🚨 CISA KEV 103[−]
11 Jun KEVCISA Directs Federal Agencies to Prioritize Security Patches Based on RiskThe new BOD 26-04 requires agencies to review and update vulnerability management policies with a focus on KEV catalog entries. The post CISA Directs Federal Agencies to Prioritize Security Patches Based on Risk appeared first on SecurityWeek .SECURITYWEEK.COM
11 Jun KEVTrolling Microsoft With Vulnerabilities - PSW #930In the security news: - Trolling Microsoft With Vulnerabilities - Fable 5 loves guardrails - Binwalk vulnerability - EMBA and local models - EDRChoker - AI worms - Interesting Arista vulnerability added to KEV - BOD 26-04 and stakeholder specific vulnerability categorization - Br…YOUTUBE.COM
11 Jun KEVCISA BOD 26-04: Frequently asked questions about the new risk-based patching directiveCISA issued BOD 26-04, which replaces BOD 22-01 with a four-variable vulnerability prioritization model requiring federal agencies to patch the most dangerous vulnerabilities in as few as three days. Key takeaways BOD 26-04 replaces BOD 22-01 with a four-variable risk model that …TENABLE.COM
10 Jun KEVCVE-2026-10520, CVE-2026-10523 - Multiple critical vulnerabilities affecting Ivanti SentryOverview On June 9, 2026, Ivanti published a security advisory for two critical vulnerabilities affecting Ivanti Sentry (formerly known as MobileIron Sentry), which per the vendor website is an “in-line gateway that manages, encrypts, and secures traffic between the mobile device…RAPID7.COM
10 Jun KEVCISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active ExploitationThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation. The list of vulnerabilities is as follows - CVE-2026-20245 (CVSS score: 7.8)…THEHACKERNEWS.COM
10 Jun KEVCISA tells agencies to patch smarter, not harder — foreshadowing broader industry practiceSecurity teams’ patching practices have come under intense pressure over the past year, as active exploitation is up, time-to-exploit windows are accelerating, and vulnerabilities have become attackers’ top initial access vector of choice. Last year, organizations fully remediate…CSOONLINE.COM
9 Jun KEVAI worm prototype shows attackers don’t need Mythos to take over your networkResearchers from the University of Toronto developed a computer worm prototype powered by an AI agent that successfully self-replicated to different systems within a simulated computer network. The worm used a free large language model (LLM) running on local hardware and exploite…CSOONLINE.COM
9 Jun KEVLiteLLM vulnerability under active attack, CISA warns (CVE-2026-42271)A command injection vulnerability (CVE-2026-42271) in BerryAI’s LiteLLM open-source AI gateway is being exploited by attackers, the US Cybersecurity and Infrastructure Security Agency (CISA) confirmed by adding the flaw to its Known Exploited Vulnerabilities catalog on Mond…HELPNETSECURITY.COM
9 Jun KEVMicrosoft’s June 2026 Patch Tuesday Addresses 198 CVEs ( CVE-2026-49160, CVE-2026-50507)32 Critical 166 Important 0 Moderate 0 Low Microsoft addresses 198 CVEs in the largest Patch Tuesday release, including three zero-days. Microsoft patched 198 CVEs in its June 2026 Patch Tuesday release, with 32 rated critical and 166 rated as important. Our counts omitted 6 CVEs…TENABLE.COM
9 Jun KEVPatch Tuesday - June 2026Microsoft is publishing 200 vulnerabilities on June 2026 Patch Tuesday . Microsoft is not aware of exploitation in the wild for any of these vulnerabilities, and is aware of public disclosure for three. This is similar to last month’s Patch Tuesday, however several of last month’…RAPID7.COM
8 Jun KEVCritical Check Point VPN Zero-Day Exploited in the Wild (CVE-2026-50751)Overview On June 8, 2026, Check Point published a security advisory for CVE-2026-50751 , a critical authentication bypass vulnerability affecting Check Point Remote Access VPN, Mobile Access, and Spark Firewall products. The vulnerability affects deployments configured to use the…RAPID7.COM
6 Jun KEVCISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV CatalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting SolarWinds Serv-U multi-protocol file server software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability…THEHACKERNEWS.COM
4 Jun KEVCISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV CatalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting Mirasvit Cache Warmer, a popular Magento full-page cache extension, to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the …THEHACKERNEWS.COM
4 Jun KEVThe June 2026 AI Executive Order: What federal agencies need to know and how Tenable can helpOn June 2, 2026, the White House signed an Executive Order directing federal agencies to harden their systems with AI-enabled cyber defenses and to stand up a new AI cybersecurity clearinghouse — most of it on a 30-day clock. Here’s what the EO requires and how Tenable can help. …TENABLE.COM
2 Jun KEVAttackers exploit Palo Alto GlobalProtect flaw days after disclosureA Palo Alto Networks vulnerability that allows attackers to establish unauthorized VPN access into corporate networks is being actively exploited in the wild, weeks after the company disclosed the flaw as a medium-severity issue and said it was unaware of any attacks. However, ac…CSOONLINE.COM
2 Jun KEVOracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active ExploitationThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw impacting Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. The vulnerability, CVE-2024-21182 (CVSS …THEHACKERNEWS.COM
2 Jun KEVTwo-year old Oracle WebLogic Server vulnerability is being exploitedUS federal government departments have been given until Thursday to patch a two-year old high severity vulnerability in Oracle WebLogic Server that could allow an unauthenticated attacker to access critical data. The vulnerability, CVE-2024-21182 , was added Monday to the Cyberse…CSOONLINE.COM
1 Jun KEVCISA adds critical Palo Alto Networks firewall flaw to KEV as company, researchers warn of exploitationThe vulnerability in a vital defensive technology creates serious risks for federal networks, CISA said.CYBERSECURITYDIVE.COM
27 May KEVInside the customer environment: Where threat actors, vulnerabilities, and exposed assets intersectTenable Research has developed a graph-based model linking 600+ threat groups to real-world customer exposures. It reveals which vulnerabilities sit at the intersection of severity, active exploitation, and organizational risk. Key takeaways The "patch everything" strategy is dea…TENABLE.COM
26 May KEVVulnerabilities have become cyber attackers’ No. 1 door to the enterprisePatching practices are coming under intense pressure of late, as time-to-exploit windows accelerate — a new reality likely to worsen as AI assistance in attack chains rises. Now cyber defenders have another cause for flaw alarm: Vulnerability exploitation has significantly pulled…CSOONLINE.COM
23 May KEVCISA to allow researchers to report vulnerabilities to exploited bugs catalogThe Cybersecurity and Infrastructure Security Agency (CISA) announced the creation of a nomination form on Thursday that they said enables “researchers, vendors, and industry partners” to report bugs that need to be added to the Known Exploited Vulnerabilities catalog.THERECORD.MEDIA
23 May KEVDrupal Core SQL Injection Bug Actively Exploited, Added to CISA KEVThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw impacting Drupal Core to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2026-908…THEHACKERNEWS.COM
22 May KEVCISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEVThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Langflow and Trend Micro Apex One to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities in question are list…THEHACKERNEWS.COM
22 May KEVCISA’s new KEV nomination form opens reporting to vendors and researchersThe Cybersecurity and Infrastructure Security Agency launched a new nomination form that lets researchers, vendors, and industry partners report known exploited vulnerabilities for possible inclusion in its KEV catalog. The form gives outside contributors a direct way to submit v…HELPNETSECURITY.COM
22 May KEVU.S. CISA adds Trend Micro Apex One and Langflow to its Known Exploited Vulnerabilities catalogU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Trend Micro Apex One and Langflow flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws …SECURITYAFFAIRS.COM
22 May KEVCISA Adds Langflow Origin Validation Flaw to Known Exploited Vulnerabilities CatalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Langflow vulnerability, tracked as CVE-2025-34291, to its Known Exploited Vulnerabilities (KEV) Catalog, highlighting active exploitation risks and urging immediate remediation. The vulnerabilit…GBHACKERS.COM
21 May KEVMicrosoft Defender vulnerabilities exploited in the wild (CVE-2026-41091, CVE-2026-45498)Attackers are exploiting two Microsoft Defender vulnerabilities (CVE-2026-41091 and CVE-2026-45498), Microsoft acknowledged and CISA confirmed by adding them to its Known Exploited Vulnerabilities catalog. The vulnerabilities CVE-2026-41091 allows for local privilege elevation (L…HELPNETSECURITY.COM
21 May KEVMini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaignA self-propagating worm has compromised more than 170 npm and PyPI packages, defeating provenance attestation and breaching OpenAI and Mistral AI. Here is what you need to know. Key takeaways Mini Shai-Hulud is a self-propagating worm by TeamPCP that steals developer and cloud cr…TENABLE.COM
21 May KEVMicrosoft Defender vulnerabilities are being exploited in the wildCISA added seven known exploited vulnerabilities to its KEV catalog, including two Microsoft Defender flaws.MALWAREBYTES.COM
21 May KEVU.S. CISA adds Microsoft and Adobe flaws to its Known Exploited Vulnerabilities catalogU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft and Adobe flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploi…SECURITYAFFAIRS.COM
19 May KEVKey findings from the Verizon DBIR 2026: Slower vulnerability remediation meets faster exploitationThe 2026 Verizon Data Breach Investigations Report (DBIR) reveals a troubling trend: vulnerability exploitation has surged to become the number one initial access vector while remediation rates have worsened. Key takeaways Vulnerability exploitation has surged to become the leadi…TENABLE.COM
16 May KEVU.S. CISA adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Exchange Server, tracked as CVE-202…SECURITYAFFAIRS.COM
15 May KEVCISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access ExploitsThe U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed vulnerability impacting Cisco Catalyst SD-WAN Controller to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remedi…THEHACKERNEWS.COM
15 May KEVCisco warns of an actively exploited SD-WAN flaw with max severityCisco has disclosed a max-severity authentication bypass vulnerability affecting its Catalyst SD-WAN Controller and Catalyst SD-WAN Manager platforms, warning that the flaw has already been found to be exploited in the wild. The disclosure follows an earlier authentication bypass…CSOONLINE.COM
15 May KEVCVE-2026-20182: Cisco Catalyst SD-WAN Auth Bypass Added to CISA KEVCVE-2026-20182: Cisco Catalyst SD-WAN Auth Bypass Added to CISA KEV Cisco has disclosed CVE-2026-20182, a critical authentication bypass affecting Cisco Catalyst SD-WAN Controller (formerly vSmart) and Cisco Catalyst SD-WAN Manager (formerly vManage). The flaw is in the peering a…SOCRADAR.IO
14 May KEVFragnesia (CVE-2026-46300): Frequently asked questions about new Linux Kernel XFRM ESP-in-TCP privilege escalationA new Linux kernel local privilege escalation exploit with a public proof-of-concept targets the same subsystem as Dirty Frag but requires a separate patch. Key Takeaways CVE-2026-46300 (Fragnesia) is the latest high severity local privilege escalation vulnerability in the Linux …TENABLE.COM
14 May KEVU.S. CISA adds a flaw in Cisco Catalyst SD-WAN to its Known Exploited Vulnerabilities catalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Cisco Catalyst SD-WAN to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Cisco Catalyst SD-WAN, tracked as CVE-2026-20182 …SECURITYAFFAIRS.COM
14 May KEVFrequently asked questions about the continued exploitation of Cisco Catalyst SD-WAN vulnerabilities (CVE-2026-20182)Multiple critical authentication bypass vulnerabilities in Cisco Catalyst SD-WAN Controller and Manager are under active exploitation by multiple threat clusters, including CVE-2026-20182, which has been exploited as a zero-day by a sophisticated threat actor. Key Takeaways CVE-2…TENABLE.COM
12 May KEVWhy patching SLAs should be the floor, not the strategyI’ve been a CISO for two separate companies, know several CISOs personally, and interact with many others through various cybersecurity forums. We all have one thing in common. We can tell you our patching SLA numbers off the top of our heads. Ninety-five percent of criticals clo…CSOONLINE.COM
12 May KEVHow Rapid7 is bringing Cyber GRC closer to security operationsSabeen Malik is VP, Global Government Affairs and Public Policy at Rapid7. ⠀ Security teams need a better way to connect what they detect, what they fix, and what they can prove. The pace of modern security operations no longer works in defenders’ favor. IBM’s Cost of a Data Brea…RAPID7.COM
11 May KEVU.S. CISA adds a flaw in BerriAI LiteLLM to its Known Exploited Vulnerabilities catalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in BerriAI LiteLLM to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in BerriAI LiteLLM, tracked as CVE-2026-42208 (CVSS score …SECURITYAFFAIRS.COM
8 May KEVYour refresh plan has a CVE blind spotThe conversation is straightforward, but the problem behind it is not. The customer bought servers in 2017 and typically refresh every five to six years. Generally, around the 2022 to 2023 timeframe, they would have looked to buy new. Historically, that is what would have happene…CSOONLINE.COM
8 May KEVCVE-2026-6973: Authenticated Admin RCE In Ivanti EPMM Added to CISA KEVCVE-2026-6973: Authenticated Admin RCE In Ivanti EPMM Added to CISA KEV Ivanti has patched CVE-2026-6973, a high-severity remote code execution (RCE) vulnerability affecting Ivanti Endpoint Manager Mobile (EPMM) on-prem deployments. The vulnerability has been exploited in the wil…SOCRADAR.IO
8 May KEVWhy the approaching flood of vulnerabilities changes everything — and what to do about itAI-driven discovery, NIST’s retreat from universal enrichment, and the end of “good enough” vulnerability management Key takeaways AI-driven discovery tools are accelerating CVE volume, resulting in an expected deluge of 59,000 disclosed vulnerabilities this year. NIST has…TENABLE.COM
8 May KEVDirty Frag (CVE-2026-43284, CVE-2026-43500): Frequently asked questions about this Linux kernel privilege escalation vulnerability chainWeeks after the Copy Fail vulnerability was revealed, a new Linux kernel escalation vulnerability has been uncovered. Dubbed “Dirty Frag,” this flaw could allow a local user to gain root access on affected Linux distributions. Public exploit code has been released prior to patche…TENABLE.COM
8 May KEVFive new holes, one exploited, found in Ivanti Endpoint Manager MobileThe five new vulnerabilities discovered in Ivanti’s on-premises mobile endpoint management solution are a “classic example of the legacy trap” that CSOs must avoid, says an expert. “Patch today to survive the weekend,” said Robert Enderle of the Enderle Group, “but start planning…CSOONLINE.COM
7 May KEVU.S. CISA adds a flaw in Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities catalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in the Palo Alto Networks PAN-OS, tracked as CVE-…SECURITYAFFAIRS.COM
7 May KEVU.S. CISA adds a flaw in Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities catalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in the Ivanti Endpoint Manager Mobile…SECURITYAFFAIRS.COM
5 May KEVCISA mulls new three-day remediation deadline for critical flawsExperts have mixed reactions to a report that the US Cybersecurity and Infrastructure Security Agency (CISA) is considering reducing the timeline in which government agencies must address critical vulnerabilities from two weeks to only three days. The current 14-day window applie…CSOONLINE.COM
4 May KEVU.S. CISA adds a flaw in Linux Kernel to its Known Exploited Vulnerabilities catalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Linux Kernel to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in the Linux Kernel, tracked as CVE-2026-31431 (CVSS score of …SECURITYAFFAIRS.COM
3 May KEVCISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEVThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed security flaw impacting various Linux distributions to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, t…THEHACKERNEWS.COM
3 May KEVU.S. CISA adds a flaw in WebPros cPanel to its Known Exploited Vulnerabilities catalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in WebPros cPanel to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Defender, tracked as CVE-2026-41940 (CVSS score…SECURITYAFFAIRS.COM
30 Apr KEVCopy Fail (CVE-2026-31431): Frequently asked questions about Linux kernel privilege escalation vulnerabilityA flaw in the Linux kernel present since 2017 allows a local user to gain root access on virtually every major Linux distribution. A public exploit is available and reported to work reliably. Key Takeaways CVE-2026-31431 is a high severity local privilege escalation vulnerability…TENABLE.COM
29 Apr KEVU.S. CISA adds Microsoft Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalogU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect f…SECURITYAFFAIRS.COM
29 Apr KEVCISA Adds Actively Exploited ConnectWise and Windows Flaws to KEVThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities are l…THEHACKERNEWS.COM
29 AprCISA adds Microsoft, ConnectWise vulnerabilities to active exploitation catalogRussia has used one of the flaws, security experts said, while North Korea has used the other.CYBERSECURITYDIVE.COM
27 Apr KEVAs the NVD scales back CVE enrichment, here’s what Tenable customers need to knowNIST’s shift toward selective CVE enrichment creates significant visibility gaps for teams relying solely on the National Vulnerability Database. As AI accelerates vulnerability disclosure rates, organizations need independent, high-fidelity intelligence to prioritize risks that …TENABLE.COM
27 Apr KEVTeamPCP Supply Chain Campaign: Update 008 - 26-Day Pause Ends with Three Concurrent Compromises (Checkmarx KICS, Bitwarden CLI Cascade, xinference PyPI), CanisterSprawl npm Worm Identified, and Tier 1 Coverage Returns, (Mon, Apr 27th)This update succeeds&#;x26;#;xc2;&#;x26;#;xa0; TeamPCP Supply Chain Campaign Update 007 , published April 8, 2026, which left the campaign in credential-monetization mode following the Cisco source code theft via Trivy-linke…ISC.SANS.EDU
26 Apr KEVSecurity Affairs newsletter Round 574 by Pierluigi Paganini – INTERNATIONAL EDITIONA new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. CISA adds SimpleHelp, Sa…SECURITYAFFAIRS.COM
25 Apr KEVCISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal DeadlineThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added four vulnerabilities impacting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X series routers to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.…THEHACKERNEWS.COM
25 Apr KEVU.S. CISA adds SimpleHelp, Samsung, and D-Link flaws to its Known Exploited Vulnerabilities catalogU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SimpleHelp, Samsung, and D-Link flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SimpleHelp, Samsung, and D-Link flaws to its Known Exploi…SECURITYAFFAIRS.COM
23 Apr KEVU.S. CISA adds a flaw in Microsoft Defender to its Known Exploited Vulnerabilities catalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Microsoft Defender to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Defender, tracked as CVE-2026-33825 (CVSS s…SECURITYAFFAIRS.COM
22 Apr KEVAnthropic bets on EPSS for the coming bug surgeAnthropic’s Mythos has intensified a problem that vulnerability management programs were already struggling to contain: too many vulnerabilities and not enough clarity about which ones matter. What changes with Mythos — and the AI-based class of vulnerability discovery systems it…CSOONLINE.COM
22 Apr KEVCISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlinessubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2026/04/cisa-adds-8-exploited-flaws-to-kev-sets.htmlSH.ITJUST.WORKS
21 Apr KEVCISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal DeadlinesThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including three flaws impacting Cisco Catalyst SD-WAN Manager, citing evidence of active exploitation. The list of vuln…THEHACKERNEWS.COM
21 Apr KEVU.S. CISA adds Cisco Catalyst, Kentico Xperience, PaperCut NG/MF, Synacor ZCS, Quest KACE SMA, and JetBrains TeamCity flaws to its Known Exploited Vulnerabilities catalogU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco Catalyst, Kentico Xperience, PaperCut NG/MF, Synacor ZCS, Quest KACE SMA, and JetBrains TeamCity flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency…SECURITYAFFAIRS.COM
21 Apr KEVTrust Lags Behind Technology.Anthropic’s Mythos proves irresistible despite claimed supply chain risks.Iran claims U.S. backdoors hit its networks. New Coast Guard rules target maritime OT security. A fresh NGate Android malware variant emerges. Thousands of ActiveMQ servers face active exploitation risk. CI…THECYBERWIRE.COM
17 Apr KEVApache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active ExploitationA recently disclosed high-severity security flaw in Apache ActiveMQ Classic has come under active exploitation in the wild, per the U.S. Cybersecurity and Infrastructure Security Agency (CISA). To that end, the agency has added the vulnerability, tracked as CV…THEHACKERNEWS.COM
17 Apr KEVU.S. CISA adds a flaw in Apache ActiveMQ to its Known Exploited Vulnerabilities catalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Apache ActiveMQ to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Apache ActiveMQ, tracked as CVE-2026-34197 (CVSS score o…SECURITYAFFAIRS.COM
15 Apr KEVRisky Business #833 -- The Great Mythos Freakout of 2026On this week’s show, Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover: Everyone has an opinion about Claude Mythos… even though almost nobody has used it yet CISA adds a 2009 Excel bug to the KEV list, u wot? Adobe also parties like it…RISKY.BIZ
15 Apr KEVU.S. CISA adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalogU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Laravel Livewire and …SECURITYAFFAIRS.COM
14 Apr KEVCISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe SoftwareThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2026-21643 (CVSS score: 9.1) …THEHACKERNEWS.COM
14 Apr KEVHow AI is transforming threat detectionArtificial intelligence is rapidly reshaping how security teams detect and hunt cyber threats by helping analyze vast volumes of security data, uncovering subtle signs of malicious activity, and identifying potential attacks faster than traditional tools or human analysts alone. …CSOONLINE.COM
14 Apr KEVU.S. CISA adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalogU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Laravel Livewire…SECURITYAFFAIRS.COM
14 Apr KEVClaude Mythos: Prepare for your board’s cybersecurity questions about the latest AI model from AnthropicWith the Federal Reserve Chairman meeting with bank CEOs to discuss the security implications of Claude Mythos, you can bet that your board of directors will ask you about the impact of the AI model on your cybersecurity strategy. Here’s how to prepare. Key takeaways Anthro…TENABLE.COM
13 Apr KEVCISA Adds Seven Known Exploited Vulnerabilities to CatalogCISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2012-1854 Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability CVE-2020-9715 Adobe Acrobat Use-After-Free Vulner…CISA.GOV
10 Apr KEVAnalysis of one billion CISA KEV remediation records exposes limits of human-scale securityAnalysis of 1 billion CISA KEV remediation records reveal a breaking point for human-scale security. Qualys shows most critical flaws are exploited before defenders can patch them. [...]BLEEPINGCOMPUTER.COM
10 Apr KEVBreaking the Patch Sound Barrier: Your Vulnerability Remediation Will Not Keep Up AI Exploit Speed.Breaking the Patch Sound Barrier: Your Vulnerability Remediation Will Not Keep Up AI Exploit Speed. So? Many years ago while at Gartner , I wrote a blog post where I defined the concept of the “Patch Sound Barrier.” ( original via Archive if you don’t believe that I was that smar…MEDIUM.COM
9 Apr KEVPatch windows collapse as time-to-exploit acceleratesThe gap between vulnerability disclosure and exploitation is drastically decreasing, putting security teams’ patching practices on notice. According to Rapid7’s latest Cyber Threat Landscape Report , confirmed exploitation of newly disclosed high- and critical-severity vulnerabil…CSOONLINE.COM
9 Apr KEVWhat to Know About CyberAv3ngers: The IRGC-Linked Group Targeting Critical InfrastructureAn Iran-affiliated threat group has evolved from defacing water utility displays to deploying custom ICS malware and exploiting Rockwell Automation PLCs across multiple U.S. critical infrastructure sectors. Key takeaways: CyberAv3ngers is a state-directed threat group operating u…TENABLE.COM
8 Apr KEVTeamPCP Supply Chain Campaign: Update 007 - Cisco Source Code Stolen via Trivy-Linked Breach, Google GTIG Tracks TeamPCP as UNC6780, and CISA KEV Deadline Arrives with No Standalone Advisory, (Wed, Apr 8th)This is the seventh update to the TeamPCP supply chain campaign threat intelligence report,&#;x26;#;xc2;&#;x26;#;xa0; "When the Security Scanner Became the Weapon" &#;x26;#;xc2;&#;x26…ISC.SANS.EDU
8 Apr KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-1340 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability This type of vulnerability is a frequent attack vector for malici…CISA.GOV
7 Apr KEVCISA Alerts Defenders to Actively Exploited Fortinet Zero-Day VulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical zero-day vulnerability in Fortinet products. The agency officially added the flaw to its Known Exploited Vulnerabilities (KEV) catalog on April 6, 2026, indicating that t…GBHACKERS.COM
6 Apr KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-35616 - Fortinet FortiClient EMS Improper Access Control Vulnerability This type of vulnerability is a frequent attack vector for malicio…CISA.GOV
6 Apr KEVCVE-2026-35616: Fortinet FortiClientEMS improper access control vulnerability exploited in the wildExploitation has been observed for CVE-2026-35616, a critical improper access control zero-day vulnerability affecting Fortinet FortiClientEMS devices. Key takeaways: CVE-2026-35616, an improper access control vulnerability, has been exploited in the wild as a zero-day. Pu…TENABLE.COM
3 Apr KEVCISA Includes TrueConf Security Flaw in KEV Catalog After Exploitation in the WildThe Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical security flaw affecting the TrueConf Client to its Known Exploited Vulnerabilities (KEV) catalog. This addition follows clear evidence that threat actors are actively exploiting the bug in…GBHACKERS.COM
2 Apr KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-3502 TrueConf Client Download of Code Without Integrity Check Vulnerability This type of…CISA.GOV
1 Apr KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-5281 Google Dawn Use-After-Free Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses…CISA.GOV
31 Mar KEV5-month-old F5 BIG-IP DoS bug becomes critical RCE exploited in the wildA vulnerability misclassified five months ago as a denial-of-service issue in F5 BIG-IP Access Policy Manager (APM) turned out to be a critical pre-authentication remote code execution flaw that is now under active exploitation. Hackers are using it to deploy a persistent malware…CSOONLINE.COM
30 Mar KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-3055 Citrix NetScaler Out-of-Bounds Read Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors …CISA.GOV
28 Mar KEVCISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM ExploitationThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting F5 BIG-IP Access Policy Manager (APM) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is…THEHACKERNEWS.COM
27 Mar KEVCISA Adds Critical Aquasecurity Trivy Scanner Vulnerability to KEV CatalogThe Cybersecurity and Infrastructure Security Agency (CISA) has urgently added a critical flaw affecting Aquasecurity’s Trivy scanner to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2026-33634, this security weakness involves embedded malicious code that targ…GBHACKERS.COM
27 Mar KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-53521 F5 BIG-IP Remote Code Execution Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and…CISA.GOV
26 Mar KEVTeamPCP Supply Chain Campaign: Update 001 ? Checkmarx Scope Wider Than Reported, CISA KEV Entry, and Detection Tools Available, (Thu, Mar 26th)This is the first update to the TeamPCP supply chain campaign threat intelligence report, “When the Security Scanner Became the Weapon†(v3.0, March 25, 2026). That report covers the full campaign from the February 28 initial access through …ISC.SANS.EDU
26 Mar KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-33634 Aqua Security Trivy Embedded Malicious Code Vulnerability This type of vulnerability is a frequent attack vector for malicious cybe…CISA.GOV
25 Mar KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-33017 Langflow Code Injection Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses s…CISA.GOV
20 Mar KEVCISA Adds Five Known Exploited Vulnerabilities to CatalogCISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-31277 Apple Multiple Products Buffer Overflow Vulnerability CVE-2025-32432 Craft CMS Code Injection Vulnerability CVE-2025-43510 Apple…CISA.GOV
20 Mar KEVVulneratility-Lookup 4.2.0submitted by cm0002 to cybersecurity 3 points | 0 comments https://github.com/vulnerability-lookup/vulnerability-lookup/releases/tag/v4.2.0 It is our honour to announce the release of Vulnerability-Lookup 4.2.0 ! This version brings a large number of new CSAF-based vulnerability …INFOSEC.PUB
19 Mar KEVCISA Adds Exploited Zimbra Collaboration Suite Flaw to Warning ListThe Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting the Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog. Federal agencies and organizations using the platform must apply the nece…GBHACKERS.COM
19 Mar KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-20131 Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserializa…CISA.GOV
18 Mar KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-66376 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability This type of vulnerability is a frequent attack vector …CISA.GOV
18 Mar KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-20963 Microsoft SharePoint Deserialization of Untrusted Data Vulnerability This type of vulnerability is a frequent attack vector for mal…CISA.GOV
16 Mar KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-47813 Wing FTP Server Information Disclosure Vulnerability This type of vulnerability is a frequent attack vector for malicious cyb…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 2523[−]
13 JunCVE-2023-5678 Excessive time spent in DH check / generation with large Q parameter valueInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2026-47162 Vim: Vimscript Code Injection in netrw NetrwBookHistSave() via crafted directory nameInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2026-45445 AES-OCB IV Ignored on EVP_Cipher() PathInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2026-45447 Heap Use-After-Free in the PKCS7_verify() FunctionInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2026-42764 NULL Pointer Dereference in QUIC Server Initial Packet HandlingInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2026-34181 PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC KeysInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2026-52860 Vim: Arbitrary Code Execution via Python Omni-CompletionInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2026-52859 Vim: Out-of-bounds Read in Terminal Screen SnapshotInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2026-47167 Vim: Vimscript Code Injection in cucumber filetype plugin via crafted step-definition regexInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2026-52858 Vim: Arbitrary Code Execution via Python Omni-CompletionInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2026-44705 tmp: Path Traversal via unsanitized prefix/postfix enables directory escapeInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2026-34183 Unbounded Memory Growth in the QUIC PATH_CHALLENGE HandlerInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2026-34182 CMS AuthEnvelopedData Processing May Accept Forged MessagesInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2026-7383 Possible Heap Buffer Overflow in ASN.1 Multibyte String ConversionInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2026-42768 Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()Information published.MSRC.MICROSOFT.COM
13 JunCVE-2026-9076 Out-of-Bounds Read in CMS Password-Based DecryptionInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2026-45446 Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modesInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2026-42766 Possible NULL Dereference in Password-Based CMS DecryptionInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2026-42767 NULL Pointer Dereference in CRMF EncryptedValue DecryptionInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2026-42769 Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdateInformation published.MSRC.MICROSOFT.COM
13 JunCVE-2026-34180 Heap Buffer Over-read in ASN.1 Content ParsingInformation published.MSRC.MICROSOFT.COM
13 JunCritical Splunk Enterprise Flaw Lets Attackers Run Code Without AuthenticationSplunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution. The vulnerability, tracked as CVE-2026-20253, is rated 9.8 on the CVSS scoring system. …THEHACKERNEWS.COM
12 JunShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach UniversitiesThe ShinyHunters extortion crew exploited an unpatched flaw in Oracle PeopleSoft to break into enterprise systems, steal data, and demand payment to keep it private. The campaign hit universities hardest. Google's Mandiant attributes it to the group it tracks as UNC6240, and date…THEHACKERNEWS.COM
12 JunGoogle Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHuntersOracle has mitigated CVE-2026-35273, but it has not publicly confirmed the vulnerability’s in-the-wild exploitation. The post Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters appeared first on SecurityWeek .SECURITYWEEK.COM
12 JunCVE-2026-46643 Snappy: Binary path is never shell-escaped due to an inverted is_executable checkInformation published.MSRC.MICROSOFT.COM
12 JunCVE-2026-46683 Snappy: SSRF and local file read via the xsl-style-sheet optionInformation published.MSRC.MICROSOFT.COM
12 Jun KEVOracle PeopleSoft zero‑day fuels ShinyHunters extortion spreeA newly disclosed Oracle PeopleSoft zero-day became the weapon of choice in a recent ShinyHunters extortion campaign that primarily targeted universities and other educational institutes. Attackers exploited the critical remote code execution (RCE) flaw in PeopleSoft’s Environmen…CSOONLINE.COM
12 Jun KEVResearchers release details, PoC for exploited Check Point VPN flaw (CVE-2026-50751)WatchTowr researchers have disclosed a technical analysis and a “Detection Artefact Generator” for CVE-2026-50751, an authentication bypass flaw in Check Point’s Remote Access VPN and Mobile Access, which the vendor confirmed to be actively exploited. The attack…HELPNETSECURITY.COM
12 Jun KEVActive Exploitation of Oracle PeopleSoft Zero-Day (CVE-2026-35273)Overview On June 10, 2026, Oracle published a security alert for CVE-2026-35273 , a critical vulnerability in the Updates Environment Management component of PeopleSoft Enterprise PeopleTools. Oracle released an out-of-band patch the same day as the advisory, underscoring the urg…RAPID7.COM
12 JunGoogle warns of Oracle PeopleSoft attacks hitting universitiesGoogle's Mandiant and Google Threat Intelligence Group (GTIG) say the ShinyHunters extortion group exploited a critical Oracle PeopleSoft vulnerability as a zero-day to compromise education institutes. The activity, tracked as UNC6240, was observed between May 27 and June 9 and i…CYBERINSIDER.COM
11 JunMicrosoft Patches Exploited Exchange Server VulnerabilityThe company warned about zero-day attacks exploiting the Exchange Server vulnerability CVE-2026-42897 on May 14. The post Microsoft Patches Exploited Exchange Server Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
11 JunCVE-2026-11822 SQLite before 3.53.2 Memory Corruption in FTS5 ExtensionInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2026-42536 Apache HTTP Server: mod_xml2enc heap overflowInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2026-46433 lldpd: Heap OOB Read in VLAN Decapsulation memmoveInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2026-11824 SQLite before 3.53.2 Heap Buffer Overflow via FTS5 fts5ChunkIterateInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2026-10846 Insufficient verification that responses belong to a queryInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2026-48913 Apache HTTP Server: mod_http2 memory corruption when file handles exhaustedInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2026-44119 Apache HTTP Server: escalation of privilege through expressions in .htaccess in multiple modulesInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2026-43951 Apache HTTP Server: OOB Read in `merge_response_headers` can cause crashInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2026-29167 Apache HTTP Server: mod_ldap per-dir use-after-freeInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2026-42535 Apache HTTP Server: mod_dav_fs protected directory accessInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2026-44631 Apache HTTP Server: Heap Underflow in `ap_regname` via Signed Char OverflowInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2026-44186 Apache HTTP Server: Loop in `proxy_ftp_handler` in mod_proxy_ftpInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2026-34356 Apache HTTP Server: ProxyPassReverseCookieMap buffer overflowInformation published.MSRC.MICROSOFT.COM
11 JunCVE-2026-44185 Apache HTTP Server: Stack Buffer Over-Read in mod_ssl OCSP `send_request`Information published.MSRC.MICROSOFT.COM
11 JunCVE-2026-34355 Apache HTTP Server: mod_proxy_html buffer overflowInformation published.MSRC.MICROSOFT.COM
11 JunChina-linked recon botnet outpaces enterprise defensesA botnet made up of compromised small office and Internet of Things devices has grown into a larger reconnaissance network capable of rapidly identifying vulnerable internet-facing systems after public vulnerability disclosures, researchers said. The botnet, tracked by Lumen’s Bl…CSOONLINE.COM
11 Jun KEVOracle PeopleSoft servers under attack, Oracle pushes out-of-band security alertA zero-day vulnerability (CVE-2026-35273) in Oracle PeopleSoft PeopleTools is being exploited in the wild, Charles Carmakal, CTO at cybersecurity firm Mandiant, part of Google Cloud, warned today. The warning comes a day after Oracle published an out-of-band security alert about …HELPNETSECURITY.COM
11 JunOracle Addresses PeopleSoft Vulnerability Amid Reports of Zero-Day AttacksOracle has released a patch for CVE-2026-35273, but it has not said whether it’s a zero-day exploited in ShinyHunters attacks. The post Oracle Addresses PeopleSoft Vulnerability Amid Reports of Zero-Day Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
11 JunVU#862559: crypton-x509-validation Haskell libraries do not enforce X.509 NameConstraintsOverview A vulnerability has been discovered in the Haskell TLS software stack, commonly used by applications built in the Haskell programming language to securely connect to servers over the internet. Specifically, the libraries "crypton-x509-validation" fail to enforce a key se…KB.CERT.ORG
11 Jun KEVOracle mitigates PeopleSoft zero-day exploited in data theft attacksOracle is warning about a critical PeopleSoft Suite zero-day vulnerability tracked as CVE-2026-35273 that allows unauthenticated remote code execution, with the flaw actively exploited in ShinyHunter data theft attacks. [...]BLEEPINGCOMPUTER.COM
11 JunDrupal Core CVE-2026-9082 Active Exploitation Confirmed Within Days of DisclosureSensor Intel Series: June 2026 CVE TrendsF5.COM
10 Jun KEVAI Worms, Hacks, and Insurance ShiftsInstagram AI Support Hack Hits 20,225 Accounts; AI Worm 'Hades' Lies to Security Tools; Chrome Zero-Day Patch Host David Shipley reports Meta says 20,225 Instagram accounts were hijacked after an AI support tool was tricked into sending reset links to attacker-controlled emails, …CYBERSECURITYTODAY.LIBSYN.COM
10 JunCVE-2026-43059 Bluetooth: MGMT: Fix list corruption and UAF in command complete handlersInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46275 Bluetooth: hci_uart: fix UAFs and race conditions in close and init pathsInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46285 mtd: docg3: fix use-after-free in docg3_release()Information published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46280 lib: test_hmm: evict device pages on file close to avoid use-after-freeInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46282 iio: frequency: admv1013: fix NULL pointer dereference on strInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46312 media: videobuf2: Set vma_flags in vb2_dma_sg_mmapInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46301 spi: topcliff-pch: fix use-after-free on unbindInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46302 selinux: allow multiple opens of /sys/fs/selinux/policyInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46314 drm/v3d: Reject empty multisync extension to prevent infinite loopInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2025-71315 drm/vkms: Convert to DRM's vblank timerInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46296 spi: s3c64xx: fix NULL-deref on driver unbindInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46287 net: txgbe: fix RTNL assertion warning when remove moduleInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46299 hfsplus: fix held lock freed on hfsplus_fill_super()Information published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46321 tun: free page on short-frame rejection in tun_xdp_one()Information published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46319 net/sched: act_ct: Only release RCU read lock after ct_ftInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46324 netfilter: nf_tables: use list_del_rcu for netlink hooksInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46320 tap: free page on error paths in tap_get_user_xdp()Information published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46289 lib/scatterlist: fix length calculations in extract_kvec_to_sgInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46292 pmdomain: core: Fix detach procedure for virtual devices in genpdInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46274 io-wq: check that the predecessor is hashed in io_wq_remove_pending()Information published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46291 crypto: caam - guard HMAC key hex dumps in hash_digest_keyInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46293 clk: microchip: mpfs-ccc: fix out of bounds access during output registrationInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46306 flow_dissector: do not dissect PPPoE PFC framesInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46304 nvmet: avoid recursive nvmet-wq flush in nvmet_ctrl_freeInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46303 isofs: validate Rock Ridge CE continuation extent against volume sizeInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-49762 Unbounded integer parsing in the Version module enables CPU and memory exhaustion denial of serviceInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46322 tun: free page on build_skb failure in tun_xdp_one()Information published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46325 RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGE_SIZEInformation published.MSRC.MICROSOFT.COM
10 JunCVE-2026-46330 Revert "net/smc: Introduce TCP ULP support"Information published.MSRC.MICROSOFT.COM
10 Jun KEVMicrosoft feud escalates as researcher drops new Windows zero-dayThe long-running feud between Microsoft and security researcher Nightmare Eclipse has entered a new chapter. Eclipse, who has spent the past several months publicly releasing unpatched Windows vulnerabilities while sparring with Microsoft over vulnerability disclosure practices, …CSOONLINE.COM
10 Jun KEVCritical Ivanti Sentry flaw allows root-level remote code execution (CVE-2026-10520)Ivanti has patched two critical vulnerabilities (CVE-2026-10520 and CVE-2026-10523) in Ivanti Sentry and has urged customers to implement the fix right away. Though the vulnerabilities are not known to be actively exploited, security researchers have already released technical de…HELPNETSECURITY.COM
10 JunJune Patch Tuesday marks a ‘new normal’ with over 200 CVEs, 32 rated ‘critical’June’s Patch Tuesday security updates have arrived, with SAP fixing four critical vulnerabilities and Microsoft addressing over 200 CVEs. Microsoft’s to-do list includes fixes for three zero days, 32 patches rated as ‘critical’, and a batch of other high-risk vulnerabilities that…CSOONLINE.COM
10 JunIvanti, Fortinet, and SAP Release Patches for Multiple Critical VulnerabilitiesFortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure. The security flaw patched by Fortinet relates to a command injection vulnerability in FortiSand…THEHACKERNEWS.COM
10 JunUnpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCEA high-severity unpatched security flaw in Langflow, an open-source low-code platform to build artificial intelligence (AI) applications, has come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability in question is CVE-2026-5027 (CVSS sco…THEHACKERNEWS.COM
10 JunMicrosoft-signed UEFI bootloaders vulnerable to Secure Boot bypassMicrosoft has released security updates to address a Secure Boot bypass vulnerability affecting multiple Microsoft-signed UEFI shim bootloaders used by Linux distributions, recovery tools, and enterprise software. The flaw, tracked as CVE-2026-8863, could allow attackers to execu…CYBERINSIDER.COM
10 JunIvanti patches critical Sentry flaws that lead to full device takeoverIT software provider Ivanti fixed two vulnerabilities in Ivanti Sentry, a secure mobile gateway appliance formerly called MobileIron Sentry. The flaws could allow unauthenticated remote attackers to gain complete control of deployments. One of the vulnerabilities, CVE-2026-10523,…CSOONLINE.COM
10 JunPath traversal flaw in AI dev platform Langflow exploited in attacksAttackers are actively exploiting CVE-2026-5027, a high-severity path traversal vulnerability in the AI development platform Langflow, to write arbitrary files on exposed servers. [...]BLEEPINGCOMPUTER.COM
9 JunOne-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now PublicSecurity researchers have published a detailed, working exploit for a Linux kernel use-after-free that lets an unprivileged local user escalate to root and break out of a container. The flaw, CVE-2026-23111, sits in the kernel's nf_tables packet-filtering code and was patched ups…THEHACKERNEWS.COM
9 JunGoogle Patches 5th Chrome Zero-Day Exploited in 2026The vulnerability is tracked as CVE-2026-11645 and it was reported in late April by an anonymous researcher. The post Google Patches 5th Chrome Zero-Day Exploited in 2026 appeared first on SecurityWeek .SECURITYWEEK.COM
9 Jun KEVLiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCEThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity flaw impacting BerriAI LiteLLM to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-42271 (CVSS score: …THEHACKERNEWS.COM
9 JunCVE-2026-46250 MIPS: Work around LLVM bug when gp is used as global register variableInformation published.MSRC.MICROSOFT.COM
9 JunCVE-2026-11463 USCiLab Cereal Shared Pointer type confusionInformation published.MSRC.MICROSOFT.COM
9 JunCVE-2026-49975 Apache HTTP Server: mod_http2 denial of serviceInformation published.MSRC.MICROSOFT.COM
9 JunCVE-2026-40930 LIBPNG: Chunk smuggling in push-mode APNG parser via unconsumed chunk bodyInformation published.MSRC.MICROSOFT.COM
9 JunCVE-2026-10879 DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 bindersInformation published.MSRC.MICROSOFT.COM
9 JunCVE-2026-50256 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libxfont2 name length mismatchInformation published.MSRC.MICROSOFT.COM
9 JunCVE-2026-50262 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: out-of-bounds read/write in glx changedrawableattributesInformation published.MSRC.MICROSOFT.COM
9 JunCVE-2026-50260 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in freecounter()Information published.MSRC.MICROSOFT.COM
9 JunCVE-2026-50257 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in misyncdestroyfence()Information published.MSRC.MICROSOFT.COM
9 JunCVE-2026-50258 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb key types due to unchecked shift levelsInformation published.MSRC.MICROSOFT.COM
9 JunCVE-2026-50263 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free information disclosure in createsaverwindow()Information published.MSRC.MICROSOFT.COM
9 JunCVE-2026-46272 coresight: tmc-etr: Fix race condition between sysfs and perf modeInformation published.MSRC.MICROSOFT.COM
9 JunCVE-2026-50292 In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can inject udev properties leading to arbitrary root code executionInformation published.MSRC.MICROSOFT.COM
9 JunCVE-2026-50265 Rejected reason: This CVE ID was assigned as a duplicate of CVE-2026-50292Information published.MSRC.MICROSOFT.COM
9 JunCVE-2026-50261 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in syncchangecounter()Information published.MSRC.MICROSOFT.COM
9 JunCVE-2026-50259 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb setmap request via mapwidths indexingInformation published.MSRC.MICROSOFT.COM
9 Jun KEVGoogle Releases Patch for Chrome Vulnerability Exploited in the WildThe flaw, CVE-2026-11645, can allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML pageINFOSECURITY-MAGAZINE.COM
9 Jun KEVCheck Point warns of ransomware-linked attacks exploiting outdated VPN protocolCheck Point has issued emergency hotfixes for a pair of vulnerabilities affecting VPN deployments that still use the deprecated Internet Key Exchange version 1 (IKEv1) protocol, warning that one of the flaws is already being exploited in the wild. The more serious issue allows at…CSOONLINE.COM
9 Jun KEVGoogle patches Chrome zero-day exploited in the wild (CVE-2026-11645)Google has fixed 74 vulnerabilities in Chrome, including a high-severity zero-day (CVE-2026-11645) that has been exploited in the wild. “Google is aware that an exploit for CVE-2026-11645 exists in the wild,” the company said in a Monday security advisory. The fix has…HELPNETSECURITY.COM
9 JunWinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in UkraineTwo Russia-aligned cyber attack campaigns have continued to exploit a security flaw in WinRAR to target Ukrainian organisations, almost a year after patches for the vulnerability were released. The activity has been attributed by Trend Micro to Earth Dahu (aka Gamaredon) and SHAD…THEHACKERNEWS.COM
9 Jun KEVChrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch NowGoogle has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2026-11645 (CVSS score: 8.8), has been described as an out-of-bounds memory access in V8, Chrome'…THEHACKERNEWS.COM
9 JunRussian Attackers Weaponize WinRAR Flaw Against Ukrainian OrgsTwo separate campaigns target CVE-2025-8088, fixed last July, to conduct data theft and cyberespionage against military and government targets in Ukraine.DARKREADING.COM
9 JunVeeam Backup & Replication RCE Flaw Lets Domain Users Run Remote CodeVeeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote code execution. Tracked as CVE-2026-44963, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10.0. "A vulnerability allowing remote …THEHACKERNEWS.COM
9 JunVU#616257: Microsoft-signed UEFI shim bootloaders vulnerable to Secure Boot bypassOverview Microsoft-signed UEFI bootloaders of the open-source shim project, primarily from version 0.9 and earlier, were identified as vulnerable to Secure Boot bypass. To mitigate this risk, the affected bootloaders will be added to the Microsoft UEFI Forbidden Signature Databas…KB.CERT.ORG
8 Jun KEVCISA: Patch actively exploited SolarWinds Serv-U DoS vulnerability (CVE-2026-28318)A vulnerability (CVE-2026-28318) that can be exploited to crash SolarWinds Serv-U file transfer servers is being leveraged by attackers in the wild, the US Cybersecurity and Infrastructure Security Agency (CISA) confirmed on Friday. The agency has ordered US federal civilian agen…HELPNETSECURITY.COM
8 JunGoogle Protocol Buffers flaw turns schemas into shellsA widely used JavaScript implementation of Google’s Protocol Buffers format is placing too much trust in untrusted data, exposing affected applications to remote code execution and other attacks. Researchers at Cyera have disclosed six vulnerabilities affecting “ protobuf.js ,” a…CSOONLINE.COM
8 JunQilin ransomware affiliate exploited Check Point VPN zero-day (CVE-2026-50751)A Qilin ransomware affiliate is believed to be exploiting CVE-2026-50751, an authentication bypass vulnerability in Check Point VPN Remote Access and Mobile Access, the company announced on Monday. About CVE-2026-50751 Check Point Remote Access VPN enables and secures connections…HELPNETSECURITY.COM
8 Jun KEVCritical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 SetupsCheck Point has warned of active exploitation of a critical vulnerability impacting Remote Access VPN and Mobile Access deployments that are configured to use the deprecated IKEv1 key exchange protocol. The vulnerability, tracked as CVE-2026-50751 (CVSS score: 9.3), is a case of …THEHACKERNEWS.COM
8 Jun KEVAttackers exploiting unpatched Cisco SD-WAN flawCisco warns customers of an actively exploited high-severity vulnerability in Catalyst SD-WAN Manager, an enterprise network management system that has been targeted by hackers multiple times in the past. Located in the command-line interface, the flaw allows authenticated attack…CSOONLINE.COM
7 JunCVE-2026-42504 Quadratic complexity in WordDecoder.DecodeHeader in mimeInformation published.MSRC.MICROSOFT.COM
7 JunCVE-2026-50219 libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,Information published.MSRC.MICROSOFT.COM
7 JunCVE-2026-10722 cilium ebpf LoadCollectionSpec/LoadCollectionSpecFromReader btf.go loadRawSpec integer overflowInformation published.MSRC.MICROSOFT.COM
7 JunCVE-2026-43958 Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of serviceInformation published.MSRC.MICROSOFT.COM
7 JunCVE-2026-8643 pip can extract console_scripts and gui_scripts outside installation directoryInformation published.MSRC.MICROSOFT.COM
7 JunCVE-2026-42507 Arbitrary inputs are included in errors without any escaping in net/textprotoInformation published.MSRC.MICROSOFT.COM
7 JunCVE-2026-27145 Inefficient candidate hostname parsing in crypto/x509Information published.MSRC.MICROSOFT.COM
7 JunCVE-2026-11332 Ansible-core: argument injection in ansible-galaxy role install leads to arbitrary code executionInformation published.MSRC.MICROSOFT.COM
7 JunCVE-2026-37460 Missing input validation in the rfapiRibBi2Ri() function (rfapi_rib.c) of FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.Information published.MSRC.MICROSOFT.COM
7 JunCVE-2026-5419 Guntls: gnutls: information disclosure via timing side-channel in pkcs#7 padding removalInformation published.MSRC.MICROSOFT.COM
7 JunCVE-2026-8829 HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entitiesInformation published.MSRC.MICROSOFT.COM
7 JunCVE-2026-3276 Potential DoS via quadratic complexity in unicodedata.normalize()Information published.MSRC.MICROSOFT.COM
7 JunCVE-2026-7774 tarfile.data_filter path traversal bypass allows writing outside the extraction directoryInformation published.MSRC.MICROSOFT.COM
6 Jun KEVCisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch AvailableCisco has warned that a high-severity security flaw impacting Catalyst SD-WAN Manager has come under active exploitation. The vulnerability, tracked as CVE-2026-20245, carries a CVSS score of 7.8 out of a maximum of 10.0. It affects the following deployment types - On-Prem Deploy…THEHACKERNEWS.COM
6 JunCritical Everest Forms Pro flaw exploited to take over WordPress sitesHackers are actively exploiting a critical vulnerability (CVE-2026-3300) in the Everest Forms Pro plugin, which lets them take complete control of a WordPress website. [...]BLEEPINGCOMPUTER.COM
5 JunHackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over SitesThreat actors are actively exploiting a critical security flaw in Everest Forms Pro, a WordPress plugin with about 4,000 active installations, to execute arbitrary code, leading to a complete site compromise. The vulnerability in question is CVE-2026-3300 (CVSS score: 9.8), a rem…THEHACKERNEWS.COM
5 JunUS government report slams NIST for NVD backlogA report from the US Commerce department’s inspector general blames the National Institute of Standards and Technology (NIST) for the ever-growing backlog of vulnerabilities for inclusion in the National Vulnerability Database (NVD). But cybersecurity practitioners say that the b…CSOONLINE.COM
5 JunCisco warns of unpatched SD-WAN zero-day exploited in attacksOn Thursday, Cisco warned of a high-severity, unpatched zero-day in the Cisco Catalyst SD-WAN Manager (tracked as CVE-2026-20245) actively exploited in attacks enabling root privilege escalation. [...]BLEEPINGCOMPUTER.COM
5 JunCisco Warns of 7th SD-WAN Zero-Day Exploited in 2026The vulnerability is tracked as CVE-2026-20245 and it can allow arbitrary command execution as root, but no patch yet. The post Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026 appeared first on SecurityWeek .SECURITYWEEK.COM
5 JunCisco SD-WAN 0-day exploited, no patch available (CVE-2026-20245)A 0-day privilege escalation vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager that has yet to be patched by Cisco is being leveraged by attackers. “To exploit this vulnerability, an attacker must have netadmin privileges on an affected system. This would requ…HELPNETSECURITY.COM
5 JunClaude Code has an MCP security problem — and your developers are already using itClaude Code is Anthropic’s AI coding assistant — a command-line tool that developers are adopting fast. It connects to external services through Model Context Protocol, the standard that lets AI tools interact with Jira, Confluence, GitHub, databases and internal APIs. When a dev…CSOONLINE.COM
5 JunThreat Brief: Active Exploitation of PAN-OS CVE-2026-0257We include indicators of activity and mitigations for PAN-OS vulnerability CVE-2026-0257. The post Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257 appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
4 JunHugging Face Transformers RCE flaw enables stealthy compromise via AI model configsA high severity vulnerability in Hugging Face Transformers enables attackers to compromise systems that use the popular Python library to test and run AI models. The flaw impacts library versions that continue to be actively downloaded and comes at a time when attackers are incre…CSOONLINE.COM
4 JunHTTP/2’s speed abused to slow webserver performance in DoS attackSecurity researchers are warning of an issue with the default HTTP/2 configuration used by major web servers which reportedly survived more than a decade of human review before showing up in Codex-assisted analysis. A flaw in the handling of the HTTP/2 protocol made a denial-of-s…CSOONLINE.COM
4 JunCisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes PublicCisco has patched a bug in Unified Communications Manager that lets an unauthenticated attacker on the network write files to the box and, from there, climb to root. It is tracked as CVE-2026-20230, and proof-of-concept exploit code is already public. Cisco's PSIRT says it has no…THEHACKERNEWS.COM
4 JunSecurity Researchers Are Threat Actors - PSW #929This week in the security news: - Security Researchers Are Threat Actors according to Microsoft - Hands-free malicious firmware - If you've ever typed "ls" in Windows, this is for you - Cisco makes more patches, wants you to pay - Ambiguous Secure Boot bypass - Threat actors love…YOUTUBE.COM
3 Jun KEVGoogle June 2026 Android Update Patches 124 Flaws, One Actively ExploitedGoogle on Monday released patches for 124 security vulnerabilities impacting its Android operating system for the month of June 2026, including one high-severity flaw in the Framework component that has come under active exploitation. Tracked as CVE-2025-48595 (CVSS score: 8.4), …THEHACKERNEWS.COM
3 JunCVE-2025-4574 Crossbeam-channel: crossbeam-channel vulnerable to double free on dropInformation published.MSRC.MICROSOFT.COM
3 JunCVE-2019-11254 Kubernetes API Server denial of service vulnerability from malicious YAML payloadsInformation published.MSRC.MICROSOFT.COM
3 JunCVE-2023-1386 Qemu: 9pfs: suid/sgid bits not dropped on file writeInformation published.MSRC.MICROSOFT.COM
3 JunCVE-2026-33846 Gnutls: gnutls: denial of service via heap buffer overflow in dtls handshake fragment reassemblyInformation published.MSRC.MICROSOFT.COM
3 JunCVE-2026-44777 jq: stack overflow in module loading on mutual `include`Information published.MSRC.MICROSOFT.COM
3 JunCVE-2021-25740 Holes in EndpointSlice Validation Enable Host Network HijackInformation published.MSRC.MICROSOFT.COM
3 JunCVE-2013-1633 easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product.Information published.MSRC.MICROSOFT.COM
3 JunCVE-2025-1150 GNU Binutils ld libbfd.c bfd_malloc memory leakInformation published.MSRC.MICROSOFT.COM
3 JunCVE-2025-1180 GNU Binutils ld elf-eh-frame.c _bfd_elf_write_section_eh_frame memory corruptionInformation published.MSRC.MICROSOFT.COM
3 JunUnpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 HashesCybersecurity researchers have disclosed details of an unpatched issue that could be exploited to disclose a user's NTLMv2 hash to the attacker. Like in the case of CVE-2026-33829, which impacted the Windows Snipping Tool's ms-screensketch: URI handler, the newly flagged issue re…THEHACKERNEWS.COM
3 JunTenable CTO Q&A: C-suite views AI as massive threat, as cyber teams adopt exposure management to counter AI attacksTenable CTO Vlad Korsunsky talks about participating in the World Economic Forum’s Annual Meeting on Cybersecurity and Tenable’s EXPOSURE 2026 conference, where he talked with global leaders about new game-changing AI threats and the groundbreaking benefits of exposure management…TENABLE.COM
3 JunVerizon VoLTE network found missing IPsec protections for SIP signalingThe CERT Coordination Center (CERT/CC) has disclosed a security issue affecting Verizon's Voice over LTE (VoLTE) infrastructure, warning that SIP signaling traffic on the carrier's IP Multimedia Subsystem (IMS) network appears to lack IPsec integrity protection required by indust…CYBERINSIDER.COM
3 JunVU#595768: Securly Chrome Extension contains multiple weak encryption and access control vulnerabilitiesOverview Version 3.0.7 of the Securly Chrome Extension contains multiple vulnerabilities involving insecure data transmission, weak cryptography, and improper access control. These issues may expose sensitive filtering rules, enable the manipulation of downloaded configuration fi…KB.CERT.ORG
2 JunCVE-2026-10028 Glib-networking: infinite loop in glib-networking gnutls backend allows remote denial of service via circular certificate chainInformation published.MSRC.MICROSOFT.COM
2 JunCVE-2026-6324 Libsoup: libsoup: http request smuggling via unsigned to signed conversion errorInformation published.MSRC.MICROSOFT.COM
2 JunCVE-2026-48959 IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForwardInformation published.MSRC.MICROSOFT.COM
2 Jun KEVOracle WebLogic Vulnerability Exploited in the WildThe vulnerability is CVE-2024-21182 and it can be exploited without authentication to hack affected WebLogic servers. The post Oracle WebLogic Vulnerability Exploited in the Wild appeared first on SecurityWeek .SECURITYWEEK.COM
2 Jun KEVGoogle fixes actively exploited Android vulnerability (CVE-2025-48595)Google has announced the June 2026 Android security updates, which fix a bucketload of vulnerabilities, including a high-severity vulnerability (CVE-2025-48595) in the Android Framework that “may be under limited, targeted exploitation.” About CVE-2025-48595 CVE-2025-…HELPNETSECURITY.COM
2 JunVU#873170: Collibra Agent contains improper authentication and path traversal vulnerabilitiesOverview The Collibra Platform Agent contains vulnerabilities that can be chained by a remote, unauthenticated attacker to achieve remote code execution. An attacker can exploit these issues by uploading a crafted ZIP archive that writes attacker-controlled files to arbitrary loc…KB.CERT.ORG
2 Jun KEVAndroid June 2026 update patches actively exploited zero-dayGoogle has released the June 2026 Android security updates, addressing dozens of vulnerabilities across the mobile operating system, including a high-severity zero-day flaw that is under active, targeted exploitation. The update also fixes multiple critical privilege-escalation a…CYBERINSIDER.COM
2 JunVU#615987: Missing IPsec Integrity Protection for IMS SIP Signaling in Verizon VoLTE DeploymentsOverview VoLTE deployments on Verizon’s IMS network have historically lacked IPsec-based integrity protection for SIP signaling, contravening well-established requirements in 3GPP TS 33.203 and GSMA IR.92. As a result, SIP messages—including registration ( REGISTER ), call setup …KB.CERT.ORG
2 JunVU#265691: Appsmiths SQL Query autocomplete renderer contains a cross site scripting vulnerabilityOverview A stored cross-site scripting (XSS) vulnerability has been discovered in Appsmith, specifically in the CodeMirror based SQL query editor’s autocomplete renderer. CVE-2026-7299 has been assigned to track the vulnerability. An attacker with developer level access to a shar…KB.CERT.ORG
2 JunAndroid Update Patches Exploited Zero-Day, 123 Other VulnerabilitiesGoogle says the Android vulnerability CVE-2025-48595 has been exploited in limited, targeted attacks. The post Android Update Patches Exploited Zero-Day, 123 Other Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
2 JunPresident Trump picks housing director Bill Pulte to serve as acting DNI.Federal watchdog warns of management issues for NIST's NVD. Spanish National Police arrest suspect in government doxxing case.THECYBERWIRE.COM
2 JunGamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against UkraineThe Russian hacking group known as Gamaredon has been attributed to the continued exploitation of a WinRAR vulnerability to deliver multiple malware families aimed at data theft and propagation. Per Sekoia, the activity involves the weaponization of CVE-2025-8088, a path traversa…THEHACKERNEWS.COM
2 JunHP Poly VoIP vulnerability sets the stage for executive voice deepfakesHP has released patches for a critical buffer overflow vulnerability in multiple IP-enabled conference phones from its Poly Voice line. The flaw allows unauthenticated attackers to obtain root privileges on the underlying operating system, potentially enabling them to execute oth…CSOONLINE.COM
2 JunCritical Kirki flaw exploited to hijack WordPress admin accountsHackers are exploiting a critical privilege escalation vulnerability (CVE-2026-8206) in the Kirki plugin for WordPress to take over any user account, including those belonging to administrators. [...]BLEEPINGCOMPUTER.COM
1 Jun KEVMicrosoft Threatens Security Researcher | Palo Alto VPN Exploited | Google Insider Trading CaseMicrosoft's dispute with a former security researcher takes a dramatic turn as the company raises the possibility of criminal action over the publication of proof-of-concept code for unpatched zero-day vulnerabilities. David Shipley examines the escalating conflict between Micros…CYBERSECURITYTODAY.LIBSYN.COM
1 JunHackers are exploiting Palo Alto GlobalProtect VPN authentication bypass (CVE-2026-0257)Authentication bypass vulnerabilities (CVE-2026-0257) in Palo Alto Networks’ firewalls that the company disclosed on May 13 have been targeted in “limited exploit attempts”. “Across multiple customers, Rapid7 observed successful exploitation via authentica…HELPNETSECURITY.COM
1 JunRecent Palo Alto Networks Vulnerability Exploited for WeeksHackers began exploiting CVE-2026-0257, an authentication bypass in Palo Alto Networks PAN-OS, four days after public disclosure. The post Recent Palo Alto Networks Vulnerability Exploited for Weeks appeared first on SecurityWeek .SECURITYWEEK.COM
1 JunFlowise’s MCP implementation can run ghost commandsEnterprises using the lightweight, open-source Flowise platform to power self-hosted AI workloads have a new near-max severity issue to worry about. Researchers at Obsidian Security have detailed a one-click remote code execution (RCE) vulnerability affecting self-hosted Flowise …CSOONLINE.COM
1 JunHow NIST fumbled management of the National Vulnerability DatabaseA US federal watchdog has outlined how the National Institute of Standards and Technology (NIST) failed to effectively manage the growing backlog of unprocessed cybersecurity vulnerabilities in the National Vulnerability Database (NVD). How the NVD crisis unfolded The NVD was est…HELPNETSECURITY.COM
1 JunCVE-2026-0826: How an Old Bug Can Feed AI-Powered ImpersonationOne of the more persistent myths in security is that old bug classes become old problems. They don’t. They just show up in different places, under different conditions, and usually at the exact moment we’ve convinced ourselves not to pay attention to them. That’s part of what mak…RAPID7.COM
1 JunCVE-2026-0826: Critical unauthenticated stack buffer overflow in HP Poly VVX and Trio VoIP Phones (FIXED)Overview Rapid7 Labs conducted a zero-day research project against an HP Poly VVX 450 Voice over Internet Protocol (VoIP) phone. This research resulted in the discovery of a critical unauthenticated stack-based buffer overflow vulnerability, CVE-2026-0826. A remote attacker can l…RAPID7.COM
1 JunCritical Windows Netlogon Vulnerability in Attackers’ CrosshairsOrganizations are advised to patch CVE-2026-41089 as soon as possible, given its severity, the potential ongoing exploitation. The post Critical Windows Netlogon Vulnerability in Attackers’ Crosshairs appeared first on SecurityWeek .SECURITYWEEK.COM
1 Jun KEVWindows Netlogon RCE exploited, domain controllers at risk (CVE-2026-41089)CVE-2026-41089, a critical Windows Netlogon RCE flaw that allows remote code execution, is now actively exploited in the wild, the Centre for Cybersecurity Belgium (CCB) warned on Friday. About CVE-2026-41089 CVE-2026-41089 is a stack-based buffer overflow vulnerability in Window…HELPNETSECURITY.COM
1 JunVU#158530: PCTCore64.sys Windows kernel driver contains missing access control vulnerabilityOverview The PCTCore64.sys Windows kernel driver from PC Tools Internet Security exposes its \\.\PCTCoreDriver device interface with no access control, allowing any user-mode process to interact with the driver and invoke privileged IOCTL (I/O Control) commands. In a Bring Your O…KB.CERT.ORG
1 JunOracle’s first monthly patch release fixes 35 flaws, including 11 rated ‘critical’Oracle has released the first security fixes in its new monthly Critical Security Patch Update (CSPU) cycle, designed to address urgent vulnerabilities that can’t wait for the company’s quarterly patching. The initial batch addresses 35 flaws, including several for which exploit …CSOONLINE.COM
1 JunWP Maps Pro Vulnerability Exploited to Take Over WordPress SitesThe security defect (CVE-2026-8732) allows unauthenticated attackers to create administrative accounts on the affected installations. The post WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites appeared first on SecurityWeek .SECURITYWEEK.COM
1 JunInspector general finds NIST mistakes have made vulnerability database ineffectiveNIST’s National Vulnerability Database (NVD) backlog mushroomed from 13,000 unprocessed security vulnerabilities in February 2024 to more than 27,000 by the end of 2025, “undermining the NVD’s utility and public trust," according to an inspector general report.THERECORD.MEDIA
1 JunAttackers are exploiting Palo Alto Networks defect that initially flew under the radarThe escalated threat posed by the defect showcases how quickly a seemingly mild vulnerability can turn into an urgent warning. The post Attackers are exploiting Palo Alto Networks defect that initially flew under the radar appeared first on CyberScoop .CYBERSCOOP.COM
31 MayCVE-2025-15504 lief-project LIEF ELF Binary Parser.tcc parse_binary null pointer dereferenceInformation published.MSRC.MICROSOFT.COM
