounties: Android rewards rise to $1.5M, Chrome payouts drop, shifting focus to high-impact, AI-resistant vulnerabilities. Google has announced a major overhaul of its Vulnerability Reward Programs (VRP) for Android and Chrome, marking a strategic shift in how …SECURITYAFFAIRS.COM
2 MayConnected Cars Are Rolling Spy Networks — And They Can Be HackedConnected cars are no longer just vehicles — they are rolling networks of sensors, cameras, microphones, and constant data transmission. In this Cybersecurity Today Weekend Edition, David Shipley is joined by former CSIS intelligence officer Neil Bisson and cybersecurity expert F…CYBERSECURITYTODAY.LIBSYN.COM
2 MayDouble-edged threat.Today we are joined by ⁠Justin Albrecht⁠, Principal Researcher at ⁠Lookout⁠, discussing "Attackers Wielding DarkSword Threaten iOS Users." DarkSword is a highly sophisticated iOS exploit chain discovered by Lookout that targets iPhones (iOS 18.4–18.6.2), enabling near zero-click …THECYBERWIRE.COM
2 MayOpenAI and Anthropic brief Congress on cyber-capable AI models."Copy Fail" flaw leads to privilege escalation on Linux. FISA Section 702 gets another stopgap extension.THECYBERWIRE.COM
2 MayTrellix Confirms Source Code Breach With Unauthorized Repository AccessCybersecurity company Trellix has announced that it suffered a breach that enabled unauthorized access to a "portion" of its source code. It said it "recently identified" the compromise of its source code repository and that it began working with "leading forensic experts" to res…THEHACKERNEWS.COM
2 MayZenBusiness - 5,118,184 breached accountsIn March 2026, the hacker and extortion group "ShinyHunters" claimed to have obtained a substantial corpus of data from ZenBusiness , a business formation and compliance platform. The group claimed the data had been exfiltrated from platforms including Snowflake, Mixpanel and Sal…HAVEIBEENPWNED.COM
2 MayTrellix discloses the breach of a code repositoryTrellix disclosed a security breach affecting part of its source code repository, however, the company says there’s no sign of code misuse. Trellix revealed a breach that allowed unauthorized access to part of its source code repository. The company said it quickly launched an in…SECURITYAFFAIRS.COM
1 MaySnake Oilers: Ent AI, Spacewalk and MondooIn this edition of the Snake Oilers podcast three vendors stop by to pitch the audience on their products: Ent AI: Co-founder Brandon Dixon pitched Ent, an intent-aware, AI-powered endpoint security control. Spacewalk AI: Founders Chris Fuller and Tim Wenzlau pitch Spacewalk, an …RISKY.BIZ
1 MayNew infosec products of the month: April 2026Here’s a look at the most interesting products from the past month, featuring releases from Advenica, Aptori, Axonius, Broadcom, GlobalSign, Intruder, IP Fabric, Mallory, Secureframe, Siemens, Sitehop, and Virtue AI. Mallory brings contextual threat intelligence to security opera…HELPNETSECURITY.COM
1 MayFake CAPTCHA Scam Uses SMS Pumping to Inflate Phone BillsA newly uncovered cyber fraud campaign is abusing fake CAPTCHA pages to trick mobile users into sending large volumes of international SMS messages, resulting in unexpected phone bills and illicit profits for attackers. Unlike traditional malware campaigns, this operation does no…GBHACKERS.COM
1 MayAman - 215,563 breached accountsIn April 2026, the ultra-luxury hotel brand Aman was named by ShinyHunters as the target of a "pay or leak" extortion campaign , with the data allegedly obtained from their Salesforce CRM. The data was subsequently leaked publicly and contained over 200k unique email addresses. W…HAVEIBEENPWNED.COM
1 MayAI traffic is getting bigger, louder, and less predictableAI workflows need storage that supports repeated movement across the model lifecycle. Large datasets are ingested, transformed, exported for training, pulled back for evaluation, and refreshed as models evolve. Backblaze’s Q1 2026 Network Stats report says this creates a shift fr…HELPNETSECURITY.COM
1 MayClaude Security Enters Public Beta for Enterprise CustomersAnthropic has officially launched the public beta of Claude Security, an advanced vulnerability detection and remediation tool now available to Claude Enterprise customers. Powered by the highly capable Claude Opus 4.7 model, this platform shifts application security testing from…GBHACKERS.COM
1 MayOpen-source privacy proxy masks PII before prompts reach external AI servicesEnterprise developers routinely send prompts to external large language models that contain customer emails, support transcripts, and other identifying information, often without a sanitization layer between the application and the API. Dataiku has released Kiji Privacy Proxy, an…HELPNETSECURITY.COM
1 MayShadow AI risks deepen as 31% of users get no employer trainingBetween one-fifth and one-third of workers use AI outside the influence and governance of the IT function, according to a global survey of 6,000 full-time employees at enterprise organizations. Researchers found a widening gap between employee AI adoption and the controls organiz…HELPNETSECURITY.COM
1 MayChina-Aligned Hackers Deploy ShadowPad in Multi-Stage Espionage CampaignChina-aligned threat actors tracked as SHADOW-EARTH-053 are exploiting old but unpatched Microsoft Exchange and IIS vulnerabilities to run a stealthy, multi-stage espionage campaign across Asian governments, critical infrastructure, and one NATO member state. The group primarily …GBHACKERS.COM
1 MayMultiple Wireshark Vulnerabilities Allow Arbitrary Code Execution via Malformed PacketsThe Wireshark Foundation has released version 4.6.5 of its widely used network protocol analyzer, addressing a massive wave of security vulnerabilities. This urgent update patches over 40 distinct security flaws, driven by a recent surge in AI-assisted vulnerability reports. The …GBHACKERS.COM
1 MayAI-Powered Ransomware Surge Hits 7,831 Victims WorldwideRansomware attacks surged dramatically in 2025, with global victims reaching 7,831. The sharp rise highlights how cybercrime has evolved into a highly organized, AI-driven ecosystem in which attackers operate at speed, with automation and scale. This surge is largely fueled by th…GBHACKERS.COM
1 MayDDoS Malware Targets Jenkins to Hit Valve Game ServersA new DDoS botnet that abuses exposed Jenkins servers to launch powerful attacks against Valve Source Engine game infrastructure, including servers hosting titles like Counter‑Strike and Team Fortress 2. The campaign shows how a single misconfigured CI server can be turned into a…GBHACKERS.COM
1 MayPoisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential TheftA new software supply chain attack campaign has been observed using sleeper packages as a conduit to subsequently push malicious payloads that enabled credential theft, GitHub Actions tampering, and SSH persistence. The activity has been attributed to the GitHub account "BufferZo…THEHACKERNEWS.COM
1 MayJust 34% of cyber pros plan to stick with their current employerDeclining job satisfaction means that only one in three (34%) cybersecurity professionals plan to stay with their current employer, increasing the pressure on CISOs’ talent retention strategies. And according to a survey of 500 cybersecurity professionals by IANS and Artico Searc…CSOONLINE.COM
1 MayManaging OT risk at scale: Why OT cyber decisions are leadership decisionsThe first time I approached an OT environment, I assumed that the strategies effective in IT cybersecurity would be equally applicable. I was wrong. The experience revealed a fundamental difference, highlighting the need for a distinct approach to OT cyber risk management. The mi…CSOONLINE.COM
1 MayHuman-centric failures: Why BEC continues to work despite MFABusiness email compromise (BEC) is still thriving even in organizations that have implemented multi-factor authentication (MFA). As security professionals, we often assume that MFA is the silver bullet for email security, but real-world incidents suggest otherwise. Attackers expl…CSOONLINE.COM
1 May KEVActively exploited cPanel bug exposes millions of websites to takeoverA vulnerability in the cPanel/WHM admin interface lets attackers access websites without a username and password.MALWAREBYTES.COM
1 MayNine-Year-Old Zero-Day Flaw in Linux Kernel Discovered by AI-Equipped Security ResearcherA researcher from offensive security firm Theori has found a nine-year-old flaw in the Linux kernel with the help of AIINFOSECURITY-MAGAZINE.COM
1 MayAnthropic launches Claude Security to counter rapid AI-Powered exploitsAnthropic launched Claude Security to counter faster AI-driven cyberattacks, as tools like Mythos enable near-instant exploitation by threat actors. Anthropic introduced Claude Security to help defenders keep up with a surge in AI-powered cyberattacks. As models like Mythos drast…SECURITYAFFAIRS.COM
1 MayUtah becomes first US state to require age verification for VPN useUtah is set to implement a first-of-its-kind law targeting VPN use to enforce online age verification, raising concerns about privacy, free speech, and technical feasibility. The measure, which takes effect on May 6, 2026, shifts liability onto websites and restricts how they can…CYBERINSIDER.COM
1 MayMozilla warns Chrome’s Prompt API threatens web neutralityMozilla has reiterated strong opposition to Google’s proposed Prompt API for Chrome, warning that it could fragment the web, lock developers into model-specific behavior, and introduce problematic policy enforcement at the browser level. The Prompt API aims to provide web develop…CYBERINSIDER.COM
1 MayAnthropic Rolls Out Claude Security for AI Vulnerability ScanningClaude Security enters public beta, giving enterprises AI driven code scanning with no API integration or custom agents requiredINFOSECURITY-MAGAZINE.COM
1 MayVulnerability remediation: Match CVEs to asset owners in seconds with Tenable Hexa AIDetecting a vulnerability is easy. Finding the person responsible for fixing it is where remediation programs often break down. See how Tenable Hexa AI uses MCP to connect your exposure data to your identity provider — automating the hunt for asset owners in seconds. Key takeaway…TENABLE.COM
1 MayBritish cyber agency warns of looming ‘patch wave’ as AI speeds flaw discoveryBritain’s cyber agency warned that organizations should prepare for a surge of urgent software updates as artificial intelligence accelerates the discovery of security flaws, raising the risk of widespread exploitation.THERECORD.MEDIA
1 MayChina-Linked Hackers Target Asian Governments, NATO State, Journalists, and ActivistsCybersecurity researchers have disclosed details of a new China-aligned espionage campaign targeting government and defense sectors across South, East, and Southeast Asia, along with one European government belonging to NATO. Trend Micro has attributed the activity to a threat ac…THEHACKERNEWS.COM
1 MayA Medicare database leaked Social Security numbers.FISA Section 702 gets another stopgap extension. "Mini Shai Hulud" campaign spreads through the open-source supply chain.THECYBERWIRE.COM
1 MayTCP Packet Walks Into a BarHacker culture often uses humor rooted in programming, networking, and system behavior—like TCP reliability, source code access, and deployment frustrations. These jokes aren’t just comedy; they reflect shared experiences in software and infrastructure work. Concepts like packet …YOUTUBE.COM
1 MayYour KnowBe4 Fresh Content Updates from April 2026John N Just, Ed.D. - Chief Learning Officer What's New: Celebrating World Password Day and Beyond Happy May! This month, we are putting a major spotlight on World Password Day (May 7) . While the "traditional" password might be evolving into passkeys and biometrics, the human ele…KNOWBE4.COM
1 MayThink before you deploy the agent.Five Eyes agencies issue agentic AI guidance. A federal database leaks Social Security numbers. A stealthy worm poisons open source packages. OT firms are sidelined from frontier cyber models. The FBI warns of a surge in cyber-enabled cargo theft. Officials flag likely election i…THECYBERWIRE.COM
1 MayHidden Risk QR Code PhishingQR code phishing attacks more than doubled in early 2026, making them one of the fastest-growing email-based attack vectors. Attackers exploit a simple trust gap: users are trained to inspect links, but QR codes hide the destination entirely. This removes visibility and makes tra…YOUTUBE.COM
1 MayAI agents can bypass guardrails and put credentials at risk, Okta study findsAn AI agent that revealed sensitive data without being asked. An agent that overruled its own guardrails. Another that sent credentials to an attacker via Telegram, because it forgot it wasn’t supposed to do so after a reset. It’s no secret that AI agents have huge potential, bal…CSOONLINE.COM
1 MayEssential Data Sources for Detection Beyond the EndpointUnit 42 highlights the need for a comprehensive security strategy that spans every IT zone. Explore the full details here. The post Essential Data Sources for Detection Beyond the Endpoint appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
30 AprAmazon Layoffs Hit Thousands Across Multiple States as Fresh Stores CloseAmazon layoffs are hitting workers across several states as Fresh closures, AI investments, and post-pandemic restructuring reshape its workforce. The post Amazon Layoffs Hit Thousands Across Multiple States as Fresh Stores Close appeared first on TechRepublic .TECHREPUBLIC.COM
30 AprMicrosoft Confirms Windows Flaw Is Being Exploited After Incomplete PatchMicrosoft confirmed a Windows zero-click flaw tied to an incomplete patch is being exploited, putting credentials at risk for unpatched users. The post Microsoft Confirms Windows Flaw Is Being Exploited After Incomplete Patch appeared first on TechRepublic .TECHREPUBLIC.COM
30 AprResearchers unearth industrial sabotage malware that predated Stuxnet by 5 yearsDesigned to cripple Iran’s nuclear enrichment program, the 2010 Stuxnet worm set a cybersecurity precedent as the first time a nation escalated its activities from strategic espionage to sabotage in cyberspace. Now, a new discovery suggests such operations were in full swing year…CSOONLINE.COM
30 AprSonicWall SonicOS Flaw Lets Attackers Bypass Access Controls and Crash FirewallsSonicWall has released a security advisory detailing three new vulnerabilities affecting its SonicOS software. Disclosed on April 29, 2026, under advisory ID SNWLID-2026-0004, these security flaws open the door for attackers to bypass access controls, manipulate restricted files,…GBHACKERS.COM
30 AprA game of loans.This week, while Maria is on vacation, ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ and ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ are joined by ⁠⁠Michele Kellerman⁠⁠ as they discuss the latest in social eng…THECYBERWIRE.COM
30 AprGoogle Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code ExecutionGoogle has addressed a maximum severity security flaw in Gemini CLI -- the "@google/gemini-cli" npm package and the "google-github-actions/run-gemini-cli" GitHub Actions workflow -- that could have allowed attackers to execute arbitrary commands on host systems. "The vulnerabilit…THEHACKERNEWS.COM
30 Apr KEVQinglong Task Scheduler RCE Flaws Exploited in the WildHackers are actively exploiting two severe authentication bypass vulnerabilities in Qinglong, a popular open-source task scheduling platform. These flaws allow attackers to execute arbitrary code and deploy resource-draining cryptomining malware on vulnerable servers. Qinglong is…GBHACKERS.COM
30 AprJenkins Plugin Updates Fix Path Traversal and Stored XSS BugsThe Jenkins project released a critical security advisory addressing seven vulnerabilities across multiple widely used plugins. The disclosed flaws include high-severity path traversal and stored cross-site scripting (XSS) vulnerabilities that could allow threat actors to execute…GBHACKERS.COM
30 AprSAP npm package attack highlights risks in developer tools and CI/CD pipelinesA supply chain attack on SAP-related npm packages has put fresh scrutiny on the developer tools and build workflows that enterprises rely on to produce software. The campaign, referred to as “mini Shai-Hulud,” affected packages used in SAP’s JavaScript and cloud application devel…CSOONLINE.COM
30 AprStopping the quiet drift toward excessive agency with re-permissioningIn their infancy, LLM models were not difficult to contain. You gave a prompt; they responded, and if something was wrong it was usually “just text.” This could take the form of a summary that missed the best bits, a tone-deaf line or a wordy sentence. But then, agents were co-op…CSOONLINE.COM
30 AprODNI to CISOs on threat assessments: You’re on your ownEvery year, CISOs, CSOs, and chief risk officers pore over the Office of the Director of National Intelligence (ODNI)’s Annual Threat Assessment (ATA) for insights on emerging threats they may soon face. This year, however, structural changes to the report itself underscore a fou…CSOONLINE.COM
30 AprMax-severity RCE flaw found in Google Gemini CLISecurity researchers are warning about a max severity vulnerability in Google Gemini CLI that could allow remote code execution (RCE) in environments where the tool processes untrusted inputs. The issue was disclosed by Novee Security researchers and affects the @google/gemini-cl…CSOONLINE.COM
30 AprNew Python Backdoor Uses Tunneling Service to Steal Browser and Cloud CredentialsCybersecurity researchers have disclosed details of a stealthy Python-based backdoor framework called DEEP#DOOR that comes with capabilities to establish persistent access and harvest a wide range of sensitive information from compromised hosts. "The intrusion chain begins with e…THEHACKERNEWS.COM
30 AprDismantle implicit trust in OT networks, CISA tells critical infrastructure operatorsThe US Cybersecurity and Infrastructure Security Agency (CISA) has asked owners and operators of operational technology to stop assuming their networks are safe, and has released joint guidance to adapt zero trust principles for industrial systems that support US power, water, tr…CSOONLINE.COM
30 AprCisco releases open-source toolkit for verifying AI model lineageEnterprises pulling models from Hugging Face and other open repositories rarely keep records of how those models are altered after download, leaving organizations with little ability to confirm what they are running in production. The State of AI Security 2026 from Cisco places t…HELPNETSECURITY.COM
30 AprMet Police face criticism for using AI to spy on their own officersLondon police officers have been warned by the Metropolitan Police Federation to watch their backs after the force deployed controversial AI software to investigate misconduct. The staff association, representing more than 30,000 officers in London, reported it had not been infor…HELPNETSECURITY.COM
30 AprHackers arrested for stealing and reselling 600,000 Roblox accountsUkrainian police detained three suspects accused of hacking into Roblox accounts and reselling the data on Russian websites, with payments made in cryptocurrency. Police raid (Source: The Prosecutor General’s Office of Ukraine) “Prosecutors of the Lviv region, togethe…HELPNETSECURITY.COM
30 AprAI Is Scaling Cyber AttacksA recent report details how attackers are using AI tools to automate reconnaissance, target selection, and vulnerability discovery during cyber attacks. This significantly lowers the cost and effort required to launch attacks while increasing their scale and effectiveness. As a r…YOUTUBE.COM
30 AprArbitrary code execution and Claude Code CLI: How Claude executed code before you click 'trust'submitted by codeinabox to security 2 points | 0 comments https://www.sonarsource.com/blog/claude-arbitrary-code-executionPROGRAMMING.DEV
30 Apr"Copy Fail" flaw leads to privilege escalation on Linux.US House votes to extend FISA Section 702, though Senate passage is unlikely. OpenSSH flaw can lead to root shell access.THECYBERWIRE.COM
30 AprAgent’s claims on WhatsApp access spark security concernsA US agent claimed WhatsApp encryption is fake and Meta can access messages; the probe was abruptly shut, raising security concerns. A US agent claimed WhatsApp encryption is fake, alleging Meta accesses all unencrypted messages, but Commerce Department abruptly shut the probe, l…SECURITYAFFAIRS.COM
30 AprHackers are actively exploiting a bug in cPanel, used by millions of websitesWeb hosts are scrambling to fix the bug under active attack by hackers. One company said hackers have been abusing the bug for months.TECHCRUNCH.COM
30 AprBridging the gap: How to integrate Claude Security into the Tenable One Exposure Management PlatformBridge the gap between AI-driven vulnerability discovery and prioritized remediation. Learn how to integrate Claude Security’s deep-logic analysis into Tenable One to unify your attack surface, eliminate noise, and focus on the risks that matter most. Key takeaways As frontier AI…TENABLE.COM
30 AprAnother AI-Assisted Software Scan Yields 9-Year-Old Linux BugThe proof-of-concept exploit code runs only 10 lines long, but luckily, a patch is already available.DARKREADING.COM
30 AprFIRESTARTER - PSW #924This week in the security news: - Are you a FIRESTARTER? - Eavesdropping via fiber-optic cables - Copy Fail - more Linux LPE - Github RCE - Running Linux on a PS5 - BadUSB tricks - SilentGlass and HDMI threats - Sonicwall and vague details - Universities are for porn? - The Bansh…YOUTUBE.COM
30 AprWhen Trusted Sites Turn MaliciousAttackers have long exploited trusted domains—like university websites—by injecting malicious code that redirects traffic or hosts spam content, leveraging the site’s reputation to boost visibility. This “reputation theft” not only helps attackers rank higher in search results, b…YOUTUBE.COM
30 AprThat AI Extension Helping You Write Emails? It’s Reading Them FirstUnit 42 uncovers high-risk AI browser extensions. Disguised as productivity tools, they steal data, intercept prompts, and exfiltrate passwords. Protect your browser. The post That AI Extension Helping You Write Emails? It’s Reading Them First appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
30 AprBank regulator sounds warning over cybersecurity threat posed by AI modelsFrontier AI models inspired by Anthropic’s Claude Mythos could arm attackers with advanced capabilities that the banking sector is ill equipped to cope with, Australia’s financial regulator, the Australian Prudential Regulation Authority (APRA), has warned. In a letter addressed …CSOONLINE.COM
29 AprCI/CD pipeline abuse: the problem no one is watchingHow we built an open-source, drop-in CI template that uses signal extraction and LLM reasoning to catch CI/CD abuse in GitHub Actions, GitLab CI, and Azure DevOps pipelines.ELASTIC.CO
29 AprMore fake extensions linked to GlassWorm found in Open VSX code marketplaceThe threat actor seeding the Open VSX code marketplace with fraudulent extensions that download the GlassWorm malware has uploaded 73 more impersonated links, as its attempt to infect software supply chains continues. Philipp Burckhardt , head of threat intelligence at Socket, wh…CSOONLINE.COM
29 AprProduct showcase: SimpleX Chat removes user identifiers from messagingSimpleX Chat is a free, private, open-source messenger that uses encryption and does not require user identifiers. It is available on mobile and desktop platforms, including iOS, Android, Windows, macOS, and Linux. After downloading the app, the user creates a profile by entering…HELPNETSECURITY.COM
29 AprMassive Python Supply Chain Hack, $2.1B Scam Losses, North Korea Targets Crypto ExecsA major open source Python tool was hijacked in a supply chain attack, exposing developer credentials, cloud secrets, and crypto wallets. Meanwhile, the FTC says Americans lost more than $2.1 billion to scams that began on social media, with Facebook leading reported losses. Cybe…CYBERSECURITYTODAY.LIBSYN.COM
29 AprcPanel Releases Emergency Patch for Critical Authentication FlawWeb hosting administrators must take immediate action, as cPanel has rolled out an emergency security update to address a critical vulnerability. Disclosed on April 28, 2026, this flaw impacts various authentication paths within the cPanel and WebHost Manager (WHM) ecosystem. Con…GBHACKERS.COM
29 AprRisky Business #835 -- Why the Fast16 malware is badassOn this week’s show, Patrick Gray and James Wilson are joined by special guest-host Dmitri Alperovitch. They discuss the week’s cybersecurity news, including: The US government is mad as hell about Chinese firms stealing American AI technology Dmitri has an opinion or two about t…RISKY.BIZ
29 AprVimeo Confirms Data Breach After Hackers Access User DatabaseVimeo has officially confirmed a data breach affecting its user database. The security incident did not originate with Vimeo, but rather with Anodot, a third-party analytics vendor used by the video hosting platform. This event highlights the ongoing risks associated with softwar…GBHACKERS.COM
29 AprShinyHunters exploit Anodot incident to target VimeoThe video platform Vimeo confirmed a security breach via Anodot that exposed metadata, video titles, and some user emails. Vimeo said some user data was accessed after a breach at Anodot. Anodot is a company that provides AI-driven data analytics and anomaly detection tools. Most…SECURITYAFFAIRS.COM
29 AprVirtue AI PolicyGuard turns AI policies into enforceable runtime guardrailsVirtue AI has announced PolicyGuard, a system that enables enterprises to define, edit, and enforce custom AI runtime protection guardrails across models, agents, and applications. Most organizations have “AI acceptable use policies.” When they need to enforce those p…HELPNETSECURITY.COM
29 AprSLOTAGENT Malware Hides API Calls and Strings to Thwart AnalysisA previously unknown remote access trojan (RAT), dubbed SLOTAGENT, after analyzing a suspicious ZIP archive uploaded from Japan to a public malware repository in early 2026. The malware demonstrates advanced evasion techniques and flexible post-exploitation capabilities, making i…GBHACKERS.COM
29 AprDigitalOcean AI-Native Cloud unifies infrastructure, inference, and agents for production AIDigitalOcean has introduced the AI-Native Cloud, an end-to-end platform built for the inference and agentic era. Spanning infrastructure, core cloud, inference, data, and managed agents, it already supports production workloads at Higgsfield AI, Hippocratic AI, ISMG, Bright Data,…HELPNETSECURITY.COM
29 AprClaude Mythos Has Found 271 Zero-Days in FirefoxThat’s a lot . No, it’s an extraordinary number: Since February, the Firefox team has been working around the clock using frontier AI models to find and fix latent security vulnerabilities in the browser. We wrote previously about our collaboration with Anthropic to s…SCHNEIER.COM
29 AprCritical cPanel Authentication Vulnerability Identified — Update Your Server ImmediatelycPanel has released security updates to address a security issue impacting various authentication paths that could allow an attacker to obtain access to the control panel software. The problem affects all currently supported versions, according to an alert released by cPanel on T…THEHACKERNEWS.COM
29 AprAWS leans on prior ingenuity to face future AI and quantum threatsAs Amazon celebrates the 20th anniversary of its AWS cloud this year, the world’s biggest cloud computing provider now faces two giant cybersecurity threats — AI and quantum. How the company will navigate these emerging issues to ensure the security and resilience of systems used…CSOONLINE.COM
29 AprThe Next Frontier: Autonomous Security and RSAC Interviews from Quantro & SandboxAQ - BSW #445Attackers are increasingly weaponizing frontier models to accelerate the entire attack lifecycle, with current and emerging models reducing the time and expertise needed to start disruptive attacks. As offensive capabilities become more automated and agentic, organizations will n…YOUTUBE.COM
29 AprCursor AI Coding Agent Vulnerability Lets Attackers Run Code on Developers’ MachinesA newly disclosed high-severity vulnerability in the Cursor AI-powered coding environment could allow attackers to execute arbitrary code on a developer’s machine, raising fresh concerns about the security of AI-assisted development workflows. The vulnerability was officially pub…GBHACKERS.COM
29 AprU.S. Charges Suspected Scattered Spider Member Over Cyber IntrusionsFederal authorities have charged 19-year-old Peter Stokes, known online as “Bouquet,” for his alleged role in the notorious cybercriminal group Scattered Spider. Law enforcement arrested the dual U.S. and Estonian citizen earlier this month in Helsinki as he attempted…GBHACKERS.COM
29 AprExtending Ruzzy with LibAFLLibAFL is all the rage in the fuzzing community these days, especially with LLVM’s libFuzzer being placed in maintenance mode . Written in Rust, LibAFL claims improved performance, modularity, state-of-the-art fuzzing techniques, and libFuzzer compatibility . For these reasons, I…TRAILOFBITS.COM
29 AprCursor AI Extension Flaw Exposes Developer Tokens to Credential TheftSecurity researchers at LayerX have uncovered a high-severity vulnerability in the popular AI-powered development environment, Cursor. Dubbed “CursorJacking,” this flaw carries a CVSS score of 8.2 and exposes developers to immediate credential theft. Any installed ext…GBHACKERS.COM
29 AprMastering agentic AI security through exposure managementAs AI tools evolve from siloed chatbots to autonomous, hyperconnected systems, they create a vast new attack surface. Discover how to manage this risk by focusing on visibility, agency, and semantic security to protect your organization’s increasingly complex landscape of agentic…TENABLE.COM
29 AprExperts on Experts: The 2026 Threat Landscape is Moving Faster than Defenders ExpectThis week on Experts on Experts, I’m joined by Christiaan Beek, Rapid7’s VP of Threat Analytics, to talk through what we’re seeing in the 2026 threat landscape and how it connects to recent research coming out of Rapid7 Labs. We start with the report, but quickly move into what’s…RAPID7.COM
29 AprMicrosoft won&#8217;t patch PhantomRPC: Feature or bug?A researcher has detailed five ways to exploit PhantomRPC, which Microsoft rates “moderate” and does not plan to fix.MALWAREBYTES.COM
29 AprAll supported cPanel versions hit by critical auth bug, now patchedcPanel fixed a critical authentication flaw that could let attackers access servers. The issue affects all supported versions. cPanel released security updates to address a critical authentication vulnerability that could allow attackers to gain unauthorized access to its control…SECURITYAFFAIRS.COM
29 AprSwiss police arrest 10 suspected members of Nigeria-linked crime group Black AxeSwiss and German law enforcement have arrested 10 suspected members of the Nigerian criminal network Black Axe, including a regional leader believed to oversee operations in Southern Europe.THERECORD.MEDIA
29 AprAI Speeds Up Cyber AttacksAI is accelerating existing attack patterns rather than replacing them. Identity-based attacks account for the majority of cloud compromises, with human and system failures still the root cause. The real shift isn’t new tactics—it’s speed and scale. Attackers can move faster, aut…YOUTUBE.COM
29 AprAI Finds 38 Security Flaws in Electronic Health Record PlatformFlaws in OpenEMR's platform — used by more than 100,000 healthcare providers — enabled database compromise, remote code execution, and data theft.DARKREADING.COM
29 AprWhat It Takes to Run Marketing Solo with Sara Ceballos, Director of Marketing at BreachRxRunning marketing as a team of one means you’re responsible for everything, from attribution to brand to pipeline. Sara Ceballos, Director of Marketing, joins the show to talk through her time at Inspectiv, where she was brought in to support two new product launches, rethink the…THECYBERWIRE.COM
29 AprA wake-up call on frontier AI.OpenAI and Anthropic brief Congress on cyber-capable AI. The GAO flags improper DOGE access to Treasury payment systems. Greece moves to end online anonymity. CISA orders agencies to patch an exploited Windows zero-day. Researchers uncover ransomware that destroys data instead of…THECYBERWIRE.COM
29 AprReverse Engineering With AI Unearths High-Severity GitHub BugWiz used an AI reverse-engineering tool to pinpoint a vulnerability that previously would have been too costly and time-consuming to undertake.DARKREADING.COM
29 AprFive Things we Took Away from Gartner SRM Sydney 2026At this year's Gartner Security and Risk Management Summit in Sydney, Rapid7 CISO Brian Castagna joined industry CISO Nigel Hedges for a fireside chat on the decisions security leaders are actually making right now. They discussed the real decisions being made right now about bud…RAPID7.COM
29 AprModern Defensible Architecture: Resilience for the Australian Federal GovernmentHow Wiz enables Australian government agencies to operationalise MDA with real-time context, zero trust enforcement, and end-to-end cloud visibility.WIZ.IO
28 AprMicrosoft Patches Entra ID Role Flaw That Enabled Service Principal TakeoverAn administrative role meant for artificial intelligence (AI) agents within Microsoft Entra ID could enable privilege escalation and identity takeover attacks, according to new findings from Silverfort. Agent ID Administrator is a privileged built-in role introduced by Microsoft …THEHACKERNEWS.COM
28 AprClickUp Security Flaw Exposes 959 Emails Linked to Major Fortune 500 FirmsA major security flaw in the popular productivity platform ClickUp has exposed sensitive data, including 959 email addresses tied to Fortune 500 companies and government agencies. The primary vulnerability stems from a hardcoded Split.io SDK token left inside ClickUp’s production…GBHACKERS.COM
28 AprClaude Opus 4.6-Powered AI Coding Agent Wipes Production Database in 9 SecondsA Claude Opus 4.6-powered AI coding agent operating through the Cursor editor autonomously deleted the production database and backups of SaaS startup PocketOS in just nine seconds. The incident highlights critical security failures in AI guardrails and infrastructure access cont…GBHACKERS.COM
28 AprWhat CISOs need to get right as identity enters the agentic eraIdentity has always been central to security, but the proliferation of AI agents is rapidly changing the challenge of managing and securing identity, spurring CISOs to rethink their identity strategies — even how it is defined. “Identity is now both a control surface and an attac…CSOONLINE.COM
28 AprStopping AiTM attacks: The defenses that actually work after authentication succeedsThe security industry has spent years building better authentication. Longer passwords, second factors, hardware tokens. And attackers responded by moving past authentication entirely. Adversary-in-the-middle (AiTM) phishing does not steal credentials and replay them. It sits bet…CSOONLINE.COM
28 AprTop 10 Web Hacking Techniques of 2025 and a Hint for 2026 - James Kettle - ASW #380Portswigger's list of web hacking techniques is a long-running celebration of curiosity and research from the web hacking community. James Kettle shares his thoughts on the entries from 2025 and how he expects LLMs and agents to influence what the list will look like for next yea…YOUTUBE.COM
28 AprBuilding Resilience in a World of Constant ThreatsMegan Stifel, Chief Strategy Officer at the Institute for Security and Technology, joins Ann on this week’s episode of Afternoon Cyber Tea to discuss why cybersecurity must be treated as a shared governance responsibility, not just an IT issue. They explore how boardroom misalign…THECYBERWIRE.COM
28 AprVimeo suffers 3rd-party breach exposing user data, hackers threaten leakVimeo has disclosed a security incident stemming from a breach at third-party analytics provider Anodot, which resulted in unauthorized access to certain user and customer data. The company states that no video content, login credentials, or payment information were exposed, thou…CYBERINSIDER.COM
28 AprMDR Selection is a Partnership DecisionManaged Detection and Response (MDR) is a cybersecurity service that combines human expertise and technology to detect, investigate, and respond to threats 24/7. I write this as a Field CISO at Rapid7, but also as someone who has had to live with the operational reality of MDR on…RAPID7.COM
28 AprAfter Mythos: New Playbooks For a Zero-Window EraWhen patching isn’t fast enough, NDR helps contain the next era of threats. If you’ve been tracking advancements in AI, you know the exploit window, the short buffer that organizations relied on to patch and protect after a vulnerability disclosure, is closing fast. Anthropic’s n…THEHACKERNEWS.COM
28 AprSecuring RAG pipelines in enterprise SaaSIn the enterprise SaaS space, AI agents are becoming an integral part of the SaaS product. To make these intelligent agents truly useful, they need contextual, customer-specific knowledge, something standard Large Language Models (LLMs), open source or otherwise, inherently lack …CSOONLINE.COM
28 AprWhat Anthropic’s Mythos Means for the Future of CybersecurityTwo weeks ago, Anthropic announced that its new model, Claude Mythos Preview, can autonomously find and weaponize software vulnerabilities, turning them into working exploits without expert guidance. These were vulnerabilities in key software like operating systems and internet i…SCHNEIER.COM
28 AprMicrosoft fixes Entra ID flaw enabling privilege escalationMicrosoft fixed a Microsoft Entra ID flaw where the Agent ID Administrator role could enable privilege escalation and account takeover. Microsoft addressed a flaw in Microsoft Entra ID that could let attackers take over service accounts. The issue involved the Agent ID Administra…SECURITYAFFAIRS.COM
28 AprHTTP Requests with X-Vercel-Set-Bypass-Cookie Header, (Tue, Apr 28th)This weekend, we saw a few requests to our honeypot that included an "X-Vercel-Set-Bypass-Cookie" header. A sample request: ISC.SANS.EDU
28 AprSecuring the git push pipeline: Responding to a critical remote code execution vulnerabilityHow we validated, fixed, and investigated a critical vulnerability in under two hours, and confirmed no exploitation. The post Securing the git push pipeline: Responding to a critical remote code execution vulnerability appeared first on The GitHub Blog .GITHUB.BLOG
28 AprSignal Phishing Campaign Targets German Officials in Suspected Russian OperationSuspected Russian phishing via Signal targeted German officials, exploiting trust to access accounts and sensitive political communications. A new wave of cyber operations targeting European political leadership is once again highlighting how modern espionage increasingly relies …SECURITYAFFAIRS.COM
28 AprGet Motivated: What to Expect from Our Keynote at Rapid7's Global Cybersecurity SummitSecurity teams prepare for incidents every day. Alerts are tuned, playbooks are built, and processes are tested. But when something actually happens, the challenge shifts. It becomes not just about making decisions under pressure, but how well that preparation has set teams up to…RAPID7.COM
28 AprAccess control with IAM Identity Center session tagsAs organizations expand their Amazon Web Services (AWS) footprint, managing secure, scalable, and cost-efficient access across multiple accounts becomes increasingly important. AWS IAM Identity Center offers a centralized, unified solution for managing workforce access to AWS acc…AWS.AMAZON.COM
28 AprA Vulnerability in OpenSSH Could Allow for Authentication BypassA vulnerability has been discovered in OpenSSH which could allow for authentication bypass. OpenSSH (Open Secdure Shell) is an open-source suite of secure networking utilities based on the SSH protocol. It provides encrypted communication sessions over unsecured networks in a cli…CISECURITY.ORG
28 AprWhy Sharing a Screenshot Can Get You Jailed in the UAEThe war in Iran has drawn attention to arrests in the United Arab Emirates over online content, but the legal framework behind that enforcement has existed for years.WIRED.COM
28 AprPitney Bowes confirms Salesforce breach after hacker leaks 25 million recordsPitney Bowes has confirmed to CyberInsider that it suffered a cybersecurity incident involving unauthorized access to customer data stored in its Salesforce environment. This admission follows claims by the ShinyHunters extortion group that it has stolen over 25 million records. …CYBERINSIDER.COM
28 AprMultiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code ExecutionMultiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large…CISECURITY.ORG
28 AprOracle Quarterly Critical Patches Issued April 21, 2026Multiple vulnerabilities have been discovered in Oracle products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user. Dep…CISECURITY.ORG
28 AprVidar Rises to Top of Chaotic Infostealer MarketThe malware has filled the gap created by last year's law enforcement takedowns of Lumma and Rhadamanthys.DARKREADING.COM
28 AprSpy agency officials say job loss anxiety, moving fast ‘safely’ among top challenges in AI workforce overhaulWhile tech leaders think about how to strategically deploy AI tools to support human intelligence needs, rank and filers express concerns about their livelihoods. The post Spy agency officials say job loss anxiety, moving fast ‘safely’ among top challenges in AI workforce overhau…CYBERSCOOP.COM
27 AprFake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto FraudCybersecurity researchers have disclosed details of a telecommunications fraud campaign that uses fake CAPTCHA verification tricks to dupe unsuspecting users into sending international text messages that incur charges on their mobile bills, generating illicit revenue for the thre…THEHACKERNEWS.COM
27 AprCritical Gemini CLI Flaw Raises Supply Chain Security ConcernsGoogle has rolled out urgent security updates for its Gemini CLI and the accompanying GitHub Action to address a critical vulnerability. Tracked as GHSA-wpqr-6v78-jr5g, this flaw exposes continuous integration and continuous deployment (CI/CD) pipelines to Remote Code Execution (…GBHACKERS.COM
27 AprAttackers Chain CODESYS Vulnerabilities to Backdoor ApplicationsNozomi Networks Labs published critical research detailing three new vulnerabilities in the CODESYS Control runtime. When chained together, these security flaws allow an authenticated attacker with low-level privileges to replace a legitimate industrial control application with a…GBHACKERS.COM
27 AprADT - 5,488,888 breached accountsIn April 2026, home security firm ADT confirmed a data breach by ShinyHunters , which listed the company on its website as part of a "pay or leak" extortion attempt. The breach impacted 5.5M unique email addresses along with names, phone numbers and physical addresses. ADT also a…HAVEIBEENPWNED.COM
27 AprU.S. utility giant Itron discloses a security breachItron detected unauthorized access to part of its IT environment on April 13, 2026, and launched incident response and notified authorities. Itron disclosed a cyber incident involving unauthorized access to part of its internal IT systems, detected on April 13, 2026. The company …SECURITYAFFAIRS.COM
27 Apr25 open-source cybersecurity tools that don’t care about your budgetRegardless of the operating system you use, managing secrets, apps, cloud, compliance, and security operations can be overwhelming. The free, open-source tools presented in this article can help you detect threats, increase visibility, enforce controls, and investigate and respon…HELPNETSECURITY.COM
27 AprProduct showcase: LuLu reveals unauthorized outbound connections from Mac appsLuLu is a free, open-source firewall for macOS that lets you control which apps are allowed to send data from your computer. macOS includes a built-in firewall, but it mainly handles incoming connections. LuLu also monitors outgoing traffic. Installing and setting Up LuLu After d…HELPNETSECURITY.COM
27 AprOpenClaw Flaws Expose Systems to Policy Bypass AttacksOpenClaw, a rapidly adopted open-source autonomous AI agent framework, has released critical security updates to address three moderate-severity vulnerabilities. Found in npm package versions before 2026.4.20, these complex flaws expose systems to severe policy bypasses, unauthor…GBHACKERS.COM
27 AprThe ‘manager of agents’: How AI evolves the SOC analyst roleEvery SOC analyst has heard it by now: “AI is coming for your job”. I hear it in conversations with SOC teams. I see it in the hesitation during evaluations. And increasingly, I feel it as a source of resistance — especially from the very people AI is supposed to help. But the re…CSOONLINE.COM
27 AprRethinking Security from the OS Up in the Age of AI and more RSAC 2026 Interviews - ESW #456Rethinking Security from the OS Up in the Age of AI Karen Heart discusses a file-system–first approach to security, arguing that most modern attacks—including ransomware and supply chain compromises—succeed because they inherit user permissions and operate inside overly trusted s…YOUTUBE.COM
27 AprFake Income Tax Notices Used to Spread MalwareCybercriminals are exploiting India’s tax season by launching sophisticated phishing campaigns that impersonate the Income Tax Department to deliver dangerous malware to unsuspecting taxpayers. The malicious operation uses fake assessment notices and tax compliance warnings…GBHACKERS.COM
27 AprItron Discloses Data Breach After Hackers Access Internal SystemsItron, Inc., a leading smart metering and energy infrastructure technology company, has disclosed a cybersecurity incident after an unauthorized third party gained access to certain of its internal systems, according to a Form 8-K filing submitted to the U.S. Securities and Excha…GBHACKERS.COM
27 AprMythos Changed the Math on Vulnerability Discovery. Most Teams Aren't Ready for the Remediation SideAnthropic’s Claude Mythos Preview has dominated security discussions since its April 7 announcement. Early reporting describes a powerful cybersecurity-focused AI system capable of identifying vulnerabilities at scale and raising serious questions about how quickly organizations …THEHACKERNEWS.COM
27 AprPhantomCore Exploits TrueConf Vulnerabilities to Breach Russian NetworksA pro-Ukrainian hacktivist group called PhantomCore has been attributed to attacks actively targeting servers running TrueConf video conferencing software in Russia since September 2025. That's according to a report published by Positive Technologies, which found the threat actor…THEHACKERNEWS.COM
27 AprMicrosoft patched an ‘agent-only’ role that was notAn administrative role meant for AI agents within Microsoft’s Entra ID ecosystem could allow privilege escalation and tenant takeover attacks, as it had privileges over more than agent-related objects. Researchers at Silverfort found that users assigned to Microsoft’s “Agent ID A…CSOONLINE.COM
27 Apr27th April – Threat Intelligence ReportFor the latest discoveries in cyber research for the week of 27th April, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Vercel, a frontend cloud platform, has disclosed a security incident linked to a compromise at Context.ai, where stolen OAuth tokens…RESEARCH.CHECKPOINT.COM
27 AprEU Proposes Forcing Google to Share Search Data With Rivals Under DMAThe European Commission has proposed new measures that could force Google to share key search engine data with rival platforms under the Digital Markets Act, or DMA. The move is part of the EU’s wider push to reduce the market power of major technology companies and create fairer…GBHACKERS.COM
27 AprUS, UK authorities warn that Firestarter backdoor malware survives patchingA federal agency was impacted by a hacking campaign that exploited flaws in Cisco devices.CYBERSECURITYDIVE.COM
27 AprMedical device giant Medtronic confirms data breach incidentMedtronic has disclosed that an unauthorized party accessed portions of its corporate IT environment, while stating there is currently no evidence of disruption to medical devices, patient care, or core operations. The healthcare technology giant revealed the incident in a public…CYBERINSIDER.COM
27 AprCheckmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 AttackCheckmarx has disclosed that its ongoing investigation tied to the supply chain security incident has revealed that a cybercriminal group published data related to the company on the dark web. "Based on current evidence, we believe this data originated from Checkmarx's GitHub rep…THEHACKERNEWS.COM
27 AprUnpatched 'PhantomRPC' Flaw in Windows Enables Privilege EscalationA researcher discovered five different exploit paths that stem from an architectural weakness in how Windows' Remote Procedure Call (RPC) mechanism handles connections to unavailable services.DARKREADING.COM
27 AprOptimize security operations through an AWS Security Hub POCApril 27, 2026: This post was first published in September 2025 when the enhanced AWS Security Hub was in public preview. It has since been updated to reflect the general availability of Security Hub. This revision also provides a more detailed, step-by-step framework for plannin…AWS.AMAZON.COM
27 AprOpen source package with 1 million monthly downloads stole user credentialssubmitted by schnurrito to security 5 points | 1 comments https://arstechnica.com/security/2026/04/open-source-package-with-1-million-monthly-downloads-stole-user-credentials/PROGRAMMING.DEV
26 AprWeek in review: Claude Mythos finds 271 Firefox flaws, Vercel breachHere’s an overview of some of last week’s most interesting news, articles, interviews and videos: SmokedMeat: Open-source tool shows what attackers do inside CI/CD pipelines Boost Security has released SmokedMeat, an open-source framework that runs attack chains against CI/CD inf…HELPNETSECURITY.COM
25 AprThe Patch Gap Is the ProblemMultiple public exploits are targeting Microsoft Defender’s internal privilege workflows, with confirmed use in active attacks. Some vulnerabilities have been patched, while others remain exposed. Security tools themselves can become attack surfaces. The delay between exploit rel…YOUTUBE.COM
25 AprGovernments and industry race to harness AI for vulnerability discovery.FIRESTARTER malware remained on Cisco devices after patches were applied. Cloud development platform Vercel confirms breach.THECYBERWIRE.COM
25 AprFirefox is quietly experimenting with Brave’s ad-blocking engineMozilla has quietly begun experimenting with Brave’s Rust-based ad-blocking engine in Firefox, signaling a potential shift in how the browser handles ads and trackers. The change was first spotted in Firefox 149 under Bugzilla entry 2013888, where Mozilla engineers introduced adb…CYBERINSIDER.COM
24 AprInside The Vercel Supply Chain ExploitInside the Vercel Breach: Highlighting OAuth Token Risk In a special edition of Cybersecurity Today, host Jim Love and guest Jamie Blasco (CTO, Nudge Security) discuss Vercel, a major developer hosting platform, and a breach tied to OAuth grants and shadow AI. Reporting shared by…CYBERSECURITYTODAY.LIBSYN.COM
24 AprHackers Exploit SS7 and Diameter Flaws to Track Mobile Users GloballyA recent investigation by Citizen Lab has uncovered sophisticated, multi-year surveillance campaigns exploiting foundational vulnerabilities in global mobile networks. The report, titled “Bad Connection,” reveals how suspected commercial surveillance vendors (CSVs) we…GBHACKERS.COM
24 AprPhantomRPC: A new privilege escalation technique in Windows RPCKaspersky researcher discovered a vulnerability in RPC architecture that enables an attacker to create a fake RPC server and escalate their privileges.SECURELIST.COM
24 AprTropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2Chinese-speaking individuals are the target of a new campaign that uses a trojanized version of SumatraPDF reader to deploy the AdaptixC2 Beacon post-exploitation agent and ultimately facilitate the abuse of Microsoft Visual Studio Code (VS Code) tunnels for remote access. Zscale…THEHACKERNEWS.COM
24 AprXiongmai IP Camera Flaw Lets Attackers Bypass AuthenticationA critical security vulnerability has been identified in Hangzhou Xiongmai Technology’s XM530 IP Cameras, putting countless commercial facilities at risk. This severe flaw allows remote attackers to bypass authentication protocols and access sensitive device information eas…GBHACKERS.COM
24 AprHackers Exploit Pastebin PowerShell Script to Hijack Telegram SessionsHackers are experimenting with a new Telegram‑focused session stealer that hides in a Pastebin‑hosted PowerShell script posing as a Windows telemetry update, giving defenders a rare view into how such tools are built and tested. The script does not attempt to grab passwords or br…GBHACKERS.COM
24 AprFirefox flaw enables cross-site tracking, undermines Tor Browser defensesA newly disclosed vulnerability in Firefox and Tor Browser allowed websites to generate a stable, process-level identifier using IndexedDB, undermining private browsing protections and cross-site isolation. The issue has been fixed in recent Firefox releases following responsible…CYBERINSIDER.COM
24 AprHackers Exploit Agent ID Administrator Role to Hijack Service PrincipalsA severe scoping vulnerability was recently discovered in Microsoft Entra ID’s new Agent Identity Platform. The security flaw allowed users assigned the Agent ID Administrator role to hijack arbitrary service principals across an organization’s tenant, leading to pote…GBHACKERS.COM
24 AprUK Biobank Data Breach: Health Data of 500,000 Listed for Sale in ChinaUK government Minister confirms that breached health records of UK Biobank volunteers were up for sale on Chinese ecommerce platforms before being removedINFOSECURITY-MAGAZINE.COM
24 Apr3 Reasons to Attend our Global Cybersecurity Summit if you’re Focused on AI, Threats, and CTEMSecurity teams are dealing with a different kind of pressure now. It is not just the volume of alerts or the pace of attacks, but also the gap between what teams can see and what they can act on with confidence. That gap shows up in different ways. Threats move across identity an…RAPID7.COM
24 AprCIS Control Becomes LawRegulators such as NYDFS are requiring financial institutions to formally attest to MFA adoption and maintain accurate inventories of their IT assets, aligning directly with CIS Control 1. These are considered foundational cybersecurity practices, yet they are still not universal…YOUTUBE.COM
24 AprFIRESTARTER malware remained on Cisco devices after patches were applied.Open-source AI models may match Mythos's capabilities. White House moves to fight foreign extraction of US AI capabilities.THECYBERWIRE.COM
24 AprMeta’s Biggest Layoff of 2026 Is Confirmed to Start Next MonthMeta will cut 10% of its workforce, impacting about 8,000 employees, as it shifts resources to AI and reduces costs amid ongoing restructuring efforts. The post Meta’s Biggest Layoff of 2026 Is Confirmed to Start Next Month appeared first on TechRepublic .TECHREPUBLIC.COM
24 AprCISA last in line for access to Anthropic MythosThe US Cybersecurity and Infrastructure Security Agency (CISA) does not yet have access to Anthropic’s bug-hunting AI model, Claude Mythos, even though other government agencies do, Axios reported earlier this week . As if that weren’t a big enough slap in the face for the nation…CSOONLINE.COM
24 AprNew US House privacy bills raise hard questions about enterprise data collectionUS House Republicans have introduced two major privacy proposals that would reshape how US companies collect, process, and retain consumer data: the SECURE Data Act for general consumer privacy and the GUARD Financial Data Act for financial institutions. The bills would create na…CSOONLINE.COM
24 AprWhen Updates Turn Into MalwareThe “Canister Worm” attack compromises legitimate NPM publishers and replaces package contents with malware that executes during installation or updates. Developers can unknowingly pull malicious code directly into their environments. Because the source appears trusted, tradition…YOUTUBE.COM
23 AprMalicious pgserve, automagik developer tools found in npm registryApplication developers are being warned that malicious versions of pgserve, an embedded PostgreSQL server for application development, and automagik, an AI coding tool, have been dropped into the npm JavaScript registry, where they could poison developers’ computers. Downloading …CSOONLINE.COM
23 AprClaude Mythos signals a new era in AI-driven security, finding 271 flaws in FirefoxThe Claude Mythos Preview appears to be living up to the hype, at least from a cybersecurity standpoint. The model, which Anthropic rolled out to a small group of users, including Firefox developer Mozilla, earlier this month, has discovered 271 vulnerabilities in version 148 of …CSOONLINE.COM
23 AprRiddled with flaws, serial-to-Ethernet converters endanger critical infrastructureSerial-to-Ethernet adapters used in industrial, retail, and healthcare environments to link serial devices to TCP/IP networks are riddled with vulnerabilities and outdated open-source components, researchers warn. The flaws enable various attacks scenarios, including taking full …CSOONLINE.COM
23 AprSLAM, scam, thank you ma’am.This week, while Maria is on vacation, ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ and ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ are joined by ⁠Michele Kellerman⁠ as they discuss the latest in social engineeri…THECYBERWIRE.COM
23 AprApple Patches Privacy Issue Exposing Signal Message Data Through NotificationsApple recently rolled out iOS 26.4.2 and iPadOS 26.4.2 to patch a critical privacy vulnerability affecting millions of users. Released on April 22, 2026, this vital security update addresses a flaw that could accidentally expose sensitive message data from secure applications, mo…GBHACKERS.COM
23 AprClaude Mythos Exposes 271 Zero-Day Security Flaws in FirefoxMozilla has released Firefox 150, addressing a staggering 271 zero-day vulnerabilities. The security team identified these latent flaws using Anthropic’s early-stage Claude Mythos Preview AI model. This massive cleanup represents a major shift in how tech companies detect a…GBHACKERS.COM