31 MayCVE-2024-36137 A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used.
Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to change the owner and permissions of a file.Information published.MSRC.MICROSOFT.COM
31 MayCVE-2026-46242 eventpoll: fix ep_remove struct eventpoll / struct file UAFInformation published.MSRC.MICROSOFT.COM
31 MayCVE-2026-42790 nameConstraints DNS bypass via subject CommonName fallback in public_key hostname verificationInformation published.MSRC.MICROSOFT.COM
31 MayCVE-2026-42012 Gnutls: gnutls: certificate validation bypass due to improper handling of uri and srv sansInformation published.MSRC.MICROSOFT.COM
31 MayCVE-2026-9804 Kubevirt: kubevirt: vmexport directory symlink escape enables exporter pod file readInformation published.MSRC.MICROSOFT.COM
31 MayCVE-2026-48864 Libsolv: heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page dataInformation published.MSRC.MICROSOFT.COM
31 MayCVE-2026-48962 IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output globInformation published.MSRC.MICROSOFT.COM
31 MayCVE-2026-40034 gitoxide - Command Injection via Partial .gitmodules Override in gix-submoduleInformation published.MSRC.MICROSOFT.COM
31 MayCVE-2026-40528 OpenSC < 0.27.0 Buffer Overrun in do_key_value() via profile.cInformation published.MSRC.MICROSOFT.COM
31 MayCVE-2026-40510 OpenSC < 0.27.0-rc1 Stack Buffer Overflow via piv_process_history() in card-piv.cInformation published.MSRC.MICROSOFT.COM
31 MayCVE-2026-42789 Non-CA certificate accepted as intermediate issuer in public_key path validationInformation published.MSRC.MICROSOFT.COM
31 MayCVE-2026-42013 Gnutls: gnutls: certificate validation bypass due to oversized subject alternative nameInformation published.MSRC.MICROSOFT.COM
31 MayCVE-2026-42015 Gnutls: gnutls: memory corruption due to off-by-one error in pkcs#12 bag handlingInformation published.MSRC.MICROSOFT.COM
31 MayCVE-2026-5260 Gnutls: gnutls: information disclosure via heap overread in rsa key exchangeInformation published.MSRC.MICROSOFT.COM
31 MayCVE-2026-7374 Kubevirt: kubevirt virt-handler: privilege escalation and node compromise via symlink following vulnerabilityInformation published.MSRC.MICROSOFT.COM
31 MayCVE-2025-15649 IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS dateInformation published.MSRC.MICROSOFT.COM
31 MayCVE-2026-44839 RabbitMQ: Unsanitized vhost names allow for XSS in management UIInformation published.MSRC.MICROSOFT.COM
30 MayPAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active ExploitationPalo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0257 (CVSS score: 7.8), refers to a case of authentication bypass that c…THEHACKERNEWS.COM
30 MayCVE-2026-41184 ServiceAccount token disclosure via install-cni container logsInformation published.MSRC.MICROSOFT.COM
30 MayPalo Alto GlobalProtect VPN auth bypass flaw now exploited in attacksPalo Alto Networks is warning that hackers are now exploiting a PAN-OS GlobalProtect authentication bypass flaw, tracked as CVE-2026-0257, in attacks attempting to breach corporate networks. [...]BLEEPINGCOMPUTER.COM
29 MayIBM and Red Hat want to become the ‘security clearinghouse’ for open source applications in the enterpriseOpen source code is everywhere in the enterprise; it’s estimated that upwards of 90% of Fortune 500 companies have it in their software supply chains. But open source code is notoriously rife with vulnerabilities, and identifying and patching those bugs can be an endless battle f…CSOONLINE.COM
29 MayCVE-2026-46219 spi: mpc52xx: fix use-after-free on unbindInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46214 vsock/virtio: fix accept queue count leak on transport mismatchInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46137 mptcp: pm: ADD_ADDR rtx: fix potential data-raceInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46186 Bluetooth: virtio_bt: validate rx pkt_type header lengthInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46172 ipv6: xfrm6: release dst on error in xfrm6_rcv_encap()Information published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46168 mptcp: fix scheduling with atomic in timestamp sockoptInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46163 wifi: b43legacy: enforce bounds check on firmware key index in RX pathInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46131 KVM: x86: check for nEPT/nNPT in slow flush hypercallsInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46110 net: stmmac: Prevent NULL deref when RX memory exhaustedInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46128 ipmi: Check event message buffer response for bad dataInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-42250 Off-by-One Leading to Out-of-Bounds Write in bzip2Information published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46191 fbcon: Avoid OOB font access if console rotation failsInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46159 btrfs: fix btrfs_ioctl_space_info() slot_count TOCTOU which can lead to info-leakInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46226 spi: fsl: fix controller deregistrationInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46165 openvswitch: vport: fix self-deadlock on release of tunnel portsInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46158 mptcp: pm: ADD_ADDR rtx: always decrease sk refcountInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46232 HID: playstation: Clamp num_touch_reportsInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46197 drm/amdkfd: validate SVM ioctl nattr against buffer sizeInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46220 drm/amdgpu/sdma4: replace BUG_ON with WARN_ON in fence emissionInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46107 dm-thin: fix metadata refcount underflowInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46176 RDMA/mlx5: Fix error path fall-through in mlx5_ib_dev_res_srq_init()Information published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46149 scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show()Information published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46208 batman-adv: stop tp_meter sessions during mesh teardownInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46116 xfrm: defensively unhash xfrm_state lists in __xfrm_state_deleteInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46225 spi: rspi: fix controller deregistrationInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46236 media: rc: xbox_remote: heed DMA restrictionsInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46164 btrfs: fix double free in create_space_info_sub_group() error pathInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46235 media: saa7164: add ioremap return checks and cleanupsInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46127 RDMA/ocrdma: Don't NULL deref uctx on errors in ocrdma_copy_pd_uresp()Information published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46177 ipmi: Add limits to event and receive message requestsInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46155 smb/client: fix out-of-bounds read in smb2_compound_op()Information published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46157 ALSA: pcm: oss: Fix data race at accessing runtime.oss.triggerInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46136 wifi: mt76: mt7921: fix a potential clc buffer length underflowInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46132 net: rtnetlink: zero ifla_vf_broadcast to avoid stack infoleak in rtnl_fill_vfinfoInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46170 mptcp: pm: ADD_ADDR rtx: free sk if lastInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46190 mtd: spi-nor: debugfs: fix out-of-bounds read in spi_nor_params_show()Information published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46230 drm/amdgpu/vcn3: Prevent OOB reads when parsing dec msgInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46175 f2fs: fix fsck inconsistency caused by FGGC of node blockInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46123 Bluetooth: virtio_bt: clamp rx length before skb_putInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46238 batman-adv: stop caching unowned originator pointers in BAT IVInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46120 ip6_gre: Use cached t->net in ip6erspan_changelink().Information published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46108 ipmi:si: Return state to normal if message allocation failsInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46152 wifi: mac80211: drop stray 'static' from fast-RX rx_resultInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46112 RDMA/hns: Fix unlocked call to hns_roce_qp_remove()Information published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46114 RDMA/rxe: Reject non-8-byte ATOMIC_WRITE payloadsInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46122 wifi: b43: enforce bounds check on firmware key index in b43_rx()Information published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46146 ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3()Information published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46125 wifi: mac80211: remove station if connection prep failsInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46227 sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALLInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46153 8021q: delete cleared egress QoS mappingsInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46150 fanotify: fix false positive on permission eventsInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46241 spi: mpc52xx: fix use-after-free on registration failureInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46147 KVM: arm64: Fix pin leak and publication ordering in __pkvm_init_vcpu()Information published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46135 nvmet-tcp: fix race between ICReq handling and queue teardownInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-42496 Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directoryInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46189 RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error pathInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-9538 Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar headerInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46199 drm/amdgpu/vcn4: Prevent OOB reads when parsing dec msgInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46151 usb: usblp: fix heap leak in IEEE 1284 device ID via short responseInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-42497 Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directoryInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46124 isofs: validate block number from NFS file handle in isofs_export_igetInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46106 eventfs: Hold eventfs_mutex and SRCU when remount walks eventsInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46181 RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event()Information published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46178 RDMA/mlx4: Fix resource leak on error in mlx4_ib_create_srq()Information published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46231 batman-adv: bla: put backbone reference on failed claim hash insertInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46200 spi: mpc52xx: fix controller deregistrationInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46209 drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs()Information published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46148 spi: microchip-core-qspi: control built-in cs manuallyInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46198 batman-adv: fix integer overflow on buff_posInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46111 Bluetooth: hci_conn: fix potential UAF in create_big_syncInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46195 smb: client: validate dacloffset before building DACL pointersInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46194 f2fs: fix node_cnt race between extent node destroy and writebackInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46109 usb: ulpi: fix memory leak on ulpi_register() error pathsInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46229 drm/amdkfd: Clear VRAM on allocation to prevent stale data exposureInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46173 exit: prevent preemption of oopsing TASK_DEAD taskInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46160 btrfs: fix missing last_unlink_trans update when removing a directoryInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46180 wifi: brcmfmac: Fix potential use-after-free issue when stopping watchdog taskInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46115 block: add pgmap check to biovec_phys_mergeableInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46185 smb/client: fix out-of-bounds read in symlink_data()Information published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46161 md/raid10: fix divide-by-zero in setup_geo() with zero far_copiesInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46212 batman-adv: bla: prevent use-after-free when deleting claimsInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46205 staging: media: atomisp: Disallow all private IOCTLsInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46171 riscv: kvm: fix vector context allocation leakInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46179 ASoC: SOF: Don't allow pointer operations on unconfigured streamsInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46196 tracepoint: balance regfunc() on func_add() failure in tracepoint_add_func()Information published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46143 ASoC: qcom: q6apm-lpass-dai: Fix multiple graph opensInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46133 RDMA/rxe: Reject unknown opcodes before ICRC processingInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46129 btrfs: fix double free in create_space_info() error pathInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46218 drm/amdgpu: Add bounds checking to ib_{get,set}_valueInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46204 drm/amdgpu/vcn4: Prevent OOB reads when parsing IBInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46233 batman-adv: bla: only purge non-released claimsInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46156 LoongArch: Fix potential ADE in loongson_gpu_fixup_dma_hang()Information published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46138 Bluetooth: hci_event: Fix OOB read and infinite loop in hci_le_create_big_complete_evtInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46187 wifi: rsi: fix kthread lifetime race between self-exit and external-stopInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46167 usb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctlInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46113 KVM: x86: Fix shadow paging use-after-free due to unexpected GFNInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46206 batman-adv: reject new tp_meter sessions during teardownInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46130 dm-verity-fec: fix reading parity bytes split across blocks (take 3)Information published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46119 libceph: Fix slab-out-of-bounds access in auth message processingInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46169 hfsplus: fix uninit-value by validating catalog record sizeInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46142 net: libwx: fix VF illegal register accessInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46121 mm/damon/sysfs-schemes: protect memcg_path kfree() with damon_sysfs_lockInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46144 RDMA/mana: Fix error unwind in mana_ib_create_qp_rss()Information published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46184 sound: ua101: fix division by zero at probeInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46174 x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cacheInformation published.MSRC.MICROSOFT.COM
29 MayCVE-2026-46193 xfrm: ah: account for ESN high bits in async callbacksInformation published.MSRC.MICROSOFT.COM
29 MayNotepad++ vulnerabilities could enable arbitrary code execution on Windows systemsTwo arbitrary code execution vulnerabilities in Notepad++ let local attackers run commands of their choice on Windows machines by tampering with the editor’s XML configuration files, with both flaws rated High at CVSS 7.8. The flaws, tracked as CVE-2026-48778 and CVE-2026-48800, …CSOONLINE.COM
29 MayNew infostealer reaches enterprise devices through FortiClient EMS vulnerabilityAttackers are delivering a broad-spectrum infostealer to enterprise computers by exploiting a known vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS). “The [malicious] payload was presented as a Fortinet endpoint update and executed through Fo…HELPNETSECURITY.COM
29 MayAttackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 ExploitAn unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network using a recently disclosed vulnerability. "The attacker compromi…THEHACKERNEWS.COM
29 MayFederal audit reveals NIST’s NVD is plagued by poor planning and duplicationA report from the Commerce Inspector General details how mismanagement allowed a backlog of 27,000 unprocessed security flaws to grow unchecked, while the agency duplicated work with a similar CISA program. The post Federal audit reveals NIST’s NVD is plagued by poor planni…CYBERSCOOP.COM
29 MayRapid7 Observed Exploitation of PAN-OS GlobalProtect Authentication Bypass Vulnerability (CVE-2026-0257)Overview On May 13, 2026, Palo Alto Networks published a security advisory for CVE-2026-0257, a medium severity authentication bypass affecting PAN-OS and Prisma Access when a specific configuration is present. Successful exploitation of this vulnerability allows a remote unauthe…RAPID7.COM
29 MayMetasploit Wrap Up 05/29/2026More Linux LPEs Hark the age of the Linux LPE has arrived. This week’s release follows up on recent work bringing new Linux LPEs to Metasploit users. Copy Fail seemed to have kicked off a trend of similar bugs and hot on its heels is Dirty Frag. Dirty Frag is actually two vulnera…RAPID7.COM
29 MayMicrosoft and security researcher’s dueling posts about cybersecurity disclosures get nastyMicrosoft and a prominent cybersecurity researcher have gotten into a very public and rather personal exchange of unpleasantries about what responsible cybersecurity disclosures should mean in 2026. A cybersecurity researcher going by the name Nightmare Eclipse, who has disclosed…CSOONLINE.COM
28 MayCVE-2026-46050 md/raid10: fix deadlock with check operation and nowait requestsInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46011 media: mtk-jpeg: fix use-after-free in release path due to uncancelled workInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45877 HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clientsInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45917 ipvs: do not keep dest_dst if dev is going downInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45841 netfilter: nfnetlink_osf: fix divide-by-zero in OSF_WSS_MODULOInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46062 ntfs3: fix integer overflow in run_unpack() volume boundary checkInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46005 xfs: fix a resource leak in xfs_alloc_buftarg()Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45930 net: mctp: ensure our nlmsg responses are initialisedInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46021 thermal: core: Fix thermal zone governor cleanup issuesInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46037 ipv4: icmp: validate reply type before using icmp_pointersInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46084 RDMA/mana_ib: Disable RX steering on RSS QP destroyInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46012 rxrpc: Fix memory leaks in rxkad_verify_response()Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46085 rxrpc: Fix rxkad crypto unalignment handlingInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46059 KVM: nSVM: Always use NextRIP as vmcb02's NextRIP after first L2 VMRUNInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46004 ALSA: caiaq: Handle probe errors properlyInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45901 netfilter: nf_tables: revert commit_mutex usage in reset pathInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46080 ocfs2: split transactions in dio completion to avoid credit exhaustionInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45894 iommu/vt-d: Clear Present bit before tearing down PASID entryInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45840 openvswitch: cap upcall PID array size and pre-size vport repliesInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46054 selinux: fix overlayfs mmap() and mprotect() access checksInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45991 udf: fix partition descriptor append bookkeepingInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46027 net/smc: avoid early lgr access in smc_clc_wait_msgInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46088 ALSA: control: Validate buf_len before strnlen() in snd_ctl_elem_init_enum_names()Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46051 md/raid5: fix soft lockup in retry_aligned_read()Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46018 ALSA: usb-audio: stop parsing UAC2 rates at MAX_NR_RATESInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45835 Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_new_connection_cb()Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45834 Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_state_change_cb()Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45944 iommu/vt-d: Clear Present bit before tearing down context entryInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45932 bpf: Fix tcx/netkit detach permissions when prog fd isn't givenInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45836 Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_get_sndtimeo_cb()Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45961 gfs2: fix memory leaks in gfs2_fill_super error pathInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-44844 eml_parser: Recursion DoS via nested message/rfc822 attachmentsInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45839 bpf: reject negative CO-RE accessor indices in bpf_core_parse_spec()Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45940 net: stmmac: fix oops when split header is enabledInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-44897 Mistune Heading ID Attribute Injection XSSInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45893 apparmor: Fix & Optimize table creation from possibly unaligned memoryInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45943 erofs: fix inline data read failure for ztailpacking pclustersInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46017 mm: fix deferred split queue races during migrationInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45897 netfilter: nft_counter: serialize reset with spinlockInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45997 scsi: sd: fix missing put_disk() when device_add(&disk_dev) failsInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45986 crypto: ccree - fix a memory leak in cc_mac_digest()Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-47104 libusb < 1.0.30 Out-of-Bounds Read in parse_iad_array()Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46047 net: qrtr: ns: Fix use-after-free in driver remove()Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45571 go-git: Crafted repositories may modify main and submodule .git directoriesInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45850 ipvs: skip ipv6 extension headers for csum checksInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46052 ceph: only d_add() negative dentries when they are unhashedInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46009 PCI: endpoint: pci-epf-ntb: Remove duplicate resource teardownInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46070 md/raid5: validate payload size before accessing journal metadataInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46043 RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcvInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45994 ibmasm: fix OOB reads in command_file_write due to missing size checksInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46069 wifi: mwifiex: fix use-after-free in mwifiex_adapter_cleanup()Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45859 netfilter: nfnetlink_queue: do shared-unconfirmed check before segmentationInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46032 KVM: nSVM: Triple fault if restore host CR3 fails on nested #VMEXITInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46101 netfilter: reject zero shift in nft_bitwiseInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46014 KVM: SVM: Add missing save/restore handling of LBR MSRsInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45845 net/sched: taprio: fix NULL pointer dereference in class dumpInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46086 net: bridge: use a stable FDB dst snapshot in RCU readersInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46065 fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_infoInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46098 net: caif: clear client service pointer on teardownInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45861 gfs2: Fix slab-use-after-free in qd_putInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46077 crypto: atmel-tdes - fix DMA sync directionInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46063 x86/shstk: Prevent deadlock during shstk sigreturnInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46056 Bluetooth: hci_event: fix potential UAF in SSP passkey handlersInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45956 drm/exynos: vidi: use priv->vidi_dev for ctx lookup in vidi_connection_ioctl()Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46068 crypto: nx - fix bounce buffer leaks in nx842_crypto_{alloc,free}_ctxInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45843 slip: bound decode() reads against the compressed packet lengthInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46024 libceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply()Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45963 ASoC: nau8821: Cancel delayed work on component removeInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45998 rxrpc: Fix potential UAF after skb_unshare() failureInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46023 dm mirror: fix integer overflow in create_dirty_log()Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45844 netfilter: arp_tables: fix IEEE1394 ARP payload parsingInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45892 ext4: drop extent cache after doing PARTIAL_VALID1 zerooutInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46022 misc: ibmasm: fix OOB MMIO read in ibmasm_handle_mouse_interrupt()Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46102 net: strparser: fix skb_head leak in strp_abort_strp()Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46016 remoteproc: xlnx: Only access buffer information if IPI is bufferedInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46000 rxrpc: Fix conn-level packet handling to unshare RESPONSE packetsInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2025-71305 drm/display/dp_mst: Add protection against 0 vcpiInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46006 drm/nouveau: fix u32 overflow in pushbuf reloc bounds checkInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46003 net: qrtr: ns: Limit the total number of nodesInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46048 ALSA: caiaq: fix usb_dev refcount leak on probe failureInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46002 ext2: reject inodes with zero i_nlink and valid mode in ext2_iget()Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46078 erofs: fix the out-of-bounds nameoff handling for trailing direntsInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46064 ibmasm: fix heap over-read in ibmasm_send_i2o_message()Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46075 crypto: atmel-sha204a - Fix potential UAF and memory leak in remove pathInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45973 RDMA/mlx5: Fix UMR hang in LAG error state unloadInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45838 bpf: fix end-of-list detection in cgroup_storage_get_next_key()Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45899 ext4: drop extent cache when splitting extent failsInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46071 KVM: nSVM: Avoid clearing VMCB_LBR in vmcb12Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46049 ALSA: ctxfi: Add fallback to default RSR for S/PDIFInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46066 ceph: fix num_ops off-by-one when crypto allocation failsInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45989 of: unittest: fix use-after-free in testdrv_probe()Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45855 ata: libata-scsi: avoid Non-NCQ command starvationInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46058 media: amphion: Fix race between m2m job_abort and device_runInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46031 net: ks8851: Reinstate disabling of BHs around IRQ handlerInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45912 ext4: don't cache extent during splitting extentInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45999 erofs: fix unsigned underflow in z_erofs_lz4_handle_overlap()Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-44896 Mistune: XSS via unescaped figclass/figwidth in Figure directiveInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46091 media: rc: igorplugusb: heed coherency rulesInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45958 drm/exynos: vidi: fix to avoid directly dereferencing user pointerInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45846 bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst()Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-44899 Mistune Image Directive CSS Injection VulnerabilityInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46089 zram: do not forget to endio for partial discard requestsInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46033 crypto: authencesn - reject short ahash digests during instance creationInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46046 ext4: fix missing brelse() in ext4_xattr_inode_dec_ref_all()Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-23679 libusb < 1.0.30 NULL Pointer Dereference in parse_interface()Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45570 go-git: Improper single-quote escaping in go-git SSH transportInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46038 net: qrtr: ns: Free the node during ctrl_cmd_bye()Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46040 inotify: fix watch count leak when fsnotify_add_inode_mark_locked() failsInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45988 rxrpc: Fix re-decryption of RESPONSE packetsInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45942 ext4: fix e4b bitmap inconsistency reportsInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46019 crypto: atmel-aes - Fix 3-page memory leak in atmel_aes_buff_cleanupInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46092 wifi: rtw88: check for PCI upstream bridge existenceInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45842 slip: reject VJ receive packets on instances with no rstate arrayInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45949 hwrng: core - use RCU and work_struct to fix race conditionInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46072 ntfs3: add buffer boundary checks to run_unpack()Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46079 rbd: fix null-ptr-deref when device_add_disk() failsInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46099 net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnelsInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46083 spi: fix resource leaks on device setup failureInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45987 KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46015 tcp: call sk_data_ready() after listener migrationInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45858 ext4: don't zero the entire extent if EXT4_EXT_DATA_PARTIAL_VALID1Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45934 btrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocationInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46090 ALSA: aloop: Fix peer runtime UAF during format-change stopInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46082 KVM: SVM: Inject #UD for INVLPGA if EFER.SVME=0Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-45993 LoongArch: Add spectre boundry for syscall dispatch tableInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46026 net: qrtr: ns: Limit the maximum number of lookupsInformation published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46076 KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1Information published.MSRC.MICROSOFT.COM
28 MayCVE-2026-46094 ext4: fix bounds check in check_xattrs() to prevent out-of-bounds accessInformation published.MSRC.MICROSOFT.COM
28 MayGlassWorm falls, but the repo problem is far from solvedTaking down a sprawling malware operation once signaled progress in securing the open-source ecosystem. Now, it barely registers. The GlassWorm campaign disruption comes at a moment when attackers can quickly reconstitute, and defenders are increasingly grappling with a new chall…CSOONLINE.COM
28 MayAuthenticated RCE via Argument Injection in Gogs (NOT FIXED)Overview Rapid7 Labs discovered a critical argument injection ( CWE-88 ) vulnerability in Gogs , a popular open-source self-hosted Git service. Rapid7 Labs scores this vulnerability as CVSSv4 9.4 (Critical). The vulnerability allows any authenticated user to achieve remote code e…RAPID7.COM
28 MayVU#780781: Casdoor contains multiple authentication bypass and access management vulnerabilitiesOverview Casdoor versions 2.362.0 and earlier contain several identity and access management vulnerabilities that enable broad authentication bypass and privilege escalation. These flaws relate to Casdoor’s Security Assertion Markup Language (SAML) processing, account binding, an…KB.CERT.ORG
28 MayHackers exploit FortiClient EMS flaw to push infostealer malwareHackers are exploiting an authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS) to deliver an undocumented credential stealer called EKZ. [...]BLEEPINGCOMPUTER.COM
27 May KEVCISA Orders Emergency Drupal Patch | Microsoft Server Bug | Google Fights Canada Surveillance BillCISA has ordered U.S. federal civilian agencies to urgently patch an actively exploited critical Drupal SQL injection vulnerability (CVE-2026-9082) affecting PostgreSQL-backed Drupal deployments, after Imperva reported more than 15,000 attack attempts across 65 countries. Microso…CYBERSECURITYTODAY.LIBSYN.COM
27 MayCVE-2026-43503 net: skbuff: propagate shared-frag marker through frag-transfer helpersInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-46300 net: skbuff: preserve shared-frag marker during coalescingInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-41401 libyang - Heap Use-After-Free Write in XML Metadata ParsingInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/htmlInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-39824 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windowsInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/htmlInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/htmlInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/htmlInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-39829 Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/sshInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-39830 Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/sshInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-46597 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/sshInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-39831 Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/sshInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/sshInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/sshInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-39834 Invoking infinite loop on large channel writes in golang.org/x/crypto/sshInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/sshInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agentInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-46595 Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/sshInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-39833 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agentInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-42508 Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhostsInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-9150 Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksumsInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-9149 Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv fileInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-9256 NGINX ngx_http_rewrite_module vulnerabilityInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-6402 webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS originsInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-5222 Cargo can be coerced to share credentials between registriesInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-8376 Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit buildsInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-39821 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idnaInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/htmlInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-39832 Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agentInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-8466 Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboyInformation published.MSRC.MICROSOFT.COM
27 MayCVE-2026-5223 Crates in third party registries can override the cached source of other cratesInformation published.MSRC.MICROSOFT.COM
27 MayThe NSA, ‘Mythos’ and the quiet emergence of AI cyber doctrineFor most of my career running security operations, the shape of cyber conflict has been defined by who could move faster than the other side. Faster at identifying a vulnerability, faster at patching, faster at detecting, faster at responding. The last few months have made me ree…CSOONLINE.COM
27 MayGitea Vulnerability Exposes Private Container Images without AuthenticationCybersecurity researchers have disclosed a security flaw in Gitea, an open-source, self-hosted platform for version control, that allows unauthenticated remote attackers to pull private container images from Gitea deployments without requiring an account, password, or other crede…THEHACKERNEWS.COM
27 MayClaude now reviews and fixes vulnerabilities as you write codeAnthropic introduced a security-guidance plugin for Claude Code that reviews code changes for common vulnerabilities and helps Claude identify and fix issues during the same development session. The company says the plugin is designed to catch issues such as injection flaws, unsa…HELPNETSECURITY.COM
27 MayFastAPI-based AI tools exposed to authentication bypass by flaw in Starlette frameworkA single malformed character in a web request can let an unauthenticated attacker slip past the access controls that guard applications built on Starlette, the open-source Python framework that powers FastAPI, researchers said. The flaw, tracked as CVE-2026-48710 could allow atta…CSOONLINE.COM
27 May KEVCISA orders federal agencies to patch actively exploited cPanel plugin flaw within 4 daysThe US Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a critical vulnerability in the LiteSpeed cPanel plugin that is being actively exploited in attacks. The flaw, tracked as CVE-2026-48172, affects the LiteSpeed cPanel user-end plu…CYBERINSIDER.COM
26 MayKnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt StrikeA now-patched high-severity security flaw affecting Digital Knowledge KnowledgeDeliver, a Learning Management System (LMS) popular in Japan, was exploited as a zero-day to deliver the Godzilla web shell and ultimately facilitate the deployment of Cobalt Strike Beacon. The vulnera…THEHACKERNEWS.COM
26 MayCVE-2025-3198 GNU Binutils objdump bucomm.c display_info memory leakInformation published.MSRC.MICROSOFT.COM
26 MayHigh-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659)Microsoft has released patches for a high-severity remote code execution vulnerability (CVE-2026-45659) in SharePoint that may be exploited in low-complexity attacks. It affects the SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2…HELPNETSECURITY.COM
26 MayMicrosoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server VersionsMicrosoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in attacks without requiring any specialized conditions to be met. The vulnerability, tracked as CVE-2026-45659, carries a CVSS score of 8.8. I…THEHACKERNEWS.COM
26 May KEVActively exploited Trend Micro Apex One flaw gets CISA warning (CVE-2026-34926)A relative directory path traversal vulnerability (CVE-2026-34926) in Trend Micro’s Apex One platform has been exploited in zero-day attacks, the company confirmed. “TrendAI has observed at least one attempt to exploit this vulnerability in the wild,” Trend Micr…HELPNETSECURITY.COM
26 MayCVE-2026-45495 Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityCWE added. Informational change only.MSRC.MICROSOFT.COM
26 MayCVE-2026-45498 Microsoft Defender Denial of Service VulnerabilityCWE added. Informational change only.MSRC.MICROSOFT.COM
26 MayCVE-2026-41091 Microsoft Defender Elevation of Privilege VulnerabilityIn the Security Updates table, added links to the Release Notes. This is an informational change only.MSRC.MICROSOFT.COM
26 MayCVE-2026-45584 Microsoft Defender Remote Code Execution VulnerabilityIn the Security Updates table, added links to the Release Notes. This is an informational change only.MSRC.MICROSOFT.COM
25 MayAI Vulnerability Explosion, Kim Wolf Botnet Arrest, Ghost CMS Hack, Iran Cyber EspionageIs AI about to trigger a cybersecurity vulnerability explosion? In this episode of Cybersecurity Today, David Shipley examines what some researchers are calling the early signs of a "vulnerability apocalypse" as Anthropic's Claude-powered Project Glasswing identifies thousands of…CYBERSECURITYTODAY.LIBSYN.COM
25 MayExploitation of KnowledgeDeliver via ViewState Deserialization VulnerabilityWritten by: Takahiro Sugiyama, Peter Revelant, Mathew Potaczek Introduction In late 2025, Mandiant responded to a security incident involving a compromised web server running KnowledgeDeliver . KnowledgeDeliver is a Learning Management System (LMS) developed by Digital Knowledge …CLOUD.GOOGLE.COM
25 MayCVE-2026-43029 mptcp: fix soft lockup in mptcp_recvmsg()Information published.MSRC.MICROSOFT.COM
25 MayCVE-2026-43414 scsi: qla2xxx: Completely fix fcport double freeInformation published.MSRC.MICROSOFT.COM
25 MayAs AI speeds coding, CVE Lite CLI keeps security deliberately AI-freeAs AI coding assistants accelerate software development, one OWASP-backed open-source project is arguing that dependency security tooling still arrives too late to be truly useful. CVE Lite CLI , a JavaScript and TypeScript dependency vulnerability scanner focused on local lockfi…CSOONLINE.COM
25 MayGhost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix AttacksThreat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks. According to QiAnXin XLab, the activity involves the exploitation of CVE-2026-26980 (CVSS score: 9.4), an SQL injection …THEHACKERNEWS.COM
25 MayDrupal warns of active exploitation attempts targeting critical SQL injection flawDrupal is warning administrators that attackers are already attempting to exploit a newly disclosed SQL injection vulnerability affecting the open-source content management system just days after security patches were released. The flaw, tracked as CVE-2026-9082, impacts Drupal’s…CYBERINSIDER.COM
24 MayGhost CMS SQL injection flaw exploited in large-scale ClickFix campaignA large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. [...]BLEEPINGCOMPUTER.COM
23 MayCVE-2026-3039 BIND 9 server memory exhaustion during GSS-API TKEY negotiationInformation published.MSRC.MICROSOFT.COM
23 MayCVE-2026-3592 Amplification vulnerabilities via self-pointed glue recordsInformation published.MSRC.MICROSOFT.COM
23 MayCVE-2026-3593 Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementationInformation published.MSRC.MICROSOFT.COM
23 MayCVE-2026-5950 Unbounded resend loop in BIND 9 resolverInformation published.MSRC.MICROSOFT.COM
23 MayCVE-2026-42009 Gnutls: gnutls: denial of service via dtls packet reordering vulnerabilityInformation published.MSRC.MICROSOFT.COM
23 MayCVE-2026-41054 Missing exit out of permission check in haveged could lead to root exploitInformation published.MSRC.MICROSOFT.COM
23 MayCVE-2026-8723 qs.stringify crashes on null/undefined entries in comma-format arrays under encodeValuesOnlyInformation published.MSRC.MICROSOFT.COM
23 MayCVE-2025-14575 Uncontrolled Search Path Element in Qt Network OpenSSL TLS backend allows rogue CA certificate loadingInformation published.MSRC.MICROSOFT.COM
23 MayCVE-2026-5947 SIG(0) validation during query flood may lead to undefined behaviorInformation published.MSRC.MICROSOFT.COM
23 MayLiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as RootA maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild. The flaw, tracked as CVE-2026-48172 (CVSS score: 10.0), relates to an instance of incorrect privilege assignment that an attacker could abuse to ru…THEHACKERNEWS.COM
22 MayCisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data AccessCisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload that could allow an unauthenticated, remote attacker to access sensitive data. Tracked as CVE-2026-20223 (CVSS score: 10.0), the vulnerability arises from insufficient validation and authe…THEHACKERNEWS.COM
22 May KEVCISA Warns Trend Micro Apex One Vulnerability Is Being Exploited in AttacksCISA has added a newly disclosed vulnerability in Trend Micro Apex One to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is actively being exploited in real-world attacks. The issue, tracked as CVE-2026-34926, affects on-premise deployments of Trend Micr…GBHACKERS.COM
22 MayCVE-2026-43331 x86/kexec: Disable KCOV instrumentation after load_segments()Information published.MSRC.MICROSOFT.COM
22 MayCVE-2026-43303 mm/page_alloc: clear page->private in free_pages_prepare()Information published.MSRC.MICROSOFT.COM
22 MayCVE-2026-43465 net/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQInformation published.MSRC.MICROSOFT.COM
22 MayCVE-2026-43499 rtmutex: Use waiter::task instead of current in remove_waiter()Information published.MSRC.MICROSOFT.COM
22 MayCVE-2026-43497 fbdev: udlfb: add vm_ops to dlfb_ops_mmap to prevent use-after-freeInformation published.MSRC.MICROSOFT.COM
22 MayCVE-2026-43502 net/rds: handle zerocopy send cleanup before the message is queuedInformation published.MSRC.MICROSOFT.COM
22 MayCVE-2026-43501 ipv6: rpl: reserve mac_len headroom when recompressed SRH growsInformation published.MSRC.MICROSOFT.COM
22 MayCVE-2026-43496 net/sched: sch_red: Replace direct dequeue call with peek and qdisc_dequeue_peekedInformation published.MSRC.MICROSOFT.COM
22 MayCVE-2026-43464 net/mlx5e: RX, Fix XDP multi-buf frag counting for legacy RQInformation published.MSRC.MICROSOFT.COM
22 MayCVE-2026-43495 net: wwan: t7xx: validate port_count against message length in t7xx_port_enum_msg_handlerInformation published.MSRC.MICROSOFT.COM
22 MayCVE-2026-43494 net/rds: reset op_nents when zerocopy page pin failsInformation published.MSRC.MICROSOFT.COM
22 MayCVE-2024-26944 btrfs: zoned: fix use-after-free in do_zone_finish()Information published.MSRC.MICROSOFT.COM
22 MayCVE-2026-0968 Libssh: libssh: denial of service due to malformed sftp messageInformation published.MSRC.MICROSOFT.COM
22 May KEVCISA Issues Alert on Exploited Microsoft Defender Zero-Day VulnerabilitiesCISA has issued an urgent alert warning organizations about two newly disclosed zero-day vulnerabilities affecting Microsoft Defender, both added to the Known Exploited Vulnerabilities (KEV) catalog on May 20, 2026. CVE-2026-45498: Microsoft Defender DoS Vulnerability CVE-2026-45…GBHACKERS.COM
22 MayCVE-2025-38340 firmware: cs_dsp: Fix OOB memory read access in KUnit testInformation published.MSRC.MICROSOFT.COM
22 MayCVE-2024-41023 sched/deadline: Fix task_struct reference leakInformation published.MSRC.MICROSOFT.COM
22 MayDrupal Vulnerability in Hacker Crosshairs Shortly After DisclosureDrupal is warning users that it has already seen attempts to exploit CVE-2026-9082 and security firms are seeing attacks against thousands of websites. The post Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure appeared first on SecurityWeek .SECURITYWEEK.COM
22 MayMetasploit Wrap Up 05/22/2026Another week, another authentication bypass Our humble Metasploit weekly(ish) blog has been blessed with a new network component vulnerability. The dynamic duo of @sfewer-r7 and @jburgess-r7 have discovered and authored the admin/networking/cisco_sdwan_vhub_auth_bypass module for…RAPID7.COM
21 MayMicrosoft is working on a patch for ‘YellowKey’ attack on Bitlocker, offers temporary fixMicrosoft says it is considering a patch for a zero-day vulnerability, dubbed YellowKey, that allows attackers with access to a Windows device to bypass Bitlocker encryption protection and read and write files. The flaw was disclosed last week, and there is already a public proof…CSOONLINE.COM
21 MayHighly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE AttacksDrupal has released security updates for a "highly critical" security vulnerability in Drupal Core that could be exploited by attackers to achieve remote code execution, privilege escalation, or information disclosure. The vulnerability, now tracked as CVE-2026-9082, carries a CV…THEHACKERNEWS.COM
21 MayCVE-2026-45585 Windows BitLocker Security Feature Bypass VulnerabilityAdded a script to implement a mitigation and removed the manual mitigations. Please read the information to decide if you need to run the provided script.MSRC.MICROSOFT.COM
21 MayCVE-2026-43619 Rsync < 3.4.3 Symlink Race Condition via Path-Based SyscallsInformation published.MSRC.MICROSOFT.COM
21 MayCVE-2026-43618 Rsync < 3.4.3 Integer Overflow Information DisclosureInformation published.MSRC.MICROSOFT.COM
21 MayCVE-2026-43620 Rsync < 3.4.3 Out-of-Bounds Array Read via recv_files()Information published.MSRC.MICROSOFT.COM
21 MayCVE-2026-47784 In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl_server_userdb_checkpass.Information published.MSRC.MICROSOFT.COM
21 MayCVE-2026-47783 In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass.Information published.MSRC.MICROSOFT.COM
21 MayCVE-2026-42960 Possible cache poisoning via promiscuous records for the authority sectionInformation published.MSRC.MICROSOFT.COM
21 MayCVE-2026-42959 Crash during DNSSEC validation of malicious contentInformation published.MSRC.MICROSOFT.COM
21 MayCVE-2026-44608 Use after free and crash under special conditions in RPZ codeInformation published.MSRC.MICROSOFT.COM
21 MayCVE-2026-33278 Possible arbitrary code execution during DNSSEC validationInformation published.MSRC.MICROSOFT.COM
21 MayCVE-2026-42923 Degradation of service with unbounded NSEC3 hash calculationsInformation published.MSRC.MICROSOFT.COM
21 MayCVE-2026-45803 gh: GitHub Actions log output in `gh run view` allows terminal escape sequence injectionInformation published.MSRC.MICROSOFT.COM
21 MayCVE-2026-43970 Decompression Bomb in cow_spdy:inflate/2 Allows Memory Exhaustion via Crafted SPDY FrameInformation published.MSRC.MICROSOFT.COM
21 MayCVE-2026-43617 Rsync < 3.4.3 Authorization Bypass via Hostname ResolutionInformation published.MSRC.MICROSOFT.COM
21 MayCVE-2026-45232 Rsync < 3.4.3 Off-by-One Stack Write via HTTP ProxyInformation published.MSRC.MICROSOFT.COM
21 MayCVE-2026-29518 Rsync < 3.4.3 TOCTOU Race Condition Allows Symlink-Based Arbitrary File WriteInformation published.MSRC.MICROSOFT.COM
21 MayCVE-2026-41292 Long list of incoming EDNS options degrades performanceInformation published.MSRC.MICROSOFT.COM
21 MayCVE-2026-42534 Jostle logic bypass degrades resolution performanceInformation published.MSRC.MICROSOFT.COM
21 MayCVE-2026-40622 Another 'ghost domain names' attack variantInformation published.MSRC.MICROSOFT.COM
21 MayCVE-2026-42944 Heap overflow with multiple NSID, COOKIE, PADDING EDNS optionsInformation published.MSRC.MICROSOFT.COM
21 MayCVE-2026-44390 Unbounded name compression in certain cases causes degradation of serviceInformation published.MSRC.MICROSOFT.COM
21 MayNine-Year-Old Kernel Flaw Puts Linux SSH Private Keys at RiskA newly disclosed Linux kernel vulnerability, tracked as CVE-2026-46333, poses a serious risk to SSH private keys and other sensitive credentials. The flaw, present in the kernel since 2016, allows a local attacker to escalate from a basic shell account to full root access on man…GBHACKERS.COM
21 May9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major DistrosCybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained undetected for nine years. The vulnerability, tracked as CVE-2026-46333 (CVSS score: 5.5), is a case of improper privilege management that could permit an unprivileged local user…THEHACKERNEWS.COM
21 MayCritical Vulnerability in Cisco Secure Workload Threatens Enterprise API SecurityCisco has disclosed a critical security vulnerability in its Secure Workload platform that could allow unauthenticated attackers to gain high-level administrative access to sensitive enterprise environments. The flaw, tracked as CVE-2026-20223, carries a maximum CVSS score of 10.…GBHACKERS.COM
21 May KEVMicrosoft Warns of Two Actively Exploited Defender VulnerabilitiesMicrosoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild. The former, tracked as CVE-2026-41091, is rated 7.8 on the CVSS scoring system. Successful exploitation of the flaw could allow an attacker…THEHACKERNEWS.COM
21 May KEVMicrosoft Defender Zero-Day Vulnerabilities Actively Exploited in the WildMicrosoft has disclosed two new zero-day vulnerabilities in Microsoft Defender that are actively being exploited in the wild, raising concerns among security professionals and enterprise users. The vulnerabilities, tracked as CVE-2026-41091 and CVE-2026-45498, were officially rel…GBHACKERS.COM
21 May KEVCVE-2026-9082: Highly Critical SQL Injection Vulnerability in Drupal Core (SA-CORE-2026-004)A highly critical SQL injection vulnerability in Drupal core's database abstraction layer affects sites running PostgreSQL. Key Takeaways CVE-2026-9082 is a highly critical SQL injection vulnerability in Drupal core's database abstraction API that can be exploited by unauthentica…TENABLE.COM
21 MayCisco fixed maximum severity flaw CVE-2026-20223 in Secure WorkloadCisco fixed a critical Secure Workload flaw (CVE-2026-20223) that could let attackers gain Site Admin privileges through crafted API requests. Cisco released patches for a critical vulnerability, tracked as CVE-2026-20223 (CVSS score of 10.0), in Secure Workload. The flaw stems f…SECURITYAFFAIRS.COM
21 MayUnpatched ChromaDB flaw leaves servers open to remote code executionResearchers have published details about a critical vulnerability in ChromaDB that could allow unauthenticated attackers to execute arbitrary code and access sensitive data on machines running the open-source vector database. The issue, tracked as CVE-2026-45829, is located in Ch…CSOONLINE.COM
21 MayCritical vulnerability in Cisco Secure Workload rated at maximum severityA critical vulnerability in the on-premises version of the Cisco Secure Workload security platform could allow a threat actor to obtain the privileges of a site admin, enabling them to compromise endpoints and read or modify configuration data. “CSOs need to drop what they are do…CSOONLINE.COM
21 May KEVMicrosoft patches two zero-day flaws in DefenderMicrosoft released emergency fixes for two zero-day vulnerabilities in the malware protection components of Microsoft Defender. The flaws allow local attackers to gain system-level privileges or cause the anti-malware service to stop working correctly. Both conditions are valuabl…CSOONLINE.COM
21 MayA New SonicWall Scanning Spike Echoes the Pattern That Preceded CVE-2026-0400A new SonicWall scanning surge mirrors the pattern that preceded CVE-2026-0400. GreyNoise details the activity and what defenders should watch.GREYNOISE.IO
20 MayFreePBX Security Flaw Lets Attackers Access User PortalsA critical security vulnerability has been discovered in FreePBX, a widely used open-source PBX platform, allowing unauthenticated attackers to access user portals under certain conditions. The flaw, tracked as CVE-2026-46376, carries a CVSS v4 base score of 9.1 and affects the U…GBHACKERS.COM
20 MayCVE Lite CLI: Open-source dependency vulnerability scannerDependency vulnerability scanning in JavaScript and TypeScript projects has long sat at the end of the development pipeline. Pull requests get opened, continuous integration runs, and a security scanner returns a list of CVE identifiers that developers then have to triage hours o…HELPNETSECURITY.COM
20 MayCVE-2026-43493 crypto: pcrypt - Fix handling of MAY_BACKLOG requestsInformation published.MSRC.MICROSOFT.COM
20 MayCVE-2026-43491 net: qrtr: ns: Limit the maximum server registration per nodeInformation published.MSRC.MICROSOFT.COM
20 MayCVE-2026-43492 lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl()Information published.MSRC.MICROSOFT.COM
20 MayPardus Linux Vulnerability Lets Local Attackers Gain Silent Root AccessA critical privilege escalation vulnerability chain, tracked as CVE-2026-5140, has been discovered in the Pardus Linux update mechanism, allowing local users to gain full root access without authentication. The issue, rated CVSS 9.3 (Critical), affects the pardus-update package a…GBHACKERS.COM
20 MayDirtyDecrypt: PoC Released for yet another Linux flawDirtyDecrypt (CVE-2026-31635): working PoC out for a Linux kernel LPE flaw. Missing COW guard in rxgk_decrypt_skb lets local attackers reach root. After Copy Fail, Dirty Frag, and Fragnesia, here comes DirtyDecrypt, another local privilege escalation vulnerability in the kernel, …SECURITYAFFAIRS.COM
20 MayMicrosoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585)Microsoft is working on a fix for CVE-2026-45585 (aka “Yellowkey”), a vulnerability that can be used by attackers to bypass protections offered by BitLocker, the full-disk encryption feature built into Windows, and access users’ data. In the meantime, the compan…HELPNETSECURITY.COM
20 MayMicrosoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 ExploitMicrosoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week. The zero-day flaw, now tracked as CVE-2026-45585, carries a CVSS score of 6.8. It has been described as a BitLocker security feature bypass. …THEHACKERNEWS.COM
20 MayWhy some security fixes never reach your vulnerability dashboardOn April 22, for roughly 90 minutes, a malicious version of Bitwarden CLI appeared on npm. Version 2026.4.0 contained a credential-stealing payload that executed an obfuscated loader and harvested AWS, Azure, GCP, GitHub, and npm tokens from any developer machine that ran npm ins…CSOONLINE.COM
20 MayHow an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102)We explain how a flaw in ExifTool allows attackers to compromise macOS systems via a malicious image (CVE-2026-3102).SECURELIST.COM
20 MayCritical ExifTool Vulnerability Lets Hackers Compromise Macs via Malicious ImagesA newly disclosed vulnerability in ExifTool, tracked as CVE-2026-3102, exposes macOS systems to command execution attacks through malicious image metadata, highlighting ongoing risks in widely used file processing tools. ExifTool is a popular utility used across media workflows t…GBHACKERS.COM
20 MayNVIDIA Triton Inference Server Flaw Raises Risk of Unauthorized AccessNVIDIA has disclosed a critical security vulnerability in its Triton Inference Server that could allow attackers to bypass authentication and gain unauthorized access to affected systems. The flaw, tracked as CVE-2026-24207, has been assigned a CVSS v3.1 score of 9.8, indicating …GBHACKERS.COM
20 MayMicrosoft issues YellowKey mitigation, no patch yetMicrosoft acknowledged the YellowKey BitLocker bypass flaw and released mitigations, urging admins to disable autofstx.exe and enable TPM+PIN. A week after Chaotic Eclipse publicly dropped the YellowKey vulnerability, Microsoft acknowledged it and published a mitigation. Not a pa…SECURITYAFFAIRS.COM
20 MayVU#980487: Local privilege escalation in Linux Kernel (Dirty Frag)Overview A privilege escalation vulnerability, nicknamed "Dirty Frag," has been discovered in the Linux kernel versions 4.10 and later. This vulnerability is a result of chaining together two previously discovered vulnerabilities, xfrm-ESP Page-Cache Write CVE-2026-43284 and the …KB.CERT.ORG
20 MayDrupal admins rushing to patch maximum severity SQL injection vulnerabilityAdministrators of the Drupal open source content management platform are rushing to install an emergency patch issued today to fix a “highly critical” SQL injection vulnerability in the application’s core. While the vulnerability only affects websites that use the PostgreSQL data…CSOONLINE.COM
19 May KEVExchange Zero-Day Under Attack, Ransomware Gets Smarter, Fortinet Critical FlawsA dangerous new Microsoft Exchange zero-day is being actively exploited, ransomware gangs are adopting nation-state-style tactics, two fired contractors were caught deleting U.S. government databases after accidentally recording themselves on Microsoft Teams, and Fortinet has pat…CYBERSECURITYTODAY.LIBSYN.COM
19 MayCVE-2026-7246 Pallets Click contains a command injection via Unsanitized Filename "click.edit()"Information published.MSRC.MICROSOFT.COM
19 MayCVE-2026-31721 usb: gadget: f_hid: move list and spinlock inits from bind to allocInformation published.MSRC.MICROSOFT.COM
19 MayCVE-2026-31704 ksmbd: use check_add_overflow() to prevent u16 DACL size overflowInformation published.MSRC.MICROSOFT.COM
19 MayCVE-2026-31702 f2fs: fix use-after-free of sbi in f2fs_compress_write_end_io()Information published.MSRC.MICROSOFT.COM
19 MayCVE-2026-37458 Missing input validation in the MP_REACH_NLRI component of FRRouting (FRR) stable/10.0 to stable/10.6 allows authenticated attackers to cause a Denial of Service (DoS) via supplying a crafted UPDATE message.Information published.MSRC.MICROSOFT.COM
19 MayCVE-2026-4873 connection reuse ignores TLS requirementInformation published.MSRC.MICROSOFT.COM
19 MayCVE-2026-6429 netrc credential leak with reused proxy connectionInformation published.MSRC.MICROSOFT.COM
19 MayCVE-2026-5545 wrong reuse of HTTP Negotiate connectionInformation published.MSRC.MICROSOFT.COM
19 MayCVE-2026-6253 proxy credentials leak over redirect-to proxyInformation published.MSRC.MICROSOFT.COM
19 MayCVE-2026-37459 An integer underflow in FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.Information published.MSRC.MICROSOFT.COM
19 MayCVE-2026-6276 stale custom cookie host causes cookie leakInformation published.MSRC.MICROSOFT.COM
19 MayCVE-2025-1176 GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflowInformation published.MSRC.MICROSOFT.COM
19 MayCVE-2025-1178 GNU Binutils ld libbfd.c bfd_putl64 memory corruptionInformation published.MSRC.MICROSOFT.COM
19 MayFour-Faith Industrial Routers Targeted in Botnet Hijacking CampaignFour-Faith industrial cellular routers are being actively targeted in a growing botnet campaign exploiting a critical authentication bypass flaw tracked as CVE-2024-9643. Security researchers warn that attackers are rapidly weaponizing the vulnerability to hijack exposed devices …GBHACKERS.COM
19 May20-Year-Old PostgreSQL Flaw Gets Public PoC Exploit for Remote Code ExecutionA newly released proof-of-concept (PoC) exploit for CVE-2026-2005 has brought renewed attention to a critical vulnerability in PostgreSQL’s pgcrypto extension, exposing systems to remote code execution (RCE). Security researchers warn that the flaw, rooted in legacy code paths da…GBHACKERS.COM
19 MayDirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE VulnerabilityProof-of-concept (PoC) exploit code has now been released for a recently patched security flaw in the Linux kernel that could allow for local privilege escalation (LPE). Dubbed DirtyDecrypt (aka DirtyCBC), the vulnerability was discovered and reported by the Zellic and V12 securi…THEHACKERNEWS.COM
19 MaymacOS flaw allowed rogue apps to access chat and browser dataResearchers at mobile privacy firm Mysk have disclosed details of a now-patched macOS vulnerability that could allow malicious apps to bypass Apple’s sandbox and privacy protections to access sensitive user data stored by messaging, productivity, and browser applications. Tracked…CYBERINSIDER.COM
19 MayContractor’s public GitHub account exposed GovCloud and CISA credentialsUntil a few days ago, a publicly-accessible GitHub repository exposed credentials for both US government AWS accounts and internal Cybersecurity and Infrastructure Security Agency (CISA) systems. That’s according to cybersecurity reporter Brian Krebs, who first broke the news ove…CSOONLINE.COM
19 May9 Year-Old PHP Vulnerability Keeps Swinging As One of the Most Targeted VulnerabilitiesCVE-2017-9841 is still a primary exploit path for several botnets. What is old is still new in the eyes of cybercrime.VULNCHECK.COM
18 May KEVExperts warn of active exploitation of critical NGINX flaw CVE-2026-42945A critical NGINX flaw (CVE-2026-42945) is actively exploited, allowing crashes or possible code execution via malicious HTTP requests. A critical vulnerability in NGINX Plus and NGINX Open, tracked as CVE-2026-42945 (CVSS v4 score of 9.2), is already being actively exploited shor…SECURITYAFFAIRS.COM
18 MayCritical Marimo RCE Flaw Could Let Attackers Execute Malicious Code RemotelyA newly disclosed critical vulnerability in the Marimo Python notebook framework is raising serious alarms across the cybersecurity community, as it allows attackers to execute arbitrary commands remotely, without authentication. Tracked as CVE-2026-39987, the flaw exposes a WebS…GBHACKERS.COM
18 MayChaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Windows security fixMiniPlasma: a Windows SYSTEM privilege escalation believed patched in 2020 (CVE-2020-17103) is still fully working on every patched Windows 11. Once again, security researcher Chaotic Eclipse has released a proof-of-concept exploit for a new Windows privilege escalation zero-day …SECURITYAFFAIRS.COM
18 May KEVVU#777338: SGLang contains two remote code execution and one path traversal vulnerabilityOverview Three vulnerabilities have been discovered in the SGLang project, two enabling remote code execution (RCE), and one regarding a path traversal vulnerability. In order for an attacker to exploit these vulnerabilities, the multimodal generation mode must be enabled, and an…KB.CERT.ORG
18 MayIvanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation FlawsIvanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities that could be exploited by bad actors to bypass authentication and execute arbitrary code. Topping the list is a critical flaw impacting Ivanti Xtraction (CVE-2026-8043, CVSS score: 9.…THEHACKERNEWS.COM
18 May KEVCritical NGINX Vulnerability Lets Hackers Launch Remote Code Execution AttacksA newly disclosed vulnerability in NGINX is already being actively exploited, raising serious concerns across the global cybersecurity community. Tracked as CVE-2026-42945, the flaw affects both NGINX Open Source and NGINX Plus, potentially allowing attackers to crash servers or …GBHACKERS.COM
18 MayGamaredon Deploys GammaDrop, GammaLoad in Phishing CampaignsGamaredon Uses GammaDrop and GammaLoad Downloaders in Multi-Stage Phishing Attacks. A sustained cyber-espionage campaign linked to the Gamaredon threat group is actively targeting Ukrainian government entities using multi-stage phishing attacks and evolving malware loaders. Gamar…GBHACKERS.COM
18 May‘Patched’ Windows bug resurfaces 6 years later as working SYSTEM-level exploitAn old elevation-of-privilege (EoV) vulnerability affecting the Cloud Filter driver “cldflt.sys” in Windows has come back to haunt Microsoft, as researchers claim it is still exploitable six years after it was supposedly patched. The flaw, originally reported to Microsoft by Goog…CSOONLINE.COM
18 MayAttackers are exploiting critical NGINX vulnerability (CVE-2026-42945)A critical NGINX vulnerability (CVE-2026-42945) disclosed last week is being exploited by attackers, VulnCheck security researcher Patrick Garrity revealed on Saturday. The vulnerability, dubbed NGINX Rift, can be reliably exploited to trigger a denial-of-service condition and ca…HELPNETSECURITY.COM
18 MayMicrosoft Exchange Zero-Day Under Attack, No Patch AvailableCVE-2026-42897 stems from a cross-site scripting (XSS) vulnerability and can allow an attacker to compromise Outlook Web Access (OWA) mailboxes.DARKREADING.COM
17 MayCVE-2026-46483 Vim: Command injection in tar#Vimuntar via missing shellescape {special} flagInformation published.MSRC.MICROSOFT.COM
17 MayCVE-2026-44283 etcd: Read access via PrevKv in etcd transactions may bypass RBAC authorization checksInformation published.MSRC.MICROSOFT.COM
17 MayCVE-2026-8368 LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirectsInformation published.MSRC.MICROSOFT.COM
17 MayCVE-2026-8328 FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host addressInformation published.MSRC.MICROSOFT.COM
17 May KEVNGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCEA newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public disclosure, according to VulnCheck. The vulnerability, tracked as CVE-2026-42945 (CVSS score: 9.2), is a heap buffer overflow in ngx_http_rewr…THEHACKERNEWS.COM
17 MaySECURITY AFFAIRS MALWARE NEWSLETTER ROUND 97Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter JDownloader site hacked to replace installers with Python RAT malware New TrickMo Variant: Device Take …SECURITYAFFAIRS.COM
16 MayCVE-2026-44673 libyang: lyb_read_string() integer overflow → heap buffer overflowInformation published.MSRC.MICROSOFT.COM
16 MayCVE-2026-6478 PostgreSQL discloses MD5-hashed passwords via covert timing channelInformation published.MSRC.MICROSOFT.COM
16 MayCVE-2026-6473 PostgreSQL server undersizes allocations, via integer wraparoundInformation published.MSRC.MICROSOFT.COM
16 MayCVE-2026-6638 PostgreSQL REFRESH PUBLICATION allows SQL injection via table nameInformation published.MSRC.MICROSOFT.COM
16 MayCVE-2026-6637 PostgreSQL refint allows stack buffer overflow and SQL injectionInformation published.MSRC.MICROSOFT.COM
16 MayCVE-2026-6477 PostgreSQL libpq lo_* functions let server superuser overwrite client stack memoryInformation published.MSRC.MICROSOFT.COM
16 MayCVE-2026-42934 NGINX ngx_http_charset_module vulnerabilityInformation published.MSRC.MICROSOFT.COM
16 MayCVE-2026-42946 NGINX ngx_http_scgi_module and ngx_http_uwsgi_module vulnerabilityInformation published.MSRC.MICROSOFT.COM
16 MayCVE-2026-44662 rust-openssl: Heap buffer overflow when encrypting with AES key-wrap-with-paddingInformation published.MSRC.MICROSOFT.COM
16 MayCVE-2026-44431 urllib3: Sensitive headers forwarded across origins in proxied low-level redirectsInformation published.MSRC.MICROSOFT.COM
16 MayCVE-2026-43490 ksmbd: validate inherited ACE SID lengthInformation published.MSRC.MICROSOFT.COM
16 MayCVE-2026-6475 PostgreSQL pg_basebackup and pg_rewind can overwrite unrelated files of origin superuser choiceInformation published.MSRC.MICROSOFT.COM
16 MayCVE-2026-6474 PostgreSQL timeofday() can disclose portions of server memoryInformation published.MSRC.MICROSOFT.COM
16 MayCVE-2026-6472 PostgreSQL CREATE TYPE does not check multirange schema CREATE privilegeInformation published.MSRC.MICROSOFT.COM
16 MayCVE-2026-6479 PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursionInformation published.MSRC.MICROSOFT.COM
16 MayCVE-2026-40701 NGINX ngx_http_ssl_module vulnerabilityInformation published.MSRC.MICROSOFT.COM
16 MayCVE-2026-42945 NGINX ngx_http_rewrite_module vulnerabilityInformation published.MSRC.MICROSOFT.COM
16 MayCVE-2026-46333 ptrace: slightly saner 'get_dumpable()' logicInformation published.MSRC.MICROSOFT.COM
16 MayLinux “ssh-keysign-pwn” Flaw Exposing Critical Authentication FilesA newly disclosed Linux kernel vulnerability, dubbed “ssh-keysign-pwn” by Qualys researchers, exposes millions of Linux systems to unauthorized access to sensitive SSH private keys and hashed passwords stored in /etc/shadow. Tracked as CVE-2026-463…GBHACKERS.COM
15 MayPalo Alto Firewalls Hit by Zero-Day Allowing Arbitrary Code Execution as RootA devastating zero-day vulnerability in Palo Alto Networks firewalls is under active exploitation by suspected state-sponsored hackers, allowing unauthenticated attackers to seize complete control of enterprise security infrastructure. The flaw, tracked as CVE-2026-0300 with a cr…GBHACKERS.COM
15 MayOn-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted EmailMicrosoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-42897 (CVSS score: 8.1), has been described as a spoofing bug stemming from a …THEHACKERNEWS.COM
15 MayNext.js Security Flaw Leaks Cloud Credentials, API Keys, and Admin InterfacesNext.js, one of the most widely used React frameworks, has been hit by a high-severity vulnerability that could allow attackers to extract sensitive cloud credentials, API keys, and even access internal admin interfaces. The flaw, tracked as CVE-2026-44578, exposes a critical wea…GBHACKERS.COM
15 MayCVE-2026-42304 Twisted: Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer ChainsInformation published.MSRC.MICROSOFT.COM
15 MayCVE-2026-42011 Gnutls: gnutls: security bypass due to incorrect name constraint handlingInformation published.MSRC.MICROSOFT.COM
15 MayCVE-2026-34956 Openvswitch: open vswitch: denial of service via malformed ftp epasv commandInformation published.MSRC.MICROSOFT.COM
15 MayCVE-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protectionInformation published.MSRC.MICROSOFT.COM
15 MayCVE-2026-43969 Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1Information published.MSRC.MICROSOFT.COM
15 MayCVE-2026-42010 Gnutls: gnutls: authentication bypass via nul character in usernameInformation published.MSRC.MICROSOFT.COM
15 MayCVE-2026-7790 Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoSInformation published.MSRC.MICROSOFT.COM
15 MayCVE-2026-43968 CR Injection in SSE Encoder Enables Event Splitting via cow_sse:event/1Information published.MSRC.MICROSOFT.COM
15 May KEVCisco Catalyst SD-WAN Controller Flaw Under Active Exploitation for Admin AccessCisco has disclosed a critical vulnerability in its Catalyst SD-WAN platform that is already being exploited in the wild, allowing attackers to gain administrative control over enterprise networks without authentication. Critical SD-WAN flaw under attack The vulnerability, tracke…GBHACKERS.COM
15 MayAmazon Redshift JDBC Driver Flaws Expose Systems to RCE AttacksAmazon Redshift users are facing a serious security risk after researchers uncovered a high-severity vulnerability that could allow attackers to execute arbitrary code on affected systems. The flaw, tracked as CVE-2026-8178, affects the widely used Amazon Redshift JDBC Driver and…GBHACKERS.COM
15 MayUnpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897)A critical cross-site scripting (XSS) vulnerability (CVE-2026-42897) in Microsoft Exchange Server is being exploited by attackers, Microsoft warned on Thursday. A permanent fix is still in the works. In the meantime, Microsoft provided temporary mitigations. About CVE-2026-42897 …HELPNETSECURITY.COM
15 May KEVPraisonAI Vulnerability Actively Exploited Within Hours of Being Made PublicA high-severity vulnerability in PraisonAI is drawing urgent attention after security researchers observed exploitation attempts within hours of public disclosure. The flaw, tracked as CVE-2026-44338 and documented in the GitHub advisory GHSA-6rmh-7xcm-cpxj, exposes a critical au…GBHACKERS.COM
15 MayVMware Fusion Flaw Could Allow Attackers to Gain Root PrivilegesA newly disclosed vulnerability in VMware Fusion has raised serious security concerns after researchers confirmed it could allow attackers to escalate privileges to root on affected systems. The flaw, tracked as CVE-2026-41702, has been rated high severity with a CVSS score of 7.…GBHACKERS.COM
15 May KEVCisco patches another actively exploited SD-WAN zero-day (CVE-2026-20182)Cisco has patched yet another Catalyst SD-WAN Controller authentication bypass vulnerability (CVE-2026-20182) that has been exploited as a zero-day by “a highly sophisticated cyber threat actor”. About CVE-2026-20182 CVE-2026-20182 – affecting both Cisco Catalys…HELPNETSECURITY.COM
15 MayCVE-2026-40379 Azure Entra ID Spoofing VulnerabilityCorrected CVE title. This is an informational change only.MSRC.MICROSOFT.COM
15 MayCVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-dayMicrosoft warned that attackers are exploiting a new Exchange Server zero-day vulnerability, tracked as CVE-2026-42897, in the wild. Microsoft warned that threat actors are actively exploiting a new Exchange Server zero-day vulnerability tracked as CVE-2026-42897 (CVSS score 8.1)…SECURITYAFFAIRS.COM
15 May KEVExchange Server zero-day vulnerability can be triggered by opening a malicious emailA newly discovered zero-day vulnerability in Microsoft Exchange Server has experts declaring an emergency and urging CSOs to think about the need to abandon on-premises email solutions. “Because it’s already being exploited in the wild, this isn’t a ‘patch next week situation; it…CSOONLINE.COM
15 MayMetasploit Wrap-Up 05/15/2026Weaponizing a text editor for fun and profit Gather round, dear readers, because today, we (by we, we mean @h00die) dropped the ultimate persistence mechanism: Vim plugin persistence. And honestly, calling it "persistence" feels redundant — Vim is already the most persistent thin…RAPID7.COM
14 MayNew Fragnesia Linux Kernel LPE Grants Root Access via Page Cache CorruptionDetails have emerged about a new variant of the recent Dirty Frag Linux local privilege escalation (LPE) vulnerability that allows local attackers to gain root access, making it the third such bug to be identified in the kernel within a span of two weeks. Codenamed Fragnesia, the…THEHACKERNEWS.COM
14 May18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCECybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open, including a critical flaw that remained undetected for 18 years. The vulnerability, discovered by depthfirst, is a heap buffer overflow issue impacting ngx_http_rewrite…THEHACKERNEWS.COM
14 May KEVLangflow CVE-2026-33017 Exploited to Steal AWS Keys, Deploy NATS WorkerLangflow instances left unpatched against CVE-2026-33017 are now being actively abused not just for remote code execution, but as launchpads to steal AWS keys and join a NATS-backed botnet-style worker pool dubbed “KeyHunter.” The vulnerability, now listed in CISA’s Known Exploit…GBHACKERS.COM
14 MayMongoDB Security Flaw Enables Arbitrary Code Execution on Vulnerable SystemsThe foundation of countless modern applications is under an emerging threat. A severe vulnerability in MongoDB could allow attackers to execute unauthorised code on targeted database servers undetected. Tracked officially as CVE-2026-8053, this critical flaw serves as a potential…GBHACKERS.COM
14 MayCritical Exim Mailer Flaw Enables Remote Code Execution AttacksA newly disclosed vulnerability in the widely used Exim mail transfer agent exposes thousands of internet-facing mail servers to unauthenticated remote code execution, threatening core email infrastructure across Linux and Unix-like systems. Tracked as CVE-2026-45185 and nickname…GBHACKERS.COM
14 MayPraisonAI vulnerability gets scanned within 4 hours of disclosureA newly disclosed authentication bypass flaw in the open-source AI orchestration framework PraisonAI was probed by internet scanners less than four hours after its public disclosure. According to Sysdig observations, roughly three hours and 44 minutes after a GitHub advisory drop…CSOONLINE.COM
14 MayPraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of DisclosureThreat actors have been observed attempting to exploit a recently disclosed security vulnerability in PraisonAI, an open-source multi-agent orchestration framework, within four hours of public disclosure. The vulnerability in question is CVE-2026-44338 (CVSS score: 7.3), a case o…THEHACKERNEWS.COM
14 MayWindows DNS Client Security Flaw Exposes Systems to Remote Code ExecutionWindows systems worldwide are at risk from a new critical flaw in the Windows DNS Client that could allow remote code execution without any user interaction. Tracked as CVE-2026-41096, the vulnerability has been rated critical with a CVSS base score of 9.8. It is patched in Micro…GBHACKERS.COM
14 MayCVE-2026-42945: NGINX Rewrite Heap Overflow Enables Remote DoS & Potential RCECVE-2026-42945: NGINX Rewrite Heap Overflow Enables Remote DoS & Potential RCE CVE-2026-42945 is a heap-based buffer overflow in NGINX that occurs in ngx_http_rewrite_module (the rewrite module). The bug is remotely reachable over HTTP and can be triggered without authenticat…SOCRADAR.IO
14 MayCritical WordPress Plugin Flaw Allows Unauthorized Access to WebsitesA critical vulnerability in a widely used WordPress plugin has exposed more than 200,000 websites to potential takeover, raising urgent concerns across the security community. Security researchers at Wordfence, using their AI-driven PRISM platform, have uncovered a severe authent…GBHACKERS.COM
14 MayNGINX Rift: an 18-year-old flaw in the world’s most deployed web server just came to lightResearchers found a critical 18-year-old buffer overflow flaw in NGINX, tracked as CVE-2026-42945 and named NGINX Rift. If you run NGINX, and statistically speaking, there is a very good chance you do, this week brought news worth stopping for. Security researchers at depthfirst …SECURITYAFFAIRS.COM
14 MayFragnesia: New Linux kernel LPE bug was spawned by Dirty Frag patch (CVE-2026-46300)Researchers have found and disclosed yet another local privilege escalation (LPE) vulnerability in the Linux kernel: CVE-2026-46300, aka “Fragnesia”. The flaw is in the same class of vulnerabilities as the recently disclosed Dirty Frag bug(s). Like Dirty Frag, it affe…HELPNETSECURITY.COM
14 MayCVE-2026-42897 Microsoft Exchange Server Spoofing VulnerabilityImproper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.MSRC.MICROSOFT.COM
14 MayCVE-2026-41615 Microsoft Authenticator Information Disclosure VulnerabilityExposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
14 MayBroadcom releases VMware Fusion security update for root access bugBroadcom patched a high-severity VMware Fusion flaw, CVE-2026-41702, that could let local attackers gain root privileges. Broadcom released a security update for VMware Fusion to address a high-severity vulnerability, tracked as CVE-2026-41702, that could allow local attackers to…SECURITYAFFAIRS.COM
14 MayCVE-2026-20182: Critical authentication bypass in Cisco Catalyst SD-WAN Controller (FIXED)Overview While researching a critical authentication bypass vulnerability, CVE-2026-20127 , which was exploited in-the-wild , Rapid7 Labs discovered a new authentication bypass vulnerability affecting Cisco Catalyst SD-WAN Controller (formerly known as vSmart), CVE-2026-20182 . T…RAPID7.COM
14 May KEVThe Dark Side of Efficiency: When Network Controllers Become "God Mode" for AttackersImagine you build a massive corporate campus with every security control money can buy. Blast resistant doors. Biometric scanners. Guards at every entrance. Maybe something similar to the infamous Death Star. On paper, it looks fantastic. Then, somewhere along the way, somebody d…RAPID7.COM
14 MayOngoing exploitation of Cisco Catalyst SD-WAN vulnerabilitiesCisco Talos is tracking the active exploitation of CVE-2026-20182, an authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage.TALOSINTELLIGENCE.COM
14 May KEVCisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin AccessCisco has released updates to address a maximum-severity authentication bypass flaw in Catalyst SD-WAN Controller that it said has been exploited in limited attacks. The vulnerability, tracked as CVE-2026-20182, carries a CVSS score of 10.0. "A vulnerability in the peering authen…THEHACKERNEWS.COM
14 MayLinux Kernel bug Fragnesia allows local root access attacksFragnesia, a new Linux kernel flaw tracked as CVE-2026-46300, could let local attackers gain root access through page cache corruption. Researchers disclosed a new Linux kernel privilege escalation vulnerability named Fragnesia, tracked as CVE-2026-46300 (CVSS score of 7.8). The …SECURITYAFFAIRS.COM
14 May KEVCVE-2026-0265: Authentication Bypass in Palo Alto Networks PAN-OSOverview On May 13, 2026, Palo Alto Networks published a security advisory for CVE-2026-0265 , a signature verification vulnerability that facilitates authentication bypass on PAN-OS , the operating system that most Palo Alto Networks firewalls run. This vulnerability allows a re…RAPID7.COM
14 MayMeet Fragnesia, the third Linux kernel vulnerability in a monthLinux admins reeling from handling last month’s CopyFail and last week’s Dirty Frag kernel vulnerabilities have a new headache to deal with: Fragnesia. “This is a significant vulnerability,” Robert Beggs , head of incident response firm DigitalDefence, told CSO . “It is bypassing…CSOONLINE.COM
14 MayAI agent finds 18-year-old remote code execution flaw in NginxResearchers have found a critical vulnerability in the widely used Nginx web server that can potentially lead to remote code execution under certain conditions. The flaw is a heap buffer overflow that has gone undetected in the program’s code for the past 18 years. Tracked as CVE…CSOONLINE.COM
13 MayMay Patch Tuesday roundup: Critical holes in Windows Netlogon, DNS, and SAP S/4HANACritical vulnerabilities in Windows Server’s networking and identity infrastructure, as well as a serious hole in Microsoft Dynamics 365 on-premises version, highlight Microsoft’s May Patch Tuesday fixes. They are among the 118 vulnerabilities identified this month by the company…CSOONLINE.COM
13 MayPatch Tuesday - May 2026Microsoft is publishing 137 vulnerabilities on May 2026 Patch Tuesday . Microsoft is not aware of exploitation in the wild or public disclosure for any of these vulnerabilities. So far this month, Microsoft has provided patches to address 133 browser vulnerabilities, which are no…RAPID7.COM
13 MayCVE-2026-43894 jq: Wild stack write via signed-integer overflow in decNumber D2U() macroInformation published.MSRC.MICROSOFT.COM
13 MayCVE-2026-43896 jq: Stack Overflow in Recursive Object MergeInformation published.MSRC.MICROSOFT.COM
13 MayCVE-2026-43895 jq: Embedded NUL in jq import paths causes local redaction-policy bypass and preserves sensitive fields in published artifactsInformation published.MSRC.MICROSOFT.COM
13 MayCVE-2026-40612 jq: Stack overflow via unbounded recursion in jv_containsInformation published.MSRC.MICROSOFT.COM
13 MayCVE-2026-41256 jq: Embedded NUL truncates top-level jq programs loaded with -fInformation published.MSRC.MICROSOFT.COM
13 MayCVE-2026-31767 drm/i915/dsi: Don't do DSC horizontal timing adjustments in command modeInformation published.MSRC.MICROSOFT.COM
13 MayCVE-2026-43249 9p/xen: protect xen_9pfs_front_free against concurrent callsInformation published.MSRC.MICROSOFT.COM
13 MayCVE-2026-8177 XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequencesInformation published.MSRC.MICROSOFT.COM
13 MayCVE-2026-6210 Type confusion and heap-buffer-overflow in Qt SVG marker handling causing application crashInformation published.MSRC.MICROSOFT.COM
13 MayCVE-2026-41257 jq: Signed-int overflow in `stack_reallocate` (jq VM stack)Information published.MSRC.MICROSOFT.COM
13 MayCritical Fortinet vulnerabilities fixed in FortiSandbox and FortiAuthenticatorFortinet patched critical flaws in FortiSandbox and FortiAuthenticator that could let attackers remotely execute code on unpatched systems. Fortinet addressed two critical vulnerabilities affecting FortiSandbox and FortiAuthenticator. The flaws could allow attackers to execute ar…SECURITYAFFAIRS.COM
13 MayMicrosoft’s agentic security system found four critical Windows RCE flawsMicrosoft responded to growing competition in AI security by announcing that its new agentic security system helped researchers discover 16 new vulnerabilities in the Windows networking and authentication stack, including four critical remote code execution (RCE) flaws. MDASH arc…HELPNETSECURITY.COM
13 MayMicrosoft’s new AI system finds 16 Windows flaws, including four critical RCEsMicrosoft has unveiled a new AI-driven vulnerability discovery system that identified 16 previously unknown Windows vulnerabilities, including four critical remote code execution flaws, in what security analysts say could mark a major shift in how software vulnerabilities are dis…CSOONLINE.COM
13 MayQuest KACE SMA flaw CVE-2025-32975: when one unpatched tool opens the door to 60 organizationsCVE-2025-32975 is a critical flaw in Quest KACE SMA used for endpoint management. If exploited, it could impact all managed systems across organizations. CVE-2025-32975 is a critical flaw in Quest KACE SMA used for endpoint management. If exploited, it could impact all managed sy…SECURITYAFFAIRS.COM
13 MayWhen IT Support Calls: Dissecting a ModeloRAT Campaign from Teams to Domain CompromiseOverview Attackers do not need to break into the front door when they can convince employees to open it for them through the tools they already trust. In April 2026, Rapid7 investigated an enterprise intrusion that began with a Microsoft Teams message from a fake “IT Support” acc…RAPID7.COM
13 May KEVFortinet fixes two critical RCE flaws in FortiAuthenticator and FortiSandboxFortinet released a batch of patches across its products on Patch Tuesday, including two critical vulnerabilities that can lead to remote code execution. Fortinet flaws, both zero-day and n-day, have been exploited in the wild many times in the past, so companies should deploy pa…CSOONLINE.COM
12 MayLinux kernel maintainers suggest a ‘kill switch’ to protect systems until a zero-day vulnerability is patchedLinux server admins may get the ability to turn off a vulnerable function in the OS kernel until a patch for a zero-day vulnerability is ready, if a proposal from a kernel developer and maintainer is accepted by the open source community. The idea of a kill switch for privileged …CSOONLINE.COM
12 MayBitUnlocker Downgrade Attack Bypasses Windows 11 Disk Encryption in MinutesA proof-of-concept (PoC) exploit that demonstrates how attackers can bypass Windows 11 BitLocker disk encryption in under 5 minutes. Dubbed the “BitUnlocker” attack, this physical downgrade technique exploits a known vulnerability, CVE-2025-48804. Initially documented…GBHACKERS.COM
12 MayCVE-2026-43500 rxrpc: Also unshare DATA/RESPONSE packets when paged frags are presentInformation published.MSRC.MICROSOFT.COM
12 MayCline AI Agent Flaw Allows Attackers to Launch RCE AttacksA critical security vulnerability in the Cline AI coding assistant’s kanban package exposes developers to remote code execution, data theft, and denial-of-service attacks by simply visiting a malicious website. Security researcher Sagilayani disclosed CVE-2026-44211 on GitH…GBHACKERS.COM
12 MaycPanel flaw exposes enterprises to hosting supply-chain risksA newly disclosed cPanel vulnerability is being exploited at scale, giving attackers a route into web hosting environments that many enterprises may not monitor closely. Analysts say the risk highlights weak visibility into hosting supply chains. The flaw, tracked as CVE-2026-419…CSOONLINE.COM
12 MayCopy.Fail Linux VulnerabilityThis is the worst Linux vulnerability in years. TL;DR copy.fail is a Linux kernel local privilege escalation, not a browser or clipboard attack. Disclosed by Theori on 29 April 2026 with a working PoC. It abuses the kernel crypto API (AF_ALG sockets) plus splice() to write four b…SCHNEIER.COM
12 MayAttackers exploit cPanel CVE-2026-41940 to deploy Filemanager BackdoorAttackers are exploiting cPanel flaw CVE-2026-41940 to install the Filemanager backdoor and gain unauthorized admin access. Cybercriminals are actively exploiting the critical cPanel vulnerability CVE-2026-41940 (CVSS score of 9.3) to deploy a backdoor called Filemanager on compr…SECURITYAFFAIRS.COM
12 MayJetBrains TeamCity vulnerability allows privilege escalation, API exposure (CVE-2026-44413)JetBrains has patched a high-severity vulnerability (CVE-2026-44413) in TeamCity, its popular continuous integration and continuous delivery platform, and is urging organizations with on-premises and self-managed deployments to upgrade to the fixed version or implement a security…HELPNETSECURITY.COM
12 MayStealthy hackers exploit cPanel flaw in active backdoor campaign (CVE-2026-41940)Security researchers at XLab have outlined an active attack campaign targeting CVE-2026-41940, the recently disclosed vulnerability in cPanel & WHM, and have linked it to a stealthy hacking group that has been operating largely undetected for years. The vulnerability allows …HELPNETSECURITY.COM
12 MayCVE-2026-32204 Azure Monitor Agent Elevation of Privilege VulnerabilityExternal control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-32177 .NET Elevation of Privilege VulnerabilityHeap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-21530 Windows Rich Text Edit Elevation of Privilege VulnerabilityDouble free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-33117 Azure SDK for Java Security Feature Bypass VulnerabilityImproper authentication in Azure SDK allows an unauthorized attacker to bypass a security feature over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-33834 Windows Event Logging Service Elevation of Privilege VulnerabilityImproper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-33839 Win32k Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-33840 Win32k Elevation of Privilege VulnerabilityUse after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-33841 Windows Kernel Elevation of Privilege VulnerabilityHeap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34329 Microsoft Message Queuing (MSMQ) Remote Code Execution VulnerabilityHeap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network.MSRC.MICROSOFT.COM
12 MayCVE-2026-34330 Win32k Elevation of Privilege VulnerabilityInteger overflow or wraparound in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34331 Win32k Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34333 Windows Win32k Elevation of Privilege VulnerabilityUse after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34342 Windows Print Spooler Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34343 Windows Application Identity (AppID) Subsystem Elevation of Privilege VulnerabilityHeap-based buffer overflow in Windows Application Identity (AppID) Subsystem allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34344 Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityAccess of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34345 Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34347 Windows Win32k Elevation of Privilege VulnerabilityUse after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34350 Windows Storport Miniport Driver Denial of Service VulnerabilityNull pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-34351 Windows TCP/IP Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-35415 Windows Storage Spaces Controller Elevation of Privilege VulnerabilityInteger overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-35416 Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityUse after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-35417 Windows Win32k Elevation of Privilege VulnerabilityAccess of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-35418 Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityUse after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-35419 Windows DWM Core Library Information Disclosure VulnerabilityOut-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-35420 Windows Kernel Elevation of Privilege VulnerabilityHeap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-35421 Windows GDI Remote Code Execution VulnerabilityHeap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-35422 Windows TCP/IP Driver Security Feature Bypass VulnerabilityAuthentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-35423 Windows 11 Telnet Client Information Disclosure VulnerabilityOut-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-35424 Internet Key Exchange (IKE) Protocol Denial of Service VulnerabilityMissing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-35433 .NET Elevation of Privilege VulnerabilityImproper input validation in .NET allows an unauthorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-35438 Windows Admin Center Elevation of Privilege VulnerabilityMissing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-35439 Microsoft SharePoint Server Remote Code Execution VulnerabilityDeserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-35440 Microsoft Word Information Disclosure VulnerabilityFiles or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40360 Microsoft Excel Information Disclosure VulnerabilityOut-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40363 Microsoft Office Remote Code Execution VulnerabilityHeap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40364 Microsoft Word Remote Code Execution VulnerabilityAccess of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40366 Microsoft Word Remote Code Execution VulnerabilityUse after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40368 Microsoft SharePoint Server Remote Code Execution VulnerabilityDeserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-40374 Microsoft Power Automate Desktop Information Disclosure VulnerabilityExposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-40377 Microsoft Cryptographic Services Elevation of Privilege VulnerabilityHeap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40380 Windows Volume Manager Extension Driver Remote Code Execution VulnerabilityHeap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.MSRC.MICROSOFT.COM
12 MayCVE-2026-40399 Windows TCP/IP Elevation of Privilege VulnerabilityStack-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40405 Windows TCP/IP Denial of Service VulnerabilityNull pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-40406 Windows TCP/IP Information Disclosure VulnerabilityUse after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-40407 Windows Common Log File System Driver Elevation of Privilege VulnerabilityHeap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40408 Windows WAN ARP Driver Elevation of Privilege VulnerabilityUse after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40410 Windows SMB Client Elevation of Privilege VulnerabilityUse after free in Windows SMB Client allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40414 Windows TCP/IP Denial of Service VulnerabilityNull pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.MSRC.MICROSOFT.COM
12 MayCVE-2026-40415 Windows TCP/IP Remote Code Execution VulnerabilityUse after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-40417 Microsoft Dynamics 365 Business Central Elevation of Privilege VulnerabilityWeak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40419 Microsoft Office Click-To-Run Elevation of Privilege VulnerabilityUse after free in Microsoft Office allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40421 Microsoft Word Information Disclosure VulnerabilityExternal control of file name or path in Microsoft Office Word allows an unauthorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-41088 Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityExternal control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-41089 Windows Netlogon Remote Code Execution VulnerabilityStack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-41094 Microsoft Data Formulator Remote Code Execution VulnerabilityImproper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-41095 Data Deduplication Elevation of Privilege VulnerabilityUse after free in Data Deduplication allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-41096 Windows DNS Client Remote Code Execution VulnerabilityHeap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-41100 Microsoft 365 Copilot for Android Spoofing VulnerabilityImproper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-41101 Microsoft Word for Android Spoofing VulnerabilityImproper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-41102 Microsoft PowerPoint for Android Spoofing VulnerabilityImproper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-41109 GitHub Copilot and Visual Studio Code Security Feature Bypass VulnerabilityImproper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-41610 Visual Studio Code Security Feature Bypass VulnerabilityImproper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-41611 Visual Studio Code Remote Code Execution VulnerabilityImproper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-41612 Visual Studio Code Information Disclosure VulnerabilityRelative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-41614 M365 Copilot for Desktop Spoofing VulnerabilityImproper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-32161 Windows Native WiFi Miniport Driver Remote Code Execution VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent network.MSRC.MICROSOFT.COM
12 MayCVE-2026-32170 Windows Rich Text Edit Elevation of Privilege VulnerabilityDouble free in Windows Rich Text Edit Control allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-32185 Microsoft Teams Spoofing VulnerabilityFiles or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-42831 Microsoft Office Remote Code Execution VulnerabilityHeap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-32175 .NET Core Tampering VulnerabilityA tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited c…MSRC.MICROSOFT.COM
12 MayCVE-2026-42825 Windows Telephony Service Elevation of Privilege VulnerabilityUse after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-42896 Windows DWM Core Library Elevation of Privilege VulnerabilityInteger overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-42898 Microsoft Dynamics 365 On-Premises Remote Code Execution VulnerabilityImproper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-42899 ASP.NET Core Denial of Service VulnerabilityLoop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-33110 Microsoft SharePoint Server Remote Code Execution VulnerabilityDeserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-33112 Microsoft SharePoint Server Remote Code Execution VulnerabilityDeserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-33833 Azure Machine Learning Notebook Spoofing VulnerabilityImproper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-33835 Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityUse after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-33837 Windows TCP/IP Local Elevation of Privilege VulnerabilityHeap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-33838 Windows Message Queuing (MSMQ) Elevation of Privilege VulnerabilityDouble free in Windows Message Queuing allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34332 Windows Kernel-Mode Driver Remote Code Execution VulnerabilityUse after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-34334 Windows TCP/IP Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34336 Windows DWM Core Library Information Disclosure VulnerabilityBuffer over-read in Windows DWM Core Library allows an authorized attacker to disclose information locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34337 Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityUse after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34338 Windows Telephony Service Elevation of Privilege VulnerabilityUse after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34339 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service VulnerabilityNull pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to deny service locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34340 Windows Projected File System Elevation of Privilege VulnerabilityUse after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-34341 Windows Link-Layer Discovery Protocol (LLDP) Elevation of Privilege VulnerabilityDouble free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40357 Microsoft SharePoint Server Remote Code Execution VulnerabilityDeserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-40358 Microsoft Office Remote Code Execution VulnerabilityUse after free in Microsoft Office allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40359 Microsoft Excel Remote Code Execution VulnerabilityUse after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40361 Microsoft Word Remote Code Execution VulnerabilityUse after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40362 Microsoft Excel Remote Code Execution VulnerabilityHeap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40365 Microsoft SharePoint Server Remote Code Execution VulnerabilityInsufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-40367 Microsoft Word Remote Code Execution VulnerabilityUntrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40370 SQL Server Remote Code Execution VulnerabilityExternal control of file name or path in SQL Server allows an authorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-40369 Windows Kernel Elevation of Privilege VulnerabilityUntrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40382 Windows Telephony Service Elevation of Privilege VulnerabilityUse after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40397 Windows Common Log File System Driver Elevation of Privilege VulnerabilityInteger underflow (wrap or wraparound) in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-32209 Windows Filtering Platform (WFP) Security Feature Bypass VulnerabilityImproper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40398 Windows Remote Desktop Services Elevation of Privilege VulnerabilityHeap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40401 Windows TCP/IP Denial of Service VulnerabilityNull pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40402 Windows Hyper-V Elevation of Privilege VulnerabilityUse after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40403 Windows Graphics Component Remote Code Execution VulnerabilityHeap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40413 Windows TCP/IP Denial of Service VulnerabilityNull pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.MSRC.MICROSOFT.COM
12 MayCVE-2026-40418 Microsoft Office Click-To-Run Elevation of Privilege VulnerabilityUse after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-35436 Microsoft Office Click-To-Run Elevation of Privilege VulnerabilityInsufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40420 Microsoft Office Click-To-Run Elevation of Privilege VulnerabilityImproper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-41086 Windows Admin Center in Azure Portal Elevation of Privilege VulnerabilityImproper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-41097 Secure Boot Security Feature Bypass VulnerabilityReliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-40381 Azure Connected Machine Agent Elevation of Privilege VulnerabilityImproper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-41103 Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege VulnerabilityIncorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-41613 Visual Studio Code Elevation of Privilege VulnerabilitySession fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-42823 Azure Logic Apps Elevation of Privilege VulnerabilityImproper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
12 MayCVE-2026-42830 Azure Monitor Agent Metrics Extension Elevation of Privilege VulnerabilityUntrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-42832 Microsoft Office Spoofing VulnerabilityImproper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.MSRC.MICROSOFT.COM
12 MayCVE-2026-42833 Microsoft Dynamics 365 On-Premises Remote Code Execution VulnerabilityExecution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.MSRC.MICROSOFT.COM
12 MayCVE-2025-54518 AMD: CVE-2025-54518 CPU OP Cache CorruptionThis vulnerability was found and addressed by AMD. We are documenting it in the Security Update Guide to encourage customers to install the May 2026 version of Windows as soon as possible. The vulnerability assigned to this CVE is in certain processor models offered by AMD. The m…MSRC.MICROSOFT.COM
12 MayCVE-2026-42893 Microsoft Outlook for iOS Tampering VulnerabilityImproper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network.MSRC.MICROSOFT.COM
12 May KEVMicrosoft’s May 2026 Patch Tuesday Addresses 118 CVEs (CVE-2026-41103)16 Critical 102 Important 0 Moderate 0 Low Microsoft addresses 118 CVEs in its May 2026 Patch Tuesday release, with no zero-days exploited in the wild or publicly disclosed for the first time since June 2024. Microsoft patched 118 CVEs in its May 2026 Patch Tuesday release, with …TENABLE.COM
12 MayNew Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code ExecutionExim has released security updates to address a severe security issue affecting certain configurations that could enable memory corruption and potential code execution. Exim is an open-source Mail Transfer Agent (MTA) designed for Unix-like systems to receive, route, and deliver …THEHACKERNEWS.COM
12 May KEVMicrosoft May 2026 Patch Tuesday: Many fixes, but no zero-daysMicrosoft has marked May 2026 Patch Tuesday by releasing fixes for 120+ CVE-numbered vulnerabilities, none of which (for a change) are actively exploited or have been publicly disclosed. Still, some deserve more consideration and should be addressed sooner than others. Patches to…HELPNETSECURITY.COM
11 MayCVE-2026-31706 ksmbd: validate num_aces and harden ACE walk in smb_inherit_dacl()Information published.MSRC.MICROSOFT.COM
11 MayCVE-2026-31723 usb: gadget: f_subset: Fix net_device lifecycle with device_moveInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-31724 usb: gadget: f_eem: Fix net_device lifecycle with device_moveInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43036 net: use skb_header_pointer() for TCPv4 GSO frag_off checkInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-31707 ksmbd: validate response sizes in ipc_validate_msg()Information published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43042 mpls: add seqcount to protect the platform_label{,s} pairInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-31771 Bluetooth: hci_event: move wake reason storage into validated event handlersInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43052 wifi: mac80211: check tdls flag in ieee80211_tdls_operInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-31709 smb: client: validate the whole DACL before rewriting it in cifsaclInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43010 bpf: Reject sleepable kprobe_multi programs at attach timeInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43474 fs: init flags_valid before calling vfs_fileattr_getInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2025-71302 drm/panthor: fix for dma-fence safe access rulesInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43309 md raid: fix hang when stopping arrays with metadata through dm-raidInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43300 drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove()Information published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43306 bpf: crypto: Use the correct destructor kfunc typeInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43443 ASoC: amd: acp-mach-common: Add missing error check for clock acquisitionInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43319 spi: spidev: fix lock inversion between spi_lock and buf_lockInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43344 perf/x86/intel/uncore: Fix die ID init and look up bugsInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43305 drm/amd/display: Fix mismatched unlock for DMUB HW lock in HWSS fast pathInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43310 media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVCInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43400 drm/amdgpu: add upper bound check on user inputs in signal ioctlInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43292 mm/vmalloc: prevent RCU stalls in kasan_release_vmalloc_nodeInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43398 drm/amdgpu: add upper bound check on user inputs in wait ioctlInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43311 soc/tegra: pmc: Fix unsafe generic_handle_irq() callInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43421 usb: gadget: f_ncm: Fix net_device lifecycle with device_moveInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43308 btrfs: don't BUG() on unexpected delayed ref type in run_one_delayed_ref()Information published.MSRC.MICROSOFT.COM
11 MayCVE-2026-42256 net-imap: Denial of service via high iteration count for `SCRAM-*` authenticationInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-42246 net-imap vulnerable to STARTTLS stripping via invalid response timingInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-7261 SoapServer session-persisted object use-after-free via SOAP header faultInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43053 xfs: close crash window in attr dabtree inactivationInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43048 HID: core: Mitigate potential OOB by removing bogus memset()Information published.MSRC.MICROSOFT.COM
11 MayCVE-2026-31777 ALSA: ctxfi: Check the error for index mappingInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-31722 usb: gadget: f_rndis: Fix net_device lifecycle with device_moveInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-31725 usb: gadget: f_ecm: Fix net_device lifecycle with device_moveInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43049 HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failureInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-31712 ksmbd: require minimum ACE size in smb_check_perm_dacl()Information published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43019 Bluetooth: hci_conn: fix potential UAF in set_cig_params_syncInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-31729 usb: typec: ucsi: validate connector number in ucsi_notify_common()Information published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43009 bpf: Fix incorrect pruning due to atomic fetch precision trackingInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-31715 f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io()Information published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43338 btrfs: reserve enough transaction items for qgroup ioctlsInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43318 drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notifyInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43416 powerpc, perf: Check that current->mm is alive before getting user callchainInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43352 i3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeueInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43284 xfrm: esp: avoid in-place decrypt on shared skb fragsInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2025-71299 spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsingInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43317 most: core: fix leak on early registration failureInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43321 bpf: Properly mark live registers for indirect jumpsInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43456 bonding: fix type confusion in bond_setup_by_slave()Information published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43298 drm/amdgpu: Skip vcn poison irq release on VFInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43299 btrfs: do not ASSERT() when the fs flips RO inside btrfs_repair_io_failure()Information published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43294 drm: renesas: rz-du: mipi_dsi: fix kernel panic when rebooting for some panelsInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-43353 i3c: mipi-i3c-hci: Fix race in DMA ring dequeueInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-42257 net-imap: Command Injection via "raw" arguments to multiple commandsInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-42258 net-imap: Command Injection via unvalidated Symbol inputsInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-7258 Out-of-bounds read in urldecode() on NetBSDInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-7262 NULL pointer dereference in SOAP apache:Map decoder with missing <value>Information published.MSRC.MICROSOFT.COM
11 MayCVE-2025-14179 SQL injection in pdo_firebird via NUL bytes in quoted stringsInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2026-7259 Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()Information published.MSRC.MICROSOFT.COM
11 MayCVE-2025-21723 scsi: mpi3mr: Fix possible crash when setting up bsg failsInformation published.MSRC.MICROSOFT.COM
11 MayCVE-2025-21714 RDMA/mlx5: Fix implicit ODP use after freeInformation published.MSRC.MICROSOFT.COM
11 MayPoC Exploit Released for Android Zero-Click Flaw Enabling Remote Shell AccessPublic references indicate that a GitHub proof-of-concept is now circulating for CVE-2026-0073, the critical Android flaw documented in Google’s May 2026 security bulletin, raising the urgency for defenders with wireless ADB enabled on test or production devices. Google and multi…GBHACKERS.COM
11 May1,800+ MCP servers exposed without authentication: How zero trust can secure the AI agent revolutionWe find ourselves teetering upon a precipice of our own unwitting construction, and the vertiginous depth of our collective negligence ought to give every security practitioner profound pause. In our headlong rush to deploy AI agents across enterprise environments, we have erecte…CSOONLINE.COM
11 MayThe impact of Mythos and Florida Man, confidence gaps, phishing, & AI adoption - Erich... - ESW #458The Weekly Enterprise News This week, in the enterprise security news, 1. Copy Fail 2. The hits keep coming for CVE, NIST and NVD 3. Cyber attacks on breathalyzers 4. insurance carriers pulling support for AI 5. Florida Man pleads guilty 6. ignore the humanities at your own peril…YOUTUBE.COM
11 MaycPanel and WHM Servers Targeted in Attacks Exploiting CVE-2026-41940A critical authentication bypass vulnerability affecting cPanel and WHM servers, identified as CVE-2026-41940, is currently under active exploitation by a highly sophisticated and elusive cybercriminal syndicate known as Mr_Rot13. The vulnerability carries a maximum severity CVSS…GBHACKERS.COM
11 May KEVNew ‘Dirty Frag’ exploit targets Linux kernel for root accessA newly disclosed Linux privilege escalation issue dubbed “Dirty Frag” is giving attackers a cleaner path to post-compromise escalation to root privileges. According to Microsoft, a couple of vulnerabilities constituting the issue, affecting Linux kernel networking and memory-fra…CSOONLINE.COM
11 MayLinux developers weigh emergency “killswitch” for vulnerable kernel functionsLinux kernel developers are reviewing a proposal for an emergency risk mitigation mechanism (“Killswitch”) that would allow administrators to disable vulnerable kernel functions at runtime. The proposal, submitted by Linux kernel developer/maintainer Sasha Levin, arri…HELPNETSECURITY.COM
11 MayVU#937808: Casdoor contains Arbitrary File Write vulnerabilityOverview Casdoor contains an arbitrary file write vulnerability in the implementation of its "Local File System" storage provider. Due to insufficient sanitization of user-supplied paths, an authenticated user with file upload permissions can escape the intended storage directory…KB.CERT.ORG
11 MayVU#471747: dnsmasq contains several vulnerabilities, including attacker DNS redirect, privilege escalation, and heap manipulationOverview dnsmasq is affected by multiple memory safety and input validation vulnerabilities, including heap buffer overflows, heap corruption, and code execution flaws. Collectively, these vulnerabilities enable attackers to poison cached DNS records, bypass security controls, cr…KB.CERT.ORG
11 MaycPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager BackdoorA threat actor named Mr_Rot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor codenamed Filemanager on compromised environments. The attack exploits CVE-2026-41940, a vulnerability impacting cPanel and WebHost Manager (WHM…THEHACKERNEWS.COM
11 MayFlash Alert: EtherRat and TukTuk C2 End in The Gentleman RansomwareThe EtherRAT malware family was first reported by Sysdig back in December 2025. At that time, the initial access vector was exploitation of CVE-2025-55182 (React2Shell) targeting Linux servers. In March 2026, a Windows variant campaign was reported by Atos, with their investigati…THEDFIRREPORT.COM
10 MayCVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/netInformation published.MSRC.MICROSOFT.COM
10 MayCVE-2026-39823 Bypass of meta content URL escaping causes XSS in html/templateInformation published.MSRC.MICROSOFT.COM
10 MayCVE-2026-41889 pgx: SQL Injection via placeholder confusion with dollar quoted string literalsInformation published.MSRC.MICROSOFT.COM
10 MayCVE-2026-6664 PgBouncer integer overflow in PgBouncer network packet parsingInformation published.MSRC.MICROSOFT.COM
10 MayCVE-2026-6667 PgBouncer missing authorization check in KILL_CLIENT admin commandInformation published.MSRC.MICROSOFT.COM
10 MayCVE-2026-6666 PgBouncer crash in kill_pool_logins_server_errorInformation published.MSRC.MICROSOFT.COM
10 MayCVE-2026-45130 Vim: Heap Buffer Overflow in spell file loadingInformation published.MSRC.MICROSOFT.COM
10 MayCVE-2026-44656 Vim: OS Command Injection via 'path' completionInformation published.MSRC.MICROSOFT.COM
10 MayCVE-2026-33811 Crash when handling long CNAME response in netInformation published.MSRC.MICROSOFT.COM
10 MayCVE-2026-39817 Invoking "go tool pack" does not sanitize output paths in cmd/goInformation published.MSRC.MICROSOFT.COM
10 MayCVE-2026-39819 Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/goInformation published.MSRC.MICROSOFT.COM
10 MayCVE-2026-39820 Quadratic string concatentation in consumeComment in net/mailInformation published.MSRC.MICROSOFT.COM
10 MayCVE-2026-39825 ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputilInformation published.MSRC.MICROSOFT.COM
10 MayCVE-2026-39826 Escaper bypass leads to XSS in html/templateInformation published.MSRC.MICROSOFT.COM
10 MayCVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in netInformation published.MSRC.MICROSOFT.COM
10 MayCVE-2026-42499 Quadratic string concatenation in consumePhrase in net/mailInformation published.MSRC.MICROSOFT.COM
10 MayCVE-2026-42501 Malicious module proxy can bypass checksum database in cmd/goInformation published.MSRC.MICROSOFT.COM
10 MayCVE-2026-33079 Mistune ReDoS in LINK_TITLE_RE allows denial of service with crafted Markdown titlesInformation published.MSRC.MICROSOFT.COM
10 MayOllama Out-of-Bounds Read Vulnerability Allows Remote Process Memory LeakCybersecurity researchers have disclosed a critical security vulnerability in Ollama that, if successfully exploited, could allow a remote, unauthenticated attacker to leak its entire process memory. The out-of-bounds read flaw, which likely impacts over 300,000 servers globally,…THEHACKERNEWS.COM
9 MaycPanel, WHM Release Fixes for Three New Vulnerabilities — Patch NowcPanel has released updates to address three vulnerabilities in cPanel and Web Host Manager (WHM) that could be exploited to achieve privilege escalation, code execution, and denial-of-service. The list of vulnerabilities is as follows - CVE-2026-29201 (CVSS score: 4.3) - An insu…THEHACKERNEWS.COM
8 May13 new critical holes in JavaScript sandbox allow execution of arbitrary codeThirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code to escape the container and do nasty things to IT environments. As a result, developers using this library in their applications are urged to update the sof…CSOONLINE.COM
8 MayPalo Alto Networks firewall flaw has been exploited for several weeksPalo Alto Networks warns that a critical zero-day vulnerability has been discovered in the PAN-OS firewall system. The vulnerability has already been exploited by suspected state-sponsored hackers for nearly a month, reports Bleeping Computer . The vulnerability, CVE-2026-0300, i…CSOONLINE.COM
8 MayPoC Exploit Released for Dirty Frag Linux Kernel VulnerabilityA proof-of-concept exploit for a new Linux kernel vulnerability class dubbed “Dirty Frag”. This universal local privilege escalation vulnerability allows attackers to obtain root access across most major Linux distributions reliably. Because a third party unexpectedly…GBHACKERS.COM
8 MayLinux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major DistributionsDetails have emerged about a new, unpatched local privilege escalation (LPE) vulnerability impacting the Linux kernel. Dubbed Dirty Frag, it has been described as a successor to Copy Fail (CVE-2026-31431, CVSS score: 7.8), a recently disclosed LPE flaw impacting the Linux kernel …THEHACKERNEWS.COM
8 MayAnother Universal Linux Local Privilege Escalation (LPE) Vulnerability: Dirty Frag, (Fri, May 8th)Less than two weeks after the public disclosure of the Copy Fail vulnerability (CVE-2026-31431), another local privilege escalation (LPE) vulnerability in the Linux kernel has been revealed. Referred to as "Dirty Frag," this vulnerability was discovered and reported by Hyunwoo Ki…ISC.SANS.EDU
8 MayCVE-2026-41673 xmldom: Denial of service via uncontrolled recursion in XML serializationInformation published.MSRC.MICROSOFT.COM
8 MayCVE-2026-43869 Apache Thrift: TSSLTransportFactory.java hostname verificationInformation published.MSRC.MICROSOFT.COM
8 MayCVE-2026-41672 xmldom: XML node injection through unvalidated comment serializationInformation published.MSRC.MICROSOFT.COM
8 MayCVE-2026-41674 xmldom: XML injection through unvalidated DocumentType serializationInformation published.MSRC.MICROSOFT.COM
8 MayCVE-2026-41675 xmldom: XML node injection through unvalidated processing instruction serializationInformation published.MSRC.MICROSOFT.COM
8 MayCVE-2026-25243 redis-server RESTORE invalid memory access may allow remote code executionInformation published.MSRC.MICROSOFT.COM
8 MayCVE-2026-31717 ksmbd: validate owner of durable handle on reconnectInformation published.MSRC.MICROSOFT.COM
8 MayCVE-2026-23631 redis-server Lua use-after-free may allow remote code executionInformation published.MSRC.MICROSOFT.COM
8 MayCVE-2026-31718 ksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavengerInformation published.MSRC.MICROSOFT.COM
8 MayCVE-2026-23479 redis-server use-after-free in unblock client flow may allow remote code executionInformation published.MSRC.MICROSOFT.COM
8 MayCVE-2026-25588 RedisTimeSeries RESTORE invalid memory access may allow remote code executionInformation published.MSRC.MICROSOFT.COM
8 MayCVE-2026-25589 RedisBloom RESTORE invalid memory access may allow remote code executionInformation published.MSRC.MICROSOFT.COM
8 MayCritical Vulnerability in Rancher Fleet Enables Full Cluster-Admin PrivilegesThe SUSE Rancher Security team disclosed a critical vulnerability tracked as CVE-2026-41050. This severe flaw affects Rancher Fleet, a popular GitOps tool for managing Kubernetes clusters at scale. The vulnerability completely breaks the platform’s core multi-tenant isolati…GBHACKERS.COM
8 MayCVE-2025-68670: discovering an RCE vulnerability in xrdpDuring a security assessment of Kaspersky USB Redirector, we discovered CVE-2025-68670: a pre-auth RCE in the xrdp server component. Project maintainers promptly patched the vulnerability.SECURELIST.COM
8 MayYour CTEM program is probably ignoring MCP. Here’s how to fix itModel Context Protocol (MCP) is the connective tissue of modern AI tooling and has quietly become one of the most significant blind spots in modern security programs. Like shadow IT before it, shadow AI — especially as it relates to MCP risk — introduces a new class of exposures …CSOONLINE.COM
8 MayIvanti EPMM vulnerability exploited in zero-day attacks (CVE-2026-6973)Ivanti has released fixes for 5 high-severity vulnerabilities in its Endpoint Manager Mobile (EPMM) solution, one of which (CVE-2026-6973) has being exploited as a zero-day by attackers. “We are aware of a very limited number of customers exploited with CVE-2026-6973,”…HELPNETSECURITY.COM
8 MayDirty Frag: Unpatched Linux vulnerability delivers root accessA week after Copy Fail, another Linux local privilege escalation vulnerability dubbed “Dirty Frag” has been revealed, along with a PoC exploit. What is Dirty Frag In effect, Dirty Frag refers to two flaws: A xfrm-ESP Page-Cache Write vulnerability (CVE-2026-43284, aka…HELPNETSECURITY.COM
8 MayMetasploit Wrap-Up 05/08/2026Spring cleanup This week’s Metasploit updates focused on foundational improvements and expanded target reach. Key enhancements were made to the recently released Copy Fail exploit module, which now benefits from payload fixes in linux/x64/exec and linux/armle/exec. These changes …RAPID7.COM
8 MayVU#260001: Linux kernel contains local privilege escalation vulnerability (Copy Fail)Overview A privilege escalation vulnerability has been discovered in Linux kernel versions version 4.17 (released 2017) and later. Many popular distributions and Linux-based containers are affected. This vulnerability was publicly disclosed on April 29, 2026, has been assigned CV…KB.CERT.ORG
8 MayDirty Frag: Linux Kernel Local Privilege Escalation via ESP and RxRPCUnpatched kernel flaw chain (CVE-2026-43284, CVE-2026-43500) enables root escalation on major Linux distributions.WIZ.IO
7 MayThreat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code ExecutionUnit 42 details CVE-2026-0300, a buffer overflow vulnerability in the PAN-OS User-ID Authentication Portal. Read now for details. The post Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
7 MayCisco Network Flaw Exposes Devices to Remote Denial-of-Service ExploitsCisco has issued a high-severity security advisory detailing a critical connection exhaustion vulnerability affecting its network management software. Tracked as CVE-2026-20188, this flaw carries a CVSS base score of 7.5. It directly impacts both the Cisco Crosswork Network Contr…GBHACKERS.COM
7 MayCVE-2026-33190 CoreDNS TSIG authentication bypass on encrypted DNS transportsInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-32936 CoreDNS DoH GET path missing size validation causes CPU and memory amplificationInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-35579 CoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transportsInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-42151 Prometheus Azure AD remote write OAuth client secret exposed via config APIInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-42154 Prometheus: remote read endpoint allows denial of service via crafted snappy payloadInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43248 vhost: move vdpa group bound check to vhost_vdpaInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43127 ntfs3: fix circular locking dependency in run_unpack_exInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43161 iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable modeInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43137 ASoC: SOF: Intel: hda: Fix NULL pointer dereferenceInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43234 team: avoid NETDEV_CHANGEMTU event when unregistering slaveInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43185 ksmbd: fix signededness bug in smb_direct_prepare_negotiation()Information published.MSRC.MICROSOFT.COM
7 MayCVE-2025-71273 wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band()Information published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43116 netfilter: ctnetlink: ensure safe access to master conntrackInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43244 kcm: fix zero-frag skb in frag_list on partial sendmsg errorInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43191 drm/amd/display: Adjust PHY FSM transition to TX_EN-to-PLL_ON for TMDS on DCN35Information published.MSRC.MICROSOFT.COM
7 MayCVE-2025-71272 most: core: fix resource leak in most_register_interface error pathsInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-33489 CoreDNS transfer plugin subzone ACL bypass via lexicographic zone comparisonInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-32934 CoreDNS DNS-over-QUIC unbounded goroutine growth leads to denial of serviceInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43073 x86-64: rename misleadingly named '__copy_user_nocache()' functionInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43125 dlm: validate length in dlm_search_rsb_treeInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43176 wifi: rtw89: pci: validate release report content before using for RTL8922DEInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43204 ASoC: qcom: q6asm: drop DSP responses for closed data streamsInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43131 drm/amd/pm: Fix null pointer dereference issueInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43126 ALSA: mixer: oss: Add card disconnect checkpointsInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43198 tcp: fix potential race in tcp_v6_syn_recv_sock()Information published.MSRC.MICROSOFT.COM
7 MayCVE-2025-71290 misc: ti_fpc202: fix a potential memory leak in probe functionInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43115 srcu: Use irq_work to start GP in tiny SRCUInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2025-71293 drm/amdgpu/ras: Move ras data alloc before bad page checkInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43172 wifi: iwlwifi: fix 22000 series SMEM parsingInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2025-71285 net: qrtr: Drop the MHI auto_queue feature for IPCR DL channelsInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43197 netconsole: avoid OOB reads, msg is not nul-terminatedInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43118 btrfs: fix zero size inode with non-zero size after log replayInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43109 x86: shadow stacks: proper error handling for mmap lockInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43129 ima: verify the previous kernel's IMA buffer lies in addressable RAMInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43274 mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchp_ipc_get_cluster_aggr_irq()Information published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43258 alpha: fix user-space corruption during memory compactionInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2025-71289 fs/ntfs3: handle attr_set_size() errors when truncating filesInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43107 xfrm: account XFRMA_IF_ID in aevent size calculationInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43243 drm/amd/display: Add signal type check for dcn401 get_phyd32clk_srcInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2025-71294 drm/amdgpu: fix NULL pointer issue buffer funcsInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43250 usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke()Information published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43237 drm/amdgpu: Refactor amdgpu_gem_va_ioctl for Handling Last Fence Update and Timeline Management v4Information published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43201 APEI/GHES: ARM processor Error: don't go past allocated memoryInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43219 net: cpsw_new: Fix potential unregister of netdev that has not been registered yetInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43165 hwmon: (nct7363) Fix a resource leak in nct7363_present_pwm_faninInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43088 net: af_key: zero aligned sockaddr tail in PF_KEY exportsInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43195 drm/amdgpu: validate user queue size constraintsInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43213 wifi: rtw89: pci: validate sequence number of TX release reportInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43228 hfs: Replace BUG_ON with error handling for CNID count checksInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43216 net: Drop the lock in skb_may_tx_timestamp()Information published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43119 Bluetooth: hci_sync: annotate data-races around hdev->req_statusInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43267 wifi: rtw89: fix potential zero beacon interval in beacon trackingInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43101 ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data()Information published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43199 net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address queryInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43870 Apache Thrift: Node.js web_server.js multi-vulnerabilityInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-43868 Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 patternInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-33523 Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status lineInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-23918 Apache HTTP Server: http2: double free and possible RCE on early resetInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-34059 Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data()Information published.MSRC.MICROSOFT.COM
7 MayCVE-2026-34032 Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string)Information published.MSRC.MICROSOFT.COM
7 MayCVE-2026-24072 Apache HTTP Server: mod_rewrite elevation of privileges via ap_exprInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-33006 Apache HTTP Server: mod_auth_digest timing attackInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-33007 Apache HTTP Server: mod_authn_socache crashInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-29169 Apache HTTP Server: mod_dav_lock indirect lock crashInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-29168 Apache HTTP Server: mod_md unrestricted OCSP responseInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-33857 Apache HTTP Server: Off-by-one OOB reads in AJP getter functionsInformation published.MSRC.MICROSOFT.COM
7 MayRedis Security Flaws Expose Servers to Remote Code Execution RisksRedis has disclosed and patched five security vulnerabilities, including four rated High severity, that could allow authenticated attackers to achieve remote code execution (RCE) on affected Redis servers. The advisory, published May 5, 2026, by Redis Chief Information Security O…GBHACKERS.COM
7 MayCVE-2026-33845 Gnutls: gnutls: denial of service via dtls zero-length fragmentInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-3833 Gnutls: gnutls: policy bypass due to case-sensitive nameconstraints comparisonInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-3832 Gnutls: gnutls: security bypass allows acceptance of revoked server certificates via crafted ocsp responseInformation published.MSRC.MICROSOFT.COM
7 MayCVE-2026-6383 Kubevirt: kubevirt: unauthorized subresource access due to improper rbac evaluationInformation published.MSRC.MICROSOFT.COM
7 May KEVCISA Issues Warning Over Palo Alto PAN-OS Flaw Enabling Root-Level AccessThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a newly identified, severe vulnerability within Palo Alto Networks PAN-OS. Officially tracked as CVE-2026-0300, this critical flaw was aggressively added to CISA’s Known Explo…GBHACKERS.COM
7 May KEVCritical Palo Alto Networks software bug hits exposed firewallsPalo Alto Networks is warning customers about a critical buffer overflow vulnerability affecting its PAN-OS user-ID authentication portal that is already being exploited in the wild. The flaw allows attackers to execute arbitrary code with root privileges on exposed firewalls, th…CSOONLINE.COM
7 MayCVE-2026-26956: vm2 Sandbox Escape Enables Host RCE in Node.js 25CVE-2026-26956: vm2 Sandbox Escape Enables Host RCE in Node.js 25 CVE-2026-26956 is a critical sandbox escape affecting the Node.js sandbox library vm2. In vm2 3.10.4, attacker-controlled JavaScript executed through VM.run() can break out of the sandbox and reach the host process…SOCRADAR.IO
7 MayPAN-OS RCE Exploit Under Active Use Enabling Root Access and EspionagePalo Alto Networks has disclosed that threat actors may have attempted to unsuccessfully exploit a recently disclosed critical security flaw as early as April 9, 2026. The vulnerability in question is CVE-2026-0300 (CVSS score: 9.3/8.7), a buffer overflow vulnerability in the Use…THEHACKERNEWS.COM
7 MayIvanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level AccessIvanti is warning that a new security flaw impacting Endpoint Manager Mobile (EPMM) has been explored in limited attacks in the wild. The high-severity vulnerability, CVE-2026-6973 (CVSS score: 7.2), is a case of improper input validation affecting EPMM before versions 12.6.1.1, …THEHACKERNEWS.COM
7 MayOllama vulnerability highlights danger of AI frameworks with unrestricted accessA critical vulnerability in Ollama poses a direct risk of sensitive information leaks to more than 300,000 internet-exposed servers, researchers have found. The flaw, tracked as CVE-2026-7482, stems from an out-of-bounds heap read in Ollama’s model quantization pipeline. Ollama i…CSOONLINE.COM
7 MayNation-state actors exploit Palo Alto PAN-OS zero-day for weeksPalo Alto says hackers exploited PAN-OS zero-day CVE-2026-0300 for weeks, gaining root access to exposed firewalls and hiding traces. Palo Alto Networks warned that suspected state-sponsored hackers have been exploiting the critical PAN-OS zero-day CVE-2026-0300 for nearly a mont…SECURITYAFFAIRS.COM
6 MayQR Phishing Explodes, Ubuntu Under Attack, CISA Warns Critical Infrastructure Prepare for IsolationQR-code phishing is no longer a niche attack. Microsoft says QR phishing attacks jumped from 7.6 million in January to 18.7 million in March 2026 — a 146% increase in just three months. In this episode of Cybersecurity Today, David Shipley explains why QR-based attacks are bypass…CYBERSECURITYTODAY.LIBSYN.COM
6 May KEVPalo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code ExecutionPalo Alto Networks has released an advisory warning that a critical buffer overflow vulnerability in its PAN-OS software has been exploited in the wild. The vulnerability, tracked as CVE-2026-0300, has been described as a case of unauthenticated remote code execution. It carries …THEHACKERNEWS.COM
6 MayCVE-2026-43037 ip6_tunnel: clear skb2->cb[] in ip4ip6_err()Information published.MSRC.MICROSOFT.COM
6 MayCritical Palo Alto Firewall Vulnerability Enables Attackers to Gain Root PrivilegesPalo Alto Networks has issued an urgent security advisory concerning a critical vulnerability affecting its PAN-OS software. Tracked as CVE-2026-0300, this high-severity security flaw carries a CVSS 4.0 base score of 9.3 and is currently experiencing limited active exploitation i…GBHACKERS.COM
6 MayArgo CD ServerSideDiff Flaw Allows Attackers to Extract Kubernetes SecretsA critical vulnerability has been identified in Argo CD that could allow attackers with minimal privileges to extract highly sensitive Kubernetes Secrets directly from etcd clusters. Tracked as CVE-2026-42880 and rated 9.6, this severe security flaw exposes a missing authorisatio…GBHACKERS.COM
6 May KEVPalo Alto Networks PAN-OS flaw exploited for remote code executionPalo Alto Networks warns of a critical PAN-OS flaw (CVE-2026-0300) that is under active attack, allowing unauthenticated remote code execution. Palo Alto Networks has warned that a critical PAN-OS vulnerability, tracked as CVE-2026-0300 (CVSS score of 9.3), is actively exploited …SECURITYAFFAIRS.COM
6 MayApache fixes critical HTTP/2 double-free flaw CVE-2026-23918 enabling RCEApache fixed several flaws in HTTP Server, including CVE-2026-23918 (CVSS score of 8.8), a double-free bug in HTTP/2 that could allow remote code execution. The Apache Software Foundation has released updates to fix multiple vulnerabilities in its HTTP Server, including CVE-2026-…SECURITYAFFAIRS.COM
6 May KEVWhatsApp warns of Instagram Reels bug that could load risky contentMeta has released security updates for WhatsApp addressing two vulnerabilities that could have exposed users to malicious files or attacker-controlled content on Android, iOS, and Windows devices. The company says it has not seen evidence that either flaw was exploited in the wil…CYBERINSIDER.COM
6 May KEVRoot-level RCE vulnerability in Palo Alto firewalls exploited (CVE-2026-0300)A critical vulnerability (CVE-2026-0300) affecting Palo Alto Networks firewalls is being actively exploited by attackers, the security company acknowledged today, and urged customers to implement mitigations as they are still working on fixes. About CVE-2026-0300 CVE-2026-0300 is…HELPNETSECURITY.COM
6 May KEVCritical Buffer Overflow in Palo Alto Networks PAN-OS User-ID Authentication Portal (CVE-2026-0300)Overview On May 6, 2026, Palo Alto Networks published a security advisory for CVE-2026-0300 , a critical unauthenticated buffer overflow vulnerability affecting PAN-OS PA-Series and VM-Series firewall appliances. Prisma Access, Cloud NGFW, and Panorama appliances are not affected…RAPID7.COM
6 MayPalo Alto warns of critical software bug used in firewall attacksA patch for the bug, tracked as CVE-2026-0300, has not been published yet and Palo Alto Networks said it will be included in releases over the next two weeks.THERECORD.MEDIA
6 MayCritical Buffer Overflow Vulnerability in PAN-OS Exploited in-the-WildDetect and mitigate CVE-2026-0300, a critical vulnerability in Palo Alto Networks PAN-OS User-ID Authentication Portal that allows unauthenticated attackers to achieve remote code execution (RCE) with root privileges.WIZ.IO
5 MayApache HTTP Server Vulnerability Exposes Millions to Remote Code Execution ThreatsThe Apache Software Foundation has released an urgent security update for the Apache HTTP Server to patch a severe vulnerability. Tracked as CVE-2026-23918, this flaw could allow attackers to execute malicious code remotely on affected web servers, putting millions of websites at…GBHACKERS.COM
5 May KEVWeaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug APIA critical security vulnerability in Weaver (Fanwei) E-cology, an enterprise office automation (OA) and collaboration platform, has come under active exploitation in the wild. The vulnerability (CVE-2026-22679, CVSS score: 9.8) relates to a case of unauthenticated remote code exe…THEHACKERNEWS.COM
5 MayCVE-2026-40170 ngtcp2 has a qlog transport parameter serialization stack buffer overflowInformation published.MSRC.MICROSOFT.COM
5 MayMetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution AttacksThreat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, according to new findings from VulnCheck. The vulnerability in question is CVE-2026-29014 (CVSS score: 9.8), a code injection flaw that could …THEHACKERNEWS.COM
5 May KEVCritical Weaver E-cology RCE Exploit Raises Alarm for Enterprise SystemsA critical unauthenticated remote code execution vulnerability in Weaver (Fanwei) E-cology is being actively exploited in the wild, with real-world intrusion activity traced back to mid-March 2026, weeks before public awareness. Tracked as CVE-2026-22679 with a CVSS score of 9.8,…GBHACKERS.COM
5 MayAI finds 20-year-old bugs in PostgreSQL and MariaDBOpen-source databases are facing a bit of a memory problem as AI helps surface decades-old buffer overflow issues in widely used components. Security researchers have disclosed a set of high and critical-severity vulnerabilities affecting PostgreSQL and MariaDB, with two bugs rep…CSOONLINE.COM
5 MayFive ways to use Kiro and Amazon Q to strengthen your security postureA Monday morning security alert flags unauthorized access attempts, security group misconfigurations, and AWS Identity and Access Management (IAM) policy violations. Your team needs answers fast. Security teams are using Kiro and Amazon Q Developer to handle repetitive tasks—scan…AWS.AMAZON.COM