23 AprApple fixes iOS privacy flaw that allowed Signal message retrievalApple has released iOS 26.4.2 and iPadOS 26.4.2 to fix a privacy issue that could cause deleted app notifications, including message content, to persist on devices. The update directly addresses concerns raised after reports revealed that law enforcement could recover Signal mess…CYBERINSIDER.COM
23 AprVercel Finds More Compromised Accounts in Context.ai-Linked BreachVercel on Wednesday revealed that it has identified an additional set of customer accounts that were compromised as part of a security incident that enabled unauthorized access to its internal systems. The company said it made the discovery after expanding its investigation to in…THEHACKERNEWS.COM
23 AprMicrosoft taps Anthropic’s Mythos to strengthen secure software developmentMicrosoft plans to integrate Anthropic’s Mythos AI model into its Security Development Lifecycle, a move that suggests advanced generative AI is beginning to play a direct role in how major software vendors identify vulnerabilities and harden code against attack. The company said…CSOONLINE.COM
23 AprResearchers Uncover 10 In-the-Wild Prompt Injection Payloads Targeting AI AgentsForcepoint has found 10 new indirect prompt injection attacks targeting AI agentsINFOSECURITY-MAGAZINE.COM
23 AprApple fixes iOS bug that kept deleted notifications, including chat previewsA vulnerability in iPhones and iPads allowed law enforcement to recover deleted notifications, including Signal message previews.MALWAREBYTES.COM
23 Apr[Webinar] Mythos Reality Check: Beating Automated Exploitation at AI SpeedImagine a world where hackers don't sleep, don't take breaks, and find weak spots in your systems instantly. Well, that world is already here. Thanks to AI, attackers are now launching automated, large-scale exploits faster than ever before. The time you have to fix a vulnerabili…THEHACKERNEWS.COM
23 AprGoogle gets agent-ready for the Mythos ageIn response to Anthropic Mythos, instead of launching another LLM, Google unveiled a broad push toward agentic, AI-driven defense at Google Cloud Next ‘26 to help SOC analysts as they scramble to keep up with the influx of CVEs Mythos threatens. As Mythos promises more vulnerabil…CSOONLINE.COM
23 AprDNN vulnerability puts 750,000 websites at risk​ | Cybernewssubmitted by kid to cybersecurity 1 points | 0 comments https://cybernews.com/security/dnn-vulnerability-enables-rce-exploits-on-web-servers/SH.ITJUST.WORKS
23 AprFlaw in Microsoft-owned GitHub repository allowed RCE via issue submission | news | SC Mediasubmitted by kid to cybersecurity 7 points | 0 comments https://www.scworld.com/news/flaw-in-microsoft-owned-github-repository-allowed-rce-via-issue-submissionSH.ITJUST.WORKS
23 AprTrailmark turns code into graphsWe’re open-sourcing Trailmark , a library that parses source code into a queryable call graph of functions, classes, call relationships, and semantic metadata, then exposes that graph through a Python API that Claude skills can call directly. Install it now: uv pip install …TRAILOFBITS.COM
23 AprVercel Confirms Security Breach Affecting Customer AccountsVercel has confirmed a security breach involving unauthorised access to certain internal systems, and the company says the incident affected a limited number of customer accounts and stored data. The cloud platform provider disclosed that it is actively investigating the incident…GBHACKERS.COM
23 AprOffer customers passkeys by default, UK’s NCSC tells enterprisesThe UK’s National Cyber Security Centre (NCSC) is recommending passkeys as the default authentication method for businesses to offer consumers, citing industry progress that now makes them a more secure and user-friendly alternative to passwords. In a blog post published this wee…CSOONLINE.COM
23 AprHouse Republicans unveil data privacy law that would override state protectionsThe bill, known as the SECURE Data Act, is backed by top Republicans on the House Energy and Commerce and Financial Services committees.THERECORD.MEDIA
23 AprThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New StoriesYou scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works with small changes. Same bugs. Same mistakes. The supply chain is messy. Packages you did not check are stealing data, adding backdoors, and spreading. A…THEHACKERNEWS.COM
23 AprVercel says some of its customers’ data was stolen prior to its recent hackThe app and website hosting company has found evidence of a second compromise of customer accounts after expanding its initial investigation following a breach in early April.TECHCRUNCH.COM
23 AprSnow Flurries: How UNC6692 Employed Social Engineering to Deploy a Custom Malware SuiteWritten by: JP Glab, Tufail Ahmed, Josh Kelley, Muhammad Umair Introduction Google Threat Intelligence Group (GTIG) identified a multistage intrusion campaign by a newly tracked threat group, UNC6692, that leveraged persistent social engineering, a custom modular malware suite, a…CLOUD.GOOGLE.COM
23 AprSony to enforce age checks for PlayStation users in the UK starting in JuneSony has announced that UK-based PlayStation users will soon need to verify their age to maintain access to key social features, with enforcement set to begin in June 2026. While players will still be able to access games and purchases, unverified accounts will face growing featu…CYBERINSIDER.COM
23 AprFive steps to become Mythos readyAI is uncovering vulnerabilities at a scale that will overwhelm legacy defenses. Here is how to build a security organization that is Mythos ready. Key takeaways While frontier AI models like Claude Mythos boost cyber defenses, they also empower attackers to discover and weaponiz…TENABLE.COM
23 AprSurveillance vendors exploit telecom weaknesses.Sean Plankey withdraws nomination to serve as CISA director. GopherWhisper targets Mongolian government entities.THECYBERWIRE.COM
23 AprLuxury cosmetics giant Rituals discloses data breach impacting member personal detailsRituals disclosed a breach where hackers accessed and downloaded some My Rituals members’ data, including names and addresses. Luxury cosmetics giant Rituals disclosed a data breach impacting My Rituals members after attackers gained unauthorized access to its systems and downloa…SECURITYAFFAIRS.COM
23 AprRecent Microsoft Defender Vulnerability Exploited as Zero-Day - SecurityWeeksubmitted by kid to cybersecurity 1 points | 0 comments https://www.securityweek.com/recent-microsoft-defender-vulnerability-exploited-as-zero-day/SH.ITJUST.WORKS
23 AprSurveillance companies exploiting telecom system to spy on targets’ locations, research showsThe campaigns exploited a weakness in telecom infrastructure to allow the unnamed vendors to secretly pose as real cellular providers and pinpoint victims’ locations.THERECORD.MEDIA
23 AprCISA: US agency breached through Cisco vulnerability, FIRESTARTER backdoor allowed access through MarchCISA said the unnamed department was infected with malware called “FIRESTARTER” that allowed the hackers to return to the Cisco device in March without re-exploiting the original vulnerabilities.THERECORD.MEDIA
23 AprSurveillance campaigns use commercial surveillance tools to exploit long-known telecom vulnerabilitiesResearchers said it’s the first-ever mapping of attack traffic to mobile operator signalling infrastructure. The post Surveillance campaigns use commercial surveillance tools to exploit long-known telecom vulnerabilities appeared first on CyberScoop .CYBERSCOOP.COM
23 AprMicrosoft Offers First-Ever Retirement Buyouts to Thousands of EmployeesMicrosoft is offering first-ever retirement buyouts to some US employees as AI-driven data center spending grows and tech layoffs continue. The post Microsoft Offers First-Ever Retirement Buyouts to Thousands of Employees appeared first on TechRepublic .TECHREPUBLIC.COM
23 Apr3 practical ways AI threat detection improves enterprise cyber resilienceWhy “more alerts” isn’t the same as better security If you run security in an enterprise environment, you already know the problem. Generic detection tools generate thousands of alerts, most of them low value. Analysts spend hours chasing noise while attackers quietly move latera…CSOONLINE.COM
23 AprThe curious case of Sean Plankey’s derailed CISA nominationDonald Trump’s nominee to lead the Cybersecurity and Infrastructure Security Agency (CISA), Sean Plankey, informed Homeland Security Secretary Markwayne Mullin and the White House that he is withdrawing his nomination after a 13-month stall, during which the well-regarded cyberse…CSOONLINE.COM
23 AprYour signal is showing.Researchers expose covert telecom surveillance campaigns. Lawmakers push new national privacy rules. China-linked actors hide inside compromised device networks. A ransomware forum leak reveals a criminal marketplace. GopherWhisper blends into cloud services for espionage. Attack…THECYBERWIRE.COM
23 AprBack to (or Start) Fundamentals? - Rajesh Khazanchi - PSW #923This week: Larry’s in the host seat and chaos ensues. We dig into: - A very questionable story about tracking a warship with a $5 Bluetooth tracker - Serial-to-IP devices quietly sitting in critical infrastructure… and full of holes - New York regulators mandating MFA and asset i…YOUTUBE.COM
23 AprAI threats in the wild: The current state of prompt injections on the webPosted by Thomas Brunner, Yu-Han Liu, Moni Pande At Google, our Threat Intelligence teams are dedicated to staying ahead of real-world adversarial activity, proactively monitoring emerging threats before they can impact users. Right now, Indirect Prompt Injection (IPI) is a top p…SECURITY.GOOGLEBLOG.COM
23 AprSupply Chain Defense LimitsA proposed security tool intercepts software package installs and checks them against a cloud database of known malicious or compromised packages, similar to traditional antivirus systems. While this approach can block known threats, it remains dependent on signature-based detect…YOUTUBE.COM
23 AprVercel attack fallout expands to more customers and third-party systemsThe company said it found more evidence of compromise across its customer base. Exposure, which has yet to be defined, poses significant downstream risk. The post Vercel attack fallout expands to more customers and third-party systems appeared first on CyberScoop .CYBERSCOOP.COM
23 AprBitwarden CLI password manager trojanized in supply chain attackResearchers warn of a new software supply chain attack that resulted in a malicious version of Bitwarden CLI, the terminal version of the extremely popular open-source password manager. The attack is believed to be related to the string of recent supply chain compromises attribut…CSOONLINE.COM
22 AprVercel Breach Started With AI ToolCYBERSECURITYTODAY.LIBSYN.COM
22 AprMicrosoft Issues Emergency .NET 10.0.7 Update to Patch Elevation of Privilege VulnerabilityMicrosoft has issued an emergency out-of-band security update to address a severe vulnerability within the .NET framework. The critical release of .NET 10.0.7 patches an Elevation of Privilege flaw that inadvertently surfaced after a recent routine system update. Out-of-band patc…GBHACKERS.COM
22 Apr KEV1,370+ Microsoft SharePoint Servers at Risk of Spoofing Attacks Found Exposed OnlineMore than 1,370 Microsoft SharePoint servers remain publicly exposed to an actively exploited spoofing vulnerability, putting countless corporate networks at severe risk. Identified by threat intelligence researchers at The Shadowserver Foundation, these unpatched systems are vul…GBHACKERS.COM
22 AprDinDoor Backdoor Exploits Deno and MSI Installers to Slip Past DetectionDinDoor is a newly documented backdoor that abuses the Deno JavaScript runtime and MSI installer files to execute attacker‑controlled code while sidestepping traditional detection controls quietly. Hiding behind trusted runtimes and common Windows tooling gives threat actors a fl…GBHACKERS.COM
22 AprFrom Shame to Fame: Changing Behaviors and RSAC Interviews from Tanium and Illumio - BSW #444Why have security awareness training programs failed? Maybe we need to understand human psychology. Humans don't like tricks, or to be shamed, or negative emotions. Humans want to be rewarded, but yet our training and phishing programs are not built for reward. Maybe it's time to…YOUTUBE.COM
22 AprRisky Business #834 -- Vercel gets owned, Mozilla dumps hundreds of Mythos bugsOn this week’s show, Patrick Gray and James Wilson are joined by special guest The Grugq. They discuss the week’s cybersecurity news, including: Vercel got owned, and there’s a few infostealer and compromised employee dots to connect Mozilla used Mythos to find 271 bugs, which fe…RISKY.BIZ
22 AprThe AI era demands a different kind of CISOWhen attackers can discover and exploit vulnerabilities in minutes, last quarter's audit doesn't mean much. CISOs need to shift from static measurement to real-time awareness -- and fast. The post The AI era demands a different kind of CISO appeared first on CyberScoop .CYBERSCOOP.COM
22 AprLotus Wiper Hits Energy Sector in Destructive CyberattackHackers have deployed a new destructive malware, dubbed Lotus Wiper , in a targeted cyberattack against energy and utilities organizations in Venezuela, aiming not to extort money but to destroy data and disrupt operations permanently. Artifacts from the Lotus Wiper attack chain …GBHACKERS.COM
22 AprMullvad to add feature that forces all iOS traffic through the VPN tunnelMullvad has announced a new feature that forces all iOS app traffic through its VPN tunnel, accepting significant usability trade-offs to close long-standing traffic leak risks caused by Apple’s networking limitations. The VPN provider explained that unresolved issues in Apple’s …CYBERINSIDER.COM
22 AprToxic Combinations: When Cross-App Permissions Stack into RiskOn January 31, 2026, researchers disclosed that Moltbook, a social network built for AI agents, had left its database wide open, exposing 35,000 email addresses and 1.5 million agent API tokens across 770,000 active agents. The more worrying part sat inside the private messages. …THEHACKERNEWS.COM
22 AprNFC tap-to-pay gets tapped by hackersCyber crooks are abusing a trojanized Android payment application to steal near field communication (NFC) data and PINs, enabling cloning of payment cards and draining victim accounts. According to ESET researchers, a new variant of the NGate malware has been infused into the Han…CSOONLINE.COM
22 AprMozilla says Claude’s Mythos AI helped uncover 271 flaws in FirefoxMozilla says it has fixed 271 previously unknown security vulnerabilities in Firefox 150 after testing an experimental AI model from Anthropic, marking a dramatic escalation in AI-assisted bug discovery. The announcement by Bobby Holley, a senior staff engineer on the Firefox tea…CYBERINSIDER.COM
22 Apr109 Fake GitHub Repos Spread SmartLoader, StealC MalwareA coordinated malware operation is abusing fake GitHub repositories to distribute a LuaJIT-based loader, SmartLoader, and a follow-on StealC infostealer, with at least 109 malicious repos active across 103 accounts. The campaign blends cloned open source code, obfuscated Lua stag…GBHACKERS.COM
22 AprIran claims US exploited networking equipment backdoors during strikessubmitted by floofloof to cybersecurity 5 points | 1 comments https://www.tomshardware.com/tech-industry/cyber-security/iran-claims-us-exploited-networking-equipment-backdoors-during-strikes cross-posted from: lemmy.bestiver.se/post/1063291 CommentsINFOSEC.PUB
22 AprUnsecured Perforce Servers Expose Sensitive Data From Major Orgs - SecurityWeeksubmitted by kid to cybersecurity 1 points | 0 comments https://www.securityweek.com/unsecured-perforce-servers-expose-sensitive-data-from-major-orgs/SH.ITJUST.WORKS
22 Apr KEVActively exploited Apache ActiveMQ flaw impacts 6,400 serverssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/actively-exploited-apache-activemq-flaw-impacts-6-400-servers/SH.ITJUST.WORKS
22 AprPunishment Fails Behavior ChangeSecurity awareness programs often rely on punishment—especially in phishing simulations and compliance training. But behavioral psychology shows that rewarded actions are far more likely to stick than punished ones. If employees only act securely to avoid consequences, the behavi…YOUTUBE.COM
22 AprNews alert: BreachLock’s integrated attack validation platform debuts in Gartner AEV categoryNEW YORK, Apr. 21, 2026, CyberNewswire— BreachLock , a global leader in offensive security, today announced it has been named a representative vendor in the 2026 Gartner Market Guide for Adversarial Exposure Validation . This recognition marks the first time … (more…) The p…LASTWATCHDOG.COM
22 AprMicrosoft SharePoint vulnerability widely exposed across multiple countriesThe disclosure comes just weeks after a prior SharePoint flaw was discovered.CYBERSECURITYDIVE.COM
22 AprNew Apple Phishing Scam Uses Fake $899 iPhone Purchase AlertAn Apple account notification has been exploited in a new email phishing attack that comes with a fake iPhone purchase claim. The post New Apple Phishing Scam Uses Fake $899 iPhone Purchase Alert appeared first on TechRepublic .TECHREPUBLIC.COM
22 AprDDoS wave continues as Mastodon hit after Bluesky incidentMastodon suffered a major DDoS attack shortly after a similar incident hit Bluesky. The outage was significant but resolved within a few hours. Mastodon was hit by a major DDoS attack just days after a similar disruption affected Bluesky. Mastodon is a free and open-source softwa…SECURITYAFFAIRS.COM
22 AprApple fixes bug that cops used to extract deleted chat messages from iPhonesThe iPhone and iPad bug allowed law enforcement using forensic tools to read messages that had long been deleted by the Signal app.TECHCRUNCH.COM
22 AprThe leak was only a matter of time.Mythos leaks. The DOD preps a more aggressive cyber strategy. A former FBI cyber official urges homicide charges for hospital ransomware deaths. Lotus Wiper targeted the Venezuelan energy and utilities sector. Over 1,300 SharePoint servers remain unpatched against a spoofing vuln…THECYBERWIRE.COM
21 AprLovable AI App Builder Hit by Reported API Flaw Exposing Thousands of ProjectsThe popular AI application builder, Lovable, is currently facing a massive data breach due to an unpatched API vulnerability. Security researchers have revealed that a critical flaw exposes sensitive project data, source code, and user credentials for any project created on the p…GBHACKERS.COM
21 AprAI-Driven Exploitation Could Shrink Defenders’ Patch WindowAI-powered cyberattacks are entering a new phase, with frontier AI models now capable of autonomously discovering and exploiting software vulnerabilities at unprecedented speed. Unit 42’s hands-on testing reveals that modern AI models are no longer مجرد coding assistants. Instead…GBHACKERS.COM
21 Apr173: TarjeterosIn the streets of the Dominican Republic, a new economy thrives in the shadows. It’s built not on tourism or sugar, but on stolen data. They call them tarjeteros. And they are making a lot of money from stolen credit cards. This is a story about one group of tarjeteros who came t…DARKNETDIARIES.COM
21 AprGitHub Issue Alerts Exploited in OAuth Phishing Scam Targeting DevelopersHackers are abusing GitHub’s own issue-notification emails to phish developers and silently take over their repositories using malicious OAuth applications, effectively turning trusted DevOps tooling into a supply-chain attack vector. Developers are now prime targets because comp…GBHACKERS.COM
21 Apr KEVCISA Alerts Defenders to Exploited Cisco Catalyst SD-WAN Manager Security FlawsThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning to network defenders regarding the active exploitation of Cisco Catalyst SD-WAN Manager. On April 20, 2026, CISA officially added three distinct security flaws affecting the platform to its K…GBHACKERS.COM
21 AprBluesky hit by 24-hour DDoS attack as pro-Iran group claims responsibilityBluesky suffered a 24-hour DDoS attack that caused outages. A pro-Iran hacker group claimed responsibility for the disruption. Bluesky experienced a sophisticated DDoS attack that disrupted its services for about 24 hours, starting on April 15. Bluesky is a decentralized, open-so…SECURITYAFFAIRS.COM
21 AprTop techniques attackers use to infiltrate your systems todayMuch of the talk around cybersecurity these days revolves around AI and the threat it poses to corporate systems when used by nefarious actors. But the reality on the ground remains a little more mundane than polymorphic AI malware and criminal masterminds putting machine learnin…CSOONLINE.COM
21 AprThe thin gray line: Handala, CyberAv3ngers and Iran’s proxy opsOn April 7, six US government agencies issued a critical advisory warning domestic private sector organizations of potential infrastructural cyberattacks conducted by Iranian-affiliated Advanced Persistent Threat (APT) actors. The advisory stops short of attributing these threats…CSOONLINE.COM
21 AprThe Human Aspect of Red Teams - Brian Fox, Tom Tovar, T. Gwyddon 'Data' Owen - ASW #379Red team exercises set goals to see if a particular outcome can be accomplished through a simulated attack, but the ultimate outcome should be educating the org about how to improve tools and processes that make attacks more difficult to succeed. Gwyddon "Data" Owen shares his ex…YOUTUBE.COM
21 AprVercel Confirms Cyber Incident After Sophisticated Attacker Exploits Third‑Party ToolCloud app developer Vercel appears to have suffered a security breachINFOSECURITY-MAGAZINE.COM
21 AprMicrosoft spots Sapphire Sleet macOS attack using AppleScript and social engineeringA new macOS-focused cyber campaign linked to the North Korean threat actor Sapphire Sleet, highlighting how attackers are increasingly relying on social engineering rather than software vulnerabilities to compromise systems. Rather than exploiting security flaws, the attackers ma…GBHACKERS.COM
21 AprWhy identity is the driving force behind digital transformationIdentity centric technologies have undergone a significant transformation in recent times. Gone are the days when it was all about logging in and out of any given system. Today, identity has become the backbone of all digital enterprises. It’s the ‘invisible engine’ that powers e…CSOONLINE.COM
21 AprMythos can find the vulnerability. It can’t tell you what to do about it.Anthropic’s new model can find vulnerabilities faster and cheaper than ever. The hardest part is still everything that comes after. The post Mythos can find the vulnerability. It can’t tell you what to do about it. appeared first on CyberScoop .CYBERSCOOP.COM
21 AprNo Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based AttacksThe cybersecurity industry has spent the last several years chasing sophisticated threats like zero-days, supply chain compromises, and AI-generated exploits. However, the most reliable entry point for attackers still hasn't changed: stolen credentials. Identity-based attacks rem…THEHACKERNEWS.COM
21 AprGoogle Patches Antigravity IDE Flaw Enabling Prompt Injection Code ExecutionCybersecurity researchers have discovered a vulnerability in Google's agentic integrated development environment (IDE), Antigravity, that could be exploited to achieve code execution. The flaw, since patched, combines Antigravity's permitted file-creation capabilities with an ins…THEHACKERNEWS.COM
21 AprUK probes Telegram and other chat apps over child safety failuresThe UK’s communications regulator Ofcom has opened formal investigations into Telegram, Teen Chat, and Chat Avenue over concerns they are failing to prevent the spread of child sexual abuse material (CSAM) and protect minors from online grooming. The enforcement action follows ev…CYBERINSIDER.COM
21 AprPrompt injection turned Google’s Antigravity file search into RCESecurity researchers have revealed a prompt injection flaw in Google’s Antigravity IDE that could be weaponized to bypass its sandbox protections and achieve remote code execution (RCE). The issue came from Antigravity’s ability to allow AI agents to invoke native functions, like…CSOONLINE.COM
21 AprThe Vercel breach started at a tool nobody was watchingsubmitted by codeinabox to security 1 points | 0 comments https://siddhantkhare.com/writing/vercel-breach-oauth-blast-radiusPROGRAMMING.DEV
21 AprAlert: WhatsApp Phishing Campaign Delivers MalwareA new phishing campaign is using WhatsApp messages to deliver malware, according to researchers at Microsoft. The attackers are attempting to trick users into installing malicious Visual Basic Script (VBS) files. “The campaign relies on a combination of social engineering and liv…KNOWBE4.COM
21 AprPhishing and MFA exploitation: Targeting the keys to the kingdomIn 2025, attackers increasingly targeted weaknesses in multi-factor authentication (MFA) workflows, and phishing attacks leveraged valid, compromised credentials to launch lures from trusted accounts. The trends focused entirely on trust, or the lack thereof, in everyday business…TALOSINTELLIGENCE.COM
21 AprCloud platform Vercel says company breached through third-party AI toolVercel released a statement acknowledging a breach and warning a “limited subset of customers” that their Vercel credentials were compromised.THERECORD.MEDIA
21 Apr22 BRIDGE:BREAK Flaws Expose 20,000 Lantronix and Silex Serial-to-IP ConvertersCybersecurity researchers have identified 22 new vulnerabilities in popular models of serial-to-IP converters from Lantronix and Silex that could be exploited to hijack susceptible devices and tamper with data exchanged by them. The vulnerabilities have been collectively codename…THEHACKERNEWS.COM
21 AprCISA confirms exploitation of 3 more Cisco networking device vulnerabilitiesCisco revealed six critical flaws in widely used products in February. The government has now seen evidence that hackers are abusing four of them.CYBERSECURITYDIVE.COM
21 AprThe Ungoverned Workforce: Cybersecurity Insiders Finds 92% Lack Visibility Into AI IdentitiesWashington D.C., USA, April 21st, 2026, CyberNewswire Cybersecurity Insiders, in collaboration with Saviynt, has released new research indicating that AI identities are increasingly operating within core enterprise systems, often without established governance or visibility. The …GBHACKERS.COM
21 AprSecurity Game Isn’t FairIn cybersecurity, attackers and defenders are often described as unequal—but not always in the way people assume. Defenders shape the environment: they define the rules, deploy layered defenses, and control the systems attackers must navigate. This creates a fundamentally asymmet…YOUTUBE.COM
21 AprMozilla: Anthropic's Mythos found 271 zero-day vulnerabilities in Firefox 150CTO says new AI model is "every bit as capable" as world's best security researchers.ARSTECHNICA.COM
21 AprRobosawmill, Gentleman, Vercel, GitHub, Claude, RS232, Josh Marpet, and More... - SWN #574Robosawmill, Gentleman, Vercel, GitHub, Claude, RS232, Josh Marpet, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-574YOUTUBE.COM
21 AprOracle April 2026 Critical Patch Update Addresses 241 CVEsOracle addresses 241 CVEs in its second quarterly update of 2026 with 481 patches, including 34 critical updates. Key takeaways: The second Critical Patch Update (CPU) for 2026 contains fixes for 241 unique CVEs in 481 security updates   34 issues (7.1% of all patches) were …TENABLE.COM
21 AprFormer DigitalMint ransomware negotiator pleads guilty to extortion schemeAngelo Martino helped accomplices extort a combined $75.3 million in ransom payments from five victim companies. The post Former DigitalMint ransomware negotiator pleads guilty to extortion scheme appeared first on CyberScoop .CYBERSCOOP.COM
20 Aprdeleteduser.com - a $15 Personally Identifiable Information (PII) Magnetsubmitted by artwork to cybersecurity 4 points | 0 comments https://mike-sheward.medium.com/deleteduser-com-a-15-pii-magnet-c4396eb21061 …deleting records could cause big problems. Referential integrity across database tables simply wouldn’t allow it… it would cause a resonance c…SH.ITJUST.WORKS
20 AprVercel Breach Tied to Context AI Hack Exposes Limited Customer CredentialsWeb infrastructure provider Vercel has disclosed a security breach that allows bad actors to gain unauthorized access to "certain" internal Vercel systems. The incident stemmed from the compromise of Context.ai, a third-party artificial intelligence (AI) tool, that was used by an…THEHACKERNEWS.COM
20 AprVercel Reports Data Breach Amid Claims of Compromised Internal InfrastructureAccording to a recent security bulletin published by Vercel, the cloud platform company has suffered a data breach involving unauthorized access to its internal infrastructure. The incident, which was updated on April 20, 2026, highlights the growing risks associated with third-p…GBHACKERS.COM
20 AprQEMU Hijacked as Stealth Backdoor for Credential Theft, RansomwareAttackers are increasingly abusing QEMU virtual machines to hide credential theft and ransomware staging inside “invisible” virtual environments, making detection and forensics significantly harder for defenders. QEMU is a legitimate open-source emulator and virtualizer that allo…GBHACKERS.COM
20 AprCritical Gardyn Flaws Open Smart Garden Devices to Remote HijackingA recently updated advisory from the Cybersecurity and Infrastructure Security Agency (CISA) has revealed severe vulnerabilities in Gardyn Home Kit systems. These critical flaws carry a maximum CVSS score of 9.3 and could allow malicious actors to hijack smart gardening devices r…GBHACKERS.COM
20 AprHandling the CVE Flood With EPSS, (Mon, Apr 20th)Every morning, security people around the world face the same ritual: opening their vulnerability feed to find a lot of new CVE entries that appeared overnight. Over the past decade, this flood has become a defining challenge of modern defensive security. Some numbers[ 1 &#x…ISC.SANS.EDU
20 AprUngepatchte Windows-Zero-Days RedSun, UnDefend und BlueHammer werden attackiertDie Zero-Day-Lücken im Windows Defender mit den Namen BlueHammer, RedSun und UnDefend werden offenbar attackiert.HEISE.DE
20 AprAI Model Claude Opus turns bugs into exploits for just $2,283Claude Opus created a working Chrome exploit for $2,283, showing that widely available AI models can already find and weaponize vulnerabilities. Claude Opus managed to produce a functional Chrome exploit for just $2,283, raising concerns about how easily AI can be used to find an…SECURITYAFFAIRS.COM
20 AprAngriff auf Next.js-Hersteller Vercel: Kundendaten abgegriffenInterne Vercel-Systeme und damit auch Kundendaten wurden in einem Security-Vorfall kompromittiert. Ein externes KI-Tool diente als Einfallstor.HEISE.DE
20 AprMaking AI actually work in the enterprise and more RSAC Conference 2026 interviews - A... - ESW #455Interview with Jim Spignardo What does it take to build AI workflows that work? Why do so many fail? Jim isn’t a typical ESW guest. I think it’s essential for security folks to regularly step outside the security bubble and understand other perspectives and mindsets. That’s what …YOUTUBE.COM
20 AprAnthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply ChainCybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) architecture that could pave the way for remote code execution and have a cascading effect on the artificial intelligence (AI) supply chain. "This flaw enables Arbitrar…THEHACKERNEWS.COM
20 AprCISOs reshape their roles as business risk strategistsNitin Raina ’s career history resembles that of many CISOs: He worked in IT infrastructure, operations, and services before moving into security and advancing through the ranks. He’s now global chief information security officer at technology consultancy Thoughtworks. But in a le…CSOONLINE.COM
20 AprNetwork ‘background noise’ may predict the next big edge-device vulnerabilityGreyNoise researchers spotted a consistent trend in forthcoming vulnerabilities affecting security tools, providing defenders an early-warning system for likely imminent attacks. The post Network ‘background noise’ may predict the next big edge-device vulnerability appeared first…CYBERSCOOP.COM
20 AprFracturing Software Security With Frontier AI ModelsUnit 42 finds frontier AI models enhance vulnerability discovery, acting as full-spectrum security researchers. They enable autonomous zero-day discovery and faster N-day patching. The post Fracturing Software Security With Frontier AI Models appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
20 AprThird-party AI hack triggers Vercel breach, internal environments accessedVercel suffered a breach after a hacked Context.ai tool exposed an employee account, letting attackers access limited internal systems and non-sensitive data. Vercel reported a security breach caused by the compromise of a third-party AI tool, Context.ai, used by one of its emplo…SECURITYAFFAIRS.COM
20 AprAnthropic MCP Hit by Critical Vulnerability Enabling Remote Code ExecutionA critical, systemic vulnerability discovered in Anthropic’s Model Context Protocol (MCP) has exposed over 150 million downloads and up to 200,000 servers to complete takeover, according to research published April 15, 2026, by the OX Security Research team. The flaw enable…GBHACKERS.COM
20 Apr KEVThree Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatchedsubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2026/04/three-microsoft-defender-zero-days.htmlSH.ITJUST.WORKS
20 AprAttackers abuse Microsoft Teams to impersonate the IT helpdesk in a new enterprise intrusion playbookAttackers are increasingly exploiting enterprise collaboration platforms such as Microsoft Teams to gain initial access, impersonating IT helpdesk staff and persuading employees to grant remote control, according to new research from Microsoft. In a blog post , Microsoft describe…CSOONLINE.COM
20 AprHackers exploit Vercel’s trust in AI integrationFrontend cloud platform Vercel, the creator of Next.js and Turbo.js, has warned about a data breach after a compromised third-party AI application abused OAuth to access its internal systems. A Vercel employee used the third party app, identified as Context.ai , which allowed the…CSOONLINE.COM
20 Apr KEVCISA flags Apache ActiveMQ flaw as actively exploited in attackssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/cisa-flags-apache-activemq-flaw-as-actively-exploited-in-attacks/SH.ITJUST.WORKS
20 AprVercel confirms breach as hackers claim to be selling stolen datasubmitted by kid to cybersecurity 3 points | 0 comments https://www.bleepingcomputer.com/news/security/vercel-confirms-breach-as-hackers-claim-to-be-selling-stolen-data/SH.ITJUST.WORKS
20 AprGh0st RAT, CloverPlus Hit Victims in Dual-Malware CampaignA new malware campaign is bundling a powerful remote access trojan (RAT) with intrusive adware, giving attackers both long-term control of infected systems and an immediate revenue stream from fraudulent advertising activity. The loader hides two encrypted payloads in its resourc…GBHACKERS.COM
20 AprShowDoc Vulnerability Patched in 2020 Now Used in Active Server Takeoverssubmitted by kid to cybersecurity 4 points | 0 comments https://hackread.com/showdoc-vulnerability-patch-2020-server-takeover/SH.ITJUST.WORKS
20 Apr⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & MoreMonday’s recap shows the same pattern in different places. A third-party tool becomes a way in, then leads to internal access. A trusted download path is briefly swapped to deliver malware. Browser extensions act normally while pulling data and running code. Even update channels …THEHACKERNEWS.COM
20 AprApp host Vercel says it was hacked and customer data stolenVercel blamed its breach on an earlier hack at Context AI, which allowed hackers to hijack a Vercel employee's account to steal customer data.TECHCRUNCH.COM
20 AprAI Agents Are Insider RiskAI agents and chatbots are increasingly integrated into systems with access to data and services. However, they often lack traditional identity controls like MFA and may not be fully monitored. Without visibility and restrictions, these agents can behave like unmanaged insiders—a…YOUTUBE.COM
20 AprFireside Chat: PKI has carried digital trust through every tech advance—now comes the hardest onePublic key infrastructure — the authentication and encryption framework that has held digital commerce together through every chaotic leap forward in technology — is facing a double whammy. Related: Achieveing AI security won’t be easy Autonomous AI agents are f…LASTWATCHDOG.COM
20 AprVulnerability exploitation surges often precede disclosure, offering possible early warningsOrganizations can get ahead of major flaws with the right threat intelligence, according to a new report.CYBERSECURITYDIVE.COM
20 AprVercel systems targeted after third-party tool compromisedAn employee using a consumer app was breached after granting too many permissions.CYBERSECURITYDIVE.COM
20 AprCloud development platform Vercel confirms breach.White House officials meet with Anthropic CEO over Mythos concerns. Scattered Spider hacker pleads guilty.THECYBERWIRE.COM
20 Apr2026’s Breach List So Far: FBI Hacked, 1B Androids at Risk, 270M iPhones VulnerableFrom the FBI breach to the DarkSword iPhone exploit, these are the biggest cyber attacks and security failures that have shaped 2026 so far. The post 2026’s Breach List So Far: FBI Hacked, 1B Androids at Risk, 270M iPhones Vulnerable appeared first on TechRepublic .TECHREPUBLIC.COM
20 AprVercel Confirms Major Security Incident as Hacker Claims $2M Ransom DemandVercel confirms a security incident after a threat actor claims internal access and demands a $2M ransom, raising concerns about API keys, CI/CD pipelines, and cloud security. The post Vercel Confirms Major Security Incident as Hacker Claims $2M Ransom Demand appeared first on Te…TECHREPUBLIC.COM
20 AprSurvey: Security Leaders Emphasize Need for Workforce EducationA new survey from LevelBlue has found that a majority of Chief Technology Officers (CTOs) believe the human-related elements of their cybersecurity strategies are falling short. These concerns are exacerbated by the emergence of new threats, such as AI-assisted attacks.KNOWBE4.COM
20 AprMicrosoft Defender Flaws Exploited on Windows, Two Left UnpatchedAlthough the team with Microsoft moved swiftly to patch the BlueHammer vulnerability, other exploits still threaten Microsoft Defender and Windows users. The post Microsoft Defender Flaws Exploited on Windows, Two Left Unpatched appeared first on TechRepublic .TECHREPUBLIC.COM
20 AprThe MCP Disclosure Is the AI Era’s ‘Open Redirect’ MomentThe MCP flaw reveals a systemic AI security gap, exposing enterprise systems to supply chain attacks and forcing a shift toward data-layer governance. The post The MCP Disclosure Is the AI Era’s ‘Open Redirect’ Moment appeared first on TechRepublic .TECHREPUBLIC.COM
20 AprWhen one weak link is enough.Cloud platform Vercel confirms a data breach. Microsoft releases emergency updates to fix Windows Server restart loops. Bluesky gets DDoSed. Insurers keep close watch on an AI hiring discrimination suit. Cybersecurity workforce turnover rises. Scammers abuse Apple’s email notific…THECYBERWIRE.COM
20 AprThe FTC’s AI portfolio is about to get biggerThe commission is preparing to enforce key parts of a new law against sexual deepfakes and searching for ways to block AI-driven scamming using voice clones. The post The FTC’s AI portfolio is about to get bigger appeared first on CyberScoop .CYBERSCOOP.COM
20 AprVercel’s security breach started with malware disguised as Roblox cheatsThe attack, which originated at Context.ai, showcases the pitfalls of interconnected cloud applications and SaaS integrations with overly privileged permissions. The post Vercel’s security breach started with malware disguised as Roblox cheats appeared first on CyberScoop .CYBERSCOOP.COM
20 AprSmall Banks at Risk of CollapseStablecoins could be used to inject large amounts of perceived “equity” into small community banks, even though that capital may not be واقعی or stable. If banks treat this as real money, they could start issuing loans based on unstable or fraudulent backing. That creates a syste…YOUTUBE.COM
20 AprVuln in Google’s Antigravity AI agent manager could escape sandbox, give attackers remote code executionGoogle’s highest security setting for its agents runs command operations through a sandbox and throttles network access, but is still vulnerable to prompt injection. The post Vuln in Google’s Antigravity AI agent manager could escape sandbox, give attackers remote code execution …CYBERSCOOP.COM
19 AprVercel confirms security incident as hackers claim to sell internal accessVercel has disclosed a security incident involving unauthorized access to parts of its internal systems, as a threat actor simultaneously claims to be selling access keys, source code, and database information allegedly linked to the company. The incident was confirmed on April 1…CYBERINSIDER.COM
18 AprClaude Opus wrote a Chrome exploit for $2,283submitted by cm0002 to cybersecurity 3 points | 0 comments https://www.theregister.com/2026/04/17/claude_opus_wrote_chrome_exploit/INFOSEC.PUB
18 AprCybersecurity Today Month in Review of March/April 2026Cybersecurity Today Month-in-Review: RSAC AI Hype, Agentic Risks, Mythos Claims, and Real-World Resilience Jim Love hosts a delayed March month-in-review with panelists David Shipley and Laura Payne, starting with RSAC takeaways: agentic AI everywhere, heightened marketing specta…CYBERSECURITYTODAY.LIBSYN.COM
18 AprMicrosoft Defender under attack as three zero-days, two of them still unpatched, enable elevated accessAttackers exploit three Microsoft Defender zero-days, code-named BlueHammer, RedSun, and UnDefend, to gain elevated access. Attackers are exploiting three recently disclosed zero-day flaws in Microsoft Defender to gain higher privileges on compromised systems. The vulnerabilities…SECURITYAFFAIRS.COM
18 AprNexcorium Mirai variant exploits TBK DVR flaw to launch DDoS attacksA Mirai variant called Nexcorium exploits a flaw in TBK DVRs to infect devices and use them in DDoS attacks, along with outdated TP-Link routers. Fortinet researchers found that threat actors are exploiting vulnerabilities in TBK DVRs and end-of-life TP-Link routers to spread a M…SECURITYAFFAIRS.COM
18 AprResearcher Claims Claude Opus Enabled Creation of Working Chrome ExploitA security researcher has shown that Anthropic’s Claude Opus can help build a working browser exploit chain against Google Chrome’s V8 engine, raising fresh concerns about how quickly AI can speed up offensive security work. The experiment was published by Mohan Pedhapati, also k…GBHACKERS.COM
18 AprHidden VMs: how hackers leverage QEMU to stealthily steal data and spread malwareAttackers abuse QEMU to hide malware in virtual machines, bypass detection, steal data, and deploy ransomware without leaving any trace. Sophos researchers report a rise in attackers abusing QEMU, an open-source emulator, to hide malicious activity inside virtual machines. By run…SECURITYAFFAIRS.COM
17 AprOperation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal AccountsAn international law enforcement operation has taken down 53 domains and arrested four people in connection with commercial distributed denial-of-service (DDoS) operations that were used by more than 75,000 cybercriminals. The ongoing effort, dubbed Operation PowerOFF, disrupted …THEHACKERNEWS.COM
17 AprFake Zoom SDK Update Spreads Sapphire Sleet Malware in New macOS Attack ChainA sophisticated macOS-focused cyber campaign orchestrated by the North Korean threat actor Sapphire Sleet, revealing a shift toward social engineering over traditional software exploitation. Instead of relying on vulnerabilities, the attackers trick users into executing malicious…GBHACKERS.COM
17 AprCritical Flowise Flaw Enables Remote Command Execution via MCP AdaptersOX Security researchers have uncovered a critical, systemic vulnerability built directly into the architecture of Anthropic’s Model Context Protocol (MCP). As the industry standard for AI agent communication, this foundational flaw exposes systems to Arbitrary Command Execution (…GBHACKERS.COM
17 AprGoogle Deploys Gemini AI to Stop Threat Actors, Blocking 8.3 Billion AdsGoogle has significantly escalated its fight against cybercriminals, deploying its advanced Gemini AI to neutralize malicious advertising campaigns. By leveraging generative AI, the tech giant intercepted more than 99% of these harmful advertisements before they ever reached end …GBHACKERS.COM
17 AprAmtrak - 2,147,679 breached accountsIn April 2026, the hacking group ShinyHunters claimed they had breached Amtrak . The group typically compromises organisations' Salesforce instances before demanding a ransom and later, if not paid, dumping the data publicly. They subsequently published the alleged data which con…HAVEIBEENPWNED.COM
17 AprLocal area network anonymity hardening tool for Linuxsubmitted by Nikolas5476 to cybersecurity 4 points | 0 comments Source code and details: github.com/nikolas-trey/LANGhost Description LANGhost is a Linux anonymity hardening layer for systems managed by NetworkManager. It minimizes identity leakage across multiple network surface…SH.ITJUST.WORKS
17 AprPalo Alto’s Helmut Reisinger sees a cyber sea change ahead as AI advancesIn two decades, Palo Alto Networks has evolved from a next-generation niche player to one of the largest global cybersecurity giants today. Under its mantra of “platformization,” the company has catapulted its revenues over its closest competitors and boosted its stock valuation …CSOONLINE.COM
17 AprMythos and CybersecurityLast week, Anthropic pulled back the curtain on Claude Mythos Preview , an AI model so capable at finding and exploiting software vulnerabilities that the company decided it was too dangerous to release to the public. Instead, access has been restricted to roughly 50 organization…SCHNEIER.COM
17 AprTails 7.6.2 patches vulnerability that could expose saved files - Help Net Securitysubmitted by kid to cybersecurity 4 points | 0 comments https://www.helpnetsecurity.com/2026/04/16/tails-vulnerability-expose-saved-files/SH.ITJUST.WORKS
17 AprWe beat Google’s zero-knowledge proof of quantum cryptanalysisTwo weeks ago, Google’s Quantum AI group published a zero-knowledge proof of a quantum circuit so optimized, they concluded that first-generation quantum computers will break elliptic curve cryptography keys in as little as 9 minutes. Today, Trail of Bits is publishing our own ze…TRAILOFBITS.COM
17 AprSEO Poisoning Attack Uses Microsoft Binary to Install RMM ToolNew research has exposed a search engine poisoning campaign that delivers a trojanized TestDisk installer, abuses a Microsoft-signed binary for DLL sideloading, and silently deploys the ScreenConnect remote monitoring and management (RMM) client for hands-on keyboard access. The …GBHACKERS.COM
17 AprOperation PowerOFF Knocks Out 75,000 DDoS Attackers and Over 50 Service DomainsA major international law enforcement campaign has hit the DDoS-for-hire ecosystem, warning more than 75,000 suspected users and disrupting the infrastructure that helped power online attacks around the world. Backed by Europol, Operation PowerOFF brought together authorities fro…GBHACKERS.COM
17 AprWhite House moves to give federal agencies access to Anthropic’s Claude MythosThe US government is preparing to authorize a version of Anthropic’s Claude Mythos model for use by major US federal agencies, amid concerns that the AI model could rapidly spot cybersecurity vulnerabilities and offer the ability to exploit them. Federal Chief Information Officer…CSOONLINE.COM
17 AprHackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Facesubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/hackers-exploit-marimo-flaw-to-deploy-nkabuse-malware-from-hugging-face/SH.ITJUST.WORKS
17 Apr KEVThree Microsoft Defender Zero-Days Actively Exploited; Two Still UnpatchedHuntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems. The activity involves the exploitation of three vulnerabilities that are codenamed BlueHammer (requires Git…THEHACKERNEWS.COM
17 AprPowMix botnet targets Czech workforcesubmitted by kid to cybersecurity 2 points | 0 comments https://blog.talosintelligence.com/powmix-botnet-targets-czech-workforce/SH.ITJUST.WORKS
17 AprOperation PowerOFF: 53 DDoS domains seized and 3 Million criminal accounts uncoveredOperation PowerOFF shut down 53 DDoS-for-hire domains, arrested four suspects, and exposed data on over 3 million criminal user accounts. Operation PowerOFF is an international law enforcement action that dismantled 53 domains linked to DDoS-for-hire services used by over 75,000 …SECURITYAFFAIRS.COM
17 AprPen Test Took Down Campus WiFiA routine Nmap scan against a Cisco wireless LAN controller caused a full outage of a college’s Wi-Fi network. The issue was later confirmed as a denial-of-service vulnerability and patched. Even standard security testing techniques can trigger real outages when systems have hidd…YOUTUBE.COM
17 AprWe Reproduced Anthropic's Mythos Findings With Public Modelssubmitted by codeinabox to security 3 points | 0 comments https://blog.vidocsecurity.com/blog/we-reproduced-anthropics-mythos-findings-with-public-models Anthropic presents Mythos and Project Glasswing as evidence that advanced AI vulnerability research should be restricted. But …PROGRAMMING.DEV
17 AprInditex confirms third-party breach as hackers threaten Zara data leakInditex, the owner of Zara, has disclosed a data breach linked to a former technology provider, stating that no customer data was exposed. However, the ShinyHunters extortion group has since listed Zara on its leak site, claiming it will publish stolen data within days. The Spani…CYBERINSIDER.COM
17 Apr KEVNew “RedSun” Windows Defender zero-day exploited in the wildA newly disclosed Windows zero-day vulnerability dubbed “RedSun” is being actively exploited in the wild, allowing attackers to gain SYSTEM privileges by abusing Microsoft Defender. The vulnerability was publicly disclosed by the researcher “Nightmare-Eclipse,” who also released …CYBERINSIDER.COM
17 AprHackers are abusing unpatched Windows security flaws to hack into organizationsA security researcher published details of three security vulnerabilities in Windows Defender, and the code used to exploit them. Now, hackers are taking advantage of the vulnerabilities in real life attacks, according to a cybersecurity firm.TECHCRUNCH.COM
17 Apr KEVThree Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatchedsubmitted by monica_b1998 to cybersecurity 7 points | 0 comments https://thehackernews.com/2026/04/three-microsoft-defender-zero-days.html?m=1INFOSEC.PUB
17 AprFlawed Cisco update threatens to stop APs from getting further patchesCisco admins are scrambling to patch a critical flash memory overflow vulnerability in over 200 Cisco Systems IOS XE-based models of wireless access points (APs), caused by a recent flawed software update. If the issue is not corrected quickly, the AP’s memory will become so floo…CSOONLINE.COM
17 Apr KEVTemporary fix for Section 702.The House extends Section 702, for now. Mythos raises fresh cyber risk concerns. CISA warns of reduced capacity. ZionSiphon targets Israeli water systems. Operation PowerOFF hits DDoS-for-hire networks. CISA flags an actively exploited ActiveMQ flaw. WordPress plugin supply chain…THECYBERWIRE.COM
17 AprSecuring autonomous AI at scale with Arvind (Nitro) Nithrakashyap from RubrikArvind (Nitro) Nithrakashyap, CTO and Co-Founder of Rubrik joins Dave Bittner on the CyberWire Daily podcast for a sponsored Industry Voices at the RSAC Conference 2026. He explores the rise of “AI sprawl,” the challenges of securing autonomous agents at scale, and what organizat…THECYBERWIRE.COMHTTPS:
16 AprMcGraw Hill - 13,500,136 breached accountsIn April 2026, education company McGraw Hill confirmed a data breach following an extortion attempt . Attributed to a Salesforce misconfiguration, the company stated the incident exposed "a limited set of data from a webpage hosted by Salesforce on its platform". More than 100GB …HAVEIBEENPWNED.COM
16 AprKonform Browser - Open source web browser taking privacy, security and freedom to the next levelsubmitted by ken to cybersecurity 8 points | 1 comments https://codeberg.org/konform-browser/ Would like to share this FLOSS project been working on for a while now and hope that is cool with you all! Was not satisfied with status quo on browser options for our use-cases and need…SH.ITJUST.WORKS
16 AprWho is winning the scam game?This week, hosts of N2K CyberWire ⁠⁠⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ and⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ alongside ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠…THECYBERWIRE.COM
16 AprAI Content Hijacks Google Discover to Deliver Malicious AlertsA new large-scale cyber operation is exploiting Google’s Discovery feed to spread malicious notifications and scams through AI-generated content. Pushpaganda begins with threat actors creating around 113 fake domains filled with AI-written articles and clickbait headlines. These …GBHACKERS.COM
16 AprUAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware CampaignThe Computer Emergencies Response Team of Ukraine (CERT-UA) has disclosed details of a new campaign that has targeted governments and municipal healthcare institutions, mainly clinics and emergency hospitals, to deliver malware capable of stealing sensitive data fr…THEHACKERNEWS.COM
16 Apr KEVCisco FMC Zero-Day Among 31 High-Impact Vulnerabilities Exploited in March31 high-impact vulnerabilities were actively exploited in March 2026, with a Cisco firewall zero-day abused by the Interlock ransomware group emerging as one of the most dangerous threats to enterprise networks. Affected vendors span core enterprise and developer ecosystems, incl…GBHACKERS.COM
16 AprChrome Privacy Vulnerability Exposes Users via Fingerprinting and Header LeaksA new technical review of Google Chrome’s privacy posture shows that modern tracking no longer depends only on cookies, because websites can combine browser fingerprinting, storage tricks, and HTTP header leaks to identify users with surprising accuracy. Chrome has reduced some o…GBHACKERS.COM
16 AprCritical Cisco ISE Flaws Let Remote Attackers Execute Malicious CodeNetworking giant Cisco has issued an urgent security advisory warning of two newly discovered vulnerabilities impacting its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). Cisco Identity Services Engine (ISE) is a widely deployed security policy manag…GBHACKERS.COM
16 AprSniffnet 1.5: Welches Programm funkt nach Hause?Der Open-Source-Netzwerkmonitor Sniffnet ordnet Traffic nun einzelnen Programmen zu. Version 1.5.0 bringt zudem Blacklists und Adapter-Vorschauen.HEISE.DE
16 AprHuman Trust of AI AgentsInteresting research: “ Humans expect rationality and cooperation from LLM opponents in strategic games .” Abstract: As Large Language Models (LLMs) integrate into our social and economic interactions, we need to deepen our understanding of how humans respond to LLMs …SCHNEIER.COM
16 AprHackers Exploit n8n Webhooks to Spread MalwareA new abuse campaign targeting AI-driven workflow automation platforms particularly n8n that turns legitimate automation tools into powerful malware delivery systems. Between October 2025 and March 2026, security analysts observed a sharp surge in phishing emails that weaponized …GBHACKERS.COM
16 AprThe endless CISO reporting line debate — and what it says about cybersecurity leadershipIt is difficult to understand why, in 2026, we are still debating the reporting line of the chief information security officer (CISO). It is one of the first topics I wrote about in 2015 , and after more than two decades of high-profile cyber incidents, sustained regulatory press…CSOONLINE.COM
16 AprPowMix botnet targets Czech workforceCisco Talos discovered an ongoing malicious campaign, operating since at least December 2025, affecting a broader workforce in the Czech Republic with a previously undocumented botnet we call “PowMix.”TALOSINTELLIGENCE.COM
16 Apr KEVDefending Your Enterprise When AI Models Can Find Vulnerabilities Faster Than EverIntroduction Advances in AI model-powered exploitation have demonstrated that general-purpose AI models can excel at vulnerability discovery, even without being purpose-built for the task. Eventually, capabilities such as these will be integrated directly into the development cyc…CLOUD.GOOGLE.COM
16 AprFake ProtonVPN, game mod sites spread NWHStealer in new Windows malware campaignMultiple ongoing malware campaigns are distributing a powerful information-stealing trojan, tracked as NWHStealer, through fake VPN installers, gaming mods, and system tools. Unlike typical phishing campaigns, these attacks exploit users’ trust in popular software. Threat actors …GBHACKERS.COM
16 Apr KEVMicrosoft’s Windows Recall still allows silent data extractionMicrosoft’s Windows Recall feature remains vulnerable to complete data extraction despite a major security overhaul, according to a cybersecurity researcher who says malware running in a user’s context can quietly siphon off everything Recall has captured, without administrator p…CSOONLINE.COM
16 AprMicrosoft, Salesforce Patch AI Agent Data Leak Flawssubmitted by kid to cybersecurity 5 points | 0 comments https://www.darkreading.com/cloud-security/microsoft-salesforce-patch-ai-agent-data-leak-flawsSH.ITJUST.WORKS
16 AprPHP Composer flaws enable remote command execution via Perforce VCSsubmitted by kid to cybersecurity 7 points | 0 comments https://securityaffairs.com/190824/security/php-composer-flaws-enable-remote-command-execution-via-perforce-vcs.htmlSH.ITJUST.WORKS
16 AprThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More StoriesYou know that feeling when you open your feed on a Thursday morning and it's just... a lot? Yeah. This week delivered. We've got hackers getting creative in ways that are almost impressive if you ignore the whole "crime" part, ancient vulnerabilities somehow still ruining people'…THEHACKERNEWS.COM
16 AprVom BlueHammer-Autor: Neuer Windows-Zeroday verschafft AdminrechteDer Exploit nutzt ausgerechnet ein unsicheres Verhalten des Windows Defender und eines Datei-API, um sich Systemrechte zu sichern. Er ist noch ungepatcht.HEISE.DE