5 MayCritical Android vulnerability CVE-2026-0073 fixed by GoogleGoogle patched a critical Android flaw (CVE‑2026‑0073) that lets attackers run code remotely without user action. Google released a security update for Android to address a critical remote code execution flaw, tracked as CVE‑2026‑0073, in the System component. The bug allowed att…SECURITYAFFAIRS.COM
5 MayCritical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCEThe Apache Software Foundation (ASF) has released security updates to address several security vulnerabilities in the HTTP Server, including a severe vulnerability that could potentially lead to remote code execution (RCE). The vulnerability, tracked as CVE-2026-23918 (CVSS score…THEHACKERNEWS.COM
5 MayUnpatched flaws turn Ollama’s auto-updater into a persistent RCE vector, researchers sayResearchers at Striga have disclosed two vulnerabilities (CVE-2026-42248, CVE-2026-42249) in Ollama’s Windows auto-updater that, when chained together, may allow an attacker to covertly plant a persistent executable that runs on every login. CVE-2026-42248 and CVE-2026-4224…HELPNETSECURITY.COM
5 MayCopy Fail: What You Need to Know About the Most Severe Linux Threat in YearsCopy Fail (CVE-2026-31431) is a critical Linux kernel LPE that allows stealthy root access. This flaw impacts millions of systems. Read our analysis. The post Copy Fail: What You Need to Know About the Most Severe Linux Threat in Years appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
4 MayFreeBSD Systems at Risk From DHCP Client RCE VulnerabilityThe FreeBSD Project has issued a critical security advisory (FreeBSD-SA-26:12.dhclient) to address a severe Remote Code Execution (RCE) vulnerability in its default IPv4 DHCP client. Tracked as CVE-2026-42511, this flaw allows local network attackers to execute arbitrary code wit…GBHACKERS.COM
4 MaycPanel Vulnerability Exploited to Compromise Government and Military ServersA critical authentication bypass vulnerability in cPanel and Web Host Manager, officially tracked as CVE-2026-41940, is currently being exploited by unidentified threat actors. Security researchers at Ctrl-Alt-Intel recently uncovered an alarming campaign leveraging this vulnerab…GBHACKERS.COM
4 May KEVCISA Flags Linux Kernel Vulnerability as Threat Actors Launch AttacksThe Cybersecurity and Infrastructure Security Agency (CISA) has officially added a high-severity Linux kernel vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2026-31431, this flaw is currently being exploited in the wild by threat actors. This a…GBHACKERS.COM
4 May KEVCISA warns “Copy Fail” Linux flaw is already actively exploitedThe US Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Linux kernel flaw known as “Copy Fail” to its Known Exploited Vulnerabilities (KEV) catalog. This confirms that the issue, tracked as CVE-2026-31431, is already being actively exploited in the wil…CYBERINSIDER.COM
4 MayCritical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670)Progress Software has fixed a critical authentication bypass (CVE-2026-4670) and a privilege escalation (CVE-2026-5174) vulnerability in MOVEit Automation, exploitation of which “may lead to unauthorized access, administrative control, and data exposure.” The vulnerab…HELPNETSECURITY.COM
4 MayMultiple threat actors actively exploit cPanel vulnerability (CVE-2026-41940)The situation around the critical cPanel authentication bypass vulnerability (CVE-2026-41940) has deteriorated significantly since our initial coverage. Exploratory probing has evolved into multi-actor exploitation, leading to disrupted websites, ransomware and malware deployment…HELPNETSECURITY.COM
4 MayHackers target governments and MSPs via critical cPanel flaw CVE-2026-41940Attackers exploit a critical cPanel flaw to target government and MSP networks across Southeast Asia and several countries, including the U.S. and Canada. A threat actor is exploiting critical cPanel vulnerability CVE-2026-41940 to target government and military organizations in …SECURITYAFFAIRS.COM
4 MayMOVEit automation flaws could enable full system compromiseProgress fixes critical MOVEit Automation flaws, including an authentication bypass bug that could let attackers gain unauthorized access to systems. Progress Software addressed two vulnerabilities in MOVEit Automation, a critical authentication bypass flaw tracked as CVE-2026-46…SECURITYAFFAIRS.COM
3 MayCVE-2026-6842 Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissionsInformation published.MSRC.MICROSOFT.COM
3 MayCVE-2026-6845 Binutils: binutils: denial of service via crafted elf fileInformation published.MSRC.MICROSOFT.COM
3 MayCVE-2026-6846 Binutils: binutils: arbitrary code execution via malformed xcoff object file processingInformation published.MSRC.MICROSOFT.COM
3 MayCVE-2026-6843 Nano: nano: format string vulnerability leads to denial of serviceInformation published.MSRC.MICROSOFT.COM
3 MayCVE-2017-20230 Storable versions before 3.05 for Perl has a stack overflowInformation published.MSRC.MICROSOFT.COM
3 MayCVE-2026-32148 Lockfile checksums not verified in Hex allows dependency integrity bypassInformation published.MSRC.MICROSOFT.COM
3 MayCVE-2025-11083 GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflowInformation published.MSRC.MICROSOFT.COM
3 MayCVE-2026-7598 libssh2 userauth.c userauth_password integer overflowInformation published.MSRC.MICROSOFT.COM
3 MayCVE-2026-43058 media: vidtv: fix pass-by-value structs causing MSAN warningsInformation published.MSRC.MICROSOFT.COM
3 MayCVE-2025-9403 jqlang jq JSON jq_test.c run_jq_tests assertionInformation published.MSRC.MICROSOFT.COM
3 MayCVE-2025-8224 GNU Binutils BFD Library elf.c bfd_elf_get_str_section null pointer dereferenceInformation published.MSRC.MICROSOFT.COM
2 MaycPanelSniper PoC Exploit Disclosed as 44,000 Servers Reportedly CompromisedA critical zero-day vulnerability in cPanel and WebHost Manager (WHM) is under massive active exploitation following the public release of a sophisticated proof-of-concept exploit. Tracked as CVE-2026-41940, this flaw has already compromised tens of thousands of servers worldwide…GBHACKERS.COM
2 MayCVE-2026-28532 FRRouting < 10.5.3 Integer Overflow in OSPF TLV Parser FunctionsInformation published.MSRC.MICROSOFT.COM
2 MayCVE-2026-4948 Firewalld: firewalld: local unprivileged user can modify firewall state due to d-bus setter mis-authorizationInformation published.MSRC.MICROSOFT.COM
2 MayMassive cPanel campaign compromised 44,000 servers worldwideA surge in attacks exploiting the critical cPanel & WHM vulnerability CVE-2026-41940 has resulted in at least 44,000 compromised systems now actively scanning and launching attacks. The warning was issued by Shadowserver, which reported a sharp spike in malicious traffic tar…CYBERINSIDER.COM
1 May‘Trivial’ exploit can give attackers root access to Linux kernelCSOs must ensure their Linux-based systems block unauthorized privilege escalation until distros release patches to plug a serious kernel vulnerability affecting all Linux distributions shipped since 2017. Until fixes are available for what’s been dubbed the Copy Fail logic bug (…CSOONLINE.COM
1 MayChromium: CVE-2026-7343 Use after free in ViewsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7363 Use after free in CanvasThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7359 Use after free in ANGLEThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7333 Use after free in GPUThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7360 Insufficient validation of untrusted input in CompositingThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7344 Use after free in AccessibilityThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7358 Use after free in AnimationThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7334 Use after free in ViewsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7357 Use after free in GPUThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7356 Use after free in NavigationThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7353 Heap buffer overflow in SkiaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7351 Race in MHTMLThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7354 Out of bounds read and write in AngleThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7349 Use after free in CastThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7348 Use after free in CodecsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7335 Use after free in mediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7336 Use after free in WebRTCThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7350 Use after free in WebMIDIThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7345 Insufficient validation of untrusted input in FeedbackThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7347 Use after free in ChromotingThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7346 Inappropriate implementation in TintThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7337 Type Confusion in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7338 Use after free in CastThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7341 Use after free in WebRTCThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7340 Integer overflow in ANGLEThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7339 Heap buffer overflow in WebRTCThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayChromium: CVE-2026-7355 Use after free in MediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025) for more information.MSRC.MICROSOFT.COM
1 MayWhatsApp Encryption Under Fire After Probe Shut DownA U.S. federal investigation into WhatsApp encryption was shut down before reaching a conclusion — after an internal claim suggested Meta systems may access message content in ways that conflict with public descriptions. In this episode of Cybersecurity Today, Jim Love breaks dow…CYBERSECURITYTODAY.LIBSYN.COM
1 MayCVE-2026-31533 net/tls: fix use-after-free in -EBUSY error path of tls_do_encryptionInformation published.MSRC.MICROSOFT.COM
1 MayCVE-2026-3087 shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPsInformation published.MSRC.MICROSOFT.COM
1 MayCVE-2026-31692 rtnetlink: add missing netlink_ns_capable() check for peer netnsInformation published.MSRC.MICROSOFT.COM
1 MayFederal agencies must patch cPanel bug by Sunday, CISA saysIncident responders at Rapid7 said successful exploitation of CVE-2026-41940 “grants an attacker control over the cPanel host system, its configurations and databases, and websites it manages.”THERECORD.MEDIA
1 May KEVWindows shell spoofing vulnerability puts sensitive data at riskMicrosoft and the US Cybersecurity and Infrastructure Security Agency (CISA) have sounded the alarm about a Windows shell spoofing vulnerability that is already being exploited by attackers. It is not clear by whom as yet, but the main suspects are hackers in Russia. CISA has man…CSOONLINE.COM
1 MayDangerous New Linux Exploit Gives Attackers Root Access to Countless ComputersThe exploit, dubbed CopyFail and tracked as CVE-2026-31431, allows hackers to take over PCs and data center servers. The Linux vulnerabilities have been patched—but many machines remain at risk.WIRED.COM
1 MayMetasploit Wrap-Up 05/01/2026MCP server This release our very own cdelafuente-r7 finished implementing the Metasploit MCP Server (msfmcpd), bringing Model Context Protocol support to Metasploit Framework. MCP lets AI applications like Claude, Cursor, or your own custom agents query Metasploit data. Think of …RAPID7.COM
1 MayCopy Fail: Universal Linux Local Privilege Escalation VulnerabilityDetect and mitigate Copy Fail (CVE-2026-31431), an easily exploitable vulnerability in the Linux kernel that allows escalation from an unprivileged local user account to root access.WIZ.IO
30 AprLinux Kernel 0-Day “Copy Fail” Grants Root Access Across Major Distros Since 2017Security researchers have disclosed a critical zero-day vulnerability in the Linux kernel dubbed “Copy Fail” (CVE-2026-31431), which allows unprivileged local users to gain root access. Using a tiny 732-byte Python script, attackers can exploit a logic flaw present in…GBHACKERS.COM
30 AprProFTPD SQL Injection Flaw Opens Door To Remote Code Execution AttacksA newly disclosed flaw in ProFTPD is drawing urgent attention because it can let attackers move from a simple SQL injection bug to authentication bypass, privilege escalation, and in some environments even remote code execution. Tracked as CVE-2026-42167, the issue was found in P…GBHACKERS.COM
30 AprCVE-2017-3731 Truncated packet could crash via OOB readInformation published.MSRC.MICROSOFT.COM
30 AprCVE-2026-31546 net: bonding: fix NULL deref in bond_debug_rlb_hash_showInformation published.MSRC.MICROSOFT.COM
30 AprCVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installationInformation published.MSRC.MICROSOFT.COM
30 AprCVE-2026-41603 Apache Thrift: Java TSSLTransportFactory hostname verificationInformation published.MSRC.MICROSOFT.COM
30 AprCVE-2026-41636 Apache Thrift: Node.js skip() recursionInformation published.MSRC.MICROSOFT.COM
30 AprCVE-2026-34477 Apache Log4j Core: verifyHostName attribute silently ignored in TLS configuration, allowing hostname verification bypassInformation published.MSRC.MICROSOFT.COM
30 AprCVE-2026-31429 net: skb: fix cross-cache free of KFENCE-allocated skb headInformation published.MSRC.MICROSOFT.COM
30 AprCVE-2026-41305 PostCSS has XSS via Unescaped </style> in its CSS Stringify OutputInformation published.MSRC.MICROSOFT.COM
30 AprCVE-2026-3298 Out-of-bounds write in Windows asyncio.ProacterEventLoop.sock_recvfrom_into() when using nbytesInformation published.MSRC.MICROSOFT.COM
30 AprCVE-2026-31508 net: openvswitch: Avoid releasing netdev before teardown completesInformation published.MSRC.MICROSOFT.COM
30 AprCVE-2026-31540 drm/i915/gt: Check set_default_submission() before deferencingInformation published.MSRC.MICROSOFT.COM
30 AprCVE-2026-6238 Buffer overread in ns_printrrf with corrupted RDATA fieldInformation published.MSRC.MICROSOFT.COM
30 AprCVE-2026-31499 Bluetooth: L2CAP: Fix deadlock in l2cap_conn_del()Information published.MSRC.MICROSOFT.COM
30 AprCVE-2025-48431 Apache Thrift: Specially crafted input can crash a c_glib Thrift server with invalid pointer error.Information published.MSRC.MICROSOFT.COM
30 AprCVE-2026-41602 Apache Thrift: Go TFramedTransport uint32 overflowInformation published.MSRC.MICROSOFT.COM
30 AprCVE-2026-41604 Apache Thrift: Swift Range crash in skip()Information published.MSRC.MICROSOFT.COM
30 AprCVE-2026-41605 Apache Thrift: Swift Compact Protocol integer overflowInformation published.MSRC.MICROSOFT.COM
30 AprCVE-2026-41606 Apache Thrift: c_glib dispatch stack overflowInformation published.MSRC.MICROSOFT.COM
30 AprNew Linux 'Copy Fail' Vulnerability Enables Root Access on Major DistributionsCybersecurity researchers have disclosed details of a Linux local privilege escalation (LPE) flaw that could allow an unprivileged local user to obtain root. The high-severity vulnerability tracked as CVE-2026-31431 (CVSS score: 7.8) has been codenamed Copy Fail by Xint.io and Th…THEHACKERNEWS.COM
30 Apr KEVAttackers Exploit cPanel Authentication Bypass 0-Day After PoC ReleaseA critical zero-day vulnerability, tracked as CVE-2026-41940, is currently being actively exploited across the web hosting industry. This CVSS 9.8 flaw allows unauthenticated remote attackers to bypass cPanel and WHM login mechanisms, granting them full administrative control ove…GBHACKERS.COM
30 Apr KEVCritical cPanel zero-day auth bypass exploited since FebruaryA critical authentication bypass vulnerability in cPanel & WHM is being actively exploited, allowing remote attackers to gain full administrative access to affected servers without credentials. The flaw, tracked as CVE-2026-41940, has received a near-maximum severity score a…CYBERINSIDER.COM
30 AprPoC Disclosed for Critical Root ASUSTOR ADM RCE FlawA critical vulnerability, tracked as CVE-2026-6644, has been uncovered in ASUSTOR’s ADM (ASUSTOR Data Master) operating system. Specifically, the flaw exists within the PPTP VPN Client feature. Carrying a CVSS v4.0 score of 9.4, this OS command injection vulnerability allows an a…GBHACKERS.COM
30 AprNine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431)Security researchers at Theori have disclosed a high-severity local privilege escalation (LPE) vulnerability (CVE-2026-31431) in the Linux kernel. The flaw, nicknamed “Copy Fail”, has affected virtually every major Linux distribution shipped since 2017, and a working …HELPNETSECURITY.COM
30 Apr“Copy Fail” gives root access to all Linux systems via 732-byte exploitA new Linux kernel vulnerability dubbed “Copy Fail” enables unprivileged users to gain root access across nearly all major distributions using a tiny, highly reliable exploit, affecting systems dating back to 2017. The flaw, tracked as CVE-2026-31431, was discovered by security r…CYBERINSIDER.COM
30 AprcPanel zero-day exploited for months before patch release (CVE-2026-41940)A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel, a popular web-based control panel for managing web hosting accounts, is being exploited by attackers in the wild. What’s more, attackers didn’t have to wait for watchTowr security researchers t…HELPNETSECURITY.COM
30 AprCopy Fail: New Linux bug enables Root via page‑cache corruptionLinux flaw CVE‑2026‑31431, ‘Copy Fail,’ lets any local user write four bytes into page cache files, enabling easy escalation to root on major distros. Xint Code researchers warn of a serious Linux flaw, tracked as CVE-2026-31431 (CVSS score of 7.8), dubbed Copy Fail. …SECURITYAFFAIRS.COM
30 Apr KEVcPanel’s authentication bypass bug is being exploited in the wild, CISA warnsThe agency added the flaw to the KEV list days after hosting providers confirmed active, ongoing attacks. The post cPanel’s authentication bypass bug is being exploited in the wild, CISA warns appeared first on CyberScoop .CYBERSCOOP.COM
29 AprLiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of DisclosureIn yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI's LiteLLM Python package has come under active exploitation in the wild within 36 hours of the bug becoming public knowledge. The vulnerabil…THEHACKERNEWS.COM
29 AprGitHub.com and Enterprise Server Vulnerability Allows Remote Code ExecutionWiz Research has identified a critical remote code execution (RCE) vulnerability, tracked as CVE-2026-3854, deeply embedded within GitHub’s internal git infrastructure. This high-severity flaw enabled any authenticated user to execute arbitrary commands on backend servers u…GBHACKERS.COM
29 Apr KEVCISA Warns of Windows Shell Zero-Day Exploited in AttacksThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a newly discovered zero-day vulnerability affecting Microsoft Windows. On April 28, 2026, the agency officially added CVE-2026-32202 to its Known Exploited Vulnerabilities (KEV) catal…GBHACKERS.COM
29 AprCVE-2026-24051 OpenTelemetry-Go Affected by Arbitrary Code Execution via PATH HijackingInformation published.MSRC.MICROSOFT.COM
29 AprCVE-2019-1563 Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkeyInformation published.MSRC.MICROSOFT.COM
29 AprCVE-2026-31686 mm/kasan: fix double free for kasan pXdsInformation published.MSRC.MICROSOFT.COM
29 AprCVE-2026-41898 rust-openssl: Unchecked callback-returned length in PSK and cookie generate trampolines can cause OpenSSL to leak adjacent memory to the network peerInformation published.MSRC.MICROSOFT.COM
29 AprCVE-2026-33999 Xorg: xwayland: x.org x server: denial of service via integer underflow in xkb compatibility map handlingInformation published.MSRC.MICROSOFT.COM
29 AprCVE-2026-31689 EDAC/mc: Fix error path ordering in edac_mc_alloc()Information published.MSRC.MICROSOFT.COM
29 AprCVE-2026-31688 driver core: enforce device_lock for driver_match_device()Information published.MSRC.MICROSOFT.COM
29 AprCVE-2026-31548 wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_downInformation published.MSRC.MICROSOFT.COM
29 AprCVE-2026-31549 i2c: cp2615: fix serial string NULL-deref at probeInformation published.MSRC.MICROSOFT.COM
29 AprCVE-2026-31550 pmdomain: bcm: bcm2835-power: Increase ASB control timeoutInformation published.MSRC.MICROSOFT.COM
29 AprCVE-2026-31551 wifi: mac80211: Fix static_branch_dec() underflow for aql_disable.Information published.MSRC.MICROSOFT.COM
29 AprCVE-2026-31552 wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroomInformation published.MSRC.MICROSOFT.COM
29 AprCVE-2026-31584 media: mediatek: vcodec: fix use-after-free in encoder release pathInformation published.MSRC.MICROSOFT.COM
29 AprCVE-2026-31661 wifi: brcmsmac: Fix dma_free_coherent() sizeInformation published.MSRC.MICROSOFT.COM
29 AprCVE-2026-31563 net: macb: Use dev_consume_skb_any() to free TX SKBsInformation published.MSRC.MICROSOFT.COM
29 AprCVE-2026-31648 mm: filemap: fix nr_pages calculation overflow in filemap_map_pages()Information published.MSRC.MICROSOFT.COM
29 AprCVE-2026-5435 Potential buffer overflow in ns_sprintrrf TSIG handling pathInformation published.MSRC.MICROSOFT.COM
29 AprCVE-2026-40556 Insecure Directory Permissions in GNU nano Leading to Privilege AbuseInformation published.MSRC.MICROSOFT.COM
29 AprCVE-2026-6861 Emacs: emacs: memory corruption vulnerability when processing svg cssInformation published.MSRC.MICROSOFT.COM
29 AprCVE-2026-2708 Libsoup: libsoup: http request smuggling via duplicate content-length headersInformation published.MSRC.MICROSOFT.COM
29 AprCVE-2026-6732 Libxml2: libxml2: denial of service via crafted xsd-validated documentInformation published.MSRC.MICROSOFT.COM
29 AprCVE-2026-6019 BaseCookie.js_output() does not neutralize embedded charactersInformation published.MSRC.MICROSOFT.COM
29 AprCVE-2026-34001 Xorg: xwayland: x.org x server: use-after-free vulnerability leads to server crash and potential memory corruptionInformation published.MSRC.MICROSOFT.COM
29 AprCVE-2026-34003 Xorg: xwayland: x.org x server: information exposure and denial of service via out-of-bounds memory accessInformation published.MSRC.MICROSOFT.COM
29 AprCISA, Microsoft warn of active exploitation of Windows Shell vulnerability (CVE-2026-32202)Attackers are exploiting CVE-2026-32202, a zero-click Windows Shell spoofing vulnerability that causes victims’ systems to authenticate the attacker’s server, CISA and Microsoft have warned. About CVE-2026-32202 CVE-2026-32202 stems from an incomplete patch for CVE-20…HELPNETSECURITY.COM
29 AprCVE-2026-3854 Exposes a Critical Weak Point in GitHub’s Git Push PipelineCVE-2026-3854 Exposes a Critical Weak Point in GitHub’s Git Push Pipeline A newly disclosed GitHub vulnerability, CVE-2026-3854, has drawn attention because it turned a routine git push operation into a path to remote code execution. The issue affected GitHub’s git push pipeline …SOCRADAR.IO
29 Apr KEVCISA Warns of ConnectWise ScreenConnect Flaw Exploited in AttacksThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical security flaw in ConnectWise ScreenConnect. CVE-2024-1708 is currently being exploited in real-world attacks. Because of this active threat, CISA officially added the fla…GBHACKERS.COM
29 AprCritical GitHub RCE bug exposed millions of repositoriesA critical remote code execution (RCE) vulnerability in GitHub could potentially allow attackers to execute arbitrary code on GitHub.com and GitHub Enterprise Server. Uncovered by Wiz researchers, the now-patched bug exploited how GitHub handles server-side “git push” operations.…CSOONLINE.COM
29 AprCVE-2026-42208: LiteLLM bug exploited 36 hours after its disclosureAttackers quickly exploited a critical LiteLLM flaw (CVE-2026-42208) to access and modify sensitive database data via SQL injection. Attackers rapidly exploited a critical vulnerability in LiteLLM Python package, tracked as CVE-2026-42208, just days after it became public. The vu…SECURITYAFFAIRS.COM
29 Apr KEVCVE-2026-41940: cPanel & WHM Authentication BypassOverview On April 28, 2026, cPanel issued a security update to fix a critical vulnerability affecting the cPanel & WHM and WP Squared products. In the cPanel release notes, the bug was described as "an issue with session loading and saving." CVE-2026-41940 , the identifier subseq…RAPID7.COM
28 Apr KEVMicrosoft Confirms Active Exploitation of Windows Shell CVE-2026-32202Microsoft on Monday revised its advisory for a now-patched, high-severity security flaw impacting Windows Shell to acknowledge that it has been actively exploited in the wild. The vulnerability in question is CVE-2026-32202 (CVSS score: 4.3), a spoofing vulnerability that could a…THEHACKERNEWS.COM
28 AprCritical LiteLLM Flaw Enables Database Attacks Through SQL InjectionA critical pre-authentication SQL injection vulnerability, identified as CVE-2026-42208, has been discovered in the popular LiteLLM gateway, allowing attackers to access databases without credentials. Cybercriminals have already been observed exploiting this flaw to target high-v…GBHACKERS.COM
28 AprNotepad++ Vulnerability Lets Attackers Crash App and Expose Memory DataA new string injection vulnerability, tracked as CVE-2026-3008, has been discovered in Notepad++ version 8.9.3. This critical flaw allows attackers to crash the application or to instantly and secretly extract sensitive memory information. The Cybersecurity Agency of Singapore (C…GBHACKERS.COM
28 AprInfected Cisco firewalls need cold start to clear persistent Firestarter backdoorSecurity researchers have discovered a chilling backdoor aimed at Cisco System firewalls that exploits unpatched vulnerabilities to maintain persistence, even after patching. This means that attackers can continue to access compromised devices without re-exploiting the holes. At …CSOONLINE.COM
28 AprCritical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCECybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging Face's open-source robotics platform with nearly 24,000 GitHub stars, that could be exploited to achieve remote code execution. The vulnerability in question is CVE-2026-25874 …THEHACKERNEWS.COM
28 AprHugging Face LeRobot Flaw Opens Door to Remote Code Execution AttacksA critical remote code execution (RCE) vulnerability has been uncovered in Hugging Face’s LeRobot, a popular open-source robotics machine learning framework. Tracked as CVE-2026-25874, the flaw carries a maximum CVSS severity score of 9.8 and allows unauthenticated attackers to e…GBHACKERS.COM
28 AprCritical Cursor bug could turn routine Git into RCESecurity researchers have disclosed a high-severity vulnerability affecting the Cursor IDE, allowing arbitrary code execution on a developer’s machine through a seemingly routine repository interaction. According to findings by AI pentesting platform Novee Security, once a develo…CSOONLINE.COM
28 AprResearchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git PushCybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that could allow an authenticated user to obtain remote code execution with a single "git push" command. The flaw, tracked as CVE-2026-3854 (CVS…THEHACKERNEWS.COM
28 AprCVE-2026-3854 GitHub flaw enables remote code executionCritical GitHub flaw CVE-2026-3854 lets attackers run code with a single git push, exploiting a command injection bug. Researchers found a critical vulnerability in GitHub, tracked as CVE-2026-3854, that allows remote code execution through a simple git push. The vulnerability af…SECURITYAFFAIRS.COM
28 AprSecuring GitHub: Wiz Research uncovers Remote Code Execution in GitHub.com and GitHub Enterprise Server (CVE-2026-3854)Details on CVE-2026-3854: A critical flaw in GitHub’s internal git infrastructure enabling RCE on GitHub.com and GitHub Enterprise Server.WIZ.IO
27 AprCVE-2018-0735 Timing attack against ECDSA signature generationInformation published.MSRC.MICROSOFT.COM
27 AprNessus Agent Windows Flaw Enables SYSTEM-Level Code ExecutionTenable has disclosed a high-severity security vulnerability in its Nessus Agent software for Windows that could allow attackers to execute malicious code with full SYSTEM-level privileges. The flaw, tracked as CVE-2026-33694, has been patched in the newly released Nessus Agent v…GBHACKERS.COM
27 AprMetabase Enterprise RCE Flaw Now Has Public Proof-of-Concept ExploitSecurity researchers have published a working Proof of Concept (PoC) exploit for a critical vulnerability in Metabase Enterprise. Tracked as CVE-2026-33725, this security flaw allows attackers to achieve Remote Code Execution (RCE) and read arbitrary files on targeted systems. Th…GBHACKERS.COM
27 AprAI is reshaping DevSecOps to bring security closer to the codeArtificial intelligence tools are revamping DevSecOps processes, enabling security and development teams to more effectively build safeguards into software products from the get-go. But AI’s impact on DevSecOps goes well beyond tooling and processes, altering the scope, skills, a…CSOONLINE.COM
27 AprFirefox bug CVE-2026-6770 enabled cross-site tracking and Tor fingerprintingCVE-2026-6770 let attackers fingerprint Firefox and Tor users, even in Private mode. Firefox 150 and Tor Browser 15.0.10 fixed it. A vulnerability, tracked as CVE-2026-6770, allowed attackers to fingerprint Firefox users, even in Private Browsing, and also impacted the Tor Browse…SECURITYAFFAIRS.COM
27 AprNIST NVD Update: What it Means For Vulnerability ManagementThe shift from static CVE scoring to risk-based prioritization signals a new era for Vulnerability ManagersWIZ.IO
26 AprCVE-2022-2068 The c_rehash script allows command injectionInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31619 ALSA: fireworks: bound device-supplied status before string array lookupInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-41079 OpenPrinting CUPS: Heap out-of-bounds read in SNMP supply-level polling leaks stack memory to authenticated usersInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31557 nvmet: move async event work off nvmet-wqInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31606 usb: gadget: f_hid: don't call cdev_init while cdev in useInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31646 net: lan966x: fix page_pool error handling in lan966x_fdma_rx_alloc_page_pool()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31620 ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31593 KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPUInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31667 Input: uinput - fix circular locking dependency with ff-coreInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31590 KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGIONInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31618 fbdev: tdfxfb: avoid divide-by-zero on FBIOPUT_VSCREENINFOInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31617 usb: gadget: f_ncm: validate minimum block_len in ncm_unwrap_ntb()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31589 mm: call ->free_folio() directly in folio_unmap_invalidate()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31660 nfc: pn533: allocate rx skb before consuming bytesInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31605 fbdev: udlfb: avoid divide-by-zero on FBIOPUT_VSCREENINFOInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31566 drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ibInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31599 media: vidtv: fix NULL pointer dereference in vidtv_channel_pmt_match_sectionsInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31602 ALSA: ctxfi: Limit PTP to a single pageInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31637 rxrpc: reject undecryptable rxkad response ticketsInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31570 can: gw: fix OOB heap access in cgw_csum_crc8_rel()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31624 HID: core: clamp report_size in s32ton() to avoid undefined shiftInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31651 mmc: vub300: fix NULL-deref on disconnectInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-23422 dpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handlerInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31565 RDMA/irdma: Fix deadlock during netdev reset with active connectionsInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31621 bnge: return after auxiliary_device_uninit() in error pathInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31626 staging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31663 xfrm: hold dev ref until after transport_finish NF_HOOKInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31615 usb: gadget: renesas_usb3: validate endpoint index in standard request handlersInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31610 ksmbd: fix mechToken leak when SPNEGO decode fails after token allocInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-41066 lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local filesInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31645 net: lan966x: fix page pool leak in error pathsInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-41907 uuid: Missing buffer bounds check in `v3`/`v5`/`v6` when `buf` is providedInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-41411 Vim: Command injection via backtick expansion in tag filenamesInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31598 ocfs2: fix possible deadlock between unlink and dio_end_io_writeInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31537 smb: server: make use of smbdirect_socket.send_io.bcreditsInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-23414 tls: Purge async_hold in tls_decrypt_async_wait()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31603 staging: sm750fb: fix division by zero in ps_to_hz()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31608 smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31611 ksmbd: require 3 sub-authorities before reading sub_auth[2]Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-32147 SFTP chroot bypass via path traversal in SSH_FXP_FSETSTATInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31600 arm64: mm: Handle invalid large leaf mappings correctlyInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-41676 rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31627 i2c: s3c24xx: check the size of the SMBUS message before using itInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31671 xfrm_user: fix info leak in build_report()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31560 spi: spi-dw-dma: fix print error log when wait finish transactionInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-41678 rust-openssl: Incorrect bounds assertion in aes key wrapInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31612 ksmbd: validate EaNameLength in smb2_get_ea()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31568 s390/mm: Add missing secure storage access fixups for donated memoryInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31587 ASoC: qcom: q6apm: move component registration to unmanaged versionInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31575 mm/userfaultfd: fix hugetlb fault mutex hash calculationInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31662 tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSGInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31580 bcache: fix cached_dev.sb_bio use-after-free and crashInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-41681 rust-openssl: MdCtxRef::digest_final() writes past caller buffer with no length checkInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31639 rxrpc: Fix key reference count leak from call->keyInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31657 batman-adv: hold claim backbone gateways by referenceInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31591 KVM: SEV: Lock all vCPUs when synchronzing VMSAs for SNP launch finishInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31629 nfc: llcp: add missing return after LLCP_CLOSED checksInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31579 wireguard: device: use exit_rtnl callback instead of manual rtnl_lock in pre_exitInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31630 rxrpc: proc: size address buffers for %pISpc outputInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31655 pmdomain: imx8mp-blk-ctrl: Keep the NOC_HDCP clock enabledInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31685 netfilter: ip6t_eui64: reject invalid MAC header for all packetsInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31649 net: stmmac: fix integer underflow in chain modeInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31669 mptcp: fix slab-use-after-free in __inet_lookup_establishedInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31680 net: ipv6: flowlabel: defer exclusive option free until RCU teardownInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31576 media: hackrf: fix to not free memory after the device is registered in hackrf_probe()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31678 openvswitch: defer tunnel netdev_put to RCU releaseInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31595 PCI: endpoint: pci-epf-vntb: Stop cmd_handler work in epf_ntb_epc_cleanupInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31681 netfilter: xt_multiport: validate range encoding in checkentryInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31586 mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31578 media: as102: fix to not free memory after the device is registered in as102_usb_probe()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31682 bridge: br_nd_send: linearize skb before parsing ND optionsInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31659 batman-adv: reject oversized global TT response buffersInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31625 HID: alps: fix NULL pointer dereference in alps_raw_event()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31679 openvswitch: validate MPLS set/set_masked payload lengthInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31674 netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31673 af_unix: read UNIX_DIAG_VFS data under unix_state_lockInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31664 xfrm: clear trailing padding in build_polexpire()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31622 NFC: digital: Bounds check NFC-A cascade depth in SDD response handlerInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31597 ocfs2: fix use-after-free in ocfs2_fault() when VM_FAULT_RETRYInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31592 KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lockInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31656 drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeatInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-23401 KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTEInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31555 futex: Clear stale exiting pointer in futex_lock_pi() retry pathInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31607 usbip: validate number_of_packets in usbip_pack_ret_submit()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31536 smb: server: let send_done handle a completion without IB_SEND_SIGNALEDInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31583 media: em28xx: fix use-after-free in em28xx_v4l2_open()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31638 rxrpc: Only put the call ref if one was acquiredInformation published.MSRC.MICROSOFT.COM
26 Apr KEVCVE-2026-31574 clockevents: Add missing resets of the next_event_forced flagInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31596 ocfs2: handle invalid dinode in ocfs2_group_extendInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31581 ALSA: 6fire: fix use-after-free on disconnectInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31604 wifi: rtw88: fix device leak on probe failureInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31585 media: vidtv: fix nfeeds state corruption on start_streaming failureInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31577 nilfs2: fix NULL i_assoc_inode dereference in nilfs_mdt_save_to_shadow_mapInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-41140 Poetry: Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31665 netfilter: nft_ct: fix use-after-free in timeout object destroyInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31670 net: rfkill: prevent unlimited numbers of rfkill events from being createdInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31642 rxrpc: Fix call removal to use RCU safe deletionInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31613 smb: client: fix OOB reads parsing symlink error responseInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31623 net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31594 PCI: endpoint: pci-epf-vntb: Remove duplicate resource teardownInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31609 smb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-41677 rust-openssl: Out-of-bounds read in PEM password callback when user callback returns an oversized lengthInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31616 usb: gadget: f_phonet: fix skb frags[] overflow in pn_rx_complete()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31601 vfio/xe: Reorganize the init to decouple migration from resetInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31668 seg6: separate dst_cache for input and output paths in seg6 lwtunnelInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31582 hwmon: (powerz) Fix use-after-free on USB disconnectInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31676 rxrpc: only handle RESPONSE during service challengeInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31588 KVM: x86: Use scratch field in MMIO fragment to hold small write valuesInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31677 crypto: af_alg - limit RX SG extraction by receive buffer budgetInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31675 net/sched: sch_netem: fix out-of-bounds access in packet corruptionInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31634 rxrpc: fix reference count leak in rxrpc_server_keyring()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31684 net: sched: act_csum: validate nested VLAN headersInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31658 net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit()Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-23394 af_unix: Give up GC if MSG_PEEK intervened.Information published.MSRC.MICROSOFT.COM
26 AprCVE-2026-23362 can: bcm: fix locking for bcm_op runtime updatesInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-31788 xen/privcmd: restrict usage in unprivileged domUInformation published.MSRC.MICROSOFT.COM
26 AprCVE-2026-23360 nvme: fix admin queue leak on controller resetInformation published.MSRC.MICROSOFT.COM
26 AprCritical bug in CrowdStrike LogScale let attackers access filesCrowdStrike fixed CVE-2026-40050 in LogScale self-hosted, a critical flaw allowing unauthenticated file access via path traversal. CrowdStrike recently disclosed a critical vulnerability, tracked as CVE-2026-40050, affecting its LogScale self-hosted product. The flaw enables unau…SECURITYAFFAIRS.COM
25 AprCVE-2026-23438 net: mvpp2: guard flow control update with global_tx_fc in buffer switchingInformation published.MSRC.MICROSOFT.COM
25 AprCVE-2026-23439 udp_tunnel: fix NULL deref caused by udp_sock_create6 when CONFIG_IPV6=nInformation published.MSRC.MICROSOFT.COM
25 AprCVE-2026-23446 net: usb: aqc111: Do not perform PM inside suspend callbackInformation published.MSRC.MICROSOFT.COM
25 AprCVE-2026-23447 net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds checkInformation published.MSRC.MICROSOFT.COM
25 AprCVE-2026-5450 scanf %mc off-by-one heap buffer overflowInformation published.MSRC.MICROSOFT.COM
25 AprCVE-2026-23428 ksmbd: fix use-after-free of share_conf in compound requestInformation published.MSRC.MICROSOFT.COM
25 AprCVE-2026-23434 mtd: rawnand: serialize lock/unlock against other NAND operationsInformation published.MSRC.MICROSOFT.COM
25 AprCVE-2026-41205 Mako: Path traversal via double-slash URI prefix in TemplateLookupInformation published.MSRC.MICROSOFT.COM
25 AprCVE-2025-13763 Libopensc: opensc: multiple uses of uninitialized variableInformation published.MSRC.MICROSOFT.COM
25 AprOver 400,000 sites at risk as hackers exploit Breeze Cache plugin flaw (CVE-2026-3844)Attackers exploit a Breeze Cache flaw (CVE-2026-3844) to upload files without login. Wordfence researchers detected over 170 attacks. Threat actors are exploiting a critical flaw, tracked as CVE-2026-3844 (CVSS score of 9.8), in the Breeze Cache WordPress plugin, allowing them to…SECURITYAFFAIRS.COM
24 AprHackers Track 900+ React2Shell Exploits via Telegram BotsHackers are using Telegram bots and AI tooling to run a structured, at-scale exploitation campaign abusing the critical React2Shell vulnerability (CVE-2025-55182), with evidence of 900+ confirmed compromises. Investigators found an exposed server tied to the Bissa scanner platfor…GBHACKERS.COM
24 AprHackers Exploit Ollama Model Uploads to Leak Server DataCybersecurity researchers have uncovered a severe, unpatched vulnerability in Ollama, a popular open-source platform used for running large language models locally. Tracked as CVE-2026-5757, this critical flaw exists in Ollama’s model quantization engine. If exploited, it allows …GBHACKERS.COM
24 AprCVE-2026-31531 ipv4: nexthop: allocate skb dynamically in rtm_get_nexthop()Information published.MSRC.MICROSOFT.COM
24 AprCVE-2026-31532 can: raw: fix ro->uniq use-after-free in raw_rcv()Information published.MSRC.MICROSOFT.COM
24 AprPython Vulnerability Enables Out-of-Bounds Write on WindowsA high-severity security vulnerability has been discovered in Python’s asyncio module on Windows, potentially allowing attackers to write data beyond the boundaries of an allocated memory buffer. The flaw, tracked as CVE-2026-3298, was publicly disclosed on April 21, 2026, …GBHACKERS.COM
24 AprLMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of DisclosureA high-severity security flaw in LMDeploy, an open-source toolkit for compressing, deploying, and serving LLMs, has come under active exploitation in the wild less than 13 hours after its public disclosure. The vulnerability, tracked as CVE-2026-33626 (CVSS score: 7.5), relates t…THEHACKERNEWS.COM
24 AprHackers Exploit Cisco Firepower N-Day Flaws for Unauthorized AccessA state-sponsored threat actor known as UAT-4356 is actively exploiting known vulnerabilities in Cisco Firepower devices to deploy a sophisticated custom backdoor. UAT-4356 exploited two n-day vulnerabilities, CVE-2025-20333 and CVE-2025-20362m affecting Cisco’s Firepower e…GBHACKERS.COM
24 Apr12-year-old Pack2TheRoot bug lets Linux users gain root privileges‘Pack2TheRoot’ flaw lets local Linux users gain root via PackageKit. CVE-2026-41651 (8.8) has existed for nearly 12 years. The Pack2TheRoot flaw, tracked as CVE-2026-41651, lets unprivileged users install or remove system packages without authorization, potentially ga…SECURITYAFFAIRS.COM
24 AprMetasploit Wrap-Up 04/25/2026Check Method Visibility Metasploit has supported check methods for many years now. It’s not always desirable to jump straight into exploiting a vulnerability but instead to determine if the target is vulnerable. Metasploit tries to be very conservative with classifying a target a…RAPID7.COM
23 AprCVE-2026-27820 zlib: Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruptionInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-5928 Static buffer overflow in deprecated nis_local_principalInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31452 ext4: convert inline data to extents when truncate exceeds inline sizeInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31455 xfs: stop reclaim before pushing AIL during unmountInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31476 ksmbd: do not expire session on binding failureInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31474 can: isotp: fix tx.buf use-after-free in isotp_sendmsg()Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31464 scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done()Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31461 drm/amd/display: Fix drm_edid leak in amdgpu_dmInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31441 dmaengine: idxd: Fix memory leak when a wq is resetInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31454 xfs: save ailp before dropping the AIL lock in push callbacksInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31432 ksmbd: fix OOB write in QUERY_INFO for compound requestsInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31502 team: fix header_ops type confusion with non-Ethernet portsInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31495 netfilter: ctnetlink: use netlink policy range checksInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31448 ext4: avoid infinite loops caused by residual dataInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31439 dmaengine: xilinx: xdma: Fix regmap init error handlingInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31477 ksmbd: fix memory leaks and NULL deref in smb2_lock()Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31530 cxl/port: Fix use after free of parent_port in cxl_detach_ep()Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31480 tracing: Fix potential deadlock in cpu hotplug with osnoiseInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31512 Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv()Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31450 ext4: publish jinode after initializationInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31493 RDMA/efa: Fix use of completion ctx after freeInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31521 module: Fix kernel panic when a symbol st_shndx is out of boundsInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-41445 KissFFT Integer Overflow Heap Buffer Overflow via kiss_fftndr_alloc()Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-5358 Static buffer overflow in deprecated nis_local_principalInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-3219 pip doesn't reject concatenated ZIP and tar archivesInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-40890 github.com/gomarkdown/markdown: Out-of-bounds Read in SmartypantsRendererInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31524 HID: asus: avoid memory leak in asus_report_fixup()Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31486 hwmon: (pmbus/core) Protect regulator operations with mutexInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31487 spi: use generic driver_override infrastructureInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31496 netfilter: nf_conntrack_expect: skip expectations in other netns via procInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31515 af_key: validate families in pfkey_send_migrate()Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31516 xfrm: prevent policy_hthresh.work from racing with netns teardownInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31488 drm/amd/display: Do not skip unrelated mode changes in DSC validationInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31527 driver core: platform: use generic driver_override infrastructureInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31506 net: bcmasp: fix double free of WoL irqInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31458 mm/damon/sysfs: check contexts->nr before accessing contexts_arr[0]Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31504 net: fix fanout UAF in packet_release() via NETDEV_UP raceInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31462 drm/amdgpu: prevent immediate PASID reuse caseInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31523 nvme-pci: ensure we're polling a polled queueInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31497 Bluetooth: btusb: clamp SCO altsetting table indicesInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31440 dmaengine: idxd: Fix leaking event log memoryInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31505 iavf: fix out-of-bounds writes in iavf_get_ethtool_stats()Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31431 crypto: algif_aead - Revert to operating out-of-placeInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31489 spi: meson-spicc: Fix double-put in remove pathInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31469 virtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is falseInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31510 Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cbInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31449 ext4: validate p_idx bounds in ext4_ext_correct_indexesInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31482 s390/entry: Scrub r12 register on kernel entryInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31518 esp: fix skb leak with espintcp and async cryptoInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31446 ext4: fix use-after-free in update_super_work when racing with umountInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31520 HID: apple: avoid memory leak in apple_report_fixup()Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31519 btrfs: set BTRFS_ROOT_ORPHAN_CLEANUP during subvol createInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31433 ksmbd: fix potencial OOB in get_file_all_info() for compound requestsInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31485 spi: spi-fsl-lpspi: fix teardown order issue (UAF)Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31483 s390/syscalls: Add spectre boundary for syscall dispatch tableInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31507 net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe bufferInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31500 Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lockInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31447 ext4: reject mount if bigalloc with s_first_data_block != 0Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31444 ksmbd: fix use-after-free and NULL deref in smb_grant_oplock()Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31522 HID: magicmouse: avoid memory leak in magicmouse_report_fixup()Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31478 ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len()Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31509 nfc: nci: fix circular locking dependency in nci_close_deviceInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31451 ext4: replace BUG_ON with proper error handling in ext4_read_inline_folioInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31528 perf: Make sure to use pmu_ctx->pmu for groupsInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31503 udp: Fix wildcard bind conflict check when using hash2Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31498 Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loopInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31453 xfs: avoid dereferencing log items after push callbacksInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31525 bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MINInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31467 erofs: add GFP_NOIO in the bio completion if neededInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31492 RDMA/irdma: Initialize free_qp completion before using itInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31494 net: macb: use the current queue number for statsInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-31473 media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutexInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-6507 Dnsmasq: dnsmasq: denial of service due to out-of-bounds write in dhcp bootreply processingInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-28808 ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch)Information published.MSRC.MICROSOFT.COM
23 AprCVE-2026-6409 Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted inputInformation published.MSRC.MICROSOFT.COM
23 AprCVE-2026-5187 Heap Out-of-Bounds Write in DecodeObjectId() in wolfSSLInformation published.MSRC.MICROSOFT.COM
23 AprApple Patches iOS Flaw That Stored Deleted Signal Notifications in FBI Forensic CaseApple has rolled out a software fix for iOS and iPadOS to address a Notification Services flaw that stored notifications marked for deletion on the device. The vulnerability, tracked as CVE-2026-28950 (CVSS score: N/A), has been described as a logging issue that has been addresse…THEHACKERNEWS.COM
23 AprAttackers Exploit LMDeploy Flaw in the Wild Within 12 Hours of AdvisoryA critical Server-Side Request Forgery (SSRF) vulnerability in LMDeploy’s vision-language module was exploited in active attacks just 12 hours and 31 minutes after its public disclosure, with no proof-of-concept code required. On April 21, 2026, GitHub published security ad…GBHACKERS.COM
23 AprApple Patches Exploited Notification Flaw, (Thu, Apr 23rd)Apple yesterday released iOS/iPadOS 26.4.2 and iOS/iPadOS 18.7.8. This update fixes a single Notification Services vulnerability, CVE-2026-28950:
ISC.SANS.EDU
23 AprVU#748485: Unauthenticated configuration modification vulnerability in Central Office Services - Content Hosting ComponentOverview A security flaw exists in the configuration management endpoint of the DRC INSIGHT software, allowing an unauthenticated user with access to the same network as the server to modify the server’s configuration file. This could enable data exfiltration, traffic redirection…KB.CERT.ORG
23 ApriOS Flaw Let Deleted Notifications Linger, Apple Issues FixApple fixed an iOS flaw that kept deleted notifications on devices, allowing recovery of messages, including from apps like Signal. Apple released updates for iOS and iPadOS to address the vulnerability CVE-2026-28950, a flaw in Notification Services that stored notifications eve…SECURITYAFFAIRS.COM
23 AprUAT-4356's Targeting of Cisco Firepower DevicesCisco Talos is aware of UAT-4356's continued active targeting of Cisco Firepower devices’ Firepower eXtensible Operating System (FXOS). UAT-4356 exploited n-day vulnerabilities (CVE-2025-20333 and CVE-2025-20362) to gain unauthorized access to vulnerable devices.TALOSINTELLIGENCE.COM
22 AprCohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container EscapeA critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-5752, is rated 9.3 on the CVSS scoring system. "Sandbox escape vulnerability in Terrarium allows a…THEHACKERNEWS.COM
22 AprMicrosoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation BugMicrosoft has released out-of-band updates to address a security vulnerability in ASP.NET Core that could allow an attacker to escalate privileges. The vulnerability, tracked as CVE-2026-40372, carries a CVSS score of 9.1 out of 10.0. It's rated Important in severity. An anonymou…THEHACKERNEWS.COM
22 AprCritical Spring Authorization Server Issue Exposes Systems to XSS and SSRF AttacksA critical vulnerability, tracked as CVE-2026-22752, has been disclosed in Spring Security Authorization Server, affecting organizations running Dynamic Client Registration endpoints. The flaw allows attackers to inject malicious client metadata, potentially leading to Stored Cro…GBHACKERS.COM
22 AprCritical Bamboo Data Centre and Server Flaw Enables Command Injection AttacksAtlassian has disclosed a critical OS Command Injection vulnerability (CVE-2026-21571) in Bamboo Data Centre and Server, with a CVSS score of 9.4, enabling authenticated attackers to execute commands on affected systems remotely. The flaw, tracked as CVE-2026-21571, was published…GBHACKERS.COM
22 AprMozilla Firefox 150 Released With Fixes for Multiple Code Execution VulnerabilitiesMozilla has released Firefox 150 to patch 41 security vulnerabilities, including multiple high-severity flaws that could lead to remote code execution. Users should immediately update their browsers to protect against these critical memory corruption and use-after-free bugs. Crit…GBHACKERS.COM
22 AprVU#518910: Ollama GGUF Quantization Remote Memory LeakOverview Ollama’s model quantization engine contains a vulnerability that allows an attacker with access to the model upload interface to read and potentially exfiltrate heap memory from the server. This issue may lead to unintended behavior, including unauthorized access to sens…KB.CERT.ORG
22 AprMicrosoft out-of-band updates fixed critical ASP.NET Core privilege escalation flawMicrosoft fixed critical ASP.NET Core vulnerability, tracked as CVE-2026-40372 (CVSS score of 9.1), that lets attackers escalate privileges. Microsoft released out-of-band updates to address a serious ASP.NET Core vulnerability tracked as CVE-2026-40372 (CVSS score of 9.1). Micro…SECURITYAFFAIRS.COM
22 AprMirai Botnet exploits CVE-2025-29635 to target legacy D-Link routersMirai botnet is targeting old D-Link routers using CVE-2025-29635, a command injection flaw exploitable via crafted POST requests after public PoC disclosure. A Mirai botnet is actively exploiting a command injection vulnerability, tracked as CVE-2025-29635, in discontinued D-Lin…SECURITYAFFAIRS.COM
22 AprMicrosoft issues out-of-band patch for critical security flaw in update to ASP.NET CoreDevelopers are advised to check their applications after Microsoft revealed that last week’s ASP.NET Core update inadvertently introduced a serious security flaw into the web framework’s Data Protection Library. Microsoft describes the issue as a “regression,” coding jargon for a…CSOONLINE.COM
22 AprMicrosoft Patch Still Leaves 1,300 SharePoint Servers ExposedMore than 1,300 internet-exposed SharePoint servers remain unpatched against CVE-2026-32201, a spoofing flaw Microsoft says was exploited as a zero-day. The post Microsoft Patch Still Leaves 1,300 SharePoint Servers Exposed appeared first on TechRepublic .TECHREPUBLIC.COM
21 AprMalicious GGUF Models Could Trigger Remote Code Execution on SGLang ServersSecurity researchers have uncovered a critical vulnerability in SGLang, a widely used framework for running large language models, that allows threat actors to compromise inference servers. Tracked as CVE-2026-5760, this flaw enables Remote Code Execution (RCE) when a server load…GBHACKERS.COM
21 Apr6,000+ Publicly Exposed Apache ActiveMQ Instances Found Vulnerable to CVE-2026-34197Over 6,000 internet-facing Apache ActiveMQ servers are currently affected by a critical security flaw, leaving enterprise networks wide open to attack. The Shadowserver Foundation, a prominent nonprofit security research organization, reported finding exactly 6,364 vulnerable IP …GBHACKERS.COM
21 AprApache Syncope RCE Vulnerability Detailed After Public Exploit Code ReleaseSecurity researchers have released full technical details and a working proof-of-concept (PoC) exploit for CVE-2025-57738, a high-severity remote code execution (RCE) vulnerability in Apache Syncope, a widely deployed open-source identity management platform used across enterpris…GBHACKERS.COM
21 AprAzure SRE Agent flaw lets outsiders silently eavesdrop on enterprise cloud operationsA high-severity authentication flaw in Microsoft’s Azure SRE Agent exposed sensitive agent data to unauthorized network access, according to a confirmed vulnerability disclosure. The issue was identified by Enclave AI researcher Yanir Tsarimi, who detailed the findings in a blog …CSOONLINE.COM
21 AprVU#414811: Terrarium contains a vulnerability that allows arbitrary code executionOverview Terrarium is a sandbox-based code execution platform that enables users to run and execute code in a controlled environment, providing a secure way to test and validate code. However, a vulnerability has been discovered in Terrarium that allows arbitrary code execution w…KB.CERT.ORG
21 AprVU#890999: Radware Alteon has a reflected XSS vulnerability that can execute JavaScript in the host browserOverview Radware Alteon has a reflected Cross-Site Scripting (XSS) vulnerability in the parameter ReturnTo of the route /protected/login. This vulnerability allows an attacker to execute JavaScript in the host browser. Description CVE-2026-5754: Reflected Cross-Site Scripting (XS…KB.CERT.ORG
21 Apr KEVThousands of Apache ActiveMQ instances still unpatched, weeks after an actively exploited hole discoveredTwo weeks after researchers using an AI tool discovered a major hole in Apache’s ActiveMQ messaging middleware, there are still thousands of unpatched instances open to the internet, more evidence that many application developers and IT leaders aren’t paying close attention to wa…CSOONLINE.COM
20 AprSecurity Researcher Goes To War Against MicrosoftMicrosoft Under Fire, NIST Scales Back NVD, FortiSandbox Critical Bugs, Vercel Breach Claims, Scattered Spider Member Pleads Guilty Host David Shipley covers five major stories: researcher "Chaotic Eclipse" publicly released Windows exploits—first "Blue Hammer," then "Red Sun," a…CYBERSECURITYTODAY.LIBSYN.COM
20 AprNIST Adopts Risk-Based NVD Model as CVE Submissions Jump 263% Since 2020According to a recent announcement from the National Institute of Standards and Technology (NIST), the agency is fundamentally restructuring how it manages the National Vulnerability Database (NVD). Driven by a massive 263% increase in Common Vulnerabilities and Exposures (CVE) s…GBHACKERS.COM
20 AprCopilot & Agentforce offen für Prompt-Injection-TricksKI-Agenten sind populär – und anfällig dafür, missbraucht zu werden. DC Studio / Shutterstock KI-Agenten fürs Enterprise können bekanntlich Arbeitsabläufe optimieren. Aber auch die Datenexfiltration – wie Sicherheitsforscher von Capsule Security herausgefunden haben. Sie haben so…CSOONLINE.COM
20 AprClaude Mythos – ist der Hype gerechtfertigt?Claude Mythos wird derzeit von ausgesuchten Organisationen getestet – in erster Linie großen Tech-Konzernen aus den USA. Anthropic | Screenshot Der Hype um Anthropics Security-Modell Mythos bekommt erste Risse: Während KI-Konkurrent OpenAI plant, mit einem eigenen Cybersecurity-f…CSOONLINE.COM
20 AprTBK DVR Vulnerability CVE-2024-3721 Exploited to Spread Nexcorium DDoS MalwareHackers are actively exploiting a critical vulnerability in TBK digital video recorder (DVR) devices to deploy a new Mirai-based botnet called Nexcorium. The campaign leverages CVE-2024-3721, an OS command injection vulnerability, highlighting how poorly secured IoT devices conti…GBHACKERS.COM
20 AprVU#915947: SGLang is vulnerable to remote code execution when rendering chat templates from a model fileOverview A remote code execution vulnerability has been discovered in the SGLang project, specifically in the reranking endpoint (/v1/rerank) . A CVE has been assigned to track the vulnerability; CVE-2026-5760. An attacker can create a malicious model for SGLang to achieve RCE. S…KB.CERT.ORG
20 AprAttackers Exploit DVR Command Injection Flaw to Deploy Mirai-Based BotnetFortiGuard Labs has identified a Mirai-based Nexcorium campaign actively exploiting CVE-2024-3721 in TBK DVR devicesINFOSECURITY-MAGAZINE.COM
20 AprCVE-2023-33538 under attack for a year, but exploitation still unsuccessfulHackers have targeted CVE-2023-33538 flaw in old TP-Link routers for a year, but no successful exploitation has been seen so far. Hackers have been trying for over a year to exploit a serious flaw, tracked as CVE-2023-33538 (CVSS score of 8.8), in outdated TP-Link routers, but so…SECURITYAFFAIRS.COM
20 AprNational Vulnerability Database (NVD) Shifts to Selective Enrichment as CVE Volume Surges | Flashpointsubmitted by kid to cybersecurity 2 points | 0 comments https://flashpoint.io/blog/national-vulnerability-database-nvd-shifts-to-selective-enrichment-as-cve-volume-surges/SH.ITJUST.WORKS
20 AprSGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model FilesA critical security vulnerability has been disclosed in SGLang that, if successfully exploited, could result in remote code execution on susceptible systems. The vulnerability, tracked as CVE-2026-5760, carries a CVSS score of 9.8 out of 10.0. It has been described as a case of c…THEHACKERNEWS.COM
19 AprCVE-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressureInformation published.MSRC.MICROSOFT.COM
19 AprCVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open()Information published.MSRC.MICROSOFT.COM
18 AprNVD shifts strategy to deal with a CVE backlog.US House extends FISA Section 702 for ten days. CISA recalls furloughed employees amid funding lapse.THECYBERWIRE.COM
18 AprMirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS BotnetThreat actors are exploiting security flaws in TBK DVR and end‑of‑life (EoL) TP-Link Wi-Fi routers to deploy Mirai-botnet variants on compromised devices, according to findings from Fortinet FortiGuard Labs and Palo Alto Networks Unit 42. The attack targeting TBK DVR devices has …THEHACKERNEWS.COM
18 AprNexcorium Mirai Variant Weaponises TBK DVR Vulnerability in Fresh IoT Botnet PushA newly discovered Mirai malware variant named Nexcorium is actively targeting unpatched Internet of Things (IoT) devices. According to recent threat research from FortiGuard Labs, attackers are exploiting a severe vulnerability in TBK DVR systems to build a massive botnet capabl…GBHACKERS.COM
17 AprCisco Warns Webex Customers Of Critical SSO ProblemWebEx SSO Vulnerability, booking.com Reservation Hijacking Risks, Windows Recall Scrutiny, and AI Vishing-as-a-Service Host Jim Love reports that Cisco disclosed a critical WebEx vulnerability (CVE-2026-2184) affecting SSO integration with Control Hub; although server-side fixes …CYBERSECURITYTODAY.LIBSYN.COM
17 AprNIST Limits CVE Enrichment After 263% Surge in Vulnerability SubmissionsThe National Institute of Standards and Technology (NIST) has announced changes to the way it handles cybersecurity vulnerabilities and exposures (CVEs) listed in its National Vulnerability Database (NVD), stating it will only enrich those that fulfil certain conditions owing to …THEHACKERNEWS.COM
17 AprCVE-2026-33948 jq: Embedded-NUL Truncation in CLI JSON Input Path Causes Prefix-Only Validation of Malformed InputInformation published.MSRC.MICROSOFT.COM
17 AprCVE-2026-40164 jq: Algorithmic complexity DoS via hardcoded MurmurHash3 seedInformation published.MSRC.MICROSOFT.COM
17 AprCVE-2026-39956 jq: Missing runtime type checks for _strindices lead to crash and limited memory disclosureInformation published.MSRC.MICROSOFT.COM
17 AprCVE-2026-32316 jq: Integer overflow in jvp_string_append() allows Heap-based Buffer OverflowInformation published.MSRC.MICROSOFT.COM
17 AprCVE-2026-33947 jq: Unbounded Recursion in jv_setpath(), jv_getpath() and delpaths_sorted()Information published.MSRC.MICROSOFT.COM
17 AprCVE-2026-39979 jq: Out-of-Bounds Read in jv_parse_sized() Error Formatting for Non-NUL-Terminated Counted BuffersInformation published.MSRC.MICROSOFT.COM
17 AprCVE-2026-35199 SymCrypt SymCryptXmssSign function - Heap overflow via 64->32-bit leaf-count truncationInformation published.MSRC.MICROSOFT.COM
17 AprCVE-2025-14821 Libssh: libssh: insecure default configuration leads to local man-in-the-middle attacks on windowsInformation published.MSRC.MICROSOFT.COM
17 AprCVE-2026-40179 Prometheus: Stored XSS via metric names and label values in web UI tooltips and metrics explorerInformation published.MSRC.MICROSOFT.COM
17 AprPoC Released for FortiSandbox Flaw Enabling Arbitrary Command ExecutionA proof-of-concept (PoC) exploit has been publicly released for a critical security flaw in Fortinet’s FortiSandbox. Tracked as CVE-2026-39808, this severe vulnerability allows an unauthenticated attacker to execute arbitrary commands on the underlying operating system with…GBHACKERS.COM
17 AprWeaponized CVE-2026-39987 Pushes Blockchain Backdoor Through Hugging FaceAttackers are rapidly exploiting CVE-2026-39987 in the marimo Python notebook platform to deploy a new NKAbuse backdoor variant hosted on Hugging Face Spaces, turning AI/ML developer environments into high‑value infection points. The campaign combines pre-auth RCE, credential the…GBHACKERS.COM
17 AprAnother Microsoft Defender privilege escalation bug emerges days after patchDays after Microsoft patched a high-severity issue affecting its Windows Defender antivirus tool through April’s Patch Tuesday, researchers warn of another vulnerability that could enable SYSTEM privileges through local escalation. In a newly disclosed proof-of-concept (PoC) expl…CSOONLINE.COM
17 AprTP-Link Routers Hit by Mirai in CVE-2023-33538 AttacksHackers are actively scanning for vulnerable TP-Link home routers to push Mirai-style malware, abusing CVE-2023-33538 in a new wave of automated attacks. While the current exploit attempts are technically flawed, researchers warn that the underlying bug is real and dangerous when…GBHACKERS.COM
17 AprNIST Drops NVD Enrichment for Pre-March 2026 Vulnerabilities - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/nvd-enrichment-premarch-2026/SH.ITJUST.WORKS
17 AprChromium: CVE-2026-6296 Heap buffer overflow in ANGLEThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6363 Type Confusion in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6359 Use after free in VideoThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6364 Out of bounds read in SkiaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6362 Use after free in CodecsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6313 Insufficient policy enforcement in CORSThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6314 Out of bounds write in GPUThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6318 Use after free in CodecsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6361 Heap buffer overflow in PDFiumThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6310 Use after free in DawnThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6360 Use after free in FileSystemThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6316 Use after free in FormsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6309 Use after free in VizThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6311 Uninitialized Use in AccessibilityThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6307 Type Confusion in TurbofanThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6306 Heap buffer overflow in PDFiumThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6303 Use after free in CodecsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6308 Out of bounds read in MediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6302 Use after free in VideoThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6300 Use after free in CSSThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6304 Use after free in GraphiteThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6305 Heap buffer overflow in PDFiumThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6301 Type Confusion in TurbofanThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6317 Use after free in CastThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6312 Insufficient policy enforcement in PasswordsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6298 Heap buffer overflow in SkiaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6297 Use after free in ProxyThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprChromium: CVE-2026-6299 Use after free in PrerenderThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