16 AprAI platform n8n abused for stealthy phishing and malware deliveryAttackers abuse AI automation platform n8n to run phishing campaigns, deliver malware, and evade security by using trusted infrastructure. Threat actors are exploiting the popular AI workflow automation platform n8n to launch advanced phishing campaigns, deliver malware, and coll…SECURITYAFFAIRS.COM
16 AprEU’s official age verification app found exposing sensitive user dataThe European Commission has unveiled its official age-verification app, presenting it as a privacy-preserving, open-source solution to protect minors online. Within hours of its release, however, security researchers reported critical flaws that could expose biometric data and al…CYBERINSIDER.COM
16 AprFake Proton VPN sites are pushing NWHStealer malware to Windows usersA newly uncovered malware campaign is leveraging fake Proton VPN websites, alongside gaming mods and utility tools, to distribute a Windows infostealer known as NWHStealer. According to Malwarebytes, which documented the activity, attackers rely on a mix of deceptive websites, op…CYBERINSIDER.COM
16 AprNewly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 TrafficCybersecurity researchers have warned of an active malicious campaign that's targeting the workforce in the Czech Republic with a previously undocumented botnet dubbed PowMix since at least December 2025. "PowMix employs randomized command-and-control (C2) beaconing int…THEHACKERNEWS.COM
16 AprEU’s official age verification app found exposing sensitive user data; also EU Age Verification can be bypassed using their own infrastructuresubmitted by beep to cybersecurity 28 points | 2 comments https://video.twimg.com/amplify_video/2044718576485953536/vid/avc1/996x2160/hyLmEHaGr6DltAA6.mp4 Hacking the EU Age Verification app in under 2 minutes. During setup, the app asks you to create a PIN. After entry, the app …INFOSEC.PUB
16 AprThe Q1 vulnerability pulseThor provides an overview of the Q1 2026 vulnerability statistics, highlighting key trends in legacy CVEs and the evolving impact of AI on the threat landscape.TALOSINTELLIGENCE.COM
16 AprFoxit, LibRaw vulnerabilitiesCisco Talos’ Vulnerability Discovery & Research team recently disclosed one Foxit Reader vulnerability, and six LibRaw file reader vulnerabilities. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco&…TALOSINTELLIGENCE.COM
16 AprBeating the Mythos clock: Using Tenable Hexa AI custom agents for automated patchingSee how Tenable Hexa AI custom agents empower you to counter machine-speed threats by automating vulnerability remediation. Learn how the Model Context Protocol (MCP) automates execution of risk-driven patching workflows, shifting your strategy from reactive tracking to continuou…TENABLE.COM
16 AprMcGraw-Hill Confirms Data Exposure, Hackers Claim 45M Salesforce Records LeakedMcGraw-Hill confirms a data exposure tied to a Salesforce misconfiguration as hackers claim 45M records, raising concerns over SaaS security risks. The post McGraw-Hill Confirms Data Exposure, Hackers Claim 45M Salesforce Records Leaked appeared first on TechRepublic .TECHREPUBLIC.COM
16 AprRCE by design: MCP architectural choice haunts AI agent ecosystemAI agent building tools enable users to configure Model Context Protocol (MCP) servers may be exposing systems to remote code execution due to an architectural decision in Anthropic’s reference implementation. At issue are unsafe defaults in how MCP configuration works over the S…CSOONLINE.COM
16 AprWhen “No Exploit” Becomes OneSecurity teams sometimes rank vulnerabilities lower if no exploit exists or if exploitation seems difficult. That assumption is often based on current knowledge—like proof-of-concept code or known exploitation in the wild. This approach can fail fast. Exploits can appear suddenly…YOUTUBE.COM
16 AprThe AI "Vulnpocolypse" Is Real? - PSW #922This week: - CSA issues guidance to CISOs on Mythos - Vuln management woes - Windows tells you about Secure Boot - AI-assisted firmware vuln hunting - The dumbest hack - Edge decay and the failing perimeter - Mac OS X on a Wii - Little snitch comes to Linux - CPUID served malware…YOUTUBE.COM
15 AprCurity looks to reinvent IAM with runtime authorization for AI agentsIn 2026, enterprise developers are building and deploying the first generation of powerful, increasingly autonomous AI agents at incredible speed. Now comes the hard part: working out how to secure them. Vendors in the space are facing multiple challenges. To begin with, traditio…CSOONLINE.COM
15 AprNorth Korean Spies DM You On FacebookAndroid Mirax RAT, North Korea's Friend-Request Hacks, Adobe PDF Zero-Day, and FBI Phishing Takedown | Cybersecurity Today David Shipley covers multiple trust-based cyber threats: Mirax Android malware pushed via Meta ads posing as free streaming apps, functioning as a remote acc…CYBERSECURITYTODAY.LIBSYN.COM
15 AprTop 10 Best Passwordless Authentication Solutions in 2026Passwords are susceptible to phishing, brute-force attacks, credential stuffing, and human error, leading to an alarming number of data breaches and significant financial losses for enterprises worldwide. The frustration of forgotten passwords and endless resets also plagues user…GBHACKERS.COM
15 Apr13 Fragen gegen DrittanbieterrisikenDrum prüfe… Miljan Zivkovic | shutterstock.com Die zunehmende Abhängigkeit von IT-Dienstleistern und Software von Drittanbietern vergrößert die Angriffsfläche von Unternehmen erheblich. Das wird auch durch zahlreiche Cyberattacken immer wieder unterstrichen. Zwar lassen sich die …CSOONLINE.COM
15 Apr KEVMicrosoft Patch Tuesday April 2026 Fixes 168 Flaws, Including an Actively Exploited Zero-DayMicrosoft has released its highly anticipated April 2026 Patch Tuesday security updates, addressing a massive 168 vulnerabilities across its vast product portfolio. According to recent cybersecurity news reports, this comprehensive update includes a patch for one actively exploit…GBHACKERS.COM
15 AprOpenAI Introduces GPT-5.4 for Reverse Engineering, Vulnerability Discovery, and Malware AnalysisOpenAI has officially launched GPT-5.4-Cyber, a specialized variant of its latest artificial intelligence model explicitly fine-tuned for defensive cybersecurity. Alongside this release, the organization is significantly scaling its Trusted Access for Cyber (TAC) program, providi…GBHACKERS.COM
15 AprIvanti Neurons for ITSM Vulnerabilities Let Remote Attackers Hijack User SessionsIvanti has issued a security advisory detailing two medium-severity vulnerabilities affecting its Neurons for IT Service Management (ITSM) platform. If left unpatched, these security flaws could allow remote authenticated attackers to compromise user sessions and maintain unautho…GBHACKERS.COM
15 AprMallory Launches AI-Native Threat Intelligence Platform, Turning Global Threat Data Into Prioritized ActionBuilt by a veteran security team and led by a former Google and Mandiant executive, Mallory delivers intelligence that drives action for enterprise security teams. Mallory is launching a AI-native threat intelligence platform, purpose-built to answer the questions CISOs and their…CSOONLINE.COM
15 AprMicrosoft Issues Patches for SharePoint Zero-Day and 168 Other New VulnerabilitiesMicrosoft on Tuesday released updates to address a record 169 security flaws across its product portfolio, including one vulnerability that has been actively exploited in the wild. Of these 169 vulnerabilities, 157 are rated Important, eight are rated&nbs…THEHACKERNEWS.COM
15 AprHackers Exploit Hidden Microsoft 365 Mailbox Rules to Steal Sensitive Business EmailsAttackers are quietly abusing Microsoft 365 mailbox rules to steal emails, hide alerts, and maintain long-term access without installing malware. These stealthy tactics are increasingly common in business email compromise (BEC) campaigns targeting enterprise users worldwide. Afte…GBHACKERS.COM
15 AprPHP Composer flaws enable remote command execution via Perforce VCSTwo high-severity flaws in PHP Composer could let attackers run arbitrary commands via malicious repository configs and crafted inputs affecting Perforce VCS. Two high-severity vulnerabilities in PHP Composer could allow attackers to execute arbitrary commands. PHP Composer is a …SECURITYAFFAIRS.COM
15 AprThe need for a board-level definition of cyber resilienceCyber resilience has become a critical governance concern as organizations face increasingly complex and costly cyber threats. However, recent research reveals that the concept of cyber resilience remains inconsistently defined across regulatory frameworks and in some cases prese…CSOONLINE.COM
15 AprCredit Resources Vault: Why this credit email set off our scam alarmsInside a targeted email campaign that funnels the most vulnerable financial people into handing over sensitive data, and signing up for weekly fees.MALWAREBYTES.COM
15 AprThe deepfake dilemma: From financial fraud to reputational crisisDeepfake technology has crossed a critical threshold. What was impossible 10 years ago and required specific expertise only a few years ago is now cheap and accessible. Worse, it’s now good enough to fool a wide range of employees and executives. In fact, a 2025 Gartner survey fo…CSOONLINE.COM
15 AprApril Patch Tuesday fixes two zero-days, including one under active attackThis month’s Patch Tuesday addresses 167 vulnerabilities, including two zero-days that could lead to system compromise, data exposure, and privilege escalation.MALWAREBYTES.COM
15 AprHackers Abuse Google Cloud Storage to Slip Remcos RAT Past Email FiltersHackers are exploiting Google Cloud Storage to bypass email and web filters and deliver Remcos RAT through convincing Google Drive–themed phishing campaigns that blend social engineering with fileless, multi‑stage execution chains. Phishing emails link to Google Cloud Storage buc…GBHACKERS.COM
15 AprMuddyWater-Style Hackers Probe 12,000+ Systems Ahead of Middle EastA threat group resembling MuddyWater has conducted a large-scale reconnaissance and intrusion operation targeting critical sectors in the Middle East, including aviation, energy, and government entities. The attackers reportedly scanned over 12,000 internet-facing systems before …GBHACKERS.COM
15 AprUnlocking foundational visibility for cyber-physical systems with OT vulnerability managementStop managing risk in silos. VM-Native OT Discovery, now available in Tenable Vulnerability Management and Tenable Security Center provides unified visibility across IT and OT domains. See every asset and manage your total cyber exposure in a unified view. Key takeaways The air g…TENABLE.COM
15 AprTop 10 Best Application Security Testing Companies in 2026In the rapidly evolving digital landscape of 2026, applications are the backbone of every enterprise. From customer-facing web portals and mobile apps to intricate internal systems and APIs, software drives business operations, innovation, and customer engagement. However, this u…GBHACKERS.COM
15 AprOrganizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities - SecurityWeeksubmitted by kid to cybersecurity 1 points | 0 comments https://www.securityweek.com/organizations-warned-of-exploited-windows-adobe-acrobat-vulnerabilities/SH.ITJUST.WORKS
15 AprMicrosoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilitiessubmitted by kid to cybersecurity 5 points | 0 comments https://thehackernews.com/2026/04/microsoft-issues-patches-for-sharepoint.htmlSH.ITJUST.WORKS
15 AprwolfSSL Vulnerability Hits IoT, Routers and Military Systems, Update Now!submitted by kid to cybersecurity 2 points | 0 comments https://hackread.com/wolfssl-vulnerability-iot-routers-military-systems/SH.ITJUST.WORKS
15 AprEFF urges state probe into Google over undisclosed data sharing with ICEThe Electronic Frontier Foundation (EFF) has filed complaints with California and New York authorities accusing Google of deceptive practices, alleging that the company failed to notify users before handing their data to law enforcement. The case centers on a Ph.D. student whose …CYBERINSIDER.COM
15 AprPatch Tuesday notes: Microsoft addresses two zero-days.CISA recalls furloughed employees despite funding lapse. Business news: Cisco to acquire AI observability platform Galileo.THECYBERWIRE.COM
15 AprMicrosoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-DaysMicrosoft’s April 2026 Patch Tuesday fixes 165 vulnerabilities, including two zero-days, in one of the company’s largest monthly security updates. The post Microsoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-Days appeared first on TechRepublic .TECHREPUBLIC.COM
15 AprA heavy patch Tuesday lands.Patch Tuesday. CISA directs furloughed employees back to work. Experts warn Anthropic’s Glasswing signals a new era of AI-driven vulnerability discovery. Federal prosecutors crack down on chip smuggling. Sweden says a pro-Russian cyber group attempted to disrupt power plant opera…THECYBERWIRE.COM
15 AprSmashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifyingA hacking group claims to have broken into the flood defence system protecting Venice's Piazza San Marco - and is offering to sell access to whoever wants it. The asking price? A frankly insulting $600. Meanwhile, Anthropic accidentally leaked the source code for Claude Code via …GRAHAMCLULEY.COM
14 AprHow Hackers Are Thinking About AIInteresting paper: “ What hackers talk about when they talk about AI: Early-stage diffusion of a cybercrime innovation. ” Abstract: The rapid expansion of artificial intelligence (AI) is raising concerns about its potential to transform cybercrime. Beyond empowering n…SCHNEIER.COM
14 AprAnalysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)OX Security recently analyzed 216 million security findings across 250 organizations over a 90-day period. The primary takeaway: while raw alert volume grew by 52% year-over-year, prioritized critical risk grew by nearly 400%. The surge in AI-assisted development is cre…THEHACKERNEWS.COM
14 Apr KEVCISA Alerts on Exploited Microsoft Exchange and Windows CLFS Security FlawsThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert regarding two actively exploited security vulnerabilities in Microsoft products. Added to the Known Exploited Vulnerabilities (KEV) catalog on April 13, 2026, these flaws impact the Micro…GBHACKERS.COM
14 AprHackers Exploit Obsidian Plugin to Deploy Cross-Platform MalwareHackers are abusing Obsidian’s Shell Commands plugin and shared cloud vaults to deliver a new cross‑platform malware chain that ends with the PHANTOMPULSE remote access trojan. Attackers pose as a venture capital firm targeting financial and cryptocurrency professionals, first en…GBHACKERS.COM
14 AprSynology SSL VPN Client Vulnerability Enabled Remote Access to Sensitive FilesSynology has recently released a crucial security update to fix two notable vulnerabilities in its SSL VPN Client utility. Tracked under the security advisory Synology-SA-26:05, these flaws could allow remote attackers to access sensitive system files and intercept secure network…GBHACKERS.COM
14 AprThe AI inflection point: What security leaders must do nowAI is no longer a speculative topic for security leaders. It has moved from experimentation to implementation, and increasingly, to measurable production impact. Over the past year, my conversations with CISOs have shifted. The question is no longer whether AI belongs in cybersec…CSOONLINE.COM
14 AprSecuring Software's Journey with the OWASP SPVS - ASW #378It's one thing to write secure code, it's another to release it into the wild. That code needs to be designed, built, tested, released, and maintained. Farshad Abasi and Cameron Walters explain how the OWASP Secure Pipeline Verification Standard picks up from where ASVS left off,…YOUTUBE.COM
14 AprAI Codex Exploits Samsung TV Driver Flaw to Gain Root AccessA new experiment has shown how an AI coding assistant, Codex, can independently escalate privileges on a Samsung Smart TV by abusing dangerously exposed kernel drivers in Samsung’s KantS2 Tizen firmware. Working from an existing browser foothold, Codex chained together source-cod…GBHACKERS.COM
14 AprChina-linked cloud credential heist runs on typos and SMTPChina-aligned hackers have deployed a Linux-based ELF backdoor to steal cloud credentials at scale from workloads across AWS, GCP, Azure, and Alibaba Cloud environments. According to Breakglass Intelligence findings, the backdoor uses a “zero-detection” technique, employing SMTP …CSOONLINE.COM
14 AprSecuring non-human identities: automated revocation, OAuth, and scoped permissionsCloudflare is introducing scannable API tokens, enhanced OAuth visibility, and GA for resource-scoped permissions. These tools help developers implement a true least-privilege architecture while protecting against credential leakage.CLOUDFLARE.COM
14 AprUS, UK and Canada disrupt $45M crypto theft in Operation AtlanticUS, UK and Canada ran Operation Atlantic, uncovering $45M in crypto theft and freezing $12M to return to victims. An international law enforcement operation from the US, UK and Canada, codenamed Operation Atlantic, has targeted large-scale cryptocurrency theft schemes. Authoritie…SECURITYAFFAIRS.COM
14 AprAdobe fixes PDF zero-day security bug that hackers have exploited for monthsIt's not clear how many people were compromised by this hacking campaign, but a security researcher said the hackers were targeting victims since at least November 2025.TECHCRUNCH.COM
14 AprAI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad FraudCybersecurity researchers have unmasked a novel ad fraud scheme that has been found to leverage search engine poisoning (SEO) techniques and artificial intelligence (AI)-generated content to push deceptive news stories into Google's Discover feed and trick users into en…THEHACKERNEWS.COM
14 AprEU regulators largely denied access to Anthropic MythosEuropean regulators have largely been frozen out of early access to Anthropic’s new Mythos model, Politico reports . The AI technology, aimed at cybersecurity use cases , is said to be able to identify and exploit technical vulnerabilities at a level that surpasses most humans — …CSOONLINE.COM
14 AprKali Forms Vulnerability Enables Remote Code Execution RCEsubmitted by kid to cybersecurity 6 points | 0 comments https://thecyberexpress.com/kali-forms-vulnerability-wordpress-plugin/SH.ITJUST.WORKS
14 AprHack the AI agent: Build agentic AI security skills with the GitHub Secure Code GameLearn to find and exploit real-world agentic AI vulnerabilities through five progressive challenges in this free, open source game that over 10,000 developers have already used to sharpen their security skills. The post Hack the AI agent: Build agentic AI security skills with the…GITHUB.BLOG
14 AprPersonal data of 1 million gym members compromised in Basic-Fit security incidentA breach at Basic-Fit exposed data of 1M members, including names, birth dates and bank details after unauthorized access. Basic-Fit, Europe’s largest gym chain, has disclosed a data breach affecting around 1 million members. Hackers gained unauthorized access to the company syst…SECURITYAFFAIRS.COM
14 AprAdobe Issues Emergency Patch for Critical PDF Flaw Exploited For MonthsAdobe patches a critical PDF flaw exploited for months, allowing attackers to bypass sandbox protections and deliver malware. Users urged to update now. The post Adobe Issues Emergency Patch for Critical PDF Flaw Exploited For Months appeared first on TechRepublic .TECHREPUBLIC.COM
14 Apr4 questions to ask before outsourcing MDRSecurity teams are stretched thin. Alerts never stop, attackers move faster, and expectations for uptime and resilience keep rising. For many IT and security leaders, Managed Detection and Response (MDR) has become less of a “nice to have” and more of a practical way to stay ahea…CSOONLINE.COM
14 Apr5 trends defining the future of AI-powered cybersecurityThe new N-able and Futurum Report reveals how AI is reshaping cyber resilience as it accelerates both business innovation and adversarial tradecraft. Attackers are scaling their operations with unprecedented speed, leveraging automation to bypass traditional defenses. For IT secu…CSOONLINE.COM
14 Apr KEVPatch Tuesday, April 2026 EditionMicrosoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed "BlueHammer." Separately, Google Chr…KREBSONSECURITY.COM
14 AprZuckbot, Rockstar, Klaude, Browsers Galore, Microsoft 365, ATC, Kieran Human and more - SWN #572Amish Conversion, Zuckbot, Rockstar, Klaude, Browsers Galore, Microsoft 365, Outlook Lite, Air Traffic Control, Kieran Human, and More on the Security Weekly News. Segment Resources: https://www.bleepingcomputer.com/news/security/medtech-giant-stryker-fully-operational-after-data…YOUTUBE.COM
14 Apr KEVMicrosoft’s April Windows update fixes 165 flaws, one exploited zero-dayMicrosoft has released its April 2026 Patch Tuesday updates for Windows 11 versions 24H2 and 25H2, to fix security bugs across the operating system. The security release addresses 165 flaws, including one actively exploited SharePoint spoofing flaw and multiple “more likely to be…CYBERINSIDER.COM
14 AprSecure AI agent access patterns to AWS resources using Model Context ProtocolAI agents and coding assistants interact with AWS resources through the Model Context Protocol (MCP). Unlike traditional applications with deterministic code paths, agents reason dynamically, choosing different tools or accessing different data depending on context. You must assu…AWS.AMAZON.COM
13 AprBanks Panic As Anthropic Mythos Exposes Software VulnerabiltiesMythos Sparks Urgent Bank Meetings, AI Shrinks Exploit Windows, CEO Phishing Beats MFA + Crypto Fraud Bust Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one…CYBERSECURITYTODAY.LIBSYN.COM
13 AprApache Tomcat Flaws Enable EncryptInterceptor BypassThe Apache Software Foundation has released critical security updates for Apache Tomcat to address three newly disclosed vulnerabilities. Because Apache Tomcat is a widely deployed open-source web server, these flaws pose a significant risk to many enterprise environments. The ne…GBHACKERS.COM
13 AprCISOs tackle the AI visibility gapDale Hoak found himself asking a question that has become familiar to CISOs through the decades: What am I missing? More specifically, Hoak , CISO at software firm RegScale, was wondering what he might be missing around his company’s AI deployments. “The business was moving so fa…CSOONLINE.COM
13 AprWe catch up on the news, including AI vuln hunting; also more RSAC interviews! - ESW #454Segment 1: We cover the weekly enterprise news! Segment 2: RSAC interviews from ArmorCode and Filigran ArmorCode: AI Exposure Management and Governing Shadow AI AI is moving faster than most governance models can keep up. As organizations race to adopt new AI tools, developer wor…YOUTUBE.COM
13 AprAI Chatbots and TrustAll the leading AI chatbots are sycophantic, and that’s a problem : Participants rated sycophantic AI responses as more trustworthy than balanced ones. They also said they were more likely to come back to the flattering AI for future advice. And critically ­ they couldnR…SCHNEIER.COM
13 AprInternational Operation Targets Multimillion-Dollar Crypto Theft SchemesLaw enforcement in the US, UK and Canada identified more than $45 million in cryptocurrency and froze $12 million. The post International Operation Targets Multimillion-Dollar Crypto Theft Schemes appeared first on SecurityWeek .SECURITYWEEK.COM
13 AprHackers Exploit MSBuild LOLBin to Evade Detection in Fileless Windows AttacksCyber attackers are increasingly using Living Off the Land Binaries (LOLBins) to bypass security detection. By leveraging legitimate system tools, these attacks avoid signature-based defenses and operate without dropping traditional malware files. One such LOLBin now gaining atte…GBHACKERS.COM
13 AprCritical Marimo pre-auth RCE flaw now under active exploitationsubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/critical-marimo-pre-auth-rce-flaw-now-under-active-exploitation/SH.ITJUST.WORKS
13 AprYour MTTD Looks Great. Your Post-Alert Gap Doesn'tAnthropic restricted its Mythos Preview model last week after it autonomously found and exploited zero-day vulnerabilities in every major operating system and browser. Palo Alto Networks' Wendi Whitmorewarned that similar capabilities are weeks or months from proliferat…THEHACKERNEWS.COM
13 Apr⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and MoreMonday is back, and the weekend’s backlog of chaos is officially hitting the fan. We are tracking a critical zero-day that has been quietly living in your PDFs for months, plus some aggressive state-sponsored meddling in infrastructure that is finally coming to light. I…THEHACKERNEWS.COM
13 AprToo Many Vulnerabilities to FixOrganizations struggle to apply patches because uptime is prioritized, and remediation is disruptive. Vulnerability management teams often can’t get fixes deployed. An overload of vulnerabilities doesn’t improve security—it creates paralysis. Teams lose the ability to prioritize,…YOUTUBE.COM
13 AprFrom Compliance to Code: Rethinking Cloud Security - Richard Marcus - CSP #223Jess talks with Rich about what it takes to secure a cloud-first organization at scale. Rich explains how compliance as code helps teams build secure-by-default environments in AWS and Azure. He also shares why continuous monitoring gives organizations stronger visibility and a m…YOUTUBE.COM
13 AprOn Anthropic’s Mythos Preview and Project GlasswingThe cybersecurity industry is obsessing over Anthropic’s new model, Claude Mythos Preview, and its effects on cybersecurity. Anthropic said that it is not releasing it to the general public because of its cyberattack capabilities, and has launched Project Glasswing to run t…SCHNEIER.COM
13 AprAnthropic's Mythos Preview: Why the Human Layer Matters More, Not LessThe human layer is not impacted by Anthropic's Mythos Preview announcement. If anything, it is reinforced, and for reasons that deserve to be spelled out clearly.KNOWBE4.COM
13 AprAnthropic’s Mythos signals a structural cybersecurity shiftOver the past week, reaction to Anthropic’s Glasswing disclosure has split along familiar lines. At one end: alarm over an AI system capable of autonomously identifying and exploiting vulnerabilities. At the other: dismissive hot takes, arguing there is nothing new here. A more g…CSOONLINE.COM
13 AprMarch 2026 CVE Landscape: 31 High-Impact Vulnerabilities Identified, Interlock Ransomware Group Exploits Cisco FMC Zero-DayMarch 2026 saw a 139% increase in high-impact vulnerabilities, with Recorded Future's Insikt Group® identifying 31 vulnerabilities requiring immediate remediation, up from 13 in February 2026.RECORDEDFUTURE.COM
13 Apr KEVSimply opening a PDF could trigger this Adobe Reader zero-dayEven though it’s patched, Adobe confirmed it was exploited in the wild, so updating is urgent, not optional.MALWAREBYTES.COM
13 AprCitizen Lab: Webloc tracked 500M devices for global law enforcementCitizen Lab reported that law enforcement used the surveillance tool Webloc to track up to 500M devices via ad data globally. A report by Citizen Lab revealed that law enforcement agencies in the U.S., Hungary, and El Salvador used a surveillance tool called Webloc to track devic…SECURITYAFFAIRS.COM
13 AprGrafanaGhost: The AI That Leaked Everything Without Being HackedA newly disclosed vulnerability reveals how AI assistants can become invisible channels for data exfiltration — and why security enforcement must shift to the data layer. The post GrafanaGhost: The AI That Leaked Everything Without Being Hacked appeared first on TechRepublic .TECHREPUBLIC.COM
13 AprGet Secure Cloud Storage on a 2TB Lifetime Plan with Internxt for $100This secure storage platform uses open source code, zero-knowledge file systems, and end-to-end encryption to keep your online data truly private. The post Get Secure Cloud Storage on a 2TB Lifetime Plan with Internxt for $100 appeared first on TechRepublic .TECHREPUBLIC.COM
13 AprRockstar Games confirms data breach as ShinyHunters leaks 78 million recordsRockstar Games has confirmed that it suffered a data breach incident that exposed internal analytics data. Earlier today, the ShinyHunters threat group leaked the data online, claiming access to Snowflake-hosted datasets tied to the company’s online services. The incident first s…CYBERINSIDER.COM
13 AprBooking.com data breach exposed users’ reservation detailsBooking.com has notified customers of a security incident involving unauthorized access to reservation data, warning that personal and booking-related information may have been exposed. The company says it has taken steps to contain the issue, but has not disclosed how many users…CYBERINSIDER.COM
13 AprStandard fiber optic cables can be turned into remote microphonesResearchers have demonstrated that standard fiber-optic internet cables can be covertly repurposed into highly sensitive listening devices, capable of capturing speech and tracking human activity inside buildings. The study shows that, under realistic conditions, attackers could …CYBERINSIDER.COM
13 AprHallmark data breach exposed information of 1.7 million accountsA newly surfaced dataset tied to Hallmark has been added to the Have I Been Pwned (HIBP) breach notification service. The leaked data exposed the personal information of approximately 1.7 million users following an alleged March 2026 intrusion, claimed by the ShinyHunters extorti…CYBERINSIDER.COM
12 AprHallmark - 1,736,520 breached accountsIn March 2026, Hallmark suffered an alleged breach and subsequent extortion after attackers gained access to data stored within Salesforce. The data was later published after the extortion deadline passed, exposing 1.7M unique email addresses across both Hallmark and the Hallmark…HAVEIBEENPWNED.COM
12 AprCritical Marimo pre-auth RCE flaw now under active exploitationA critical pre-authentication remote code execution (RCE) vulnerability in Marimo is now under active exploitation, leveraged for credential theft. [...]BLEEPINGCOMPUTER.COM
11 AprClaude and ChatGPT Exploited in Sweeping Cyber Campaign Against Government AgenciesIn a groundbreaking technical report released by Gambit Security researcher Eyal Sela, new details have emerged about a massive cyberattack targeting government infrastructure. A single threat actor successfully leveraged artificial intelligence platforms to breach nine Mexican g…GBHACKERS.COM
11 AprCitizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad DataHungarian domestic intelligence, the national police in El Salvador, and several U.S. law enforcement and police departments have been attributed to the use of an advertising-based global geolocation surveillance system called Webloc. The tool was developed by Israeli c…THEHACKERNEWS.COM
11 AprOver 20,000 crypto fraud victims identified in international crackdownAn international law enforcement action led by the U.K.'s National Crime Agency (NCA) has identified over 20,000 victims of cryptocurrency fraud across Canada, the United Kingdom, and the United States. [...]BLEEPINGCOMPUTER.COM
11 AprTwo different attackers poisoned popular open source tools - and showed us the future of supply chain compromisesubmitted by cm0002 to cybersecurity 3 points | 0 comments https://www.theregister.com/2026/04/11/trivy_axios_supply_chain_attacks/INFOSEC.PUB
10 AprNews alert: Mallory launches AI-native platform to cut through alert noise and surface real riskAUSTIN, Texas, Apr. 9, 2026, CyberNewswire — Mallory is launching a AI-native threat intelligence platform, purpose-built to answer the questions CISOs and their teams are asking every day: •What are the real threat vectors for our organization? •What’s actually exploitable ̷…LASTWATCHDOG.COM
10 AprAWS Fixes Severe RCE, Privilege Escalation Flaws in Research and Engineering StudioAWS recently issued a critical security bulletin addressing severe vulnerabilities in its Research and Engineering Studio (RES). RES is an open-source web portal that allows administrators to create and manage secure cloud-based research environments. Security researchers identif…GBHACKERS.COM
10 AprChatGPT, Claude, and Gemini Among 11 AI Models Vulnerable to One-Line JailbreakA newly discovered jailbreak technique named “sockpuppeting” successfully forces 11 leading artificial intelligence models, including ChatGPT, Claude, and Gemini, to bypass their safety guardrails. By exploiting a standard application programming interface (API) featu…GBHACKERS.COM
10 AprMicrosoft Finds Vulnerability Exposing Millions of Android Crypto Wallet UsersThe security hole affected an EngageLab SDK and it was reported by Microsoft to the vendor one year ago. The post Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet Users appeared first on SecurityWeek .SECURITYWEEK.COM
10 AprTP-Link Devices at Risk as Multiple Security Flaws Enable TakeoverCybersecurity researchers have uncovered five significant security vulnerabilities in the TP-Link Archer AX53 v1.0 router. If left unpatched, these critical flaws could allow attackers to take full control of the device, steal sensitive network data, and compromise connected syst…GBHACKERS.COM
10 AprCritical Marimo Flaw Exploited Hours After Public DisclosureWithin nine hours, a hacker built an exploit from the unauthenticated bug’s advisory and started using it in the wild. The post Critical Marimo Flaw Exploited Hours After Public Disclosure appeared first on SecurityWeek .SECURITYWEEK.COM
10 AprThe cyber winners and losers in Trump’s 2027 budgetFederal cybersecurity spending will decline in 2027 under Donald Trump’s proposed budget, with uneven shifts across agencies, as some see sizable increases while others face sharp reductions. According to the Office of Management and Budget (OMB) crosscut tables released with Tru…CSOONLINE.COM
10 AprCMMC compliance in the age of AICybersecurity Maturity Model Certification 2.0 ( CMMC 2.0 ) is pushing federal contractors to demonstrate, not just assert, that they can protect sensitive government data. Eligibility for contracts now depends on the ability to show how controlled unclassified information (CUI) …CSOONLINE.COM
10 AprWhy most zero-trust architectures fail at the traffic layerZero trust has become one of the most widely adopted security models in enterprise environments. Organizations invest heavily in identity systems, access policies, and modern security tooling. On paper, these environments look well-protected. Yet during incidents, a different rea…CSOONLINE.COM
10 AprFake BTS Tour Ticket Scams Target Fans WorldwideCybercriminals are exploiting the massive hype around BTS’s return to the global stage by launching a wave of fake ticketing websites targeting fans across multiple countries. The K-pop group recently reunited after nearly four years, during which members completed mandatory mili…GBHACKERS.COM
10 AprOrthanc DICOM Vulnerabilities Lead to Crashes, RCEAttackers could exploit these vulnerabilities in denial-of-service, information disclosure, and arbitrary code execution attacks. The post Orthanc DICOM Vulnerabilities Lead to Crashes, RCE appeared first on SecurityWeek .SECURITYWEEK.COM
10 AprHungarian government email passwords exposed ahead of electionWhen voters in the forthcoming Hungarian election assess the current government, its record on internet security will not be one of its proudest achievements. An analysis by open source investigation organization Bellingcat has revealed that the passwords for almost 800 Hungarian…CSOONLINE.COM
10 AprJuniper Networks Patches Dozens of Junos OS VulnerabilitiesA critical-severity flaw could be exploited remotely, without authentication, to take over a vulnerable device. The post Juniper Networks Patches Dozens of Junos OS Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
10 AprEngageSDK Vulnerability puts millions of crypto wallets at riskA newly disclosed vulnerability in the widely used Android library EngageSDK has raised serious concerns across the cryptocurrency ecosystem, potentially exposing millions of users to data theft and unauthorized access. Security researchers identified a critical “intent redirecti…GBHACKERS.COM
10 AprFCC Can’t Define a RouterThe FCC guidance discussed is described as ambiguous, even requiring updates to clarify that devices like phones with hotspots are not considered routers. Unclear definitions in regulation can lead to overreach or inconsistent enforcement, especially when agencies expand into sof…YOUTUBE.COM
10 AprIn Other News: Cyberattack Stings Stryker, Windows Zero-Day, China Supercomputer HackOther noteworthy stories that might have slipped under the radar: Jones Day hacked, Internet Bug Bounty program paused due to AI, new Mac stealer malware. The post In Other News: Cyberattack Stings Stryker, Windows Zero-Day, China Supercomputer Hack appeared first on SecurityWeek…SECURITYWEEK.COM
10 AprHacker Unknown now known, named on Europol’s most-wanted listGerman police have pinned a name to one of the world’s most notorious hackers. Danii Shchukin operated under the names of UNKN or Unknown and GandCrab and was, according to German police, the leader of one of the largest globally active ransomware groups, known as GandCrab/Revi. …CSOONLINE.COM
10 AprGoogle adds end-to-end Gmail encryption to Android, iOS devices for enterprisesGoogle has made a big step forward by extending end-to-end encryption to Android and iOS devices for Gmail client-side encryption (CSE) users, says an expert. “All in all, this is a welcome update, especially in light of recent concerns surrounding WhatsApp’s encryption methods,”…CSOONLINE.COM
10 AprCrushing the Axios supply chain threat with Tenable Hexa AI: Use cases for agentic AISee how you can use Tenable Hexa AI to determine in minutes if you’re impacted by the Axios npm supply chain attack. Learn how easy it is to automate configuration of scans, identify impacted assets, prioritize remediation, and more using agentic AI from Tenable. Key takeaways:&n…TENABLE.COM
10 Apr[local] NetBT e-Fatura - Privilege EscalationNetBT e-Fatura - Privilege EscalationEXPLOIT-DB.COM
10 AprMicrosoft: Third-Party Android Vulnerability Leaves Over 50M Users ExposedA flaw in the EngageLab SDK exposed 50 million Android users, allowing malicious apps to exploit trusted permissions and access sensitive data. The post Microsoft: Third-Party Android Vulnerability Leaves Over 50M Users Exposed appeared first on TechRepublic .TECHREPUBLIC.COM
10 AprAI Expansion, Security Crises, and Workforce Upheaval Define This Week in TechSee what you missed in Daily Tech Insider from April 6–10. The post AI Expansion, Security Crises, and Workforce Upheaval Define This Week in Tech appeared first on TechRepublic .TECHREPUBLIC.COM
10 AprWebloc surveillance system tracks millions using mobile ad dataA little-known surveillance platform called Webloc can track hundreds of millions of people worldwide by repurposing data harvested from mobile apps and digital advertising ecosystems. A related investigation confirms that government agencies across multiple countries, including …CYBERINSIDER.COM
10 AprWarten auf Sicherheitsupdate: Angreifer attackieren Adobe ReaderAngreifer nutzen derzeit eine Zero-Day-Lücke in Adobe Reader aus. Bis es ein Sicherheitsupdate gibt, sollte man keine PDFs aus unbekannten Quellen öffnen.HEISE.DE
9 AprQuestions raised about how LinkedIn uses the petabytes of data it collectsThrough LinkedIn’s more than one billion business users, the Microsoft unit has access to a vast array of personally-identifiable information, including data that could identify religious and political positions. What is less clear is what LinkedIn does with all of that data. A s…CSOONLINE.COM
9 AprGitLab Addresses Multiple Vulnerabilities Linked to DoS and Code InjectionGitLab has rolled out a crucial security update to fix multiple vulnerabilities across its Community Edition (CE) and Enterprise Edition (EE) platforms. Organizations utilizing self-managed GitLab instances are strongly advised by GitLab security experts to apply these updates im…GBHACKERS.COM
9 AprMultiple SonicWall Flaws Enable SQL Injection and Privilege Escalation AttacksSonicWall has published a critical security advisory addressing four distinct vulnerabilities in its SMA1000 series appliances. These security flaws open the door for attackers to escalate their system privileges, guess user credentials, and bypass essential multi-factor authenti…GBHACKERS.COM
9 AprMicrosoft suspends dev accounts for high-profile open source projectsMicrosoft has suspended developer accounts used to maintain multiple high-profile open-source projects without proper notification and no way to quickly reinstate them, effectively blocking them from publishing new software builds and security patches for Windows users. [...]BLEEPINGCOMPUTER.COM
9 AprLinux Foundation Leader Impersonated in Slack Attack on Open Source DevelopersA social engineering campaign is actively targeting open source developers through Slack. The warning was shared through the OpenSSF Siren mailing list, a public threat intelligence platform designed to alert developers and security teams about active threats after initial disclo…GBHACKERS.COM
9 AprAdobe Reader Zero-Day Exploited for Months: ResearcherReputable researcher Haifei Li has come across what appears to be a PDF designed to exploit an unpatched vulnerability. The post Adobe Reader Zero-Day Exploited for Months: Researcher appeared first on SecurityWeek .SECURITYWEEK.COM
9 AprWeak at the seamsBefore I ever held a security title, I was a software engineer implementing vertically integrated automation systems for industrial manufacturing, warehouse-scale conveyor networks, robotic material handling, physical infrastructure controlled by software on increasingly connecte…CSOONLINE.COM
9 AprHackers exploiting Acrobat Reader zero-day flaw since DecemberAttackers have been exploiting a zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December. [...]BLEEPINGCOMPUTER.COM
9 AprAdobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025Threat actors have been exploiting a previously unknown zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December 2025. The finding, detailed by EXPMON's Haifei Li, has been described as a highly-sophisticated PDF exploit.&nb…THEHACKERNEWS.COM
9 AprCritical Vulnerability in Ninja Forms Exposes WordPress Sites - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/flaw-ninja-forms-wordpress/SH.ITJUST.WORKS
9 AprPalo Alto Networks, SonicWall Patch High-Severity VulnerabilitiesThe bugs could allow attackers to modify protected resources and escalate their privileges to administrator. The post Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
9 AprNew ClickFix variant bypasses Apple safeguards with one‑click script executionClickFix malware campaigns are evolving again, with threat actors removing one of their most obvious and user‑dependent steps: convincing victims to paste malicious commands into Terminal. Instead, the latest variant uses a single browser click to trigger script execution, stream…CSOONLINE.COM
9 AprNew Phishing Campaign Exploits Google Storage to Deliver Remcos RATA recently observed phishing campaign is abusing Google Cloud Storage to deliver the Remcos remote access trojan (RAT), relying on trusted Google infrastructure and a signed Microsoft binary to evade traditional defenses. Attackers host a fake Google Drive login page on the legit…GBHACKERS.COM
9 AprAttackers Deploy Hidden Magecart Skimmer on Magento Using SVG onload AbuseSecurity researchers at Sansec uncovered a large-scale Magecart campaign targeting Magento e-commerce platforms. Nearly 100 online stores were infected with a sophisticated credit card skimmer. To evade security scanners and steal shopper payment data seamlessly, attackers concea…GBHACKERS.COM
9 AprHackers Actively Attacking Adobe Reader Users Using Sophisticated 0-Day Exploitsubmitted by kid to cybersecurity 2 points | 0 comments https://cybersecuritynews.com/adobe-reader-0-day-exploit/SH.ITJUST.WORKS
9 AprThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More StoriesThursday. Another week, another batch of things that probably should've been caught sooner but weren't. This one's got some range — old vulnerabilities getting new life, a few "why was that even possible" moments, attackers leaning on platforms and tools you'd normally …THEHACKERNEWS.COM
9 AprIntent redirection vulnerability in third-party SDK exposed millions of Android wallets to potential riskA severe Android intent‑redirection vulnerability in a widely deployed SDK exposed sensitive user data across millions of apps. Microsoft researchers detail how the flaw works, why it matters, and how developers can mitigate similar risks by updating affected SDKs. The post Inten…MICROSOFT.COM
9 AprMicrosoft BANNED WireGuard, VeraCrypt & Windscribe With Zero Warningsubmitted by cm0002 to cybersecurity 1 points | 0 comments https://www.youtube.com/watch?v=fTui3CQuL9I Microsoft silently suspended developer accounts for WireGuard, VeraCrypt, and Windscribe with zero warning, leaving these critical open source security tools unable to push upda…INFOSEC.PUB
9 AprCloudflare ‘actively adjusting’ quantum priorities in wake of Google warningGoogle’s accelerated post-quantum encryption deadline has spurred other leaders in the industry, including Cloudflare, to consider pushing forward their own plans. The US National Institute of Standards and Technology (NIST) has set a 2030 deadline for depreciating legacy encrypt…CSOONLINE.COM
9 AprEngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto WalletsDetails have emerged about a now-patched security vulnerability in a widely used third-party Android software development kit (SDK) called EngageLab SDK that could have put millions of cryptocurrency wallet users at risk. "This flaw allows apps on the same dev…THEHACKERNEWS.COM
9 AprHealthcare IT solutions provider ChipSoft hit by ransomware attackDutch healthcare software vendor ChipSoft has been impacted by a ransomware attack that forced the company to take offline its website and digital services for patients and healthcare providers. [...]BLEEPINGCOMPUTER.COM
9 AprAI Makes All Bug Shallow? - PSW #921This week: - Rage dropping 0-Day - Claude Mythos, things are different now - From UART to root, on a device made in China, where's the FCC? - More CUPS vulnerabilities - Russians are hacking routers, FCC ban doesn't stop them - Mongoose vulnerabilities, and FCC still does nothing…YOUTUBE.COM
9 AprU.S. Public Sector Under Siege: Threat Intelligence for Q1 2026The first quarter of 2026 has reinforced a hard truth: U.S. government agencies and educational institutions are operating in the most hostile cyber threat environment ever recorded.TRENDMICRO.COM
9 Apr[webapps] React Server 19.2.0 - Remote Code ExecutionReact Server 19.2.0 - Remote Code ExecutionEXPLOIT-DB.COM
9 Apr[webapps] Jumbo Website Manager - Remote Code ExecutionJumbo Website Manager - Remote Code ExecutionEXPLOIT-DB.COM
9 Apr[local] ZSH 5.9 - RCEZSH 5.9 - RCEEXPLOIT-DB.COM
9 AprMaster C and C++ with our new Testing Handbook chapterWe added a new chapter to our Testing Handbook: a comprehensive security checklist for C and C++ code . We’ve identified a broad range of common bug classes, known footguns, and API gotchas across C and C++ codebases and organized them into sections covering Linux, Windows, and s…TRAILOFBITS.COM
8 AprCybercriminals Use Fake Zoom, Teams Calls to Deliver MalwareHackers are increasingly using fake Zoom and Microsoft Teams meetings to trick victims into infecting their own systems with malware. SEAL says it has blocked 164 malicious domains tied to this operation using MetaMask’s eth-phishing-detect system. The campaign primarily targets …GBHACKERS.COM
8 AprClaude Code Leak Exploited to Spread Vidar and GhostSocks via GitHub ReleasesHackers are turning the Claude Code source leak into an active malware-delivery channel, using GitHub Releases to push the Vidar stealer and GhostSocks under the guise of “leaked” Anthropic tooling. The incident shows how human and governance failures around AI development can ra…GBHACKERS.COM
8 AprRemus Infostealer Debuts With Stealthy New Credential-Theft TacticsHackers are rolling out a new 64‑bit infostealer dubbed Remus. The code strongly suggests it is a direct successor to the notorious Lumma Stealer, arriving just months after law‑enforcement disruption and public doxxing of Lumma’s core operators in 2025. Remus is a 64‑bit informa…GBHACKERS.COM
8 AprAssessing Claude Mythos Preview’s cybersecurity capabilitiessubmitted by codeinabox to security 1 points | 0 comments https://red.anthropic.com/2026/mythos-preview/ During our testing, we found that Mythos Preview is capable of identifying and then exploiting zero-day vulnerabilities in every major operating system and every major web bro…PROGRAMMING.DEV
8 AprGreyNoise Launches C2 Detection for Exploited Edge DevicesGreyNoise has introduced a new capability, C2 Detection, to identify compromised edge devices such as firewalls, routers, and VPN systems assets that are increasingly targeted but often lack visibility in traditional security tools. Unlike endpoints, these devices rarely generate…GBHACKERS.COM
8 AprTop 10 Best Multi-Factor Authentication (MFA) Providers in 2026In the digital realm of 2026, the traditional password stands as a flimsy barrier against an onslaught of sophisticated cyber threats. From phishing campaigns and credential stuffing to ever-evolving malware, attackers are relentlessly targeting the weakest link in cybersecurity:…GBHACKERS.COM
8 AprThe tabletop exercise grows upIn the early 1800s, Prussian officers began rehearsing battles around sand tables. They called it Kriegsspiel, and it worked because it forced them to make high-stakes decisions under pressure. Fast forward to today, and that same concept has become cybersecurity’s go-to tool for…CSOONLINE.COM
8 AprMicrosoft’s new Agent Governance Toolkit targets top OWASP risks for AI agentsMicrosoft has quietly introduced the Agent Governance Toolkit, an open-source project designed to monitor and control AI agents during execution as enterprises try to move them into production workflows. The toolkit, which is a response to the Open Worldwide Application Security …CSOONLINE.COM
8 AprAnthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major SystemsArtificial Intelligence (AI) company Anthropic announced a new cybersecurity initiative called Project Glasswing that will use a preview version of its new frontier model, Claude Mythos, to find and address security vulnerabilities. The model will be…THEHACKERNEWS.COM
8 AprThe zero-day timeline just collapsed. Here’s what security leaders do nextA zero-day is not frightening because it is sophisticated. It is frightening because it is unknown. There is no patch in the moment it matters most. That single condition undermines the comfort most security programs rely on: time. In the past, attackers didn’t need zero-days bec…CSOONLINE.COM
8 AprUS Disrupts Russian Espionage Operation Involving Hacked Routers and DNS HijackingThe APT28 threat group exploited vulnerable TP-Link and MikroTik routers to conduct adversary-in-the-middle (AitM) attacks. The post US Disrupts Russian Espionage Operation Involving Hacked Routers and DNS Hijacking appeared first on SecurityWeek .SECURITYWEEK.COM
8 AprLLM-generated passwords are indefensible. Your codebase may already prove itTwo independent research programs, one from AI security firm Irregular, one from Kaspersky, have now converged on the same conclusion: Every frontier LLM generates structurally predictable passwords that standard entropy meters catastrophically overrate. AI coding agents are auto…CSOONLINE.COM
8 AprForest Blizzard leverages router compromises to launch AiTM attacks, target Outlook sessionsRussian threat actor Forest Blizzard has been exploiting unsecured home and small-office internet equipment, such as routers, to redirect traffic through attacker-controlled DNS servers. The group has leveraged this DNS hijacking activity to support post-compromise adversary-in-t…CSOONLINE.COM
8 AprHackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to TakeoverThe vulnerability allows hackers to upload arbitrary files to a site’s server and achieve remote code execution. The post Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover appeared first on SecurityWeek .SECURITYWEEK.COM
8 AprHackers Target Adobe Reader Users With Sophisticated Zero-Day ExploitSecurity researchers at EXPMON have uncovered a highly sophisticated, unpatched zero-day vulnerability actively targeting Adobe Reader users. The exploit, first detected in the wild late last month, allows threat actors to silently steal local files, gather sensitive system infor…GBHACKERS.COM
8 AprIran‑linked PLC attacks cause real‑world disruption at critical US infra sitesAs the US and Iran agreed to a ceasefire on Tuesday, six US federal agencies have warned that Iran-affiliated threat actors have compromised internet-exposed programmable logic controllers at critical infrastructure facilities in the US. The attacks, which the agencies linked to …CSOONLINE.COM
8 AprMassachusetts Hospital Diverts Ambulances as Cyberattack Causes DisruptionSignature Healthcare was forced to cancel some services, and pharmacies are unable to fill prescriptions due to the hacker attack. The post Massachusetts Hospital Diverts Ambulances as Cyberattack Causes Disruption appeared first on SecurityWeek .SECURITYWEEK.COM
8 AprAnthropic Launches Claude Mythos Preview Focused on Zero-Day Vulnerability DiscoveryAnthropic recently unveiled Claude Mythos Preview, a groundbreaking general-purpose language model demonstrating an unprecedented, emergent ability to autonomously discover and exploit zero-day vulnerabilities. In response to these powerful capabilities, the company introduced Pr…GBHACKERS.COM
8 AprRussian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaignsubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2026/04/russian-state-linked-apt28-exploits.htmlSH.ITJUST.WORKS
8 AprVoice Phishing is a Growing Social Engineering ThreatVoice phishing (vishing) overtook email-based phishing as a top initial intrusion vector in 2025, according to a new report from Mandiant. Notably, vishing is live and interactive, giving the attacker more control over the social engineering objectives.KNOWBE4.COM
8 AprRCE Bug Lurked in Apache ActiveMQ Classic for 13 YearsThe vulnerability requires authentication for successful exploitation, but another flaw exposes the Jolokia API without authentication. The post RCE Bug Lurked in Apache ActiveMQ Classic for 13 Years appeared first on SecurityWeek .SECURITYWEEK.COM
8 AprGrafanaGhost Exploit Bypasses AI Guardrails for Silent Data Exfiltratisubmitted by kid to cybersecurity 2 points | 0 comments https://www.infosecurity-magazine.com/news/grafanaghost-silent-data/SH.ITJUST.WORKS
8 AprDeveloper of VeraCrypt encryption software says Windows users may face boot-up issues after Microsoft locked his accountThe maker of the popular open-source file encryption software VeraCrypt said Microsoft locked his online account, which may prevent device owners from booting up their computers.TECHCRUNCH.COM
8 AprData Leakage Vulnerability Patched in OpenSSLA total of seven vulnerabilities, most of which can be exploited for DoS attacks, have been patched in OpenSSL. The post Data Leakage Vulnerability Patched in OpenSSL appeared first on SecurityWeek .SECURITYWEEK.COM
8 AprYael Nardi joins Minimus as Chief Business Officer to drive hyper-growthNew York, NY: Minimus, a provider of hardened container images and secure container images designed to reduce CVE risk, today announced the appointment of Yael Nardi as Chief Business Officer (CBO). In this newly created role, Nardi will lead the company’s next phase of operation…CSOONLINE.COM
8 AprLegit Login Flow Turned AttackDevice code phishing leverages the OAuth 2.0 device authorization grant flow, a legitimate login method designed for devices with limited input like TVs and printers. Attackers exploit the split authentication process, where users complete login on a second device. This creates a…YOUTUBE.COM
8 Apr13-year-old bug in ActiveMQ lets hackers remotely execute commandsSecurity researchers discovered a remote code execution (RCE) vulnerability in Apache ActiveMQ Classic that has gone undetected for 13 years and could be exploited to execute arbitrary commands. [...]BLEEPINGCOMPUTER.COM
8 AprHow botnet-driven DDoS attacks evolved in 2H 2025The second half of 2025 marked a pivotal shift in the world of distributed denial-of-service (DDoS) attacks . Organizations across the globe faced a perfect storm: Artificial intelligence (AI) matured as an offensive weapon, botnet infrastructure reached new heights with multiter…CSOONLINE.COM
8 AprCISA orders feds to patch exploited Ivanti EPMM flaw by SundayCISA has given U.S. government agencies four days to secure their systems against a critical-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) that has been exploited in attacks since January. [...]BLEEPINGCOMPUTER.COM
8 AprArelion employs NETSCOUT Arbor DDoS protection productsArelion operates the world’s best-connected IP fiber backbone, providing high-capacity transit services to a variety of the globe’s leading ISPs as well as many large enterprises. They provide an award-winning customer experience to clients in 129 countries worldwide, and their g…CSOONLINE.COM
8 AprWireGuard VPN developer can’t ship software updates after Microsoft locks accountThe popular open source VPN maker is the second high-profile developer to say Microsoft locked his account without notifying him and are blocking their ability to send software updates to users.TECHCRUNCH.COM
8 AprHackers use pixel-large SVG trick to hide credit card stealerA massive campaign impacting nearly 100 online stores using the Magento e-commerce platform hides credit card-stealing code in a pixel-sized Scalable Vector Graphics (SVG) image. [...]BLEEPINGCOMPUTER.COM
8 Apr[webapps] FortiWeb 8.0.2 - Remote Code ExecutionFortiWeb 8.0.2 - Remote Code ExecutionEXPLOIT-DB.COM
8 Apr[webapps] xibocms 3.3.4 - RCExibocms 3.3.4 - RCEEXPLOIT-DB.COM
8 Apr[webapps] Horilla v1.3 - RCEHorilla v1.3 - RCEEXPLOIT-DB.COM
8 AprRisky Business #832 -- Anthropic unveils magical 0day computer GodOn this week’s show, Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover: Anthropic’s new Mythos model hunts bugs and chains exploits together so well that… you cant have it… …Unless you’re one of their Project Glasswing partners The worl…RISKY.BIZ
7 AprNorth Korea's $285M Crypto Heist, China Breaches FBI System, Delve Faces New AllegationsHost David Shiple covers major cybersecurity news: investigators attribute a record $285 million April 1 hack of crypto platform Drift Protocol to North Korea, describing a three-week setup involving a fake "Carbon Vote Token," wash trading to inflate value, social engineering to…CYBERSECURITYTODAY.LIBSYN.COM
7 AprWindows Defender 0-Day Published Online, Giving Attackers Potential Full AccessA newly discovered zero-day vulnerability, dubbed “BlueHammer,” has been publicly disclosed. The flaw, which has been linked to Windows Defender, allows attackers to achieve Local Privilege Escalation (LPE) and potentially gain full administrative access to compromise…GBHACKERS.COM
7 AprMicrosoft Warns Storm-1175 Exploiting Web-Facing Vulnerabilities to Deploy Medusa RansomwareMicrosoft is warning that a fast‑moving threat actor it tracks as Storm‑1175 is aggressively exploiting vulnerabilities in internet‑exposed systems to deliver Medusa ransomware in days and sometimes in under 24 hours. Storm‑1175 is a financially motivated group known for high‑vel…GBHACKERS.COM
7 Apr172: SuperBoxWhat if there was a device which gave you endless movies and TV shows without ads? Ok great sign me up! In this episode we interview “D3ada55”, who found such a device, but as she gazed into it, she discovered it gazing back at her. Sponsors Support for this show comes from Threa…DARKNETDIARIES.COM
7 AprThreat Actors Exploit LogMeIn Resolve, ScreenConnect in Phishing CampaignsThreat actors are abusing legitimate remote monitoring and management (RMM) tools LogMeIn Resolve and ScreenConnect in a multi‑stage phishing campaign that blends social engineering, living‑off‑the‑land techniques, and stealthy information‑stealing malware. Sophos’ Managed Detect…GBHACKERS.COM
7 AprChina-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa RansomwareA China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero-day and N-day vulnerabilities to orchestrate "high-velocity" attacks and break into susceptible internet-facing systems. "The threat actor's hi…THEHACKERNEWS.COM
7 AprLife imprisonment for Cambodian scam compound operators – but will it make a difference?Cambodia has taken a dramatic step in its fight against scam compounds that have imprisoned innocent people, and forced them to work as virtual slaves defrauding victims via the internet around the world with romance scams and dodgy investment schemes. Read more in my article on …BITDEFENDER.COM
7 AprThe rise of proactive cyber: Why defense is no longer enoughFor more than two decades, cybersecurity has been built on a reactive model: detect intrusions, patch vulnerabilities, respond to incidents, and repeat. That model is now under sustained pressure from a threat environment that is faster, more coordinated, and increasingly automat…CSOONLINE.COM
7 AprThe noisy tenants: Engineering fairness in multi-tenant SIEM solutionsI recently had the opportunity to review five popular SIEM solutions as part of a judging panel for a Security award. While each platform had its own unique flair, their core promises were remarkably consistent: 24/7/365 SOC monitoring: Round-the-clock coverage backed by global e…CSOONLINE.COM
7 AprAppSec News Roundup on Claude Code Leak, Axios NPM Compromise, Secure Design - ASW #377Security problems aren't changing very much even though security teams are. We catch up on the implications of the Claude Code source leak, the very human lessons from the axios NPM compromise, and what secure design looks like when it involves agents, humans, or both. AppSec has…YOUTUBE.COM
7 AprCritical Android Flaw Allows Zero-Interaction Denial-of-Service AttacksGoogle has rolled out its April 2026 Android Security Bulletin, addressing multiple vulnerabilities across the mobile operating system. The most alarming discovery this month is a critical security flaw in the Android Framework that allows attackers to trigger a local denial-of-s…GBHACKERS.COM
7 AprHong Kong Police Can Force You to Reveal Your Encryption KeysAccording to a new law, the Hong Kong police can demand that you reveal the encryption keys protecting your computer, phone, hard drives, etc.—even if you are just transiting the airport. In a security alert dated March 26, the U.S. Consulate General said that, on March 23,…SCHNEIER.COM
7 AprNew GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-FlipsNew academic research has identified multiple RowHammer attacks against high-performance graphics processing units (GPUs) that could be exploited to escalate privileges and, in some cases, even take full control of a host. The efforts have been codenamed GPUBreach, GDDR…THEHACKERNEWS.COM
7 AprSupply chain security is now a board-level issue: Here’s what CSOs need to knowFor many years, supply chain security was viewed purely as a technical concern. However, with high-profile vulnerabilities and regulations, it is now a board-level issue that requires organizations to rethink how to build resiliency and insulate their operations. The changing reg…CSOONLINE.COM
7 AprDisgruntled researcher leaks “BlueHammer” Windows zero-day exploitsubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/disgruntled-researcher-leaks-bluehammer-windows-zero-day-exploit/SH.ITJUST.WORKS
7 AprMedusa Ransomware Fast to Exploit Vulnerabilities, Breached SystemsThe group is using zero-days, quickly weaponizes fresh bugs, and exfiltrates and encrypts data within days of initial access. The post Medusa Ransomware Fast to Exploit Vulnerabilities, Breached Systems appeared first on SecurityWeek .SECURITYWEEK.COM
7 AprHackers Exploit Next.js React2Shell Vulnerability, Breach 766 Hosts in 24 HoursHackers are abusing a critical React2Shell vulnerability in Next.js applications to run an automated credential‑theft operation that has already compromised at least 766 servers in under 24 hours. The threat activity is tracked as “UAT‑10608”. It relies on a custom framework dubb…GBHACKERS.COM
7 AprMicrosoft says Medusa-linked Storm-1175 is speeding ransomware attacksMicrosoft has warned that Storm-1175, a cybercrime group linked to Medusa ransomware, is exploiting vulnerable web-facing systems in fast-moving attacks, at times moving from initial access to data theft and ransomware deployment within 24 hours. The company said the group has he…CSOONLINE.COM
7 AprFake Gemini npm Package Steals AI Tool TokensHackers are abusing a fake Gemini-themed npm package to steal tokens and secrets from developers using AI coding tools like Claude, Cursor, Windsurf, PearAI, and others. The README text was copied from the unrelated chai-await-async library, a mismatch that should have been a red…GBHACKERS.COM
7 AprGPUBreach Attack Could Lead to Full System Takeover and Root Shell AccessA newly discovered vulnerability dubbed “GPUBreach” demonstrates that GPU-based Rowhammer attacks can now achieve complete system compromise. Scheduled for presentation at the IEEE Symposium on Security & Privacy in 2026, University of Toronto researchers revealed…GBHACKERS.COM
7 Apr[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise RiskIn the rapid evolution of the 2026 threat landscape, a frustrating paradox has emerged for CISOs and security leaders: Identity programs are maturing, yet the risk is actually increasing. According to new research from the Ponemon Institute, hundreds of a…THEHACKERNEWS.COM
7 AprZero‑click Grafana AI attack can enable enterprise data exfiltrationIndirect prompt injection is possible on AI-powered dashboards, allowing exfiltration of sensitive enterprise data without user authentication. Security researchers are warning about a critical Grafana issue, dubbed GrafanaGhost, that allows attackers to leak sensitive data from …CSOONLINE.COM
7 AprCampaign Mode: Because Your SOC Team Has a LifeIn the world of cybersecurity, busy is an understatement. SOC teams are often drowning in a sea of repetitive alerts. Looking at the same threat or graymail spread across 50 pages of logs isn't just tedious, it’s a drain on your most valuable resource: time.KNOWBE4.COM
7 AprWindmill Developer Platform Flaws Expose Users to RCE Attacks, Proof-of-Concept PublishedCybersecurity researchers have discovered critical vulnerabilities in the Windmill developer platform and Nextcloud Flow, an integration embedding the Windmill engine. These severe flaws allow remote attackers to take full control of affected systems without requiring any passwor…GBHACKERS.COM
7 AprOver 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet CampaignAn active campaign has been observed targeting internet-exposed instances running ComfyUI, a popular stable diffusion platform, to enlist them into a cryptocurrency mining and proxy botnet. "A purpose-built Python scanner continuously sweeps major cloud IP ranges for vulnera…THEHACKERNEWS.COM
7 AprCUPS Vulnerabilities Could Allow Remote Attackers to Achieve Root-Level Code ExecutionA team of AI-driven vulnerability hunting agents directed by security researcher Asim Viladi Oglu Manizada has discovered two critical security flaws in CUPS, the standard printing system for Linux and Unix-like operating systems. When chained together, these vulnerabilities allo…GBHACKERS.COM
7 AprGrafanaGhost: Attackers Can Abuse Grafana to Leak Enterprise DataBy targeting Grafana’s AI components, attackers can point to external resources and inject indirect prompts to bypass safeguards. The post GrafanaGhost: Attackers Can Abuse Grafana to Leak Enterprise Data appeared first on SecurityWeek .SECURITYWEEK.COM
7 AprTrump administration plans to cut cybersecurity agency’s budget by $700 millionThe budget proposal would force CISA to operate with a significantly lower budget than previous years, citing the government's claims that the election misinformation programs were used to "target the President."TECHCRUNCH.COM
7 AprWhy Your Automated Pentesting Tool Just Hit a WallAutomated pentesting tools deliver strong early results, then quickly plateau. Picus Security explains how the "PoC cliff" leaves major attack surfaces untested and creates a dangerous validation gap. [...]BLEEPINGCOMPUTER.COM
7 AprSevere StrongBox Vulnerability Patched in AndroidA critical DoS vulnerability in the Framework component of Android has also been fixed with the latest update. The post Severe StrongBox Vulnerability Patched in Android appeared first on SecurityWeek .SECURITYWEEK.COM
7 AprOne Click Took Down the Supply ChainA widely used NPM package was compromised after a maintainer was socially engineered into installing malware on their development machine. Attackers then introduced a malicious dependency, impacting downstream users. Modern supply chain attacks don’t require breaking systems—they…YOUTUBE.COM
7 AprCritical Flowise Vulnerability in Attacker CrosshairsThe improper validation of user-supplied JavaScript code allows attackers to execute arbitrary code and access the file system. The post Critical Flowise Vulnerability in Attacker Crosshairs appeared first on SecurityWeek .SECURITYWEEK.COM
7 AprAuthorities disrupt router DNS hijacks used to steal Microsoft 365 loginsAn international operation from law enforcement authorities in partnership with private companies has disrupted FrostArmada, an APT28 campaign hijacking local traffic from MikroTik and TP-Link routers to steal Microsoft account credentials. [...]BLEEPINGCOMPUTER.COM
7 AprMilking the last drop of Intego - Time for Windows to get its LPEExploitation of an arbitrary directory deletion via symlink following in the antivirus Intego.QUARKSLAB.COM
7 AprRussian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking CampaignThe Russia-linked threat actor known as APT28 (aka Forest Blizzard) has been linked to a new campaign that has compromised insecure MikroTik and TP-Link routers and modified their settings to turn them into malicious infrastructure under their control as part of a cyber espi…THEHACKERNEWS.COM
7 AprA Little Bit Pivoting: What Web Shells are Attackers Looking for&#x3f;, (Tue, Apr 7th)Webshells remain a popular method for attackers to maintain persistence on a compromised web server. Many "arbitrary file write" and "remote code execution" vulnerabilities are used to drop small files on systems for later execution of additional payloads. The names of these file…ISC.SANS.EDU
7 Apr5 steps to strengthen supply chain security and improve cyber resilienceSupply chain attacks have rapidly become one of the most damaging and difficult threats facing IT and security teams. When an adversary compromises a trusted vendor, software component, cloud service, or MSP tool, they bypass traditional defenses and enter through the front door.…CSOONLINE.COM
7 Apr5 ways to strengthen identity security and improve attack resilienceIdentity compromise has become one of the most effective ways for attackers to infiltrate business systems. Firewalls, endpoint protection, and monitoring tools mean little once an attacker logs in using valid credentials. For MSPs and corporate IT teams, strengthening identity s…CSOONLINE.COM
7 Apr KEV5 practical steps to strengthen attack resilience with attack surface managementEvery asset you manage expands your attack surface. Internet‑facing applications, cloud workloads, credentials, endpoints, and third‑party integrations all represent potential entry points for attackers. As environments grow more distributed, that exposure expands faster than mos…CSOONLINE.COM
7 AprAI Found and Exploited Bugs AutomaticallyResearchers using Claude and other Anthropic models have shown AI can find bugs in popular software like Vim and Emacs—and automatically generate exploits. This isn’t just bug hunting. It’s a new level of risk where AI can turn theoretical vulnerabilities into actionable exploits…YOUTUBE.COM
7 AprMultiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code ExecutionMultiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large…CISECURITY.ORG
7 AprHackers exploit critical flaw in Ninja Forms WordPress pluginA critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows uploading arbitrary files without authentication, which can lead to remote code execution. [...]BLEEPINGCOMPUTER.COM
7 AprWhat Anthropic Glasswing reveals about the future of vulnerability discoveryAI giant Anthropic has unveiled Project Glasswing , a cybersecurity initiative built around Claude Mythos Preview, a model it describes as “cybersecurity in the age of AI” that can autonomously identify software vulnerabilities at scale. Rather than release the model publicly, An…CSOONLINE.COM
7 AprWhat we learned about TEE security from auditing WhatsApp's Private InferenceWhatsApp’s new “Private Inference” feature represents one of the most ambitious attempts to combine end-to-end encryption with AI-powered capabilities, such as message summarization. To make this possible, Meta built a system that processes encrypted user messages inside trusted …TRAILOFBITS.COM
7 AprClickFix Meets AI: A Multi-Platform Attack Targeting macOS in the WildFor years, macOS environments carried an aura of relative safety. Not immunity, but lower priority in the threat landscape. That perception has aged about as well as an unpatched server.  The reality in 2026 is very different. Apple devices now make up a …ANY.RUN
6 AprGermany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrabAn elusive hacker who went by the handle "UNKN" and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry out at least 130 acts…KREBSONSECURITY.COM
6 Apr36 Malicious Strapi npm Packages Deliver Redis RCE, Persistent C2 MalwareA coordinated supply chain attack has been uncovered involving 36 malicious npm packages masquerading as Strapi CMS plugins, delivering a range of payloads including Redis remote code execution (RCE), credential harvesting, and persistent command-and-control (C2) malware. The cam…GBHACKERS.COM
6 AprGoogle DeepMind Flags New Threat as Malicious Web Content Puts AI Agents at RiskAs artificial intelligence evolves from simple chatbots to autonomous agents that actively browse the web, a new cybersecurity threat has emerged. Researchers at Google DeepMind have identified a critical vulnerability they call “AI Agent Traps.” These are adversarial…GBHACKERS.COM
6 AprHackers Breach ILSpy WordPress Domain to Deliver MalwareThe official WordPress website for ILSpy, a highly popular open-source tool used by software developers to examine .NET code, has been compromised. Hackers successfully breached the site to redirect visitors and deliver malware, turning a trusted developer resource into a dangero…GBHACKERS.COM
6 AprApache Traffic Server Flaw Allowed Attackers to Trigger Denial-of-Service AttacksThe Apache Software Foundation has released critical security updates to address two vulnerabilities in Apache Traffic Server (ATS). Disclosed on April 2, 2026, these flaws could allow remote threat actors to trigger denial-of-service (DoS) conditions or execute HTTP request smug…GBHACKERS.COM
6 AprHow often are redirects used in phishing in 2026&#x3f;, (Mon, Apr 6th)In one of his recent diaries, Johannes discussed how open redirects are actively being sought out by threat actors[ 1 ], which made me wonder about how commonly these mechanisms are actually misused… ISC.SANS.EDU
6 AprEscaping the COTS trapOver the years, enterprise cybersecurity environments have accumulated staggering numbers of commercial tools. Industry research converges on a consistent picture of tool proliferation that drives complexity, cost, and risk. The global cybersecurity market is valued at approximat…CSOONLINE.COM
6 AprBattling payment fraud with tokenization and executive interviews from RSAC 2026 - ESW #453Interview with Brian Oh from FIS Global Merchant-Specific Tokenization: Making Embedded Finance More Fraud-Resistant Payment fraud has not gone away. It has evolved into a largely social engineering-driven problem that increasingly lands on security leaders’ desks. In this episod…YOUTUBE.COM
6 AprFortinet Rushes Emergency Fixes for Exploited Zero-DayThe improper access control bug in FortiClient EMS allows unauthenticated attackers to execute arbitrary code remotely. The post Fortinet Rushes Emergency Fixes for Exploited Zero-Day appeared first on SecurityWeek .SECURITYWEEK.COM
6 AprGoogle’s Bug Bounty Program Hits Record $17 Million in 2025 PayoutsGoogle has announced a record-breaking year for its Vulnerability Reward Program (VRP). In 2025, the tech giant paid out more than $17 million to ethical hackers worldwide to help secure its platforms. This major milestone marks a massive 40% increase compared to 2024 and perfect…GBHACKERS.COM
6 AprAuthentication is broken: Here’s how security leaders can actually fix itAuthentication keeps breaking where it matters most: On regulated front lines such as healthcare, government, aerospace and travel. The core issue is not a lack of innovation. Instead, it is a brittle and fragmented ecosystem of cards, readers, middleware and software that rarely…CSOONLINE.COM
6 AprCritical Claude Code Flaw Silently Bypasses User-Configured Security RulesAnthropic’s flagship AI coding agent, Claude Code, was recently discovered to contain a critical security flaw that silently bypasses developer-configured safety rules. The vulnerability allows attackers to execute blocked commands, such as data exfiltration scripts, by sim…GBHACKERS.COM
6 AprNorth Korea’s Modular Malware Strategy Hides Attribution, Defies TakedownsNorth Korea’s cyber program is shifting from monolithic “families” to a modular, portfolio-style malware ecosystem designed to survive exposure, frustrate attribution, and keep operations running under constant pressure. Years of sanctions, coordinated law-enforcement pressure, a…GBHACKERS.COM
6 AprNorth Korean hackers abuse LNKs and GitHub repos in ongoing campaignDPRK-linked threat actors are preferring stealth over sophistication in their targeting of South Korean organizations, as researchers report use of weaponized Windows shortcut ( .LNK ) files and GitHub-based command-and-control (C2) channels in a new campaign. According to new Fo…CSOONLINE.COM
6 AprHackers exploit React2Shell in automated credential theft campaignsubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/hackers-exploit-react2shell-in-automated-credential-theft-campaign/SH.ITJUST.WORKS
6 AprA Vulnerability in Fortinet FortiClientEMS Could Allow for Arbitrary Code Executionsubmitted by kid to cybersecurity 1 points | 0 comments https://www.cisecurity.org/advisory/a-vulnerability-in-fortinet-forticlientemscould-allow-for-arbitrary-code-execution_2026-031SH.ITJUST.WORKS
6 AprYour KnowBe4 Fresh Compliance Plus Content Updates | March 2026John N Just, Ed.D. - Chief Learning Officer Evolving Standards for Digital and Workplace Compliance It is a common misconception that digital accessibility and AI safety are niche concerns for specialized teams, but they are actually core operational requirements for every employ…KNOWBE4.COM
6 AprGoogle Brings Lazy Loading to Media Files in New Chrome ReleaseGoogle has announced a significant update for its Chrome browser, extending native lazy loading capabilities to audio and video elements. This highly anticipated feature aims to improve web performance, drastically save bandwidth, and offer subtle security benefits by controlling…GBHACKERS.COM
6 Apr⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and MoreThis week had real hits. The key software got tampered with. Active bugs showed up in the tools people use every day. Some attacks didn’t even need much effort because the path was already there. One weak spot now spreads wider than before. What star…THEHACKERNEWS.COM
6 AprGoogle DeepMind Researchers Map Web Attacks Against AI AgentsMalicious web content can be used to manipulate, deceive, and exploit autonomous AI agents navigating the internet, Google DeepMind researchers show. The researchers have identified six types of attacks against AI agents that can be mounted via web content to inject malicious con…SECURITYWEEK.COM
6 Apr KEVCISA orders feds to patch Fortinet flaw exploited in attacks by FridayThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to secure FortiClient Enterprise Management Server (EMS) instances against an actively exploited vulnerability by Friday. [...]BLEEPINGCOMPUTER.COM
6 AprNorth Korea’s hijack of one of the web’s most used open source projects was likely weeks in the makingNorth Korean hackers pushed out malicious updates to a popular open source project by hacking a top developer's computer in a long-running campaign.TECHCRUNCH.COM
6 AprStorm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operationsThe financially motivated cybercriminal threat actor Storm-1175 operates high-velocity ransomware campaigns that weaponize recently disclosed vulnerabilities to obtain initial access, exfiltrate data, and deploy Medusa ransomware (Gaze.exe). The post Storm-1175 focuses gaze on vu…MICROSOFT.COM
6 AprMicrosoft links Medusa ransomware affiliate to zero-day attacksMicrosoft says that Storm-1175, a China-based financially motivated cybercriminal group known for deploying Medusa ransomware payloads, has been deploying n-day and zero-day exploits in high-velocity attacks. [...]BLEEPINGCOMPUTER.COM
6 AprNew Mexico’s Meta Ruling and EncryptionMike Masnick points out that the recent New Mexico court ruling against Meta has some bad implications for end-to-end encryption, and security in general: If the “design choices create liability” framework seems worrying in the abstract, the New Mexico case provides a…SCHNEIER.COM
6 AprDisgruntled researcher leaks “BlueHammer” Windows zero-day exploitExploit code has been released for an unpatched Windows privilege escalation flaw reported privately to Microsoft, allowing attackers to gain SYSTEM or elevated administrator permissions. [...]BLEEPINGCOMPUTER.COM
6 AprMicrosoft links Medusa ransomware affiliate to zero-day attackssubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/microsoft-links-medusa-ransomware-affiliate-to-zero-day-attacks/SH.ITJUST.WORKS
6 Apr[local] Desktop Window Manager Core Library 10.0.10240.0 - Privilege EscalationDesktop Window Manager Core Library 10.0.10240.0 - Privilege EscalationEXPLOIT-DB.COM
6 Apr[webapps] WBCE CMS 1.6.4 - Remote Code ExecutionWBCE CMS 1.6.4 - Remote Code ExecutionEXPLOIT-DB.COM
6 Apr[webapps] RiteCMS 3.1.0 - Authenticated Remote Code ExecutionRiteCMS 3.1.0 - Authenticated Remote Code ExecutionEXPLOIT-DB.COM
5 Apr36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent ImplantsCybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL exploitation, deploy reverse shells, harvest credentials, and drop a persistent im…THEHACKERNEWS.COM
5 Apr KEVNew FortiClient EMS flaw exploited in attacks, emergency patch releasedFortinet has released an emergency weekend security update for a new critical FortiClient Enterprise Management Server (EMS) vulnerability that is actively exploited in attacks. [...]BLEEPINGCOMPUTER.COM
5 Apr KEVNew FortiClient EMS flaw exploited in attacks, emergency patch releasedFortinet has released an emergency weekend security update for a new critical FortiClient Enterprise Management Server (EMS) vulnerability that is actively exploited in attacks. [...]BLEEPINGCOMPUTER.COM
4 AprSongTrivia2 - 291,739 breached accountsIn April 2026, the music trivia platform SongTrivia2 suffered a data breach that was subsequently published to a public hacking forum . The data contained a total of 291k unique email addresses sourced from either Google OAuth logins or accounts created on the site, the latter al…HAVEIBEENPWNED.COM
4 AprLinkedIn Hidden Code Secretly Scans Users’ Computers for Installed SoftwareA new investigation by Fairlinked e.V. claims that Microsoft-owned LinkedIn is running a massive, undisclosed corporate surveillance operation. According to the “BrowserGate” report, hidden code on LinkedIn’s website secretly scans the computers of its one billi…GBHACKERS.COM
4 AprTop 10 Best Identity And Access Management (IAM) Companies 2026In the rapidly evolving digital landscape of 2026, Identity and Access Management (IAM) has transcended its traditional role to become the foundational pillar of enterprise security. As organizations navigate the complexities of multi-cloud environments, remote workforces, burgeo…GBHACKERS.COM
4 AprA Vulnerability in Fortinet FortiClientEMS Could Allow for Arbitrary Code ExecutionA Vulnerability has been discovered in Fortinet FortiClientEMS that could allow for arbitrary code execution. FortiClientEMS is a centralized management platform for deploying, configuring, monitoring, and enforcing security policies across numerous endpoints (computers) running …CISECURITY.ORG
4 AprHow Attackers Bypass MFA TodayAttackers are exploiting authentication flows and APIs to capture MFA data, register their own devices, and take over accounts—sometimes using techniques like device code flow abuse. This shifts MFA from a strong defense into a potential attack surface. With organized tools and s…YOUTUBE.COM
🔥 INCIDENT REPORTING 866[−]
3 JulCyberWire Daily at 10: The vulnerabilities, zero‑days, and hardware flaws over the last decade.In this special edition of CyberWire Daily’s 10th anniversary series, N2K CyberWire's ⁠Maria Varmazis⁠ and ⁠Dave Bittner⁠ discuss 10 years of vulnerabilities, zero‑days, and hardware flaws. Together they reflect on the last decade of cybersecurity vulnerabilities, exploring key s…THECYBERWIRE.COM
3 JulRisky Bulletin: FatFs bugs enable physical access attacks on a load of devicesFatFs bugs enable physical access attacks on industrial equipment, a clever password spraying attack bypasses M365 MFA, an AI agent is deploying ransomware in live attacks, and a webinar platform sues two security firms over bad IOCs.RISKY.BIZ
3 JulPolitician who investigated spyware abuses had his phone hacked with Pegasus spywareA government customer of NSO Group used the company's Pegasus spyware to hack into the phone of a European politician, who at the time was serving on an EU committee tasked with investigating the spyware industry.TECHCRUNCH.COM
3 JulSwimming Pools, Pee, and Trying to Delete Your Data From the InternetPresently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite I can't recall if someone else originally came up with this saying or if I said it in some off-the-cuff comment and it just propag…TROYHUNT.COM
3 JulMedtronic Data Breach Impacts 3.8 Million PeopleMedical technology giant Medtronic is notifying more than 3.8 million individuals that their personal and medical information was compromised in a recent data breach. The incident occurred in April 2026, when the infamous extortion group ShinyHunters accessed the company’s corpor…SECURITYWEEK.COM
3 JulGoogle, FBI Disrupt NetNut Residential Proxy Network Powered by Millions of DevicesNetNut rented access to millions of compromised devices, allowing cybercriminals and nation-state actors to mask their identities during attacks. The post Google, FBI Disrupt NetNut Residential Proxy Network Powered by Millions of Devices appeared first on SecurityWeek .SECURITYWEEK.COM
3 JulEuropean Parliament Member Investigating Spyware Was Hacked With PegasusA new report from the Citizen Lab has revealed that former Member of the European Parliament Stelios Kouloglou had his mobile device repeatedly hacked with the notorious Pegasus spyware while serving on a committee that was tasked with investigating the abuse of such commercial s…THEHACKERNEWS.COM
3 JulWarning Over “Industrialized” Cyber-Attacks After Ransomware Gang Partners With TeamPCPResearchers warn that collaboration could lead to “unprecedented” ransomware attacks, as FBI also issues warningINFOSECURITY-MAGAZINE.COM
3 JulQilin Dominates Ransomware Market Amid Growing Cybercrime ConsolidationThe ransomware landscape is reconsolidating around major players, with Qilin emerging as the leading RaaS operation, researchers sayINFOSECURITY-MAGAZINE.COM
3 JulArmored Likho Targets Government Agencies, Power Sector with BusySnake StealerA previously undocumented threat actor known as Armored Likho has been attributed to cyber attacks targeting government agencies and the electric power sector across Russia, Brazil, and Kazakhstan. "Armored Likho blends financially motivated campaigns targeting private individual…THEHACKERNEWS.COM
3 JulNew macOS malware PamStealer uses PAM to validate stolen dataA previously undocumented macOS infostealer dubbed PamStealer validates victims' macOS passwords through the OS’s Pluggable Authentication Modules (PAM) before stealing them. Jamf Threat Labs researchers, who analyzed a two-stage attack chain combining AppleScript, JavaScript for…CYBERINSIDER.COM
3 JulNetNut proxy network disrupted, 2 million infected devices cut offA joint operation involving Google has disrupted NetNut, a residential proxy network that gave access to millions of compromised Android devices, including smart TVs and streaming boxes. [...]BLEEPINGCOMPUTER.COM
2 JulMedtronic notifies customers impacted by ShinyHunters data breachHealthcare device firm Medtronic is notifying affected customers about a data breach that exposed their personal data to an unauthorized third party. [...]BLEEPINGCOMPUTER.COM
2 JulCatching ransomware on the wire before it locks the file serverCorporate networks keep sensitive files off individual workstations and store them on shared servers that staff reach through mapped network drives. That arrangement hands ransomware operators a target worth chasing. A single compromised laptop can begin encrypting files that liv…HELPNETSECURITY.COM
2 JulThe endpoint recovery gap many teams discover during an incidentIn this interview with Help Net Security, IGEL CTO Matthias Haas explains why backups alone do not equal recovery. He makes the case that endpoint recovery is often overlooked, leaving organizations exposed when thousands of devices go down at once. Haas walks through what a well…HELPNETSECURITY.COM
2 JulOpera blocks ClickFix attacks with new clipboard protection featureOpera has launched Paste Protect, a clipboard protection feature designed to prevent clipboard-based attacks such as hijacking and pastejacking. Paste Protect includes built-in protection and warnings against ClickFix-based cyberattacks, which accounted for more than half of malw…HELPNETSECURITY.COM
2 JulAlleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime ChargesAlleged Scattered Spider member Peter Stokes, 19, was extradited from Finland to the U.S. over hacking, fraud, and extortion charges. Peter Stokes, 19, an alleged Scattered Spider member known online as “Bouquet,” has been extradited from Finland to the U.S. to face h…SECURITYAFFAIRS.COM
2 JulMissed incidents, persistent threats, and response gaps: Insights from compromise assessment projectsKaspersky Compromise Assessment specialists analyze trends from the service's 2025 projects and provide tips on how to enhance your organization's security.SECURELIST.COM
2 JulFortiBleed Credential Theft Linked to INC and Lynx Ransomware OperationsThe recently discovered financially-motivated FortiBleed campaign has been attributed to INC and Lynx ransomware operations, indicating that the verified, stolen credentials were intended for follow-on intrusions. "An operator tied to FortiBleed's infrastructure was found activel…THEHACKERNEWS.COM
2 Jul‘BioShocking’ Attack Tricks AI Browsers Into Stealing CredentialsResearchers show how context manipulation can cause agentic browsers to abandon safety guardrails and exfiltrate sensitive credentials. The post ‘BioShocking’ Attack Tricks AI Browsers Into Stealing Credentials appeared first on SecurityWeek .SECURITYWEEK.COM
2 Jul430,000 FortiGate Devices Exposed in FortiBleed Ransomware LinkFortiBleed exposed 430,000 FortiGate firewalls, linked to INC Ransom and Lynx, enabling domain compromise and at least 12 ransomware attacks. SOCRadar’s Threat Research Unit has connected FortiBleed, a large-scale campaign that harvested credentials from over 430,000 FortiG…SECURITYAFFAIRS.COM
2 JulCybercriminals Pose as Interpol in Phishing Emails to Infect Victims With RansomwareBitdefender researchers warned of curious ransomware campaign which has targeted businesses around the worldINFOSECURITY-MAGAZINE.COM
2 JulFortiBleed Campaign Linked to INC, Lynx Ransomware AttacksResearchers say credentials harvested from hundreds of thousands of FortiGate firewalls are being used to facilitate ransomware attacks by the INC and Lynx operations. The post FortiBleed Campaign Linked to INC, Lynx Ransomware Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
2 JulScattered Spider suspect extradited over $8 million ransom schemeA suspected Scattered Spider member has been extradited to the United States to face charges linked to cyberattacks against U.S. companies, including the breach of a luxury jewelry retailer that led to an $8 million cryptocurrency ransom demand after attackers stole company data.…HELPNETSECURITY.COM
2 JulUS government says it got hacked — againA top Democrat on the Senate's Intelligence Committee warned that the information accessed on a Homeland Security intelligence-sharing network may risk national security.TECHCRUNCH.COM
2 JulMost cybersecurity workers have been told to conceal a breach, report findsThe security firm Bitdefender’s annual survey also found that U.S. companies were simultaneously more confident and more strained on cyber defense than foreign peers.CYBERSECURITYDIVE.COM
2 JulThreatsDay: AI Compute Hijacking, Apple Email Flaw, BlueHammer Ransomware + 14 StoriesThis week’s security news is mostly about weak spots. Browsers, bots, sandboxes, AI systems, and email flows all show the same problem in different ways. Everything looks normal until someone tests a small gap and finds a way through. This is not one big break. It is small permis…THEHACKERNEWS.COM
2 JulThe Gentlemen ransomware: what you need to knowWho Are The Gentlemen? Despite the impeccably polite name, there is nothing polite or refined about this particular gang of cybercriminals. Read more in my article on the Fortra blog.FORTRA.COM
2 JulRansomware Thugs Masquerade as Interpol to Entice Small BizThe ransomware campaign relies on basic social engineering and stretches across multiple regions, including the US, Europe, Middle East, and elsewhere.DARKREADING.COM
2 JulFBI Seizes NetNut Proxy Platform, Popa BotnetThe Federal Bureau of Investigation (FBI) said today it worked with industry partners to seize hundreds of domains associated with NetNut, a sprawling residential proxy service operated by the publicly-traded Israeli company Alarum Technologies [NASDAQ: ALAR]. The action comes ro…KREBSONSECURITY.COM
1 JulChina-Linked Group Targets Southeast Asia Critical SystemsThe group compromised at least 10 regional organizations, including two state-owned entities, and deployed a new backdoor.DARKREADING.COM
1 JulUS puts $10m bounty on Russian hackers, new phish hunts hotels, Supreme Court reins in geofencingUS Puts $10M Bounty on Russian Hackers, Supreme Court Limits Geofence Warrants, New phishing campaign targets hotels, AI Coding Agents Tricked into Malware and Canada's Electronic Spies Go After Ransomware Gangs. The episode covers the US State Department's up to $10 million rewa…CYBERSECURITYTODAY.LIBSYN.COM
1 JulWhy Ask Credentials If There Are Secret Codes&#x3f;, (Wed, Jul 1st)This morning, an interesting phishing email hit my mailbox. It targets Metamask[ 1 ], a cryptocurrency wallet, available as a browser extension and a mobile app, that lets users store, send, and receive crypto money. It's pretty popular, so a juicy target for crimin…ISC.SANS.EDU
1 JulInsurance Giant Aflac Discloses Data Breach Impacting MillionsAflac Japan has notified regulators that policy details and personal and banking information have been compromisedINFOSECURITY-MAGAZINE.COM
1 JulBrowser-Only Ransomware: From LLM Hallucinations to a Practical Attack TechniqueResearch by: Alexey Bukhteyev Key Takeaways Introduction Over the past several years, large language models have reshaped software development, and malware development has followed the same path. Check Point Research has documented this trend from early experiments showing t…RESEARCH.CHECKPOINT.COM
1 JulARToken: Inside an EvilTokens affiliate panel targeting Microsoft 365Talos has identified "ARToken," a phishing-as-a-service platform that targets Microsoft 365. The ARToken panel exposes 80+ API endpoints for device code phishing, Primary Refresh Token persistence, email access, BEC operations, and SharePoint exfiltration.TALOSINTELLIGENCE.COM
1 JulThe SOC Files: ScreenConnect masked as freeware. An inside look at a large-scale campaignKaspersky experts have uncovered a malicious network infrastructure for delivering AsyncRAT. The Trojan is dropped via compromised ScreenConnect software. In this post, we break down the infection chain and analyze the C2 infrastructure.SECURELIST.COM
1 JulJapanese insurer, brewer, manufacturer and telecom disclose cyber breachesAflac's Tokyo arm and brewer Sapporo are among the major Japanese companies to recently notify the public about data breaches.THERECORD.MEDIA
1 JulAI-Generated Browser Ransomware Abuses Chromium API on Windows and AndroidCybersecurity researchers have flagged a new malware artifact generated using DeepSeek that constructed a novel attack path combining "unrealistic browser-malware concepts with a real browser capability" to turn it into a working ransomware technique that runs entirely inside the…THEHACKERNEWS.COM
1 JulAzure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs81 Million Login Attempts, 78 Compromised Accounts: The LSHIY Password Spray Hitting Azure CLI Huntress researchers have been tracking a massive automated password spray campaign against Microsoft Azure CLI environments since June 12, 2026. A password spray attack is when attacke…SECURITYAFFAIRS.COM
1 JulFake Interpol investigation emails deliver custom ransomware worldwideThreat actors impersonate Interpol to trick small businesses into launching ransomware disguised as evidence in a fake cybercrime investigation. The campaign has targeted organizations across Europe, Asia, the Middle East, and the United States, relying on convincing social engin…CYBERINSIDER.COM
1 JulDHS confirms hackers breached HSIN info-sharing platformThe Department of Homeland Security is investigating a cyberattack that compromised the Homeland Security Information Network (HSIN), a sensitive information-sharing platform used by federal, state, local, and private-sector partners. [...]BLEEPINGCOMPUTER.COM
1 JulTeen suspect in Scattered Spider hacks is extradited to USA complaint unsealed this week accuses a 19-year-old of participating in incidents including a breach of a "luxury-jewelry retailer" in 2025.THERECORD.MEDIA
1 JulFortiBleed credential-theft campaign linked to Lynx ransomwareThe massive FortiBleed credential theft campaign has been linked to the INC and Lynx ransomware operations, suggesting the stolen Fortinet credentials were intended to fuel future network intrusions. [...]BLEEPINGCOMPUTER.COM
30 JunProduct showcase: Scam calls, phishing, and data breaches? Meet AVG Mobile SecurityAVG Mobile Security for iOS helps protect users against online threats with features including Web Guard, VPN, Scam Guardian Pro, Hack Alerts, and Photo Vault. It also identifies suspicious calls and scam text messages and helps keep personal information private while using Wi-Fi…HELPNETSECURITY.COM
30 JunOver 300 UK Firms Hit by Ransomware in a YearReport Fraud data reveals that more than half of 323 UK ransomware victims last year were SMEsINFOSECURITY-MAGAZINE.COM
30 JunBlackfield ransomware asks Nidec Corporation for $2 million ransomThe Blackfield ransomware gang is asking for a $2 million ransom from Nidec Corporation, a large Japanese manufacturer of electronic components for automotive and computing applications. [...]BLEEPINGCOMPUTER.COM
30 JunNissan Employee Data Breached in Oracle PeopleSoft HackOnly a handful of the 100 organizations targeted in the PeopleSoft campaign have been confirmed. The post Nissan Employee Data Breached in Oracle PeopleSoft Hack appeared first on SecurityWeek .SECURITYWEEK.COM
30 JunAflac Japan Data Breach Impacts 4.38 MillionHackers accessed the insurance giant’s policyholder portal multiple times between June 15 and June 25. The post Aflac Japan Data Breach Impacts 4.38 Million appeared first on SecurityWeek .SECURITYWEEK.COM
30 JunLessons from the Underground: How to Combat Business Email CompromiseBusiness Email Compromise is more than an email scam. It's a coordinated operation involving compromised accounts, financial research, and cash-out networks. Flare explores how underground forums reveal how BEC attacks are planned and executed. [...]BLEEPINGCOMPUTER.COM
30 JunStop Policing AI PromptsAI security is changing. Instead of focusing only on preventing bad responses or prompt abuse, organizations increasingly need to control what AI agents are actually allowed to do inside real systems. As AI agents gain access to identities, applications, and workflows, the bigges…YOUTUBE.COM
30 JunWeekly Update 510: Live From Mallorca with Scott HelmePresently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite How's the view?! Back to business, it's now 8 years ago that Scott and I thought it would be a cool idea to build Why no HTTP…TROYHUNT.COM
30 JunMicrosoft Warns Poisoned MCP Tool Descriptions Can Make AI Agents Leak DataNew Microsoft research shows how attackers can hijack AI agents that act on a user's behalf, using nothing more than a poisoned tool description to make the agent quietly hand over company data to an outsider. The trick is that the agent never breaks a rule. Every step …THEHACKERNEWS.COM
30 JunMalicious PyPI packages give hackers control of Telegram bot serversA campaign active since last November has been targeting Python developers building Telegram bots with trojanized Pyrogram forks that allow attackers to read arbitrary files on compromised servers. [...]BLEEPINGCOMPUTER.COM
29 JunSycophantic chatbots and the harms that build over many chatsPeople use AI chatbots for company, advice, and emotional support, and these systems answer in ways meant to hold their attention. Researchers describe the resulting risks as affective safety, a class of harm that exists because humans are emotional beings and because the systems…HELPNETSECURITY.COM
29 JunHijacked npm and Go Packages Use VS Code Tasks to Deploy Python InfostealerCybersecurity researchers have uncovered two hijacked npm packages and a cluster of Go packages that are designed to deploy a Python-based information stealer on compromised Windows, Linux, and macOS hosts. "This attack avoids the most common npm execution paths through lifecycle…THEHACKERNEWS.COM
29 JunThe Gentlemen are knocking: сustom backdoors and evolving tacticsKaspersky researchers analyze incidents related to The Gentlemen RaaS group, disclose their tools and TTPs, and find a new ransomware variant.SECURELIST.COM
29 JunTop Google Security Staff Warn Search Data Could Be Hacked if EU Rules ChangeEurope’s pro-competition proposals could see Google Search and Android systems opened up. The company claims there are serious privacy flaws.WIRED.COM
29 JunRussian Hackers Accused of Destructive Cyber-Attack on Jaguar Land RoverExperts warn the Jaguar Land Rover breach bears hallmarks of Kremlin-backed hackers, citing novel ransomware, strategic timing and efforts to obscure attributionINFOSECURITY-MAGAZINE.COM
29 JunPrivacyHawk Enterprise helps organizations find shadow IT and minimize third-party cyber riskPrivacyHawk has announced the general availability of PrivacyHawk Enterprise, a solution that identifies and eliminates the shadow IT accounts, abandoned SaaS subscriptions, and forgotten third-party services quietly exposing organizations to breach risk. Every organization has a…HELPNETSECURITY.COM
29 Jun29th June – Threat Intelligence ReportFor the latest discoveries in cyber research for the week of 29th June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Polymarket, a large cryptocurrency-based prediction market, has confirmed a supply chain attack after a third-party frontend vendor b…RESEARCH.CHECKPOINT.COM
29 JunFrom Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver AkiraKey Takeaways This case was first reported to customers in a threat brief released in July 2025 and in a public flash alert in August 2025 in partnership with Swisscom B2B CSIRT, which observed another intrusion tied to the same campaign. This report contains data from both intru…THEDFIRREPORT.COM
29 JunWhite House eases restrictions on Mythos.FBI issues updated warning on Russian phishing attacks targeting messaging apps. Japanese telecommunications giant discloses breach.THECYBERWIRE.COM
29 JunInsurance body confirms hackers posted Oracle PeopleSoft breach dataNAIC warned that some ratings agencies have suspended data feeds as a precaution. CYBERSECURITYDIVE.COM
29 JunOne Hack, Fifty VictimsA single breach can trigger many others when attackers compromise widely used software, infrastructure, or suppliers. The speakers describe this as a cascading breach, while also comparing it to hack amplification. Rather than attacking companies one by one, attackers may focus o…YOUTUBE.COM
29 JunWhat the June 2026 Threat Technique Catalog update means for your AWS environmentThe AWS Customer Incident Response Team (AWS CIRT) encounters patterns that repeat across engagements when helping customers respond to security incidents. We’re passionate about making sure that information is accessible so that everyone can improve their security posture and th…AWS.AMAZON.COM
29 JunIran, Russia, China Target Water Systems for SabotageNation-state attackers breach water systems through weak passwords, exposed PLCs, and poor segmentation — not sophisticated malware.DARKREADING.COM
28 JunSECURITY AFFAIRS MALWARE NEWSLETTER ROUND 103Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter More Than 4,000 Legacy Routers Compromised by AryStinger, Turned into Global Attack Proxies for Hackers   A VBScript …SECURITYAFFAIRS.COM
27 JunKubernetes forensics 1/3: what the container ?In 2025, Synacktiv CSIRT observed a significant rise in attacks and compromises targeting Kubernetes environments. The consensus is that these attacks are bound to keep expanding as much as the technology itself. To better understand how a Kubernetes cluster works and how to inve…SYNACKTIV.COM
27 JunOSX/MacRansom; analyzing the latest ransomware to target macsLooks like somebody on the 'dark web' is offering 'Ransomware as a Service'...that's designed to infect Macs!OBJECTIVE-SEE.ORG
27 JunHandBrake Hacked! OSX/Proton (re)AppearsThe website of a popular application was hacked, and the application trojaned with a new variant of osx/proton.OBJECTIVE-SEE.ORG
27 JunTowards Generic Ransomware DetectionBy monitoring file I/O events and detecting the rapid creation of encrypted files by untrusted processes, can ransomware be generically detected?OBJECTIVE-SEE.ORG
27 JunThird-Party Breaches Teach Education Sector a Costly Lesson in Vendor RiskRising threats from third-party actors are forcing institutions to play defense to protect student data from ransomware and other attacks.DARKREADING.COM
27 JunHospitality Sector Hit by Phishing Campaign Using Fake Guest Complaint EmailsMicrosoft warns of a phishing campaign targeting the hospitality sector with fake guest emails that install TonRAT using resilient persistence. Microsoft Threat Intelligence published a detailed analysis on an ongoing hacking campaign against hospitality organizations that has be…SECURITYAFFAIRS.COM
27 JunUkraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging CredentialsThe Security Service of Ukraine (SSU) said it, together with the U.S. Federal Bureau of Investigation (FBI), uncovered a long-running campaign orchestrated by Russian intelligence services to break into the messaging accounts of government officials, military personnel, politicia…THEHACKERNEWS.COM
26 JunAmerican Tower - 216,601 breached accountsIn June 2026, telecommunications tower infrastructure company American Tower was the target of a ShinyHunters "pay or leak" extortion campaign . The group subsequently published data allegedly taken from the company containing more than 200k unique email addresses belonging to em…HAVEIBEENPWNED.COM
26 JunCMC Releases Analysis and Guidance for Education Sector After Canvas Data BreachThe UK Cyber Monitoring Centre reviews the Canvas breach affecting 160 UK universities, highlighting data theft risks and financial impacts of cyber incidentsINFOSECURITY-MAGAZINE.COM
26 JunSIM-swapping gang busted in international police operationOfficers from Poland’s Central Bureau for Combating Cybercrime (CBZC) arrested four suspected members of an organized cybercrime group accused of SIM swap attacks, cryptocurrency theft, and money laundering. The operation involved agents from the U.S. Federal Bureau of Inve…HELPNETSECURITY.COM
26 JunHealthcare leaders see a fatal cyber incident as inevitableHealthcare practices run on a chain of outside vendors. An EMR system holds clinical records, a billing platform processes claims, a telehealth tool supports remote visits, and a cloud provider stores data. Every one of those connections gives an outside company a path into the p…HELPNETSECURITY.COM
26 JunOne Million Passports Leaked OnlineA database of almost a million passports from around the world was leaked online. Note what happened. A high-value credential—a passport—was used in an ancillary low-value authentication system: ID verification for cannabis dispensaries. And it’s the low-value s…SCHNEIER.COM
26 JunMiasma Malware Targets npm Packages and GitHub Actions in Supply Chain AttackCybersecurity researchers have flagged yet another evolution of the supply chain attack linked to the Mini Shai-Hulud, Miasma, and Hades malware family that has compromised a new set of npm packages, even as it has propagated to the Go ecosystem. "The latest activity includes mal…THEHACKERNEWS.COM
26 JunPolymarket suffers supply chain attack leading to $3 million crypto theftPolymarket says it has contained a supply chain attack that injected malicious code into its website after a compromised third-party vendor exposed some users to a phishing campaign. This resulted in roughly $3 million in cryptocurrency theft, which the company says will be fully…CYBERINSIDER.COM
26 JunMystery hackers use novel SharkLoader dropper against governments, software devsKaspersky researchers have uncovered a previously unknown cyberattack campaign that has compromised government organizations and software development companies in multiple countries. They first stumbled onto the campaign while investigating an attack on a diplomatic organization …HELPNETSECURITY.COM
26 JunRussia used social engineering to breach prominent messaging accounts, Ukraine saysUkraine's SBU described a long-running Russian operation that used fake tech-support workers to persuade people to hand over credentials to their messaging apps.THERECORD.MEDIA
26 JunIn Other News: Chinese Mythos-Like AI, Tata Electronics Breach, Snyk LayoffsOther noteworthy stories that might have slipped under the radar: Russia used Cellebrite to hack activist’s phone, Five Eyes issue urgent AI threat warning, macOS Gaslight backdoor, Scattered Spider guilty pleas. The post In Other News: Chinese Mythos-Like AI, Tata Electronics Br…SECURITYWEEK.COM
26 JunChinese-Speaking APT Deploys New TinyRCT Backdoor in Southeast Asia CampaignA Chinese-speaking advanced persistent threat (APT) actor has been linked to a new custom backdoor called TinyRCT as part of cyber attacks aimed at government entities and critical infrastructure in Southeast Asia. The activity, particularly aimed at state-owned enterprises in th…THEHACKERNEWS.COM
26 JunNew SharkLoader Malware Deploys Cobalt Strike in StrikeShark CyberattacksA newly discovered cyber attack campaign has been observed delivering a previously undocumented malware family called SharkLoader that acts as a loader for deploying Cobalt Strike Beacon on compromised hosts. Kaspersky, which is tracking the activity under the moniker StrikeShark…THEHACKERNEWS.COM
26 JunPolymarket customers lose $3 million in supply-chain attackPolymarket says it will fully reimburse customers who lost an estimated $3 million after hackers injected a malicious script into the platform's frontend following a breach at a third-party vendor. [...]BLEEPINGCOMPUTER.COM
25 JunSurviving the Mythos Era: Richard Bejtlich on the Case for NDRDespite the abundance of telemetry at analysts’ disposal, many security operations teams struggle to answer a few basic questions during incident investigation: What happened? What evidence do we have? How do we know we’re seeing it all, in context? Answering these questions requ…THEHACKERNEWS.COM
25 JunPolymarket says hackers stole users’ fundsThe prediction market giant Polymarket said it's refunding users who had funds stolen due to a third-party breach.TECHCRUNCH.COM
25 JunHacked Klue says criminals are deleting stolen customer data, but now other hackers are making threatsMarket research company Klue told customers that it believes the hacking group that stole their data is now deleting it. The company, however, warned about a second group of hackers wanting ransom.TECHCRUNCH.COM
25 JunCellebrite said it cut off Russia, but Russia used its tools anywaySecurity researchers found evidence that Russian authorities hacked the iPhone of a political opponent using a phone-unlocking device made by Cellebrite, even after the company said it would stop selling to Putin’s government.TECHCRUNCH.COM
25 JunGamaredon in 2025: Leveraging tunnels, workers, dead drops, and new alliancesESET Research analyzes Gamaredon’s new toolset and the group’s growing reliance on legitimate online services to hide its C&C infrastructure and exfiltrate stolen dataWELIVESECURITY.COM
25 JunEvaluating Mexico’s New Cybersecurity PlanExplore an analysis of Mexico’s 2025–2030 National Cybersecurity Plan. Discover how Mexico is addressing critical threats like ransomware, organized crime, and AI-driven attacks while preparing its digital infrastructure for the 2026 FIFA World Cup and beyondRECORDEDFUTURE.COM
25 JunElite network says it was hacked after members&#8217; personal data was left exposedPersonal data belonging to politicians, military leaders, and executives was left publicly accessible in what looks like a security misconfiguration.MALWAREBYTES.COM
25 JunGone with the command.International operation disrupts Amadey and StealC malware infrastructure. Australian spy chief warns nation-state hackers are prepositioning for future sabotage. Stealthy new backdoor may be tied to initial access broker. Researchers uncover "Cordyceps" supply chain flaw. Iran-l…THECYBERWIRE.COM
25 JunAnother Russian dairy company reportedly disrupted by cyberattackA dairy products manufacturer in Russia's republic of Bashkortostan is the latest such company to have its operations snarled by a cyberattack.THERECORD.MEDIA
25 JunUkraine's state postal operator reports app disruption after cyberattackUkraine's state-owned postal operator said it was experiencing disruptions to some of its app services due to a suspected cyberattack, but did not say who was behind it.THERECORD.MEDIA
25 JunMinnesota man known as ‘Snoopy’ sentenced in DraftKings hackNathan Austad, who sold access to compromised accounts through a criminal storefront, is the third and final defendant sentenced in the 2022 breach The post Minnesota man known as ‘Snoopy’ sentenced in DraftKings hack appeared first on CyberScoop .CYBERSCOOP.COM
25 JunMajor Increase in Ransomware Attacks Targeting Europe, Warns New ReportAnalysis of ransomware incidents by researchers at Black Kite found that attacks have risen by over 50% in the last year, with supply chain attacks increasingINFOSECURITY-MAGAZINE.COM