17 AprCritical sandbox bypass fixed in popular Thymeleaf Java template engineMaintainers of Thymeleaf, a widely used template engine for Java web applications, fixed a rare critical vulnerability that allows unauthenticated attackers to execute malicious code on servers. The vulnerability, tracked as CVE-2026-40478, is rated 9.1 on the CVSS severity scale…CSOONLINE.COM
16 Apr KEVNginx-UI Flaw Actively Exploited to Enable Full Server TakeoverA severe vulnerability in nginx-ui, a widely used open-source web interface for managing Nginx servers, is currently being actively exploited in the wild. Tracked as CVE-2026-33032 with a maximum CVSS base score of 9.8, this critical flaw allows remote attackers to completely tak…GBHACKERS.COM
16 AprSplunk Enterprise and Cloud Platform Exposed to Dangerous RCE VulnerabilitySplunk has disclosed a high-severity vulnerability affecting both its Enterprise and Cloud Platform environments. Tracked as CVE-2026-20204, this flaw allows attackers to execute arbitrary code remotely. With a CVSS score of 7.1, the vulnerability requires immediate attention fro…GBHACKERS.COM
16 AprCisco Webex Vulnerability Allows User Impersonation AttacksCisco has released an urgent security advisory warning organizations of a critical vulnerability in its Webex communication platform. Tracked as CVE-2026-20184, this severe flaw could allow unauthenticated, remote attackers to entirely bypass security checks and impersonate any l…GBHACKERS.COM
16 AprNew PoC Exploit Published for Microsoft Defender 0-Day FlawA security researcher operating under the alias “Chaotic Eclipse” has publicly released a proof-of-concept (PoC) exploit for a vulnerability in Microsoft Defender. Published on April 15, 2026, the exploit targets a flaw in CVE-2026-33825, a recently patched vulnerabil…GBHACKERS.COM
16 AprCisco Patches Four Critical Identity Services, Webex Flaws Enabling Code ExecutionCisco has announced patches to address four critical security flaws impacting Identity Services and Webex Services that could result in arbitrary code execution and allow an attacker to impersonate any user within the service. The details of the vulnerabilities are below&nbs…THEHACKERNEWS.COM
16 AprBehind the Mythos hype, Glasswing has just one confirmed CVEEfforts to cut through the buzz surrounding Anthropic’s Mythos are emerging. As OpenAI moves to counter the hype around it with its own cybersecurity model, VulnCheck is reporting that the model’s publicly attributable output amounts to just one confirmed CVE. While Project Glass…CSOONLINE.COM
16 Apr KEVActively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeoversubmitted by kid to cybersecurity 2 points | 0 comments https://thehackernews.com/2026/04/critical-nginx-ui-vulnerability-cve.htmlSH.ITJUST.WORKS
16 AprNVD shifts strategy to deal with a CVE backlog.McGraw Hill confirms data breach. Two US nationals sentenced to prison for involvement in North Korean IT worker schemes.THECYBERWIRE.COM
16 AprToo many flaws, not enough time.NIST struggles with an NVD backlog. Cisco and Splunk ship critical patches. Researchers flag a systemic flaw in Anthropic’s MCP. ShinyHunters leak 13.5 million McGraw Hill accounts. Cargo theft goes cyber. A Tennessee hospital breach hits 337,000 patients. Two Americans are sente…THECYBERWIRE.COM
16 Apr KEVNIST cuts down CVE analysis amid vulnerability overloadOverwhelmed by an escalating volume of security flaws, the National Institute of Standards and Technology (NIST) has announced significant changes to how it handles cybersecurity vulnerabilities and exposures (CVEs). Rather than commit to providing enrichment for all entries in i…CSOONLINE.COM
16 AprCisco Systems issues three advisories for critical vulnerabilities in Webex, ISEAdmins who use Cisco Webex Services configured to use trust anchors within the SSO integration with Control Hub must install a new identity provider certificate to close a critical vulnerability, or risk losing access control. Cisco said in an advisory this week that admins must …CSOONLINE.COM
15 Apr KEVApril Patch Tuesday roundup: Zero day vulnerabilities and critical bugsA critical hole in Windows Internet Key Exchange for secure communications, an actively exploited zero day in Microsoft SharePoint and a critical SQL injection vulnerability in a SAP product are the focus of the April Patch Tuesday releases requiring immediate attention from IT s…CSOONLINE.COM
15 Apr KEVMicrosoft Patch Tuesday for April 2026 fixed actively exploited SharePoint zero-dayMicrosoft Patch Tuesday security updates for April 2026 fixed 165 vulnerabilities, including an actively exploited SharePoint zero-day. Microsoft Patch Tuesday security updates addressed 165 vulnerabilities, making it one of the largest updates by CVE count. One of the most inter…SECURITYAFFAIRS.COM
15 AprCVE-2026-5448 1-2 Byte Buffer Overflow in wolfSSL_X509_notAfter/notBeforeInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-5778 Integer underflow leads to out-of-bounds access in sniffer ChaCha decrypt path.Information published.MSRC.MICROSOFT.COM
15 AprCVE-2026-5460 Heap Use-After-Free in PQC Hybrid KeyShare Error Cleanup in wolfSSL TLS 1.3Information published.MSRC.MICROSOFT.COM
15 AprCVE-2026-5446 wolfSSL ARIA-GCM TLS 1.2/DTLS 1.2 GCM nonce reuseInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-34601 xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertionInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-5393 OOB Read in DoTls13CertificateVerify with WOLFSSL_DUAL_ALG_CERTSInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-5500 Improper Validation of AES-GCM Authentication Tag Length in PKCS#7 Envelope Allows Authentication BypassInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-5504 PKCS7 CBC Padding Oracle — Plaintext RecoveryInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-5501 Improper Certificate Signature Verification in X.509 Chain Validation Allows Forged Leaf CertificatesInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-5507 Session Cache Restore — Arbitrary Free via Deserialized PointerInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-5477 Prefix-substitution forgery via integer overflow in wolfCrypt CMACInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-5479 wolfSSL EVP ChaCha20-Poly1305 AEAD authentication tagInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-5503 out-of-bounds write in TLSX_EchChangeSNI via attacker-controlled publicNameInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-5295 Stack Buffer Overflow in wolfSSL PKCS7 wc_PKCS7_DecryptOri() via Oversized OIDInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-5188 Integer underflow in X.509 SAN parsing in wolfSSLInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-5447 Heap buffer overflow in CertFromX509() via AuthorityKeyIdentifierInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-5772 MatchDomainName 1-Byte Stack Buffer Over-Read in Hostname ValidationInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-5263 URI nameConstraints not enforced in ConfirmNameConstraints()Information published.MSRC.MICROSOFT.COM
15 AprCVE-2026-5392 wolfSSL heap OOB read in PKCS7 SignedData streamingInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-1502 HTTP client proxy tunnel headers not validated for CR/LFInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-35201 Discount has an Out-of-bounds Read in rdiscountInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-34481 Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayoutInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-34479 Apache Log4j 1 to Log4j 2 bridge: Silent log event loss in Log4j1XmlLayout due to unescaped XML 1.0 forbidden charactersInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-34480 Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden charactersInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2026-40175 Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection ChainInformation published.MSRC.MICROSOFT.COM
15 AprCVE-2025-62718 Axios has a NO_PROXY Hostname Normalization Bypass Leads to SSRFInformation published.MSRC.MICROSOFT.COM
15 Apr KEVMicrosoft Warns of Actively Exploited SharePoint Server Zero-DayMicrosoft issued an urgent security update addressing an actively exploited zero-day vulnerability in its SharePoint Server platform. The flaw, officially tracked as CVE-2026-32201, allows unauthenticated attackers to conduct network-based spoofing attacks. Because threat actors …GBHACKERS.COM
15 AprCVE-2025-30258 In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."Information published.MSRC.MICROSOFT.COM
15 AprWindows Active Directory Flaw Opens Door to Malicious Code ExecutionMicrosoft disclosed a critical security vulnerability within Windows Active Directory that exposes enterprise networks to severe risks. Tracked officially as CVE-2026-33826, this vulnerability allows authenticated attackers to execute malicious code remotely over an adjacent netw…GBHACKERS.COM
15 AprCopilot and Agentforce fall to form-based prompt injection tricksEnterprise AI agents are supposed to streamline workflows. Instead, two fresh findings show they can just as easily streamline data exfiltration. Security researchers have uncovered prompt-injection vulnerabilities in both Microsoft Copilot Studio and Salesforce Agentforce that a…CSOONLINE.COM
15 Apr KEVActively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server TakeoverA recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild. The vulnerability in question is CVE-2026-33032 (CVSS score: 9.8), an authentication bypass vulnerability that ena…THEHACKERNEWS.COM
15 AprApril Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and MoreA number of critical vulnerabilities impacting products from Adobe, Fortinet, Microsoft, and SAP have taken center stage in April's Patch Tuesday releases. Topping the list is an SQL injection vulnerability impacting SAP Business Planning and Consolidation and SAP Busin…THEHACKERNEWS.COM
15 Apr KEVCVE-2026-33032: severe nginx-ui bug grants unauthenticated server accessAn actively exploited critical nginx-ui flaw (CVE-2026-33032) lets attackers bypass authentication and take full control of Nginx servers. A critical vulnerability in nginx-ui, tracked as CVE-2026-33032 (CVSS score of 9.8), is being actively exploited, allowing attackers to bypas…SECURITYAFFAIRS.COM
15 AprCritical nginx UI tool vulnerability opens web servers to full compromiseSecurity vendor Pluto Security has published details of a critical vulnerability in the open-source nginx UI web server configuration tool that has been under active exploitation by cybercriminals since March. News of the flaw, identified as CVE-2026-33032 , first appeared on the…CSOONLINE.COM
14 Apr KEVShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched ServersA critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0520 (aka CNVD-2020-26585), which carries a CVSS score o…THEHACKERNEWS.COM
14 AprCVE-2025-1147 GNU Binutils nm nm.c internal_strlen buffer overflowInformation published.MSRC.MICROSOFT.COM
14 AprCVE-2025-1148 GNU Binutils ld ldelfgen.c link_order_scan memory leakInformation published.MSRC.MICROSOFT.COM
14 AprCVE-2025-11839 GNU Binutils prdbg.c tg_tag_type return valueInformation published.MSRC.MICROSOFT.COM
14 AprCVE-2026-31416 netfilter: nfnetlink_log: account for netlink header sizeInformation published.MSRC.MICROSOFT.COM
14 AprCVE-2026-31423 net/sched: sch_hfsc: fix divide-by-zero in rtsc_min()Information published.MSRC.MICROSOFT.COM
14 AprCVE-2026-31424 netfilter: x_tables: restrict xt_check_match/xt_check_target extensions for NFPROTO_ARPInformation published.MSRC.MICROSOFT.COM
14 AprCVE-2026-31427 netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdpInformation published.MSRC.MICROSOFT.COM
14 AprCVE-2026-31419 net: bonding: fix use-after-free in bond_xmit_broadcast()Information published.MSRC.MICROSOFT.COM
14 AprCVE-2026-31421 net/sched: cls_fw: fix NULL pointer dereference on shared blocksInformation published.MSRC.MICROSOFT.COM
14 AprCVE-2026-31428 netfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOADInformation published.MSRC.MICROSOFT.COM
14 AprCVE-2026-31418 netfilter: ipset: drop logically empty buckets in mtype_delInformation published.MSRC.MICROSOFT.COM
14 AprCVE-2026-31417 net/x25: Fix overflow when accumulating packetsInformation published.MSRC.MICROSOFT.COM
14 AprCVE-2026-31422 net/sched: cls_flow: fix NULL pointer dereference on shared blocksInformation published.MSRC.MICROSOFT.COM
14 AprCVE-2026-31414 netfilter: nf_conntrack_expect: use expect->helperInformation published.MSRC.MICROSOFT.COM
14 AprCVE-2026-31426 ACPI: EC: clean up handlers on probe failure in acpi_ec_setup()Information published.MSRC.MICROSOFT.COM
14 AprCVE-2026-31420 bridge: mrp: reject zero test interval to avoid OOM panicInformation published.MSRC.MICROSOFT.COM
14 AprHackers Exploit Critical ShowDoc RCE Flaw in Ongoing AttacksCybersecurity researchers have highlighted a critical vulnerability in ShowDoc, a widely used online document-sharing platform designed for IT teams. Tracked as CNVD-2020-26585, this severe security flaw allows unauthenticated remote code execution (RCE) on compromised servers. T…GBHACKERS.COM
14 Apr KEVCISA Warns Fortinet SQL Injection Flaw Is Being Actively ExploitedThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical security flaw in Fortinet software. On April 13, 2026, CISA added CVE-2026-21643 to its Known Exploited Vulnerabilities (KEV) catalog. This action confirms that threat ac…GBHACKERS.COM
14 Apr KEVAttackers target unpatched ShowDoc servers via CVE-2025-0520A critical RCE flaw, tracked as CVE-2025-0520, in ShowDoc is being actively exploited, putting unpatched servers at serious risk. A critical remote code execution flaw, tracked as CVE-2025-0520 (CVSS score of 9.4), affecting ShowDoc is under active exploitation in the wild. ShowD…SECURITYAFFAIRS.COM
14 AprCritical etcd Vulnerability Allows Unauthorized Access to Sensitive Cluster APIsAn autonomous AI security agent developed by Strix has discovered a critical authentication bypass vulnerability in etcd, the widely used distributed key-value store that underpins countless backend systems worldwide. Tracked as CVE-2026-33413 and assigned a CVSS score of 8.8, th…GBHACKERS.COM
14 Apr KEVAdobe issues emergency fix for Acrobat Reader flaw exploited in the wild (CVE-2026-34621) - Help Net Securitysubmitted by kid to cybersecurity 4 points | 0 comments https://www.helpnetsecurity.com/2026/04/13/adobe-acrobat-reader-cve-2026-34621-emergency-fix/SH.ITJUST.WORKS
14 AprNew PHP Composer Flaws Enable Arbitrary Command Execution — Patches ReleasedTwo high-severity security vulnerabilities have been disclosed in Composer, a package manager for PHP, that, if successfully exploited, could result in arbitrary command execution. The vulnerabilities have been described as command injection flaws affecti…THEHACKERNEWS.COM
14 AprCVE-2026-20930 Windows Management Services Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-25250 MITRE: CVE-2026-25250 Secure Boot disable Eazy FixMissing cryptographic step in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-23653 GitHub Copilot and Visual Studio Code Information Disclosure VulnerabilityImproper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-25184 Applocker Filter Driver (applockerfltr.sys) Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Applocker Filter Driver (applockerfltr.sys) allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-20945 Microsoft SharePoint Server Spoofing VulnerabilityImproper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-23670 Windows Virtualization-Based Security (VBS) Security Feature Bypass VulnerabilityUntrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26149 Microsoft Power Apps Security Feature BypassImproper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to bypass a security feature over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-26151 Remote Desktop Spoofing VulnerabilityInsufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-26154 Windows Server Update Service (WSUS) Tampering VulnerabilityImproper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-26155 Microsoft Local Security Authority Subsystem Service Information Disclosure VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 AprCVE-2026-26160 Remote Desktop Licensing Service Elevation of Privilege VulnerabilityMissing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26161 Windows Sensor Data Service Elevation of Privilege VulnerabilityUntrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26162 Windows OLE Elevation of Privilege VulnerabilityAccess of resource using incompatible type ('type confusion') in Windows OLE allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26165 Windows Shell Elevation of Privilege VulnerabilityUse after free in Windows Shell allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26166 Windows Shell Elevation of Privilege VulnerabilityDouble free in Windows Shell allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26167 Windows Push Notifications Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26174 Windows Server Update Service (WSUS) Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Server Update Service allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26175 Windows Boot Manager Security Feature Bypass VulnerabilityUse of uninitialized resource in Windows Boot Manager allows an unauthorized attacker to bypass a security feature with a physical attack.MSRC.MICROSOFT.COM
14 AprCVE-2026-26179 Windows Kernel Elevation of Privilege VulnerabilityDouble free in Windows Kernel allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26180 Windows Kernel Elevation of Privilege VulnerabilityHeap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26181 Microsoft Brokering File System Elevation of Privilege VulnerabilityUse after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26183 Remote Access Management service/API (RPC server) Elevation of Privilege VulnerabilityImproper access control in Windows RPC API allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27906 Windows Hello Security Feature Bypass VulnerabilityImproper input validation in Windows Hello allows an authorized attacker to bypass a security feature locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27907 Windows Storage Spaces Controller Elevation of Privilege VulnerabilityInteger underflow (wrap or wraparound) in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27908 Windows TDI Translation Driver (tdx.sys) Elevation of Privilege VulnerabilityUse after free in Windows TDI Translation Driver (tdx.sys) allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27915 Windows UPnP Device Host Elevation of Privilege VulnerabilityUse after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27917 Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) Elevation of Privilege VulnerabilityUse after free in Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27918 Windows Shell Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27919 Windows UPnP Device Host Elevation of Privilege VulnerabilityUntrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27921 Windows TDI Translation Driver (tdx.sys) Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27924 Desktop Window Manager Elevation of Privilege VulnerabilityUse after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27926 Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27927 Windows Projected File System Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Projected File System allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27929 Windows LUA File Virtualization Filter Driver Elevation of Privilege VulnerabilityTime-of-check time-of-use (toctou) race condition in Windows LUAFV allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27931 Windows GDI Information Disclosure VulnerabilityOut-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32071 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service VulnerabilityNull pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-32073 Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityUse after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32075 Windows UPnP Device Host Elevation of Privilege VulnerabilityUse after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32081 Package Catalog Information Disclosure VulnerabilityExposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32082 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32083 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32085 Remote Procedure Call Information Disclosure VulnerabilityExposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an authorized attacker to disclose information locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32087 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege VulnerabilityHeap-based buffer overflow in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32089 Windows Speech Brokered Api Elevation of Privilege VulnerabilityUse after free in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32090 Windows Speech Brokered Api Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32093 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32152 Desktop Window Manager Elevation of Privilege VulnerabilityUse after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32154 Desktop Window Manager Elevation of Privilege VulnerabilityUse after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32156 Windows UPnP Device Host Remote Code Execution VulnerabilityUse after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32157 Remote Desktop Client Remote Code Execution VulnerabilityUse after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-32158 Windows Push Notifications Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32159 Windows Push Notifications Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32160 Windows Push Notifications Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-0390 UEFI Secure Boot Security Feature Bypass VulnerabilityReliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32165 Windows User Interface Core Elevation of Privilege VulnerabilityUse after free in Windows User Interface Core allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32167 SQL Server Elevation of Privilege VulnerabilityImproper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32168 Azure Monitor Agent Elevation of Privilege VulnerabilityImproper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32178 .NET Spoofing VulnerabilityImproper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-32181 Connected User Experiences and Telemetry Service Denial of Service VulnerabilityImproper privilege management in Microsoft Windows allows an authorized attacker to deny service locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32183 Windows Snipping Tool Remote Code Execution VulnerabilityImproper neutralization of special elements used in a command ('command injection') in Windows Snipping Tool allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32184 Microsoft High Performance Compute (HPC) Pack Elevation of Privilege VulnerabilityDeserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32188 Microsoft Excel Information Disclosure VulnerabilityOut-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32189 Microsoft Excel Remote Code Execution VulnerabilityUse after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32192 Azure Monitor Agent Elevation of Privilege VulnerabilityDeserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32195 Windows Kernel Elevation of Privilege VulnerabilityStack-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32202 Windows Shell Spoofing VulnerabilityProtection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-32215 Windows Kernel Information Disclosure VulnerabilityInsertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32216 Windows Redirected Drive Buffering System Denial of Service VulnerabilityNull pointer dereference in Windows Redirected Drive Buffering allows an authorized attacker to deny service locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32217 Windows Kernel Information Disclosure VulnerabilityInsertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32218 Windows Kernel Information Disclosure VulnerabilityInsertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.MSRC.MICROSOFT.COM
14 AprCVE-2023-20585 AMD: CVE-2023-20585 IOMMU Write Buffer VulnerabilityThe vulnerability assigned to this CVE could lead to corruption of guest encrypted memory. The mitigation for this vulnerability requires a Windows update. This CVE is being documented in the Security Update Guide to announce that the latest builds of Windows enable the mitigatio…MSRC.MICROSOFT.COM
14 AprCVE-2026-32219 Microsoft Brokering File System Elevation of Privilege VulnerabilityDouble free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32220 UEFI Secure Boot Security Feature Bypass VulnerabilityImproper access control in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32221 Windows Graphics Component Remote Code Execution VulnerabilityHeap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32222 Windows Win32k Elevation of Privilege VulnerabilityUntrusted pointer dereference in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32223 Windows USB Printing Stack (usbprint.sys) Elevation of Privilege VulnerabilityHeap-based buffer overflow in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a physical attack.MSRC.MICROSOFT.COM
14 AprCVE-2026-32224 Windows Server Update Service (WSUS) Elevation of Privilege VulnerabilityUse after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32226 .NET Framework Denial of Service VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-33095 Microsoft Word Remote Code Execution VulnerabilityUse after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-33096 HTTP.sys Denial of Service VulnerabilityOut-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-33098 Windows Container Isolation FS Filter Driver Elevation of Privilege VulnerabilityUse after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-33116 .NET, .NET Framework, and Visual Studio Denial of Service VulnerabilityLoop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-33120 Microsoft SQL Server Remote Code Execution VulnerabilityUntrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-33822 Microsoft Word Information Disclosure VulnerabilityOut-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-33826 Windows Active Directory Remote Code Execution VulnerabilityImproper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.MSRC.MICROSOFT.COM
14 AprCVE-2026-32212 Universal Plug and Play (upnp.dll) Information Disclosure VulnerabilityImproper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32631 GitHub: CVE-2026-32631 'git clone' from manipulated repositories can leak NTLM hashes[CVE-2026-32631](https://www.cve.org/CVERecord?id=CVE-2026-32631) is regarding a vulnerability where it is possible to obtain a user's NTLM hash by tricking them into cloning a malicious repository, or checking out a malicious branch that accesses an attacker-controlled server. B…MSRC.MICROSOFT.COM
14 AprCVE-2026-21637 HackerOne: CVE-2026-21637 TLS PSK/ALPN Callback Exceptions Bypass Error Handlers[CVE-2026-21637](https://www.cve.org/CVERecord?id=CVE-2026-21637) is regarding a vulnerability in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during the…MSRC.MICROSOFT.COM
14 AprCVE-2026-20928 Windows Recovery Environment Security Feature Bypass VulnerabilityImproper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack.MSRC.MICROSOFT.COM
14 AprCVE-2026-20806 Windows COM Server Information Disclosure VulnerabilityAccess of resource using incompatible type ('type confusion') in Windows COM allows an authorized attacker to disclose information locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-23657 Microsoft Word Remote Code Execution VulnerabilityUse after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-23666 .NET Framework Denial of Service VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-26143 Microsoft PowerShell Security Feature Bypass VulnerabilityImproper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26152 Microsoft Cryptographic Services Elevation of Privilege VulnerabilityInsecure storage of sensitive information in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26153 Windows Encrypted File System (EFS) Elevation of Privilege VulnerabilityOut-of-bounds read in Windows Encrypting File System (EFS) allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26156 Windows Hyper-V Remote Code Execution VulnerabilityHeap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26159 Remote Desktop Licensing Service Elevation of Privilege VulnerabilityMissing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26163 Windows Kernel Elevation of Privilege VulnerabilityDouble free in Windows Kernel allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26168 Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26169 Windows Kernel Memory Information Disclosure VulnerabilityBuffer over-read in Windows Kernel Memory allows an authorized attacker to disclose information locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26170 PowerShell Elevation of Privilege VulnerabilityImproper input validation in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26172 Windows Push Notifications Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26173 Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26176 Windows Client Side Caching driver (csc.sys) Elevation of Privilege VulnerabilityHeap-based buffer overflow in Windows Client Side Caching driver (csc.sys) allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26177 Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityUse after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26178 Windows Advanced Rasterization Platform Elevation of Privilege VulnerabilityInteger size truncation in Windows Advanced Rasterization Platform (WARP) allows an unauthorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26182 Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityUse after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-26184 Windows Projected File System Elevation of Privilege VulnerabilityBuffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27909 Windows Search Service Elevation of Privilege VulnerabilityUse after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27910 Windows Installer Elevation of Privilege VulnerabilityImproper handling of insufficient permissions or privileges in Windows Installer allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27911 Windows User Interface Core Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27912 Windows Kerberos Elevation of Privilege VulnerabilityImproper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network.MSRC.MICROSOFT.COM
14 AprCVE-2026-27913 Windows BitLocker Security Feature Bypass VulnerabilityImproper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27914 Microsoft Management Console Elevation of Privilege VulnerabilityImproper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27916 Windows UPnP Device Host Elevation of Privilege VulnerabilityUse after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27920 Windows UPnP Device Host Elevation of Privilege VulnerabilityUntrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27922 Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityUse after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27923 Desktop Window Manager Elevation of Privilege VulnerabilityUse after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-27925 Windows UPnP Device Host Information Disclosure VulnerabilityUse after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to disclose information over an adjacent network.MSRC.MICROSOFT.COM
14 AprCVE-2026-27928 Windows Hello Security Feature Bypass VulnerabilityImproper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-27930 Windows GDI Information Disclosure VulnerabilityOut-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32068 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32069 Windows Projected File System Elevation of Privilege VulnerabilityDouble free in Windows Projected File System allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32070 Windows Common Log File System Driver Elevation of Privilege VulnerabilityUse after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32072 Active Directory Spoofing VulnerabilityImproper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32074 Windows Projected File System Elevation of Privilege VulnerabilityDouble free in Windows Projected File System allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32076 Windows Storage Spaces Controller Elevation of Privilege VulnerabilityOut-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32077 Windows UPnP Device Host Elevation of Privilege VulnerabilityUntrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32078 Windows Projected File System Elevation of Privilege VulnerabilityUse after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32079 Web Account Manager Information Disclosure VulnerabilityExposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32080 Windows WalletService Elevation of Privilege VulnerabilityUse after free in Windows WalletService allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32084 Windows Print Spooler Information Disclosure VulnerabilityExposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32086 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32088 Windows Biometric Service Security Feature Bypass VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Biometric Service allows an unauthorized attacker to bypass a security feature with a physical attack.MSRC.MICROSOFT.COM
14 AprCVE-2026-32091 Microsoft Brokering File System Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32149 Windows Hyper-V Remote Code Execution VulnerabilityImproper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32150 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32151 Windows Shell Information Disclosure VulnerabilityExposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-32153 Windows Speech Runtime Elevation of Privilege VulnerabilityUse after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32155 Desktop Window Manager Elevation of Privilege VulnerabilityUse after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32162 Windows COM Elevation of Privilege VulnerabilityAcceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32163 Windows User Interface Core Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32164 Windows User Interface Core Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32171 Azure Logic Apps Elevation of Privilege VulnerabilityInsufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-32176 SQL Server Elevation of Privilege VulnerabilityImproper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32190 Microsoft Office Remote Code Execution VulnerabilityUse after free in Microsoft Office allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32196 Windows Admin Center Spoofing VulnerabilityImproper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-32197 Microsoft Excel Remote Code Execution VulnerabilityUse after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32198 Microsoft Excel Remote Code Execution VulnerabilityUse after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32199 Microsoft Excel Remote Code Execution VulnerabilityUse after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32200 Microsoft PowerPoint Remote Code Execution VulnerabilityUse after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-32201 Microsoft SharePoint Server Spoofing VulnerabilityImproper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-26171 .NET Denial of Service VulnerabilityUncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-32203 .NET and Visual Studio Denial of Service VulnerabilityStack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-32225 Windows Shell Security Feature Bypass VulnerabilityProtection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-33099 Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityUse after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-33100 Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityUse after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-33101 Windows Print Spooler Elevation of Privilege VulnerabilityUse after free in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-33103 Microsoft Dynamics 365 (On-Premises) Information Disclosure VulnerabilityImproper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-33104 Win32k Elevation of Privilege VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-33114 Microsoft Word Remote Code Execution VulnerabilityUntrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-33115 Microsoft Word Remote Code Execution VulnerabilityUse after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-33827 Windows TCP/IP Remote Code Execution VulnerabilityConcurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-33824 Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution VulnerabilityDouble free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-33829 Windows Snipping Tool Spoofing VulnerabilityExposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network.MSRC.MICROSOFT.COM
14 AprCVE-2026-32214 Universal Plug and Play (upnp.dll) Information Disclosure VulnerabilityImproper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.MSRC.MICROSOFT.COM
14 AprCVE-2026-33825 Microsoft Defender Elevation of Privilege VulnerabilityInsufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.MSRC.MICROSOFT.COM
14 Apr KEVMicrosoft’s April 2026 Patch Tuesday Addresses 163 CVEs (CVE-2026-32201)8 Critical 154 Important 1 Moderate 0 Low Microsoft addresses 163 CVEs in the April 2026 Patch Tuesday release, including two zero-day vulnerabilities, one of which was exploited in the wild. Microsoft patched 163 CVEs in its April 2026 Patch Tuesday release, with eight rated cri…TENABLE.COM
13 Apr KEVAdobe Fixes Actively Exploited Zero-Day in Acrobat ReaderAdobe has released an emergency security update to address a critical zero-day vulnerability in Acrobat and Reader for Windows and macOS. According to Adobe’s APSB26-43 bulletin, the flaw is currently being exploited in the wild, prompting a Priority 1 rating from the compa…GBHACKERS.COM
13 AprWordPress Plugin Vulnerability Enables Admin Takeover via Auth BypassA newly disclosed vulnerability, tracked as CVE-2026-1492, has been identified in the User Registration & Membership plugin for WordPress, exposing websites to critical authentication bypass and privilege escalation risks. Affecting versions up to 5.1.2, the vulnerability all…GBHACKERS.COM
13 Apr KEVMarimo RCE Vulnerability Exploited Within 10 Hours of Public DisclosureA critical remote code execution (RCE) vulnerability in the open-source Python notebook platform Marimo was actively exploited less than 10 hours after its public disclosure. The flaw, initially tracked as GHSA-2679-6mx9-h9xc and later assigned CVE-2026-39987, carries a critical …GBHACKERS.COM
13 AprCritical Axios Vulnerability Enables Remote Code Execution, PoC ReleasedA critical security vulnerability has been discovered in Axios, one of the most widely used HTTP client libraries, exposing applications to Remote Code Execution (RCE) and full cloud infrastructure compromise. Tracked as CVE-2026-40175, this flaw carries a critical CVSS 3.1 score…GBHACKERS.COM
13 AprSeven IBM WebSphere Liberty flaws can be chained into full takeoverSecurity researchers are warning of a set of flaws affecting IBM WebSphere Liberty, a lightweight, modular Java application server, that can be chained into a full server compromise. The flaws, a total of seven, that led to the ultimate compromise of the server were initiated by …CSOONLINE.COM
13 Apr KEVCritical flaw in Marimo Python notebook exploited within 10 hours of disclosureA critical pre-authentication remote code execution vulnerability in Marimo, an open-source Python notebook platform owned by AI cloud company CoreWeave, was exploited in the wild less than 10 hours after its public disclosure, according to the Sysdig Threat Research Team. The vu…CSOONLINE.COM
13 AprAdobe rolls out emergency fix for Acrobat, Reader zero-day flawAdobe has released an emergency security update for Acrobat Reader to fix a vulnerability, tracked as CVE-2026-34621, that has been exploited in zero-day attacks since at least December. [...]BLEEPINGCOMPUTER.COM
12 Apr KEVAdobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621Adobe has released emergency updates to fix a critical security flaw in Acrobat Reader that has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2026-34621, carries a CVSS score of 8.6 out of 10.0. Successful exploitation of…THEHACKERNEWS.COM
12 AprCVE-2026-35206 Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segmentInformation published.MSRC.MICROSOFT.COM
12 AprCVE-2026-34757 LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosureInformation published.MSRC.MICROSOFT.COM
12 AprCVE-2026-39853 osslsigncode has a Stack Buffer Overflow via Unbounded Digest Copy During Signature VerificationInformation published.MSRC.MICROSOFT.COM
12 AprCVE-2026-39855 osslsigncode has an Integer Underflow in PE Page Hash Calculation Can Cause Out-of-Bounds ReadInformation published.MSRC.MICROSOFT.COM
12 AprCVE-2026-39856 osslsigncode has an Out-of-Bounds Read via Unvalidated Section Bounds in PE Page Hash CalculationInformation published.MSRC.MICROSOFT.COM
12 AprAdobe Patches Reader Zero-Day Exploited for MonthsThe vulnerability is tracked as CVE-2026-34621 and Adobe has confirmed that it can be exploited for arbitrary code execution. The post Adobe Patches Reader Zero-Day Exploited for Months appeared first on SecurityWeek .SECURITYWEEK.COM
12 Apr KEVAdobe fixes actively exploited Acrobat Reader flaw CVE-2026-34621Adobe addressed a critical Acrobat Reader vulnerability, tracked as CVE-2026-34621, which is actively exploited to run malicious code. Adobe released emergency updates to address a critical vulnerability, tracked as CVE-2026-34621 (CVSS score of 8.6), in Adobe Acrobat Reader, whi…SECURITYAFFAIRS.COM
11 AprJeff Williams CTO Cofounder of Contrast Security and OWASP co-founder on Mythos and AI SecurityAI-Powered AppSec, OWASP Origins, and Anthropic's "Mythos" Model: Jeff Williams on What Changes Next Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integ…CYBERSECURITYTODAY.LIBSYN.COM
11 AprCVE-2026-28810 Predictable DNS Transaction IDs Enable Cache Poisoning in Built-in ResolverInformation published.MSRC.MICROSOFT.COM
11 AprCVE-2026-29181 OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)Information published.MSRC.MICROSOFT.COM
11 AprCVE-2026-27144 Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compileInformation published.MSRC.MICROSOFT.COM
11 AprCVE-2026-32282 TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unixInformation published.MSRC.MICROSOFT.COM
11 AprCVE-2026-33810 Case-sensitive excludedSubtrees name constraints cause Auth Bypass in crypto/x509Information published.MSRC.MICROSOFT.COM
11 AprCVE-2026-4878 Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()Information published.MSRC.MICROSOFT.COM
11 AprCVE-2026-35611 Addressable has a Regular Expression Denial of Service in Addressable templatesInformation published.MSRC.MICROSOFT.COM
11 AprCVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfoInformation published.MSRC.MICROSOFT.COM
11 AprCVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfoInformation published.MSRC.MICROSOFT.COM
11 AprCVE-2026-39882 OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodiesInformation published.MSRC.MICROSOFT.COM
11 AprCVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tarInformation published.MSRC.MICROSOFT.COM
11 AprCVE-2026-32281 Inefficient policy validation in crypto/x509Information published.MSRC.MICROSOFT.COM
11 AprCVE-2026-32289 JsBraceDepth Context Tracking Bugs (XSS) in html/templateInformation published.MSRC.MICROSOFT.COM
11 AprCVE-2026-32283 Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tlsInformation published.MSRC.MICROSOFT.COM
11 AprCVE-2026-32280 Unexpected work during chain building in crypto/x509Information published.MSRC.MICROSOFT.COM
11 AprCVE-2026-27143 Missing bound checks can lead to memory corruption in safe Go in cmd/compileInformation published.MSRC.MICROSOFT.COM
11 AprCVE-2026-27140 Code execution vulnerability in SWIG code generation in cmd/goInformation published.MSRC.MICROSOFT.COM
10 AprJuniper Networks Default Credential Vulnerability Allows Unauthorized Full AccessJuniper Networks has issued a critical security alert regarding a severe vulnerability in its Support Insights (JSI) Virtual Lightweight Collector (vLWC). Tracked as CVE-2026-33784, this default credential flaw carries a near-maximum CVSS v3.1 severity score of 9.8. If left unres…GBHACKERS.COM
10 AprCVE-2026-23405 apparmor: fix: limit the number of levels of policy namespacesInformation published.MSRC.MICROSOFT.COM
10 AprCVE-2026-40026 Sleuth Kit ISO9660 SUSP Extension Reference Out-of-Bounds ReadInformation published.MSRC.MICROSOFT.COM
10 AprCVE-2026-40025 Sleuth Kit APFS Keybag Parser Out-of-Bounds ReadInformation published.MSRC.MICROSOFT.COM
10 AprCVE-2026-39881 Vim Ex command injection in Vims NetBeans integrationInformation published.MSRC.MICROSOFT.COM
10 AprCVE-2026-23403 apparmor: fix memory leak in verify_headerInformation published.MSRC.MICROSOFT.COM
10 AprCVE-2026-23404 apparmor: replace recursive profile removal with iterative approachInformation published.MSRC.MICROSOFT.COM
10 AprCVE-2026-23406 apparmor: fix side-effect bug in match_char() macro usageInformation published.MSRC.MICROSOFT.COM
10 AprCVE-2026-23407 apparmor: fix missing bounds check on DEFAULT table in verify_dfa()Information published.MSRC.MICROSOFT.COM
10 AprCVE-2026-23408 apparmor: Fix double free of ns_name in aa_replace_profiles()Information published.MSRC.MICROSOFT.COM
10 AprCVE-2026-23409 apparmor: fix differential encoding verificationInformation published.MSRC.MICROSOFT.COM
10 AprCVE-2026-23410 apparmor: fix race on rawdata dereferenceInformation published.MSRC.MICROSOFT.COM
10 AprCVE-2026-23411 apparmor: fix race between freeing data and fs accessing itInformation published.MSRC.MICROSOFT.COM
10 AprNew React Server Components Flaw Could Let Attackers Trigger DoSA newly disclosed high-severity vulnerability in React Server Components could allow unauthenticated attackers to trigger a Denial of Service (DoS) condition. Tracked as CVE-2026-23869, this flaw poses a significant risk to web applications using specific server-side rendering pa…GBHACKERS.COM
10 AprHPE Aruba Private 5G Vulnerability Opens Door to Credential Theft AttacksA newly disclosed security flaw in HPE Aruba Networking Private 5G Core On-Prem is putting enterprise networks at severe risk of credential theft. Documented under the security bulletin HPESBNW05032EN_US, this vulnerability targets the platform’s graphical user interface an…GBHACKERS.COM
10 AprMarimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of DisclosureA critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from Sysdig. The vulnerability in question is CVE-2026-39987 (CVSS score: …THEHACKERNEWS.COM
10 AprClaude uncovers a 13‑year‑old ActiveMQ RCE bug within minutesAnthropic’s Claude dug up a critical remote code execution (RCE) bug that sat quietly inside Apache ActiveMQ Classic for over a decade. Researchers at Horizon3.ai say that it only took minutes for their team to work out an exploit chain for the bug with the help of AI. The resear…CSOONLINE.COM
10 AprHackers Exploit GitHub Copilot Flaw to Exfiltrate Sensitive DataA high-severity flaw in GitHub Copilot Chat recently allowed attackers to silently steal sensitive data like API keys and private source code. Tracked as CVE-2025-59145 with a critical CVSS score of 9.6, this vulnerability required no malicious code execution. Instead, hackers us…GBHACKERS.COM
10 AprBringing Rust to the Pixel BasebandPosted by Jiacheng Lu, Software Engineer, Google Pixel Team Google is continuously advancing the security of Pixel devices. We have been focusing on hardening the cellular baseband modem against exploitation. Recognizing the risks associated within the complex modem firmware, Pix…SECURITY.GOOGLEBLOG.COM
10 AprOld Docker authorization bypass pops up despite previous patchResearchers warn about a new vulnerability that allows attackers to bypass authorization plug-ins in Docker Engine and gain root-level access to host systems. The flaw has the same root cause as another authorization bypass vulnerability patched in 2024, but the underlying proble…CSOONLINE.COM
10 AprChromium: CVE-2026-5899 Incorrect security UI in History NavigationThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5897 Incorrect security UI in DownloadsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5898 Incorrect security UI in OmniboxThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5896 Policy bypass in AudioThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5894 Inappropriate implementation in PDFThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5893 Race in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5891 Insufficient policy enforcement in browser UIThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5892 Insufficient policy enforcement in PWAsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5886 Out of bounds read in WebAudioThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5888 Uninitialized Use in WebCodecsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5890 Race in WebCodecsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5884 Insufficient validation of untrusted input in MediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5885 Insufficient validation of untrusted input in WebMLThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5895 Incorrect security UI in OmniboxThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5883 Use after free in MediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5887 Insufficient validation of untrusted input in DownloadsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5889 Cryptographic Flaw in PDFiumThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5880 Incorrect security UI in browser UIThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5879 Insufficient validation of untrusted input in ANGLEThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5882 Incorrect security UI in FullscreenThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5881 Policy bypass in LocalNetworkAccessThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5876 Side-channel information leakage in NavigationThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5878 Incorrect security UI in BlinkThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5877 Use after free in NavigationThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5874 Use after free in PrivateAIThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5871 Type Confusion in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5872 Use after free in BlinkThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5873 Out of bounds read and write in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5875 Policy bypass in BlinkThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5869 Heap buffer overflow in WebMLThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5870 Integer overflow in SkiaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5868 Heap buffer overflow in ANGLEThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5864 Heap buffer overflow in WebAudioThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5862 Inappropriate implementation in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5867 Heap buffer overflow in WebMLThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5860 Use after free in WebRTCThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5863 Inappropriate implementation in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5858 Heap buffer overflow in WebMLThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5859 Integer overflow in WebMLThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5861 Use after free in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5918 Inappropriate implementation in NavigationThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5919 Insufficient validation of untrusted input in WebSocketsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5913 Out of bounds read in BlinkThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5915 Insufficient validation of untrusted input in WebMLThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5914 Type Confusion in CSSThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5911 Policy bypass in ServiceWorkersThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5909 Integer overflow in MediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5912 Integer overflow in WebRTCThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5910 Integer overflow in MediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5908 Integer overflow in MediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5907 Insufficient data validation in MediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5904 Use after free in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5865 Type Confusion in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5906 Incorrect security UI in OmniboxThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5905 Incorrect security UI in PermissionsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5900 Policy bypass in DownloadsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5866 Use after free in MediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5903 Policy bypass in IFrameSandboxThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5902 Race in MediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5901 Policy bypass in DevToolsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprCVE-2026-33119 Microsoft Edge (Chromium-based) for Android Spoofing VulnerabilityUser interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.MSRC.MICROSOFT.COM
10 AprCVE-2026-33118 Microsoft Edge (Chromium-based) Spoofing VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 Apr KEVFortinet EMS Zero-Day, Anthropic's AI Finds Thousands of Bugs, Iranian Hackers Target US ICSFortinet EMS Zero-Day Exploited, Anthropic's AI Finds Thousands of Bugs, and Iranian Hackers Target US ICS Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one…CYBERSECURITYTODAY.LIBSYN.COM
9 AprPalo Alto Cortex XSOAR Flaw in Microsoft Teams Integration Lets Attackers Access DataPalo Alto Networks has released a high-priority security update to address a serious vulnerability in its Cortex XSOAR and Cortex XSIAM platforms. Tracked as CVE-2026-0234, this security flaw exists within the Microsoft Teams integration. If successfully exploited, it allows an u…GBHACKERS.COM
9 AprCVE-2026-34933 Avahi: Reachable assertion in `transport_flags_from_domain()` via conflicting publish flags crashes avahi-daemonInformation published.MSRC.MICROSOFT.COM
9 AprCVE-2026-39314 CUPS has an integer underflow in `_ppdCreateFromIPP` causes root cupsd crash via negative `job-password-supported`Information published.MSRC.MICROSOFT.COM
9 AprCVE-2026-31789 Heap Buffer Overflow in Hexadecimal ConversionInformation published.MSRC.MICROSOFT.COM
9 AprCVE-2026-28387 Potential Use-after-free in DANE Client CodeInformation published.MSRC.MICROSOFT.COM
9 AprCVE-2026-31790 Incorrect Failure Handling in RSA KEM RSASVE EncapsulationInformation published.MSRC.MICROSOFT.COM
9 AprCVE-2026-28388 NULL Pointer Dereference When Processing a Delta CRLInformation published.MSRC.MICROSOFT.COM
9 AprCVE-2026-34446 ONNX: Arbitrary File Read via ExternalData Hardlink Bypass in ONNX loadInformation published.MSRC.MICROSOFT.COM
9 AprCVE-2026-39316 CUPS has a use-after-free in `cupsdDeleteTemporaryPrinters` via dangling subscription pointerInformation published.MSRC.MICROSOFT.COM
9 AprCVE-2026-35093 Libinput: libinput: unauthorized code execution and information disclosure through lua bytecode pluginsInformation published.MSRC.MICROSOFT.COM
9 AprCVE-2026-34445 ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings.Information published.MSRC.MICROSOFT.COM
9 Apr KEVCISA Issues Warning on Critical Ivanti EPMM Flaw Exploited in Ongoing AttacksThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a critical security flaw in Ivanti Endpoint Manager Mobile (EPMM). The agency recently added the vulnerability, identified as CVE-2026-1340, to its Known Exploited Vulnerabilities (KE…GBHACKERS.COM
9 AprTechnical Details Released for Critical Cisco SSM Command Execution VulnerabilitySecurity researchers have published technical details regarding a highly critical vulnerability in the Cisco Smart Software Manager On-Prem (SSM On-Prem). Tracked as CVE-2026-20160, this flaw carries a near-maximum CVSS score of 9.8. It allows remote, unauthenticated attackers to…GBHACKERS.COM
9 Apr KEVVulnerability-Lookup 4.4.0submitted by cm0002 to cybersecurity 1 points | 0 comments https://github.com/vulnerability-lookup/vulnerability-lookup/releases/tag/v4.4.0 We are pleased to announce the release of Vulnerability-Lookup 4.4.0 ! This release introduces public disclosure list views , enhanced sight…INFOSEC.PUB
9 Apr KEVHackers have been exploiting an unpatched Adobe Reader vulnerability for monthsAdobe Reader vulnerabilities have been exploited for decades by threat actors taking advantage of the universal use of the utility to fool employees into downloading infected PDF documents through phishing lures. Now a security researcher says a Reader hole has been quietly explo…CSOONLINE.COM
9 AprVU#536588: Multiple Heap Buffer Overflows in Orthanc DICOM ServerOverview Multiple vulnerabilities have been identified in Orthanc DICOM Server version, 1.12.10 and earlier, that affect image decoding and HTTP request handling components. These vulnerabilities include heap buffer overflows, out-of-bounds reads, and resource exhaustion vulnerab…KB.CERT.ORG
8 AprClaude Identifies Critical 13-Year-Old RCE Vulnerability in Apache ActiveMQAn AI assistant recently uncovered a critical remote code execution (RCE) vulnerability in Apache ActiveMQ Classic that went unnoticed for 13 years. Tracked as CVE-2026-34197, this flaw allows attackers to force the message broker to download a remote configuration file and execu…GBHACKERS.COM
8 AprCVE-2026-34982 Vim modeline bypass via various options affects Vim < 9.2.0276Information published.MSRC.MICROSOFT.COM
8 AprCVE-2026-35177 Path traversal issue with zip.vim in VimInformation published.MSRC.MICROSOFT.COM
8 AprDocker Authorization Bypass Flaw Exposed Hosts to Potential AttackersA high-severity security vulnerability has been discovered in Docker Engine, exposing hosts to potential authorization bypass attacks. Tracked as CVE-2026-34040, the flaw allows attackers to evade authorization plugins (AuthZ) by manipulating API request bodies. While the base li…GBHACKERS.COM
8 AprMultiple OpenSSL Flaws Expose Sensitive Data in RSA KEM HandlingA newly disclosed flaw in OpenSSL could allow attackers to access sensitive data stored in application memory. Tracked as CVE-2026-31790, this moderate-severity vulnerability affects the handling of RSA Key Encapsulation Mechanism (KEM) RSASVE encapsulation. OpenSSL issued the se…GBHACKERS.COM
8 AprHackers exploit a critical Flowise flaw affecting thousands of AI workflowsThreat actors have found a way to inject arbitrary JavaScript into the Flowise low-code platform for building custom LLM and agentic systems. The code injection was possible due to a design oversight, rated at max-severity, in the platform’s custom MCP node, which acts as a plug-…CSOONLINE.COM
8 AprDocker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Accesssubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2026/04/docker-cve-2026-34040-lets-attackers.htmlSH.ITJUST.WORKS
7 Apr50,000 WordPress Sites Running Ninja Forms Vulnerable to Critical File Upload RCEA severe security flaw has been discovered in the Ninja Forms File Upload plugin, a widely utilized WordPress add-on that allows website administrators to accept documents, images, and other media from their visitors. Tracked officially as CVE-2026-0740, this unauthenticated arbi…GBHACKERS.COM
7 AprFlowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances ExposedThreat actors are exploiting a maximum-severity security flaw in Flowise, an open-source artificial intelligence (AI) platform, according to new findings from VulnCheck. The vulnerability in question is CVE-2025-59528 (CVSS score: 10.0), a code injection vulnerability that c…THEHACKERNEWS.COM
7 AprCVE-2026-34743 XZ Utils: Buffer overflow in lzma_index_append()Information published.MSRC.MICROSOFT.COM
7 AprCVE-2026-31410 ksmbd: use volume UUID in FS_OBJECT_ID_INFORMATIONInformation published.MSRC.MICROSOFT.COM
7 AprCVE-2026-31407 netfilter: conntrack: add missing netlink policy validationsInformation published.MSRC.MICROSOFT.COM
7 AprCVE-2026-3184 Util-linux: util-linux: access control bypass due to improper hostname canonicalizationInformation published.MSRC.MICROSOFT.COM
7 AprCVE-2026-34591 Poetry Has Wheel Path Traversal Which Can Lead to Arbitrary File WriteInformation published.MSRC.MICROSOFT.COM
7 AprCVE-2026-31408 Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_holdInformation published.MSRC.MICROSOFT.COM
7 Apr KEVAttackers Exploit Flowise Injection Vulnerability as 15,000+ Instances Remain ExposedA critical security flaw in Flowise, a popular open-source AI development platform, is currently being exploited in the wild. Tracked as CVE-2025-59528, this code injection vulnerability carries a maximum CVSS score of 10.0. It allows remote attackers to execute malicious code an…GBHACKERS.COM
7 AprDocker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host AccessA high-severity security vulnerability has been disclosed in Docker Engine that could permit an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The vulnerability, tracked as CVE-2026-34040 (CVSS score: 8.8), stems from an incomplete fix&nb…THEHACKERNEWS.COM
7 AprMax severity Flowise RCE vulnerability now exploited in attacksHackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for building custom LLM apps and agentic systems to execute arbitrary code. [...]BLEEPINGCOMPUTER.COM
7 AprFortinet releases emergency hotfix for FortiClient EMS zero-day flawHackers have been exploiting a critical vulnerability in FortiClient Endpoint Management Server (FortiClient EMS) since at least the end of March. Fortinet has published an advisory and released an emergency hotfix that can be applied to affected deployments until a patched versi…CSOONLINE.COM
6 Apr2,000+ FortiClient EMS Instances Exposed Online as Attackers Exploit Active RCE FlawCybersecurity researchers have issued an urgent warning for organizations using Fortinet’s FortiClient Enterprise Management Server (EMS). Over 2,000 instances of this critical administrative tool are currently exposed to the public internet. Threat actors are actively expl…GBHACKERS.COM
6 AprCritical Dgraph Database Flaw Allowed Attackers to Bypass AuthenticationA newly discovered critical vulnerability in the open-source Dgraph database system leaves servers exposed to complete system takeovers. Tracked as CVE-2026-34976 and carrying a maximum CVSS score of 10.0, this missing authorization flaw allows remote, unauthenticated attackers t…GBHACKERS.COM
6 Apr6 ways attackers abuse AI services to hack your businessAttackers are starting to exploit AI systems to mount attacks in the same way they once relied on built-in enterprise tools such as PowerShell. Instead of relying on malware, cybercriminals are increasingly abusing AI tools enterprises depend on — a trend some experts describe as…CSOONLINE.COM
6 AprNew multilingual severity classifiers for vulnerability analysissubmitted by cm0002 to cybersecurity 1 points | 0 comments https://www.vulnerability-lookup.org/2026/04/06/russian-severity-classifier/ 🚀 We’ve just published a new article introducing a Russian-language severity classifier, along with improved English and Chinese models for vuln…INFOSEC.PUB
6 Apr KEVIranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical InfrastructureAdvisory at a Glance Title Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure Original Publication April 7, 2026 Executive Summary Iran-affiliated advanced persistent threat (APT) actors are conducting exploitation activity ta…CISA.GOV
6 AprZDI-26-257: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigne…ZERODAYINITIATIVE.COM
6 AprZDI-26-256: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigne…ZERODAYINITIATIVE.COM
6 AprZDI-26-255: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigne…ZERODAYINITIATIVE.COM
6 AprZDI-26-254: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigne…ZERODAYINITIATIVE.COM
5 Apr KEVFortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMSFortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild. The vulnerability, tracked as CVE-2026-35616 (CVSS score: 9.1), has been described as a pre-authentication API access bypas…THEHACKERNEWS.COM
5 AprCVE-2026-34978 OpenPrinting CUPS: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss (and clobbering of job.cache)Information published.MSRC.MICROSOFT.COM
5 AprCVE-2026-27447 OpenPrinting CUPS: Authorization bypass via case-insensitive group-member lookupInformation published.MSRC.MICROSOFT.COM
5 AprCVE-2026-23473 io_uring/poll: fix multishot recv missing EOF on wakeup raceInformation published.MSRC.MICROSOFT.COM
5 AprCVE-2026-31394 mac80211: fix crash in ieee80211_chan_bw_change for AP_VLAN stationsInformation published.MSRC.MICROSOFT.COM
5 AprCVE-2026-23468 drm/amdgpu: Limit BO list entry count to prevent resource exhaustionInformation published.MSRC.MICROSOFT.COM
5 AprCVE-2026-23442 ipv6: add NULL checks for idev in SRv6 pathsInformation published.MSRC.MICROSOFT.COM
5 AprCVE-2026-27456 util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device SetupInformation published.MSRC.MICROSOFT.COM
5 AprCVE-2026-34979 OpenPrinting CUPS: Heap overflow in `get_options()`Information published.MSRC.MICROSOFT.COM
5 AprCVE-2026-34980 OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the networkInformation published.MSRC.MICROSOFT.COM
5 AprCVE-2026-34990 OpenPrinting CUPS: Local print admin token disclosure using temporary printersInformation published.MSRC.MICROSOFT.COM
5 AprCVE-2026-23472 serial: core: fix infinite loop in handle_tx() for PORT_UNKNOWNInformation published.MSRC.MICROSOFT.COM
5 AprCVE-2026-23444 wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failureInformation published.MSRC.MICROSOFT.COM
5 AprHackers exploit React2Shell in automated credential theft campaignHackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell (CVE-2025-55182) in vulnerable Next.js apps. [...]BLEEPINGCOMPUTER.COM
3 AprHackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal CredentialsA large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and G…THEHACKERNEWS.COM
3 AprAttackers Abuse React2Shell Flaw to Compromise 700+ Next.js HostsA massive automated cyberattack campaign is actively targeting web applications built on the popular Next.js framework to steal highly sensitive information. Cybersecurity researchers at Cisco Talos have uncovered a severe credential harvesting operation tracked as “UAT-106…GBHACKERS.COM
3 AprCVE-2026-34073 cryptography has incomplete DNS name constraint enforcement on peer namesInformation published.MSRC.MICROSOFT.COM
3 Apr14,000+ F5 BIG-IP APM Instances Exposed Online as Attackers Exploit RCE VulnerabilityCybersecurity researchers have identified a massive attack surface involving F5 BIG-IP Access Policy Manager (APM) devices. Following a critical severity upgrade to a recently disclosed flaw, over 17,100 instances are currently exposed to the internet, leaving enterprise networks…GBHACKERS.COM
3 AprCNVD Severity Classification and RMSV Effects: Honest Metrics & Data Leakagesubmitted by cm0002 to cybersecurity 1 points | 0 comments https://www.vulnerability-lookup.org/2026/04/03/cnvd-severity-classifier-improvements/ We recently made significant improvements to our CNVD severity classifier and the underlying Vulnerability-CNVD dataset , prompted by …INFOSEC.PUB
3 AprNew Progress ShareFile Flaws Expose Servers to Unauthorized Remote TakeoverSecurity researchers at watchTowr Labs have disclosed a critical exploit chain in the Progress ShareFile Storage Zone Controller. The vulnerabilities, tracked as CVE-2026-2699 and CVE-2026-2701, enable unauthenticated attackers to achieve Remote Code Execution (RCE) and completel…GBHACKERS.COM
3 AprCERT-EU blames Trivy supply chain attack for Europa.eu data breachThe European Union’s Computer Emergency Response Team, CERT-EU, has traced last week’s theft of data from the Europa.eu platform to the recent supply chain attack on Aqua Security’s Trivy open-source vulnerability scanner. The attack on the AWS cloud infrastructure hosting the Eu…CSOONLINE.COM
3 AprGoogle patches fourth Chrome zero-day so far this yearGoogle has patched another zero-day vulnerability in Chrome, its fourth this year. In patching the vulnerability, tracked as CVE-2026-5281 , the company acknowledged that an exploit for it already exists in the wild. According to the report in NIST’s National Vulnerability Databa…CSOONLINE.COM
3 AprSecurity lapse lets researchers view React2Shell hackers’ dashboardAn apparent security lapse has allowed researchers to peer into the work of a threat group currently exploiting unpatched servers open to the four-month-old React2Shell vulnerability to steal login credentials, keys, and tokens at scale. Researchers from Cisco Systems’ Talos thre…CSOONLINE.COM
2 AprSymantec DLP Agent Flaw Exposed Systems to Privilege Escalation AttacksA high-severity vulnerability in the Symantec Data Loss Prevention (DLP) Agent for Windows could allow low-privileged attackers to take complete control of affected machines. Tracked as CVE-2026-3991, this Local Privilege Escalation (LPE) flaw carries a CVSS score of 7.8. It expo…GBHACKERS.COM
2 AprCisco Warns of Critical IMC Vulnerability Enabling Authentication BypassCisco has published an urgent security advisory for CVE-2026-20093, a critical 9.8-severity authentication bypass vulnerability affecting its Integrated Management Controller (IMC) software. This high-risk flaw enables unauthenticated remote attackers to overwrite administrative …GBHACKERS.COM
2 AprCritical PX4 Autopilot Vulnerability Let Attackers Gain Control of DronesThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert regarding a severe vulnerability in the PX4 Autopilot system. This critical flaw could allow malicious actors to completely take over unmanned aerial vehicles (UAVs) and drones used acros…GBHACKERS.COM
2 AprCisco Smart Software Manager Flaw Allowed Arbitrary Command ExecutionCisco has released a high-priority security advisory regarding a critical vulnerability in its Smart Software Manager On-Prem (SSM On-Prem) platform. The flaw, tracked as CVE-2026-20160, carries a near-maximum CVSS severity score of 9.8 out of 10. If exploited, it enables an unau…GBHACKERS.COM
2 AprCVE-2026-5107 FRRouting FRR EVPN Type-2 Route bgp_evpn.c process_type2_route access controlInformation published.MSRC.MICROSOFT.COM
2 AprCVE-2026-4046 iconv crash due to assertion failure with untrusted inputInformation published.MSRC.MICROSOFT.COM
2 AprCVE-2026-5119 Libsoup: libsoup: information disclosure via cleartext transmission of cookies during https tunnel establishmentInformation published.MSRC.MICROSOFT.COM
2 AprCVE-2026-4897 Polkit: polkit: denial of service via unbounded input processing through standard inputInformation published.MSRC.MICROSOFT.COM
2 AprCVE-2026-29785 NATS Server panic via malicious compression on leafnode portInformation published.MSRC.MICROSOFT.COM
2 AprCVE-2026-4739 Integer overflow vulnerabilities in InsightSoftwareConsortium/ITKInformation published.MSRC.MICROSOFT.COM
2 AprCVE-2026-5201 Gdk-pixbuf: gdk-pixbuf: denial of service via heap-based buffer overflow when processing a specially crafted jpeg imageInformation published.MSRC.MICROSOFT.COM
2 AprCVE-2026-5121 Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processingInformation published.MSRC.MICROSOFT.COM
2 AprCVE-2026-2100 P11-kit: p11-kit: null dereference via c_derivekey with specific null parametersInformation published.MSRC.MICROSOFT.COM
2 AprCVE-2026-4732 Out-of-bounds Read Overflow in tildearrow/furnaceInformation published.MSRC.MICROSOFT.COM
2 AprCVE-2026-2436 Libsoup: libsoup: denial of service via use-after-free in soupserver during tls handshakeInformation published.MSRC.MICROSOFT.COM
2 AprCVE-2026-33216 NATS has MQTT plaintext password disclosureInformation published.MSRC.MICROSOFT.COM
2 AprCVE-2026-32287 Infinite loop in github.com/antchfx/xpathInformation published.MSRC.MICROSOFT.COM
2 Apr KEVCISA Issues Alert on Chrome Zero-Day Under Active ExploitationThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical zero-day vulnerability affecting Google Chrome and other Chromium-based web browsers. Officially tracked as CVE-2026-5281, this security flaw has been added to CISA’…GBHACKERS.COM
2 AprCybersecurity in the age of instant softwareAI is rapidly changing how software is written, deployed, and used. Trends point to a future where AIs can write custom software quickly and easily: “instant software.” Taken to an extreme, it might become easier for a user to have an AI write an application on demand — a spreads…CSOONLINE.COM
2 AprAttempts to Exploit Exposed "Vite" Installs (CVE-2025-30208), (Thu, Apr 2nd)From its GitHub repo: "Vite (French word for "quick", pronounced /vi?t/, like "veet") is a new breed of frontend build tooling that significantly improves the frontend development experience" [ https://github.com/vitejs/vite ].