25 JunPoland busts SIM-swapping gang tied to millions in crypto theftAuthorities in Poland have arrested four members of an organized cybercrime group accused of breaching telecommunications partners and hijacking email accounts to carry out SIM-swapping attacks. [...]BLEEPINGCOMPUTER.COM
25 JunWebinar: Why account takeovers remain one of the hardest threats to stopAccount takeover attacks continue to challenge security teams because attackers often operate through legitimate accounts and trusted services. This webinar explores how behavioral AI can help organizations identify compromised accounts faster and automate response workflows. [..…BLEEPINGCOMPUTER.COM
25 JunEurope Evolves Into Ransomware's Favorite RegionAfter a global lull, ransomware gangs are setting sights on a rich new arena: attacking EU organizations and their suppliers.DARKREADING.COM
25 JunStealthy new backdoor surfaces in attacks on multiple sectorsA relatively new backdoor called Mistic has been deployed in multiple attacks since April 2026 targeting organizations in the insurance, education, IT, and professional services sectors, according to Symantec. The malware appears to be associated with Woodgnat, also known as Kong…HELPNETSECURITY.COM
24 JunFortiBleed: Fortinet Says It's Not a BugFortinet finally weighs in on FortiBleed - it's not a bug. Plus a healthcare AI firm loses 1.4 million people's data to a single phishing email, a trading bot built to prey on others gets played for $15 million, and LastPass lands back on a breach list it didn't cause. 00:00 Head…CYBERSECURITYTODAY.LIBSYN.COM
24 JunWeekly Update 509Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite I know enough about home cinema audiovisual to know there's a lot I don't know. It's conscious incompetence, if you like…TROYHUNT.COM
24 JunStealthy Mistic backdoor linked to ransomware access broker KongTukeA new backdoor dubbed Mistic has been observed in financially motivated attacks targeting organizations in the insurance, education, IT, and professional services sectors. [...]BLEEPINGCOMPUTER.COM
24 JunIran-Linked MuddyWater Poses as Ransomware Gang to Mask Cyber EspionageAn NCC Group report warns state-backed hackers are attempting to hide activity by posing as ransomware groups and deploying commercially available malwareINFOSECURITY-MAGAZINE.COM
24 JunNew ‘Mistic’ RAT Opens Door to Several Ransomware FamiliesMistic is used by Woodgnat, an initial access broker working with Qilin, Interlock, Rhysida, Akira, 8Base, and Black Basta. The post New ‘Mistic’ RAT Opens Door to Several Ransomware Families appeared first on SecurityWeek .SECURITYWEEK.COM
24 JunKDDI Breach Affects Six Japanese ISPs, Exposes 14.2 Email CredentialsCustomers of the affected Japanese email services are “strongly advised” to change their email passwordsINFOSECURITY-MAGAZINE.COM
24 JunPhishing attack on healthcare firm Xsolis impacts 1.4 million peopleHealthcare technology company Xsolis confirmed that a phishing attack resulted in unauthorized access to its network. The company develops AI-powered software for hospitals, health systems, and health plans and serves more than 600 hospitals and health insurers. “On January…HELPNETSECURITY.COM
24 JunIndian auto giant Bajaj Auto hit by ransomware incidentThe company said in a regulatory filing that it became aware of the incident on Tuesday morning and had taken precautionary measures to contain its impact.THERECORD.MEDIA
24 JunMadison Square Garden Sports - 9,796,738 breached accountsIn June 2026, the sports and entertainment company Madison Square Garden Sports was the target of a ShinyHunters "pay or leak" extortion campaign . The group later published the alleged data, which included almost 10M unique email addresses spanning staff and customers, along wit…HAVEIBEENPWNED.COM
24 JunAmadey, StealC malware operations disrupted in Operation Endgame actionMicrosoft, Europol, and international partners have disrupted infrastructure used by the Amadey and StealC malware operations as part of Operation Endgame, which targets cybercriminal services and ransomware gangs. [...]BLEEPINGCOMPUTER.COM
24 JunRansomware attacks grew in 2025 as traditional data breaches fell, Bitsight saysIn a new report, the company also charted a massive surge in internet-exposed AI services.CYBERSECURITYDIVE.COM
24 JunMicrosoft, Europol lead global takedown of infostealer malwareCybercriminals used Amadey and StealC to infect thousands of computers worldwide, leading to ransomware and other digital crimes.CYBERSECURITYDIVE.COM
24 JunSmashing Security podcast #473: How a hacker could have Rickrolled the entire World CupA polite caller from your bank says there is a problem with your account. Don't worry - they'll send someone round to help. They'll even take your cards away to keep them safe. The scam has run rampant, until Dutch police plastered blurred photos of 100 suspects across billboards…GRAHAMCLULEY.COM
24 JunDraftKings hacker 'Snoopy' sentenced to 18 months in prisonA 21-year-old using the alias "Snoopy" was sentenced to 18 months in prison for his role in hacking DraftKings accounts in the November 2022 cyberattack. [...]BLEEPINGCOMPUTER.COM
24 JunMalicious Edge extension abuses Native Messaging as bridge to malwareA malicious Microsoft Edge extension dubbed 'Edgecution' has been used in a ransomware attack to escape the browser sandbox and deploy a Python-based backdoor. [...]BLEEPINGCOMPUTER.COM
23 JunXsolis Data Breach Affects 1.4 Million IndividualsThreat actors gained access to personal and protected health information that Xsolis received from its clients. The post Xsolis Data Breach Affects 1.4 Million Individuals appeared first on SecurityWeek .SECURITYWEEK.COM
23 JunCanadian Electricity Provider London Hydro Discloses Data BreachHackers stole customers’ names, addresses, email addresses, phone numbers, and account information. The post Canadian Electricity Provider London Hydro Discloses Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
23 JunHackers steal passport and driver&#8217;s license data of 3 million TexansA breach at a Texas Parks and Wildlife Department vendor exposed personal information belonging to more than three million Texans.MALWAREBYTES.COM
23 JunTwo Scattered Spider hackers plead guilty over Transport for London cyberattackTwo members of the notorious hacker group Scattered Spider have pleaded guilty to charges related to a 2024 cyberattack on Transport for London (TfL) that resulted in £29 million in loss and recovery costs. Thalha Jubair, 20, from London, and Owen Flowers, 18, from Walsall, plead…HELPNETSECURITY.COM
23 JunAnthropic’s Fable 5 Model Jailbroken Within DaysFable 5 is the supposed safe version of Anthropic’s Mythos Preview, with guardrails to ensure that it can’t be used to create cyberattacks. Well, that restriction was bypassed within days.SCHNEIER.COM
23 JunTwo Scattered Spider members plead guilty over cyberattack that crippled London transitA 20-year-old and an 18-year-old admitted to infiltrating the network of Transport for London in 2024, disrupting public transportation services for months.THERECORD.MEDIA
23 JunPassword manager maker LastPass says hackers stole customer support case data during Klue breachThis is the second data breach to affect LastPass customers in recent years, after one of the password manager's tech partners was recently breached.TECHCRUNCH.COM
23 JunScattered Spider Hackers Plead Guilty on Day 1 of TrialTwo men pleaded guilty in the United Kingdom this week to criminal charges stemming from an August 2024 cyberattack that crippled Transport for London, the entity responsible for the public transport network in the Greater London area. The duo were key members of a prolific cyber…KREBSONSECURITY.COM
23 JunTata Electronics confirms cybersecurity incident after World Leaks dumps Apple dataTata Electronics has confirmed that it recently experienced a cybersecurity incident after the World Leaks extortion group listed the company on its leak portal and published what it claims is stolen corporate data. The company says it detected the incident weeks ago and that its…CYBERINSIDER.COM
23 JunKlue says hackers stole credential from 2022 that led to customer data breachesIt's unclear why Klue had not revoked the credential after the limited pilot, which hackers then used to breach a system holding keys for accessing customers' data.TECHCRUNCH.COM
23 JunDialog Claims It Was Hacked. A Misconfigured Website Left Its Members ExposedThe private events group, cofounded by Peter Thiel, says a “criminal” hacker is behind a breach that exposed members’ personal details. WIRED found no evidence a break-in was needed to access the files.WIRED.COM
23 JunHealthtech firm Xolis suffers data breach impacting 1.4 million peopleHealthcare technology company Xsolis says that sensitive data belonging to nearly 1.4 million individuals was compromised in a phishing attack that gave attackers access to its network. [...]BLEEPINGCOMPUTER.COM
23 JunYour Breach Plan Is DelusionalCybersecurity teams often repeat the phrase: “It’s not if, it’s when.” But according to this conversation, many organizations still behave as if breaches are completely preventable. Budgets continue flowing into detection tools, dashboards, and perimeter defenses while resilience…YOUTUBE.COM
23 JunTata Electronics confirms cyberattack as hackers leak dataTata Electronics has confirmed in a statement to BleepingComputer that it was the target of a cyberattack that impacted parts of its IT infrastructure. [...]BLEEPINGCOMPUTER.COM
22 JunTexas Parks & Wildlife Data Breach Affects 3 Million IndividualsHackers stole personal information after breaching the systems of a third-party license vendor serving TPWD. The post Texas Parks & Wildlife Data Breach Affects 3 Million Individuals appeared first on SecurityWeek .SECURITYWEEK.COM
22 JunINTERPOL Warns Phishing, Ransomware, and AI Scams Are Rising Across Asia-PacificA new report from INTERPOL has revealed a "dramatic increase" in cybercrime in Asia and the South Pacific, fueled by rapid digitalization, internet penetration, new technologies, organized criminal networks, and a disparity in cybersecurity maturity. According to INTERPOL's 2025/…THEHACKERNEWS.COM
22 JunInfrastructure downtime has a $50k-per-hour price tag. It’s time to turn hours into minutes.Threats move at machine speed. Network incident response still doesn't. What’s standing in the way?CYBERSECURITYDIVE.COM
22 JunWhatsApp users targeted by ongoing VBScript malware campaignKaspersky researchers have uncovered an ongoing malware campaign that uses compromised WhatsApp accounts to distribute malicious VBScript attachments. The attachments install ManageEngine Endpoint Central, a legitimate remote management tool that can provide attackers with remote…CYBERINSIDER.COM
22 Jun⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and MoreIt’s Monday again. This week’s threat list looks painfully familiar: abused integrations, fake tools, poisoned websites, ransomware crews trying to shut down security tools, and mobile malware asking for way too much control. The annoying part is how little of this feels new. Wea…THEHACKERNEWS.COM
22 JunKlue hack results in data breach at several cybersecurity firmsHuntress, HackerOne, Jamf, Recorded Future, and Tanium are among the cybersecurity companies that had data stolen following an earlier breach at market research firm Klue.TECHCRUNCH.COM
22 JunSuspected cyberattack triggers false emergency alerts across parts of BrazilThe incident occurred early Saturday when at least a dozen unauthorized alerts were sent through Brazil's Civil Defense Alert system, a platform designed to warn residents about imminent threats such as floods, landslides and other natural disasters.THERECORD.MEDIA
22 JunGentleKiller Framework Disables Victims' Security SoftwareESET details GentleKiller, the EDR-killer framework the Gentlemen ransomware gang gives affiliatesINFOSECURITY-MAGAZINE.COM
22 JunPrevent data exfiltration: AWS egress controls for cloud workloadsWhen securing an Amazon Web Services (AWS) environment, teams naturally prioritize inbound controls, firewalls, WAFs, and access policies, because that’s where the most visible threats originate. Outbound traffic, on the other hand, tends to get less attention. It’s often left op…AWS.AMAZON.COM
22 JunKlue supply-chain attack impacts cybersecurity firms.Brand-new Prinz Eugen ransomware is surprisingly polished. Brazil investigates suspected hack of emergency alert system. Texas data breach affects hunting and fishing licensees.THECYBERWIRE.COM
22 Jun22nd June – Threat Intelligence ReportFor the latest discoveries in cyber research for the week of 22nd June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Texas Parks and Wildlife Department has been affected by a third-party data breach involving its license system vendor. The incident …RESEARCH.CHECKPOINT.COM
22 JunOne intrusion, two cyberattackers: Uncovering parallel threat activityRansomware case reveals two parallel threat actors, blending tactics and evasion—showing why isolated signals can often miss modern, overlapping cyberattacks. The post One intrusion, two cyberattackers: Uncovering parallel threat activity appeared first on Microsoft Security Blog…MICROSOFT.COM
22 JunShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain AttackMultiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack after unknown threat actors managed to tamper with the official release channels and push backdoor code. "Attackers compromised the vendor's build and distribution pipeline, injecting backdoor …THEHACKERNEWS.COM
22 JunTata Electronics, a major tech supplier to Apple and Tesla, confirms data breachThe incident comes as Tata Electronics expands its role in global technology supply chains.TECHCRUNCH.COM
22 JunFortiBleed campaign used custom FortiGate sniffer to steal credentialsSecurity firm SOCRadar says the large-scale FortiBleed campaign targeting Fortinet FortiGate devices used custom sniffers to harvest authentication secrets from compromised firewalls and steal credentials. [...]BLEEPINGCOMPUTER.COM
22 JunThe Klue is in the data trail.Klue supply-chain attack impacts cybersecurity firms. Brand-new Prinz Eugen ransomware is surprisingly polished. ShinyHunters leak exposes sensitive data of 10,000 Council of Europe employees. Security agencies sound alarm over FortiBleed credential harvesting operation. Texas da…THECYBERWIRE.COM
22 JunJaredFromSubway MEV bot hacked in $15 million crypto theftThe JaredFromSubway Ethereum MEV (Maximal Extractable Value) bot suffered a $15 million loss after an attacker manipulated the opportunity-detection logic by creating fake cryptocurrency trading opportunities. [...]BLEEPINGCOMPUTER.COM
21 JunAryStinger botnet infected thousands of D-Link routers worldwideA previously undocumented malware botnet named AryStinger has compromised more than 4,000 outdated routers to turn them into proxies for malicious traffic. [...]BLEEPINGCOMPUTER.COM
20 JunThe Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security ProcessesThe Gentlemen ransomware-as-a-service (RaaS) operation is actively developing and maintaining a suite of endpoint detection and response (EDR) killers that it hands out to affiliates for impairing system defenses before deploying the encryptor. This mature portfolio of EDR-termin…THEHACKERNEWS.COM
20 JunYou Don’t Need Perfect SecurityThis clip compares cybersecurity deterrence to choosing between two identical Ferraris — except one has a rabid pit bull in the back seat. The point is simple: attackers often look for the easiest target, not necessarily a perfect target. The conversation also references the clas…YOUTUBE.COM
20 JunMicrosoft links Mastra AI supply chain attack to North Korean hackersMicrosoft has attributed a recent Mastra AI supply chain attack that compromised more than 140 npm packages to the North Korean hacking group Sapphire Sleet, also known as BlueNoroff. [...]BLEEPINGCOMPUTER.COM
20 JunNew Prinz Eugen ransomware prioritizes recent files for encryptionA new ransomware operation named 'Prinz Eugen' prioritizes recently modified files for encryption and leaves no ransom note on the system. [...]BLEEPINGCOMPUTER.COM
19 JunFrom Assistive to Agentic: The AI Shift That's Redefining Threat ManagementIntroduction The average enterprise security team has 40 or more security tools, giving a lot of visibility into internal telemetry and asset data. But often, these tools are working in siloes, generating (overlapping) alerts and data. And yet, breach dwell times remain stubbornl…THEHACKERNEWS.COM
19 JunOperation Endgame Disrupts Malware Network Linked to Major Ransomware GangSocGholish malware has been removed from 15,000 sites associated with Evil Corp hackersINFOSECURITY-MAGAZINE.COM
19 JunWebinar: How attackers bypass MFA and how defenders can respondModern phishing attacks, including Device Code phishing, can undermine MFA protections and grant attackers access to corporate accounts without stealing passwords. This webinar explores how behavioral AI can help security teams detect compromised accounts faster and automate resp…BLEEPINGCOMPUTER.COM
19 JunFortiBleed: 86,000 Fortinet Device Credentials CompromisedThe large-scale credential theft campaign hit roughly half of the internet-accessible Fortinet firewalls and VPNs. The post FortiBleed: 86,000 Fortinet Device Credentials Compromised appeared first on SecurityWeek .SECURITYWEEK.COM
18 JunHow security teams are getting credential visibility into developer endpointsAs we noted in our earlier analysis, attackers already know secrets are on your developers’ machines, the only question is whether security teams do. The supply chain attack calendar of 2026 has been relentless. Megalodon backdoored 5,500 GitHub repositories in six hours. T…HELPNETSECURITY.COM
18 JunKodak Admits Data Breach After ShinyHunters Hack ClaimsKodak told SecurityWeek it believes there is no threat to its systems or operations as a result of the cybersecurity incident. The post Kodak Admits Data Breach After ShinyHunters Hack Claims appeared first on SecurityWeek .SECURITYWEEK.COM
18 Jun5 new security operations roles the AI-SOC will createFor years we’ve heard the frightening prediction that AI will take jobs away from people. It will and it already is , but that doesn’t mean it won’t also create new jobs and skills demands — like every other labor trend driven by technology advances. Take security operations for …CSOONLINE.COM
18 JunGentleKiller targets more than 400 security processes across 48 productsMost ransomware operations leave the work of disabling endpoint security software to their affiliates. The ransomware-as-a-service gang Gentlemen runs a different model. Its operators develop and maintain a set of tools for shutting down endpoint detection and response (EDR) prod…HELPNETSECURITY.COM
18 JunKodak confirms breach as ShinyHunters&#8217; leak threat reaches deadlineThe photography giant confirmed a data breach after ShinyHunters claimed it stole 2.2 million records and threatened to leak them.MALWAREBYTES.COM
18 JunMoody Bible Institute investigates potential data breach incidentMoody Bible Institute (MBI) says it is investigating claims that its systems were breached after the institution appeared on the dark web extortion site operated by the ShinyHunters threat group, which alleges it stole more than 23 GB of sensitive data from the Chicago-based Chri…CYBERINSIDER.COM
18 JunShapedPlugin update flow hacked to infect WordPress sitesMultiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack that distributed infected releases to paying customers via the vendor's official update system. [...]BLEEPINGCOMPUTER.COM
18 JunINC Ransomware Emerges as Major RaaS Threat in 2026 with 830+ Victims Since 2023Cybersecurity researchers have charted the evolution of INC from an nascent ransomware-as-a-service (RaaS) operation to one of the most prolific cybercrime groups in 2026, claiming no less than 830 victims since August 2023. "The disruption of LockBit and the shutdown of BlackCat…THEHACKERNEWS.COM
18 JunAustralian sugar producer works to restore operations as ransomware group claims attackMackay Sugar said it was "working urgently" to verify claims that a highly active ransomware group was behind a cyberattack that shut down harvesting and milling operations.THERECORD.MEDIA
18 JunICO Cautions Healthcare Worker After Princess of Wales IncidentHospital insider escapes criminal prosecution after attempting to sell royal’s medical recordsINFOSECURITY-MAGAZINE.COM
18 JunTexas government data breach allowed hackers to steal 3 million driver’s licenses and passportsA data breach involving government-issued ID documents affects over three million people in Texas.TECHCRUNCH.COM
18 JunNintendo confirms data stolen in WebMD subsidiary cyberattackNintendo of America has confirmed to BleepingComputer that threat actors stole survey data from the third-party TinyPulse service used internally, but its systems were not compromised. [...]BLEEPINGCOMPUTER.COM
18 JunNovo Nordisk Breach Exposes Software Development Pipeline RiskA leaked GitHub token underscores what most organizations get wrong: Treating secrets management as a tooling problem rather than an identity problem.DARKREADING.COM
18 JunCybersecurity Focused On The Wrong ThingTraditional cybersecurity frameworks often prioritize confidentiality — protecting sensitive information from unauthorized access. But attacks against critical infrastructure introduce a different kind of risk. In many scenarios, the bigger danger is not stolen data, but failures…YOUTUBE.COM
18 JunGentlemen ransomware uses multiple EDR killers to disable defensesThe Gentlemen ransomware-as-a-service (RaaS) is actively developing and maintaining a suite of endpoint detection and response (EDR) killers to help affiliates evade detection in attacks. [...]BLEEPINGCOMPUTER.COM
17 JunNavigating SEC, NIS2, and DORA incident disclosure timelines under pressureIn this Help Net Security video, Rick Goud, Global Field CTO at Kiteworks, discusses how to handle SEC, NIS2, and DORA disclosure timelines during a security incident. He opens with a 3.47 a.m. call: the team cannot confirm whether customer data left the environment, yet three re…HELPNETSECURITY.COM
17 Jun3 Recently Patched Fortinet FortiSandbox Vulnerabilities in Hacker CrosshairsSOCRadar has detected 30,000 compromised Fortinet firewalls that expose networks to hacking. The post 3 Recently Patched Fortinet FortiSandbox Vulnerabilities in Hacker Crosshairs appeared first on SecurityWeek .SECURITYWEEK.COM
17 JunKodak confirms data breach claimed by ShinyHunters extortion gangKodak has confirmed that it's working with external cybersecurity experts to investigate a security breach after hackers gained access to some of the company's data. [...]BLEEPINGCOMPUTER.COM
17 JunMalicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot ChatsCybersecurity researchers have flagged a "coordinated malware campaign" on the JetBrains Marketplace that has published no less than 15 malicious plugins capable of exfiltrating artificial intelligence (AI) provider keys. "Every plugin poses as an AI coding assistant built on Dee…THEHACKERNEWS.COM
17 JunEU Security Experts to Support Ukrainian Organizations in Case of Cyber-AttacksUkraine has been added to the EU Cybersecurity Reserve, which provides incident response services against large-scale incidentsINFOSECURITY-MAGAZINE.COM
17 JunVelocityEHS uses QR codes to speed up incident reporting and risk responseVelocityEHS has announced the launch of QR Codes for Incident Management, a new feature designed to eliminate friction in safety reporting and help organizations surface incidents and near misses, identify risks, and take action. By enabling instant, mobile access to reporting to…HELPNETSECURITY.COM
17 JunSweeping Credential-Harvesting Heist Compromises +30K Fortinet DevicesAttackers actively are targeting various sectors across nearly 200 countries and have already compiled a list of working credentials for tens of thousands of compromised devicesDARKREADING.COM
17 JunWebinar Today: How Modern Breaches Bypass MFA and Evade DetectionAttendees will learn how attackers evade conventional detection methods, why legacy MFA alone is no longer sufficient, and how organizations can strengthen their defenses. The post Webinar Today: How Modern Breaches Bypass MFA and Evade Detection appeared first on SecurityWeek .SECURITYWEEK.COM
17 JunCalifornia water utility probes breach claim by Iran-linked actorThe group Handala said it attacked one of the nation’s largest water companies.CYBERSECURITYDIVE.COM
17 JunCanada introduces privacy law with GDPR-like penalties for data breachesThe Canadian government has introduced Bill C-36, a major privacy reform package that would recognize privacy as a fundamental right, expand consumer control over personal information, strengthen protections for children's data, and create a new regulator with the power to impose…CYBERINSIDER.COM
17 JunLow-skilled attacker used Claude, Codex to breach 14 companiesResearchers have long warned that AI agents could lower the skill floor for offensive cyber operations, and a recent report by OALABS (Open Analysis) researchers bears that out. After recovering and analyzing over 1,000 agent sessions from a compromised server on which an attacke…HELPNETSECURITY.COM
17 JunEU grants Ukraine access to cybersecurity reserve for major attacksAs Kyiv takes steps toward formal accession to the EU, the bloc is integrating Ukraine with its pool of pre-approved cybersecurity incident response companies.THERECORD.MEDIA
17 JunCybercriminals allegedly hacked tens of thousands of Fortinet firewalls used by major companies all over the worldAn alleged Russian-speaking group of cybercriminals is reportedly compromising and targeting several major companies that use Fortinet Firewalls and VPNs through previously known passwords.TECHCRUNCH.COM
17 JunAI is accelerating cyberattacks—here’s how to stay aheadSee how Microsoft unifies identity and security signals to help teams prevent, detect, and respond to AI-accelerated attacks faster. The post AI is accelerating cyberattacks—here’s how to stay ahead appeared first on Microsoft Security Blog .TECHCOMMUNITY.MICROSOFT.COM
17 JunINC Ransomware Thrives by Mastering the BasicsAnd one of those basics is focusing on sectors where a ransomware disruption creates immediate pressure to pay up, like with healthcare.DARKREADING.COM
16 JunChinese Hackers Abused Google Workspace Rules to Steal Research and Defense EmailsA China-linked espionage group hid inside North American medical, academic, and military research networks for more than a year, quietly stealing sensitive research and defense email. The way in was a backdoor on their REDCap research servers that stole login credentials. The exf…THEHACKERNEWS.COM
16 JunSurvey: 94% of Incidents Involve Anonymized Infrastructure. Teams Are Still ReactiveSecurity teams have never had more IP data at their disposal. Every day, analysts ingest enrichment feeds, geolocation data, reputation scores, telemetry, and threat intelligence from a growing ecosystem of vendors and platforms. Yet despite this abundance of information, many or…THEHACKERNEWS.COM
16 JunImaging giant Kodak confirms hackers breached systems and stole dataKodak says it is investigating a cybersecurity incident after the ShinyHunters extortion group claimed to have stolen more than 2.2 million records containing customer personally identifiable information (PII) and internal corporate data. The company confirmed that an unauthorize…CYBERINSIDER.COM
16 JunUK to require ID or face scan before you can make social media accountsOpening a new social media account in the UK will soon mean proving you're over 16 with an ID upload or a facial age scan, under a government ban on under-16s taking effect in spring 2027. Security experts warn the age checks are easy to circumvent and create new data-breach risk…BLEEPINGCOMPUTER.COM
16 Jun'Lorem Ipsum' Malware Pivots to ClickFix DeliveryNew analysis shows the campaign, which uses compromised WordPress sites, may be linked to the ransomware and data extortion group Vice Society.DARKREADING.COM
16 JunAI adoption correlates with incident frequency, underscoring need for governanceEven organizations that haven’t yet been breached expect an AI-related incident in the near future, a new survey found.CYBERSECURITYDIVE.COM
16 JuniRhythm Confirms Data Stolen in HackThe digital health company said it learned of the breach on June 8 and the attackers demanded a ransom. The post iRhythm Confirms Data Stolen in Hack appeared first on SecurityWeek .SECURITYWEEK.COM
15 JunWeekly Update 508Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite Light switches. How on earth is it so hard to find decent light switches?! It sounds ridiculous until you actually spend enough time lo…TROYHUNT.COM
15 JunOne-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA CodesA single click on a trusted Microsoft link could have let an attacker pull emails, calendar details, and indexed files out of Microsoft 365 Copilot Enterprise Search. Researchers at Varonis Threat Labs chained three bugs into a one-click exfiltration path they call SearchLeak. Be…THEHACKERNEWS.COM
15 JunInfinite Campus - 137,123 breached accountsIn March 2026, the student information system Infinite Campus was targeted in a ShinyHunters "pay or leak" extortion campaign . The group subsequently published data they alleged was taken from Infinite Campus, containing 137k unique email addresses along with names, phone number…HAVEIBEENPWNED.COM
15 JunAnthropic suspends Fable and Mythos over US national security concerns.US state attorneys general open an investigation into OpenAI. Maine takes its breach reporting database offline.THECYBERWIRE.COM
15 JunMaine closes data breach portal to the public after fake reportsMaine is still allowing companies to report breaches, but won’t make the portal easily available to the public until after it completes an audit of its procedures to stop such incidents, according to a press release from the Maine attorney general’s office.THERECORD.MEDIA
15 JunAdriatic Port Cyber-Attack by Anubis Sparks Warning Over Maritime Security RisksHow the Anubis ransomware group stole and leaked an Italian Adriatic port authority's dataINFOSECURITY-MAGAZINE.COM
15 JunMaine Takes Breach Reporting Portal Offline After Fake EntriesThe Office of the Maine Attorney General has suspended its breach reporting portalINFOSECURITY-MAGAZINE.COM
15 Jun15th June – Threat Intelligence ReportFor the latest discoveries in cyber research for the week of 15th June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The University of Nottingham, a UK research university, has suffered a data breach after ShinyHunters accessed its student records sy…RESEARCH.CHECKPOINT.COM
15 JunAkira ransomware spotted using LimeWire service for data theftAn Akira ransomware affiliate used Easyupload.io, a file-sharing service operated by LimeWire, to exfiltrate stolen data during a recent attack. The incident was detected on May 29 after Huntress' SOC identified unauthorized remote access to a domain controller. Although the init…CYBERINSIDER.COM
15 JunOptinMonster WordPress plugin hacked in CDN supply-chain attackWordPress plugins OptinMonster, TrustPulse, and PushEngage have been compromised in a supply-chain attack impacting Awesome Motive-s content distribution network (CDN). [...]BLEEPINGCOMPUTER.COM
15 JunCouncil of Europe investigates ShinyHunters data breach claimsThe Council of Europe, the continent's oldest intergovernmental body, is probing claims of a data breach made by the ShinyHunters extortion group over the weekend. [...]BLEEPINGCOMPUTER.COM
15 JunChinese hackers breach REDCap servers, steal medical researchA China-linked espionage campaign targeted exposed REDCap servers to deploy the InfiniteRed malware and steal sensitive data from a medical institution in North America. [...]BLEEPINGCOMPUTER.COM
15 JunRansomware Attack Shuts Down Mills of Australia’s Second-Largest Sugar ProducerMackay Sugar was targeted in a cyberattack carried out by a threat group known as The Gentlemen. The post Ransomware Attack Shuts Down Mills of Australia’s Second-Largest Sugar Producer appeared first on SecurityWeek .SECURITYWEEK.COM
15 JunUkrainian Man Pleads Guilty in US to Conti Ransomware ChargesOleksii Oleksiyovych Lytvynenko admitted to working on the development of a loader for the Conti gang. The post Ukrainian Man Pleads Guilty in US to Conti Ransomware Charges appeared first on SecurityWeek .SECURITYWEEK.COM
15 JunOzempic Maker Novo Nordisk Says Hackers Breached IT SystemsThe pharmaceutical giant says the attackers gained access to personal data stored on the compromised systems. The post Ozempic Maker Novo Nordisk Says Hackers Breached IT Systems appeared first on SecurityWeek .SECURITYWEEK.COM
15 JunFrench Government Messaging Platform Breached by Mysterious ‘Misere’ HackerFrench officials say roughly 73,000 government accounts were affected, while the threat actor claims to have stolen messages and user data from the sovereign Tchap platform. The post French Government Messaging Platform Breached by Mysterious ‘Misere’ Hacker appeared first on Sec…SECURITYWEEK.COM
15 JunMaine Disables Data Breach Portal Due to Fake SubmissionsSomeone posted fake VRChat and Discord data breach reports on the system, prompting the Maine AG to take action. The post Maine Disables Data Breach Portal Due to Fake Submissions appeared first on SecurityWeek .SECURITYWEEK.COM
15 JunChina-Nexus Actor Spy on US Researchers Undetected for a YearGoogle discovered and disrupted the sprawling campaign, which stole RedCAP credentials to target numerous institutions and exfiltrate sensitive data.DARKREADING.COM
15 JunThe Beginning of the End of Social EngineeringAI-native operating systems are shifting the responsibility to stay vigilant against social engineering cyberattacks from the user onto the system itself.DARKREADING.COM
15 JunUkrainian national pleads guilty in connection with Conti ransomwareA Ukrainian national pleaded guilty to conspiracy to commit wire fraud in connection with the deployment of Conti ransomware, which targeted more than 1,000 victims worldwide. According to the U.S. Department of Justice, 44-year-old Oleksii Oleksiyovych Lytvynenko joined the Cont…HELPNETSECURITY.COM
15 JunInside the Modern SOC: The 72-Minute RaceAttackers can move from access to exfiltration in 72 minutes. Learn how modern SOC teams close the speed gap with Unit 42's AI-driven automation, threat hunting, MDR and Managed XSIAM. The post Inside the Modern SOC: The 72-Minute Race appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
13 JunCyberTitan Champions: Inside Canada's National High School Cybersecurity Competition (and CyberPatriot)Cybersecurity Today on the Weekend interviews the winning Canadian CyberTitan team ("S-ores"/a regex-based name) along with coach Phil, educator Tim, and CyberTitan manager Sheena to explain how CyberTitan (run by ICTC) connects to the international CyberPatriot program. They des…CYBERSECURITYTODAY.LIBSYN.COM
13 JunThe FBI built its own replica small town to simulate real-world cyberattacksHidden inside a building in Alabama, the FBI has created its own small town as a dedicated cyber training ground for simulating cyberattacks.TECHCRUNCH.COM
13 JunEx-school district employee jailed for hacks on former employerA former IT employee at an Iowa school district was sentenced to 21 months in prison after conducting a prolonged cyberattack against the former employer that disrupted classroom operations, deleted accounts, and caused tens of thousands of dollars in damages. [...]BLEEPINGCOMPUTER.COM
12 JunEuropol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware GangsAuthorities in Europe have disrupted AudiA6, a cryptocurrency laundering service used by ransomware gangs and cybercriminal networks. Europol, in a statement issued Thursday, said the dismantling of AudiA6 cut off a "key financial pipeline used to wash hundreds of millions in ill…THEHACKERNEWS.COM
12 JunOver 73,000 French govt employees affected in Tchap messenger breachThe French government revealed that a recent breach of its Tchap encrypted messaging platform affects the accounts of over 73,000 employees in the French public sector. [...]BLEEPINGCOMPUTER.COM
12 JunRansomware Payment Crypto Laundering Platform Taken Out by FBI and EuropolDomain of dark web money laundering platform AudiA6 seized and suspects arrested in joint operation by the FBI, Europol and othersINFOSECURITY-MAGAZINE.COM
12 JunSouth Korea hits Coupang with record $409 million fine over data breachThe penalty is the largest ever issued by the commission for a personal data breach, surpassing the record 134.8 billion won ($88.8 million) fine levied against SK Telecom earlier this year.THERECORD.MEDIA
12 JunAgentic AI surges in financial sector even as many firms fail to manage security risksOne-fifth of firms aren’t even sure if they’ve been hacked through their AI tools, according to a new report.CYBERSECURITYDIVE.COM
12 JunIn Other News: Google Security Layoffs, AudiA6 Takedown, $400 Million Coupang FineOther noteworthy stories that might have slipped under the radar: ICS device exposure remains flat as attack surface widens, Microsoft issues incident response playbook for AI, IBM and AT&T accused of hack cover-ups. The post In Other News: Google Security Layoffs, AudiA6 Ta…SECURITYWEEK.COM
12 JunBankruptcy admin approves settlement fund of $47 million for 23andMe data breach victimsAbout 7 million customers of the genetics testing company had their data stolen by hackers starting in April 2023, and many had their information posted on the dark web.THERECORD.MEDIA
12 JunConti ransomware group member pleads guilty, faces up to 20 years in prisonOleksii Lytvynenko, a 44-year-old Ukrainian national, admitted to joining the prolific cybercrime group in 2021. Officials said he engaged in cybercrime up until his arrest in Ireland in 2023. The post Conti ransomware group member pleads guilty, faces up to 20 years in prison ap…CYBERSCOOP.COM
12 JunUkrainian national pleads guilty to role in Conti ransomware operationA Ukrainian national extradited from Ireland to the United States last year has pleaded guilty to conspiracy charges tied to the Conti ransomware operation. [...]BLEEPINGCOMPUTER.COM
12 JunOver 400 Arch Linux packages compromised to push rootkit, infostealerMore than 400 packages in the Arch User Repository (AUR) are distributing a Linux rootkit and infostealer malware targeting credentials and access tokens. [...]BLEEPINGCOMPUTER.COM
12 JunMaine disables data breach notification portal after fake disclosuresMaine has taken its public data breach reporting portal offline after fraudulent breach disclosures were published on the state's website, prompting a review of procedures to prevent abuse in the future. [...]BLEEPINGCOMPUTER.COM
11 JunPrompt injection still drives most agentic AI security failures in productionA backdoor sat on PyPI for three hours in March 2026. Nearly 47,000 downloads occurred during the window. The compromised package, LiteLLM, serves as the language-model gateway for CrewAI, DSPy, Microsoft GraphRAG, and dozens of other AI agent frameworks. Anyone pulling an update…HELPNETSECURITY.COM
11 JunNottingham University data breach affects over 450,000 studentsThe University of Nottingham confirmed on Wednesday that a hacking group gained access to its student records system in a breach affecting both current students and alums. [...]BLEEPINGCOMPUTER.COM
11 JunUniversity of Nottingham Confirms Breach After Hackers Leak DataThe ShinyHunters hacker group has taken credit for the attack, leaking more than 450,000 email addresses and other information. The post University of Nottingham Confirms Breach After Hackers Leak Data appeared first on SecurityWeek .SECURITYWEEK.COM
11 JunExtortion-Only Attacks Increase, With Data Theft Dominating Ransomware ClaimsExtortion-only attacks are increasing as data theft drives most ransomware claims, with many organizations unable to stop stolen data from being exposedINFOSECURITY-MAGAZINE.COM
11 JunCybersecurity Stars Awards 2026: Winners Announced Across 95 CategoriesMost good security work is invisible by design. Today is the exception. The 2026 Cybersecurity Stars Awards winners are announced across 95 subcategories in four main award categories. The reason is simple. Cybersecurity is full of work that deserves recognition and rarely gets i…THEHACKERNEWS.COM
11 JunSouth Korea hits Coupang with $400M+ fine for data breach that affected millionsSouth Korean authorities issued the record-breaking fine following a data breach that affected over 30 million customers.TECHCRUNCH.COM
11 JunUniversity of Nottingham confirms cyber incident as Shiny Hunters group claims data theftAccording to the university’s statement, it is still working to understand what data has been accessed and said it had already directly contacted affected students and alumni, potentially including those in its foreign campuses in Malaysia and China as well as in Nottingham.THERECORD.MEDIA
11 JunAI Is Upgrading Hackers FastAI is rapidly increasing the effectiveness of cyber attackers at every level. Tasks that once required deeper expertise can now be automated, accelerated, or simplified with AI-assisted tooling. That shift compresses the gap between inexperienced, mid-tier, and highly advanced th…YOUTUBE.COM
11 JunGerman court holds Google liable for AI-generated claims.OpenAI disrupts two China-linked influence operations. Cyberattack disrupts Australian sugar mills.THECYBERWIRE.COM
11 JunBritish high school sends students home following cyberattackGreat Marlow School, which has 1,428 pupils according to the Department for Education (DfE), said it was set to remain closed while it works with specialist IT and cybersecurity professionals to resolve the issue.THERECORD.MEDIA
11 JunRussian national charged in connection with Void Blizzard espionage campaignDenis Obrezko accused of orchestrating cyberattacks that compromised at least 11 U.S. companies as part of the Kremlin-linked group's sprawling espionage operation.\ The post Russian national charged in connection with Void Blizzard espionage campaign appeared first on CyberScoop…CYBERSCOOP.COM
11 JunThe court calls Google’s bluff.Google faces liability for AI-generated claims. Washington pauses public AI model assessments. Anthropic ships a safer AI model. OpenAI disrupts influence operations. Ransomware operators get a powerful new backdoor. Urgent patches land for Ivanti and Veeam. PyPI supply chain att…THECYBERWIRE.COM
11 JunMaine breach portal abused to publish fake data breach disclosuresIn an unusual misinformation campaign, fraudulent data breach disclosures were submitted to Maine's official breach portal and publicly posted before their legitimacy could be verified, prompting companies to deny the claims. [...]BLEEPINGCOMPUTER.COM
10 JunWeekly Update 507Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite 1,000 breaches is one hell of a milestone. It's not just the process of getting data, verifying it, loading it, sending notificati…TROYHUNT.COM
10 JunOver a Quarter of Identity Crime Victims Hit by Multiple Incidents, ITRC Data ShowsNearly 26% of identity crime victims faced multiple incidents in the past year, as ITRC warns of a growing "multi-layered crisis"INFOSECURITY-MAGAZINE.COM
10 JunWhy schools remain one of cybercriminals’ favourite targetsSchools on both sides of the Atlantic have been revealed in recent days to have been hit by hackers, reminding all of us that ransomware gangs see educational instituions as targets all year round. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
10 JunCyberattack shuts down major Australian sugar mills, disrupting harvestAustralia's second-largest sugar producer said on Wednesday that it was responding to a cybersecurity incident affecting parts of its operations and had engaged cybersecurity experts and local authorities to investigate the attack and restore its systems safely.THERECORD.MEDIA
10 JunUniversity of Nottingham confirms hackers accessed student dataThe University of Nottingham has confirmed to CyberInsider in a statement that it suffered a cyber incident resulting in unauthorized access to data stored in its student record system. The disclosure comes after ShinyHunters listed the university on its leak site, alleging it ha…CYBERINSIDER.COM
10 JunOracle PeopleSoft servers hacked in ShinyHunters data theft attacksOracle PeopleSoft servers are being targeted in ongoing data theft attacks by the ShinyHunters extortion gang, which claims to have stolen data from over 100 organizations. [...]BLEEPINGCOMPUTER.COM
10 JunBug Bounty Research Triggers ServiceNow Security AlertBug bounty research inadvertently led organizations to believe they were being breached through their ServiceNow instances.DARKREADING.COM
10 JunCybercriminals claim breach of Oracle PeopleSoft servers at 100-plus organizationsThe ShinyHunters hacking gang claims to have compromised the Oracle PeopleSoft servers of more than 100 organizations, including many universities.TECHCRUNCH.COM
10 JunUniversity of Nottingham - 454,635 breached accountsIn June 2026, the University of Nottingham was the target of a cyber attack , later linked to a ShinyHunters "pay or leak" extortion campaign. Tens of gigabytes of data were subsequently published online and included 455k unique email addresses along with extensive personal infor…HAVEIBEENPWNED.COM
9 JunOpenAI’s Lockdown Mode is trying to solve the problem that it createdOpenAI’s move to implement a Lockdown Mode that tries to limit data exfiltration by shutting down external capabilities is being seen as making the best out of a bad situation. But Lockdown Mode doesn’t block exfiltration as much as it slightly reduces it, and the reality of ente…CSOONLINE.COM
9 JunCybersecurity jobs available right now: June 9, 2026Application Security Architect INTENSITY Global Group | Israel | Hybrid – View job details As an Application Security Architect, you will design secure application architectures, perform threat modeling and security assessments, define security standards and contr…HELPNETSECURITY.COM
9 JunHades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential StealerThe Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (PyPI) registry, as the Mini Shai-Hulud-style attacks continue to be refined and splintered to target spe…THEHACKERNEWS.COM
9 JunFrench govt messaging service breached in account hijacking attackDINUM, the digital affairs directorate of the French government, warned that hackers used a hijacked user account to breach Tchap, the French government's encrypted messaging platform. [...]BLEEPINGCOMPUTER.COM
9 JunElastic brings AI-driven incident investigation to Kubernetes and observability toolsElastic has introduced an agentic Kubernetes investigation workflow and MCP-based observability skills that diagnose incidents the moment an alert fires. By the time an SRE opens the alert, the root cause has already been identified, evidence has been assembled, and recommended n…HELPNETSECURITY.COM
9 JunAnthropic Offers Mythos Upgrade for Cyber Partners and a ‘Safe’ Version for the Rest of YouAnthropic is releasing Claude Mythos 5 to trusted organizations and Claude Fable 5 to the public, a version it says can’t be used for cyberattacks.WIRED.COM
9 JunMiasma Supply Chain Worm Burrows Into 73 Microsoft RepositoriesThe attacks stemmed from a GitHub account that was also compromised in a previous Miasmi attack on Microsoft last month.DARKREADING.COM
8 JunClaude Outage Data Leak, Microsoft GitHub Worm, IBM Hack, M Instagram Takeovers, Canada's Bill C-8TClaude Outage Data Leak Fears, Microsoft GitHub Worm, IBM Hack Allegations, Meta AI Instagram Takeovers, and Canada's Bill C-8 David Shipley reports that Anthropic's Claude suffered a roughly two-hour outage affecting models including Opus, during which a user alleged receiving …CYBERSECURITYTODAY.LIBSYN.COM
8 JunCybercriminals create 19,000 FIFA-themed domains ahead of 2026 World CupFans looking for tickets, accommodation and match broadcasts are already encountering scams tied to the 2026 FIFA World Cup. The 2026 FIFA World Cup will bring millions of visitors and an estimated 6 billion spectators to a tournament spread across 16 host cities in the United St…HELPNETSECURITY.COM
8 JunOver 20,000 Instagram accounts stolen in Meta AI support hackMeta has revealed that over 20,000 Instagram users had their accounts hijacked in a recent incident where attackers used Meta's AI-powered support system to reset passwords. [...]BLEEPINGCOMPUTER.COM
8 JunWhen attacks spread too far: Lessons from real cyber attack case studiesIn this Help Net Security video, Michael Adjei, Director, Systems Engineering at Illumio, explains three real world cyber attacks and what went wrong during detection. Adjei walks through a collaboration tool scam that copied Microsoft Teams, an identity phishing case used for pa…HELPNETSECURITY.COM
8 JunMeta Says 20,000 Instagram Accounts Hacked via AI Tool AbuseThe social media giant has informed authorities about the impact of the recent attack involving an account recovery support tool. The post Meta Says 20,000 Instagram Accounts Hacked via AI Tool Abuse appeared first on SecurityWeek .SECURITYWEEK.COM
8 JunSilent Ransom Group Uses DNS Fast Flux in AttacksFocusing on hacking law firms in the US, the ransomware group relies on fast flux to hide its C&C infrastructure. The post Silent Ransom Group Uses DNS Fast Flux in Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
8 Jun174,000 Impacted by Lansing Community College Data BreachHackers accessed personal information stored on certain Lansing Community College systems in February 2025. The post 174,000 Impacted by Lansing Community College Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
8 JunNew Shai-Hulud attack trojanizes 19 science-focused PyPI packagesHackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud supply-chain attack that delivered malware designed to steal developer secrets. [...]BLEEPINGCOMPUTER.COM
8 JunSoFi confirms third-party data breach at Hong Kong subsidiarySoFi Hong Kong is warning that it suffered a data breach after hackers gained access to a database at a third-party vendor containing customer information. [...]BLEEPINGCOMPUTER.COM
8 JunNew Apple feature automatically changes your compromised passwordsAt WWDC 26, Apple announced an Apple Intelligence-powered feature that can automatically fix weak and compromised passwords. This works in Safari, and it's rolling out with iOS 27. [...]BLEEPINGCOMPUTER.COM
6 JunNew ChatGPT Lockdown Mode Limits Tools That Could Enable Data ExfiltrationOpenAI has begun rolling out a new Lockdown Mode to ChatGPT for eligible personal accounts to reduce the risk of data exfiltration arising from prompt injection attacks. The feature is primarily designed for people and organizations that handle sensitive data and require stricter…THEHACKERNEWS.COM
5 JunPCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay NetworkThe threat actor known as PCPJack has hijacked cloud servers associated with Amazon Web Services (AWS), Google Cloud, and Microsoft Azure to create a covert SMTP email relay network. "Compromised business servers across the U.S., Europe, and Asia were quietly converted into SMTP …THEHACKERNEWS.COM
5 JunBCD Travel - 396,313 breached accountsIn May 2026, the corporate travel management company BCD Travel was claimed as a victim of the ShinyHunters "pay or leak" extortion campaign . Data allegedly obtained from BCD was subsequently published publicly in early June and contained 396k unique email addresses. Other expos…HAVEIBEENPWNED.COM
5 JunNightclub Giant RCI Says Data Breach Affects 40,000 IndividualsThe company detected a network intrusion in March and an investigation showed that some files were stolen during the attack. The post Nightclub Giant RCI Says Data Breach Affects 40,000 Individuals appeared first on SecurityWeek .SECURITYWEEK.COM
5 JunAI is helping low-skill hackers pull off advanced cyberattacksAnthropic has published an analysis of cyber-related misuse of its AI systems, examining 832 accounts that were banned for malicious cyber activity between March 2025 and March 2026. The company mapped the observed behavior to the MITRE ATT&CK framework, which documents tact…HELPNETSECURITY.COM
5 JunNSA said to be readying Anthropic’s Mythos for use in cyber operationsThe U.S. eavesdropping agency is reportedly preparing Anthropic's Mythos for use in cyberattacks, despite a federal ban on using the AI model maker.TECHCRUNCH.COM
5 JunGoogle and FBI warn of ransomware group that sends fake IT workers to hack victims in personCybercriminals, part of a gang known as Silent Ransom Group, have sent people pretending to be IT support employees to law firms' offices, where the criminals have stolen data using USB drives or remote access tools.TECHCRUNCH.COM
5 JunMicrosoft identifies seven new ways AI agents can be hackedMicrosoft has identified seven new failure modes in agentic AI systems, in addition to those it identified last year in its first Taxonomy of Failure Modes in Agentic AI Systems . Four things contributed to the growing list of ways agentic AI can go wrong : the speed at which the…CSOONLINE.COM
5 JunChinese APT deploys new malware to keep access to hacked networksA Chinese espionage group tracked as UNC5221 has been accessing Microsoft 365 environments using the Brickstorm backdoor and previously undocumented malware named Plenet and AgentPSD. [...]BLEEPINGCOMPUTER.COM
5 JunFormer cyber executive turned whistleblower accuses IBM of covering up several data breachesIBM and two of its subsidiary companies were allegedly breached during the mid-2010s, which a lawsuit filed by a former cybersecurity executive accuses IBM of not disclosing and actively covering up.TECHCRUNCH.COM
5 JunExposed Fuel Tank Gauges Under Attack in the USThreat actors are taking advantage of Internet-exposed tank gauges by breaching gas stations, opening the door to disruption.DARKREADING.COM
4 JunDentaQuest data breach exposed sensitive info of 2.6 million peopleDentaQuest says it is investigating a cybersecurity incident involving unauthorized access to part of its network, following the ShinyHunters extortion group's public leak of data allegedly stolen from the company. The breach has since been added to Have I Been Pwned (HIBP), whic…CYBERINSIDER.COM
4 JunUN food agency investigates breach exposing data of Gaza aid recipientsIn a message sent to aid recipients via Telegram over the weekend, the World Food Programme (WFP) said that "unauthorized parties" had accessed data stored in its self-registration application in Gaza.THERECORD.MEDIA
4 JunSecurity Tools Don’t Reduce RiskThe Peltzman effect describes how people often feel safer once protections are in place, even when the underlying risk has not meaningfully changed. In cybersecurity, organizations may assume firewalls, MSSPs, or security tools automatically make incidents less likely. That assum…YOUTUBE.COM
4 JunHola Browser supply chain breach delivered crypto-miner to usersA supply chain compromise resulted in a crypto-mining executable being distributed alongside certain installations of Hola Browser for Windows. The unexpected component, named me.exe, was discovered by Sophos X-Ops during a software certification test and was not part of the brow…CYBERINSIDER.COM
4 JunUN food agency discloses breach affecting 600,000 Gaza householdsThe United Nations' World Food Programme (WFP), the world's largest humanitarian organization, revealed over the weekend that its self-registration application (SRA) for Palestine was breached. [...]BLEEPINGCOMPUTER.COM
4 JunAgentic AI Is Transforming Defense, But Only Secure IT Infrastructure Will Maximize ItOver the past several weeks, the cybersecurity community has been reminded how quickly frontier and agentic AI in defense networks can challenge our assumptions. When Anthropic's Claude Mythos model was made available to a limited set of organizations as a technical preview, it w…THEHACKERNEWS.COM
4 JunRussia seeks to label two anti-Kremlin hacker groups as ‘extremist’The groups have previously claimed responsibility for cyberattacks targeting critical infrastructure and government institutions in Russia and Belarus.THERECORD.MEDIA
4 JunEU fines Temu 200 million Euros for breaching the DSA.Trump signs new EO focused on AI.THECYBERWIRE.COM
4 JunCredit card theft campaign abuses Stripe to host stolen payment infoA new Magecart campaign is using Stripe's API infrastructure to host the credit card-stealing payload and the data exfiltrated from checkout pages. [...]BLEEPINGCOMPUTER.COM
4 JunVerdantBamboo: Just Another BRICKSTORM in the FirewallIn September 2025, Volexity conducted an incident response engagement that began after suspicious network traffic was observed from a Linux-based virtual machine appliance on a customer’s network. The virtual machine […] The post VerdantBamboo: Just Another BRICKSTORM in th…VOLEXITY.COM
4 JunHola Browser for Windows compromised to deliver cryptominerThe Windows version of the Hola Browser has been compromised in a supply chain attack that delivered an undeclared executable identified by researchers as a cryptocurrency miner. [...]BLEEPINGCOMPUTER.COM
3 JunWelcoming the Philippine Government to Have I Been PwnedPresently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite Today, we welcome the 46th government onboarded to Have I Been Pwned’s free gov service: the Philippines. The Philippines’…TROYHUNT.COM
3 JunA small Slovenian team handles 6,000 cyber incidents a yearOnline fraud complaints, ransomware cases, and phishing tips reach Slovenia’s national cyber response center in steady volume, and a team of around a dozen analysts sorts through them. Gorazd Božič, who manages SI-CERT at the public agency ARNES, described that work in an i…HELPNETSECURITY.COM
3 JunPreinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaignA large-scale npm supply chain attack compromised over 90 versions of @redhat-cloud-services packages, silently infecting CI/CD environments and developer systems. The malicious code steals credentials from GitHub, cloud platforms, and local machines, then spreads like a worm by …MICROSOFT.COM
3 JunSecurity of 100 AI Agents Tested and Ranked – What You Need to KnowThe AI Risk Quadrant evaluates AI agents based on three factors: how vulnerable they are to compromise, the potential impact of a breach, and the strength of their security defenses. The post Security of 100 AI Agents Tested and Ranked – What You Need to Know appeared first on Se…SECURITYWEEK.COM
3 JunHackers Target Global Stock Exchange in Espionage OperationThe attackers had access to a senior executive’s email account for 150 days and exfiltrated data for months. The post Hackers Target Global Stock Exchange in Espionage Operation appeared first on SecurityWeek .SECURITYWEEK.COM
3 JunIMA Diligence Services Data Breach Impacts 525,000 PeopleThe affected individuals’ personal information was stolen from a legacy server managed by a third party. The post IMA Diligence Services Data Breach Impacts 525,000 People appeared first on SecurityWeek .SECURITYWEEK.COM
3 JunThe worst hacks and breaches of 2026 (so far)From a massive DOGE data breach and the hacking of critical energy and water systems to the hack of an FBI surveillance system, here are the most damaging security incidents and data breaches of 2026.TECHCRUNCH.COM
3 JunUltrahuman says hackers accessed customers’ wellness data via internal toolThe breach at wearable ring maker Ultrahuman stemmed from credentials stolen from a malware-infected employee laptop.TECHCRUNCH.COM
3 JunTopic BridgeCASI leaderboard shifts, and two incidents where AI was handed the keys.F5.COM
3 JunChinese hackers use new Atlas RAT malware in European cyberattacksA Chinese-speaking cybercrime group has expanded its targeting to the European space, deploying previously undocumented malware and the Atlas backdoor. [...]BLEEPINGCOMPUTER.COM
3 JunU.S. sanctions Nobitex crypto exchange used by Iranian ransomware actorsThe U.S. Treasury's Office of Foreign Assets Control (OFAC) has announced sanctions against Nobitex, Iran's largest cryptocurrency exchange, for facilitating payments related to terrorist activities. [...]BLEEPINGCOMPUTER.COM
2 JunThe Intersection of Encryption and AIAs part of their 20th Anniversary celebration, Dark Reading asked five cybersecurity industry leaders who wrote blogs or columns for them over the years to select their favorite piece and share their reflections on the topic today. This is my section. Renowned technologist and au…SCHNEIER.COM
2 JunBeyond Assume-Breach: How AI-Native Security Will Reshape Enterprise DefenseTwenty years after Dark Reading launched, we're looking ahead at what's next for enterprise security. Spoiler: It's hyper-segmented, AI-orchestrated, and way more sophisticated than your dad's firewall.DARKREADING.COM
2 JunRed Hat removes tainted packages after software pipeline compromiseAccording to the company’s preliminary analysis, a compromised GitHub account was used to push the malicious code out to customers, hitting 32 packages downloaded roughly 117,000 times a week.THERECORD.MEDIA
2 Jun64,000 accounts exposed in breach of GTA V cheat service Atlas MenuAtlas Menu, a cheat service for Grand Theft Auto V and Counter-Strike 2, has been added to the Have I Been Pwned database following a data breach that exposed tens of thousands of user records. The incident exposed approximately 64,000 accounts, including email addresses, usernam…HELPNETSECURITY.COM
2 JunRussia claims foreign spy agencies hacked officials' phonesIn a statement, Russia's Federal Security Service (FSB) said it had uncovered what it described as a "large-scale operation" involving malicious software installed on the mobile devices of senior Russian officials.THERECORD.MEDIA
2 JunAI-built ransomware toolkit automates EDR evasion, AD discoveryA threat actor is using an AI-built attack toolkit that automates Active Directory discovery and helps evade endpoint detection and response (EDR) solutions. [...]BLEEPINGCOMPUTER.COM
2 JunChina Uses Dual-Method Cyberattack on Czech OrgsChina is stealing data from high-value targets via a sneaky, double-layer spear-phishing campaign that includes the Azureveil malware.DARKREADING.COM
2 JunOne Account, Total BreachA single account can serve as an entry point into interconnected systems. With technologies like single sign-on and widespread SaaS adoption, one compromised credential may provide access to multiple services and environments. The impact of identity compromise is no longer isolat…YOUTUBE.COM
1 JunWeekly Update 506Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite I'm finding it quite fascinating to watch the current spate of ShinyHunters breaches and dumps. There's the obvious criminali…TROYHUNT.COM
1 JunEdmunds - 177,860 breached accountsIn January 2026, the automotive research and car-shopping platform Edmunds was listed by the ShinyHunters hacking group as having been breached . Data purportedly obtained in the incident was later published publicly and included 178k unique email addresses, usernames, passwords,…HAVEIBEENPWNED.COM
1 JunMicrosoft confirms outage affecting MFA, My Sign-Ins platformMicrosoft is working to address an ongoing incident preventing customers from setting up multi-factor authentication (MFA) or accessing the My Sign-Ins platform. [...]BLEEPINGCOMPUTER.COM
1 JunInfosecurity Europe: Tabletop Exercise to Test How CISOs Respond to Major Supermarket Cyber-AttackSemperis is set to bring ‘Enter the War Room: A Tabletop Experience’ to Infosecurity Europe to help cybersecurity leaders prepare to face real incidentsINFOSECURITY-MAGAZINE.COM
1 JunWebinar tomorrow: From alert to resolution in network incident responseNetwork incidents are often detected quickly, but investigations and coordination can delay resolution. Join our webinar tomorrow to learn how automation and AI-assisted workflows can help IT teams accelerate incident response. [...]BLEEPINGCOMPUTER.COM
1 JunMicrosoft fixes outage affecting MFA setup, MySignIn serviceMicrosoft is working to address an ongoing incident preventing customers from setting up multi-factor authentication (MFA) or accessing the My Sign-Ins platform. [...]BLEEPINGCOMPUTER.COM
1 Jun1st June – Threat Intelligence ReportFor the latest discoveries in cyber research for the week of 1st June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Carnival Corporation, a global cruise line operator, has confirmed a data breach affecting nearly 6 million people after attackers use…RESEARCH.CHECKPOINT.COM
1 JunMicrosoft investigates Office Apps, Teams file access issuesMicrosoft says an ongoing incident is preventing users of its Teams collaboration platform and Office for the web cloud-based productivity suite from opening files. [...]BLEEPINGCOMPUTER.COM
1 JunGrand Theft Auto V cheat service gets hacked, exposing thousands of gamersHackers stole usernames, hashed passwords, and other data from a service that allowed players to cheat in Grand Theft Auto V.TECHCRUNCH.COM
1 JunMiasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing WormA new Mini Shai-Hulud supply chain attack campaign, codenamed Miasma, has compromised @redhat-cloud-services packages to steal credentials and secrets from developer machines and deliver a self-propagating worm. "This is effectively a Mini Shai-Hulud campaign: it uses the same co…THEHACKERNEWS.COM
1 JunHackers hijacked Instagram accounts by tricking Meta AI support chatbot into granting accessSeveral users on social media reported having their Instagram accounts hacked over the weekend. Meta's own support chatbot was blamed for allowing hackers to hijack accounts.TECHCRUNCH.COM
1 JunTina Peters, convicted in election-security breach, emerges defiant and vows legal fightThe former Colorado election clerk struck an unrepentant pose in her first interview after her prison sentence was commuted by Colorado Governor Jared Polis. The post Tina Peters, convicted in election-security breach, emerges defiant and vows legal fight appeared first on CyberS…CYBERSCOOP.COM
1 JunRed Hat npm packages compromised to steal developer credentialsMore than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-stealing malware, dubbed "Miasma." [...]BLEEPINGCOMPUTER.COM
1 JunHackers hijack thousands of sites for ClickFix and FakeUpdate attacksA threat actor tracked as DriveSurge has been operating large-scale malware distribution campaigns using ClickFix and FakeUpdates techniques on compromised sites. [...]BLEEPINGCOMPUTER.COM
30 MayRussia-aligned crime group Greyvibe extensively uses AI in attacksResearchers have uncovered a previously undocumented Russian group that makes extensive use of large language models (LLMs) in its attacks against private, government, and military organizations in Ukraine. It uses a variety of attack vectors along with custom malware, with the g…CSOONLINE.COM
30 MayCybercrime Crew Claims It Hacked Mike Lindell’s MyPillowPlus: A ransomware group is now stealing data in person, BusPatrol wants to hand its license plate surveillance data to the cops, and more.WIRED.COM
30 MayAtlas Menu - 63,926 breached accountsIn May 2026, the GTA V and CS2 cheat service Atlas Menu suffered a data breach. An attacker claimed to have gained access to all Atlas systems and published the service's database to a public GitHub repository. The incident exposed 64k unique email addresses along with usernames,…HAVEIBEENPWNED.COM
29 MayProduct showcase: TotalAV helps iOS users clean up their digital messTotalAV Mobile Security helps protect devices from malicious websites, SMS scams, unsafe public Wi-Fi networks, and exposed credentials. The app is available for Windows, Android, macOS, and iOS devices. After downloading the app from the App Store, users provide an email address…HELPNETSECURITY.COM
29 MayKimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code TunnelsThe North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been attributed to a fresh set of cyber attacks targeting South Korean military and corporate entities through March and April 2026. "Kimsuky employed a range of tailored social engineering t…THEHACKERNEWS.COM
29 MayHumanix expands detection to identify live violations of security proceduresHumanix has announced a capability to identify live violations of organization-defined procedures governing IT support workflows. Designed to prevent unauthorized access, these procedures typically require help desk and service desk agents to follow identity verification steps be…HELPNETSECURITY.COM
29 MayCharter Communications data breach affects 4.9 million accountsThe ShinyHunters extortion gang stole personal information from 4.9 million accounts after hacking the U.S. telecom giant Charter Communications in early April, according to data breach notification service Have I Been Pwned. [...]BLEEPINGCOMPUTER.COM
29 MayMalicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud SecretsCybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of Brazil's largest cooperative financial systems, to siphon client IDs and PFX certificates. According to Socket, versions 2.0.0 through 2.0.4 of…THEHACKERNEWS.COM
29 MayCalifornia Sues 23andMe, Alleging It Failed to Protect User Data in 2023 BreachAttorney General Rob Bonta filed the lawsuit against Chrome Holding Co., which 23andMe rebranded under after filing for bankruptcy last March. The post California Sues 23andMe, Alleging It Failed to Protect User Data in 2023 Breach appeared first on SecurityWeek .SECURITYWEEK.COM
29 MayNew Russian-Linked GREYVIBE Targets Ukraine with AI-Powered CyberattacksA previously undocumented threat actor dubbed GREYVIBE has been attributed to ongoing and persistent attacks targeting Ukraine and Ukraine-related entities since at least August 2025. GREYVIBE, per WithSecure, is assessed to be a Russian-speaking group operating broadly in the Ru…THEHACKERNEWS.COM
29 MaySilent Ransom Group Uses In-Person IT Impersonation to Breach SystemsThreat actors from the Silent Ransom Group, aka Luna Moth, are escalating attacks by impersonating IT staff in phone calls and even showing up in person to gain direct access to victim systemsINFOSECURITY-MAGAZINE.COM
29 MayCharter Communications Data Breach Could Impact Nearly 5 MillionThe notorious ShinyHunters extortion group leaked over 42 million records allegedly stolen from Charter in April. The post Charter Communications Data Breach Could Impact Nearly 5 Million appeared first on SecurityWeek .SECURITYWEEK.COM
29 MayMokN Raises $15 Million for Phish-Back PlatformMokN's platform deploys realistic decoy access points to lure attackers into revealing compromised credentials, enabling organizations to respond before abuse occurs. The post MokN Raises $15 Million for Phish-Back Platform appeared first on SecurityWeek .SECURITYWEEK.COM
29 MayCalifornia AG sues 23andMe over 2023 breach exposing health dataCalifornia Attorney General Rob Bonta filed a lawsuit against 23andMe, now Chrome Holding Co., over the company's failure to protect sensitive customer genetic and personal information. [...]BLEEPINGCOMPUTER.COM
28 MayThe CISO selling confidence in a market full of breach headlinesEngineering teams across enterprise IT are writing their own software with AI coding assistants, spinning up agents that act on their behalf, and assigning those agents the same access privileges their human creators hold. The shift has pulled the role of the chief information se…HELPNETSECURITY.COM
28 MayNordic CISOs Handle Rising Cyber Threats Remarkably WellArtificial intelligence notwithstanding, the vast majority of CISOs in northern Europe say they're facing no more serious cyberattacks than they did two years ago.DARKREADING.COM
28 MayXM Cyber enhances identity risk visibility with continuous exposure management capabilitiesXM Cyber has announced platform enhancements aimed at helping organizations reduce identity risk, compounded by AI-enabled attackers. According to Gartner, “By 2028, 70% of CISOs will use identity visibility and intelligence capabilities to shrink the IAM attack surface, reducing…HELPNETSECURITY.COM
28 MayPolice arrest suspect in Ajax football club hack that exposed 300,000 fan recordsThe Dutch National Police arrested a man suspected of hacking into the computer systems of AFC Ajax, a football club from Amsterdam. “On the morning of Tuesday, May 26, detectives arrested a 35-year-old man from the municipality of Buren for computer intrusion at the Amsterdam fo…HELPNETSECURITY.COM
28 MayGoogle Unveils AI Threat Defense Platform to Fight AI-Powered CyberattacksNew AI Threat Defense platform combines capabilities from Mandiant, Wiz and Gemini to help customers fight AI with AI. The post Google Unveils AI Threat Defense Platform to Fight AI-Powered Cyberattacks appeared first on SecurityWeek .SECURITYWEEK.COM
28 MayInfosecurity Europe: Cybersecurity Staff Prefer CISOs With Real Attack Response Experience, Study RevealsISC2 survey of cybersecurity professionals suggests that staff want their information security leaders to have experienced reacting to a significant cyber incidentINFOSECURITY-MAGAZINE.COM
28 May2026 World Cup: Discussing The World’s Biggest Game’s Attack SurfaceThe 2026 World Cup presents major cyber risks from ransomware groups, state-aligned actors, and other groups targeting critical infrastructure. Learn more here. The post 2026 World Cup: Discussing The World’s Biggest Game’s Attack Surface appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
28 MayCarnival Cruise confirms data breach affecting nearly 6 million peopleCarnival Corporation, the world's largest cruise line operator, has confirmed a data breach affecting nearly 6 million people claimed by the ShinyHunters extortion gang in April 2026. [...]BLEEPINGCOMPUTER.COM
28 MayCarnival confirms data breach impacting nearly 6 millionCruise giant Carnival has suffered yet another data breach, with ShinyHunters claiming to have stolen personal data affecting nearly 6 million people.MALWAREBYTES.COM
28 MayRomanian gets 5 years in prison for hacking Oregon govt networkA Romanian national was sentenced this week to 56 months in federal prison for breaking into an Oregon state government computer network and fr cyberattacks targeting dozens of other U.S. victims. [...]BLEEPINGCOMPUTER.COM
28 MayWebinar: Why network incidents take too long to resolveMany organizations can detect network issues quickly, but investigations and coordination often slow incident resolution. This webinar explores how automation and AI-assisted workflows can help IT teams reduce delays and improve response times. [...]BLEEPINGCOMPUTER.COM
28 MayMyPillow listed on ransomware gang’s leak site, but denies it has been breachedA notorious ransomware gang claims to have stolen MyPillow's private data, but CEO Mike Lindell calls it a politically motivated "hit job." With the countdown ticking toward a massive dark web leak, who is telling the truth? Read more in my article on the Hot for Security blog.BITDEFENDER.COM
28 MayNew BTMOB Android Malware Enables Full Device TakeoverDelivered via phishing lures, the malware combines financial theft with data exfiltration and remote access. The post New BTMOB Android Malware Enables Full Device Takeover appeared first on SecurityWeek .SECURITYWEEK.COM
28 MayCruise giant Carnival confirms data breach affecting nearly 6 million peopleThe company said the threat actor gained access to a limited portion of its IT environment last month after compromising an employee account. By the end of April, Carnival determined that the attacker had copied personal information from its systems.THERECORD.MEDIA
28 MayCarnival begins notifying 6 million people of a data breachCarnival Corporation has begun notifying roughly six million individuals that their personal information was stolen in the cyberattack claimed by the ShinyHunters extortion group earlier this year. The disclosure follows the public leak of data allegedly containing 8.7 million re…CYBERINSIDER.COM
28 MayCarnival Data Breach Exposed 6 Million PeopleData breach leaves nearly 6 million Carnival customers navigating identity theft risks. The post Carnival Data Breach Exposed 6 Million People appeared first on SecurityWeek .SECURITYWEEK.COM
28 MayCybercriminals sail away with data from 6 million Carnival customersCarnival Corporation, one of the world’s largest cruise operators, confirmed a data breach weeks after the ShinyHunters hacking group claimed it had stolen millions of customer records. Carnival acknowledged a phishing incident involving a single employee account and stated that …HELPNETSECURITY.COM
28 MayThe Gentlemen ransomware: Dissecting a self-propagating Go encryptorMicrosoft Threat Intelligence presents a comprehensive analysis of The Gentlemen, a Go-based ransomware deployed by affiliates of Storm-2697 that combines per-file ephemeral key encryption with an aggressive self-propagation module to deploy itself across an entire network using …MICROSOFT.COM
28 MayRussia-Linked ‘GreyVibe’ Attackers Use AI to Supercharge CyberattacksResearchers warn GreyVibe’s extensive use of ChatGPT, Gemini, and other AI tools offers a glimpse into how future cybercriminal and state-aligned groups will operate. The post Russia-Linked ‘GreyVibe’ Attackers Use AI to Supercharge Cyberattacks appeared first on SecurityWeek .SECURITYWEEK.COM
28 MayCharter - 4,851,517 breached accountsIn May 2026, the telecommunications company Charter Communications (the parent company behind the consumer broadband and cable brand Spectrum) was named by the ShinyHunters group in a "pay or leak" extortion campaign . The group later published the data, which exposed 4.9M unique…HAVEIBEENPWNED.COM
28 MayGreyVibe hackers use ChatGPT, Gemini to power cyberattacksA likely Russian threat cluster tracked as GreyVibe has been targeting Ukrainian entities with AI-generated lures and a rich set of custom malware tools. [...]BLEEPINGCOMPUTER.COM
27 MayLA Metro Cyberattack Linked to Iranian State-Sponsored HackersThe attack was claimed by a hacktivist group, but evidence showed it used infrastructure linked to Iranian government threat actors. The post LA Metro Cyberattack Linked to Iranian State-Sponsored Hackers appeared first on SecurityWeek .SECURITYWEEK.COM
27 May3 SOC Steps that Shut Down Incident Risks EarlyMost organizations still picture cyber defense as a fortress problem: build stronger walls, add more guards, buy another detection engine. But modern incidents rarely crash through the front gate. They drift in disguised as routine activity, hide inside legitimate processes, and …THEHACKERNEWS.COM
27 MayCrowdStrike shuts down the Glassworm botnet.Extortion group sends individuals to infiltrate organizations in person. Lithuania investigates breach of the Centre of Registers. Business news: Zscaler to acquire Symmetry Systems.THECYBERWIRE.COM
27 MayLatin American Cybercriminals Hoover Up Government DataA purported leak exposing 5.8 million records of Uruguayan citizens is the latest incident where cybercriminals targeted government agencies to monetize citizen data.DARKREADING.COM
27 MayThe Small Model CliffCASI Leaderboard, Bias Jailbreak, and Three Coordinated Supply Chain IncidentsF5.COM
27 MayRansomware Actors Show Up In Person to Steal Law Firm DataThe FBI warned that the extortion gang Silent Ransom Group is targeting law firms and socially engineering its way into servers and databases.DARKREADING.COM
26 MayProduct showcase: F-Secure Internet Security blocks phishing sites, fake stores, and SMS scamsF-Secure Internet Security protects against viruses, ransomware, spyware, infected email attachments, and other cyber threats. It focuses on securing devices and online activity through malware protection, scam prevention, safe browsing, and banking safeguards. The platform suppo…HELPNETSECURITY.COM
26 May7-Eleven data breach exposes personal information of 185,000 peopleThe ShinyHunters extortion gang stole the personal information of over 183,000 people after hacking the systems of convenience store chain giant 7-Eleven in April, according to data breach notification service Have I Been Pwned. [...]BLEEPINGCOMPUTER.COM
26 MayWatch on Demand: Threat Detection & Incident Response Summit – All Sessions AvailableRegister to enjoy free access and explore the tools, strategies, and frameworks needed to build a resilient security program for a world where every minute counts. The post Watch on Demand: Threat Detection & Incident Response Summit – All Sessions Available appeared fi…SECURITYWEEK.COM
26 May185,000 Likely Impacted by 7-Eleven Data BreachThe allegedly stolen information leaked by ShinyHunters contains email addresses, names, addresses, and dates of birth. The post 185,000 Likely Impacted by 7-Eleven Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
26 MayPersonal information of 185,000 people exposed after cyberattack on 7-ElevenData belonging to about 185,000 people was exposed following a cyberattack on convenience store chain 7-Eleven that was later claimed by the ShinyHunters extortion gang, according to Have I Been Pwned. The exposed information includes email addresses, names, physical addresses, d…HELPNETSECURITY.COM
26 MayMicrosoft Defender can now automatically isolate hacked endpointsMicrosoft is testing a new Defender for Endpoint capability that will automatically isolate compromised endpoints to thwart attackers' attempts to move laterally across the network. [...]BLEEPINGCOMPUTER.COM
26 MayWebinar: Too many tools are slowing network incident responseIT teams often need to jump between monitoring dashboards, infrastructure tools, ticketing systems, and communication platforms during network incidents. This webinar explores how automation and AI-assisted workflows can help reduce manual coordination and improve incident respon…BLEEPINGCOMPUTER.COM
26 May7-Eleven data breach affects over 185,000 people’s personal dataThe data breach included names, dates-of-birth, postal addresses, and Social Security numbers, according to a state government listing.TECHCRUNCH.COM
26 MayLithuania investigates theft of 600,000 state registry records by foreign actorThe Lithuanian Prosecutor General’s Office said Friday that attackers gained unauthorized access to more than 600,000 records managed by the Centre of Registers, the state agency responsible for handling property and legal entity records.THERECORD.MEDIA
26 MayIranian hackers blamed for breach of Los Angeles transit system that took weeks to recoverAn Israeli cybersecurity firm said Iran’s government is behind Ababil of Minab, a fake hacktivist persona that has claimed a series of data breaches after the start of the war in Iran.TECHCRUNCH.COM
26 MayIranian government, not hacktivist group, breached LA Metro system, security firm saysA report by Israel-based Gambit Security dismisses the hackers’ claims of being patriotic but unaffiliated activists.CYBERSECURITYDIVE.COM
26 MayCharter confirms data breach after ShinyHunters extortion threatU.S. telecommunications giant Charter Communications has confirmed it suffered a data breach after the ShinyHunters extortion group threatened to leak stolen data unless a ransom is paid. [...]BLEEPINGCOMPUTER.COM
25 MayLessons for organizations from the Verizon 2026 Data Breach Investigations ReportThis is my favourite time of the year, not just because spring is here and the promise of summer is on the way. But also, because one of my must reads each year gets published. There are a few must read reports that I have on my reading list for each year and the Verizon Data Bre…HELPNETSECURITY.COM
25 MayDocketWise Data Breach Impacts 143,000Hackers accessed names, addresses, Social Security numbers, financial information, and medical data from third-party partner repositories. The post DocketWise Data Breach Impacts 143,000 appeared first on SecurityWeek .SECURITYWEEK.COM
25 MayLaravel-Lang Packages Poisoned for Malware DeliveryPublished within a 15-minute window, the malicious tags introduced backdoors to exfiltrate CI secrets. The post Laravel-Lang Packages Poisoned for Malware Delivery appeared first on SecurityWeek .SECURITYWEEK.COM
25 May266,000 Affected by Data Breach at Radiology Associates of RichmondThreat actors stole files containing names and protected health information from the healthcare organization’s systems. The post 266,000 Affected by Data Breach at Radiology Associates of Richmond appeared first on SecurityWeek .SECURITYWEEK.COM
25 MayOncology Institute Discloses Data BreachThe affected third-party vendor has not been named, but one possible candidate is TriZetto. The post Oncology Institute Discloses Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
25 MayNetherlands Seizes 800 Servers, Arrests 2 for Aiding CyberattacksAuthorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by Russia to carry out cyberattacks, influence operations and disinformation campaigns inside the European Union. The two men were the focus o…KREBSONSECURITY.COM
25 MayWelcoming the Bhutanese Government to Have I Been PwnedPresently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite Today, we welcome the 45th government onboarded to Have I Been Pwned’s free gov service: Bhutan. The Bhutan Computer Incident Re…TROYHUNT.COM
24 MayWeekly Update 505Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite Well, that didn't last long! Recording this on Saturday morning my time, I observed ShinyHunters having gone quiet since the massi…TROYHUNT.COM
24 May7-Eleven - 185,256 breached accountsIn April 2026, 7-Eleven was the victim of a "pay or leak" extortion campaign by ShinyHunters , with the data later published that month. The incident exposed 185k unique email addresses, along with names, physical addresses, dates of birth and phone numbers. A small number of rec…HAVEIBEENPWNED.COM
23 MayLaravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential StealerCybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing framework. The affected packages include - laravel-lang/lang laravel-lang/http-sta…THEHACKERNEWS.COM
23 MayCharter Communications confirms data breach as hackers threaten leak of 42 million recordsCharter Communications has confirmed a cybersecurity incident after the ShinyHunters extortion group claimed it breached the telecommunications giant and stole data belonging to more than 42 million customers. The threat actor added Charter Communications to its leak site this we…CYBERINSIDER.COM
22 MayAuthorities Take Down “First VPN” Service Used in Ransomware AttacksAuthorities in Europe have dismantled a major criminal VPN service known as “First VPN,” which was widely used by ransomware operators and cybercriminal groups to conceal their activities. The coordinated operation, led by French and Dutch authorities with support from Eurojust a…GBHACKERS.COM
22 MayHackers Abuse Hugging Face to Deliver npm MalwareA newly uncovered supply chain attack targeting the npm ecosystem has been linked to North Korean (DPRK)-aligned threat actors. The campaign centers around a malicious npm package named terminal-logger-utils, which embeds a sophisticated multi-stage malware capable of keylogging,…GBHACKERS.COM
22 MayOperation Dragon Whistle Targets Changzhou University with Malicious LNK FilesA recent phishing campaign dubbed “Operation Dragon Whistle” highlights an evolving trend in cyberattacks: threat actors abusing legitimate developer tools and cloud services to maintain stealth and persistence. Although initially linked to targeting academic environments such as…GBHACKERS.COM
22 MayGoogle API Key Issue Allows Deleted Keys to Retain Access to Cloud ServicesGoogle Cloud API keys may continue functioning for up to 23 minutes after deletion, exposing a significant security gap that could allow attackers to retain unauthorized access to cloud services even after credentials are revoked. Google API Deleted Keys to Retain Access Security…GBHACKERS.COM
22 MayCloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payloadThe experienced Cloud Atlas group remains active, continuing to target government sectors and diplomatic entities in Russia and Belarus, employing both new and established techniques to maintain persistence in compromised systems.SECURELIST.COM
22 MayKeepnet contributes voice and SMS phishing data to the 2026 Verizon DBIRKeepnet, an Extended Human Risk Management (xHRM) platform, today announced that its voice and SMS phishing simulation data contributed to the 2026 Verizon Data Breach Investigations Report (DBIR). The 2026 edition is the first to include voice and SMS phishing simulation data at…HELPNETSECURITY.COM
22 MayAI Alone Won’t Stop the Breach: Why Email Security Needs Humans-on-the-Loop2026 has officially become the year of speed, scale and support. The delta between a phishing email landing and a full organizational compromise has shrunk to mere seconds. KNOWBE4.COM
22 MayVerizon DBIR: Healthcare Fends Off Increased Social Engineering AttacksRansomware and vendor breaches persist, but the 2026 Data Breach Investigations Report (DBIR) highlights how evolving social engineering tactics make the sector more vulnerable.DARKREADING.COM
22 MayFast and Furious – Nimbus Manticore Operations During the Iranian ConflictKey Findings Introduction During the recent geopolitical tensions in the Middle East, we reported on multiple Iran-nexus threat actors advancing Iran’s strategic objectives through cyber operations. These activities included targeting internet-connected cameras, co…RESEARCH.CHECKPOINT.COM
22 MayKash Patel’s clothing brand website shut down after reports it was hackedAccording to users on X, the website was hijacked by hackers in an attempt to trick visitors into installing malware.TECHCRUNCH.COM
22 MayMcDonald’s France resets accounts after customer data breachMcDonald’s France has confirmed that attackers accessed customer loyalty account information after a breach affecting partners tied to its McDo+ rewards program. The incident led to widespread fraud in which stolen loyalty points were reportedly used to place unauthorized food or…CYBERINSIDER.COM
22 MayNetherlands seizes 800 servers of hosting firm enabling cyberattacksFinancial crime investigators in the Netherlands (FIOD) arrested two men and seized 800 servers linked to a web hosting company that enabled cyberattacks, interference operations, and disinformation campaigns. [...]BLEEPINGCOMPUTER.COM
22 MayFirst VPN Dismantled in Global Takedown Over Use by 25 Ransomware GroupsAuthorities in Europe and North America have announced the dismantling of a criminal virtual private network (VPN) service used by criminal actors to obscure the origins of ransomware attacks, data theft, scanning, and denial-of-service attacks. The disruption of First VPN Servic…THEHACKERNEWS.COM
21 MayGitHub Internal Repositories Breached via Malicious Nx Console VS Code ExtensionGitHub on Wednesday officially confirmed that the breach of its internal repositories was the result of a compromise of an employee device involving a poisoned version of the Nx Console Microsoft Visual Studio Code (VS Code) extension.  The development comes as the Nx team r…THEHACKERNEWS.COM
21 MayDragonica Lunaris - 126,293 breached accountsIn December 2025, the European Dragonica private server Dragonica Lunaris suffered a data breach. The incident exposed 126k email addresses, usernames, dates of birth and bcrypt password hashes. The service operator confirmed the breach and advised it has since been fixed.HAVEIBEENPWNED.COM
21 MayGrafana Labs Says Code Breach Stemmed from TanStack AttackGrafana Labs has confirmed a recent data breach was caused by the TanStack supply chain attackINFOSECURITY-MAGAZINE.COM
21 MayGitHub, Grafana Labs breaches traced back to TanStack supply chain compromiseGitHub CISO Alexis Wales has named the malicious VS Code extension behind the breach they suffered at the hands of the threat group TeamPCP: Nx Console, a popular developer tool with 2.2 million installs. A malicious version of the otherwise benign extension was used to steal sec…HELPNETSECURITY.COM
21 MayGitHub Breach Traced to Malicious 'Nx Console' VS Code ExtensionA threat actor compromised an Nx developer and posed as a legitimate maintainer to publish a malicious extension on Visual Studio MarketplaceINFOSECURITY-MAGAZINE.COM
21 MayGrafana Labs links GitHub environment breach to TanStack npm supply chain attackThe company behind the widely used observability platform refused an extortion demand and has since taken steps to harden its security.CYBERSECURITYDIVE.COM
21 MayCybercriminal VPN Dismantled in Europol CrackdownFirst VPN, a service used by ransomware actors and fraudsters, was dismantled by EuropolINFOSECURITY-MAGAZINE.COM
21 MayDefenders fall behind, as AI rewrites the rules of a data breachFor almost 20 years, stolen credentials have been the most common route for attackers into organizations, according to the Verizon Data Breach Investigations Report (DBIR). But that's no longer the case. Read more in my article on the Fortra blog.FORTRA.COM
20 MayMicrosoft disrupts malware code-signing service used by ransomware gangsMicrosoft has disrupted the infrastructure powering the largest malware code-signing service used to help ransomware groups and other cybercriminals make malicious programs harder to detect on Windows. The threat actors behind the service used stolen identities and impersonated l…CSOONLINE.COM
20 MayWhat happens when your identity provider becomes the kill chainIn this Help Net Security video, Colin Constable, CTO at Atsign, explains why your identity provider (IdP) has become the kill chain in cyberattacks. Attackers steal session cookies, tokens, or consent grants you’ve already issued and walk in behind you. Constable breaks do…HELPNETSECURITY.COM
20 MayFBI warns students and staff that ShinyHunters may come knocking after Canvas breachHaving receive a ransom payment for its attack on Canvas, ShinyHunters and other extortion gangs are only likely to be further incentivised to launch similar attacks in future. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
20 MayA malicious VS code extension just breached GitHub ‘s internal repositoriesOne employee installed a trojanized VS Code extension. Result: ~3,800 GitHub internal repositories exfiltrated. TeamPCP claims credit, wants $50K. There is something almost ironic about GitHub, the platform that hosts the code for most of the world’s software, getting breac…SECURITYAFFAIRS.COM
20 MayEncryption Consulting launches CertSecure Manager v3.3 with zero-touch certificate renewalsEncryption Consulting has released CertSecure Manager v3.3, which automates zero-touch certificate renewal across all major enterprise server platforms and extends CA support to 11 providers, including Google Public CA and AWS. Certificate-related outages can cost enterprises mil…HELPNETSECURITY.COM
20 MayGitHub Confirms Breach of Internal Repositories Via Malicious VS Code ExtensionThe prolific threat group TeamPCP has claimed a hack into GitHub’s internal repositoriesINFOSECURITY-MAGAZINE.COM
20 MayFox Tempest Linked to Malware-Signing Service Abusing Microsoft Artifact SigningFox Tempest, a financially motivated threat actor, has been linked to a large-scale malware-signing-as-a-service (MSaaS) operation that abused Microsoft’s Artefact Signing platform to enable cybercriminals to distribute malicious software that appeared to be trusted. According to…GBHACKERS.COM
20 MayMicrosoft Takes Down Malware-Signing Service Behind Ransomware AttacksMicrosoft on Tuesday said it disrupted a malware-signing-as-a-service (MSaaS) operation that weaponized the company's Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of machines and networks across the world. The …THEHACKERNEWS.COM
20 MayMicrosoft DurableTask Python Client Targeted in TeamPCP CyberattackThe ongoing TeamPCP software supply chain campaign has compromised the official Microsoft DurableTask Python client, a widely used package for orchestrating workflows in Python applications. Three versions of the durabletask package on PyPI, 1.4.1, 1.4.2, and 1.4.3, were identifi…GBHACKERS.COM
20 MayCustomers say Trump Mobile is leaking their personal informationTrump Mobile is leaking customers’ email and home addresses but has not responded to people alerting the company of the data exposure, according to two YouTubers who said they verified that their leaked data is authentic.TECHCRUNCH.COM
20 MayGitHub says hackers stole data from thousands of internal repositoriesThe code hosting giant GitHub said it was investigating a breach, but said there was no evidence of customer data theft.TECHCRUNCH.COM
20 MayGitHub discloses breach of 3,800 internal code repositories.Microsoft disrupts malware signing service. Business news: Akamai to acquire LayerX for $205 million.THECYBERWIRE.COM
20 May7-Eleven confirms breach after ShinyHunters claimsThe breach notification letters say 7-Eleven discovered the breach on April 8 and, after an investigation, determined that the cybercriminals gained access to “certain 7-Eleven systems used to store franchisee documents.”THERECORD.MEDIA
20 MayGitHub says internal repositories were impacted in poisoned VS Code extension attackGitHub said late Tuesday that internal repositories were exfiltrated after an employee device was compromised through a poisoned Visual Studio Code extension, an incident that underscores the growing risks facing software development platforms and the ecosystems built around thir…CYBERSCOOP.COM
20 May7-Eleven hit by data breachThe retailer confirmed that an unauthorized third party gained access to certain systems used to store franchisee documents earlier this spring.CYBERSECURITYDIVE.COM
20 MayMicrosoft disrupts cybercrime operation that hid behind legitimate softwareThe Fox Tempest malware-signing-as-a-service operation was linked to numerous ransomware attacks.CYBERSECURITYDIVE.COM
20 MayMeet Rampart and Clarity, Microsoft’s new red team combo AI agentsMicrosoft’s AI red team lead talked to CyberScoop about the goals behind open sourcing a pair of security tools meant for developers and incident responders. The post Meet Rampart and Clarity, Microsoft’s new red team combo AI agents appeared first on CyberScoop .CYBERSCOOP.COM
20 MayProcesses and Culture Top Reasons Behind Data BreachesGovernment leaders revealed that, in spite of state laws meant to improve cyber hygiene, an analysis of incidents showed issues persist and visibility falls short.DARKREADING.COM
20 MayInvestigating unauthorized access to GitHub’s internal repositoriesIf any impact is discovered, customers will be notified via established incident response and notification channels. The post Investigating unauthorized access to GitHub’s internal repositories appeared first on The GitHub Blog .GITHUB.BLOG
20 MayMini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theftCompromised @antv npm packages deploy the Mini Shai-Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and targets credentials across GitHub, AWS, Kubernetes, Vault, npm, and 1Password platforms. The post Mini Sh…MICROSOFT.COM
19 MayMini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer AccountCybersecurity researchers have discovered a fresh software supply chain attack campaign that has compromised various npm packages associated with the @antv ecosystem as part of the ongoing Mini Shai-Hulud attack wave. "The attack affects packages tied to the npm maintainer accoun…THEHACKERNEWS.COM
19 MayCompromised Nx Console VS Code Extension Steals Developer and Cloud SecretsNx Console’s popular VS Code extension was briefly weaponized into a credential-stealing tool that can leak developer and cloud secrets and plant a persistent backdoor. Anyone who installed v18.95.0 should treat their environment as fully compromised. On May 18, 2026, a malicious…GBHACKERS.COM
19 MayMini Shai-Hulud Attack Hits @antv npm PackagesA large-scale npm supply chain attack has compromised multiple widely used packages within the @antv ecosystem, to investigate what appears to be an active and rapidly evolving campaign linked to the Mini Shai-Hulud malware family. The attack centers on the compromise of the npm …GBHACKERS.COM
19 MayCompromised Nx Console 18.95.0 Targeted VS Code Developers with Credential StealerCybersecurity researchers have flagged a compromised version of the Nx Console extension that was published to the Microsoft Visual Studio Code (VS Code) Marketplace. The extension in question is rwl.angular-console (version 18.95.0), a popular user interface and plugin for code …THEHACKERNEWS.COM
19 MayGentlemen Ransomware Targets Windows, Linux, NAS, BSD, and ESXi SystemsThe Gentlemen ransomware operation has rapidly emerged as one of the most active and scalable cybercrime threats since its public appearance in the second half of 2025. The Gentlemen stands out for its ability to target a wide range of enterprise systems, including Windows, Linux…GBHACKERS.COM
19 MayPoland shifts away from Signal following cyberattacks on officials’ accountsPoland told officials to stop using the popular instant messaging app Signal after cyberattacks targeted government accounts. Poland has instructed government officials to stop using Signal for sensitive communications and move to a state-developed alternative. The decision follo…SECURITYAFFAIRS.COM
19 MayShinyHunters Takes Responsibility for Attack on Learning Management PlatformA cyberattack linked to the notorious threat group ShinyHunters has disrupted a widely used Learning Management System (LMS), impacting educational institutions and students across the United States. According to a Public Service Announcement (PSA) issued by the FBI on May 15, 20…GBHACKERS.COM
19 MayThe New Phishing Click: How OAuth Consent Bypasses MFAIn February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries.  The targets of the platform received a message asking them to enter a short code at…THEHACKERNEWS.COM
19 MayLooking Back, Looking Forward: Digesting a Dynamic Bouillabaisse of Cyber EvolutionDark Reading editors reflect on two decades of dramatic change — from perimeter defense to assume-breach strategies — and warn that while AI, cloud, and COVID-19 have transformed the threat landscape, organizations are still failing at fundamental security hygiene that could stop…DARKREADING.COM
19 MaySelector extends AI-driven observability into multi-cloud environmentsSelector has announced the expansion of its platform with AI-powered multi-cloud observability capabilities. The extension of Selector’s AI-driven observability approach into multi-cloud environments enables organizations to correlate signals across the full hybrid path. By…HELPNETSECURITY.COM
19 MayWhen AI Starts Acting MaliciousKeith Hoodlet defines AI misalignment through observable security behavior: agents taking actions that resemble malicious hacking activity even when they were not instructed to perform offensive tasks. In this example, the AI was given benign objectives but reacted to surrounding…YOUTUBE.COM
19 MayMicrosoft Takes Down Fox Tempest for Providing Ransomware-Enabling Signing ToolMicrosoft’s Digital Crimes Unit has taken down the infrastructure of Fox Tempest, a prolific cybercrime-enabling threat groupINFOSECURITY-MAGAZINE.COM
19 MayMicrosoft disrupts cybercrime service that abused software verification systems en masseFox Tempest, a financially-motivated threat group, allowed ransomware operators and other cybercriminals to slip malware-laced software past security controls. The post Microsoft disrupts cybercrime service that abused software verification systems en masse appeared first on Cybe…CYBERSCOOP.COM
19 MayBiometrics, diagnoses, and bank details exposed in major healthcare breachNYC Health + Hospitals says attackers accessed its systems for months through a third-party vendor compromise, affecting at least 1.8 million people.MALWAREBYTES.COM
19 MayMicrosoft disrupts Fox Tempest malware-signing-as-a-service platform tied to ransomware gangsThe company unsealed a legal case in U.S. District Court on Tuesday detailing the disruption of Fox Tempest — a popular service that has operated since May 2025 and provides cybercriminals with code signing tools.THERECORD.MEDIA
19 MayCIRT insights: How to help prevent unauthorized account removals from AWS OrganizationsThe AWS Customer Incident Response Team works with customers to help them recover from active security incidents. As part of this work, the team often uncovers new or trending tactics used by various threat actors that take advantage of specific customer configurations and design…AWS.AMAZON.COM
19 MayExposing Fox Tempest: A malware-signing service operationFox Tempest is a financially motivated threat actor operating a malware‑signing‑as‑a‑service (MSaaS) used by other cybercriminals, including Vanilla Tempest and Storm groups, to more effectively distribute malicious code, including ransomware. The post Exposing Fox Tempest: A mal…MICROSOFT.COM
18 MayWeekly Update 504Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite It's a hot topic, the old "pay or don't pay" for hackers not to leak your data. Since recording this a few days ago…TROYHUNT.COM
18 MayGrafana Labs Confirms Security Incident Involving GitHub Codebase AccessGrafana Labs has confirmed a security incident involving unauthorized access to its internal GitHub environment, after a threat actor obtained a compromised access token and downloaded portions of the company’s codebase. The disclosure, made via an official statement on May 17, 2…GBHACKERS.COM
18 MayHackers Abuse Cloudflare Storage to Exfiltrate Network FilesA sophisticated cyber espionage campaign targeting multiple Malaysian organizations has been uncovered, revealing a highly structured attack chain that blends custom tooling, cloud infrastructure, and stealthy data exfiltration. At the center of the operation is an Azure virtual …GBHACKERS.COM
18 MayPaper Werewolf APT Spreads EchoGather RAT via Fake Adobe InstallerA sophisticated Russian-language threat cluster known as Paper Werewolf (also tracked as GOFFEE) has launched a fresh wave of targeted cyberattacks against Russian industrial, financial, and transport organizations between March and April 2026. The attack begins with a …GBHACKERS.COM
18 MayThe Canvas breach proved that prevention is no longer enoughCybercriminals brought down the most widely used learning platform in North America. The Canvas breach is a blueprint for how SaaS attacks now work — and a warning about how unprepared most organizations still are. The post The Canvas breach proved that prevention is no longer en…CYBERSCOOP.COM
18 MayNYC Health and Hospitals says hackers stole medical data and fingerprints during breach affecting at least 1.8 million peopleThe New York public healthcare system said hackers stole personal and medical data, and scans of biometrics — including fingerprints — in one of the largest recorded breaches of 2026.TECHCRUNCH.COM
18 MayFuel Tank Breaches Expand Scope of Iran's Cyber OffensiveSecurity experts have long warned that insecure automatic tank gauge (ATG) systems exposed on the Internet can be tampered with by threat actors.DARKREADING.COM
18 MayGrafana refuses to pay ransom after codebase theftOn Saturday night, the company released a statement confirming the incident and outlining their decision not to pay a ransom issued by the hackers behind the attack.THERECORD.MEDIA
18 MayMore than 200 arrested in cyber raids aimed at Middle East scam networksInvestigators found hundreds of compromised devices that were used as part of the cybercriminal operation and notified device owners as part of the raids.THERECORD.MEDIA
18 MayAddi - 34,532,941 breached accountsIn March 2026, the Colombian fintech company Addi identified unauthorised activity on its platform and advised customers that "it is possible that your personal information may have been compromised". The "pay or leak" extortion group ShinyHunters subsequently claimed responsibil…HAVEIBEENPWNED.COM
16 MayCybercriminal Twins Caught After They Forgot to Turn Off Microsoft Teams RecordingPlus: Instructure’s Canvas ransomware debacle comes to a close, an alleged dark net market kingpin gets arrested, OpenAI workers fall victim to a supply chain attack, and more.WIRED.COM
16 MayRussian APT Turla builds long-term access tool with Kazuar Botnet evolutionRussia-linked APT group Turla turned its Kazuar malware into a stealthy P2P botnet for long-term access to compromised systems. Russia-linked APT group Turla upgraded its Kazuar backdoor into a modular peer-to-peer botnet designed for stealth and persistent access to infected sys…SECURITYAFFAIRS.COM
15 MayTaiwan Incident Highlights Cybersecurity Gaps in Rail SystemsA Taiwanese student experimenting with software-defined radio technology shut down three bullet trains for nearly an hour, leading to an anti-terrorism response.DARKREADING.COM
15 MayWindows 11 and NVIDIA hacked on the first day of Pwn2Own Berlin 2026Researchers earned more than half a million dollars on the opening day of Pwn2Own Berlin 2026 after successfully demonstrating 24 previously unknown vulnerabilities across AI platforms, NVIDIA software, Windows 11, Linux systems, and developer tools. The first day of the hacking …CYBERINSIDER.COM
15 MayOpenAI confirms exposure in recent ‘Shai-Hulud’ supply-chain attackOpenAI says a recent software supply-chain attack tied to the “Mini Shai-Hulud” malware campaign impacted two employee devices and exposed limited internal credentials, prompting the company to rotate code-signing certificates for its desktop applications. The company said it fou…CYBERINSIDER.COM
15 MayInside The Gentlemen Ransomware Leak: When the Hunter Becomes the HuntedInside The Gentlemen Ransomware Leak: When the Hunter Becomes the Hunted Ransomware groups spend their days breaking into networks, stealing data, and pressuring victims into paying. They rarely find themselves on the other side of that equation. But in early May 2026, one of the…SOCRADAR.IO
15 MayGunra Ransomware Expands RaaS After Conti Locker ShiftGunra ransomware is rapidly evolving into a more structured and dangerous cybercrime operation after shifting from a Conti-based locker to its own Ransomware-as-a-Service (RaaS) model. First discovered in April 2025, the group initially targeted a small number of victims, but its…GBHACKERS.COM
15 MayAttackers replaced JDownloader installer downloads with malwareThe JDownloader website was compromised and installer download links served malware for several days.MALWAREBYTES.COM
15 MayMore than $10 million stolen from crypto platform THORChainTHORChain officials said the investigation into the incident is ongoing but explained that one of their six vaults was compromised, leading to a loss of about $10.7 million.THERECORD.MEDIA
15 MayYour NPM Package Is Stealing SecretsMalicious versions of the Node IPC NPM package contained heavily obfuscated payloads designed to steal developer and cloud credentials. The malware targeted AWS, Azure, GCP, GitHub, Kubernetes, Terraform, SSH keys, and dozens of other secret categories while disguising outbound t…YOUTUBE.COM
14 MayWelcoming the Bahamian Government to Have I Been PwnedPresently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite Today, we welcome the 44th government onboarded to Have I Been Pwned’s free gov service: The Bahamas. The National Computer Inci…TROYHUNT.COM
14 MayWhen ransomware gets physical: cybercriminals turn to threats of violencePay up, or we'll pay someone to pay you a visit. Cybercrime gangs are increasingly turning to real-world threats - and even hiring local muscle to deliver the message. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
14 MayFamousSparrow targets Azerbaijani energy sector in multi-wave espionage campaignChinese-linked FamousSparrow repeatedly targeted an Azerbaijani oil and gas company, reusing the same entry point in three intrusions from Dec 2025 to Feb 2026. Chinese-linked threat actor FamousSparrow has conducted a sustained intrusion campaign against an Azerbaijani oil and g…SECURITYAFFAIRS.COM
14 MayNitrogen Ransomware claims massive data theft from FoxconnFoxconn confirmed a cyberattack on some North American factories. The Nitrogen ransomware group claims it stole 8TB of data from the firm. Foxconn confirmed that several of its North American factories were affected by a cyberattack. The manufacturer confirmed it was targeted by …SECURITYAFFAIRS.COM
14 MayBreachForums & TeamPCP Promote Supply Chain Competition as Cybercrime Gets GamifiedBreachForums & TeamPCP Promote Supply Chain Competition as Cybercrime Gets Gamified Underground cybercrime communities are increasingly borrowing ideas from legitimate tech ecosystems: branding, public challenges, shared tools, reputation building, and even prize-based compet…SOCRADAR.IO
14 MayMicrosoft Research: AI Can Generate Realistic Command-Line and Process TelemetryA new approach showing how artificial intelligence can generate highly realistic command-line data and process telemetry potentially transforming how security teams build and test threat detection systems. Logs and telemetry form modern cybersecurity risk, powering threat detecti…GBHACKERS.COM
14 MayLATAM Under Siege: Agent Tesla’s 18-Month Credential Theft Campaign Against Chilean EnterprisesCredential theft malware rarely announces itself with ransomware-level noise. Instead, it operates like a silent siphon hidden inside everyday business workflows: invoices, payroll files, purchase orders, procurement requests. Agent Tesla campaigns are especia…ANY.RUN
14 MayFoxconn Attack Highlights Manufacturing's Cyber CrisisA Nitrogen ransomware attack on Foxconn's North American facilities is one of 600 hits on manufacturers this year, as gangs increasingly target the sector for its low tolerance for downtime.DARKREADING.COM
14 MayTop 5 Surface Web Hacker Forums in 2026Top 5 Hacker Forums on the Surface Web Security teams often associate cybercrime forums exclusively with the Dark Web and Tor. However, several of the most active underground communities now operate openly on the surface web, accessible via standard browsers and indexed infrastru…SOCRADAR.IO
14 MaySandworm Hackers Shift From IT Breaches to Critical OT TargetsA new wave of cyber activity linked to the notorious Sandworm group is raising fresh alarms across global critical infrastructure. Security researchers warn that the Russian state-backed threat actor is no longer just infiltrating IT networks it is actively pivoting into operatio…GBHACKERS.COM
14 MayLABScon25 Replay | Breach Alpha: Trading on Cyber FalloutMick Baccio and Scott Roberts examine whether public breach signals and market timing models can turn cyber incidents into actionable trading opportunities.SENTINELONE.COM
14 MayWhen Nobody Reports the ThreatSecurity teams often depend on users or employees to report suspicious behavior, anomalies, or identity-related issues. But humans naturally assume another person will step in first. That creates a dangerous reporting gap. If everyone ignores unusual activity because they expect …YOUTUBE.COM
14 MayMajor tech manufacturer Foxconn confirms cyberattack hit North American factoriesThe ransomware group Nitrogen claimed responsibility for the attack and said it stole 8 terabytes of data spanning more than 11 million files belonging to the company’s top customers. The post Major tech manufacturer Foxconn confirms cyberattack hit North American factories appea…CYBERSCOOP.COM
14 MayWest Pharmaceutical starts restoring operations after ransomware attackThe company confirmed data was stolen and encrypted by the attackers.CYBERSECURITYDIVE.COM
14 MayFighting AI-Assisted Ransomware ThreatsThis Anti-Ransomware Day, it's important to recognize the ever-changing landscape of cyber threats and how organizations can fortify their defenses. The evolution from traditional ransomware to cyber extortion over the last few years reflects a professionalized, decentralized eco…KNOWBE4.COM
13 MayGemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal DataCybersecurity researchers are calling attention to a new campaign dubbed GemStuffer that has targeted the RubyGems repository with more than 150 gems that use the registry as a data exfiltration channel rather than for malware distribution. "The packages do not appear designed fo…THEHACKERNEWS.COM