ISC.SANS.EDU
2 AprCisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System CompromiseCisco has released updates to address a critical security flaw in the Integrated Management Controller (IMC) that, if successfully exploited, could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system with elevated privileges. The&…THEHACKERNEWS.COM
2 AprCisco fixes critical IMC auth bypass present in many productsCisco has released patches for a critical vulnerability in its out-of-band management solution, present in many of its servers and appliances. The flaw allows unauthenticated remote attackers to gain admin access to the Cisco Integrated Management Controller (IMC), which gives ad…CSOONLINE.COM
2 AprCVE-2026-32213 Azure AI Foundry Elevation of Privilege VulnerabilityImproper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
2 AprChromium: CVE-2026-5289 Use after free in NavigationThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
2 AprChromium: CVE-2026-5286 Use after free in DawnThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
2 AprChromium: CVE-2026-5287 Use after free in PDFThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
2 AprChromium: CVE-2026-5285 Use after free in WebGLThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
2 AprChromium: CVE-2026-5284 Use after free in DawnThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
2 AprChromium: CVE-2026-5283 Inappropriate implementation in ANGLEThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
2 AprChromium: CVE-2026-5281 Use after free in DawnThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information. Google is aware that an exploit for CVE-2026-5281 exists in…MSRC.MICROSOFT.COM
2 AprChromium: CVE-2026-5280 Use after free in WebCodecsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
2 AprChromium: CVE-2026-5279 Object corruption in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
2 AprChromium: CVE-2026-5292 Out of bounds read in WebCodecsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
2 AprChromium: CVE-2026-5290 Use after free in CompositingThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
2 AprChromium: CVE-2026-5277 Integer overflow in ANGLEThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
2 AprChromium: CVE-2026-5276 Insufficient policy enforcement in WebUSBThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
2 AprChromium: CVE-2026-5275 Heap buffer overflow in ANGLEThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
2 AprChromium: CVE-2026-5274 Integer overflow in CodecsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
2 AprChromium: CVE-2026-5273 Use after free in CSSThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
2 AprChromium: CVE-2026-5272 Heap buffer overflow in GPUThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
2 AprCVE-2026-32186 Microsoft Bing Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
2 AprCVE-2026-33107 Azure Databricks Elevation of Privilege VulnerabilityServer-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
2 AprCVE-2026-26135 Azure Custom Locations Resource Provider (RP) Elevation of Privilege VulnerabilityServer-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
2 AprCVE-2026-33105 Microsoft Azure Kubernetes Service Elevation of Privilege VulnerabilityImproper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
2 AprCVE-2026-32173 Azure SRE Agent Information Disclosure VulnerabilityImproper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
2 AprCVE-2026-32211 Azure MCP Server Information Disclosure VulnerabilityMissing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
2 AprChromium: CVE-2026-5291 Inappropriate implementation in WebGLThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
2 AprvSphere and BRICKSTORM Malware: A Defender's GuideWritten by: Stuart Carrera Introduction Building on recent BRICKSTORM research from Google Threat Intelligence Group (GTIG), this post explores the evolving threats facing virtualized environments. These operations directly target the VMware vSphere ecosystem, specifically the vC…CLOUD.GOOGLE.COM
2 AprZDI-26-253: Microsoft Visual Studio Code mcp.json Command Injection Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio Code. User interaction is required to exploit this vulnerability in that the target open a malicious project. The ZDI has assigned a CVSS rating of 7.8. The f…ZERODAYINITIATIVE.COM
2 AprZDI-26-252: Mozilla Firefox IonMonkey Switch Statement Optimization Type Confusion Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS ratin…ZERODAYINITIATIVE.COM
2 AprZDI-26-251: Foxit PDF Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation VulnerabilityThis vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating…ZERODAYINITIATIVE.COM
2 AprVU#951662: MuPDF by Artifex contains integer overflow vulnerability.Overview Artifex's MuPDF contains an integer overflow vulnerability, CVE-2026-3308, in versions up to and including 1.27.0. Using a specially crafted PDF, an attacker can trigger an integer overflow resulting in out-of-bounds heap writes. This heap corruption typically causes the…KB.CERT.ORG
1 AprCisco Breached: Source Code Stolen - Cybersecurity TodayCisco Source Code Stolen in Trivy Fallout, Axios Supply Chain Attack, and Active Exploitation of Fortinet and Citrix Flaws David Shipley reports multiple major security incidents: attackers used credentials stolen in the Trivy supply-chain attack via a malicious GitHub action to …CYBERSECURITYTODAY.LIBSYN.COM
1 AprHackers Actively Exploit Critical WebLogic RCE Vulnerabilities in Ongoing AttacksA maximum-severity vulnerability in Oracle WebLogic Server is facing rapid exploitation in the wild. Tracked as CVE-2026-21962, this unauthenticated Remote Code Execution (RCE) flaw carries a maximum CVSS score of 10.0. According to a recent honeypot study, attackers began weapon…GBHACKERS.COM
1 AprTrueConf Vulnerability Under Active Exploitation in Southeast Asia Government AttacksCheck Point Research has discovered a critical zero-day vulnerability in the TrueConf video conferencing client. Tracked as CVE-2026-3502 with a CVSS score of 7.8, this flaw is currently being exploited in targeted attacks against government entities in Southeast Asia. Dubbed …GBHACKERS.COM
1 AprCVE-2025-49010 OpenSC: Stack-buffer-overflow WRITE in GET RESPONSEInformation published.MSRC.MICROSOFT.COM
1 AprCVE-2025-66215 OpenSC: Stack-buffer-overflow WRITE in card-oberthurInformation published.MSRC.MICROSOFT.COM
1 AprCVE-2025-66038 OpenSC: `sc_compacttlv_find_tag` can return out-of-bounds pointersInformation published.MSRC.MICROSOFT.COM
1 AprCVE-2026-4176 Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::ZlibInformation published.MSRC.MICROSOFT.COM
1 AprCVE-2026-34043 Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objectsInformation published.MSRC.MICROSOFT.COM
1 AprCVE-2023-52676 bpf: Guard stack limits against 32bit overflowInformation published.MSRC.MICROSOFT.COM
1 AprCVE-2024-35839 netfilter: bridge: replace physindev with physinif in nf_bridge_infoInformation published.MSRC.MICROSOFT.COM
1 AprPoC Exploit Code Published for nginx-ui Backup Restore Security FlawA critical security flaw in the nginx-ui backup restore mechanism, tracked as CVE-2026-33026, allows attackers to manipulate encrypted backups and execute arbitrary commands. Proof-of-Concept (PoC) exploit code has been publicly released, prompting an urgent need for administrato…GBHACKERS.COM
1 AprCVE-2024-41013 xfs: don't walk off the end of a directory data blockInformation published.MSRC.MICROSOFT.COM
1 AprVim Modeline Vulnerability Opens Door to Arbitrary OS Command ExecutionVim is a widely used, highly configurable text editor, but a recently disclosed flaw highlights the risks associated with its file-parsing features. Tracked as CVE-2026-34982, a high-severity vulnerability allows attackers to execute arbitrary operating system commands simply by …GBHACKERS.COM
1 Apr KEVNew Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch ReleasedGoogle on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild. The high-severity vulnerability, CVE-2026-5281 (CVSS score: N/A), concerns a use-after-free bug in Dawn, a…THEHACKERNEWS.COM
1 AprExploited Zero-Day Among 21 Vulnerabilities Patched in ChromeGoogle has announced fixes for CVE-2026-5281, a zero-day affecting Chrome’s Dawn component. The post Exploited Zero-Day Among 21 Vulnerabilities Patched in Chrome appeared first on SecurityWeek .SECURITYWEEK.COM
1 AprVim and GNU Emacs: Claude Code helpfully found zero-day exploits for bothDevelopers can spend days using fuzzing tools to find security weaknesses in code. Alternatively, they can simply ask an LLM to do the job for them in seconds. The catch: LLMs are evolving so rapidly that this convenience might come with hidden dangers. The latest example is from…CSOONLINE.COM
31 MarAL26-006 - Vulnerability impacting Citrix NetScaler ADC and NetScaler Gateway - CVE-2026-3055CYBER.GC.CA
31 Mar KEVTrueConf Zero-Day Exploited in Attacks on Southeast Asian Government NetworksA high-severity security flaw in the TrueConf client video conferencing software has been exploited in the wild as a zero-day as part of a campaign targeting government entities in Southeast Asia dubbed TrueChaos. The vulnerability in question is CVE-2026-3502 (CVSS score: 7.8), …THEHACKERNEWS.COM
31 MarCVE-2026-33636 LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64Information published.MSRC.MICROSOFT.COM
31 MarCVE-2026-0965 Libssh: libssh: denial of service via improper configuration file handlingInformation published.MSRC.MICROSOFT.COM
31 MarCVE-2026-33750 brace-expansion: Zero-step sequence causes process hang and memory exhaustionInformation published.MSRC.MICROSOFT.COM
31 MarCVE-2026-33938 Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-blockInformation published.MSRC.MICROSOFT.COM
31 MarCVE-2026-33939 Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template CompilationInformation published.MSRC.MICROSOFT.COM
31 MarCVE-2026-33937 Handlebars.js has JavaScript Injection via AST Type ConfusionInformation published.MSRC.MICROSOFT.COM
31 MarCVE-2026-33936 python-ecdsa: Denial of Service via improper DER length validation in crafted private keysInformation published.MSRC.MICROSOFT.COM
31 MarCVE-2026-33416 LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`Information published.MSRC.MICROSOFT.COM
31 MarCVE-2026-25645 Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility functionInformation published.MSRC.MICROSOFT.COM
31 MarCVE-2026-0967 Libssh: libssh: denial of service via inefficient regular expression processingInformation published.MSRC.MICROSOFT.COM
31 MarCVE-2026-0966 Libssh: buffer underflow in ssh_get_hexa() on invalid inputInformation published.MSRC.MICROSOFT.COM
31 MarCVE-2026-0964 Libssh: improper sanitation of paths received from scp serversInformation published.MSRC.MICROSOFT.COM
31 MarCVE-2026-33895 Forge has signature forgery in Ed25519 due to missing S > L checkInformation published.MSRC.MICROSOFT.COM
31 MarCVE-2026-33896 Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)Information published.MSRC.MICROSOFT.COM
31 MarCVE-2026-33891 Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero InputInformation published.MSRC.MICROSOFT.COM
31 MarCVE-2026-33542 Incus does not verify combined fingerprint when downloading images from simplestreams serversInformation published.MSRC.MICROSOFT.COM
31 MarCVE-2026-33941 Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and OptionsInformation published.MSRC.MICROSOFT.COM
31 MarCVE-2026-33916 Handlebars.js has Prototype Pollution Leading to XSS through Partial Template InjectionInformation published.MSRC.MICROSOFT.COM
31 MarCVE-2026-33940 Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partialInformation published.MSRC.MICROSOFT.COM
31 MarChromium: CVE-2026-4676 Use after free in DawnThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
31 MarZDI-26-250: Linux Kernel Analog Device Driver Improper Validation of Array Index Local Privilege Escalation VulnerabilityThis vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of…ZERODAYINITIATIVE.COM
30 Mar KEVCritical Citrix NetScaler memory flaw actively exploited in attacksHackers are exploiting a critical severity vulnerability, tracked as CVE-2026-3055, in Citrix NetScaler ADC and NetScaler Gateway appliances to obtain sensitive data. [...]BLEEPINGCOMPUTER.COM
30 Mar KEVFortinet hit by another exploited cybersecurity flawYet another critical flaw in a Fortinet product has come to light as attackers continue to target the company, this time by actively exploiting a critical SQL injection vulnerability in the cybersecurity company’s management server. The vulnerability, ( CVE-2026-21643 ), allows u…CSOONLINE.COM
30 MarLangChain path traversal bug adds to input validation woes in AI pipelinesSecurity researchers are warning that applications using AI frameworks without proper safeguards can expose sensitive information in basic, yet critical, non-AI ways. According to a recent Cyera analysis, widely used AI orchestration tools, LangChain and LangGraph, are vulnerable…CSOONLINE.COM
30 MarAttackers are exploiting RCE vulnerability in BIG-IP APM systems (CVE-2025-53521) - Help Net Securitysubmitted by kid to cybersecurity 9 points | 0 comments https://www.helpnetsecurity.com/2026/03/28/big-ip-apm-vulnerability-cve-2025-53521-exploited/SH.ITJUST.WORKS
30 MarZDI-26-249: NoMachine Uncontrolled Search Path Element Local Privilege Escalation VulnerabilityThis vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8…ZERODAYINITIATIVE.COM
30 MarZDI-26-248: NoMachine External Control of File Path Local Privilege Escalation VulnerabilityThis vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8…ZERODAYINITIATIVE.COM
30 MarZDI-26-247: NoMachine External Control of File Path Arbitrary File Deletion VulnerabilityThis vulnerability allows local attackers to delete arbitrary files on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of …ZERODAYINITIATIVE.COM
30 MarZDI-26-246: (0Day) aws-mcp-server Command Injection Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2026-5058.ZERODAYINITIATIVE.COM
30 MarZDI-26-245: (0Day) aws-mcp-server AWS CLI Command Injection Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2026-5059.ZERODAYINITIATIVE.COM
30 MarZDI-26-244: (Pwn2Own) QNAP QHora-322 miro_webserver_controllers_api_login_singIn Authentication Bypass VulnerabilityThis vulnerability allows network-adjacent attackers to bypass authentication on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.0. The following CVEs are assigned: CVE-2024-13…ZERODAYINITIATIVE.COM
30 MarZDI-26-243: (Pwn2Own) QNAP TS-453E write_file_to_svr External Control of File Path Remote Code Execution VulnerabilityThis vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-453E devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS …ZERODAYINITIATIVE.COM
30 MarZDI-26-242: (Pwn2Own) QNAP TS-453E server_handlers.pyc rr2s.kwargs Error Message Information Disclosure VulnerabilityThis vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of QNAP TS-453E devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned…ZERODAYINITIATIVE.COM
30 MarZDI-26-241: (Pwn2Own) QNAP QHora-322 qvpn_db_mgr username SQL Injection Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP QHora-322 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating o…ZERODAYINITIATIVE.COM
30 MarZDI-26-240: (Pwn2Own) QNAP QHora-322 qvpn_db_mgr role_type Improper Neutralization of Escape Sequences Authentication Bypass VulnerabilityThis vulnerability allows remote attackers to bypass authentication on affected QNAP QHora-322 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 6.3. The followi…ZERODAYINITIATIVE.COM
30 MarZDI-26-239: (Pwn2Own) QNAP QHora-322 login.newAuthMiddleware.Authenticator Authentication Bypass VulnerabilityThis vulnerability allows remote attackers to bypass authentication on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.6. The following CVEs are assigned: CVE-2025-62844.ZERODAYINITIATIVE.COM
30 MarZDI-26-238: Linux Kernel AoE Driver Use-After-Free Local Privilege Escalation VulnerabilityThis vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of …ZERODAYINITIATIVE.COM
30 MarZDI-26-237: (Pwn2Own) QNAP QHora-322 ip6_wanifset Improper Restriction of Communication Channel to Intended Endpoints Firewall Bypass VulnerabilityThis vulnerability allows network-adjacent attackers to bypass firewall rules on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.3. The following CVEs are assigned: CVE-2025-62…ZERODAYINITIATIVE.COM
30 MarZDI-26-236: Digilent DASYLab DSB File Parsing Out-Of-Bounds Write Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Digilent DASYLab. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rati…ZERODAYINITIATIVE.COM
30 MarZDI-26-235: Digilent DASYLab DSA File Parsing Out-Of-Bounds Write Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Digilent DASYLab. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rati…ZERODAYINITIATIVE.COM
30 MarZDI-26-234: Digilent DASYLab DSA File Parsing Out-Of-Bounds Read Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Digilent DASYLab. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rati…ZERODAYINITIATIVE.COM
30 MarZDI-26-233: Digilent DASYLab DSA File Parsing Out-Of-Bounds Read Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Digilent DASYLab. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rati…ZERODAYINITIATIVE.COM
30 MarZDI-26-232: (Pwn2Own) Red Hat Enterprise Linux vmwgfx Driver Integer Overflow Local Privilege Escalation VulnerabilityThis vulnerability allows local attackers to escalate privileges on affected installations of Red Hat Enterprise Linux. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVS…ZERODAYINITIATIVE.COM
30 MarZDI-26-231: Apple macOS Exposure of Sensitive Information to Unauthorized Sphere Information Disclosure VulnerabilityThis vulnerability allows local attackers to disclose sensitive information on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS …ZERODAYINITIATIVE.COM
30 MarZDI-26-230: Apple macOS CoreMedia Framework Out-Of-Bounds Write Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of…ZERODAYINITIATIVE.COM
30 MarZDI-26-229: OpenClaw Client PKCE Verifier Information Disclosure VulnerabilityThis vulnerability allows remote attackers to disclose stored credentials on affected installations of OpenClaw. User interaction is required to exploit this vulnerability in that the target must initiate an OAuth authorization flow. The ZDI has assigned a CVSS rating of 5.3. The…ZERODAYINITIATIVE.COM
30 MarZDI-26-228: OpenClaw Canvas Authentication Bypass VulnerabilityThis vulnerability allows remote attackers to bypass authentication on affected installations of OpenClaw. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.4. The following CVEs are assigned: CVE-2026-3690.ZERODAYINITIATIVE.COM
30 MarZDI-26-227: OpenClaw Canvas Path Traversal Information Disclosure VulnerabilityThis vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenClaw. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2026-3689.ZERODAYINITIATIVE.COM
30 MarVU#221883: CrewAI contains multiple vulnerabilities including SSRF, RCE and local file readOverview Four vulnerabilities have been identified in CrewAI, including remote code execution (RCE), arbitrary local file read, and server-side request forgery (SSRF). CVE-2026-2275 is directly caused by the Code Interpreter Tool. The other three vulnerabilities result from impro…KB.CERT.ORG
29 MarCVE-2026-3104 Memory leak in code preparing DNSSEC proofs of non-existenceInformation published.MSRC.MICROSOFT.COM
29 MarCVE-2026-3591 A stack use-after-return flaw in SIG(0) handling code may enable ACL bypassInformation published.MSRC.MICROSOFT.COM
29 MarCVE-2026-23399 nf_tables: nft_dynset: fix possible stateful expression memleak in error pathInformation published.MSRC.MICROSOFT.COM
29 MarCVE-2026-1519 Excessive NSEC3 iterations cause high CPU load during insecure delegation validationInformation published.MSRC.MICROSOFT.COM
29 MarCVE-2026-32241 Flannel vulnerable to cross-node remote code execution via extension backend BackendData injectionInformation published.MSRC.MICROSOFT.COM
29 MarCVE-2026-3119 Authenticated query containing a TKEY record may cause named to terminate unexpectedlyInformation published.MSRC.MICROSOFT.COM
29 MarCVE-2026-33671 Picomatch has a ReDoS vulnerability via extglob quantifiersInformation published.MSRC.MICROSOFT.COM
29 MarCVE-2026-33672 Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob MatchingInformation published.MSRC.MICROSOFT.COM
29 MarCVE-2026-4833 Orc discount Markdown markdown.c compile recursionInformation published.MSRC.MICROSOFT.COM
28 MarCVE-2026-33343 etcd: Nested etcd transactions bypass RBAC authorization checksInformation published.MSRC.MICROSOFT.COM
28 MarCVE-2026-33413 etcd: Authorization bypasses in multiple APIsInformation published.MSRC.MICROSOFT.COM
28 MarCitrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread BugA recently disclosed critical security flaw impacting Citrix NetScaler ADC and NetScaler Gateway is witnessing active reconnaissance activity, according to Defused Cyber and watchTowr. The vulnerability, CVE-2026-3055 (CVSS score: 9.3), refers to a case of insufficient input vali…THEHACKERNEWS.COM
27 MarISC Issues Critical Warning Over Kea DHCP Vulnerability That Could Remotely Crash ServicesThe Internet Systems Consortium (ISC) has released a critical security advisory addressing a high-severity vulnerability in its Kea DHCP server software. Kea is a modern, high-performance DHCP server widely used by enterprise networks and internet service providers to manag…GBHACKERS.COM
27 MarWindows Error Reporting Vulnerability Exposes Systems to Privilege Escalation, Allowing SYSTEM AccessMicrosoft recently patched a severe Elevation of Privilege (EoP) vulnerability in the Windows Error Reporting (WER) service, officially tracked as CVE-2026-20817. This flaw allows a local attacker with standard user rights to escalate to SYSTEM privileges by exploiting improper p…GBHACKERS.COM
27 MarCVE-2026-28753 NGINX ngx_mail_proxy_module vulnerabilityInformation published.MSRC.MICROSOFT.COM
27 MarCVE-2026-32647 NGINX ngx_http_mp4_module vulnerabilityInformation published.MSRC.MICROSOFT.COM
27 MarCVE-2026-23398 icmp: fix NULL pointer dereference in icmp_tag_validation()Information published.MSRC.MICROSOFT.COM
27 MarCVE-2026-23396 wifi: mac80211: fix NULL deref in mesh_matches_local()Information published.MSRC.MICROSOFT.COM
27 MarCVE-2026-4645 Github.com/antchfx/xpath: xpath: denial of service via crafted boolean xpath expressionsInformation published.MSRC.MICROSOFT.COM
27 MarCVE-2026-33526 Squid vulnerable to Denial of Service in ICP Request handlingInformation published.MSRC.MICROSOFT.COM
27 MarCVE-2026-33515 Squid has issues in ICP message handlingInformation published.MSRC.MICROSOFT.COM
27 MarCVE-2026-32748 Squid has Denial of Service in ICP Response handlingInformation published.MSRC.MICROSOFT.COM
27 MarCVE-2026-27651 NGINX ngx_mail_auth_http_module vulnerabilityInformation published.MSRC.MICROSOFT.COM
27 MarCVE-2026-27654 NGINX ngx_http_dav_module vulnerabilityInformation published.MSRC.MICROSOFT.COM
27 MarCVE-2026-27784 NGINX ngx_http_mp4_module vulnerabilityInformation published.MSRC.MICROSOFT.COM
27 MarCVE-2026-28755 NGINX ngx_stream_ssl_module vulnerabilityInformation published.MSRC.MICROSOFT.COM
27 MarCVE-2026-23397 nfnetlink_osf: validate individual option lengths in fingerprintsInformation published.MSRC.MICROSOFT.COM
27 MarCVE-2026-4647 Binutils: out-of-bounds read in xcoff relocation processing in gnu binutils bfd libraryInformation published.MSRC.MICROSOFT.COM
27 MarCVE-2026-4746 Heap Buffer Over-Write Vulenrabilty in timeplus-io/protonInformation published.MSRC.MICROSOFT.COM
27 MarCVE-2026-4775 Libtiff: libtiff: arbitrary code execution or denial of service via signed integer overflow in tiff file processingInformation published.MSRC.MICROSOFT.COM
27 MarCVE-2026-23068 spi: spi-sprd-adi: Fix double free in probe error pathInformation published.MSRC.MICROSOFT.COM
27 MarCVE-2025-71183 btrfs: always detect conflicting inodes when logging inode refsInformation published.MSRC.MICROSOFT.COM
27 MarCVE-2025-71184 btrfs: fix NULL dereference on root when tracing inode evictionInformation published.MSRC.MICROSOFT.COM
27 MarCVE-2026-23004 dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list()Information published.MSRC.MICROSOFT.COM
27 MarCISA Flags Critical PTC Vulnerability That Had German Police MobilizedPolice in Germany physically warned organizations about the critical PTC Windchill vulnerability tracked as CVE-2026-4681. The post CISA Flags Critical PTC Vulnerability That Had German Police Mobilized appeared first on SecurityWeek .SECURITYWEEK.COM
27 Mar KEVAttackers exploit critical Langflow RCE within hours as CISA sounds alarmAttackers have exploited a critical Langflow RCE within hours of disclosure, prompting the US Cybersecurity and Infrastructure Security Agency (CISA) to formally flag it for urgent remediation. The flaw, which allows running arbitrary code on vulnerable Langflow instances without…CSOONLINE.COM
27 MarRapid Exploitation of CVE-2026-21962 Hits Oracle WebLogic - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/critical-oracle-weblogic-rce/SH.ITJUST.WORKS
27 MarChromium: CVE-2026-4673 Heap buffer overflow in WebAudioThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
27 MarChromium: CVE-2026-4680 Use after free in FedCMThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
27 MarChromium: CVE-2026-4677 Out of bounds read in WebAudioThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
27 MarChromium: CVE-2026-4675 Heap buffer overflow in WebGLThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
27 MarChromium: CVE-2026-4679 Integer overflow in FontsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
27 MarChromium: CVE-2026-4674 Out of bounds read in CSSThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
27 MarChromium: CVE-2026-4442 Heap buffer overflow in CSSThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
27 MarCVE-2026-32187 Microsoft Edge (Chromium-based) Defense in Depth VulnerabilityInformation published.MSRC.MICROSOFT.COM
26 MarCisco Secure Firewall Vulnerability Exposes Systems to Remote Code Execution by AttackersCisco has released critical security updates to address a maximum-severity vulnerability affecting its Secure Firewall Management Center (FMC) Software. Tracked under the identifier CVE-2026-20131, this flaw carries a perfect CVSS base score of 10.0 and allows unauthenticated, re…GBHACKERS.COM
26 MarMicrosoft Unveils New Guidance to Detect and Defend Against Trivy Supply Chain AttackAqua Security’s vulnerability scanner, Trivy, suffered a sophisticated CI/CD supply chain compromise. The threat actor, identified as TeamPCP, leveraged prior incomplete remediation to inject credential-stealing malware into official releases. This incident, tracked as CVE-2026-3…GBHACKERS.COM
26 MarCVE-2026-2297 SourcelessFileLoader does not use io.open_code()Information published.MSRC.MICROSOFT.COM
26 MarCVE-2025-66413 Git for Windows leaks NTLM hash when cloning from an attacker-controlled serverInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-29111 systemd: Local unprivileged user can trigger an assertInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23382 HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing themInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23391 netfilter: xt_CT: drop pending enqueued packets on template removalInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23377 ice: change XDP RxQ frag_size from DMA write length to xdp.frame_szInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23359 bpf: Fix stack-out-of-bounds write in devmapInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23325 wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211()Information published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23313 i40e: Fix preempt count leak in napi poll tracepointInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23306 scsi: pm8001: Fix use-after-free in pm8001_queue_command()Information published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23383 bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearingInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23307 can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a messageInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23348 cxl: Fix race of nvdimm_bus object when creating nvdimm objectsInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23378 net/sched: act_ife: Fix metalist update behaviorInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23352 x86/efi: defer freeing of boot services memoryInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23298 can: ucan: Fix infinite loop from zero-length messagesInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23371 sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boostingInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23340 net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscsInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23351 netfilter: nft_set_pipapo: split gc into unlink and reclaim phaseInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23319 bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shimInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23300 net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthopInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23293 net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabledInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23343 xdp: produce a warning when calculated tailroom is negativeInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23389 ice: Fix memory leak in ice_set_ringparam()Information published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23324 can: usb: etas_es58x: correctly anchor the urb in the read bulk callbackInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23365 net: usb: kalmia: validate USB endpointsInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23284 net: ethernet: mtk_eth_soc: Reset prog ptr to old_prog in case of error in mtk_xdp_setup()Information published.MSRC.MICROSOFT.COM
26 MarCVE-2026-33186 gRPC-Go has an authorization bypass via missing leading slash in :pathInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-33412 Vim affected by Command injection via newline in glob()Information published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23370 platform/x86: dell-wmi-sysman: Don't hex dump plaintext password dataInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23333 netfilter: nft_set_rbtree: validate open interval overlapInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23372 nfc: rawsock: cancel tx_work before socket teardownInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23315 wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211()Information published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23312 net: usb: kaweth: validate USB endpointsInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23330 nfc: nci: complete pending data exchange on device closeInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23361 PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entryInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23285 drbd: fix null-pointer dereference on local read errorInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23296 scsi: core: Fix refcount leak for tagset_refcntInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23392 netfilter: nf_tables: release flowtable after rcu grace period on errorInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23318 ALSA: usb-audio: Use correct version for UAC3 header validationInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23388 Squashfs: check metadata block offset is within rangeInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23286 atm: lec: fix null-ptr-deref in lec_arp_clear_vccsInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23368 net: phy: register phy led_triggers during probe to avoid AB-BA deadlockInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23390 tracing/dma: Cap dma_map_sg tracepoint arrays to prevent buffer overflowInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23292 scsi: target: Fix recursive locking in __configfs_open_file()Information published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23346 arm64: io: Extract user memory type in ioremap_prot()Information published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23334 can: usb: f81604: handle short interrupt urb messages properlyInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23303 smb: client: Don't log plaintext credentials in cifs_set_cifscredsInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23304 ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu()Information published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23320 usb: gadget: f_ncm: align net_device lifecycle with bind/unbindInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23290 net: usb: pegasus: validate USB endpointsInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23339 nfc: nci: free skb on nci_transceive early error pathsInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23335 RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()Information published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23302 net: annotate data-races around sk->sk_{data_ready,write_space}Information published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23386 gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPLInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23308 pinctrl: equilibrium: fix warning trace on loadInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23291 nfc: pn533: properly drop the usb interface reference on disconnectInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23357 can: mcp251x: fix deadlock in error path of mcp251x_openInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23287 irqchip/sifive-plic: Fix frozen interrupt due to affinity settingInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23336 wifi: cfg80211: cancel rfkill_block work in wiphy_unregister()Information published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23281 wifi: libertas: fix use-after-free in lbs_free_adapter()Information published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23381 net: bridge: fix nd_tbl NULL dereference when IPv6 is disabledInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23395 Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23374 blktrace: fix __this_cpu_read/write in preemptible contextInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23289 IB/mthca: Add missed mthca_unmap_user_db() for mthca_create_srq()Information published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23317 drm/vmwgfx: Return the correct value in vmw_translate_ptr functionsInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23347 can: usb: f81604: correctly anchor the urb in the read bulk callbackInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23310 bpf/bonding: reject vlan+srcmac xmit_hash_policy change when XDP is loadedInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23356 drbd: fix "LOGIC BUG" in drbd_al_begin_io_nonblock()Information published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23327 cxl/mbox: validate payload size before accessing contents in cxl_payload_from_user_allowed()Information published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23367 wifi: radiotap: reject radiotap with unknown bitsInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23279 wifi: mac80211: fix NULL pointer dereference in mesh_rx_csa_frame()Information published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23379 net/sched: ets: fix divide by zero in the offload pathInformation published.MSRC.MICROSOFT.COM
26 MarCVE-2026-23393 bridge: cfm: Fix race condition in peer_mep deletionInformation published.MSRC.MICROSOFT.COM
26 MarIDrive for Windows Vulnerability Allows Attackers to Escalate Privileges and Gain Unauthorized AccessA critical security flaw has been identified in the IDrive Cloud Backup Client for Windows, exposing users to local privilege escalation attacks. Tracked as CVE-2026-1995, this vulnerability allows authenticated, low-privilege attackers to execute arbitrary code with the highest …GBHACKERS.COM
26 Mar KEVCISA Issues Urgent Warning on Langflow Code Injection Vulnerability Actively Exploited in AttacksThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical code-injection vulnerability in Langflow. Tracked as CVE-2026-33017, this severe security flaw has been officially added to CISA’s Known Exploited Vulnerabilities (KEV)…GBHACKERS.COM
26 Mar KEVCISA: New Langflow flaw actively exploited to hijack AI workflowsThe Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical vulnerability identified as CVE-2026-33017, which affects the Langflow framework for building AI agents. [...]BLEEPINGCOMPUTER.COM
26 MarCoruna: the framework used in Operation TriangulationKaspersky GReAT experts look into the Coruna exploit kit targeting iPhones. We discovered that the kernel exploit for CVE-2023-32434 and CVE-2023-38606 is an updated version of the Operation Triangulation exploit.SECURELIST.COM
25 MarCVE-2026-4426 Libarchive: libarchive: denial of service via malformed iso file processingInformation published.MSRC.MICROSOFT.COM
25 MarCVE-2026-4395 Heap-based buffer overflow in wc_ecc_import_x963_ex KCAPI pathInformation published.MSRC.MICROSOFT.COM
25 MarCVE-2026-1005 Integer underflow leads to out-of-bounds access in sniffer AES-GCM/CCM/ARIA-GCM decrypt pathInformation published.MSRC.MICROSOFT.COM
25 MarCVE-2026-25075 strongSwan 4.5.0 < 6.0.5 EAP-TTLS AVP Parsing Integer UnderflowInformation published.MSRC.MICROSOFT.COM
25 MarCVE-2026-33056 tar-rs: unpack_in can chmod arbitrary directories by following symlinksInformation published.MSRC.MICROSOFT.COM
25 MarCVE-2026-33055 tar-rs incorrectly ignores PAX size headers if header size is nonzeroInformation published.MSRC.MICROSOFT.COM
25 MarCVE-2026-4424 Libarchive: libarchive: information disclosure via heap out-of-bounds read in rar archive processingInformation published.MSRC.MICROSOFT.COM
25 MarCVE-2026-3099 Libsoup: libsoup: authentication bypass via digest authentication replay attackInformation published.MSRC.MICROSOFT.COM
25 MarCVE-2026-2369 Libsoup: libsoup: buffer overread due to integer underflow when handling zero-length resourcesInformation published.MSRC.MICROSOFT.COM
25 MarCVE-2026-0819 Stack buffer overflow in PKCS7 SignedData encoding with custom signed attributesInformation published.MSRC.MICROSOFT.COM
25 MarCVE-2026-4159 wc_PKCS7_DecodeEnvelopedData 1 byte out-of-bounds readInformation published.MSRC.MICROSOFT.COM
25 MarCVE-2026-3580 Compiler-induced timing leak in sp_256_get_entry_256_9 on RISC-VInformation published.MSRC.MICROSOFT.COM
25 MarCVE-2026-3849 Buffer Overflow in HPKE via Oversized ECH ConfigInformation published.MSRC.MICROSOFT.COM
25 MarCVE-2026-3579 Non-constant time multiplication subroutine __muldi3 on RISC-V RV32IInformation published.MSRC.MICROSOFT.COM
25 MarCVE-2026-3229 Integer Overflow in Certificate Chain AllocationInformation published.MSRC.MICROSOFT.COM
25 MarCVE-2026-3230 Improper key_share validation in TLS 1.3 HelloRetryRequestInformation published.MSRC.MICROSOFT.COM
25 MarCVE-2026-3503 Fault injection attack with ML-DSA and ML-KEM on ARMInformation published.MSRC.MICROSOFT.COM
25 MarCVE-2026-3548 Buffer overflow in CRL number parsing in wolfSSLInformation published.MSRC.MICROSOFT.COM
25 MarCVE-2026-2645 Acceptance of CertificateVerify Message before ClientKeyExchange in TLS 1.2Information published.MSRC.MICROSOFT.COM
25 MarCVE-2026-3547 wolfSSL: out-of-bounds read (DoS) in ALPN parsing due to incomplete validationInformation published.MSRC.MICROSOFT.COM
25 MarCVE-2026-2646 Heap buffer overflow in session parsing with wolfSSL_d2i_SSL_SESSION() functionInformation published.MSRC.MICROSOFT.COM
25 MarCVE-2026-32141 flatted: Unbounded recursion DoS in parse() revive phaseInformation published.MSRC.MICROSOFT.COM
25 MarCVE-2026-33228 flatted: Prototype Pollution via parse()Information published.MSRC.MICROSOFT.COM
25 MarCVE-2025-13462 tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handlingInformation published.MSRC.MICROSOFT.COM
25 MarCVE-2026-4519 webbrowser.open() allows leading dashes in URLsInformation published.MSRC.MICROSOFT.COM
25 MarCVE-2026-2443 Libsoup: out-of-bounds read in libsoup handle_partial_get() leading to heap information disclosureInformation published.MSRC.MICROSOFT.COM
25 MarCVE-2026-27623 Valkey has Pre-Authentication DOS from malformed RESP requestInformation published.MSRC.MICROSOFT.COM
25 MarCVE-2026-0716 Libsoup: out-of-bounds read in libsoup websocket frame processingInformation published.MSRC.MICROSOFT.COM
25 MarF5 NGINX Plus & Open‑Source Flaw Lets Attackers Execute Code via MP4 FileF5 has disclosed a high-severity vulnerability (CVE-2026-32647) in the NGINX ngx_http_mp4_module that allows attackers execute arbitrary code or cause a denial-of-service (DoS) using crafted MP4 files. This flaw impacts NGINX Plus and NGINX Open Source deployments where the MP4 s…GBHACKERS.COM
25 MarGoHarbor Issues Urgent Patch for Harbor Flaw Allowing Full Registry CompromiseA critical security flaw in GoHarbor’s Harbor container registry exposes organizations to severe supply chain attacks. Tracked as CVE-2026-4404, this vulnerability stems from hardcoded default credentials that remain active unless manually altered by an administrator. Harbo…GBHACKERS.COM
25 MarChained vulnerabilities in Cisco Catalyst switches could induce denial-of-serviceCisco’s widely deployed Catalyst 9300 Series enterprise switches have four security vulnerabilities, two of which could be chained to cause a denial-of-service outage, infrastructure security company Opswat has revealed. The two most operationally significant are CVE-2026-20114 a…CSOONLINE.COM
25 MarNew critical Citrix NetScaler hole of similar severity to CitrixBleed2, says expertA new critical vulnerability that is similar to the widely-exploited CitrixBleed and CitrixBleed2 holes should be patched in NetScaler devices immediately, say experts. The hole, CVE-2026-3055 , is an out-of-bounds read vulnerability in customer-managed NetScaler ADC and NetScale…CSOONLINE.COM
25 MarSecurity for AI: A guide to managing the risks of vibe coding and AI in software developmentGet a template for an AI coding acceptable use policy with security controls and a list of 25 security questions to ask software developers and “citizen developers” about their AI use. Mitigate the security risks of vibe coding and using AI in software development with Tenable On…TENABLE.COM
24 MarCritical NetScaler ADC and Gateway Flaws Expose Systems to Remote AttacksCloud Software Group has published a critical security bulletin addressing two significant vulnerabilities in customer-managed NetScaler ADC and NetScaler Gateway deployments. These flaws, tracked as CVE-2026-3055 and CVE-2026-4368, could allow attackers to extract sensitive data…GBHACKERS.COM
24 MarCitrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data LeaksCitrix has released security updates to address two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical flaw that could be exploited to leak sensitive data from the application. The vulnerabilities are listed below - CVE-2026-3055 (CVSS score: 9.3) - Insu…THEHACKERNEWS.COM
24 MarVU#330121: IDrive for Windows contains local privilege escalation vulnerabilityOverview The IDrive Cloud Backup Client for Windows, versions 7.0.0.63 and earlier, contains a privilege escalation vulnerability that allows any authenticated user to run arbitrary executables with NT AUTHORITY\SYSTEM permissions. Description IDrive is a cloud backup service tha…KB.CERT.ORG
23 MarAL26-005 – Critical vulnerability impacting Microsoft SharePoint Server – CVE-2026-20963CYBER.GC.CA
23 Mar KEVOracle Releases Emergency Patch for Critical Identity Manager VulnerabilityCVE-2026-21992 can be used without authentication for remote code execution and it may have been exploited in the wild. The post Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
23 MarHackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA SystemsThreat actors are suspected to be exploiting a maximum-severity security flaw impacting Quest KACE Systems Management Appliance (SMA), according to Arctic Wolf. The cybersecurity company said it observed malicious activity starting the week of March 9, 2026, in customer environme…THEHACKERNEWS.COM
23 MarChromium: CVE-2026-4464 Integer overflow in ANGLEThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
23 MarChromium: CVE-2026-4463 Heap buffer overflow in WebRTCThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
23 MarChromium: CVE-2026-4462 Out of bounds read in BlinkThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
23 MarChromium: CVE-2026-4461 Inappropriate implementation in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
23 MarChromium: CVE-2026-4456 Use after free in Digital Credentials APIThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
23 MarChromium: CVE-2026-4460 Out of bounds read in SkiaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
23 MarChromium: CVE-2026-4457 Type Confusion in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
23 MarChromium: CVE-2026-4446 Use after free in WebRTCThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
23 MarChromium: CVE-2026-4449 Use after free in BlinkThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
23 MarChromium: CVE-2026-4445 Use after free in WebRTCThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
23 MarChromium: CVE-2026-4451 Insufficient validation of untrusted input in NavigationThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
23 MarChromium: CVE-2026-4447 Inappropriate implementation in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
23 MarChromium: CVE-2026-4444 Stack buffer overflow in WebRTCThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
23 MarChromium: CVE-2026-4455 Heap buffer overflow in PDFiumThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
23 MarChromium: CVE-2026-4452 Integer overflow in ANGLEThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
23 MarChromium: CVE-2026-4443 Heap buffer overflow in WebAudioThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
23 MarChromium: CVE-2026-4448 Heap buffer overflow in ANGLEThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
23 MarChromium: CVE-2026-4441 Use after free in BaseThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
23 MarCVE-2026-4438 gethostbyaddr and gethostbyaddr_r return invalid DNS hostnamesInformation published.MSRC.MICROSOFT.COM
23 MarChromium: CVE-2026-4454 Use after free in NetworkThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
23 MarChromium: CVE-2026-4450 Out of bounds write in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
23 MarCVE-2026-4437 gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS responseInformation published.MSRC.MICROSOFT.COM
23 MarChromium: CVE-2026-4458 Use after free in ExtensionsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
23 MarChromium: CVE-2026-4440 Out of bounds read and write in WebGLThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
23 MarHackers Exploit Quest KACE SMA Flaw to Harvest CredentialsSecurity Researchers have detected active exploitation targeting unpatched Quest KACE Systems Management Appliance (SMA) instances. Starting the week of March 9, 2026, threat actors began leveraging a critical authentication bypass vulnerability, identified as CVE-2025-32975, to …GBHACKERS.COM
23 Mar KEVCISA Warns of Craft CMS Code Injection Flaw Exploited in Active AttacksThe Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting Craft CMS to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2025-32432, this code injection flaw is currently being exploited in active attacks a…GBHACKERS.COM
23 MarCritical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosuresubmitted by kid to cybersecurity 5 points | 0 comments https://thehackernews.com/2026/03/critical-langflow-flaw-cve-2026-33017.htmlSH.ITJUST.WORKS
23 MarZDI-26-225: (Pwn2Own) Samsung Galaxy S25 Samsung Account Open Redirect Security Bypass VulnerabilityThis vulnerability allows remote attackers to bypass security on affected installations of Samsung Galaxy S25. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.6. The following CVEs are assigned: CVE-2025-58487.ZERODAYINITIATIVE.COM
23 MarZDI-26-224: (Pwn2Own) Samsung Galaxy S25 Samsung Account Cross-Site Scripting Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary script on affected installations of Samsung Galaxy S25. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.3. The following CVEs are assigned: CVE-2025-58486.ZERODAYINITIATIVE.COM
23 MarZDI-26-223: (Pwn2Own) Samsung Galaxy S25 Smart Touch Call Application Protection Mechanism Failure Information Disclosure VulnerabilityThis vulnerability allows remote attackers to disclose sensitive information on affected installations of Samsung Galaxy S25. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a…ZERODAYINITIATIVE.COM
23 MarZDI-26-222: (Pwn2Own) Canon imageCLASS MF654Cdw BJNP Memory Corruption Remote Code Execution VulnerabilityThis vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF654Cdw printers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned…ZERODAYINITIATIVE.COM
21 MarCritical Quest KACE Vulnerability Potentially Exploited in AttacksThe vulnerability is tracked as CVE-2025-32975 and it may have been exploited in attacks against the education sector. The post Critical Quest KACE Vulnerability Potentially Exploited in Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
21 MarOracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity ManagerOracle has released security updates to address a critical security flaw impacting Identity Manager and Web Services Manager that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-2026-21992, carries a CVSS score of 9.8 out of a maximum of 10.…THEHACKERNEWS.COM
21 Mar KEVCISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws impacting Apple, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to patch them by April 3, 2026. The vulnerabilities …THEHACKERNEWS.COM
21 MarCVE-2026-23204 net/sched: cls_u32: use skb_header_pointer_careful()Information published.MSRC.MICROSOFT.COM
21 MarCVE-2026-23274 netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labelsInformation published.MSRC.MICROSOFT.COM
21 MarCVE-2026-23278 netfilter: nf_tables: always walk all pending catchall elementsInformation published.MSRC.MICROSOFT.COM
21 MarCVE-2026-23272 netfilter: nf_tables: unconditionally bump set->nelems before insertionInformation published.MSRC.MICROSOFT.COM
21 MarCVE-2026-23276 net: add xmit recursion limit to tunnel xmit functionsInformation published.MSRC.MICROSOFT.COM
21 MarCVE-2026-3634 Libsoup: libsoup: http header injection and response splitting via crlf injection in content-type headerInformation published.MSRC.MICROSOFT.COM
21 MarCVE-2026-3632 Libsoup: libsoup: http smuggling and server-side request forgery via malformed hostnamesInformation published.MSRC.MICROSOFT.COM
21 MarCVE-2026-3479 pkgutil.get_data() does not enforce documented restrictionsInformation published.MSRC.MICROSOFT.COM
21 MarCVE-2026-27135 nghttp2 Denial of service: Assertion failure due to the missing state validationInformation published.MSRC.MICROSOFT.COM
21 MarCVE-2026-23277 net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmitInformation published.MSRC.MICROSOFT.COM
21 MarCVE-2026-23271 perf: Fix __perf_event_overflow() vs perf_remove_from_context() raceInformation published.MSRC.MICROSOFT.COM
21 MarCVE-2026-32766 astral-tokio-tar insufficiently validates PAX extensions during extractionInformation published.MSRC.MICROSOFT.COM
21 MarCVE-2026-3633 Libsoup: libsoup: header and http request injection via crlf injectionInformation published.MSRC.MICROSOFT.COM
21 MarCVE-2026-30922 pyasn1 Vulnerable to Denial of Service via Unbounded RecursionInformation published.MSRC.MICROSOFT.COM
20 MarOracle pushes emergency fix for critical Identity Manager RCE flawOracle has released an out-of-band security update to fix a critical unauthenticated remote code execution vulnerability in Identity Manager and Web Services Manager tracked as CVE-2026-21992. [...]BLEEPINGCOMPUTER.COM
20 MarCISA orders feds to patch max-severity Cisco flaw by SundayThe Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity vulnerability, CVE-2026-20131, in Cisco Secure Firewall Management Center (FMC) by Sunday, March 22. [...]BLEEPINGCOMPUTER.COM
20 MarCritical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of DisclosureA critical security flaw impacting Langflow has come under active exploitation within 20 hours of public disclosure, highlighting the speed at which threat actors weaponize newly published vulnerabilities. The security defect, tracked as CVE-2026-33017 (CVSS score: 9.3), is a cas…THEHACKERNEWS.COM
20 MarCVE-2026-23214 btrfs: reject new transactions if the fs is fully read-onlyInformation published.MSRC.MICROSOFT.COM
20 MarCVE-2026-23221 bus: fsl-mc: fix use-after-free in driver_override_show()Information published.MSRC.MICROSOFT.COM
20 MarCVE-2025-71221 dmaengine: mmp_pdma: Fix race condition in mmp_pdma_residue()Information published.MSRC.MICROSOFT.COM
20 MarCVE-2026-23110 scsi: core: Wake up the error handler when final completions race against each otherInformation published.MSRC.MICROSOFT.COM
20 MarCVE-2026-23171 bonding: fix use-after-free due to enslave fail after slave array updateInformation published.MSRC.MICROSOFT.COM
20 MarCVE-2026-23213 drm/amd/pm: Disable MMIO access during SMU Mode 1 resetInformation published.MSRC.MICROSOFT.COM
20 MarCVE-2025-71225 md: suspend array while updating raid_disks via sysfsInformation published.MSRC.MICROSOFT.COM
20 MarCVE-2025-71227 wifi: mac80211: don't WARN for connections on invalid channelsInformation published.MSRC.MICROSOFT.COM
20 MarCVE-2025-71233 PCI: endpoint: Avoid creating sub-groups asynchronouslyInformation published.MSRC.MICROSOFT.COM
20 MarCVE-2025-71236 scsi: qla2xxx: Validate sp before freeing associated memoryInformation published.MSRC.MICROSOFT.COM
20 MarCVE-2026-23227 drm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to memory alloc/freeInformation published.MSRC.MICROSOFT.COM
20 MarCVE-2026-23207 spi: tegra210-quad: Protect curr_xfer check in IRQ handlerInformation published.MSRC.MICROSOFT.COM
20 MarCVE-2026-23113 io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loopInformation published.MSRC.MICROSOFT.COM
20 MarCVE-2026-23118 rxrpc: Fix data-race warning and potential load/store tearingInformation published.MSRC.MICROSOFT.COM
20 MarCVE-2026-23126 netdevsim: fix a race issue related to the operation on bpf_bound_progs listInformation published.MSRC.MICROSOFT.COM
20 MarCVE-2026-23154 net: fix segmentation of forwarding fraglist GROInformation published.MSRC.MICROSOFT.COM
20 MarCVE-2026-23157 btrfs: do not strictly require dirty metadata threshold for metadata writepagesInformation published.MSRC.MICROSOFT.COM
20 MarCVE-2026-23169 mptcp: fix race in mptcp_pm_nl_flush_addrs_doit()Information published.MSRC.MICROSOFT.COM
20 MarCVE-2026-23191 ALSA: aloop: Fix racy access at PCM triggerInformation published.MSRC.MICROSOFT.COM
20 MarCVE-2026-23208 ALSA: usb-audio: Prevent excessive number of framesInformation published.MSRC.MICROSOFT.COM
20 MarCVE-2026-23269 apparmor: validate DFA start states are in bounds in unpack_pdbInformation published.MSRC.MICROSOFT.COM
20 MarCVE-2026-23259 io_uring/rw: free potentially allocated iovec on cache put failureInformation published.MSRC.MICROSOFT.COM
20 MarCVE-2026-23268 apparmor: fix unprivileged local user can do privileged policy managementInformation published.MSRC.MICROSOFT.COM
20 MarCVE-2026-23266 fbdev: rivafb: fix divide error in nv3_arb()Information published.MSRC.MICROSOFT.COM
20 MarCVE-2026-23265 f2fs: fix to do sanity check on node footer in {read,write}_end_ioInformation published.MSRC.MICROSOFT.COM
20 MarCVE-2006-10002 XML::Parser versions through 2.47 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashesInformation published.MSRC.MICROSOFT.COM
20 MarCVE-2026-23255 net: add proper RCU protection to /proc/net/ptypeInformation published.MSRC.MICROSOFT.COM
20 MarCVE-2026-23253 media: dvb-core: fix wrong reinitialization of ringbuffer on reopenInformation published.MSRC.MICROSOFT.COM
20 MarCVE-2025-71269 btrfs: do not free data reservation in fallback from inline due to -ENOSPCInformation published.MSRC.MICROSOFT.COM
20 MarCVE-2026-23267 f2fs: fix IS_CHECKPOINTED flag inconsistency issue caused by concurrent atomic commit and checkpoint writesInformation published.MSRC.MICROSOFT.COM
20 MarCVE-2006-10003 XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stackInformation published.MSRC.MICROSOFT.COM
19 Mar KEVCISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware AttacksThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged government agencies to apply patches for two security flaws impacting Synacor Zimbra Collaboration Suite (ZCS) and Microsoft Office SharePoint, stating they have been actively exploited in the wild. The vu…THEHACKERNEWS.COM
19 MarCVE-2026-23233 f2fs: fix to avoid mapping wrong physical block for swapfileInformation published.MSRC.MICROSOFT.COM
19 MarCVE-2026-23242 RDMA/siw: Fix potential NULL pointer dereference in header processingInformation published.MSRC.MICROSOFT.COM
19 MarCVE-2026-23245 net/sched: act_gate: snapshot parameters with RCU on replaceInformation published.MSRC.MICROSOFT.COM
19 MarCVE-2025-71266 fs: ntfs3: check return value of indx_find to avoid infinite loopInformation published.MSRC.MICROSOFT.COM
19 MarCVE-2025-71267 fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LISTInformation published.MSRC.MICROSOFT.COM
19 MarCVE-2026-23244 nvme: fix memory allocation in nvme_pr_read_keys()Information published.MSRC.MICROSOFT.COM
19 MarCVE-2026-23243 RDMA/umad: Reject negative data_len in ib_umad_writeInformation published.MSRC.MICROSOFT.COM
19 MarCVE-2026-4224 Stack overflow parsing XML with deeply nested DTD content modelsInformation published.MSRC.MICROSOFT.COM
19 MarCVE-2026-3644 Incomplete control character validation in http.cookiesInformation published.MSRC.MICROSOFT.COM
19 MarCVE-2026-23248 perf/core: Fix refcount bug and potential UAF in perf_mmapInformation published.MSRC.MICROSOFT.COM
19 MarCVE-2026-23246 wifi: mac80211: bounds-check link_id in ieee80211_ml_reconfigurationInformation published.MSRC.MICROSOFT.COM
19 MarCVE-2026-23247 tcp: secure_seq: add back ports to TS offsetInformation published.MSRC.MICROSOFT.COM
19 MarCVE-2025-71265 fs: ntfs3: fix infinite loop in attr_load_runs_range on inconsistent metadataInformation published.MSRC.MICROSOFT.COM
19 MarCVE-2026-27448 pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callbackInformation published.MSRC.MICROSOFT.COM
19 MarCVE-2026-27459 pyOpenSSL DTLS cookie callback buffer overflowInformation published.MSRC.MICROSOFT.COM
19 Mar KEVCISA Warns of Attacks Exploiting Recent SharePoint VulnerabilityThe SharePoint remote code execution vulnerability CVE-2026-20963, which Microsoft patched in January, has been exploited in the wild. The post CISA Warns of Attacks Exploiting Recent SharePoint Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
19 MarInterlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Accesssubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2026/03/interlock-ransomware-exploits-cisco-fmc.htmlSH.ITJUST.WORKS
19 MarCritical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCEsubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2026/03/critical-telnetd-flaw-cve-2026-32746.htmlSH.ITJUST.WORKS
19 MarTelnet vulnerability opens door to remote code execution as rootA critical Telnet vulnerability with a CVSS rating of 9.8 enables attackers to take full control of affected systems before authentication even kicks in, security researchers at Dream Security have warned. Tracked as CVE-2026-32746, the vulnerability is in GNU inetutils telnetd, …CSOONLINE.COM
19 MarRansomware group exploited Cisco firewall vulnerability as a zero day, weeks before a patch appearedOne of the world’s most active ransomware groups, Interlock, started exploiting a critical-rated Cisco firewall vulnerability as a zero day weeks before it was patched in early March, Amazon has revealed. The vulnerability in question is CVE-2026-20131 , a remotely exploitable de…CSOONLINE.COM
19 MarCVE-2026-32169 Azure Cloud Shell Elevation of Privilege VulnerabilityServer-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
19 MarCVE-2026-26139 Microsoft Purview Elevation of Privilege VulnerabilityServer-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
19 MarCVE-2026-26138 Microsoft Purview Elevation of Privilege VulnerabilityServer-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
19 MarCVE-2026-32191 Microsoft Bing Images Remote Code Execution VulnerabilityImproper neutralization of special elements used in an os command ('os command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network.MSRC.MICROSOFT.COM
19 MarCVE-2026-23658 Azure DevOps: msazure Elevation of Privilege VulnerabilityInsufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
19 MarCVE-2026-26120 Microsoft Bing Tampering VulnerabilityServer-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to perform tampering over a network.MSRC.MICROSOFT.COM
19 MarCVE-2026-23659 Azure Data Factory Information Disclosure VulnerabilityExposure of sensitive information to an unauthorized actor in Azure Data Factory allows an unauthorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
19 MarCVE-2026-24299 M365 Copilot Information Disclosure VulnerabilityImproper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
19 MarCVE-2026-26136 Microsoft Copilot Information Disclosure VulnerabilityImproper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
19 MarCVE-2026-26137 Microsoft 365 Copilot BizChat Elevation of Privilege VulnerabilityServer-side request forgery (ssrf) in Microsoft 365 Copilot's Business Chat allows an authorized attacker to elevate privileges over a network.MSRC.MICROSOFT.COM
19 MarCVE-2026-32194 Microsoft Bing Images Remote Code Execution VulnerabilityImproper neutralization of special elements used in a command ('command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network.MSRC.MICROSOFT.COM
19 MarZDI-26-221: GIMP XPM File Parsing Integer Overflow Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. T…ZERODAYINITIATIVE.COM
19 MarZDI-26-220: GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. T…ZERODAYINITIATIVE.COM
19 MarZDI-26-219: GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. T…ZERODAYINITIATIVE.COM
19 MarZDI-26-218: GIMP ANI File Parsing Integer Overflow Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. T…ZERODAYINITIATIVE.COM
19 MarZDI-26-217: GIMP PSD File Parsing Integer Overflow Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. T…ZERODAYINITIATIVE.COM
18 MarCritical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23Cybersecurity researchers have disclosed a critical security flaw impacting the GNU InetUtils telnet daemon (telnetd) that could be exploited by an unauthenticated remote attacker to execute arbitrary code with elevated privileges. The vulnerability, tracked as CVE-2026-32746, ca…THEHACKERNEWS.COM
18 MarFortiClient Hit by Severe SQL Injection Vulnerability Enabling Database IntrusionCybersecurity researchers have a detailed a critical security flaw in Fortinet’s FortiClient Enterprise Management Server (EMS). Tracked as CVE-2026-21643, this severe pre-authentication SQL injection vulnerability carries a near-maximum CVSS severity score of 9.1. It allows unau…GBHACKERS.COM
18 MarResearchers Disclose ‘RegPwn,’ a Windows Registry Weakness Allowing SYSTEM AccessResearchers at MDSec have disclosed a newly patched Elevation of Privilege vulnerability in Microsoft Windows, known as “RegPwn”. Tracked as CVE-2026-24291, this flaw allows a low-privileged user to gain full SYSTEM access by exploiting how Windows handles registry co…GBHACKERS.COM
18 MarNew Kubernetes NFS CSI Vulnerability Enables Unauthorized Directory Deletion and ChangesA newly disclosed security flaw in the Kubernetes Container Storage Interface (CSI) Driver for Network File System (NFS) exposes storage servers to unauthorized directory modification and deletion. Tracked as CVE-2026-3864 with a medium-severity CVSS v3.1 score of 6.5, this vulne…GBHACKERS.COM
18 MarApple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOSApple on Tuesday released its first round of Background Security Improvements to address a security flaw in WebKit that affects iOS, iPadOS, and macOS. The vulnerability, tracked as CVE-2026-20643 (CVSS score: N/A), has been described as a cross-origin issue in WebKit's Navigatio…THEHACKERNEWS.COM
18 MarCVE-2026-23241 audit: add missing syscalls to read classInformation published.MSRC.MICROSOFT.COM
18 MarCVE-2025-71239 audit: add fchmodat2() to change attributes classInformation published.MSRC.MICROSOFT.COM
18 MarUbuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing ExploitA high-severity security flaw affecting default installations of Ubuntu Desktop versions 24.04 and later could be exploited to escalate privileges to the root level. Tracked as CVE-2026-3888 (CVSS score: 7.8), the issue could allow an attacker to seize control of a susceptible sy…THEHACKERNEWS.COM
18 MarUbuntu Desktop Vulnerability Lets Attackers Escalate Privileges to Full Root AccessThe Qualys Threat Research Unit (TRU) has disclosed a critical Local Privilege Escalation (LPE) vulnerability affecting default installations of Ubuntu Desktop version 24.04 and later. Tracked as CVE-2026-3888, this high-severity flaw carries a CVSS v3.1 score of 7.8 and allows u…GBHACKERS.COM
18 MarCritical Telnetd Vulnerability Enables Remote Code Execution AttacksA critical buffer overflow vulnerability has been discovered in the GNU InetUtils telnetd daemon. Tracked as CVE-2026-32746, the flaw carries a maximum CVSS 3.1 score of 9.8 and allows unauthenticated attackers to execute arbitrary code with root privileges. There is no confirmed…GBHACKERS.COM