13 MayRansomware Gangs Use BYOVD and EDR Killers to Disable Security ToolsRansomware is evolving faster than many defenses can keep up. In 2026, attackers are no longer just encrypting files they are systematically dismantling security tools, stealing sensitive data, and even preparing for a post-quantum future. Despite a slight global decline in ranso…GBHACKERS.COM
13 MayInfostealer Malware Fuels Corporate Breaches From Personal DevicesInfostealer malware is no longer just a consumer nuisance it has become a direct bridge between personal device infections and full-scale enterprise breaches. Once these credentials are harvested and posted on dark web forums, attackers gain immediate footholds into corporate env…GBHACKERS.COM
13 MayQ1 2026 Ransomware Attacks Hits 2,122 Orgs Amid Fewer, More Impactful GroupsRansomware activity remained elevated in Q1 2026, continuing the trend established over the past year. The latest State of Ransomware Q1 2026 report reveals that 2,122 organizations were listed on ransomware data leak sites (DLS), marking the second-highest Q1 total on record. Wh…GBHACKERS.COM
13 MayCanada Life - 237,810 breached accountsIn April 2026, Canada Life was the victim of a "pay or leak" extortion campaign by the ShinyHunters group . The group subsequently published the data which contained over 200k unique email addresses along with names, phone numbers, physical addresses and, in some cases, customer …HAVEIBEENPWNED.COM
13 MayOptimize Legal Operations as the CISO Role Changes to Address Skills Gaps and AI - BSW #447Legal departments are under continual pressure to solve problems effectively and integrate innovative technology all while reducing costs and complexity. Enter cybersecurity, a complex and potentially costly risk. How should legal departments prepare? Walter Wilkens, Head of Deli…YOUTUBE.COM
13 MayNew SOC-Ready Reporting for Faster Triage, Escalation, and Incident Response with ANY.RUNSuccessful SOC operations require more than accurate detections. Instant access to context, clear conclusions, and operationally relevant insights allow incidents to move across workflows without delays:  Making ANY.RUN’…ANY.RUN
13 MayInstructure settles with hackers following massive student data theftEducational tech firm Instructure reached a deal with hackers after a major Canvas breach exposed data stolen from schools and universities. Educational tech firm Instructure says it reached an agreement with the cybercrime group behind a major Canvas data theft, after attackers …SECURITYAFFAIRS.COM
13 MayRansomware: Over Half of CISOs Would Consider Paying Ransom to HackersSurvey of cybersecurity leaders suggests that majority would strongly consider paying cybercriminals, if that’s what it took to help restore encrypted systemsINFOSECURITY-MAGAZINE.COM
13 MayCanvas owner reaches ‘agreement’ with threat actors after data breachCybersecurity experts suggest that Instructure appears to have made a ransomware payment, which the FBI highly discourages.CYBERSECURITYDIVE.COM
13 MayThus Spoke…The GentlemenKey Points Introduction The Gentlemen ransomware‑as‑a‑service (RaaS) operation is a relatively new group that emerged around mid‑2025. Its operators advertise the service across multiple underground forums, promoting their ransomware platform and inviting penetration testers and …RESEARCH.CHECKPOINT.COM
13 MayTuskira’s Kairo exposes hidden AI-driven breach pathsTuskira has announced the launch of Kairo, a breach modeling capability that detects deep, hidden breach paths by leveraging its security data mesh and digital twin technology. Kairo helps security teams improve breach resilience by modeling how attackers can leverage new AI mode…HELPNETSECURITY.COM
13 MayUS lawmakers demand answers from Instructure after Canvas data breachesU.S. House lawmakers want to know how hackers broke into education tech giant Instructure twice, and stole reams of data from students who use the company's flagship student data software Canvas.TECHCRUNCH.COM
13 MayThe Real Work Starts After BreachAfter a cyberattack, the first priority is containment and forensic analysis. But according to Walter Wilkens, another major phase begins immediately after: data mining the breached environment to determine what sensitive information was exposed. That includes identifying PII (pe…YOUTUBE.COM
13 MayCanvas Owner Reaches Agreement With Cybercriminals After Ransomware AttackInstructure says it reached an agreement with ShinyHunters over the Canvas breach dataINFOSECURITY-MAGAZINE.COM
13 MayRansomware hackers claim breach at Foxconn, a major electronics manufacturer for Apple, Google, and NvidiaA ransomware group has claimed responsibility for hacking the electronics manufacturing giant Foxconn, and is attempting to extort the company.TECHCRUNCH.COM
13 MayHackers Claim 11M Files Stolen From Foxconn, Supplier to Apple and NvidiaFoxconn confirmed a North American cyberattack after Nitrogen claimed it had stolen 11M files tied to major tech customer projects. The post Hackers Claim 11M Files Stolen From Foxconn, Supplier to Apple and Nvidia appeared first on TechRepublic .TECHREPUBLIC.COM
13 MayCanvas Breach Hackers Reach Deal After Claiming 275M Records StolenInstructure reached a deal with the Canvas hackers after they claimed to have stolen data tied to nearly 9,000 schools and 275 million people. The post Canvas Breach Hackers Reach Deal After Claiming 275M Records Stolen appeared first on TechRepublic .TECHREPUBLIC.COM
13 MayGoogle Enhances Android Mobile Security with New AI-powered ProtectionsMobile devices have become ground zero for a ruthless wave of cyberattacks, with invisible threat actors draining bank accounts and hijacking digital identities before victims even realize they’ve been compromised. Now, Google is striking back with a massive counteroffensiv…GBHACKERS.COM
13 MayFoxconn confirms cyberattack affecting some North American facilitiesA ransomware group has claimed a major attack against the electronics manufacturer.CYBERSECURITYDIVE.COM
13 MayStudent Messages Were the Real TargetMost breach headlines focus on passwords, credit cards, or government IDs. This breach hit somewhere more personal. Attackers reportedly breached Canvas — a learning platform used across colleges and universities — and may have accessed billions of private inbox messages exchange…YOUTUBE.COM
13 MayOpenLoop Health confirms January 2026 Data breach affecting 716,000In January 2026, telehealth infrastructure firm OpenLoop Health suffered a security breach that exposed information of 716,000 people. OpenLoop Health confirmed a January 2026 cyberattack that exposed personal information of 716,000 individuals using its telehealth services. The …SECURITYAFFAIRS.COM
13 MaySmashing Security podcast #467: How ShinyHunters hacked the world’s biggest universitiesWelcome to the largest educational data breach in history - affecting nearly 9,000 institutions, every Ivy League university, and 30 million students mid-finals. When Canvas's parent company refused to pay and announced they had deployed "security patches" instead, the hackers we…GRAHAMCLULEY.COM
12 MayCheckmarx Jenkins AST Plugin Compromised in KICS Supply Chain AttackSupply chain campaign has now extended to Checkmarx’s Jenkins ecosystem, with attackers pushing a malicious Checkmarx Jenkins AST plugin to the official Jenkins Marketplace as part of the ongoing KICS/Trivy-linked compromise. The rogue release is identified as version 2026.5.09 a…GBHACKERS.COM
12 May84 npm Packages Linked to TanStack Hit by Supply-Chain BreachA massive supply chain breach affecting 84 npm packages within the widely used TanStack ecosystem. Malicious actors compromised these packages by injecting a sophisticated credential-stealing tool designed to target continuous integration environments such as GitHub Actions. Pack…GBHACKERS.COM
12 MayInstructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas LeakAmerican educational technology company Instructure, the parent company of Canvas, said it reached an "agreement" with a decentralized cybercrime extortion group after it breached its network and threatened to leak stolen information from thousands of schools and universities. In…THEHACKERNEWS.COM
12 MayState of ransomware in 2026Kaspersky researchers are sharing insights into the main ransomware trends for 2026: EDR killers on the rise, switching from data encryption to data leaks, and more.SECURELIST.COM
12 MayMicrosoft Warns: MistralAI PyPI Package Compromised with MalwareMistral’s official Python client on PyPI has been pulled into the ongoing wave of AI supply‑chain attacks, with Microsoft warning that version 2.4.6 of the mistralai package was backdoored to silently deploy a credential‑stealing payload on Linux systems. The logic is designed to…GBHACKERS.COM
12 MayStolen Canvas data was “returned” after hacker agreement, Instructure saysInstructure says the stolen Canvas data impacting millions of students and staff was “returned.” That’s not how breaches work.MALWAREBYTES.COM
12 MaySouth Staffordshire Water Fined £1m After Data BreachThe ICO has fined South Staffordshire Water nearly £1m for a series of data protection failingsINFOSECURITY-MAGAZINE.COM
12 MayCushman & Wakefield - 310,431 breached accountsIn May 2026, the real estate services firm Cushman & Wakefield was the target of a "pay or leak" extortion campaign by the ShinyHunters group . Following the threat, the group publicly published data they alleged had been obtained from the firm, consisting mostly of C&W email…HAVEIBEENPWNED.COM
12 MayState-sponsored actors, better known as the friends you don’t wantResponding to a state-sponsored threat is nothing like responding to ransomware, and the differences can make or break the outcome. Learn why your IR plan might need revisiting, and the factors you should consider.TALOSINTELLIGENCE.COM
12 MayNew ‘Shai-Hulud’ attack breached hundreds of npm and PyPI packagesA rapidly expanding supply-chain attack tied to the “Mini Shai-Hulud” malware campaign has compromised more than 400 package artifacts across npm, PyPI, and Composer repositories. The breached projects include widely used libraries from TanStack, Mistral AI, UiPath, OpenSearch, a…CYBERINSIDER.COM
12 MayHackers Hijack Microsoft Teams Accounts to Spread ModeloRAT MalwareHackers are now abusing hijacked Microsoft Teams accounts and fake IT helpdesk chats to push a new, undocumented version of the Python‑based ModeloRAT into corporate environments. Instead, they use compromised or newly created Microsoft Teams accounts that impersonate internal IT…GBHACKERS.COM
12 MayANY.RUN & Elastic Security: Bring Threat Intelligence into Detection and Investigation WorkflowsSecurity teams don’t lack data. They lack timely, usable intelligence. Analysts spend too much time validating indicators, switching between tools, and figuring out what actually matters. This introduces delays and puts organizations at risk of a mis…ANY.RUN
12 MayCushman and Wakefield Confirms Data Breach Impacting Over 310,000 AccountsGlobal real estate powerhouse Cushman & Wakefield is the latest casualty in an escalating war of corporate extortion. Following a tense “pay or leak” standoff, the notorious ShinyHunters threat syndicate has carried out its threat, dumping hundreds of thousands of…GBHACKERS.COM
12 MayInstructure strikes deal with hackers who breached it twiceThe maker of the Canvas school software said it "reached an agreement" with the hackers, but provided no guarantees that the hackers would not release the data or keep their word.TECHCRUNCH.COM
12 MayInstructure pays ransom after Canvas incident as Congress announces investigationThe company said its agreement with the hackers involved their data being “returned” to them and digital confirmation of data destruction.THERECORD.MEDIA
12 MayCanvas owner reaches agreement with ShinyHunters, says user data was deletedInstructure says it reached an agreement with the threat actors behind the recent cyberattack targeting its Canvas learning platform. The company stated that stolen data was returned and that the attackers provided “digital confirmation of data destruction.” The attack was previo…CYBERINSIDER.COM
12 MayInstructure took a risky approach to recover stolen Canvas dataInstructure, the company behind the online learning platform Canvas, said it reached an agreement with the extortion group ShinyHunters to prevent data stolen in a recent breach from being leaked online. According to the company’s website, Canvas has more than 30 million active u…HELPNETSECURITY.COM
12 MayIdentity takes center stage as a leading factor in enterprise cyberattacksA new report shows two-thirds of ransomware attacks began with an identity-related breach.CYBERSECURITYDIVE.COM
12 MayHugging Face Packages Weaponized With a Single File TweakA tokenizer library file present in Hugging Face AI models can be manipulated to hijack the model's outputs and exfiltrate data.DARKREADING.COM
12 MayReport: Most Phishing Attacks Abuse Trusted ServicesPhishing attacks are increasingly abusing trusted services to evade security filters, according to VIPRE’s Email Threat Trends Report for Q1 2026. The two primary methods of delivery were compromised accounts at 33% and free email services 32%. Additionally, just under 90% of att…KNOWBE4.COM
12 MayWest Pharmaceutical warns of ransomware attack impacting business operationsWest Pharmaceutical Services filed a report with the Securities and Exchange Commission (SEC) on Monday evening warning customers that a hacker breached the company network on May 4, stole data and encrypted systems.THERECORD.MEDIA
12 MayFoxconn confirms cyberattack impacting North American factoriesA spokesperson for the company confirmed the incident but declined to provide specifics on how many factories in North America were impacted. Foxconn has factories in Wisconsin, Ohio, Texas, Virginia, Indiana and several across Mexico.THERECORD.MEDIA
12 MayFoxconn Ransomware Attack Shows Nothing Is Safe ForeverFamous for helping build Apple's iPhones, Foxconn just suffered another cyberattack, highlighting the perils of warehousing some of the world's most valuable data.WIRED.COM
12 MayMini Shai-Hulud Strikes Again: TanStack + more npm Packages CompromisedDetect and mitigate malicious npm packages linked to the latest Mini Shai-Hulud supply chain campaign targeting high-value developer tooling.WIZ.IO
11 MayWelcoming the Costa Rican Government to Have I Been PwnedPresently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite Today, we welcome the 42nd government onboarded to Have I Been Pwned’s free gov service: Costa Rica. The CSIRT of the Government…TROYHUNT.COM
11 MayWeaponized JPEG file Drops Trojanized ScreenConnect MalwareHackers are abusing a weaponized JPEG file to quietly install a trojanized version of the ConnectWise ScreenConnect remote‑access tool on Windows systems, enabling full surveillance, credential theft, and long‑term control over compromised networks. The campaign shows how a simpl…GBHACKERS.COM
11 MayZara Data Breach Impacts Nearly 200,000 CustomersShinyHunters gets away with emails and other data on 200,000 Zara customersINFOSECURITY-MAGAZINE.COM
11 MayThe State of Ransomware – Q1 2026Key Findings Ransomware in Q1 2026: Consolidation at Scale During the first quarter of 2026, we monitored more than 70 active data leak sites (DLS) that collectively listed 2,122 new victims. This figure represents a 12.2% decline from the Q4 2025 all-time record of 2,416 victims…RESEARCH.CHECKPOINT.COM
11 MayShinyHunters Escalates Canvas Extortion with School by School Ransom CampaignShinyHunters has escalated its Canvas extortion campaign, defacing hundreds of school login pages and threatening to leak stolen data unless institutions negotiateINFOSECURITY-MAGAZINE.COM
11 MayUK water company allowed hackers to lurk undetected for nearly two years, regulator findsThe Information Commissioner's Office (ICO) fined South Staffordshire Water £963,900 ($1.3 million) on Monday over an attack by the Cl0p ransomware group that led to the personal data of 633,887 customers and employees being published in August 2022.THERECORD.MEDIA
11 May11th May – Threat Intelligence ReportFor the latest discoveries in cyber research for the week of 11th May, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Instructure, the US education technology company behind the Canvas learning platform, has confirmed a major data breach affecting its …RESEARCH.CHECKPOINT.COM
11 MayCyber Espionage Group Targets Aviation Firms to Steal Map DataThe campaign quietly compromises aerospace and drone operators to exfiltrate GIS files, terrain models, and GPS data and gain a clear picture of adversaries' world view.DARKREADING.COM
11 MayA 2nd Canvas data breach causes major disruptions for schools, collegesThe Instructure-owned learning management system went offline on May 7 after a threat actor once again gained unauthorized access.CYBERSECURITYDIVE.COM
11 MayPoor security left hackers inside water company network for nearly two yearsThe UK’s data protection regulator, the Information Commissioner’s Office (ICO), fined South Staffordshire Water’s parent company £963,900 over security failures linked to a cyberattack that exposed the personal data of 633,887 people. According to the ICO, the South Staffordshir…HELPNETSECURITY.COM
11 MayZimperium Mobile App Response Agent helps security teams counter mobile attacksZimperium launched Mobile App Response Agent, enabling security teams to respond faster than ever before to fraud and security threats. Leveraging Zimperium’s expertise in mobile security, Mobile App Response Agent is part of Zimperium’s Mobile App Protection Suite (MAPS), empowe…HELPNETSECURITY.COM
11 MayWelcoming the Bangladesh Government to Have I Been PwnedPresently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite Today, we welcome the 43rd government onboarded to Have I Been Pwned's free gov service, Bangladesh. The BGD e-GOV CIRT department…TROYHUNT.COM
10 MayCyberWire Daily at 10: The evolution of geopolitics and warfare.In this special edition of CyberWire Daily’s 10th anniversary series, N2K CyberWire's ⁠Maria Varmazis⁠ and ⁠Dave Bittner⁠ discuss cybersecurity geopolitics and warfare that have been in the news over the past 10 years. Our conversation treks around the globe beginning with the su…THECYBERWIRE.COM
10 MaySecurity Affairs newsletter Round 576 by Pierluigi Paganini – INTERNATIONAL EDITIONA new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Quasar Linux RAT (QLNX): A Fi…SECURITYAFFAIRS.COM
10 MayWeekly Update 503Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite Well, it's the day before the Instructure "pay or leak" deadline (at least by my Aussie watch), and the company remains …TROYHUNT.COM
9 MayBraintrust security incident raises concerns over AI supply chain risksBraintrust warned customers to rotate API keys after hackers breached an AWS account, exposing secrets tied to cloud-based AI models. AI observability startup Braintrust warned customers to rotate API keys after attackers gained unauthorized access to one of the company’s AWS acc…SECURITYAFFAIRS.COM
8 MayCanvas Breach Disrupts Schools & Colleges NationwideAn ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the service's login page with a ransom demand tha…KREBSONSECURITY.COM
8 MayThe Canvas Hack Is a New Kind of Ransomware DebacleThousands of schools around the US were paralyzed on Thursday after education tech firm Instructure shut down access to its Canvas platform following a breach by hackers going by the name ShinyHunters.WIRED.COM
8 MayHackers Use Morse Code to Trick Grok and Bankrbot, Steal $200K in Crypto TokensThreat actors have successfully executed a novel prompt injection attack against artificial intelligence agents, draining approximately $200,000 in cryptocurrency. By using Morse code to bypass standard AI safety filters, an attacker tricked the Grok AI model and an autonomous wa…GBHACKERS.COM
8 MayZara - 197,376 breached accountsIn April 2026, the fashion brand Zara was among a number of organisations targeted by the ShinyHunters extortion group as part of their "pay or leak" campaign. The group claimed the breach was related to a compromise of the Anodot analytics platform and subsequently published a t…HAVEIBEENPWNED.COM
8 MayPCPJack Campaign Boots TeamPCP Off Compromised MachinesSentinelOne believes the PCPJack campaign may be the brainchild of a former TeamPCP memberINFOSECURITY-MAGAZINE.COM
8 MayCanvas outage hits thousands of universities as ShinyHunters threatens leakA major outage impacting Canvas, one of the world’s most widely used learning management systems, disrupted universities and school districts across the United States and worldwide. The disruption came after threat actors linked to the ShinyHunters extortion group breached the pa…CYBERINSIDER.COM
8 MayAvantra’s new AI can diagnose SAP failures in secondsAvantra launched Avantra 26, an advancement in AI-driven operations, strengthening native integration with SAP Cloud ALM, and delivering automated visibility across SAP Business Technology Platform (BTP). Avantra also announced Avantra AIR Root Cause Analyzer, an AI-powered intel…HELPNETSECURITY.COM
8 MayFormer IT contractor convicted for wiping 96 US government databasesA federal jury has convicted a Virginia man for his role in a retaliatory cyberattack that wiped dozens of US government databases after he and his twin brother were fired from a federal contractor in 2025. Prosecutors said the attack affected systems used by more than 45 federal…CYBERINSIDER.COM
8 MayMicrosoft says Edge’s plaintext password behavior is “by design”A researcher found Edge loads saved passwords into computer memory when it starts, making them easier to steal if a device is already compromised.MALWAREBYTES.COM
8 MayYou Have 60 Seconds to Stop the Breach. Are You Ready?2026 has officially become the year of speed, scale and support The delta between a phishing email landing and a full organizational compromise has shrunk to mere seconds.KNOWBE4.COM
8 MayPro-Ukraine BO Team and Head Mare hackers appear to team up in attacks against RussiaResearchers at Moscow-based cybersecurity firm Kaspersky said they identified overlapping infrastructure and tools used by both groups — including command-and-control systems operating on the same compromised host — suggesting some coordination.THERECORD.MEDIA
8 MayShinyHunters claims nearly 9,000 schools affected by Canvas data breachThe group that stole data from Instructure users claims that it will release the data of students from nearly 9,000 education institutions around the country. The post ShinyHunters claims nearly 9,000 schools affected by Canvas data breach appeared first on CyberScoop .EDSCOOP.COM
8 MayInstructure confirms cybersecurity incidentThe ed tech company that operates Canvas said information impacted by the data breach includes messages, names, email addresses and student ID numbers.CYBERSECURITYDIVE.COM
8 MayAnthropic’s Claude used in attempted compromise of Mexican water utilityResearchers warn the incident highlights how AI tools can help untrained threat actors develop complex cyberattack capabilities.CYBERSECURITYDIVE.COM
8 MayZara Data Breach: 197,000 Customers Exposed in Third-Party Security IncidentNearly 200,000 Zara customers were exposed in a third-party breach linked to ShinyHunters, revealing emails, purchase history, and support data. Personal data belonging to nearly 197,000 Zara customers has been compromised following a cyberattack on a former technology provider u…SECURITYAFFAIRS.COM
8 MayPoland says hackers breached water treatment plants, and the U.S. is facing the same threatA report by Poland’s top intelligence agency accused Russia of sabotage and hacking activities against the country’s military and civilian infrastructure.TECHCRUNCH.COM
8 MayCyberattacks on Poland’s Water Plants: A Blueprint for Hybrid WarfarePoland’s ABW confirmed hackers breached ICS at five water plants, gaining ability to alter equipment settings. Russia-linked APT groups suspected. Poland’s Internal Security Agency (ABW) has published a detailed account of a sustained campaign targeting the country’s water …SECURITYAFFAIRS.COM
8 MayRansomHouse says it breached Trellix and exposes internal systemsRansomHouse claimed responsibility for the Trellix breach, adding the security firm to its Tor data leak site and sharing screenshots of internal systems. The RansomHouse ransomware group has claimed responsibility for the recent cyberattack on cybersecurity firm Trellix. To supp…SECURITYAFFAIRS.COM
8 MayDevelopers Are the New TargetA Linux RAT known as Quasar is reportedly targeting developers instead of end users. The malware focuses on stealing Git credentials, NPM tokens, PyPI credentials, and other secrets tied to software repositories. Once attackers gain access to developer accounts, they may be able …YOUTUBE.COM
7 MayWoflow - 447,593 breached accountsIn March 2026, the AI-driven merchant data platform Woflow was named as a victim by the ShinyHunters data extortion group . The group subsequently published tens of thousands of files allegedly obtained from the company, comprising more than 2TB of data. The trove included hundre…HAVEIBEENPWNED.COM
7 MayDay Zero Readiness: The Operational Gaps That Break Incident ResponseHaving an incident response retainer, or even a pre-approved external incident response firm, is not the same as being ready for an incident. A retainer means someone will answer the phone. Operational readiness determines whether that team can do meaningful work the moment they …THEHACKERNEWS.COM
7 MayPolish intelligence warns hackers attacked water treatment control systemsThe agency did not publicly attribute the incidents to a specific group or country but said Poland faced intensified hostile cyber activity in 2024 and 2025, “with particular emphasis on the special services of the Russian Federation.”THERECORD.MEDIA
7 MayWorld's First AI-Driven Cyberattack Couldn't Breach OT SystemsThe most sophisticated AI-integrated campaign to date hit a brick wall in the form of a SCADA login screen.DARKREADING.COM
7 MayOne Click, Total Shutdown: The "Patient Zero" Webinar on Killing Stealth BreachesThe hardest part of cybersecurity isn't the technology, it’s the people. Every major breach you’ve read about lately usually starts the same way: one employee, one clever email, and one "Patient Zero" infection. In 2026, hackers are using AI to make these "first clicks" nearly im…THEHACKERNEWS.COM
7 MayNorth Carolina man pleads guilty to doxxing Supreme Court justicesThe incident underscores the dangers public officials face from doxxing, as well as how easy it has become to find sensitive information online.THERECORD.MEDIA
7 MayHackers hack victims hacked by other hackersAn unknown group of hackers is breaking into systems previously breached by the cybercrime group TeamPCP. Once inside, the hackers immediately kick out TeamPCP and remove its hacking tools from the victims’ systems.TECHCRUNCH.COM
7 MayUnplug your way to better codeCybersecurity concepts — logs, packets, DNS exfiltration, and more — are usually intangible, and its practitioners are prone to mental fatigue, Amy takes a second to yell at you to go touch grass.TALOSINTELLIGENCE.COM
7 May“ClaudeBleed” allows any Chrome extension to control Anthropic’s AI assistantA critical flaw in Anthropic’s “Claude in Chrome” browser extension allows any Chrome extension, even one with zero permissions, to hijack Claude’s AI capabilities and perform sensitive actions on behalf of users. The issue, discovered by LayerX and dubbed “ClaudeBleed,” could en…CYBERINSIDER.COM
7 MayHackers deface school login pages after claiming another Instructure hackThe cybercrime group ShinyHunters claimed to have hacked Instructure again, defacing the login pages of several Instructure customer schools with an extortion message.TECHCRUNCH.COM
7 MayVPN Access Without Open PortsThreatLocker is adding remote-access functionality directly into its existing endpoint agent. The idea is similar to tools like Tailscale, WireGuard, or Cloudflare Tunnel: create secure connections to devices without exposing ports to the public internet. That changes the traditi…YOUTUBE.COM
6 MayQLNX Targets Developers in Supply Chain Credential Theft CampaignQLNX is a newly documented Linux remote access trojan (RAT) that targets the theft on developers’ and DevOps credentials to hijack software supply chains. Recent attacks against popular projects like LiteLLM on PyPI and the Axios npm package have shown how a single compromised ma…GBHACKERS.COM
6 MayRansomware Gang Member Linked to Russian Cybercrime Group Sentenced to PrisonA Latvian national operating from Moscow has been sentenced to 102 months in federal prison for his role as a key negotiator within a prolific Russian ransomware network. Deniss Zolotarjovs, 35, participated in a cybercrime syndicate that orchestrated data theft and extortion cam…GBHACKERS.COM
6 MayVimeo Confirms Breach Exposing 119,000 Unique User Email AddressesVideo hosting platform Vimeo has confirmed a data breach that exposed approximately 119,000 unique user email addresses, attributing the incident to a security compromise at Anodot, a third-party analytics vendor integrated with its systems. The breach came to light after the Shi…GBHACKERS.COM
6 MayMiddle East Cyber Battle Field Broadens — Especially in UAEAs the war with Iran continues, breach attempts targeting the United Arab Emirates tripled in a few weeks — many targeting critical infrastructure.DARKREADING.COM
6 MayLegionProxy - 10,144 breached accountsIn April 2026, the commercial residential and ISP proxy network LegionProxy suffered a data breach . The incident exposed 10k email addresses, bcrypt password hashes, names and purchases.HAVEIBEENPWNED.COM
6 MayMillions of students&#8217; personal data stolen in major education breachShinyHunters claims it stole personal data from 275 million users on Instructure’s Canvas platform across schools and education providers.MALWAREBYTES.COM
6 MayIran-Linked APT Posed as Chaos Ransomware Member in Espionage CampaignRapid7 reveals an Iranian false flag operation masquerading as a Chaos ransomware attackINFOSECURITY-MAGAZINE.COM
6 MayMuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware AttackThe Iranian state-sponsored hacking group known as MuddyWater (aka Mango Sandstorm, Seedworm, and Static Kitten) has been attributed to a ransomware attack in what has been described as a "false flag" operation. The attack, observed by Rapid7 in early 2026, has been found to leve…THEHACKERNEWS.COM
6 MayIran-sponsored threat group behind false flag social engineering campaignThe state-linked actor has been masquerading as a criminal ransomware group in attacks targeting U.S. organizations.CYBERSECURITYDIVE.COM
6 MayCybercriminals Are Complaining About AI Slop Flooding Their ForumsIt's not just you. Hackers and other cybercriminals are complaining about “AI shit” flooding platforms where they discuss cyberattacks and other illegal activity.WIRED.COM
6 MayIranian cyber espionage disguised as a Chaos Ransomware attackIran-linked APT MuddyWater used ransomware-style tactics to mask espionage, combining phishing, credential theft, data exfiltration, and extortion without encryption. A newly discovered cyber intrusion attributed to the Iran-linked APT MuddyWater (aka SeedWorm, TEMP.Zagros, Mango…SECURITYAFFAIRS.COM
6 MayDOJ says ransomware gang tapped into Russian government databasesU.S. prosecutors said a ransomware gang fueled Russian government corruption, and allowed the gang's leaders to avoid paying taxes and dodge the country's military draft.TECHCRUNCH.COM
6 MayAI evaluation startup Braintrust confirms breach, tells every customer to rotate sensitive keysBraintrust, a startup that makes an “operating system for engineers building AI software,” notified customers that hackers broke into one of its Amazon cloud environments, and is asking customers to rotate their API keys.TECHCRUNCH.COM
6 MayInstructure Breach Exposes Schools' Vendor DependenceShinyHunters' attack on Instructure, which owns the widely used Canvas learning management system (LMS), carries big questions about the trust educational institutions put into their vendors.DARKREADING.COM
5 MayVimeo - 119,167 breached accountsIn April 2026, the ShinyHunters extortion group listed Vimeo on their extortion portal as part of their "pay or leak" campaign . They subsequently published hundreds of gigabytes of data, predominantly consisting of video titles, technical data and metadata. The data also include…HAVEIBEENPWNED.COM
5 MayDigiCert Hacked in Screensaver-Based Attack to Fraudulently Obtain EV Code Signing CertificatesDigiCert, a major Certificate Authority, recently suffered a significant security breach where hackers used a malicious screensaver file to steal 60 Extended Validation (EV) Code Signing certificates. These highly trusted certificates were subsequently used to sign the “Zho…GBHACKERS.COM
5 MayEducational tech firm Instructure data breach may have impacted 9,000 schoolsInstructure, maker of the Canvas learning platform, is investigating a cyber incident that exposed users’ personal data. Instructure is a U.S.-based educational technology company best known for developing Canvas, one of the world’s most widely used learning management systems (L…SECURITYAFFAIRS.COM
5 MayScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and WindowsThe North Korea-aligned state-sponsored hacking group known as ScarCruft has compromised a video game platform in a supply chain espionage attack, trojanizing its components with a backdoor called BirdCallto likely target ethnic Koreans residing in China. While prior versions of …THEHACKERNEWS.COM
5 MayAPT37 hacks gaming platform to spread new BirdCall Android spywareNorth Korean hackers compromised a gaming platform in a supply-chain attack, using trojanized Windows and Android games to deploy a previously undocumented mobile variant of its BirdCall spyware. Security researchers at ESET detailed the operation in a recent report, describing h…CYBERINSIDER.COM
5 MayAustralia launches cyber review board modeled on version disbanded in USThe Cyber Incident Review Board will carry out no-fault, post-incident reviews of significant cyberattacks on Australian government and industry, focusing on systemic lessons rather than individual or corporate culpability.THERECORD.MEDIA
5 MayConti ransomware gang member sentenced to 102 months in prisonA Latvian national who was part of a major Russian ransomware organization that stole from and extorted more than 54 companies has been sentenced to 102 months in prison. Deniss Zolotarjovs, 35, of Moscow, Russia, was part of a group linked to former members of the Conti ransomwa…HELPNETSECURITY.COM
5 MayIntroducing the New AI-Native KnowBe4 SATCybercriminals are getting smarter and faster. Social engineering attacks are evolving rapidly, and AI is making them more convincing than ever. According to the 2025 Verizon Data Breach Investigations Report, up to 68% of cyberattacks involve some form of social engineering. Mea…KNOWBE4.COM
5 MayScarCruft Targets Gaming Platform With Windows, Android BackdoorsA sophisticated multiplatform supply-chain attack orchestrated by the North Korea-aligned APT group ScarCruft, targeting ethnic Koreans in China’s Yanbian region through a compromised gaming platform. The attack, believed to have been ongoing since late 2024, weaponized bot…GBHACKERS.COM
5 MayHackers Abuse DAEMON Tools Distribution Channel to Deliver Malicious PayloadsA sophisticated supply-chain attack has compromised the official distribution channel for DAEMON Tools, delivering multi-stage malware to users worldwide. Since April 8, 2026, threat actors have distributed trojanized installers signed with legitimate digital certificates to cond…GBHACKERS.COM
5 MayHackers steal students’ data during breach at education tech giant InstructureThe data breach at education tech giant Instructure includes students' private data, according to a sample of the allegedly stolen data seen by TechCrunch.TECHCRUNCH.COM
5 MayNorth Korean APT Targets Yanbian Gamers via Trojanized PlatformESET warns that North Korean hackers compromised a Yanbian gaming site in a supply‑chain attack, trojanizing Windows and Android software to spy on usersINFOSECURITY-MAGAZINE.COM
5 MayDAEMON Tools Supply Chain Attack Compromises Official Installers with MalwareA newly identified supply chain attack targeting DAEMON Tools software has compromised its installers to serve a malicious payload, according to findings from Kaspersky. "These installers are distributed from the legitimate website of DAEMON Tools and are signed with digital cert…THEHACKERNEWS.COM
5 MayLatvian national sentenced for ransomware attacks run by former Conti leadersDeniss Zolotarjovs was mostly tasked with putting pressure on the Russia-based crew’s victims, in one case leaking hundreds of children’s health records. The post Latvian national sentenced for ransomware attacks run by former Conti leaders appeared first on CyberScoop .CYBERSCOOP.COM
5 MayConti, Akira ransomware affiliate given 8-year sentenceDeniss Zolotarjovs pleaded guilty in July 2025 to money laundering and wire fraud charges after being arrested in the country of Georgia.THERECORD.MEDIA
5 MayVimeo confirms breach via third-party vendor impacts 119K usersHackers stole data of 119,000 Vimeo users in April. The breach, linked to a third‑party vendor, exposed personal details. Vimeo confirmed a data breach after the ShinyHunters gang stole personal information of 119,000 users in April 2026. According to Have I Been Pwned, the attac…SECURITYAFFAIRS.COM
5 MayU.S. court sentences Karakurt ransomware negotiator to 8.5 yearsDeniss Zolotarjovs was sentenced to 8.5 years in the U.S. after pleading guilty to money laundering and fraud tied to ransomware. Deniss Zolotarjovs, a Latvian national linked to the Karakurt ransomware gang, has been sentenced to 8.5 years in U.S. prison, marking a significant s…SECURITYAFFAIRS.COM
4 May15-year-old detained over massive data breach at French government agencyFrench authorities have detained a 15-year-old suspected of involvement in a data breach at France Titres, the government agency responsible for issuing official documents. “Between 12 and 18 million data records were reportedly being offered for sale on cybercriminal forum…HELPNETSECURITY.COM
4 May KEVDOJ Sentences Two Americans for ALPHV BlackCat Ransomware AttacksThe U.S. Department of Justice (DOJ) has sentenced two American cybersecurity professionals to prison for their involvement in ALPHV BlackCat ransomware attacks that targeted multiple U.S. organizations in 2023. The case highlights the growing threat of insider expertise being mi…GBHACKERS.COM
4 May2026: The Year of AI-Assisted AttacksOn December 4, 2025, a 17-year-old was arrested in Osaka under Japan’s Unauthorized Access Prohibition Act. The young man had run malicious code to extract the personal data of over 7 million users of Kaikatsu Club, Japan's largest internet cafe chain. When asked, the young man s…THEHACKERNEWS.COM
4 MayBluekit Phishing Kit Streamlines Domains, 2FA Lures, and Session HijackingA newly discovered phishing kit called “Bluekit” is reshaping how cybercriminals run phishing campaigns by combining multiple attack stages into a single, centralized platform. Instead, Bluekit integrates these capabilities into one operator panel, streamlining the entire attack …GBHACKERS.COM
4 MayCanvas Confirms Data Breach Following ShinyHunters ClaimInstructure, the educational technology company behind the widely used Canvas Learning Management System (LMS), has officially confirmed a major data breach. This confirmation directly follows recent claims made by the notorious threat actor group known as ShinyHunters. Canvas is…GBHACKERS.COM
4 MayDigiCert breached via malicious screensaver fileA targeted social engineering attack against DigiCert’s support channel led to the compromise of internal systems and the unauthorized issuance of EV Code Signing certificates. DigiCert is a global Certificate Authority (CA) providing digital trust services, specializing in TLS/S…HELPNETSECURITY.COM
4 MayCyberattacks are raising your prices (Lock and Code S07E09)This week on the Lock and Code podcast, we speak with Eva Velasquez about small business cyberattacks and the "cyber tax" coming for us all.MALWAREBYTES.COM
4 MayRansomware group claims breach of pro-Orbán Hungarian media firmMediaworks confirmed the incident on Friday, warning that “a significant amount of illegally obtained data may have come into the possession of unauthorized persons."THERECORD.MEDIA
4 MayEducational company Infrastructure reports cyber incidentBy Saturday, Infrastructure’s chief information security officer Steve Proud confirmed that the hackers gained access to information about users at some educational institutions, including names, email addresses, student ID numbers and messages between users.THERECORD.MEDIA
3 MaySecurity Affairs newsletter Round 575 by Pierluigi Paganini – INTERNATIONAL EDITIONA new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Two US cybersecurity experts …SECURITYAFFAIRS.COM
3 MaySalt Typhoon breach IBM subsidiary in Italy: a warning for Europe’s digital defensesApril 2026 breach at Sistemi Informativi (IBM Italy) raises concerns over Chinese-linked cyber ops in Europe, including Salt Typhoon. In late April 2026, the Italian cybersecurity landscape was shaken by a significant breach targeting Sistemi Informativi, a company wholly owned b…SECURITYAFFAIRS.COM
3 MayMarcus & Millichap - 1,837,078 breached accountsIn April 2026, the commercial real estate brokerage firm Marcus & Millichap was named as one of multiple alleged victims of the ShinyHunters hacking and extortion group . Data alleged to have been obtained from the company was subsequently released publicly and included 1.8M uniq…HAVEIBEENPWNED.COM
2 MayMassive Facebook Phishing Operation Leverages AppSheet, Netlify, and TelegramCybersecurity researchers at Guardio Labs have uncovered a massive phishing operation dubbed AccountDumpling that has compromised more than 30,000 Facebook accounts worldwide. Unlike conventional phishing campaigns that rely on spoofed domains or compromised SMTP servers, this Vi…GBHACKERS.COM
2 MayNew Deep#Door RAT uses stealth and persistence to target WindowsDeep#Door hides a Python RAT inside a batch file, kills Windows defenses, survives via multiple persistence methods, and exfiltrates data through a public TCP tunnel. Security researchers at Securonix uncovered a sophisticated malware campaign called Deep#Door. Threat actors empl…SECURITYAFFAIRS.COM
2 May KEVTwo US cybersecurity experts sentenced in ransomware case, third awaits July rulingTwo US security experts were sentenced to 4 years for helping ransomware attacks. A third accomplice pleaded guilty and awaits sentencing. Two US cybersecurity professionals, Ryan Goldberg and Kevin Martin, were sentenced to four years in prison for their role in supporting ranso…SECURITYAFFAIRS.COM
1 MayA Ransomware Negotiator Was Working for a Ransomware GangSomeone pleaded guilty to secretly working for a ransomware gang as he negotiated ransomware payments for clients.SCHNEIER.COM
1 May KEVTwo Cybersecurity Professionals Get 4-Year Sentences in BlackCat Ransomware AttacksThe U.S. Department of Justice (DoJ) on Thursday announced the sentencing of two cybersecurity professionals to four years each in prison for their role in facilitating BlackCat ransomware attacks in 2023. Ryan Goldberg, 40, of Georgia, and Kevin Martin, 36, of Texas, were accuse…THEHACKERNEWS.COM
1 MayTwo American Cybersecurity Workers Jailed for BlackCat Ransomware AttacksThe cybersecurity workers used their knowledge and skills to conduct ransomware attacks for notorious gang, rather than protect victims against themINFOSECURITY-MAGAZINE.COM
1 MayCyber incident responders who carried out ransomware attacks given 4-year sentencesTwo cybersecurity incident responders who abused their positions to carry out covert ransomware attacks were sentenced to four years in prison.THERECORD.MEDIA
1 May30,000 Facebook Accounts Hacked via Google AppSheet Phishing CampaignA newly discovered Vietnamese-linked operation has been observed using a Google AppSheet as a "phishing relay" to distribute phishing emails with an aim to compromise Facebook accounts. The activity has been codenamed AccountDumpling by Guardio, with the scheme selling the stolen…THEHACKERNEWS.COM
1 MayThe new speed of cyber defense with Andrew Carr from Booz AllenAndrew Carr, Managing Director and head of Threat Detection and Response at Booz Allen, joins Dave Bittner on the CyberWire Daily podcast for a sponsored Industry Voices. Drawing on years of incident response and ransomware negotiation experience, he explains how AI is compressin…THECYBERWIRE.COMHTTPS:
30 AprCompromised SAP npm Packages Found Harvesting Developer and CI/CD SecretsSecurity researchers have identified a severe supply chain attack targeting the SAP developer ecosystem. A threat group identified as TeamPCP has compromised multiple legitimate SAP npm packages in a new campaign named Mini Shai Hulud. The operation relies on injecting malicious …GBHACKERS.COM
30 AprOperation Winter SHIELD: What the FBI Wants Industry to Do NowThe FBI sees every breach. You see yours. ⁠Adam Maddock⁠, Section Chief of the FBI's Cyber Technical Analytics and Operations Section, and ⁠Jarrod Schlenker⁠, Assistant Section Chief leading the FBI Cyber Division's private-sector engagement, join ⁠David Moulton⁠ to walk through …THECYBERWIRE.COM
30 AprMeta accused of violating DSA by failing to safeguard minorsThe European Commission accuses Meta of failing to protect children, allowing users under 13 on Instagram and Facebook, in breach of the DSA rules. The European Commission has accused Meta of violating child safety rules. Instagram and Facebook allegedly failed to prevent childre…SECURITYAFFAIRS.COM
30 AprWhy Your Email Security Needs a Global Human Network to Close the Detection GapThe biggest challenge in email security today isn’t just detecting a threat; it’s the speed of response across a global landscape. As we head into the second half of 2026, the stakes with speed have gotten higher. According to SQ Magazine, AI-generated phishing attempts are 68% h…KNOWBE4.COM
30 AprMoldova’s health insurance agency reports possible data leak after cyberattackThe agency said the incident occurred several weeks ago and that technical assessments indicated a possible theft of limited information.THERECORD.MEDIA
30 AprUK: Education Sector Faces Surge in Cyber Breaches Despite Stable National Threat LevelsThe British public education sector has faced the nation’s most dramatic increase in cyber breach prevalence over the past yearINFOSECURITY-MAGAZINE.COM
30 AprAnti-DDoS Firm Heaped Attacks on Brazilian ISPsA Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks against other network operators in Brazil, KrebsOnSecurity has learned. The firm…KREBSONSECURITY.COM
30 AprFrance investigates 15-year-old over alleged hack of national ID agencyThe minor was taken into police custody on April 25 on suspicion of involvement in a data breach affecting the National Agency for Secure Documents (ANTS), which processes applications for passports, national identity cards, residence permits and driver’s licenses.THERECORD.MEDIA
30 AprFrance arrests 15-year-old hacker who stole data of 11.7 million peopleFrench authorities have detained a 15-year-old suspect in connection with the recent ANTS data breach, which exposed millions of sensitive user records on cybercrime forums. According to a statement published earlier today by Paris public prosecutor Laure Beccuau, the minor was t…CYBERINSIDER.COM
30 AprPyTorch Lightning Compromised in PyPI Supply Chain Attack to Steal CredentialsIn yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft. According to Aikido Security, Socket, and StepSecurity, the two malicious versions are versions 2…THEHACKERNEWS.COM
30 AprTeamPCP Hits SAP Packages With 'Mini Shai-Hulud' AttackSeveral npm packages for SAP's cloud application development ecosystem have been compromised as TeamPCP's supply chain attacks broaden.DARKREADING.COM
30 Apr KEVFormer incident responders sentenced to 4 years in prison for committing ransomware attacksRyan Goldberg and Kevin Martin attacked five companies in 2023 and extorted nearly $1.3 million from one of their victims. The post Former incident responders sentenced to 4 years in prison for committing ransomware attacks appeared first on CyberScoop .CYBERSCOOP.COM
29 AprBlueNoroff Deploys Fileless PowerShell in AI-Generated Zoom Lure CampaignA sophisticated BlueNoroff campaign targeting cryptocurrency executives through fake Zoom meetings enhanced with AI-generated deepfakes and fileless PowerShell malware. The North Korean state-sponsored group successfully compromised a North American Web3 company in January 2026, …GBHACKERS.COM
29 AprVect 2.0 RaaS Expands Attacks Across Windows, Linux, and ESXiVect 2.0 Ransomware‑as‑a‑Service (RaaS) operation is rapidly evolving into a multi‑platform threat that can encrypt Windows, Linux, and VMware ESXi environments across modern hybrid infrastructures. The group runs a classic affiliate model, renting out its ransomware and TOR‑base…GBHACKERS.COM
29 AprLofyStealer Targets Minecraft Players via Node.js Loader and Browser InjectionMinecraft players are being lured with a fake hacking tool called “Slinky” that secretly installs a powerful infostealer dubbed LofyStealer (also tracked as GrabBot), linked to the Brazilian cybercrime group LofyGang. The malware uses a Node. js-based loader and an in-memory C++ …GBHACKERS.COM
29 AprVECT 2.0 Ransomware Wipes Large Files Across Windows, Linux & ESXiThe “new” VECT 2.0 ransomware is essentially a cross‑platform data wiper that permanently destroys most enterprise files rather than encrypting them for recovery. For any file larger than 131,072 bytes (128 KB), VECT processes four separate chunks using four different randomly ge…GBHACKERS.COM
29 AprCritical Flaw Turns Vect Ransomware into Data Destroying WiperThe Vect 2.0 ransomware wipes large files instead of merely encrypting them, making recovery impossible – even for the attackersINFOSECURITY-MAGAZINE.COM
29 AprResearchers Track 2.9 Billion Compromised CredentialsKELA claims infostealers remained the primary access vector for attacks in 2025INFOSECURITY-MAGAZINE.COM
29 AprOpenAI and Anthropic brief Congress on cyber-capable AI models.Rival ransomware gangs list each other as victims. Business news: Silverfort will acquire Fabrix Security.THECYBERWIRE.COM
29 AprEuropean Commission accuses Meta of breaching child safety rulesThe platforms allegedly flouted the bloc’s Digital Services Act (DSA) by “failing to diligently identify, assess and mitigate the risks of minors under 13 years old accessing their services,” the commission said.THERECORD.MEDIA
29 AprVect 2.0 Ransomware Acts as Wiper, Thanks to Design ErrorThe emerging ransomware has been deployed against victims of the TeamPCP supply chain attacks, but organizations should think twice before paying for a decryptor.DARKREADING.COM
29 AprSAP npm Packages Compromised by “Mini Shai-Hulud” Credential-Stealing MalwareCybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related npm Packages with credential-stealing malware. According to reports from Aikido Security, SafeDep, Socket, StepSecurity, and Google-owned Wiz, the campaign – calling it…THEHACKERNEWS.COM
29 AprGoogle AppSheet abused to compromise 30,000 Facebook accountsA large-scale phishing operation abusing Google’s AppSheet platform has compromised at least 30,000 Facebook accounts, using fully authenticated emails that bypass traditional security checks. Guardio Labs uncovered the campaign while investigating a wave of phishing emails sent …CYBERINSIDER.COM
29 AprSmashing Security podcast #465: This developer wanted to cheat at Roblox. It cost millionsA developer at an AI startup wanted to cheat at Roblox. They downloaded a dodgy script on their work laptop. That one decision triggered a cascade of failures that ended with a $2 million data breach affecting hundreds of thousands of organisations. All for some free in-game curr…GRAHAMCLULEY.COM
28 AprWeekly Update 501Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite This is so "peak 2026" - writing an equality policy to ensure people treat our AI bot with the same respect as they do their …TROYHUNT.COM
28 AprChinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research CyberattacksA Chinese national accused of being a member of the Silk Typhoon hacking group has been extradited to the U.S. from Italy.  Xu Zewei, 34, was arrested in July 2025 by Italian authorities for his alleged links to the Chinese state-sponsored threat group and for orchestrating …THEHACKERNEWS.COM
28 AprCheckmarx Confirms Security Incident Involving GitHub Repository ExposureApplication security provider Checkmarx has officially confirmed a new security incident involving the exposure of its internal GitHub repository. On April 27, 2026, Udi-Yehuda Tamar, the company’s VP of Platform Engineering and Global CISO, revealed that a cybercriminal gr…GBHACKERS.COM
28 AprRansomware Turf War as 0APT and KryBit Groups Trade BlowsRansomware groups 0APT and KryBit have doxxed each other onlineINFOSECURITY-MAGAZINE.COM
28 AprVECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXiThreat hunters are warning that the cybercriminal operation known as VECT 2.0 acts more like a wiper than a ransomware due to a critical flaw in its encryption implementation across Windows, Linux, and ESXi variants that renders recovery impossible even for the threat actors. The…THEHACKERNEWS.COM
28 AprIran war updates.US Supreme Court leans toward requiring warrants for geofencing searches. ShinyHunters claims responsibility for Pitney Bowes breach.THECYBERWIRE.COM
28 AprMedtronic Confirms Data Breach After ShinyHunters ClaimsMedtronic confirms IT breach as ShinyHunters claims millions of records accessedaINFOSECURITY-MAGAZINE.COM
28 AprVECT: Ransomware by design, Wiper by accidentKey Takeaways Background VECT Ransomware is a Ransomware-as-a-Service (RaaS) program that made its first appearance in December 2025 on a Russian-language cybercrime forum. After claiming their first two victims in January 2026, the group got back into the public eye due to an an…RESEARCH.CHECKPOINT.COM
28 AprVideo site Vimeo blames security incident on Anodot breachThe hackers did not access video content, user logins or payment card information, and there was no disruption to Vimeo’s services,THERECORD.MEDIA
28 AprADT Confirms Major Data Breach Exposing Millions of Names, Partial SSNsADT confirmed a data breach exposing customer names, addresses, phone numbers, and partial SSNs, with millions of records reportedly affected. The post ADT Confirms Major Data Breach Exposing Millions of Names, Partial SSNs appeared first on TechRepublic .TECHREPUBLIC.COM
28 AprWhat the March 2026 Threat Technique Catalog update means for your AWS environmentThe AWS Customer Incident Response Team (AWS CIRT) regularly encounters patterns that repeat across their engagements when helping customers respond to security incidents. We’re passionate about making sure that information is widely accessible so that everyone can improve their …AWS.AMAZON.COM
28 AprFeuding Ransomware Groups Leak Each Other's DataWhen 0APT and KryBit attacked each other, they exposed infrastructure and operational data, giving defenders rare insight into ransomware operations.DARKREADING.COM
27 AprCyber Weapon in Toronto, Grid Attack, Stuxnet Lie ExposedA rogue cyber weapon drove through Toronto blasting scam texts to thousands of phones. A major U.S. critical infrastructure provider confirms a cyberattack. And researchers reveal that Stuxnet may not have been the first cyber weapon after all. In today's Cybersecurity Today with…CYBERSECURITYTODAY.LIBSYN.COM
27 AprCritical infrastructure giant Itron says it was hackedThe American technology giant provides water and energy monitoring and utility meters to hundreds of millions of homes and businesses.TECHCRUNCH.COM
27 AprHackers impersonate Microsoft Teams help desk to breach corporate networksHackers are impersonating Microsoft Teams help desk workers to trick victims into installing data-stealing malware, researchers found.THERECORD.MEDIA
27 AprUtilities Tech Supplier Itron Discloses Cyber-Attack, Operations UnaffectedItron confirmed a cyber incident but does not believe it is likely to have a material impact on the companyINFOSECURITY-MAGAZINE.COM
27 AprLINKEDIN BROWSERGATEBrowserGate claims LinkedIn secretly fingerprints users via extensions and device data, sending encrypted results to third parties for tracking. BrowserGate is an investigation conducted by Fairlinked (https://browsergate.eu/), an association of commercial LinkedIn users, which d…SECURITYAFFAIRS.COM
27 AprFIRESIDE CHAT: Leaked secrets are now the go-to attack vector — and AI is accelerating exposuresA consequential shift is underway in how enterprise breaches begin. The leaked credential — once treated as a hygiene problem — has become the primary on-ramp. Related: No easy fixes for AI risk Last August’s Salesloft campaign was the pattern … (more…) The post FIRESIDE CH…LASTWATCHDOG.COM
27 AprRansomware Uses Your Own PermissionsRansomware operates using the same permissions as the infected user. If your account can access and modify files, so can the malware running under it. This turns the permission system into a liability. Instead of blocking malicious activity, it enables it—because the system assum…YOUTUBE.COM
27 AprMajor critical infrastructure supplier reports cyberattackItron, which makes devices that measure energy and water use, said its operations were continuing, despite the intrusion.CYBERSECURITYDIVE.COM
27 AprSenators seek answers about hackers obtaining sensitive student data from ostensibly anonymous tip lineSens. Maggie Hassan and Jim Banks wrote to Navigate360 after a hacker claimed to compromise the school safety tool. The post Senators seek answers about hackers obtaining sensitive student data from ostensibly anonymous tip line appeared first on CyberScoop .CYBERSCOOP.COM