18 MarInterlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root AccessAmazon Threat Intelligence is warning of an active Interlock ransomware campaign that's exploiting a recently disclosed critical security flaw in Cisco Secure Firewall Management Center (FMC) Software. The vulnerability in question is CVE-2026-20131 (CVSS score: 10.0), a case of …THEHACKERNEWS.COM
18 MarThe Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat ActorsIntroduction Google Threat Intelligence Group (GTIG) has identified a new iOS full-chain exploit that leveraged multiple zero-day vulnerabilities to fully compromise devices. Based on toolmarks in recovered payloads, we believe the exploit chain to be called DarkSword. Since at l…CLOUD.GOOGLE.COM
18 MarAmazon threat intelligence teams identify Interlock ransomware campaign targeting enterprise firewallsAmazon threat intelligence has identified an active Interlock ransomware campaign exploiting CVE-2026-20131, a critical vulnerability in Cisco Secure Firewall Management Center (FMC) Software that could allow an unauthenticated, remote attacker to execute arbitrary Java code as r…AWS.AMAZON.COM
17 Mar KEVCISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server PathsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Wing FTP to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, CVE-2025-47813 (CVSS score: 4.3), i…THEHACKERNEWS.COM
17 MarCVE-2026-23941 Request smuggling via first-wins Content-Length parsing in inets httpdInformation published.MSRC.MICROSOFT.COM
17 MarCVE-2026-23943 Pre-auth SSH DoS via unbounded zlib inflateInformation published.MSRC.MICROSOFT.COM
17 MarCVE-2026-32249 NFA regex engine NULL pointer dereference affects Vim < 9.2.0137Information published.MSRC.MICROSOFT.COM
17 MarCVE-2026-23942 SFTP root escape via component-agnostic prefix check in ssh_sftpdInformation published.MSRC.MICROSOFT.COM
17 MarCVE-2026-4111 Libarchive: infinite loop denial of service in rar5 decompression via archive_read_data() in libarchiveInformation published.MSRC.MICROSOFT.COM
17 MarCVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement groupInformation published.MSRC.MICROSOFT.COM
17 MarCVE-2026-4105 Systemd: systemd: privilege escalation via improper access control in registermachine d-bus methodInformation published.MSRC.MICROSOFT.COM
17 MarCVE-2026-23066 rxrpc: Fix recvmsg() unconditional requeueInformation published.MSRC.MICROSOFT.COM
17 MarCVE-2026-1703 Limited path traversal when installing wheel archivesInformation published.MSRC.MICROSOFT.COM
17 MarCVE-2026-23069 vsock/virtio: fix potential underflow in virtio_transport_get_credit()Information published.MSRC.MICROSOFT.COM
17 MarAngular XSS Vulnerability Threatens Thousands of Web ApplicationsA high-severity Cross-Site Scripting (XSS) vulnerability, tracked as CVE-2026-32635, has been discovered in Angular, one of the world’s most widely used web application frameworks. This flaw resides in the Angular runtime and compiler and affects internationalisation (i18n)…GBHACKERS.COM
17 MarCISA Flags Year-Old Wing FTP Vulnerability as ExploitedTracked as CVE-2025-47813, the flaw leads to the disclosure of the full local installation path of the application. The post CISA Flags Year-Old Wing FTP Vulnerability as Exploited appeared first on SecurityWeek .SECURITYWEEK.COM
17 MarNvidia NemoClaw promises to run OpenClaw agents securelyIn the few short weeks since OpenClaw became the biggest story in agentic AI, it has been dogged by concerns that it is not secure enough to be safely let loose in enterprises. This week at the Nvidia GPU Technology Conference (GTC) conference, CEO Jensen Huang announced what he …CSOONLINE.COM
17 MarApple pushes first Background Security Improvements update to fix WebKit flawApple has released its first Background Security Improvements update to fix a WebKit flaw tracked as CVE-2026-20643 on iPhones, iPads, and Macs without requiring a full operating system upgrade. [...]BLEEPINGCOMPUTER.COM
17 MarZDI-26-216: (Pwn2Own) QNAP TS-453E smbd domain_name Argument Injection Authentication Bypass VulnerabilityThis vulnerability allows network-adjacent attackers to bypass authentication on affected installations of QNAP TS-453E devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.3. The following CVEs are assigned: CVE-2025-6284…ZERODAYINITIATIVE.COM
16 MarFortiGate Firewall Exploitation Fuels Network Breaches in New Attack WaveCybersecurity defenders identified a surge in network breaches originating from compromised FortiGate Next-Generation Firewalls. According to incident responders at SentinelOne, threat actors exploit recent vulnerabilities to extract configuration files, steal credentials, and es…GBHACKERS.COM
16 MarNine critical vulnerabilities in Linux AppArmor put over 12M enterprise systems at riskSecurity researchers at Qualys have disclosed nine vulnerabilities in AppArmor, the Linux Security Module that ships enabled by default across Ubuntu, Debian, and SUSE distributions. An unprivileged local attacker can exploit the flaws to gain full root access, break out of conta…CSOONLINE.COM
16 MarChromium: CVE-2026-3909 Out of bounds write in SkiaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2021) for more information. Google is aware that an exploit for CVE-2026-3909 exists in…MSRC.MICROSOFT.COM
16 MarRansomware Under Pressure: Tactics, Techniques, and Procedures in a Shifting Threat LandscapeWritten by: Bavi Sadayappan, Zach Riddle, Ioana Teaca, Kimberly Goody, Genevieve Stark Introduction Since 2018, when many financially motivated threat actors began shifting their monetization strategy to post-compromise ransomware deployments, ransomware has become one of the mos…CLOUD.GOOGLE.COM
16 MarZDI-26-215: KeePassXC OpenSSL Configuration Uncontrolled Search Path Element Local Privilege Escalation VulnerabilityThis vulnerability allows local attackers to escalate privileges on affected installations of KeePassXC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.3…ZERODAYINITIATIVE.COM
16 MarZDI-26-214: GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. T…ZERODAYINITIATIVE.COM
16 MarZDI-26-213: GIMP LBM File Parsing Heap-based Buffer Overflow Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. T…ZERODAYINITIATIVE.COM
16 MarZDI-26-212: Schneider Electric EcoStruxure Data Center Expert Hard-coded Password Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Data Center Expert. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigne…ZERODAYINITIATIVE.COM
16 MarZDI-26-211: Delta Electronics ASDA-Soft PAR File Parsing Stack-based Buffer Overflow Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics ASDA-Soft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned …ZERODAYINITIATIVE.COM
16 MarZDI-26-210: (Pwn2Own) Samsung Galaxy S25 Samsung Members Security Feature Bypass VulnerabilityThis vulnerability allows remote attackers to bypass a security feature on affected installations of Samsung Galaxy S25. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.4. The following CVEs are assigned: CVE-2025-21079.ZERODAYINITIATIVE.COM
16 MarZDI-26-209: (Pwn2Own) Samsung Galaxy S25 Samsung Members Open Redirect Security Bypass VulnerabilityThis vulnerability allows remote attackers to bypass security on affected installations of Samsung Galaxy S25. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.0. The following CVEs are assigned: CVE-2025-21079.ZERODAYINITIATIVE.COM
16 MarZDI-26-208: (Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Integer Overflow Remote Code Execution VulnerabilityThis vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF654Cdw printers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned…ZERODAYINITIATIVE.COM
16 MarZDI-26-207: (Pwn2Own) Canon imageCLASS MF654Cdw dtdc_addr_importSub Stack-based Buffer Overflow Remote Code Execution VulnerabilityThis vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF654Cdw printers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned…ZERODAYINITIATIVE.COM
16 MarZDI-26-206: (Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Out-Of-Bounds Write Remote Code Execution VulnerabilityThis vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF654Cdw printers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned…ZERODAYINITIATIVE.COM
16 MarZDI-26-205: (Pwn2Own) Canon imageCLASS MF654Cdw PJCC Request Parsing Heap-based Buffer Overflow Remote Code Execution VulnerabilityThis vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF654Cdw printers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned…ZERODAYINITIATIVE.COM
16 MarZDI-26-204: (Pwn2Own) Canon imageCLASS MF654Cdw XPS Parser Stack-based Buffer Overflow Remote Code Execution VulnerabilityThis vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF654Cdw printers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned…ZERODAYINITIATIVE.COM
16 MarZDI-26-203: (Pwn2Own) Canon imageCLASS MF654Cdw XML SOAP Request Parsing Heap-based Buffer Overflow Remote Code Execution VulnerabilityThis vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF654Cdw printers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned…ZERODAYINITIATIVE.COM
16 MarZDI-26-202: (Pwn2Own) QNAP TS-453E Hyper Data Protector Plugin query_original_file_size SQL Injection Remote Code Execution VulnerabilityThis vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-453E. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating o…ZERODAYINITIATIVE.COM
16 MarZDI-26-201: (Pwn2Own) QNAP TS-453E Hyper Data Protector Plugin Hard-Coded Credentials Authentication Bypass VulnerabilityThis vulnerability allows network-adjacent attackers to bypass authentication on affected installations of QNAP TS-453E devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.3. The following CVEs are assigned: CVE-2025-5938…ZERODAYINITIATIVE.COM
16 MarZDI-26-200: (Pwn2Own) QNAP TS-453E nvrlog_event_add msg SQL Injection Remote Code Execution VulnerabilityThis vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-453E devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS …ZERODAYINITIATIVE.COM
16 MarZDI-26-199: (Pwn2Own) QNAP TS-453E conn_log_tool Format String Remote Code Execution VulnerabilityThis vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-453E devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS …ZERODAYINITIATIVE.COM
16 MarZDI-26-198: (Pwn2Own) QNAP TS-453E malware_remover Code Injection Remote Code Execution VulnerabilityThis vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-453E devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-118…ZERODAYINITIATIVE.COM
16 MarZDI-26-197: (Pwn2Own) ChargePoint Home Flex revssh Service Command Injection Remote Code Execution VulnerabilityThis vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE…ZERODAYINITIATIVE.COM
16 MarZDI-26-196: (Pwn2Own) ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution VulnerabilityThis vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex EV chargers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned:…ZERODAYINITIATIVE.COM
16 MarZDI-26-195: (Pwn2Own) ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure VulnerabilityThis vulnerability allows remote attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assig…ZERODAYINITIATIVE.COM
16 MarZDI-26-194: Microsoft Exchange InterceptorSmtpAgent Improper Input Validation Security Feature Bypass VulnerabilityThis vulnerability allows remote attackers to bypass a security feature on affected installations of Microsoft Exchange. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.3. The following CVEs are assigned: CVE-2026-21527.ZERODAYINITIATIVE.COM
16 MarZDI-26-193: (Pwn2Own) Linux Kernel nf_tables_newset Out-Of-Bounds Write Information Disclosure VulnerabilityThis vulnerability allows local attackers to disclose sensitive information on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS…ZERODAYINITIATIVE.COM
16 MarZDI-26-192: Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos Era 300. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 10.0. The following CVEs are assigned: CVE-2026-4149.ZERODAYINITIATIVE.COM
16 MarZDI-26-191: (Pwn2Own) Linux Kernel nf_tables Use-After-Free Privilege Escalation VulnerabilityThis vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of …ZERODAYINITIATIVE.COM
16 MarZDI-26-190: (Pwn2Own) VMware Workstation PVSCSI Heap-based Buffer Overflow Local Privilege Escalation VulnerabilityThis vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CV…ZERODAYINITIATIVE.COM
16 MarZDI-26-189: (Pwn2Own) VMware ESXi VMXNET3 Integer Overflow Local Privilege Escalation VulnerabilityThis vulnerability allows local attackers to escalate privileges on affected installations of VMware ESXi. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rati…ZERODAYINITIATIVE.COM
16 MarZDI-26-188: (Pwn2Own) VMware ESXi VMCI Integer Underflow Local Privilege Escalation VulnerabilityThis vulnerability allows local attackers to escalate privileges on affected installations of VMware ESXi. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rati…ZERODAYINITIATIVE.COM
16 MarZDI-26-187: (Pwn2Own) Synology DiskStation Manager Netatalk Library Buffer Overflow Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2022-45188…ZERODAYINITIATIVE.COM
⚠️ VULNERABILITY DISCLOSURE 2096[−]
13 JunWeekly Metasploit Update: New Kerberos/Certificate tracing options, and multiple new modulesNew Tracing Options As hard as we try to ensure that Metasploit is bug free, issues inevitably come up. Whether you’re running a module on an op or writing a new one, what we can do is make the debugging experience easier. To that end one of our two Google Summer of Code (GSoC) p…RAPID7.COM
13 JunThis Sparrow doesn't migrate.Martin Zugec, Technical Solutions Director at Bitdefender, discussing their work on "FamousSparrow APT Targets Azerbaijani Oil and Gas Industry." Bitdefender researchers uncovered a sustained cyber espionage campaign by the China-linked FamousSparrow group targeting an Azerbai…THECYBERWIRE.COM
13 JunShai-Hulud variant compromises dozens of open-source Microsoft packages.Patch Tuesday notes: Microsoft fixes a record 200 flaws. German court holds Google liable for AI-generated claims.THECYBERWIRE.COM
13 JunThe FCC Wants to Kill Burner PhonesPlus: AI bug hunting fuels Microsoft’s biggest-ever Patch Tuesday, ShinyHunters ransomware gang exploits an Oracle zero-day, and more.WIRED.COM
12 JunAnthropic Warns AI Risks Are Real, RoguePlanet Zero-Day Drops, Crypto Laundering TakedownAnthropic is calling for governments to have the authority to stop deployment of advanced AI systems that pose unacceptable risks. CEO Dario Amodei points to the company's Mythos cybersecurity model as proof that AI has become a matter of national and strategic consequence, warni…CYBERSECURITYTODAY.LIBSYN.COM
12 JunComcast Business SecurityEdge Preferred strengthens security for small businessesComcast Business announced SecurityEdge Preferred, its most advanced network-native cybersecurity solution for small businesses. Because SecurityEdge Preferred is built directly into the Comcast Business network, security can be activated in minutes without deploying additional h…HELPNETSECURITY.COM
12 Jun‘Harvest now, decipher later’: The quantum threat few are preparing forQuantum technology may feel far off but certain risks are already with us in the form of “harvest now, decrypt later” — an attack vector in which malicious actors steal data now for a future in which they have access to quantum computational tools capable of breaking encryption d…CSOONLINE.COM
12 JunAuthorities dismantle crypto laundering service that moved €336 million for cybercriminalsAn international law enforcement operation has dismantled a cryptocurrency laundering service linked to ransomware groups and other cybercriminals that processed more than €336 million in illicit funds. The domain seizure notice (Source: Europol) Europol said the service, known a…HELPNETSECURITY.COM
12 Jun KEVCISA orders feds to patch actively exploited Ivanti flaw by SundayThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch an actively exploited Ivanti Sentry flaw within three days, as mandated by the newly issued Binding Operational Directive (BOD) 26-04. [...]BLEEPINGCOMPUTER.COM
12 JunLangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code ExecutionCybersecurity researchers have disclosed details of three now-patched security flaws impacting LangGraph, including a critical vulnerability chain that could result in remote code execution. LangGraph is an open-source framework created by LangChain to build complex, stateful, an…THEHACKERNEWS.COM
12 JunAI is exposing the biggest weakness in cybersecurity: We never built a health model. Until now!For 30 years, cybersecurity has operated like an emergency room. Reactive. Crisis-driven. Always triaging. We are extraordinarily good at it — our detection is faster, our response playbooks are sharper, our incident teams are more capable than they have ever been. When something…CSOONLINE.COM
12 JunIvanti Sentry Exploitation Attempts Hitting HoneypotsThe critical-severity OS command injection vulnerability allows attackers to execute arbitrary code with root privileges. The post Ivanti Sentry Exploitation Attempts Hitting Honeypots appeared first on SecurityWeek .SECURITYWEEK.COM
12 JunChrome 149 Update Patches 28 VulnerabilitiesThe browser refresh resolved critical and high-severity security defects, including a dozen use-after-free bugs. The post Chrome 149 Update Patches 28 Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
12 JunPrompt injection breaks today’s AI agents, study warnsToday’s AI web agents have no dependable defenses against prompt injection, according to new research showing that not a single attack scenario was consistently blocked across leading systems powered by GPT‑5 and Gemini. The findings come from StakeBench, a stakeholder-centric be…CSOONLINE.COM
12 JunPharma giant Novo Nordisk discloses breach of clinical trials dataDanish pharmaceutical giant Novo Nordisk, the world's largest producer of insulin, disclosed a data breach affecting patient information from some clinical trials. [...]BLEEPINGCOMPUTER.COM
12 Jun KEVFactoring "short-sleeve" RSA keys with polynomialsWhat happens when the bits of an RSA private key are heavily biased toward 0 instead of being randomly generated? The public key’s bits could be biased enough for us to detect these incorrectly generated keys in the wild. Together with Hanno Böck of the badkeys project, we found …TRAILOFBITS.COM
12 JunAgentjacking Attack Tricks AI Coding Agents Into Running Malicious CodeCybersecurity researchers have described what they say is a new class of attack that can trick artificial intelligence (AI) coding agents into running arbitrary code on developer machines. Called Agentjacking by Tenet Security, the attack can be triggered by means of a fake error…THEHACKERNEWS.COM
12 JunSecurity Tools Are Breaking SOCsMany organizations now operate dozens of security tools across incident response, threat intelligence, detection, investigation, and remediation. While these tools increasingly include AI features, they often lack proper integration across platforms. This creates operational frag…YOUTUBE.COM
12 JunCISA directs agencies to “patch smarter, not harder.”Anthropic rejects Fable 5 jailbreak claims. Google confirms ShinyHunters exploited a critical Oracle PeopleSoft vulnerability.THECYBERWIRE.COM
12 JunShinyHunters linked to exploitation of critical flaw in Oracle PeopleSoftMore than 100 organizations, more than two-thirds in higher education, have been notified of potential impact.CYBERSECURITYDIVE.COM
12 JunShinyHunters is actively extorting universities after exploiting an unpatched Oracle flawOracle still hasn't patched the vulnerability the group has been using in its attacks since late May. The post ShinyHunters is actively extorting universities after exploiting an unpatched Oracle flaw appeared first on CyberScoop .CYBERSCOOP.COM
12 JunphpBB forum fixes auth bypass bug lurking for a decadeA 10-year-old authentication bypass vulnerability discovered in the phpBB forum software allows an attacker to log in as any user, including administrators. [...]BLEEPINGCOMPUTER.COM
12 JunDeadline-driven defense.CISA directs agencies to “patch smarter, not harder.” The House fails to extend FISA. Europol pulls over AudiA6. GitHub announces npm security updates. Anthropic rejects Fable 5 jailbreak claims. CISA gives feds three days to patch a critical Ivanti Sentry vulnerability. Google c…THECYBERWIRE.COM
12 JunShinyHunters Uses Oracle Zero-Day to Rampage Higher EdA major bug in Oracle's ERP software disproportionately affected American universities, and hackers have capitalized by stealing gobs of data.DARKREADING.COM
12 JunGreatXML zero-day BitLocker bypass doesn’t seem to work, yetA disgruntled researcher who has been publishing zero-day Microsoft Windows vulnerabilities for the past several months released a new exploit Thursday that promises to bypass BitLocker encryption on locked devices. A well respected security expert reported that the exploit doesn…CSOONLINE.COM
12 Jun KEVShiny Hunters Hit PeopleSoftOracle mitigated a critical PeopleSoft vulnerability affecting PeopleTools versions 8.61 and 8.62. Reports indicate the vulnerability was actively exploited as a zero-day by the group known as Shiny Hunters to access organizational data. The issue was described as an unauthentica…YOUTUBE.COM
11 JunGitHub finally pulls the plug on automatic install script execution for npmThe ability for attackers to leverage automatic install script execution in npm will finally come to an end when expected changes arrive from GitHub in July. Coders will still be able to enable the function, but the default setting will block it. In V12, default settings are chan…CSOONLINE.COM
11 JunWhatsAppening here?This week, hosts of N2K CyberWire Maria Varmazis and Dave Bittner alongs…THECYBERWIRE.COM
11 JunX Square Robot open sources its robot-free data collection frameworkCompanies building robots for physical work spend large amounts of time and money operating machines by hand to gather training examples. Each session with a physical robot produces a small number of demonstrations per day, which slows the growth of datasets used to train embodie…HELPNETSECURITY.COM
11 JunMax severity Ivanti Sentry vulnerability now exploited in attacksAttackers are now targeting a recently patched maximum-severity flaw in Ivanti Sentry, enabling them to execute code with root privileges on Internet-exposed secure mobile gateways. [...]BLEEPINGCOMPUTER.COM
11 JunAged-domain acquisition: The tradecraft phishing operators are using to bypass your mail filter’s reputation scoreI’ve spent the past two years working on incident response and threat intelligence, and the pattern I’m about to describe is one I keep seeing show up in cases that should have been caught at the email gateway. The kit families change. The lure templates change. The constant is t…CSOONLINE.COM
11 JunFrontier AI models offer sneak peak of seismic cyber shifts aheadThe advent of Claude Mythos combined with the release of OpenAI’s GPT-5.5 have changed the threat model for CISOs . The arrival of those frontier AI models — and the ones soon to follow — makes it much easier to discover and chain vulnerabilities at a speed and scale that will re…CSOONLINE.COM
11 Jun‘GreatXML’ Zero-Day Exploit Bypasses BitLockerThe PoC exploits Microsoft Defender’s offline scan to spawn a SYSTEM shell when rebooting in Recovery Mode. The post ‘GreatXML’ Zero-Day Exploit Bypasses BitLocker appeared first on SecurityWeek .SECURITYWEEK.COM
11 JunEnhanced License Plate TrackingThe surveillance company Leonardo wants more data : A surveillance company plans to add sensors to automatic license plate readers (ALPRs) that would mean the devices, as well as capture the license plate of passing vehicles, would also sweep up unique identifiers of mobile phone…SCHNEIER.COM
11 JunWhat SRE teams need before they trust AI agentsThe future of reliability will not be defined by whether site reliability engineering (SRE) teams use AI agents, but by the conditions under which they choose to trust them. In high-stakes systems, trust is never granted because a demo looks impressive; it is earned through obser…CSOONLINE.COM
11 JunSplunk, Palo Alto Networks Patch Severe VulnerabilitiesThe security defects could allow attackers to create or modify arbitrary files and access and modify protected resources. The post Splunk, Palo Alto Networks Patch Severe Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
11 JunAI Broke Vulnerability Management. That's Why CISOs Are Moving Budget to BAS.For thirty years, vulnerability management ran on a buffer: the months between when a vulnerability was found and when someone could figure out how to weaponize it. The solution was straightforward enough; triage by severity, schedule the fix, validate, and move on. The buffer wa…THEHACKERNEWS.COM
11 JunSignal Alums Reveal ‘Encrypted Spaces,’ a System for Making Private Collaboration AppsThe new open-source project could serve as the basis for a future of apps with features as complex as Slack, Discord, or Google Docs—but with added protection against surveillance.WIRED.COM
11 JunKyushu Electric lost backup drive containing data of 10.9 million clientsKyushu Electric Power Transmission and Distribution Co. has disclosed that an external storage device used for system backups has gone missing from a secure server room. While no evidence of data leakage has been identified so far, the company warns that the device contained pers…CYBERINSIDER.COM
11 JunVRChat discloses cloud breach exposing data of 2.4 million usersVRChat has disclosed a data breach affecting 2,436,782 users after attackers gained unauthorized access to data stored in the company's cloud environment. The incident exposed account-related information, including email addresses, usernames, login history, and linked platform id…CYBERINSIDER.COM
11 JunHackers Exploit Langflow Vulnerability for Remote Code ExecutionDisclosed in March, the security defect enables unauthenticated attackers to write files to arbitrary locations on the system. The post Hackers Exploit Langflow Vulnerability for Remote Code Execution appeared first on SecurityWeek .SECURITYWEEK.COM
11 JunCoupang hit with record $409 million data breach fine in KoreaThe Personal Information Protection Commission (PIPC), South Korea's data protection regulator, has fined e-commerce giant Coupang a record 624.6 billion won (roughly $409 million) following a massive data breach affecting more than 37 million customers [...]BLEEPINGCOMPUTER.COM
11 JunCISA tells govt agencies to patch critical exploited flaws in 3 daysThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced a new Binding Operational Directive, 26-04, that prioritizes security updates for Federal Civilian Executive Branch (FCEB) agencies. [...]BLEEPINGCOMPUTER.COM
11 JunServiceNow fixes API issue after reports of suspicious tenant activityServiceNow is notifying customers after discovering and remediating a vulnerability that could have exposed data via an unauthenticated API endpoint on affected instances. The issue emerged publicly after customers began discussing security notifications from ServiceNow and repor…CSOONLINE.COM
11 JunFrom SQLi to RCE – Exploiting LangGraph’s CheckpointerBy Yarden Porat AI agents need memory. Frameworks like LangGraph provide it through checkpointers – persistence layers that store execution state. But what happens when that persistence layer isn’t locked down? Key Points Background LangGraph is an open-source framewo…RESEARCH.CHECKPOINT.COM
11 JunCriminal AI-as-a-Service in 2026: How the Underground Market Is Operationalizing CybercrimeIntroduction The underground market for criminally oriented generative AI has moved beyond the early hype surrounding 'malicious chatbots.' The gradual integration of AI as a productivity layer within cybercrime operations has become the dominant story, indicating that while the …RAPID7.COM
11 JunAuthorities dismantle 'AudiA6' ransomware crypto-laundering serviceLaw enforcement has dismantled the “AudiA6” cryptocurrency service allegedly used by ransomware actors and other cybercriminals to launder more than $380 million. [...]BLEEPINGCOMPUTER.COM
11 JunThe Gentlemen Ransomware Claims 478 Victims, Can Spread Like a WormA new analysis of The Gentlemen operation has revealed that the financially motivated threat group initially operated as an affiliate responsible for conducting double extortion attacks, while leveraging resources from various ransomware-as-a-service (RaaS) schemes like LockBit (…THEHACKERNEWS.COM
11 JunCyber Force not included in Senate defense policy roadmapAn amendment by Sen. Kirsten Gillibrand (D-NY) to the chamber’s fiscal 2027 national defense authorization bill that would have created the digital-focused service was defeated 14-13 when the Senate Armed Services Committee took up the nearly $1.2 trillion legislation behind clos…THERECORD.MEDIA
11 JunCoupang hit by massive $456 million fine for 2025 data breach incidentSouth Korea's Personal Information Protection Commission (PIPC) has fined e-commerce giant Coupang 624.68 billion won ($456 million) after concluding that poor security practices led to a data breach affecting approximately 37.5 million people. The decision follows a November 202…CYBERINSIDER.COM
11 JunCISA orders federal agencies to “patch smarter”The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a Binding Operational Directive that will change how the US federal government approaches vulnerability management. The directive arrives as the patching problem has become nearly unmanageable, driven by a …HELPNETSECURITY.COM
11 JunNew GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML FilesSecurity researcher Chaotic Eclipse (aka Nightmare-Eclipse and MSNightmare) has released a new Windows BitLocker bypass dubbed GreatXML, a day after they published an exploit for Microsoft Defender. "This was an accidental discovery, it took a total of 4 hours to find this," the …THEHACKERNEWS.COM
11 JunNexstar investigates potential breach after ShinyHunters claims theft of 1.1M Salesforce recordsNexstar Media Group is investigating a potential cybersecurity incident after the ShinyHunters extortion group claimed to have stolen more than one million Salesforce records and additional internal corporate data from the broadcasting giant. While the threat actors have not publ…CYBERINSIDER.COM
11 JunMax-Severity Ivanti Flaw Exploited 24 Hours After DisclosureInitial methods suggest attackers had likely mapped out Ivanti's asset landscape upfront and acted quickly once the exploit became public.DARKREADING.COM
11 JunOracle warns of security bug that hackers abused to breach 100+ companiesThe tech giant warned of a security flaw that a cybercrime gang said it's exploiting as part of a mass-hacking campaign. Google said it notified more than 100 organizations that had potentially vulnerable servers.TECHCRUNCH.COM
11 JunNightmare Eclipse Trolling MicrosoftThe discussion centers on a persona called “Nightmare Eclipse,” which appears to act as a single researcher or group releasing vulnerabilities in a highly public and strategic way. This includes dropping zero-day vulnerabilities outside of standard vendor patch cycles. This style…YOUTUBE.COM
11 JunJapanese energy firm loses drive with data of 10.9 million clientsKyushu Electric Power Co., Inc. has disclosed a physical security incident that affects private data of more than 10 million customers. [...]BLEEPINGCOMPUTER.COM
10 JunEnterprises know AI-generated code is vulnerable; they’re shipping it anywayAI-generated code is riddled with security flaws, yet enterprises are shipping more of it than ever before. Why? Perhaps they’re over-confident, lack true visibility into security risks, or are simply choosing to ignore the problem and hope it goes away. It’s a dangerous game to …CSOONLINE.COM
10 JunUK move to filter photos and messages triggers encryption worries for CISOsUK Prime Minister Keir Starmer’s speech on Monday insisting that tech companies create device controls to somehow block children from viewing or creating sexually explicit imagery has raised alarms among CISOs, who worry that the same technology could undermine enterprise securit…CSOONLINE.COM
10 JunHiring Hot Takes from a Three-Time Exit CMO, Mary YangMary Yang has been a CMO in cybersecurity for 6 years, helped 3 companies exit, and now works on a fractional basis with founders and teams she wants to work with. On this CyberCMO Confidential episode, the three of them get into a discussion on hiring. Mary skips the job descrip…THECYBERWIRE.COM
10 JunProduct showcase: Staying ahead of the threat horizon with AunooAunoo is an open strategic intelligence platform that uses AI agents to monitor intelligence sources, including for cybersecurity, to compile a daily briefing and alert on defined criteria. Each source is checked for credibility and quality before it is included. The platform run…HELPNETSECURITY.COM
10 JunScams now operate like real businesses with budgets and targetsSocial media has overtaken email as a primary attack vector, showing changes in how people consume information and interact online, according to Bitdefender’s Global Scam Intelligence Report 2026. Fraud campaigns use advertisements, sponsored content, impersonation pages, a…HELPNETSECURITY.COM
10 JunSix Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoSCybersecurity researchers have flagged half a dozen vulnerabilities in protobuf.js, a JavaScript and TypeScript implementation of Protocol Buffers (Protobuf), that, if successfully exploited, could result in remote code execution (RCE) and denial-of-service (DoS) attacks. "In aff…THEHACKERNEWS.COM
10 JunNOVA microhypervisor brings AMD DMA isolation to shared AI infrastructureBlueRock has issued the latest open-source release of its NOVA Microhypervisor with DMA remapping support for AMD platforms that have IOMMU hardware virtualization. The capability is enabled by default and extends hardware-level isolation across virtual machines, devices, and mem…HELPNETSECURITY.COM
10 JunMicrosoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated WindowsThe anonymous security researcher going by the name Chaotic Eclipse (aka Nightmare-Eclipse) has released a proof-of-concept (PoC) exploit for yet another Microsoft Defender zero-day named RoguePlanet. "The exploit is a race condition, so it's a hit or miss," the researcher, who p…THEHACKERNEWS.COM
10 JunRisky Business #841 -- Microsoft gets owned and 0day'dOn this week’s show special guest co-host Chris Wade, the founder of Corellium turned Cellebrite CTO, joins Patrick Gray and James Wilson to discuss the week’s cybersecurity news. They cover: Microsoft has repos owned, GitHub tokens popped, and a new 0day dropped on them Meanwhil…RISKY.BIZ
10 JunNo Patch Planned for Exploited Arista EOS VulnerabilityOrganizations are advised to apply vendor-supplied mitigations or discontinue the vulnerable devices. The post No Patch Planned for Exploited Arista EOS Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
10 JunServiceNow Flaw Exploited to Gain Unauthorized Access to Customer InstancesServiceNow has warned about a security incident in which unknown threat actors exploited a flaw to obtain deeper unauthorized access to susceptible instances. "On June 5, 2026, ServiceNow applied a security update to hosted customer instances," the company revealed in an advisory…THEHACKERNEWS.COM
10 JunMicrosoft Fixes 200 CVEs in June Patch TuesdayMicrosoft has patched 200 vulnerabilities including three zero-daysINFOSECURITY-MAGAZINE.COM
10 JunCritical Vulnerabilities Patched in Fortinet, Ivanti ProductsTwo OS command injection flaws can be exploited remotely, without authentication, for arbitrary code execution. The post Critical Vulnerabilities Patched in Fortinet, Ivanti Products appeared first on SecurityWeek .SECURITYWEEK.COM
10 JunAI red teaming comes of ageWhen Ram Shankar Siva Kumar launched Microsoft’s AI red team in 2019, the discipline barely existed. “The running joke used to be that people who used to work in AI red teaming, you can round them up in a 14-foot catamaran,” he tells CSO. At the time, Microsoft’s approach looked …CSOONLINE.COM
10 JunInnovation Without Data Security Risk as AI Unlocks Budgets and Identity Challenges - BSW #451AI is reshaping innovation as businesses embed it into core operations and move more processes online. This transformation is often seen as a tradeoff between innovation and data risk, but that assumption is wrong. Businesses can innovate and scale in the AI era while maintaining…YOUTUBE.COM
10 JunMicrosoft patches YellowKey, GreenPlasma, MiniPlasma zero-daysOn Tuesday, Microsoft patched two zero-day vulnerabilities that let attackers gain SYSTEM privileges on fully patched Windows systems, and a third one that grants access to BitLocker-protected drives. [...]BLEEPINGCOMPUTER.COM
10 JunServiceNow Patches Vulnerability Exploited Against Some CustomersThe company updated hosted customer instances to patch a security issue it reportedly had known about since April 7. The post ServiceNow Patches Vulnerability Exploited Against Some Customers appeared first on SecurityWeek .SECURITYWEEK.COM
10 JunRubrik launches Autonomous Business Recovery to rebuild cloud applications after cyberattacksRubrik has unveiled Autonomous Business Recovery (ABR) for Cloud Applications, the agentic cyber resilience solution that recovers cloud applications from data to network, identity and configurations. The end result is a rebuild of an organization’s Minimum Viable Business …HELPNETSECURITY.COM
10 JunF5 adds AI-powered threat detection and API security for on-premises environmentsF5 has introduced new web application and API protection (WAAP) capabilities for its Application Delivery and Security Platform. The company said the updates are intended to address a threat landscape in which AI models can accelerate the time between vulnerability discovery and …HELPNETSECURITY.COM
10 JunMicrosoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE BugsMicrosoft on Tuesday released fixes for a record 206 security vulnerabilities impacting its software portfolio, including three flaws that have been publicly disclosed at the time of release. Of the 206 flaws, 39 are rated Critical, and 167 are rated Important in severity. This i…THEHACKERNEWS.COM
10 JunAutonomous AI agents duped into leaking sensitive data in phishing testAI agents given access to corporate email and business applications could become a new phishing target for attackers, according to cybersecurity researchers, after a test agent built on OpenClaw was tricked into sharing cloud credentials and customer data with an external attacke…CSOONLINE.COM
10 JunRecord Microsoft Patch Tuesday, fresh zero-dayMicrosoft marked its largest-ever Patch Tuesday this month, by shipping fixes for nearly 200 vulnerabilities. Within hours, “Nightmare Eclipse”, the researcher behind weeks of escalating Windows exploit releases, dropped a proof-of-concept exploit for a new zero-day: …HELPNETSECURITY.COM
10 JunNew Windows Zero-Day Exploit ‘RoguePlanet’ ReleasedExploiting a race condition in Microsoft Defender, the exploit leads to local privilege escalation to SYSTEM. The post New Windows Zero-Day Exploit ‘RoguePlanet’ Released appeared first on SecurityWeek .SECURITYWEEK.COM
10 JunMicrosoft’s biggest-ever Patch Tuesday fixes 206 bugs, including 3 zero-daysJune 2026 is the largest Patch Tuesday in history, fixing 206 vulnerabilities and three publicly disclosed zero-days.MALWAREBYTES.COM
10 JunAryon Security Raises $29 Million in Series A FundingIn the post-Mythos era, the company’s platform helps organizations enforce security controls across environments. The post Aryon Security Raises $29 Million in Series A Funding appeared first on SecurityWeek .SECURITYWEEK.COM
10 JunMicrosoft ships largest Patch Tuesday on record, with one bug under active attackThe release comes after Microsoft’s security leadership acknowledged last month that AI tools are driving a surge in vulnerability discovery across the industry.THERECORD.MEDIA
10 Jun KEVMicrosoft patches Exchange Server zero-day exploited in attacksMicrosoft has patched an actively exploited Exchange Server vulnerability that allows threat actors to execute arbitrary JavaScript code in cross-site scripting (XSS) attacks targeting Outlook Web Access users. [...]BLEEPINGCOMPUTER.COM
10 JunInfostealers Turn Millions of Devices Into Credential Theft MachinesAs attackers increasingly favor stolen credentials over exploits, infostealers have become a primary source of access for ransomware and other cybercrime operations. The post Infostealers Turn Millions of Devices Into Credential Theft Machines appeared first on SecurityWeek .SECURITYWEEK.COM
10 JunAISLE Snapshot keeps source code under enterprise control during vulnerability scanningAISLE has introduced AISLE Snapshot, a new offering that gives regulated and security-sensitive enterprises access to frontier-class vulnerability detection inside their own environments, at a fraction of the cost, with source code and security data that never leave their control…HELPNETSECURITY.COM
10 JunWho Runs the Ransomware Group ‘The Gentlemen?’A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paid by victims. This post e…KREBSONSECURITY.COM
10 JunThe Shadow AI ProblemOrganizations are rapidly adopting generative AI tools, but many employees are experimenting with unauthorized platforms outside official IT oversight. Security leaders are now being forced to decide which AI services meet enterprise requirements and which should be blocked. Not …YOUTUBE.COM
10 JunIdentity theft is turning into a chain reaction for victimsFor a growing number of victims, identity theft no longer ends with a fraudulent charge or a compromised account. More than one in four people who contacted the Identity Theft Resource Center during the reporting period were dealing with multiple identity-related incidents, accor…HELPNETSECURITY.COM
10 JunPatch Tuesday notes: Microsoft fixes a record 200 flaws.Nightmare Eclipse leaks another Windows zero-day. Researchers disclose two critical flaws in AI Chrome extensions. Business news: Cyera closes a $600 million Series G round.THECYBERWIRE.COM
10 JunCISA gives agencies new vulnerability remediation deadlines that take risk levels into accountThe cybersecurity agency says it wants to help network defenders prioritize the fixes that matter the most.CYBERSECURITYDIVE.COM
10 JunCISA directive orders agencies to prioritize vulnerability patching in a new wayA vulnerability that meets all four criteria would need to be fixed within three days, for instance. The post CISA directive orders agencies to prioritize vulnerability patching in a new way appeared first on CyberScoop .CYBERSCOOP.COM
10 JunNightmare-Eclipse Drops Yet Another Microsoft Exploit, RoguePlanetThe disgruntled researcher released yet another PoC for a Windows Defender bug that allows for system takeover, showing no signs of abandoning their ongoing feud with Microsoft.DARKREADING.COM
10 JunAutomated Threat Hunting: Turning Threat Intelligence into Executable Hunt PlansBlake McDermott is Senior Threat Hunter at Rapid7. Every week, threat hunt teams are faced with a steady flow of blogs, advisories, and DFIR reports containing valuable intelligence about adversary behaviors, tactics, techniques, and procedures. The challenge is turning that inte…RAPID7.COM
10 JunPhones Hacked Without ClickingNSO Group’s Pegasus spyware is once again tied to attacks involving WhatsApp. Pegasus uses zero-click exploits, meaning targets do not need to click a link or open an attachment for compromise to occur. A successful zero-click exploit against modern smartphones can provide near-t…YOUTUBE.COM
10 JunTurn specs into evals for any agent with ASSERTAdaptive Spec-driven Scoring for Evaluation and Regression Testing (ASSERT) is an open-source framework for converting natural language behavior requirements into executable evaluations of AI models and agents. The post Turn specs into evals for any agent with ASSERT appeared fir…COMMANDLINE.MICROSOFT.COM
10 JunThe patch pile reaches new heights.Patch Tuesday goes big. Congress looks to harden critical infrastructure. A new Windows zero-day drops. Mobile AI creates security blind spots. AI agents fall for phishing. Browser extensions expose millions. Spammers hide behind Google Cloud Storage. CISA crowns its cyber champi…THECYBERWIRE.COM
10 JunThe ‘Miasma’ worm source code briefly leaked on GitHubThe Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain attacks, was briefly open-sourced on GitHub. [...]BLEEPINGCOMPUTER.COM
10 JunToo Vulnerable for the C-Suite?The discussion explores how vulnerability is perceived at executive levels, especially in high-pressure leadership environments like the C-suite. Speakers argue there is a narrow balance between appearing confident and appearing weak. Leadership advice often promotes vulnerabilit…YOUTUBE.COM
9 JunMeet Hades: The malware that lies to AI security agentsThreat actors are continuing their onslaught against software supply chains, now with malware named after death itself. The newly-discovered Hades Campaign is a “highly sophisticated” supply chain compromise that targets Python developer environments and runs as soon as infected …CSOONLINE.COM
9 JunThe architecture of subtraction: Why it’s time to erase the roads, not just map the trafficThe advent of AI-assisted vulnerability discovery and autonomous exploit development has brought about a new age in cybersecurity—one in which we can no longer rely on patching as a primary defense mechanism. Patching is, by definition, a reactive approach to security. It cannot …HELPNETSECURITY.COM
9 JunTreating AI agents like service accounts for federated query securityIn this interview with Help Net Security, Paras Malhotra, CISO at Starburst, explains how the company handles data governance across federated query environments. Topics include layering Starburst’s access controls above native source permissions, tiering vendor risk across…HELPNETSECURITY.COM
9 JunMalware ships with bugs that defenders could use against itStatic analysis tools have spent years scanning legitimate software for security bugs before it goes out the door. The same scanners work on malware, and malware carries a steady supply of its own bugs. Researchers ran four of these tools across 658 leaked malware projects and fo…HELPNETSECURITY.COM
9 JunThe Anatomy of Cloud Ransomware with Matt CastriottaAre your cloud security controls actually protecting your infrastructure, or are they just keeping the lights on? With host Caleb Tolin, Matt Castriotta, Field CTO for Cloud at Rubrik, breaks down the tactical gaps exposed when organizations blindly replicate data center mi…THECYBERWIRE.COM
9 Jun KEVGoogle patches new Chrome zero-day flaw exploited in the wildGoogle has released emergency updates to patch another Chrome zero-day vulnerability that has been exploited in the wild, the fifth such flaw patched since the start of the year. [...]BLEEPINGCOMPUTER.COM
9 JunScanner Results Are a Starting Point. Here's What Comes Next. - Federico Kirschbaum - ASW #386Most AppSec teams are working through more findings than their teams can validate. SAST surfaces thousands of potential issues. DAST generates alert volume that outpaces triage capacity. Somewhere in that output are the vulnerabilities that matter, the ones that are actually expl…YOUTUBE.COM
9 JunInfosecurity Europe: Why JLR’s CISO Enforced In-Person Password Resets Following Cyber-AttackSpeaking at Infosecurity Europe, Ashish Shrestha, former CISO at Jaguar Land Rover revealed why he wanted over 30,000 employees to change their passwords in the immediate aftermath of the incidentINFOSECURITY-MAGAZINE.COM
9 Jun KEVGoogle Chrome emergency update fixes actively exploited flaw in V8Google has released Chrome 149.0.7827.102/.103 for Windows and macOS, as well as Chrome 149.0.7827.102 for Linux, addressing 74 security vulnerabilities, including a high-severity zero-day flaw in the V8 JavaScript engine that the company says has been exploited in the wild. The …CYBERINSIDER.COM
9 JunCISA gives feds 3 days to patch Check Point VPN bug exploited as zero-dayCISA has ordered U.S. government agencies to secure their Check Point Remote Access VPN and Mobile Access deployments against a critical vulnerability exploited in zero-day attacks by Qilin ransomware affiliates. [...]BLEEPINGCOMPUTER.COM
9 Jun KEVCheck Point Warns Critical Auth Bypass Bug Exploited in the WildCheck Point says a critical vulnerability in its Remote Access VPN and Mobile Access solutions has been exploited by QilinINFOSECURITY-MAGAZINE.COM
9 JunCheck Point VPN Zero-Day Exploited in Qilin Ransomware AttacksThe authentication bypass vulnerability allows attackers to establish VPN connections without a valid password. The post Check Point VPN Zero-Day Exploited in Qilin Ransomware Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
9 JunMythos Preview can weaponize N-day vulnerabilities in hoursMythos Preview can develop working exploits from newly disclosed software vulnerabilities in hours, cutting down a process that has historically taken days or weeks, according to Anthropic. Anthropic’s recent cybersecurity research has largely focused on zero-days, vulnerab…HELPNETSECURITY.COM
9 JunThe Flip That Broke the Cali CartelNow that drug cartels can be labeled foreign terrorist organizations, how do you dismantle one? As part of his 26 years at the Drug Enforcement Administration, retired Special Agent Chris Feistl was on a team that brought the demise of the Cali Cartel in Colombia. One of the worl…THECYBERWIRE.COM
9 JunWill AI Kill the Bug Bounty Industry?Anthropic's Mythos is accelerating vulnerability discovery to machine speed, forcing the bug bounty industry and offensive security teams to adapt to a future where finding flaws is no longer the hard part. The post Will AI Kill the Bug Bounty Industry? appeared first on Security…SECURITYWEEK.COM
9 JunSecurity shifts to the human layer as AI scams surgeCybercriminals are increasingly reshaping familiar social-engineering campaigns around the way employees use AI, with separate advisories from Microsoft and Google documenting how attackers are adapting scams to AI-powered tools, trusted digital services, and changing workplace b…CSOONLINE.COM
9 Jun KEVUpdate Chrome: Google patches actively exploited vulnerability and 73 othersGoogle's latest Chrome update fixes 74 security vulnerabilities, including one under active attack.MALWAREBYTES.COM
9 JunApple Intelligence can now replace weak passwords without user interventionApple’s next generation of Apple Intelligence, the company’s personal intelligence system, expands its capabilities and introduces new security features in Passwords. Automatically Fix Passwords (Source: Apple) Introduced as a standalone app in 2024, Passwords gives users a centr…HELPNETSECURITY.COM
9 JunResearchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight ModelsUniversity of Toronto researchers have built and tested a proof-of-concept AI-driven computer worm that uses a locally hosted open-weight large language model to reason its way through a network, generate tailored attack strategies for each target it encounters, and replicate its…THEHACKERNEWS.COM
9 JunNew Platform Uses Cryptographic Invisibility to Protect AI-Built ApplicationsAtsign’s AI Architect applies cryptographic protections to agentic software development, aiming to prevent attackers from exploiting vulnerabilities by making application identities effectively invisible. The post New Platform Uses Cryptographic Invisibility to Protect AI-Built A…SECURITYWEEK.COM
9 JunSAP Patches Critical NetWeaver, Commerce VulnerabilitiesThe flaws could lead to the disclosure of sensitive information, memory corruption, and disruption of normal system usage. The post SAP Patches Critical NetWeaver, Commerce Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
9 JunHackers pose as women seeking romance to spy on Russian soldiersThe group, dubbed SiribClone by Russian cybersecurity firm F6, has been active since at least the summer of 2025 and has primarily targeted members of the Russian armed forces stationed in border regions and combat zones.THERECORD.MEDIA
9 JunWhy AI Can’t Replace PentestersA “clean” pentest report is not always enough. The real value often comes from explaining what attacks were attempted, what defenses held up, and why exploitation failed. That missing context is part of why AI alone struggles to replace experienced pentesters. Automated tools can…YOUTUBE.COM
9 Jun KEVCisco customers encounter another SD-WAN zero-day under attackThe defect marks the seventh actively exploited zero-day in Cisco SD-WANs this year, and the vendor has yet to release a patch. The post Cisco customers encounter another SD-WAN zero-day under attack appeared first on CyberScoop .CYBERSCOOP.COM
9 JunNew Veeam vulnerability exposes backup servers to RCE attacksVeeam has released security updates to patch a critical Backup & Replication security flaw that can be exploited to gain remote code execution (RCE) on domain-joined backup servers. [...]BLEEPINGCOMPUTER.COM
9 Jun KEVShai-Hulud variant compromises dozens of open-source Microsoft packages.Check Point patches actively exploited VPN zero-day. Hacker breaches the French government's encrypted messaging app.THECYBERWIRE.COM
9 JunClaude Mythos Turns N-Days Into N-Hours With Rapid Exploit CreationPublic LLM models with safeguards turned off can also build working exploits, increasing patch gap risks. The post Claude Mythos Turns N-Days Into N-Hours With Rapid Exploit Creation appeared first on SecurityWeek .SECURITYWEEK.COM
9 JunFrench government messaging platform breached through account hijackingFrench authorities are investigating a compromise of Tchap, the government’s secure messaging platform, after hackers hijacked a user account and gained access to public chat rooms. Tchap is the French government’s messaging platform for civil servants, ministries, an…HELPNETSECURITY.COM
9 JunMicrosoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe ContinuesMicrosoft on Monday confirmed that it temporarily removed some GitHub repositories in response to a recent security incident that led to 73 of its open-source projects being compromised to inject an information stealer into the code. "Our priority is to protect customers and the …THEHACKERNEWS.COM
9 JunCISA is rethinking how it prioritizes risks and vulnerabilities for feds, private sectorActing director Nick Andersen said a binding operational directive is en route for agencies, and that more specific discussions need to happen with critical infrastructure owners. The post CISA is rethinking how it prioritizes risks and vulnerabilities for feds, private sector ap…CYBERSCOOP.COM
9 JunCheck Point warns of zero-day flaw targeted by ransomware affiliateA vulnerability in the company’s VPN deployments has faced exploitation since early May.CYBERSECURITYDIVE.COM
9 JunXBOW tests Anthropic's Mythos Preview for offensive securityAnthropic's Mythos Preview was highly effective at finding vulnerability candidates, especially when analyzing source code. XBOW explores how the model performed across exploit discovery, reverse engineering, and live-site validation. [...]BLEEPINGCOMPUTER.COM
9 JunOpenSSL Patches High-Severity Vulnerability Found With AIA total of 18 vulnerabilities have been patched in the latest OpenSSL releases, including many that were potentially discovered by AI. The post OpenSSL Patches High-Severity Vulnerability Found With AI appeared first on SecurityWeek .SECURITYWEEK.COM
9 JunMicrosoft June 2026 Patch Tuesday, (Tue, Jun 9th)Microsoft today released patches for 204 vulnerabilities. 38 of these vulnerabilities are considered critical, and three have been disclosed before today. Six of the vulnerabilities affect Microsoft cloud solutions and do not require any user action. In addition, Microsoft incorp…ISC.SANS.EDU
9 JunCISA gives US federal agencies three days to fix a VPN bug under attack by a ransomware gangCheck Point said hackers broke into dozens of organizations by exploiting a VPN bug in several of its products used across the government.TECHCRUNCH.COM
9 JunMicrosoft June 2026 Patch Tuesday fixes 3 zero-day, 200 flawsToday is Microsoft's June 2026 Patch Tuesday, with security updates for 200 flaws and three publicly disclosed zero-day vulnerabilities. [...]BLEEPINGCOMPUTER.COM
9 JunAnthropic releases Mythos-class Fable 5 model with safeguards for cyber risksAnthropic unveiled two new powerful AI models built on its previously restricted Mythos architecture: Claude Fable 5, which is being made broadly available, and Claude Mythos 5, which remains limited to a small group of cybersecurity and infrastructure partners. Anthropic describ…CSOONLINE.COM
9 JunSAP fixes critical flaws in NetWeaver and Commerce CloudSAP has released fixes for 15 vulnerabilities as part of its June 2026 Security Patch package, including four critical-severity flaws affecting SAP NetWeaver and SAP Commerce Cloud. [...]BLEEPINGCOMPUTER.COM
9 JunMicrosoft Patches 200 VulnerabilitiesThree of the vulnerabilities fixed with the latest Patch Tuesday updates were publicly disclosed before Microsoft addressed them. The post Microsoft Patches 200 Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
9 JunA checkmark for trust, a payload for theft.Miasma malware meddles with Microsoft. SAP fixes critical flaws, Google patches an exploited Chrome zero-day, CanisterWorm spreads through npm, Mac users face a new malvertising threat, France investigates a breach of its secure messaging platform, insurers rethink AI risk, the F…THECYBERWIRE.COM
9 JunServiceNow discloses security incident exposing customer dataServiceNow is warning about a security incident after attackers exploited an unauthenticated access flaw through a vulnerable API endpoint, allowing them to query data from customer instances. [...]BLEEPINGCOMPUTER.COM
9 JunBlame AI: Patch Tuesday Hits Record 206 CVEsVoluminous patch updates could soon be the norm, as artificial intelligence accelerates the speed and scale of vulnerability discovery.DARKREADING.COM
9 JunA Record-Breaking Patch Tuesday for June 2026Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company's monthly Patch Tuesday cycle. Nearly three dozen of those bugs earned Microsoft's most dire "critical…KREBSONSECURITY.COM
9 JunSN 1082: The Malicious Use of AI - Anthropic's Red Team ReportDiscover how Anthropic's secretive red team and the MITRE ATT&CK framework are mapping the chilling rise of malicious AI use, revealing cyber threats that now move faster than defenders can respond. Was a U.S. law firm right to pay a $20 million ransom. Could Cisco have yet a…TWIT.TV
8 JunGoogle Colab CLI opens runtimes to Claude Code and CodexGoogle released the Google Colab Command-Line Interface, a tool that connects local terminals to remote Colab runtimes. The CLI provides an execution platform for developers and AI agents, letting users provision compute, run local Python scripts on remote runtimes, and retrieve …HELPNETSECURITY.COM
8 JunDockSec: Open-source AI-powered Docker security scannerDockSec is an OWASP Incubator Project that combines three container security scanners with a language-model layer for explanation and remediation. Created by Advait Patel, the Python tool runs Trivy, Hadolint, and Docker Scout against a developer’s Dockerfile and image, cor…HELPNETSECURITY.COM
8 JunMeta AI Bug Exposes Over 20,000 Instagram AccountsMeta confirms an AI tool vulnerability led to unauthorized access to Instagram accounts after a failure in email verification during password resetINFOSECURITY-MAGAZINE.COM
8 Jun KEVSolarWinds Serv-U Vulnerability Exploited in the WildUnauthenticated attackers can exploit the flaw via specially crafted POST requests that crash the Serv-U service. The post SolarWinds Serv-U Vulnerability Exploited in the Wild appeared first on SecurityWeek .SECURITYWEEK.COM
8 JunOpenAI is locking down parts of ChatGPT to reduce data theft risksOpenAI has started rolling out Lockdown Mode for ChatGPT, an optional security setting that restricts access to external resources and several product capabilities. It is available for personal accounts, including Free, Go, Plus, and Pro plans, as well as self-serve ChatGPT Busin…HELPNETSECURITY.COM
8 JunUNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion CampaignCybersecurity researchers have disclosed details of a financially motivated data theft extortion campaign that has targeted dozens of organizations across professional, legal, and financial services in the U.S. between January and May 2026. The activity has been attributed by Goo…THEHACKERNEWS.COM
8 JunWhy most enterprise security teams would fail a military readiness testHave you ever watched a military cyber ops team go to work responding to a cyberattack simulation? It’s like that scene from Die Hard 4.0 when all the screens start flashing red and systems start shutting down; however, unlike the movies, where bumbling government IT workers are …CSOONLINE.COM
8 Jun15 tough cybersecurity questions every CISO must answerAs CISOs know, an effective security program cannot be static. Rather, it must adapt to the evolving threat landscape and an ever-changing business environment. To adapt and improve, CISOs must continuously evaluate their existing program. That starts with asking tough questions …CSOONLINE.COM
8 JunThe State of AI in SecOps, the Unintended Consequences of Vulnmaxxing, and the News - ESW #462Interview with Filip Stojkovski on the State of AI in SecOps Filip joins us to talk through the 2+ year rollercoaster that Security Operations tooling has been on since AI entered the chat. We discuss the AI SecOps market, which Filip closely tracks through his SecOps Unpacked pr…YOUTUBE.COM
8 JunMeta notifies 20,000 Instagram users whose accounts were hijacked via AI support botMeta has begun notifying approximately 20,000 Instagram users that their accounts may have been compromised after attackers exploited a flaw in an AI-assisted account recovery tool. The company says the vulnerability allowed unauthorized parties to obtain password reset links for…CYBERINSIDER.COM
8 JunOxford University discloses data breach after careers platform hackThe University of Oxford disclosed a new data breach last week after being informed by its third-party provider, Group GTI, that its CareerConnect career services platform had been compromised. [...]BLEEPINGCOMPUTER.COM
8 JunRidgeBot 7.0 automates Active Directory attack simulations for security validationRidge Security has announced the release of RidgeBot 7.0, an update to its automated security validation platform that introduces automated Windows Active Directory penetration testing capabilities. The new version enables organizations to conduct end-to-end domain compromise sim…HELPNETSECURITY.COM
8 JunConnectSecure’s Patch 360 gives MSPs control over patch testing and deploymentConnectSecure has announced the launch of Patch 360, a patch management solution built for managed service providers (MSPs) to reduce deployment risk while accelerating vulnerability remediation. Patch management has long followed a “deploy-and-hope” model, with teams addressing …HELPNETSECURITY.COM
8 JunThe Hardest ForkMythos is real. I know a big chunk of the industry thinks it's a marketing stunt, and I get why. I get it. But I've seen the findings, and they're bad. These aren't "whoops, this line right here is wrong, and that's RCE." They're novel combinations of a few dozen issues out of th…THEHACKERNEWS.COM
8 Jun KEVEverest Forms Vulnerability Exploited to Hack WordPress SitesThe flaw allows attackers to execute arbitrary code remotely and has been exploited in the wild for two months. The post Everest Forms Vulnerability Exploited to Hack WordPress Sites appeared first on SecurityWeek .SECURITYWEEK.COM
8 JunCheck Point links VPN zero-day attacks to Qilin ransomware gangIsraeli cybersecurity company Check Point has released security updates to patch a critical flaw affecting Remote Access VPN and Mobile Access deployments, which was exploited in zero-day attacks. [...]BLEEPINGCOMPUTER.COM
8 JunHackers used Meta’s AI support system to hijack over 20,000 Instagram accountsMeta has revealed that attackers hijacked 20,225 Instagram accounts by exploiting a flaw in the company’s AI-assisted account recovery system. According to the company, a vulnerability in High Touch Support (HTS) allowed unauthorized parties to perform password resets on In…HELPNETSECURITY.COM
8 JunNew Relic expands observability into AI-assisted software developmentNew Relic has announced AI Coding Observability, an open-source tool for monitoring AI-assisted software development workflows. As organizations adopt AI coding assistants, these tools often operate outside existing observability systems, limiting visibility into their use. AI Co…HELPNETSECURITY.COM
8 Jun⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and MoreMonday again. The weekend was meant to be quiet. It wasn't. Last week had poisoned packages, a broken AI helper, and a worm tearing through repos. The ugly part: basic tricks still worked. A chatbot got fooled. A bot token got leaked inside the malware. The same old mistakes show…THEHACKERNEWS.COM
8 JunTurning Cloudflare’s threat indicators into real-time WAF rulesCloudflare customers can now use Cloudforce One threat intelligence directly within the WAF to block high-risk traffic. By using new cf.intel fields, security teams can automate protection against specific threat actors and targeted industries in real time.CLOUDFLARE.COM
8 JunNew open-source app Loupe reveals how iPhones are fingerprintedPrivacy researchers Mysk have released Loupe, a free and open-source iOS app that shows users what information apps can learn about their devices through publicly available iOS APIs. The tool highlights how data such as language settings, device characteristics, installed apps, a…CYBERINSIDER.COM
8 JunGogs patches critical zero-day enabling remote code executionGogs has patched a critical security zero-day flaw that can allow attackers to compromise Internet-facing instances and access any repositories (including private ones). [...]BLEEPINGCOMPUTER.COM
8 JunCritical Zcash Vulnerability Found and FixedIf you’re a user—owner?—of this cryptocurrency, this is important: On May 29, the security researcher Taylor Hornby found a critical vulnerability in Zcash Orchard privacy pool using Claude Opus 4.8. The Zcash team hired Hornby specifically to look for this kind…SCHNEIER.COM