27 AprHacker who allegedly carried out cyberattacks for China is extradited to U.S.Xu Zewei is accused of participating in a Chinese government hacking group that broke into thousands of U.S. organizations and stole COVID-19-related research.TECHCRUNCH.COM
27 AprSimplicity Stops Data ExfiltrationThis approach limits both file access and network connectivity using allowlisting—only approved actions are permitted, reducing the attack surface. By controlling sockets (network access) and files together, it becomes much harder for attackers to exfiltrate data or pull down mal…YOUTUBE.COM
27 AprMedtronic discloses security incident after ShinyHunters claimed theft of 9M+ recordsMedtronic confirmed a breach of its IT systems after ShinyHunters claimed the theft of over 9 million records. Medtronic confirmed a cyberattack on its corporate IT systems after the hacker group ShinyHunters claimed to have stolen over 9 million records. The company did not shar…SECURITYAFFAIRS.COM
27 AprThe Supreme Court sits on the geofence.The Supreme Court weighs geofence warrants. Iran leans toward quieter cyber ops. Researchers unpack Fast16 sabotage malware. Microsoft tracks an Outlook outage. Snow malware moves deep inside networks. Itron reports a breach. SMS blasters hit Canada. Italy extradites an accused h…THECYBERWIRE.COM
27 AprPitney Bowes - 8,243,989 breached accountsIn April 2026, the hacking collective ShinyHunters claimed to have obtained data from Pitney Bowes as part of a broader extortion campaign that also named several other organisations. After negotiations allegedly failed, the group publicly released the data which included 8.2M un…HAVEIBEENPWNED.COM
26 AprTrigona ransomware adopts custom tool to steal data and evade detectionTrigona ransomware now uses a custom command-line tool to steal data faster and evade detection, replacing tools like Rclone and MegaSync. Symantec researchers report that recent Trigona ransomware attacks used a custom-built data exfiltration tool instead of common utilities lik…SECURITYAFFAIRS.COM
26 AprUdemy - 1,401,259 breached accountsIn April 2026, online training company Udemy was the victim of a “pay or leak” extortion attempt perpetrated by the ShinyHunters group. The data was subsequently leaked publicly and contained 1.4M unique email addresses belonging to customers and instructors. The data also includ…HAVEIBEENPWNED.COM
25 AprDiscord Sleuths Gained Unauthorized Access to Anthropic’s MythosPlus: Spy firms tap into a global telecom weakness to track targets, 500,000 UK health records go up for sale on Alibaba, Apple patches a revealing notification bug, and more.WIRED.COM
24 AprBitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Attacksubmitted by cm0002 to cybersecurity 4 points | 0 comments https://socket.dev/blog/bitwarden-cli-compromisedINFOSEC.PUB
24 AprCarnival - 7,531,359 breached accountsIn April 2026, the notorious hacking collective ShinyHunters claimed they had obtained a substantial volume of data belonging to the Carnival cruise operator and attempted to extort the organisation to prevent the data from being leaked. The following week, the group published th…HAVEIBEENPWNED.COM
24 AprRansomware Gang Unveils Custom Data-Theft ToolRansomware operators introduced a custom-built data exfiltration tool, signaling a notable evolution in attack techniques. Unlike most ransomware groups that rely on publicly available utilities such as Rclone or MegaSync, Trigona affiliates are now using a proprietary tool to st…GBHACKERS.COM
24 AprHackers Impersonate IT Helpdesk Staff to Breach Firms via Microsoft TeamsA newly identified cyber threat group, UNC6692, is using a clever mix of social engineering and custom malware to infiltrate corporate networks. By impersonating IT helpdesk personnel on Microsoft Teams, these hackers trick employees into downloading a sophisticated malware suite…GBHACKERS.COM
24 AprBitwarden CLI Compromised After Malicious GitHub Actions WorkflowCybersecurity researchers at Socket have uncovered a major supply chain compromise affecting the Bitwarden CLI. Attackers successfully abused a GitHub Action in Bitwarden’s CI/CD pipeline to inject malicious code into the popular password manager’s npm package. This breach …GBHACKERS.COM
24 AprChina-Linked Hackers Hide Behind Compromised RoutersHackers linked to China are increasingly abusing compromised routers and edge devices to build covert networks, enabling stealthy cyber operations that are harder to detect and block. Instead of relying on dedicated servers or purchased hosting, threat actors are now leveraging l…GBHACKERS.COM
24 AprAI is speeding up nation-state cyber programsIn this Help Net Security interview, Kaja Ciglic, Senior Director, Cybersecurity Policy and Diplomacy at Microsoft, discusses how nation-state cyber programs have changed over three years. Cyber has become a core instrument of state power, integrated with military, economic, and …HELPNETSECURITY.COM
24 AprCheckmarx supply chain attack impacts Bitwarden npm distribution pathBitwarden CLI was hit by the Checkmarx supply chain attack. Version 2026.4.0 shipped malicious code in bw1.js via a compromised GitHub Action. Bitwarden CLI has been compromised as part of the ongoing Checkmarx supply chain campaign, researchers warn. The affected version, @bitwa…SECURITYAFFAIRS.COM
24 AprAI Phishing Is No. 1 With a Bullet for CyberattackersIn the last six months, companies have seen a significant influx of AI-powered phishing, as cyberattackers progress from small campaigns to 1-to-1 personalized attacks.DARKREADING.COM
24 AprSignal phishing campaign targets Germany’s Bundestag President Julia KlöcknerGermany’s Bundestag President Klöckner was targeted in a Signal phishing attack via a fake CDU group chat. Germany’s Bundestag President Julia Klöckner has reportedly become the latest European political figure targeted through a Signal-based phishing attack, reported Der Spiegel…SECURITYAFFAIRS.COM
24 AprHasbro expects March cyberattack to impact second-quarter revenueThe toy maker is reviewing files and working to fully bring certain systems back online. The company will incur some costs related to the investigation.CYBERSECURITYDIVE.COM
24 AprScattered Spider co-conspirator pleads guiltyAnother member of the notorious Scattered Spider gang of cyber criminals has pleaded guilty in a US court, and will be sentenced later this year. Tyler Buchanan pleaded guilty in a Florida court to conspiring with others to hack into companies’ computer systems with the intent of…CSOONLINE.COM
24 AprADT says customer data stolen in cyber intrusionThe home security company ADT said cybercriminals breached company systems on Monday and stole a “limited set” of customer and prospective customer information.THERECORD.MEDIA
24 AprADT confirms data breach after hacker claims 10 million records stolenThe American security company ADT has confirmed via a statement to CyberInsider a cybersecurity incident involving unauthorized access to a subset of customer data. The admission follows claims by the ShinyHunters extortion group that it breached the company and stole over 10 mil…CYBERINSIDER.COM
23 AprHow does AI change the economics of cybercrime?Robert (Bob) McArdle has spent two decades tracking cybercriminals - from ransomware groups to nation-state actors to financially motivated crime organizations. As a result, he has a front-row seat on how agentic AI is reshaping the threat landscape right now. In conversation wit…THECYBERWIRE.COM
23 AprCheckmarx KICS Docker Repo Hijacked in Malicious Code Injection AttackA massive software supply chain attack has targeted the official Checkmarx KICS (Keeping Infrastructure as Code Secure) Docker Hub repository. Discovered on April 22, 2026, by Docker and Socket, the compromise involves trojanized Docker images and malicious VS Code extensions des…GBHACKERS.COM
23 AprBreach SchoolWhat does it take to go from staring at forensic images to sitting across from a CEO whose company is on fire? ⁠Steve Elovitz⁠ has spent his entire career in the room when things go wrong. He started in forensics and eDiscovery at PwC, moved to Booz Allen doing government work, t…THECYBERWIRE.COM
23 AprXinference PyPI Breach Exposes Developers to Cloud Credential TheftA severe supply chain attack has compromised the popular Python package Xinference, exposing developers to massive data theft. Threat actors uploaded malicious versions of the tool to the Python Package Index (PyPI), embedding a heavily obfuscated infostealer into the code. Xinfe…GBHACKERS.COM
23 AprLazarus Lures Developers With Backdoored Coding TestsNorth Korea-linked hackers are using AI-assisted malware and backdoored coding challenges to quietly loot millions in cryptocurrency from Web3 developers. Expel assesses with high confidence that HexagonalRodent is a DPRK state-sponsored subgroup that likely evolved from fraudule…GBHACKERS.COM
23 AprMalicious npm Package Hijacks Hugging Face for Malware DeliveryMalicious npm package js-logger-pack is now abusing Hugging Face not just as a malware CDN, but also as a live exfiltration backend for stolen data, turning a popular AI platform into part of a full-featured cross‑platform implant chain. Earlier campaign phases already used Huggi…GBHACKERS.COM
23 AprRAMP Uncovered: Anatomy of Russia’s Ransomware MarketplaceLeaked data from RAMP reveals Russia’s ransomware ecosystem, analyzing 1,732 threads, 7,707 users, and 340,000 IP records from the forum. RAMP was not just another dark web forum. It was one of the clearest examples of how ransomware has become an organized marketplace, with sell…SECURITYAFFAIRS.COM
23 AprDiscord-Linked Group Accessed Anthropic’s Claude Mythos AI in Vendor Breachsubmitted by kid to cybersecurity 10 points | 0 comments https://hackread.com/discord-access-anthropic-claude-mythos-ai-breach/SH.ITJUST.WORKS
23 AprMost Serious Cyberattacks Against the UK Now From Russia, Iran and China, Cyber Chief Says - SecurityWeeksubmitted by kid to cybersecurity 4 points | 0 comments https://www.securityweek.com/most-serious-cyberattacks-against-the-uk-now-from-russia-iran-and-china-cyber-chief-says/SH.ITJUST.WORKS
23 AprBitwarden CLI Compromised in Ongoing Checkmarx Supply Chain CampaignBitwarden CLI has been compromised as part of the newly discovered and ongoing Checkmarx supply chain campaign, according to new findings from Socket. "The affected package version appears to be @bitwarden/cli@2026.4.0, and the malicious code was published in 'bw1.js,' a file inc…THEHACKERNEWS.COM
23 AprHow cyberattacks on companies affect everyoneWe look at how cybercrime targeting companies affects all of us, especially their customers.MALWAREBYTES.COM
23 AprBitwarden CLI backdoored in Checkmarx supply chain attackThe Bitwarden CLI has been compromised as part of the ongoing Checkmarx supply chain campaign, with attackers injecting malicious code into an official release through a poisoned CI/CD workflow. According to a brief report from the Socket Research Team, the compromised package is…CYBERINSIDER.COM
23 AprUNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW MalwareA previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a custom malware suite on compromised hosts. "As with many other intrusions in recent years, UNC6692 relied heavily on imperson…THEHACKERNEWS.COM
22 Apr&#x5b;Guest Diary&#x5d; Beyond Cryptojacking: Telegram tdata as a Credential Harvesting Vector, Lessons from a Honeypot Incident, (Wed, Apr 22nd)&#x5b;This is a Guest Diary by L. Carty, an ISC intern as part of the SANS.edu Bachelor&&#x23&#x3b;39&#x3b;s Degree in Applied Cybersecurity (BACS) program &#x5b;1].] ISC.SANS.EDU
22 AprExclusive Anthropic Cyber Tool Mythos Accessed by Unapproved ActorsA group of unauthorized users has successfully bypassed access controls to reach Claude Mythos Preview, Anthropic’s closely guarded cybersecurity AI. This breach highlights critical concerns about third-party vendor security and the severe risks posed by advanced offensive AI fal…GBHACKERS.COM
22 AprFrench Authorities Confirm Data Breach Amid Hackers’ Data Leak AllegationsThe French National Agency for Secure Documents (ANTS) has officially confirmed a severe data breach affecting its central government portal. This critical infrastructure system manages the issuance of national identity cards, passports, vehicle registration certificates, and dri…GBHACKERS.COM
22 AprFormer Ransomware Negotiator Pleads Guilty to Working For BlackCat Cyber GangA former ransomware negotiator has pleaded guilty to abusing his position by working with noted cybercrime group BlackCatINFOSECURITY-MAGAZINE.COM
22 AprRansomware Negotiator Pleads Guilty to BlackCat Schemesubmitted by kid to cybersecurity 1 points | 0 comments https://www.darkreading.com/insider-threats/ransomware-negotiator-pleads-guilty-blackcat-schemeSH.ITJUST.WORKS
22 AprUK cyber agency handling four major incidents a week as nation-state attacks surgeBritain's cybersecurity chief warned Tuesday that the country is handling four nationally significant cyber incidents every week, with the majority now traced back to hostile foreign governments rather than criminal hackers.THERECORD.MEDIA
22 AprFrench govt agency confirms breach as hacker offers to sell datasubmitted by kid to cybersecurity 3 points | 0 comments https://www.bleepingcomputer.com/news/security/french-govt-agency-confirms-breach-as-hacker-offers-to-sell-data/SH.ITJUST.WORKS
22 AprData Breaches at Healthcare Organizations in Illinois and Texas Affect 600,000 - SecurityWeeksubmitted by kid to cybersecurity 8 points | 0 comments https://www.securityweek.com/data-breaches-at-healthcare-organizations-in-illinois-and-texas-affect-600000/SH.ITJUST.WORKS
22 AprCosmetics giant Rituals confirms data breach of customer membership recordsThe cosmetics retailer, which counts 41 million customers in its membership data, declined to provide an accurate total number of customers affected.TECHCRUNCH.COM
22 AprFrench police arrest suspected hacker behind dozens of data breachesFrench authorities have arrested a suspected hacker believed to be behind dozens of data breaches targeting public institutions, sports federations and private organizations across the country.THERECORD.MEDIA
22 AprMalicious TikTok Downloader Extensions Quietly Compromised 130K UsersMalicious browser extensions disguised as TikTok downloaders compromised 130,000 users, exposing a growing blind spot in enterprise security. The post Malicious TikTok Downloader Extensions Quietly Compromised 130K Users appeared first on TechRepublic .TECHREPUBLIC.COM
22 AprFrance confirms data breach at government agency that manages citizens’ IDsThe French government agency that issues and manages national IDs, passports, and other documents, announced that hackers stole the personal information of an unspecified number of citizens.TECHCRUNCH.COM
22 AprSmashing Security podcast #464: Rockstar got hacked. The data was junk. The secrets it revealed were notA company that ran anonymous tip lines for 35,000 American schools - handling reports of bullying, weapons, and self-harm - boasted on its website that it had suffered zero security breaches in over 20 years. A hacker called Internet Yiff Machine thought that sounded like a chall…GRAHAMCLULEY.COM
21 Apr12 Fraudulent Browser Extensions Disguised as TikTok Downloaders Compromise 130K UsersLayerX security researchers have uncovered a massive, highly coordinated campaign involving at least 12 malicious browser extensions on the Google Chrome and Microsoft Edge marketplaces. Disguised as legitimate TikTok video downloaders, these extensions secretly track user activi…GBHACKERS.COM
21 AprGentlemen RaaS Hits Windows, Linux, and ESXi With New C-Based LockerGentlemen is a fast‑growing ransomware‑as‑a‑service (RaaS) operation now targeting Windows, Linux, NAS, BSD, and VMware ESXi with a new locker written in C for hypervisor environments. Its multi‑platform design and strong defense‑evasion features make it a high‑impact threat to c…GBHACKERS.COM
21 AprPureRAT Hides PE Payloads in PNGs for Fileless ExecutionA multi-stage PureRAT campaign that hides portable executable (PE) payloads inside PNG images and executes them almost entirely in memory, making detection and forensics significantly harder for defenders. The campaign combines steganography, PowerShell-based loaders, UAC bypass,…GBHACKERS.COM
21 AprUnchecked AI Agents Cause Cybersecurity Incidents at Two Thirds of FirmsData exposure, operational disruption and financial losses among issues faced by businesses struggling with the rapid rise of AI agents, warns Cloud Security Alliance reportINFOSECURITY-MAGAZINE.COM
21 Apr5 Places where Mature SOCs Keep MTTR Fast and Others Waste TimeSecurity teams often present MTTR as an internal KPI. Leadership sees it differently: every hour a threat dwells inside the environment is an hour of potential data exfiltration, service disruption, regulatory exposure, and brand damage.  The root cause of slow MTTR is almos…THEHACKERNEWS.COM
21 AprThe Gentlemen Ransomware Expands With Rapid Affiliate GrowthGentlemen RaaS expands quickly with multi-platform attacks and SystemBC-linked infectionsINFOSECURITY-MAGAZINE.COM
21 AprRansomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023A third individual who was employed as a ransomware negotiator has pleaded guilty to conducting ransomware attacks against U.S. companies in 2023. Angelo Martino, 41, of Land O'Lakes, Florida, teamed up with the operators of the BlackCat ransomware starting in April 2023 to assis…THEHACKERNEWS.COM
21 AprRansomware negotiator pleads guilty to helping ransomware gangA former employee of a cybersecurity firm pleaded guilty to aiding ransomware criminals to maximize their profits, with the goal of taking a cut of the ransom.TECHCRUNCH.COM
21 AprBreachLock Named Representative Vendor in the 2026 Gartner Market Guide for Adversarial Exposure ValidationNew York, United States, April 21st, 2026, CyberNewswire BreachLock, a global leader in offensive security, today announced it has been named a representative vendor in the 2026 Gartner Market Guide for Adversarial Exposure Validation.   This recognition marks the …GBHACKERS.COM
21 AprLawmakers ponder terrorism designations, homicide charges over hospital ransomware attacksThe ideas came up at a House Homeland Security Committee hearing, as health care ransomware attacks are on the rise. The post Lawmakers ponder terrorism designations, homicide charges over hospital ransomware attacks appeared first on CyberScoop .CYBERSCOOP.COM
21 AprSystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware OperationThreat actors associated with The Gentlemen ransomware‑as‑a‑service (RaaS) operation have been observed attempting to deploy a known proxy malware called SystemBC. According to new research published by Check Point, the command-and-control (C2 or C&C) server linked to SystemB…THEHACKERNEWS.COM
21 AprRansomware negotiator caught secretly assisting BlackCat extortion schemeAngelo Martino pleaded guilty to helping BlackCat ransomware group while acting as a ransomware negotiator. Another U.S. cybersecurity expert, Angelo Martino, admitted helping the BlackCat ransomware group while working as a ransomware negotiator. Angelo Martino (41) admitted hel…SECURITYAFFAIRS.COM
21 AprWeekly Update 500Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite Looking back at this milestone video, it's the audience question towards the end I liked most: "are you happy"? Charlott…TROYHUNT.COM
20 AprFake Helpdesk Attack Uses Teams and Quick Assist to Breach TargetsAttackers are increasingly abusing Microsoft Teams and Windows Quick Assist to run a helpdesk‑themed social engineering attack chain that leads to full enterprise compromise and stealthy data theft. By impersonating IT support and relying on legitimate tools and protocols, advers…GBHACKERS.COM
20 AprBritish Hacker Admits Stealing Millions in Virtual Currency From Targeted CompaniesA 24-year-old British national, Tyler Robert Buchanan, has pleaded guilty to orchestrating a massive cyberattack campaign that compromised over a dozen U.S. companies and resulted in the theft of at least $8 million in cryptocurrency. According to a Friday announcement from the U…GBHACKERS.COM
20 AprJanaWare Ransomware Hits Turkish Users via Tailored Adwind RATA newly analyzed ransomware campaign dubbed “JanaWare” is targeting users in Turkey by leveraging a customized version of the Adwind Remote Access Trojan (RAT). The campaign combines stealthy delivery techniques, geographic restrictions, and polymorphic malware to evade detection…GBHACKERS.COM
20 AprDFIR Report – The Gentlemen & SystemBC: A Sneak Peek Behind the ProxyKey Points The Gentlemen RaaS The Gentlemen ransomware‑as‑a‑service (RaaS) operation is a relatively new group that emerged around mid‑2025. The operators advertise their services across multiple underground forums, promoting their ransomware platform and inviting penetration tes…RESEARCH.CHECKPOINT.COM
20 AprBluesky blames app outage on ‘sophisticated’ DDoS attackThe decentralized social network said the incident began on April 15, when the company received reports of intermittent outages affecting the app.THERECORD.MEDIA
20 Apr20th April – Threat Intelligence ReportFor the latest discoveries in cyber research for the week of 20th April, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Booking.com, the Amsterdam-based travel platform, has confirmed a data breach after unauthorized parties accessed reservation data l…RESEARCH.CHECKPOINT.COM
20 AprCrypto infrastructure company blames $290 million theft on North Korean hackersA theft of nearly $300 million worth of cryptocurrency has been attributed to hackers from North Korea, as the industry grapples with the fallout of a wide-ranging incident involving multiple prominent platforms.THERECORD.MEDIA
20 AprScattered Spider member Tyler Buchanan pleads guilty to major crypto theftTyler Buchanan, linked to Scattered Spider, pleaded guilty in the US to hacking companies and stealing millions in cryptocurrency. Tyler Buchanan, a 24-year-old from Scotland linked to the Scattered Spider group, admitted in a US court that he hacked dozens of companies, committe…SECURITYAFFAIRS.COM
20 AprAmtrak Data Breach Exposes 2.1M Records, Reports Suggest Larger LeakAmtrak data breach exposes over 2.1 million customer records after CRM access. Learn what was leaked, risks, and steps users and IT teams should take now. The post Amtrak Data Breach Exposes 2.1M Records, Reports Suggest Larger Leak appeared first on TechRepublic .TECHREPUBLIC.COM
20 AprFrance’s ANTS ID System website hit by cyberattack, possible data breachA cyberattack hit France’s ANTS website, possibly exposing personal data from users applying for IDs, passports, and driver’s licenses. A cyberattack targeted France’s ANTS platform, which handles applications for passports, ID cards, residence permits, and driver’s licenses. Aut…SECURITYAFFAIRS.COM
19 AprCyber attacks fuel surge in cargo theft across logistics industryHackers infiltrate logistics firms to steal cargo and divert payments, cyberattacks are linked to organized crime and rising losses. Proofpoint researchers observed crooks targeting trucking and logistics companies, running coordinated remote access campaigns to steal cargo and d…SECURITYAFFAIRS.COM
19 AprCarnival Corporation probes data breach after claims of 8.7M records theftCarnival Corporation is investigating a potential data breach after the ShinyHunters extortion group claimed to have stolen millions of records and threatened to leak the data if its demands are not met. ShinyHunters listed Carnival Corporation on its “pay or leak” portal on Apri…CYBERINSIDER.COM
18 AprA new breed of RAT.Today we are joined by ⁠Dr. Darren Williams⁠, Founder and CEO of ⁠BlackFog⁠, to discuss his team's work on "Steaelite RAT Enables Double Extortion Attacks from a Single Panel." A new remote access trojan, Steaelite, is being marketed on underground forums as an all-in-one platfor…THECYBERWIRE.COM
18 Apr$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence ClaimsGrinex, a Kyrgyzstan-incorporated cryptocurrency exchange sanctioned by the U.K. and the U.S. last year, said it's suspending operations after it blamed Western intelligence agencies for a $13.74 million hack. The exchange said it fell victim to what it described as a large-scale…THEHACKERNEWS.COM
18 AprProaktive Ermittlungen gegen Cybercrime auf LandesebeneRansomware-Banden setzen auf KI und das Darknet, um kritische Infrastruktur zu treffen. Ermittler in Koblenz agieren zunehmend proaktiv.HEISE.DE
17 AprPayouts King Emerges: New Ransomware Operation Tied to Ex-BlackBasta MembersPayouts King is emerging as a technically sophisticated ransomware operation believed to be run by former BlackBasta affiliates, reusing their social‑engineering playbook while introducing hardened obfuscation and encryption routines. The group focuses on high‑value data theft an…GBHACKERS.COM
17 Apr108 Chrome extensions caught stealing user data and hijacking sessionssubmitted by beep to cybersecurity 1 points | 0 comments https://socket.dev/blog/108-chrome-ext-linked-to-data-exfil-session-theft-shared-c2 54 extensions steal Google account identity via OAuth2; 1 extension actively exfiltrates Telegram Web sessions every 15 seconds; 1 extensio…INFOSEC.PUB
17 Apr“Your shipment has arrived” email hides remote access softwareThis DHL-themed email tries to get recipients to install remote access software attackers can use to deploy further malware, including ransomware.MALWAREBYTES.COM
17 AprData breach at edtech giant McGraw Hill affects 13.5 million accountssubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/data-breach-at-edtech-giant-mcgraw-hill-affects-135-million-accounts/SH.ITJUST.WORKS
17 AprIndustrial Systems Hit by New Email-Worm Threat WaveEmail-borne worms are driving a fresh wave of incidents against industrial control systems (ICS), even as overall malware activity on these networks appears to be slowly declining. New data from Q4 2025 shows that phishing-driven distribution of the XWorm backdoor has sharply shi…GBHACKERS.COM
17 AprAmtrak data breach exposed information of 2.1 million accountsAmtrak is the latest organization to have a major dataset added to the Have I Been Pwned (HIBP) database, following claims by the ShinyHunters hacking group that it breached the US passenger rail service and exfiltrated millions of customer records. The development comes days aft…CYBERINSIDER.COM
17 AprAI Upgrades, Security Breaches, and Industry Shifts Define This Week in TechSee what you missed in Daily Tech Insider from April 13–17. The post AI Upgrades, Security Breaches, and Industry Shifts Define This Week in Tech appeared first on TechRepublic .TECHREPUBLIC.COM
17 AprMan who hacked US Supreme Court filing system sentenced to probationNicholas Moore hacked into three U.S. government networks using stolen credentials, and then bragged about it and posted victims' personal data on Instagram under the handle @ihackedthegovernment.TECHCRUNCH.COM
17 AprKyrgyzstan-based crypto exchange Grinex shuts down after $13.7M cyber heist, blames Western IntelligenceGrinex halted operations after a $13.7M hack, blaming Western intelligence. Stolen funds came from wallets of Russian users on the platform. Kyrgyz crypto exchange Grinex halted operations after a threat actor stole $13.7 million in a cyber attack that the company attributes to W…SECURITYAFFAIRS.COM
16 AprHow Nations Hack, Spy, and WinMost people think nation-state cyberattacks are unpredictable. Allie Mellen wrote the book that proves they’re not. ⁠Allie Mellen⁠ is the author of Code War: How Nations Hack, Spy, and Shape the Digital Battlefield and a leading industry analyst and former hacker. She advises Glo…THECYBERWIRE.COM
16 AprSweden reports cyberattack attempt on heating plant amid rising energy threatsSweden says a pro-Russian group attacked a heating plant in 2025. The failed cyberattack highlights growing threats to Europe’s energy infrastructure. Sweden has blamed a pro-Russian group linked to Russian intelligence for a failed cyberattack on a heating plant in 2025. Officia…SECURITYAFFAIRS.COM
16 AprBooking.com breach gives scammers what they need to target guestsGuest reservation data stolen from the booking giant can be used by scammers to impersonate hotels to steal payment and personal info.MALWAREBYTES.COM
16 AprMcGraw Hill data breach incident exposed 13.5 million accountsA data breach affecting education publisher McGraw Hill has resulted in the exposure of 13.5 million user records. The incident, which occurred earlier this month, has now been independently verified through analysis of the leaked dataset by Have I Been Pwned (HIBP). The breach f…CYBERINSIDER.COM
16 Apr[Webinar] Find and Eliminate Orphaned Non-Human Identities in Your EnvironmentIn 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities that nobody was watching. For every employee in your org, there are 40 to 50 automated credentials: serv…THEHACKERNEWS.COM
16 AprUAC-0247 Hits Hospitals, Governments With Browser and WhatsApp Data TheftA surge of targeted cyberattacks was detected against local governments and municipal healthcare institutions particularly clinical and ambulance hospitals. The campaign has been attributed to threat cluster UAC-0247, known for advanced data theft, persistence, and lateral moveme…GBHACKERS.COM
16 AprAutovista blames ransomware for service disruption • The Registersubmitted by kid to cybersecurity 2 points | 0 comments https://www.theregister.com/2026/04/15/automotive_data_biz_autovista_ransomwareSH.ITJUST.WORKS
16 Apr KEVCookeville hospital notifies 337K after hack​ | Cybernewssubmitted by kid to cybersecurity 1 points | 0 comments https://cybernews.com/news/cookeville-regional-medical-center-ransomware-337k-exposed/SH.ITJUST.WORKS
16 AprMalicious WordPress Plugins with Backdoors Compromise Thousands of WebsitesMore than 30 WordPress plugins were shut down after a supply-chain backdoor compromised thousands of sites through the Essential Plugin portfolio. The post Malicious WordPress Plugins with Backdoors Compromise Thousands of Websites appeared first on TechRepublic .TECHREPUBLIC.COM
16 Apr KEVCookeville Regional Medical Center hospital data breach impacts 337,917 peopleA ransomware attack on Cookeville Regional Medical Center hospital (Tennessee) exposed data of 337,000 people after hackers stole 500GB of sensitive information from its systems. A ransomware attack on Cookeville Regional Medical Center (CRMC) in Tennessee led to a major data bre…SECURITYAFFAIRS.COM
16 AprHere's What Agentic AI Can Do With Have I Been Pwned's APIsPresently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite I love cutting-edge tech, but I hate hyperbole, so I find AI to be a real paradox. Somewhere in that whole mess of overnight influencer…TROYHUNT.COM
15 Apr'Addicted to hacking': Young hacker behind historic breach speaks out for 1st time, before reporting to prisonsubmitted by monica_b1998 to cybersecurity 4 points | 0 comments https://abcnews.com/US/addicted-hacking-young-hacker-historic-breach-speaks-1st/story?id=131855776SH.ITJUST.WORKS
15 AprJanaWare Ransomware Hits Turkish Users via Customized Adwind RATA new ransomware campaign dubbed “JanaWare”, leveraging a customized variant of the Adwind remote access Trojan (RAT) to target users in Turkey. The malware exhibits polymorphic behavior, advanced obfuscation, and strict geofencing controls to restrict activity to Turkish systems…GBHACKERS.COM
15 AprNot All CISO Gigs Are Created Equal and RSAC Interviews from ESET and Mimecast - BSW #443So you want to be a CISO? Do you know what that role entails? It depends on a number of factors, including industry, country location, technical vs. business, and more. Each position is more different than you think. Joanna Chen, Chief Information Security Officer at Dashlane, jo…YOUTUBE.COM
15 AprTrusted WordPress Plugins Hijacked in 8-Month Stealth Backdoor CampaignHackers secretly planted a remote code-execution backdoor in more than 30 popular WordPress plugins, leaving it dormant for about 8 months before activating malware that rewrote wp-config.php and injected cloaked SEO spam at scale. The incident centers on “Essential Plugin,” a po…GBHACKERS.COM
15 AprComcast’s $117.5M Breach Settlement: Up to 30M People May QualifyComcast customers affected by the 2023 breach may qualify for cash, reimbursement, and identity protection under a proposed $117.5 million settlement. The post Comcast’s $117.5M Breach Settlement: Up to 30M People May Qualify appeared first on TechRepublic .TECHREPUBLIC.COM
15 Apr&#x5b;Guest Diary&#x5d; Compromised DVRs and Finding Them in the Wild, (Thu, Apr 16th)&#x5b;This is a Guest Diary by Alec Jaffe, an ISC intern as part of the SANS.edu Bachelor&&#x23&#x3b;39&#x3b;s Degree in Applied Cybersecurity (BACS) program &#x5b;1]. ISC.SANS.EDU
14 AprWeekly Update 499Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite I'm starting to become pretty fond of Bruce. Actually, I've had a bit of an epiphany: an AI assistant like Bruce isn't j…TROYHUNT.COM
14 AprOkta Under Attack as Hackers Skip Phishing for Identity SystemsHackers are shifting away from email phishing and are directly targeting Okta and other identity providers using voice‑based social engineering, or “Okta vishing.” This trend turns what used to be a single account compromise into an immediate, organization‑wide cloud data breach …GBHACKERS.COM
14 AprRockstar’s GTA Game Hacked, 78.6 Million Records Published OnlineRockstar Games has suffered a significant data breach after the infamous threat group ShinyHunters leaked over 78.6 million internal records on April 14, 2026. The incident did not involve a direct attack on Rockstar’s primary network infrastructure. Instead, the hackers executed…GBHACKERS.COM
14 AprIs Booking.com compromised ?submitted by ecards to cybersecurity 6 points | 3 commentsSH.ITJUST.WORKS
14 AprJanela RAT Spreads via Fake MSI Installers, Malicious ExtensionsJanela Remote Access Trojan (RAT) campaign using fake Windows MSI installers and malicious browser extensions to infiltrate financial networks and exfiltrate sensitive data. The latest Janela RAT samples are being distributed through public GitLab repositories, where attackers ho…GBHACKERS.COM
14 AprBooking.com breach sparks scam wave targeting travelers’ bookingssubmitted by kid to cybersecurity 1 points | 0 comments https://cybernews.com/news/booking-com-breach-phishing-travel-data-exposed/SH.ITJUST.WORKS
14 AprMirax Android RAT Hijacks Infected Phones as Residential ProxiesA new Android banking trojan called Mirax is rapidly gaining traction in the cybercrime ecosystem, combining powerful remote access features with residential proxy capabilities to turn victims’ smartphones into high-value infrastructure nodes. Mirax is marketed as a premium Andro…GBHACKERS.COM
14 AprEuropean Gym giant Basic-Fit data breach affects 1 million memberssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/european-gym-giant-basic-fit-data-breach-affects-1-million-members/SH.ITJUST.WORKS
14 AprThree Rowhammer attacks targeting GDDR6 | Kaspersky official blogGDDRHammer, GeForge, and GPUBreach: three new research papers on Rowhammer attacks with major security implications.KASPERSKY.COM
14 AprFrance builds its own digital future.France pushes digital sovereignty. Adobe rushes an Acrobat Reader patch. Booking.com confirms a targeted breach. SAP fixes a critical SQL injection bug. A sanctions-dodging fraud network resurfaces. ViperTunnel infiltrates U.S. and U.K. firms. GlassWorm spreads across developer t…THECYBERWIRE.COM
13 AprEDR Killers Broaden Ransomware Tactics, ESET WarnsRansomware gangs are rapidly expanding their use of EDR killers, moving beyond vulnerable drivers to a broader mix of scripts, anti‑rootkits, and driverless techniques. The company’s latest telemetry-backed study tracks almost 90 distinct EDR killers actively used in the wild. It…GBHACKERS.COM
13 AprAPT37 Uses Facebook, Telegram, and Trojanzied Installer in New Targeted CyberattackAPT37 is running a new targeted intrusion campaign that abuses Facebook, Telegram, and a tampered Wondershare PDFelement installer to gain stealthy access and exfiltrate sensitive data, likely from defense‑related targets. The operation shows a continued evolution of APT37’s soci…GBHACKERS.COM
13 AprOpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain IncidentOpenAI revealed a GitHub Actions workflow used to sign its macOS apps, which downloaded the malicious Axios library on March 31, but noted that no user data or internal system was compromised. "Out of an abundance of caution, we are taking steps to protect the proc…THEHACKERNEWS.COM
13 AprBasic-Fit Suffers Data Breach Affecting Millions Across Multiple NationsEuropean fitness operator Basic-Fit has confirmed a significant data breach affecting approximately one million members across its network. The incident heavily impacted users in the Netherlands, which accounted for 200,000 of the compromised accounts. This breach underscores the…GBHACKERS.COM
13 AprCPUID Hacked to Serve Trojanized CPU-Z and HWMonitor DownloadsDownload links were replaced by a Russian-speaking threat actor to distribute a recently emerged malware named STX RAT. The post CPUID Hacked to Serve Trojanized CPU-Z and HWMonitor Downloads appeared first on SecurityWeek .SECURITYWEEK.COM
13 AprHow to protect your privacy while using smart sex toys | Kaspersky official blogWe explore the risks of smart sex toys — from data breaches and tracking to vulnerabilities — and offer practical tips to keep your intimate life both private and secure.KASPERSKY.COM
13 AprNearly 4,000 US industrial devices exposed to Iranian cyberattackssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/nearly-4-000-us-industrial-devices-exposed-to-iranian-cyberattacks/SH.ITJUST.WORKS
13 AprOpenAI Impacted by North Korea-Linked Axios Supply Chain HackThe AI giant is taking action after determining that a macOS code signing certificate may have been compromised. The post OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack appeared first on SecurityWeek .SECURITYWEEK.COM
13 AprHacker Used Claude Code, GPT-4.1 to Exfiltrate Hundreds of Millions of Mexican Recordssubmitted by kid to cybersecurity 2 points | 0 comments https://hackread.com/hacker-claude-code-gpt-4-1-mexican-records/SH.ITJUST.WORKS
13 AprHack at Anodot leaves over a dozen breached companies facing extortionThe data breach at Anodot, which affects customers like Rockstar Games, is the latest hack aimed at stealing data from a large number of corporate giants.TECHCRUNCH.COM
13 AprBooking.com confirms hackers accessed customers’ dataThe travel giant notified customers that their personal data, including names, email addresses, and phone numbers, may have been accessed in a security incident.TECHCRUNCH.COM
13 AprRockstar Games receives “pay or leak” warning after cyberattacksubmitted by kid to cybersecurity 20 points | 1 comments https://www.helpnetsecurity.com/2026/04/13/rockstar-games-data-breach-shinyhunters/SH.ITJUST.WORKS
13 AprIran-linked group Handala claims to have breached three major UAE organizationsIran-linked group Handala claims to have breached three major UAE organizations, Dubai Courts, Dubai Land Department, and Dubai Roads & Transport Authority The group Handala claimed a major cyberattack against the UAE, targeting Dubai Courts Department, Dubai Land Department,…SECURITYAFFAIRS.COM
13 AprCPUID watering hole attack spreads STX RAT malwareThreat actors compromised the CPUID website and spread STX RAT through fake CPU-Z and HWMonitor downloads. Attackers breached the website CPUID and replaced download links for CPU-Z and HWMonitor with malicious files for several hours. Users who downloaded them got infected with …SECURITYAFFAIRS.COM
13 AprBooking.com Hack Exposes Customer Data, Sparks Travel Scam FearsBooking.com confirms a data breach that exposed traveler details, raising urgent concerns about highly targeted phishing scams and customer safety. The post Booking.com Hack Exposes Customer Data, Sparks Travel Scam Fears appeared first on TechRepublic .TECHREPUBLIC.COM
12 AprCPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor DownloadsUnknown threat actors compromised CPUID ("cpuid[.]com"), a website that hosts popular hardware monitoring tools like CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor, for less than 24 hours to serve malicious executables for the software and deploy a remote access trojan cal…THEHACKERNEWS.COM
12 AprHackers claim control over Venice San Marco anti-flood pumpsHackers breached Venice ’s San Marco flood system, claiming control of pumps and the ability to disable defenses and flood coastal areas. The technologies that govern the physical world are the quiet infrastructure of modern life. From energy grids to water systems, from factorie…SECURITYAFFAIRS.COM
12 AprCrime-as-a-Service: Regierung warnt vor hochprofessionellen kriminellen NetzenRansomware bis Gewalt auf Bestellung: Der Staat reagiert auf die Umwandlung krimineller Gruppen in arbeitsteilige Ökonomien, die ihre Taten online koordinieren.HEISE.DE
11 AprHWMonitor & CPU-Z users were exposed to malware through fake downloads after CPUID breachsubmitted by cm0002 to cybersecurity 1 points | 0 comments https://alternativeto.net/news/2026/4/hwmonitor-and-cpu-z-users-were-exposed-to-malware-through-fake-downloads-after-cpuid-breach/INFOSEC.PUB
11 AprSecurity PSA: Popular Tools CPU-Z and HWMonitor Were Briefly Compromisedsubmitted by nemeski to cybersecurity 1 points | 0 comments https://www.techpowerup.com/348138/security-psa-popular-tools-cpu-z-and-hwmonitor-were-briefly-compromisedSH.ITJUST.WORKS
10 AprBackdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend ServersUnknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoor. The incident impacts Smart Slider 3 Pro version 3.5.1.35 for WordPress, per WordPress security company Patchstack. Sm…THEHACKERNEWS.COM
10 AprIranian APT alert: 5,219 Rockwell PLCs exposed onlineCensys has warned that more than 5,000 Rockwell Automation/Allen-Bradley PLCs are currently exposed to the internet as Iranian-affiliated APT actors actively target these devices across U.S. critical infrastructure. The same operators were previously associated with a November 20…GBHACKERS.COM
10 AprMassive Data Breach Exposes 337K LAPD-Linked Recordssubmitted by kid to cybersecurity 4 points | 0 comments https://www.techrepublic.com/article/news-lapd-data-breach-337k-files-exposed/SH.ITJUST.WORKS
10 AprHealthcare IT solutions provider ChipSoft hit by ransomware attacksubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/healthcare-it-solutions-provider-chipsoft-hit-by-ransomware-attack/SH.ITJUST.WORKS
10 AprCryptocurrency ATM giant Bitcoin Depot reports $3.6 million stolen in cyberattack | The Record from Recorded Future Newssubmitted by kid to cybersecurity 3 points | 0 comments https://therecord.media/crypto-atm-bitcoin-depot-reports-cyberattackSH.ITJUST.WORKS
10 AprNearly 4,000 US industrial devices exposed to Iranian cyberattacksThe attack surface targeted by Iranian-linked hackers in cyberattacks against U.S. critical infrastructure networks includes thousands of Internet-exposed programmable logic controllers (PLCs) manufactured by Rockwell Automation. [...]BLEEPINGCOMPUTER.COM
10 AprCPUID hijacked to serve malware as HWMonitor downloadssubmitted by Deebster to cybersecurity 3 points | 0 comments https://www.theregister.com/2026/04/10/cpuid_site_hijacked/ CPUID has since confirmed the breach, pinning it on a compromised backend component rather than tampering with its software builds. “Investigations are still o…INFOSEC.PUB
10 AprVIP Credential Monitoring BlogExecutives and high-privilege users are prime targets for credential theft — and standard monitoring often misses them. Learn how VIP Credential Monitoring in Recorded Future Identity Intelligence protects your most sensitive accounts across work and personal email, and why detec…RECORDEDFUTURE.COM
9 AprShaky Ceasefire Unlikely to Stop Cyberattacks From Iran-Linked Hackers for LongHackers vowed to revive its efforts against America when the time was right — demonstrating how digital warfare has become ingrained in military conflict. The post Shaky Ceasefire Unlikely to Stop Cyberattacks From Iran-Linked Hackers for Long appeared first on SecurityWeek .SECURITYWEEK.COM
9 AprMicrosoft Confirms Windows 11 Update Breaks Start Menu SearchMicrosoft recently addressed a disruptive server-side flaw that completely disabled Start Menu search functionality for some Windows 11 23H2 users. The tech giant quickly acknowledged the incident and deployed an automatic fix behind the scenes. Because the repair happens directl…GBHACKERS.COM
9 AprHackers steal $3.6 million from crypto ATM giant Bitcoin DepotBitcoin Depot, which operates one of the largest Bitcoin ATM networks, says attackers stole $3.665 million worth of Bitcoin from its crypto wallets after breaching its systems last month. [...]BLEEPINGCOMPUTER.COM
9 Apr300,000 People Impacted by Eurail Data BreachIn December 2025, hackers stole names and passport numbers from the European travel company’s network. The post 300,000 People Impacted by Eurail Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
9 AprChina’s Tianjin Supercomputer Center Allegedly Hit in 10-Petabyte Data TheftA threat actor has allegedly executed one of the largest data heists in China’s history, siphoning an astounding 10 petabytes of highly classified information from the National Supercomputing Center (NSCC) in Tianjin. The stolen dataset reportedly includes sensitive defense…GBHACKERS.COM
9 AprFake Security Tool Spreads LucidRook in Taiwan CyberattacksHackers are using fake security tools and cleverly crafted phishing emails to secretly deploy a new malware family, LucidRook, against organizations in Taiwan. The campaign, tracked as UAT-10362, focuses on Taiwanese NGOs and likely universities and shows a high level of planning…GBHACKERS.COM
9 AprEurail says December data breach impacts 300,000 individualsEurail B.V., a European travel operator that provides digital passes covering 33 national railways, says attackers stole the personal information of over 300,000 individuals in a December 2025 data breach. [...]BLEEPINGCOMPUTER.COM
9 AprGoogle API Keys in Android Apps Expose Gemini Endpoints to Unauthorized AccessDozens of such keys can be extracted from apps’ decompiled code to gain access to all Gemini endpoints. The post Google API Keys in Android Apps Expose Gemini Endpoints to Unauthorized Access appeared first on SecurityWeek .SECURITYWEEK.COM
9 AprApple Intelligence AI Guardrails Bypassed in New AttackRSAC researchers hacked Apple Intelligence using the Neural Exect method and Unicode manipulation. The post Apple Intelligence AI Guardrails Bypassed in New Attack appeared first on SecurityWeek .SECURITYWEEK.COM
9 AprInvestigating Storm-2755: “Payroll pirate” attacks targeting Canadian employeesMicrosoft Incident Response – Detection and Response Team (DART) researchers observed an emerging, financially motivated threat actor, tracked as Storm-2755, compromising Canadian employee accounts to gain unauthorized access to employee profiles and divert salary payments to att…MICROSOFT.COM
9 AprEurail says December data breach impacts 300,000 individualssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/eurail-says-december-data-breach-impacts-300-000-individuals/SH.ITJUST.WORKS
9 AprProtecting Cookies with Device Bound Session CredentialsPosted by Ben Ackerman, Chrome team, Daniel Rubery, Chrome team and Guillaume Ehinger, Google Account Security team Following our April 2024 announcement , Device Bound Session Credentials (DBSC) is now entering public availability for Windows users on Chrome 146, and expanding t…SECURITY.GOOGLEBLOG.COM
8 AprSnowflake customers hit in data theft attacks after SaaS integrator breachsubmitted by return2ozma to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/snowflake-customers-hit-in-data-theft-attacks-after-saas-integrator-breach/SH.ITJUST.WORKS
8 AprMy Lovely AI - 106,271 breached accountsIn April 2026, the NSFW AI girlfriend platform My Lovely AI suffered a data breach that exposed over 100k users . The data included user-created prompts and links to the resulting AI-generated images, along with a small number of Discord and X usernames.HAVEIBEENPWNED.COM
8 AprFBI Takes Down Russian Campaign That Compromised Thousands of RoutersIn a major counter-cyberespionage action dubbed “Operation Masquerade,” the U.S. Justice Department and the FBI successfully neutralized a global network of compromised small office/home office (SOHO) routers. The infrastructure was controlled by Russia’s Main Intelli…GBHACKERS.COM
8 AprZero Trust Readiness and Two RSAC 2026 Interviews from Fenix24 and Absolute Security - BSW #442Autonomous AI agents are creating a new attack surface for enterprise security teams, particularly as organizations deploy agents for operational tasks such as customer support automation, data analysis, and incident response. How can we align our Zero Trust initiatives to also a…YOUTUBE.COM
8 AprHackers steal and leak sensitive LAPD police documentsThe LAPD said the breach affected “a digital storage system” belonging to the city’s Attorney's Office. The World Leaks extortion gang was reported to be behind the attack.TECHCRUNCH.COM
8 AprThousands of consumer routers hacked by Russia's militarysubmitted by supersquirrel to cybersecurity 2 points | 0 comments https://arstechnica.com/security/2026/04/russias-military-hacks-thousands-of-consumer-routers-to-steal-credentials/SH.ITJUST.WORKS
7 AprWeekly Update 498Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite This week, more time than I'd have liked to spend went on talking about the trials of chasing invoices. This is off the back of a …TROYHUNT.COM
7 AprGerman Police Unmask REvil Ransomware LeaderShchukin is accused of extorting more than $2 million as the head of the GandCrab and REvil ransomware operations. The post German Police Unmask REvil Ransomware Leader appeared first on SecurityWeek .SECURITYWEEK.COM
7 AprGPUBreach: Root Shell Access Achieved via GPU Rowhammer AttackResearchers have demonstrated that GPU Rowhammer attacks can be used to escalate privileges. The post GPUBreach: Root Shell Access Achieved via GPU Rowhammer Attack appeared first on SecurityWeek .SECURITYWEEK.COM
7 AprQilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Toolssubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2026/04/qilin-and-warlock-ransomware-use.htmlSH.ITJUST.WORKS
7 AprThe Hidden Cost of Recurring Credential IncidentsWhen talking about credential security, the focus usually lands on breach prevention. This makes sense when IBM’s 2025 Cost of a Data Breach Report puts the average cost of a breach at $4.4 million. Avoiding even one major incident is enough to justify most se…THEHACKERNEWS.COM
7 AprKubernetes Flaws Let Hackers Jump From Containers to Cloud AccountsHackers are increasingly abusing Kubernetes misconfigurations to jump from containers into high‑value cloud accounts, turning a single compromised pod into full cloud‑level access. This trend is accelerating rapidly, with Kubernetes‑related identity abuse and token-theft operatio…GBHACKERS.COM
7 AprNew GPUBreach attack enables system takeover via GPU rowhammersubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/new-gpubreach-attack-enables-system-takeover-via-gpu-rowhammer/SH.ITJUST.WORKS
7 AprThe dangers of telehealth: data breaches, phishing, and spam | Kaspersky official blogTelemedicine is a huge time-saver, but a leak of your medical records carries serious risks. We’re breaking down the threats, and sharing simple tips to keep your health data private.KASPERSKY.COM
7 AprGerman authorities identify REvil and GandCrab ransomware bossessubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/german-authorities-identify-revil-and-gangcrab-ransomware-bosses/SH.ITJUST.WORKS
7 AprAI for Human Risk Management Shift to Adaptive Behavior Based TrainingHuman risk management (HRM) focuses on one of the most persistent cybersecurity vulnerabilities: humans. Social engineering attacks that trick users into taking risky actions are a factor in 98% of cyberattacks not because they are technically complex, but because they manipulate…KNOWBE4.COM
7 AprRussia Hacked Routers to Steal Microsoft Office TokensHackers linked to Russia's military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon auth…KREBSONSECURITY.COM
7 AprSnowflake customers hit in data theft attacks after SaaS integrator breachOver a dozen companies have suffered data theft attacks after a SaaS integration provider was breached and authentication tokens stolen. [...]BLEEPINGCOMPUTER.COM
7 AprFBI: Americans lost a record $21 billion to cybercrime last yearU.S. victims lost nearly $21 billion to cyber-enabled crimes last year, driven primarily by investment scams, business email compromise, tech support fraud, and data breaches, the Federal Bureau of Investigation says. [...]BLEEPINGCOMPUTER.COM
7 AprSupport platform breach exposes Hims &amp; Hers customer dataHealthcare companies handle some of the most personal data imaginable, and that makes them a magnet for hackers.MALWAREBYTES.COM
6 AprThreat Actors Weaponize Fake Microsoft Teams Domains to Target UsersThreat actors associated with North Korea are deploying fake Microsoft Teams domains to conduct social engineering attacks and distribute malware. The threat group, identified as UNC1069, uses convincing meeting lures and compromised communication channels to target unsuspecting …GBHACKERS.COM
6 AprBKA Identifies REvil Leaders Behind 130 German Ransomware AttacksGermany's Federal Criminal Police Office (aka BKA or the Bundeskriminalamt) has unmasked the real identity of the main threat actors associated with the now-defunct REvil (aka Sodinokibi) ransomware-as-a-service (RaaS) operation. The threat actor, who went by the alias UNKN, func…THEHACKERNEWS.COM
6 AprQilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR ToolsThreat actors associated with Qilin and Warlock ransomware operations have been observed using the bring your own vulnerable driver (BYOVD) technique to silence security tools running on compromised hosts, according to findings from Cisco Talos and Trend&…THEHACKERNEWS.COM
6 AprAlleged REvil Leader ‘UNKN’ Identified by German Authorities in New Takedown EffortGerman authorities have officially put a face to one of the most notorious names in cybercrime. The German Federal Criminal Police (BKA) recently identified 31-year-old Russian national Daniil Maksimovich Shchukin as the man behind the hacker alias “UNKN.” According t…GBHACKERS.COM
6 AprDrift Protocol Hit in $286M Suspected North Korea-Linked Crypto HeistHackers have stolen approximately $286 million from Drift Protocol, a leading decentralized perpetual futures exchange on the Solana blockchain, in what security researchers believe may be a North Korea-linked cyberattack. The incident occurred on April 1, 2026, and is already be…GBHACKERS.COM
6 AprTrojanized PyPI AI Proxy Steals Claude Prompt, Exfiltrates DataA malicious PyPI package, hermes-px, that masquerades as a “Secure AI Inference Proxy” while secretly stealing user prompts and abusing a private university AI service. Marketed as an OpenAI-compatible, Tor-routed proxy requiring no API keys, the package actually hijacks a Tunisi…GBHACKERS.COM
6 AprWhy Simple Breach Monitoring is No Longer EnoughInfostealers are harvesting credentials and session cookies at scale, bypassing traditional defenses. Lunar explains why simple breach monitoring alone can't keep up with modern credential-based attacks. [...]BLEEPINGCOMPUTER.COM
6 AprSocial Engineering Fraud ExplodesSocial engineering is responsible for 98% of fraud attempts, increasingly powered by AI tools that scale attacks like sim farming and spoofing. Even savvy individuals can fall victim, leading to compromised access and payment fraud. How can individuals and organizations strengthe…YOUTUBE.COM
6 AprMulti-OS Cyberattacks: How SOCs Close a Critical Risk in 3 StepsYour attack surface no longer lives on one operating system, and neither do the campaigns targeting it. In enterprise environments, attackers move across Windows endpoints, executive MacBooks, Linux infrastructure, and mobile devices, taking advantage of the fact t…THEHACKERNEWS.COM
6 AprWhy Simple Breach Monitoring is No Longer Enoughsubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/why-simple-breach-monitoring-is-no-longer-enough/SH.ITJUST.WORKS
6 AprNew GPUBreach attack enables system takeover via GPU rowhammerA new attack, dubbed GPUBreach, can induce Rowhammer bit-flips on GPU GDDR6 memories to escalate privileges and lead to a full system compromise. [...]BLEEPINGCOMPUTER.COM
6 AprGerman authorities identify REvil and GangCrab ransomware bossesThe Federal Police in Germany (BKA) has identified two Russian nationals as the leaders of GandCrab and REvil ransomware operations between 2019 and 2021. [...]BLEEPINGCOMPUTER.COM
6 AprGerman authorities identify REvil and GandCrab ransomware bossesThe Federal Police in Germany (BKA) has identified two Russian nationals as the leaders of GandCrab and REvil ransomware operations between 2019 and 2021. [...]BLEEPINGCOMPUTER.COM
4 AprCrunchyroll - 1,195,684 breached accountsIn March 2026, the anime streaming service Crunchyroll suffered a data breach alleged to have impacted 6.8M users . The exposed data is reported to have originated from the company's Zendesk support system where "name, login name, email address, IP address, general geographic loc…HAVEIBEENPWNED.COM
4 AprHackers Launch Social Engineering Offensive Against Key Node.js MaintainersFollowing the high-profile supply chain compromise of the widely used Axios package, a highly coordinated social engineering campaign has been uncovered targeting top-tier Node.js and npm maintainers. Security researchers confirm that the Axios breach was part of a scalable opera…GBHACKERS.COM
4 AprEuropean Commission Confirms Data Breach Linked to Trivy Supply Chain AttackHackers stole over 300GB of data from the Commission’s AWS environment, including personal information. The post European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack appeared first on SecurityWeek .SECURITYWEEK.COM