8 JunTeamPCP Supply Chain Campaign: Activity Through 2026-06-07, (Mon, Jun 8th)This diary continues the Internet Storm Center&#;x26;#;39;s tracking of the TeamPCP supply chain campaign, first documented in the SANS white paper When the Security Scanner Became the Weapon and most recently in the handler diary Activity Through 2026…ISC.SANS.EDU
8 JunWhen Executives Force AI AdoptionThe clip contrasts traditional security operations — where tooling and processes evolve from practitioner feedback — with modern AI adoption, which is often driven by executive-level spending decisions. When large AI purchases happen before teams define real operational needs, or…YOUTUBE.COM
8 JunMicrosoft’s open source tools were hacked to steal passwords of AI developersMicrosoft shut down dozens of GitHub code repositories for Azure and AI coding tools after a reported hack.TECHCRUNCH.COM
8 JunICYMI: May 2026 @AWS SecurityRead all about the latest AWS security features, compliance updates, and hands-on resources in our new, monthly digest posts. You’ll find expert blog posts, new service capabilities, code samples, and workshops. AWS Security Blog posts This month’s AWS Security Blog posts covered…AWS.AMAZON.COM
8 JunCheck Point VPN Flaw Exploited Since Early MayA newly discovered, critical zero-day vulnerability is under attack; a Qilin ransomware affiliate has been blamed for at least one incident.DARKREADING.COM
7 JunBaker Distributing - 102,935 breached accountsIn May 2026, the HVAC/R wholesale distributor Baker Distributing Company was added to the ShinyHunters data extortion group's "pay or leak" site . In early June, the group publicly published data they claimed had been obtained from Baker's SharePoint and Salesforce infrastructure…HAVEIBEENPWNED.COM
7 JunWeek in review: Cisco SD-WAN 0-day exploited, Patch Tuesday forecastHere’s an overview of some of last week’s most interesting news, articles, interviews and videos: OWASP Agent Memory Guard: Stop AI agents from being weaponized through their own memory Agent Memory Guard is an open-source runtime defense layer that sits between an agent and its …HELPNETSECURITY.COM
7 JunEmphere Raises $2.1 Million for AI-Powered Vulnerability RemediationEmphere’s solution delivers AI-driven remediation to software companies to speed up releases. The post Emphere Raises $2.1 Million for AI-Powered Vulnerability Remediation appeared first on SecurityWeek .SECURITYWEEK.COM
7 JunHands on with Intelligent Terminal, an AI-powered Windows TerminalMicrosoft has created an open-source fork of Windows Terminal called "Intelligent Terminal," and it allows you to use AI directly inside Terminal without interfering with the regular session. [...]BLEEPINGCOMPUTER.COM
6 JunCybersecurity Today Month in Review: Microsoft Zero-Days, AI DeregulationHost Jim Love and panelists David Shipley, Laura Payne, and Jeff Williams discuss a researcher ("Chaotic/Nightmare Eclipse") publicly disclosing multiple Windows zero-days affecting components including Defender and BitLocker, frustration with Microsoft's vulnerability disclosure…CYBERSECURITYTODAY.LIBSYN.COM
6 JunAI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 BugsTwo things landed within days of each other this week. A security startup reported 21 previously unknown vulnerabilities in FFmpeg, the media library inside almost everything that touches video, all of them found by an autonomous AI agent. The same week, Google shipped Chrome 149…THEHACKERNEWS.COM
6 JunMiasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain AttackMicrosoft's GitHub repositories have become the latest to fall victim to the ongoing Miasma self-replicating supply chain attack campaign. The incident impacted 73 Microsoft repositories across four of its GitHub organizations, including Azure, Azure-Samples, Microsoft, and Micro…THEHACKERNEWS.COM
6 JunPresident Trump signs an executive order on AI oversight.Anthropic is reportedly helping the NSA deploy Mythos. Acer warns of two maximum-severity zero-days.THECYBERWIRE.COM
5 JunNew HTTP/2 Bomb Attack, Trump's AI Security Reviews, Android Zero-Day & The Patching CrisisA newly disclosed attack called HTTP/2 Bomb can crash major web servers in seconds using a single computer and a modest internet connection. Researchers say the attack combines two known techniques into a powerful memory-exhaustion exploit affecting widely used platforms includin…CYBERSECURITYTODAY.LIBSYN.COM
5 JunAI tools becoming hot commodities on ransomware marketplacesSales of AI-based tools is accelerating within underground ransomware marketplaces, lowering the barrier to entry for new actors in the process. An analysis of Telegram channels, 20 dark web forums, and five underground markets by anti-ransomware platform vendor Halcyon found tha…CSOONLINE.COM
5 JunAgentGG: Open-source agentic SAST scannerStatic analysis tools have spent years matching source code against known-bad patterns and handing engineers long lists of candidate issues to triage by hand. AgentGG approaches the same job with AI agents that read the code, follow imports, walk the call graph, and confirm a fin…HELPNETSECURITY.COM
5 JunThieves can pull off keyless car theft in under a minute and here’s how to stop themA keyless car can be stolen in under a minute. Two people, a pair of cheap radio amplifiers, and a fob sitting on a hallway table inside the house. That is enough. No broken glass. No alarm. No sound. Most keyless cars remain vulnerable The vulnerability runs across the global ma…HELPNETSECURITY.COM
5 JunNew infosec products of the week: June 5, 2026Here’s a look at the most interesting products from the past week, featuring releases from Asimily, depthfirst, Diligent, Hyland, MazeBolt, and Noma. Asimily turns device risk into automated network policy Asimily has launched Segmentation Orchestration, enabling connected-device…HELPNETSECURITY.COM
5 JunChrome 149 Patches 429 VulnerabilitiesOver 100 bugs are critical or high-severity, mainly use-after-free and insufficient validation of untrusted input flaws. The post Chrome 149 Patches 429 Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
5 JunAttackers obtained encrypted password vaults from some Dashlane user accountsDashlane has disclosed new details about a brute-force attack that let a threat actor access some customer accounts and copy encrypted vaults. Dashlane said it found no evidence that the attackers compromised its internal systems. The company first acknowledged the incident on Ma…HELPNETSECURITY.COM
5 JunBinary Choice Researcher Or Threat ActorMicrosoft stated that uncoordinated vulnerability disclosures, especially those including proof-of-concept exploit code before patches exist, can create real-world risk by enabling attackers to weaponize vulnerabilities faster. The debate reflects a long-standing conflict in cybe…YOUTUBE.COM
5 JunEU unveils tech sovereignty package to cut reliance on US, Chinese suppliersThe package bundles two draft laws — a Chips Act 2.0 and a Cloud and AI Development Act (CADA) — alongside an Open Source Strategy and a roadmap for digitalizing the energy system.THERECORD.MEDIA
5 JunIn Other News: Anthropic Maps AI Threats, Unpatched Comodo Flaw, Palantir Chief Eyed for CISAOther noteworthy stories that might have slipped under the radar: Ultrahuman data leak, The Gentlemen ransomware analysis, Hola Browser bundles miner. The post In Other News: Anthropic Maps AI Threats, Unpatched Comodo Flaw, Palantir Chief Eyed for CISA appeared first on Security…SECURITYWEEK.COM
5 JunSeeking Counsel: Ongoing Targeted Campaign Against US Law FirmsWritten by: Chad Reams, Tufail Ahmed, Keith Knapp, Ashley Frazer, Tyler McLellan Introduction From January through May 2026, Mandiant identified a financially motivated data theft extortion campaign executed by the threat cluster UNC3753 (also tracked as "Luna Moth," “Chatty Spid…CLOUD.GOOGLE.COM
5 JunNightmare Eclipse incident shows the researcher-vendor fights may never fully go awayWhen a researcher went public with Microsoft vulnerabilities, it laid bare a conflict that has never really been solved. The post Nightmare Eclipse incident shows the researcher-vendor fights may never fully go away appeared first on CyberScoop .CYBERSCOOP.COM
5 JunCisco warns zero-day flaw in SD-WAN is being exploitedThe company cautioned that no current patches are available and the flaw could allow an attacker to conduct command injection attacks.CYBERSECURITYDIVE.COM
5 JunSprawling new House AI bill includes frontier model oversight, open-source security grantsThe legislation has already drawn widespread criticism for its proposal to preempt state AI laws.CYBERSECURITYDIVE.COM
5 JunAndroid Spyware Asin Targets Arabic Users via Fake News, PDF and War Map AppsArabic-speaking users have emerged as the target of a new Android spyware codenamed Asin, according to findings from ESET. The Slovakian cybersecurity company said it first detected the malware spread via multiple campaigns in early 2025, with each attack wave making use of disti…THEHACKERNEWS.COM
5 JunOWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in SecondsCVE Lite CLI is a free, open-source command line tool that scans your projects in seconds and tells you exactly which included packages contain a vulnerability. The post OWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in Seconds appeared first on Sec…SECURITYWEEK.COM
5 JunPatching fast and slow: Ruby devs delay to defend against supply chain attackThe team behind RubyGems, a package hosting site for Ruby developers, has added a new feature to bundler, a tool for managing Ruby packages (or ‘gems’) to protect developers against the recent wave of software supply chain attacks : A cooling-off period before recently updated pa…CSOONLINE.COM
5 JunBuilding secure B2C applications with fine-grained access control using Amazon Cognito and Amazon Verified PermissionsModern web applications require robust security controls to protect user data and application resources. Authentication and authorization are two fundamental pillars of application security that answer critical questions: Who are you? and What are you allowed to do? Implementing …AWS.AMAZON.COM
5 JunCISA: Hackers now exploit SolarWinds Serv-U flaw to crash serversCISA warned today that hackers are now actively exploiting a recently patched high-severity SolarWinds Serv-U flaw to crash servers. [...]BLEEPINGCOMPUTER.COM
5 Jun KEVSeven Cisco Zero-Days AlreadyThis discussion covers another actively exploited Cisco SD-WAN vulnerability affecting Cisco Catalyst SD-WAN Manager. According to the clip, this marks the seventh SD-WAN zero-day reported in 2026. Successful exploitation can allow authenticated attackers to execute commands as r…YOUTUBE.COM
5 JunLocal AI, Salesforce, Fluttershell, Aspose, http/2, Cisco, Used Tech, Josh Marpet - SWN #587Local AI, Salesforce, Fluttershell, Aspose, http/2 bomb, Passwords, Cisco, Used Tech, Josh Marpet, and More on this episode of the Security Weekly News Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-587YOUTUBE.COM
5 JunCybersecurity Hygiene Reinforced by the 2026 Verizon DBIRThe 2026 Verizon DBIR highlights how CIS Controls and CIS Benchmarks strengthen cybersecurity hygiene and defend against today’s top attacks.CISECURITY.ORG
4 JunBeware the ‘son of Mythos,’ security experts warnLONDON — Enterprise security teams were urged by security experts at Infosecurity Europe to brace for impact as both Anthrophic and OpenAI expand access to their frontier AI models for vulnerability discovery. Anthropic, in particular, is significantly expanding Project Glasswing…CSOONLINE.COM
4 JunHole in GitHub’s browser-based VSCode editor could lead to stolen tokenA vulnerability in GitHub’s browser-based VSCode editor could lead to the theft of a developer’s token under certain circumstances, says a researcher. The issue, revealed this week in a blog by Ammar Askar , has apparently been already addressed by GitHub owner Microsoft. But it …CSOONLINE.COM
4 JunHearing Is no longer believing.This week, hosts of N2K CyberWire Maria Varmazis and Dave Bittner alongside …THECYBERWIRE.COM
4 JunCISA directive for AI executive order to be released this week, Andersen saysThe binding operational directive will focus in part on “vulnerability alleviation and vulnerability management,” Andersen said in remarks delivered at the TechNet Cyber conference in Baltimore.THERECORD.MEDIA
4 JunCisco Warns of Available PoC for Critical Unified CM VulnerabilityThe high-severity flaw can be exploited remotely, without authentication, in server-side request forgery (SSRF) attacks. The post Cisco Warns of Available PoC for Critical Unified CM Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
4 JunVS Code Vulnerability Allows One-Click GitHub Token TheftA researcher has disclosed the full details of the vulnerability and released a PoC without notifying Microsoft in advance. The post VS Code Vulnerability Allows One-Click GitHub Token Theft appeared first on SecurityWeek .SECURITYWEEK.COM
4 JunFrom critical to controlled: Cutting vulnerabilities in a live manufacturing environmentA vulnerability scanner flags a critical CVSS 10 vulnerability on an industrial asset. The report lands in the boss’ inbox and now he wants to know why we’re sitting on a critical vulnerability. In a normal IT environment, you patch it then close the ticket and call it a day. If,…HELPNETSECURITY.COM
4 JunFake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDSCybersecurity researchers have flagged a large-scale operation that impersonates open-source and freeware projects to funnel unsuspecting users through a Traffic Distribution System (TDS) and deliver malware families like Remus Stealer, AnimateClipper, and the SessionGate framewo…THEHACKERNEWS.COM
4 JunOver 1.4 Million Accounts Disrupted in Cybercrime CrackdownLaw enforcement and tech companies disrupted infrastructure linked to scammers operating across Southeast Asia. The post Over 1.4 Million Accounts Disrupted in Cybercrime Crackdown appeared first on SecurityWeek .SECURITYWEEK.COM
4 JunCisco warns of critical Unified CM flaw with PoC exploit codeCisco has released security updates to patch a critical-severity Unified Communications Manager (Unified CM) flaw that allows attackers to gain root privileges. [...]BLEEPINGCOMPUTER.COM
4 JunInfosecurity Europe: Mythos Outperforms GPT5.5 on Google Chrome Vulnerability Exploits, Says New BenchmarkA Bugcrowd researcher has unveiled ExploitBench, an independent benchmark of AI models for vulnerability exploitationINFOSECURITY-MAGAZINE.COM
4 JunResearchers built AI worm that can adapt to infect diverse devicesResearchers at the University of Toronto have unveiled an AI-powered computer worm capable of autonomously adapting its attack methods as it moves through a network. The proof-of-concept malware was built using publicly available open-weight AI models, showing that advanced offen…CYBERINSIDER.COM
4 JunMirasvit Vulnerability Exploited to Execute Code on Magento ServersA flaw in the Full Page Cache Warmer extension can be exploited without authentication via serialized PHP object payloads. The post Mirasvit Vulnerability Exploited to Execute Code on Magento Servers appeared first on SecurityWeek .SECURITYWEEK.COM
4 JunResearcher publishes GitHub token-stealing exploit, blames Microsoft’s disclosure processThe security researcher, Ammar Askar, released the new proof-of-concept exploit on his personal blog — alongside the public tracker for issues in VS Code — giving a GitHub security contact roughly one hour's notice beforehand.THERECORD.MEDIA
4 JunHackers Are After the Gaps in Your Vulnerability Program: Here's Their PlaybookThreat actors are actively teaching newcomers how to find, exploit, and profit from vulnerable systems. Flare explores what a popular underground hacking tutorial reveals about modern attacker workflows. [...]BLEEPINGCOMPUTER.COM
4 JunHow the “Swiss Cheese” model can help you choose the right MDR providerNot all managed detection and response (MDR) solutions are equal. Finding the differences between vendors can be quite hard, and then understanding how those differences impact your business can be even harder. For instance, you may come across an MDR provider whose pricing is ba…RAPID7.COM
4 JunCrowdStrike, Palo Alto Networks defy estimates as AI fuels cyber demandThe cybersecurity sector has been under perceived pressure due to accelerating deployment of AI tools.CYBERSECURITYDIVE.COM
4 JunOpenAI responds to White House executive order on AI governanceOpenAI has proposed mandatory federal evaluations of the most capable AI models before public release while arguing that regulators should stop short of deciding whether those systems can be deployed, staking out a middle ground in the debate over how frontier AI should be govern…CSOONLINE.COM
4 JunEverest Forms Pro Vulnerability Allows Remote Code Execution on WordPress SitesCritical Everest Forms Pro RCE flaw exploited to create rogue WordPress admin accountsINFOSECURITY-MAGAZINE.COM
4 JunMeta’s own AI chatbot to blame for Instagram accounts being stolen in secondsHackers have been hijacking Instagram accounts at scale by exploiting Meta's AI support chatbot. And, as if that weren't bad enough, the technique required no technical skill whatsoever. Read more in my article on the Fortra blog.FORTRA.COM
4 JunGain visibility into DDoS attacks with flow logs in AWS Shield AdvancedReconstructing distributed denial of service (DDoS) attack traffic used to mean combining data from multiple sources after the fact. AWS Shield Advanced attack flow logs change that—they capture traffic metadata during attacks so you can pinpoint sources, verify mitigations, and …AWS.AMAZON.COM
4 JunTenable joins Anthropic’s Project Glasswing to advance AI-era cyber defenseBy participating in Project Glasswing and working with Claude Mythos Preview, Tenable can help customers better understand how emerging frontier AI models behave, their evolving risks and benefits for cybersecurity, and the kinds of controls organizations will need as AI adoption…TENABLE.COM
4 JunNot every headhunter is hiring.The Five Eyes issue a rare joint warning on China. Jen Easterly weighs in on Trump’s AI EO. Researchers warn everyday notifications can become AI attack vectors. IronWorm is a sophisticated Rust-based infostealer targeting software developers. Cisco patches a critical vulnerabili…THECYBERWIRE.COM
4 JunTrump considers Palantir exec to lead CISAShyam Sankar, the chief technology officer at Palantir Technologies, has emerged as a lead contender for the long vacant Cybersecurity and Infrastructure Security Agency (CISA) director role, according to the sources, who requested anonymity to discuss the administration’s search…THERECORD.MEDIA
3 JunAnthropic grants Project Glasswing access to 150 more companies, with a focus on critical infrastructureAnthropic on Tuesday announced that it was adding 150 more companies to its Project Glasswing AI-based vulnerability hunting initiative, with a particular focus on critical infrastructure companies including those involved in “power, water, healthcare, communications and hardware…CSOONLINE.COM
3 JunCarnival Data Breach Exposes Millions as Microsoft Backs Down on Researcher ThreatsCybersecurity Today for June 2, 2026. Microsoft has backed away from its hard-line stance against vulnerability researchers after widespread criticism from the security community. The dispute began after independent researcher Nightmare Eclipse published proof-of-concept code for…CYBERSECURITYTODAY.LIBSYN.COM
3 JunRisky Business #840 -- Microsoft walks back researcher threatsOn this week’s show special guest co-host Andy Boyd joins Patrick Gray and James Wilson to discuss the week’s cybersecurity news. Andy is the CEO of REDLattice, which makes the Paragon “intelligence collection and reconnaissance” solution. They cover: Adversaries are tracking US …RISKY.BIZ
3 JunWhat AI Security Research Actually Looks Like with John Zenick of Harmonic SecurityJohn Zenick started his cybersecurity journey modding a Nintendo Wii in middle school. He is now an AI Security Researcher at Harmonic Security and a Teaching Fellow at Harvard, and joins our show to discuss everything AI! Even though we're a marketing podcast, of course we love …THECYBERWIRE.COM
3 JunKnown vulnerabilities behind most application security incidentsEight in ten organizations took an application security hit during the past year tied to a vulnerability their team had already cataloged, according to a survey of 902 IT and security professionals conducted by the Cloud Security Alliance. The pattern points to a structural condi…HELPNETSECURITY.COM
3 JunVS Code zero-day lets hackers steal GitHub tokens in one clickA security researcher has released exploit code for a Visual Studio Code (VS Code) zero-day vulnerability that allows attackers to steal GitHub authentication tokens by tricking users into clicking a link. [...]BLEEPINGCOMPUTER.COM
3 JunSupply Chain Attacks: Open Source or Open Door?In this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo is joined by Allie Luhrs and Mario Samolis from Microsoft Security to explore the growing threat of open source software supply chain attacks. They discuss how malicious NPM packages, comprom…THECYBERWIRE.COM
3 JunMazeBolt brings AI-generated attack simulation to DDoS security testingMazeBolt has announced the launch of RADAR VectorAI, a new MazeBolt module that creates AI-generated DDoS attacks. As AI outpaces human response, enterprises need to have access to validated DDoS vulnerability data about both known and AI-generated attack vectors. Mythos has rais…HELPNETSECURITY.COM
3 JunGoogle adds a silent check to catch scammers posing as your contactsAndroid is introducing fake call detection to help protect users from impersonation scams. The feature can detect and flag suspected spoofed calls when both parties use Phone by Google on Android 12 or later. It will roll out globally this month, starting with Pixel devices. Stor…HELPNETSECURITY.COM
3 JunAnthropic expands Project Glasswing to 150 organizations in more than 15 countriesAnthropic is expanding Project Glasswing, its cybersecurity initiative built around the Claude Mythos Preview model, by adding about 150 organizations following several weeks of work with its initial group of partners, security firms, open-source maintainers, and government agenc…HELPNETSECURITY.COM
3 JunNew HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & CloudflareCybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. The vulnerability has been codenamed HTTP/2 Bomb by Calif. "The vulnerable behavior exists in …THEHACKERNEWS.COM
3 JunLessons from the Canvas cyberattackCanvas cyberattack: Who, what, when, how? What and when? Over May 6 and 7, 2026, Canvas learning management system (LMS) users were served up a defaced web page in place of the expected login page. The altered web page displayed a warning by the ShinyHunters criminal hacker and e…CSOONLINE.COM
3 JunScaling to $100M as the Security Weekly Index Hits an All Time High - Joshua Gould - BSW #450The ultimate goal, scale a company to $100M and go IPO. Easier said than done. We've seen some make it and others that get stuck. What's he difference? Joshua Gould, CEO at thebigword, joins Business Security Weekly to discuss how to scale to $100M. From startup to platform, Josh…YOUTUBE.COM
3 JunMicrosoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure BacklashMicrosoft has responded to backlash over its initial threats of legal action against researchers who publicly disclose zero-day vulnerabilities without coordinated notification. The controversy concerns a researcher known online as Chaotic Eclipse and Nightmare Eclipse, who in re…SECURITYWEEK.COM
3 JunAI may finally unlock the cyber budgets CISOs have wanted for yearsFor nearly two decades, cybersecurity leaders have faced the same reality: No matter how catastrophic the latest breach, ransomware attack, or nation-state intrusion, security spending often struggled against competition with every other business priority. AI may finally be chang…CSOONLINE.COM
3 JunNew cyber force would cost up to $11 billion to start, commission saysThe military branch would take 12 to 18 months to get up and running and also include roughly 5,000 members of the National Guard and up to 6,000 civilians, according to the commission.THERECORD.MEDIA
3 JunNew “HTTP/2 Bomb” attack can exhaust server memory in secondsResearchers have disclosed a new denial-of-service (DoS) technique dubbed HTTP/2 Bomb, a memory-exhaustion attack that can render major web servers inaccessible within seconds. The attack affects the default HTTP/2 configurations of nginx, Apache HTTP Server, Microsoft IIS, Envoy…CYBERINSIDER.COM
3 JunPolice dismantles 9 crime groups in illegal streaming crackdownEuropean and international law enforcement agencies have dismantled nine organized crime groups and arrested 29 suspects in a major crackdown on illegal streaming operations. [...]BLEEPINGCOMPUTER.COM
3 Jun‘HTTP/2 Bomb’ Exploit Knocks Web Servers Offline in SecondsThe default HTTP/2 configuration of major web servers is vulnerable to an attack chain combining a compression bomb and a Slowloris-style hold. The post ‘HTTP/2 Bomb’ Exploit Knocks Web Servers Offline in Seconds appeared first on SecurityWeek .SECURITYWEEK.COM
3 JunMicrosoft wants to put AI agents on a short leashAs enterprises race to adopt AI agents across software development workflows, Microsoft is rolling out new controls aimed at keeping the transformation from becoming a security headache. At its annual developer conference, Microsoft Build, the company unveiled a set of initiative…CSOONLINE.COM
3 JunThe sorry state of skill distributionPublic skill marketplaces are being flooded with malicious skills that steal credentials, exfiltrate data, and hijack agents. In response, a segment of the security industry released skill scanners, a new family of tools designed to detect malicious skills before they’re installe…TRAILOFBITS.COM
3 JunAcer working to patch max severity zero-days in Wave 7 routersAcer is working to address two maximum-severity zero-day vulnerabilities affecting its Wave 7 mesh routers. [...]BLEEPINGCOMPUTER.COM
3 JunOrganizations Warned of Exploited Linux Kernel VulnerabilityAn improper authentication bug allows attackers to escalate their privileges and escape containers. The post Organizations Warned of Exploited Linux Kernel Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
3 JunBeyond the Zero-Day: See Your Network Like an Attacker | Webinar with HD MooreAssume the breach. Zero-days keep shipping, AI is writing exploits faster than anyone patches, and "patch everything in time" stopped working years ago. Stop betting the org on winning that race. You don't control which bug lands. You control what it can reach once it does. That …THEHACKERNEWS.COM
3 JunKirki, Burst Statistics WordPress Plugin Flaws in Attackers’ CrosshairsThreat actors are exploiting vulnerable Kirki and Burst Statistics deployments to elevate privileges and take over websites. The post Kirki, Burst Statistics WordPress Plugin Flaws in Attackers’ Crosshairs appeared first on SecurityWeek .SECURITYWEEK.COM
3 JunSimplify security management with CIS SecureSuite PlatformNew operating systems prioritize usability, a reality which threat actors use to exploit security gaps. Every misconfiguration creates an opportunity for compromise, and lean teams struggle in their security management efforts to harden hundreds or thousands of endpoints. CIS Sec…HELPNETSECURITY.COM
3 JunAutonomous AI-driven worm can reason its way through corporate networksResearchers at the University of Toronto, the Vector Institute, and the University of Cambridge have built and tested a proof-of-concept AI-driven worm that does not operate on a fixed list of exploits. Instead, it analyzes each target it encounters, reasons about how to attack i…HELPNETSECURITY.COM
3 JunOne-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth TokensCybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user's GitHub token. "Just by clicking a link, it's possible for an attacker to steal a GitHub token that can read and write to your repos, inc…THEHACKERNEWS.COM
3 JunInfosecurity Europe: Vulnerability Management Innovator Konvu Wins Cyber Startup AwardInaugural Infosecurity Europe Cyber Startup Award Winner Impresses Panel with Ability Help Prioritize Vulnerabilities in AI eraINFOSECURITY-MAGAZINE.COM
3 JunMicrosoft responds to security challenges facing code, AI agents, and modelsMicrosoft has introduced a series of security tools and capabilities focused on AI-driven vulnerability discovery, AI agents, and AI models. The updates include a multi-agent vulnerability discovery system, new controls for managing and securing AI agents, data protection capabil…HELPNETSECURITY.COM
3 JunCISA warns of active attacks exploiting Android, Linux bugsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are exploiting vulnerabilities in the Linux kernel and Android operating system. [...]BLEEPINGCOMPUTER.COM
3 JunWhen Pages Hijack AI ResponsesAI assistants that summarize third-party content may render markdown links and images from those sources directly in their response UI. These elements can be displayed as clickable or embedded content inside what users perceive as a trusted assistant interface. A malicious page c…YOUTUBE.COM
3 JunOver 100 Dutch hotels hit by breach exposing guest reservation dataMore than 100 hotels in the Netherlands have been impacted by a data breach that exposed guest and reservation information. The stolen data enabled cybercriminals to send convincing phishing messages to travelers, while similar incidents have also been reported by hotels in Belgi…CYBERINSIDER.COM
3 JunA Day in the Life of an MDR Analyst: Inside the Modern SOCWhat actually happens inside a SOC when an incident unfolds? Most teams see the alerts and the outcomes, but the decision-making in between is often less visible. At the Rapid7 2026 Global Cybersecurity Summit, the signature session Inside the Modern SOC: Who Carries You Through …RAPID7.COM
3 JunThe AI race gets a referee.AI oversight arrives at the White House. A Cyber Force gains momentum. Critical infrastructure comes under cyberattack. Acer faces zero-day trouble. A stock exchange executive gets spied on for months. HTTP/2 Bomb threatens web servers. Quantum’s classical side grows bigger. Brit…THECYBERWIRE.COM
2 JunTrusting the wrong package.Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast …THECYBERWIRE.COM
2 JunDashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users DownloadedPassword manager Dashlane has disclosed that "fewer than" 20 users on the personal subscription plan had their encrypted vaults downloaded following a brute-force attack launched by an unknown party. On May 31, 2026, the company said an "external" threat actor launched a brute-fo…THEHACKERNEWS.COM
2 JunWhy you need BAS and autonomous pentesting togetherMost security teams know the drill: A new autonomous penetration testing tool gets deployed, and the first run is genuinely impressive. The dashboard surfaces critical findings, maps lateral movement paths nobody had documented before, and exposes a legacy service account that ha…HELPNETSECURITY.COM
2 Jun175: BayrobIt started with a fake car listing on eBay. What looked like a simple online scam quietly grew, over more than a decade, into one of the most sophisticated cybercrime operations the FBI had ever traced. Custom malware. Opsec off the charts. Fleets of infected computers mining cry…DARKNETDIARIES.COM
2 Jun7 tabletop exercise mistakes that sabotage incident responseDiscussion-based, low-stress simulations during which IT, legal, and other key leadership stakeholders walk through theoretical scenarios to test their preparedness for cyber incidents is a popular and highly useful tool. Yet unless tabletop training is properly handled, the resu…CSOONLINE.COM
2 JunDashlane Brute-Force Attack Leads to Limited Encrypted Vault DownloadsDashlane’s security systems automatically locked accounts to protect them against the hacking attempts. The post Dashlane Brute-Force Attack Leads to Limited Encrypted Vault Downloads appeared first on SecurityWeek .SECURITYWEEK.COM
2 JunPakistan-Linked SideCopy Targets Afghanistan Finance Ministry with Xeno RATCybersecurity researchers have disclosed details of a spear-phishing campaign likely undertaken by the Pakistan-aligned SideCopy group targeting Afghanistan's Ministry of Finance with an open-source remote access trojan called Xeno RAT. "The campaign opens with a spear phishing d…THEHACKERNEWS.COM
2 JunAttack targeting OpenAI Codex users exposes AI software supply chain risksA malicious npm package posing as a remote user interface for OpenAI Codex exfiltrated developer authentication tokens, after attackers allegedly published code to npm that was not visible in the project’s public GitHub repository. Researchers at Aikido said the package, called c…CSOONLINE.COM
2 JunThe Manhattan Institute Helped Kill DEI. Now It’s Coming for ProtestsThe right-wing think tank is actively pushing “civil terrorism”—increasing penalties for minor crimes committed while people engage in constitutionally protected free speech.WIRED.COM
2 JunRed Hat npm packages compromised in new Mini Shai-Hulud malware waveUnknown attackers have compromised 30+ Red Hat Cloud Services npm packages with malware that goes after credentials stored in developers’ build environment. What the malware stole and how it can spread further The compromised packages were published in two different GitHub …HELPNETSECURITY.COM
2 JunMicrosoft Threatening Security ResearcherAn anonymous security researcher called “Nightmare Eclipse” has been publishing a series of significant security exploits against Microsoft Windows—including one that breaks BitLocker. Microsoft has threatened legal action against the researcher. Lots of recrimi…SCHNEIER.COM
2 JunMeta AI Hands Over High-Profile Instagram Accounts to HackersExploiting a confused deputy weakness, the hackers simply asked the chatbot to link the account to a new email address. The post Meta AI Hands Over High-Profile Instagram Accounts to Hackers appeared first on SecurityWeek .SECURITYWEEK.COM
2 Jun KEVGoogle fixes one actively exploited Android zero-day, 124 flawsGoogle has released the June 2026 Android security patches to address 124 vulnerabilities, including one zero-day flaw exploited in targeted attacks. [...]BLEEPINGCOMPUTER.COM
2 JunAI-Driven Exploitation is Destroying Vulnerability Management. Here’s How to Handle It.AI-driven exploitation timelines are rapidly shrinking, and they are not going to stop shrinking. Vulnerabilities are being discovered, reproduced, and weaponized faster than ever in the history of enterprise security. As a result, the window between a vulnerability being disclos…THEHACKERNEWS.COM
2 JunInfected Red Hat npm packages expose developer credentialsDevelopers who pulled packages from Red Hat’s @redhat-cloud-services npm namespace over the weekend got a secret-stealing worm instead. Security researchers from several cybersecurity outlets are warning of a new supply chain attack compromising over 30 Red Hat Cloud Services-rel…CSOONLINE.COM
2 Jun KEVCISA flags two-year-old Oracle flaw as actively exploited in attacksCISA has ordered government agencies to secure their systems against a high-severity Oracle WebLogic Server vulnerability that was patched two years ago and is now actively exploited in attacks. [...]BLEEPINGCOMPUTER.COM
2 JunCritical Vulnerability in HP VoIP Phones Enables Enterprise Network BreachesA stack-based buffer overflow bug can be exploited for remote code execution on a vulnerable device. The post Critical Vulnerability in HP VoIP Phones Enables Enterprise Network Breaches appeared first on SecurityWeek .SECURITYWEEK.COM
2 JunCodex knowledge work expands into research, reports, and spreadsheetsOffice workers in the United States lose hours each week to email triage and to searching for files spread across disconnected systems. Roughly 40 percent of US labor, about 72 million people, works primarily with information such as analysis, documents, designs, and communicatio…HELPNETSECURITY.COM
2 JunEuro-Office adds encrypted email provider Tuta ahead of public releaseTuta has announced that it has joined the Euro-Office project, a European initiative developing an open-source, cloud-based office suite designed to reduce dependence on Microsoft and Google services. The announcement has been released just one week before the launch of Euro-Offi…CYBERINSIDER.COM
2 JunDashlane confirms user vaults were copied by hackers in recent attackDashlane has disclosed that attackers were able to download copies of encrypted password vaults for a small subset of users during a brute-force attack that targeted customer accounts over the weekend. The company says the incident did not involve a breach of its internal systems…CYBERINSIDER.COM
2 JunNoma brings visibility and access governance to AI agents and MCP serversNoma has announced the launch of Noma Agent Access Control, which helps security teams discover, govern, and enforce access policies for AI agents and Model Context Protocol (MCP) servers throughout the enterprise. AI agents and MCP servers have proliferated across developer envi…HELPNETSECURITY.COM
2 JunTuskira Quell identifies, mitigates, and validates zero-day risk before breachTuskira launched Quell, its exposure-led zero-day defense capability. Quell helps enterprises survive the window between a zero-day’s disclosure and a patch by determining which zero-days are reachable in their environment, whether existing controls would stop them, and whi…HELPNETSECURITY.COM
2 JunMeta adds stricter guardrails for teen feedsMeta has expanded its Teen Accounts 13+ content settings globally on Instagram, Facebook, and Messenger. The safeguards are designed to help young users see age-appropriate content by default. The company also introduced Limited Content on Instagram for parents seeking stricter r…HELPNETSECURITY.COM
2 JunAnthropic scales Claude Mythos to critical infrastructure in 15+ countriesAnthropic is expanding Project Glasswing, its security vulnerability program, and access to Mythos to 150 organizations across 15 countries — targeting critical infrastructure in power, water, healthcare, and communications where a cyberattack could affect 100 million people.TECHCRUNCH.COM
2 JunAnthropic shares Mythos with 150 more organizations, including critical infrastructure operatorsThe AI firm also said it’s exploring how to help open-source developers deal with a flood of vulnerability reports.CYBERSECURITYDIVE.COM
2 JunPassword manager Dashlane says hackers stole some customers’ password vaultsThe password manager giant said hackers were able to 'brute-force' its two-factor system, allowing them to access customer accounts and download their password vaults.TECHCRUNCH.COM
2 JunSecure multi-tenant AI agents with Amazon Bedrock AgentCore resource-based policiesSoftware as a service (SaaS) providers building AI-powered applications on Amazon Bedrock AgentCore often need to serve multiple tenants with distinct security requirements from a shared infrastructure. Some tenants require cross-account access from their own Amazon Web Services …AWS.AMAZON.COM
2 JunUnpatched NTLM Coercion in Windows search: URI Handler, Same Bug, No CVE, No FixThe same NTLM coercion primitive that got patched in the Snipping Tool exists in Windows Explorer's search: handler. No CVE. No fix. If your patching relies on CVE coverage, you have a blind spot.HUNTRESS.COM
2 JunTwo New Reports Offer Competing Explanations for Cybersecurity’s Growing CrisisAs AI shortens the path from vulnerability disclosure to exploitation, researchers disagree on whether the problem is inadequate security tools or inadequate operational control. The post Two New Reports Offer Competing Explanations for Cybersecurity’s Growing Crisis appear…SECURITYWEEK.COM
2 JunTrump revives parts of canceled AI order with cybersecurity-focused directiveUS President Donald Trump signed an executive order aimed at strengthening cybersecurity defenses and establishing a voluntary framework for cooperation between the federal government and developers of advanced artificial intelligence models, reviving portions of a broader AI ini…CSOONLINE.COM
2 JunThe Rise of Shadow AISecurity teams once worried about shadow IT and shadow cloud. Now a growing concern is shadow AI: employees using AI services outside approved corporate accounts and workflows. According to the discussion, a large percentage of AI usage may still be occurring through non-corporat…YOUTUBE.COM
2 JunThe bugs are piling up faster than the fixes.A federal watchdog questions NIST over its vulnerability database backlog. Google patches an Android zero-day. Citizen Lab exposes a powerful location-tracking platform. Malware hides commands in Steam comments. Researchers spot AI-assisted malware development. Attackers compromi…THECYBERWIRE.COM
2 JunSN 1081: AI Captured the Flag - Personal AI: Productivity Superpower or Privacy Threat?AI vulnerability discovery just upended the legendary Capture the Flag competitions, leaving top hackers sidelined while algorithms dominate the scoreboard. Hear why one seasoned researcher says the entire game is over for humans. As expected, UnFiOS devices are under attack. CIS…TWIT.TV
1 JunPress Release: CSO30 ASEAN & Hong Kong Awards 2026 open for nominations>The CSO30 ASEAN & Hong Kong Awards return in 2026, as an important moment to recognise the cybersecurity leaders and teams who are making resilience measurable across the region. In a landscape shaped by rapid threat evolution, board-level scrutiny and rising expectations of…CSOONLINE.COM
1 JunGoverning shadow AI without killing innovationIn this Help Net Security video, Alan Snyder, CEO at NowSecure, talks about governing shadow AI without stopping innovation. He frames the problem as two opposing forces. Companies need to adopt AI fast because attackers and competitors will outpace them otherwise, but they also …HELPNETSECURITY.COM
1 Jun145 AI laws passed in 2025 and privacy teams aren’t catching a break145 AI-related laws were enacted by state legislatures in 2025, and more than 1,000 additional bills were introduced or revised, according to DataGrail’s Privacy and AI Trends Report 2026. Average cost of manual data subject request management (Source: DataGrail) Shadow AI …HELPNETSECURITY.COM
1 JunOWASP Agent Memory Guard: Stop AI agents from being weaponized through their own memoryAI agents keep memory across sessions. Conversation history, vector stores, scratchpads, and RAG indexes persist between runs, and anything written into that store becomes a privileged input the agent reads back later. An attacker who plants text in the wrong field can override a…HELPNETSECURITY.COM
1 Jun6 critical security gaps every CISO must addressCISOs acknowledge that no organization is completely safe, but many also admit their security measures aren’t where they’d like them to be. One-third of CISOs surveyed for Proofpoint’s 2025 Voice of the CISO Report said the data within their organization is not adequately protect…CSOONLINE.COM
1 JunAsimily turns device risk into automated network policyAsimily has launched Segmentation Orchestration, enabling connected-device risk intelligence to flow directly into enforceable network policy without manual translation. No other platform combines full asset visibility, vulnerability prioritization, and segmentation orchestration…HELPNETSECURITY.COM
1 Jun KEVPalo Alto Warns High-Severity Bug Is Being Actively ExploitedA vulnerability in Palo Alto Networks’ PAN-OS software is being exploited in attacksINFOSECURITY-MAGAZINE.COM
1 JunNVIDIA goes open source with a big batch of physical AI agent toolsNVIDIA just dropped a big batch of open-source “physical AI” skills and tools, and they’re designed to make a roboticist’s life a whole lot easier. The idea? Take the messy, complicated work behind robots, self-driving cars, vision AI, and industrial digit…HELPNETSECURITY.COM
1 Jun KEVCritical WP Maps Pro Flaw Actively Exploited to Create Admin AccountsThreat actors are attempting to actively exploit a critical security flaw impacting WP Maps Pro, a WordPress plugin that has had over 15,000 sales on the Envato Market, to create malicious administrator accounts on susceptible sites. WP Maps Pro allows site owners to embed custom…THEHACKERNEWS.COM
1 JunHelping defense's use of AI catch up with offense, cost of the vulnpocalypse, news - ESW #461Interview with Evan Powell - Generative and agentic AI are improving cyberattacks faster than they're improving cyber defenses. Offensive folks have been having the most luck with AI so far, which is further eroding any advantage defenders might have had. Evan Powell joins us to …YOUTUBE.COM
1 JunTop 4 data security best practices for the AI-enabled enterpriseTo maximize AI’s value without increasing security risk, organizations must enforce best‑practice data protections across their environment.CYBERSECURITYDIVE.COM
1 JunDashlane hit by brute-force campaign triggering account suspensionsDashlane has confirmed that a brute-force attack over the weekend triggered a wave of account suspension emails, unusual login notifications, and authentication issues. The password manager says the incident was caused by attacks against individual accounts rather than a breach o…CYBERINSIDER.COM
1 JunOpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain AttackCybersecurity researchers have disclosed details of a new malicious supply chain campaign that's targeting developers using OpenAI Codex through a legitimate-looking remote web UI. The tool, named codexui-android, is advertised on GitHub and npm as a remote web UI for OpenAI Code…THEHACKERNEWS.COM
1 Jun19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Accessproof-of-concept (PoC) exploit code has been released for the CIFSwitch flaw, which allows low-privileged users to escalate to root on vulnerable Linux systems. The post 19-Year-Old Linux Kernel Vulnerability Exposes Systems to Root Access appeared first on SecurityWeek .SECURITYWEEK.COM
1 JunMicrosoft says it will not pursue security researchers after zero-day backlashMicrosoft said it is taking the feedback seriously, adding: “To be clear about our approach to legal matters, we have no intention to pursue action against individuals conducting or publishing their security research.”THERECORD.MEDIA
1 JunCritical Windows Netlogon RCE flaw now exploited in attacksThe Centre for Cybersecurity Belgium (CCB), the country's national authority for cybersecurity, warned on Friday that threat actors are now exploiting a recently patched critical Windows Netlogon vulnerability in attacks. [...]BLEEPINGCOMPUTER.COM
1 JunMicrosoft Defender Vulnerability Management gets a smarter exposure scoreMicrosoft Defender Vulnerability Management’s updated exposure score model adds vulnerability risk signals and asset context to help teams understand where risk is concentrated and which remediation actions are likely to have the greatest impact. The model is available in public …HELPNETSECURITY.COM
1 Jun KEVHorizon3.ai introduces Rapid Response to prioritize and verify vulnerability remediationHorizon3.ai has introduced Rapid Response, a capability that helps organizations assess exposure to newly disclosed threats, prioritize remediation, and verify that vulnerabilities have been addressed. Security teams are inundated with vulnerability disclosures, threat intelligen…HELPNETSECURITY.COM
1 JunMiasma: Supply Chain Attack Targeting RedHat npm PackagesDetect and mitigate malicious npm packages linked to the latest npm supply chain attack, based on the open sourced Mini Shai-Hulud malware.WIZ.IO
1 JunCritical Flowise Flaw Gives Attackers Full Server ControlObsidian publishes PoC for a 1-click Flowise RCE that can fully compromise self-hosted serversINFOSECURITY-MAGAZINE.COM
1 JunRace Against Time: Why Faster Vulnerability Alerts MatterAttackers are exploiting vulnerabilities faster than many organizations can identify and patch them. SecAlerts explains why faster vulnerability alerts can help reduce exposure and improve response times. [...]BLEEPINGCOMPUTER.COM
1 JunBrute-force attack triggers Dashlane account lockoutsPassword manager Dashlane has confirmed that a brute-force attack targeting user accounts triggered temporary account suspensions and authentication issues. The company first acknowledged the incident on May 31 after users reported receiving account suspension emails and experien…HELPNETSECURITY.COM
1 JunInsight bundles exposure management, patch operations, and XDR into one serviceInsight has launched Insight Managed Exposure Defense, a managed security service designed to help organizations identify and address vulnerabilities. The service aims to help organizations reduce exposure and implement protections without lengthy procurement processes or relianc…HELPNETSECURITY.COM
1 Jundepthfirst adds pre-install protection against malicious dependenciesdepthfirst has introduced Dependency Firewall, a product that reviews every open-source package being downloaded anywhere in a company and blocks the malicious ones before they reach the person or system that requested them. Developers, AI agents, and any employee using Claude, C…HELPNETSECURITY.COM
1 JunCato cuts vulnerability protection time to 45 minutes with agentic threat researchCato Networks announced a new capability that reduces time-to-protect for newly disclosed vulnerabilities to 45 minutes. The company attributes this reduction to the use of agentic threat research designed to accelerate protection against emerging exploits. Traditional appliance-…HELPNETSECURITY.COM
1 Jun⚡ Weekly Recap: New Linux Flaw, PAN-OS Exploit, AI-Powered Attacks, OAuth Phishing and MoreMonday hit like a cron job with anger issues. A busted auth path here, a repo-side faceplant there, some "patched-ish" thing already getting chewed on in the wild, and then the usual bonus round: poisoned dev tools, sketchy forum chatter, phishing kits pretending to be productivi…THEHACKERNEWS.COM
1 JunAI Is Reviving Anomaly DetectionSecurity teams are revisiting anomaly detection using architectures inspired by modern large language models. Instead of relying on static signatures or isolated events, these “log LLMs” analyze large behavioral sequences across high-volume telemetry sources such as DNS, WAF logs…YOUTUBE.COM
1 JunPatch Now: Another Palo Alto Auth Bypass Bug Under Active ExploitExploiting the PAN-OS GlobalProtect VPN vulnerability requires certain conditions, but adversaries have done so in two attack waves that started in mid-May.DARKREADING.COM
1 JunEliminate Critical API Attack Paths with Wiz API SPMWiz API SPM is now GA, enabling customers to discover APIs, assess APIs for exploitability, and prioritize remediation to mitigate the risk of an API-related breach.WIZ.IO
1 JunVulnerability Disclosure in the Age of AINew article: “ Responsible Disclosure in the Age of AI: A Call for Urgent Action ,” by Melissa Hathaway. Abstract: Artificial intelligence is fundamentally reshaping the balance between vulnerability discovery and remediation. Frontier AI models are now capable of aut…SCHNEIER.COM
1 JunCritical Netlogon flaw is under active exploitation.Military leaders debate battlefield AI. California sues 23andMe over 2023 data breach.THECYBERWIRE.COM
1 JunBrave’s new AgentStop system reduces wasted AI battery drain by 23%Brave has introduced AgentStop, a new open-source system designed to reduce the energy consumed by local AI agents running on consumer hardware. The technology monitors AI agent behavior in real time and can terminate tasks that are unlikely to succeed, helping conserve battery l…CYBERINSIDER.COM
1 JunHackers Used Meta’s AI Support Bot to Seize Instagram AccountsThe Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions began circulating on Telegram showing how to trick Meta's "AI support assistant" b…KREBSONSECURITY.COM
1 JunDashlane password manager users locked out by brute force attacksMultiple Dashlane users have been locked out of their accounts following brute-force attacks that attempted logins from distant locations and unknown devices. [...]BLEEPINGCOMPUTER.COM
1 JunMicrosoft's Zero-Day Legal Threats Spark BacklashAfter a disgruntled security researcher published several zero-day exploits in recent weeks, Microsoft seemingly indicated criminal charges were in order.DARKREADING.COM
31 MayWeek in review: Infostealer dropped via FortiClient EMS flaw, exploited Trend Micro Apex One flawHere’s an overview of some of last week’s most interesting news, articles, interviews and videos: Coinflow CISO on crypto payments security under AI pressure Crypto payment firms sit near the top of the target list for advanced persistent threat groups, and the workload on their …HELPNETSECURITY.COM
31 MayWP Maps Pro bug exploited to create admin accounts on WordPress sitesHackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue administrator accounts without authentication. [...]BLEEPINGCOMPUTER.COM
30 MayLaw enforcement and industry disrupt criminal infrastructure.Researchers blame Iranian government for LA transit authority hack. Extortion group sends individuals to infiltrate organizations in person.THECYBERWIRE.COM
30 MayNew CIFSwitch Linux flaw gives root on multiple distributionsA newly discovered local privilege escalation vulnerability dubbed 'CIFSwitch' in the Linux kernel could allow attackers to forge CIFS authentication key descriptions, abuse the kernel's key request mechanism, and gain root privileges. [...]BLEEPINGCOMPUTER.COM
30 MayExploit Code Published for Critical Flowise RCE VulnerabilityThe one-click vulnerability allows attackers to execute arbitrary code on self-hosted Flowise servers by tricking users into importing a malicious chatflow. The post Exploit Code Published for Critical Flowise RCE Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
29 MayLack of response to critical vulnerability in Gogs is a reminder of the limits of open source projectsA newly discovered and so far unpatched critical vulnerability in the open source Gogs Git service not only demands immediate action from developers to secure their code, it also puts a spotlight on the potential issues in using self-hosted code platforms from small maintainers. …CSOONLINE.COM
29 MayBuilding a risk-based vulnerability management program that scalesIn this Help Net Security video, Shankar Somasundaram, CEO at Asimily, explains how to build a risk-based vulnerability program. He notes that vulnerabilities are exploding by an order of magnitude in the age of AI-driven attacks, with one customer finding a thousand vulnerabilit…HELPNETSECURITY.COM
29 MayGDPR set the tone for regulatory action — and the AI fine pushback to comeBig tech firms continue to push back against fines levied for alleged violations of European data protection law, in what could be a harbinger for AI regulations to come. While lawyers and experts quizzed by CSO broadly argue that big tech firms contesting data protection rules i…CSOONLINE.COM
29 MayAnthropic launches Claude Opus 4.8, prepares Mythos-class models for all customersAnthropic has released Claude Opus 4.8 and outlined plans for broader access to its Mythos-class models, which the company expects to make available to all customers in the coming weeks. Claude Opus 4.8 (Source: Anthropic) Claude Opus 4.8 is available to all users, with pricing u…HELPNETSECURITY.COM
29 MayThe Gentlemen are coming for your files, and then your networkRansomware operators have spent years refining the art of locking files. Now, some are working harder to get those lockers to every reachable system first. Microsoft’s recent warning of the Gentlemen ransomware revealed its operators using a self-propagating Go-based encryptor ca…CSOONLINE.COM
29 MayChinese Hackers Exploit Iran War to Target Maritime and Energy CompaniesESET’s 2026 APT Activity Report suggests China-backed APTs are using instability in the region to target victims, as well as continuing activity against organizations around the globeINFOSECURITY-MAGAZINE.COM
29 MayCybersecurity trends in SEC filingsIn 2023, the Securities and Exchange Commission (SEC) required public companies to include a new section in their 10-K annual filings that is devoted to cybersecurity. This section is meant to address “cybersecurity risk management, strategy, governance and incidents.” I got curi…CSOONLINE.COM
29 May KEVChrome security update addresses 22 critical severity flawsGoogle has released a major Chrome security update that fixes 151 vulnerabilities in the browser, including 22 critical-severity flaws. While no actively exploited zero-days were disclosed, the unusually large number of vulnerabilities and the predominance of internally discovere…CYBERINSIDER.COM
29 MayChrome 148 Update Patches 151 VulnerabilitiesThe browser update resolves critical-severity security defects that could potentially lead to remote code execution. The post Chrome 148 Update Patches 151 Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
29 MayLinkedIn-themed phishing abuses Adobe’s A/B testing platformA newly documented phishing campaign is targeting professionals with fake LinkedIn business emails and abusing a trusted service operated by Adobe. The attack from the victim’s perspective The attack starts with an email that looks, at first glance, like a routine business …HELPNETSECURITY.COM
29 MayGogs Zero-Day Exposes Servers to Remote Code ExecutionThe critical-severity issue, assigned a CVSS score of 9.4, is an argument injection flaw that can be exploited by authenticated attackers via pull requests with malicious branch names. The post Gogs Zero-Day Exposes Servers to Remote Code Execution appeared first on SecurityWeek …SECURITYWEEK.COM
29 MayWith Complex Cloud Integrations, Small Errors Lead to Major CompromisesResearchers discover an exploit chain combining over-permissioned roles, secrets discovery, and non-human identities that could have compromised a popular automation service.DARKREADING.COM
29 May'The Com' Cyberattacks Support Violence & SexploitationYour organization's security failures have consequences for everyone else too, since this neo-Nazi-infested criminal gang uses its cyber winnings to support more violent and widespread crimes.DARKREADING.COM
29 MayMicrosoft calls zero-day releases ‘never justifiable’ as researcher threatens to drop moreEach vulnerability was published with working proof-of-concept code to the Microsoft-owned code repository GitHub, making them immediately available to both attackers and security professionals.THERECORD.MEDIA
29 MayDutch police disrupts botnet composed of 17 million devicesThe Dutch National Police and the country’s National Cyber Security Center (NCSC) have taken offline 200 servers controlling a botnet of 17 million devices, the law enforcement agency announced on Thursday. The investigation was launched after the NCSC received a report by …HELPNETSECURITY.COM
29 MayCertifiably random: Swiss researchers claim perfect random number sourceResearchers in Switzerland claim to have built a perfect random number generator from two quantum superconducting chips, a 30-meter-long pipe, and some software. The resulting device could be used to generate cryptographic keys, or to offer a “public randomness service” for lotte…CSOONLINE.COM
29 MayChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing SurfaceCybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the artificial intelligence (AI) assistant's implicit trust in Markdown links and images to trigger prompt injections and open the door to phishing attacks. The technique has been…THEHACKERNEWS.COM
29 MayTennessee man linked to 764 accused of series of crimes against children dating back to 2022Zachary Sweeney allegedly traveled to New York, Indiana, Missouri and Georgia to meet and harm numerous victims in person. The FBI began investigating him in 2023. The post Tennessee man linked to 764 accused of series of crimes against children dating back to 2022 appeared first…CYBERSCOOP.COM
29 MayMind the gap between IT and OT.Iranian hackers hit LA transit. Chinese cyber operators target Middle East infrastructure. Dutch police take down a 17-million-device botnet. Researchers uncover a phishing risk in ChatGPT. Anthropic prepares its Mythos model for release. Chrome patches 22 critical bugs. Zapier f…THECYBERWIRE.COM
29 MayYour AI Doesn’t Understand AnythingLarge language models are statistical prediction systems trained to generate likely sequences of words based on massive datasets. They do not reason, understand context, or interpret meaning the same way humans do, even when their responses sound conversational or emotionally awa…YOUTUBE.COM
28 MayEmployees are unknowingly inviting tech support impersonators into firms, says FBIOnline or telephone IT support scams have been tricking employees into downloading or clicking on malware for years. But according to the FBI, one group that targets US-based law firms has recently found success in person, by convincing firms to allow a supposed IT support person…CSOONLINE.COM
28 MayGraduation day griftsThis week, hosts of N2K CyberWire Maria Varmazis and Dave Bittner alongside …THECYBERWIRE.COM
28 MayThe bipartisan case for CISA.This week, Dave and Ben sit down to discuss a growing bipartisan effort to support CISA. Throughout the conversation, the two look at how lawmakers from both sides of the aisle are showing greater support for CISA after the Trump administration cut its budget and workforce. Both …THECYBERWIRE.COM
28 MayCompanies built AI into core systems before figuring out how to govern it70% of organizations use GenAI in live environments, and 64% have AI agents in pilot or production deployments. Some of those agents have privileged access to core systems, according to Check Point’s 2026 Cloud Security Report. Confirmed and suspected AI incidents (Source: Check …HELPNETSECURITY.COM
28 MayCanonical releases Workshop for one-command sandboxed dev environments on UbuntuCanonical released Workshop, a tool that launches sandboxed development environments on Ubuntu with a single command. Environments are configured once and reproduced on different machines, giving teams consistent setups across development workstations and deployment pipelines. A …HELPNETSECURITY.COM
28 MayHottest cybersecurity open-source tools of the month: May 2026Presented here is a curated selection of noteworthy open-source cybersecurity solutions that have drawn recognition for their ability to enhance security postures across diverse settings. Pipelock: Open-source AI agent firewall AI coding agents run with shell access, environment …HELPNETSECURITY.COM
28 MayKemper - 269,299 breached accountsIn April 2026, the American insurance holding company Kemper Corporation was named by the ShinyHunters ransomware group in a "pay or leak" extortion campaign . The attackers allegedly accessed Kemper's Salesforce environment via social engineering as part of a broader campaign ta…HAVEIBEENPWNED.COM
28 MayKetch brings multi-agent AI orchestration to enterprise privacy programsKetch has unveiled its vision for agentic privacy with the Ketch Agent Network, a multi-agent orchestration layer for enterprise privacy programs. The platform is designed to continuously reason across legal obligations, internal policies, and operational realities within a unifi…HELPNETSECURITY.COM
28 MayWhat the industrialization of exploitation means for defendersFor decades, cybersecurity was a battle of skill. Elite attackers versus elite defenders. The rules of engagement were understood, even if the playing field wasn’t level. If you hired better analysts and bought better tools, hopefully you hardened your systems well enough and bui…CSOONLINE.COM
28 MayDownload pumping: New npm deception technique for supply chain attacksLearn how attackers exploit automated bot traffic as part of software supply chain attacks to artificially inflate download counters and mask malicious payloads as legitimate. Key takeaways Volume doesn’t equal trust. Packages with numerous versions and high download counts might…TENABLE.COM
28 MayMicrosoft’s new cloud PCs place AI agents under enterprise controlsMicrosoft’s Windows 365 for Agents, a cloud PC platform for agentic workloads, runs AI agents in secure environments. Organizations can direct agents with natural language to interact with applications, browsers, files, and enterprise systems. The platform is available in public …HELPNETSECURITY.COM
28 MayOil shipments, drone makers, and a poisoned code library targeted in recent APT campaignsGeopolitical pressure drove much of the state-sponsored cyber activity recorded between October 2025 and March 2026, according to ESET’s latest APT Activity Report. Espionage groups aligned with China, North Korea, Russia, and Iran adjusted their targets to match the econom…HELPNETSECURITY.COM
28 MayThe AI governance imperative you can’t afford to ignoreCIOs rushing to roll out AI agents without real visibility into their decision-making processes are flirting with disaster. According to AI experts, deploying agents without observability processes and tools creates a ticking time bomb with the potential for huge negative consequ…CSOONLINE.COM
28 MayDICOM, Pydicom, GDCM, and Orthanc: A technical tour of what really happens in the heapThis white paper presents a concrete case study demonstrating the creation of a heap overflow vulnerability through the exploitation of the DICOM file format.TALOSINTELLIGENCE.COM
28 MayMicrosoft Condemns "Uncoordinated" Zero Day DisclosuresMicrosoft warned the disclosure of several unpatched vulnerabilities without notice has put “customers at unnecessary risk”INFOSECURITY-MAGAZINE.COM
28 MayGitea Vulnerability Exposed 30,000 Deployments to AttacksThe security flaw allowed attackers to pull private container images, exposing source code, credentials, and infrastructure. The post Gitea Vulnerability Exposed 30,000 Deployments to Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
28 May KEVCritical FortiClient EMS Vulnerability Exploited in Fresh AttacksFortinet rolled out hotfixes for the security defect in April, warning that it had been exploited in the wild as a zero-day and urging immediate patching. The post Critical FortiClient EMS Vulnerability Exploited in Fresh Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
28 MayIBM and Red Hat Commit $5 Billion to Secure Open Source Supply Chains Under “Project Lightwell”Project Lightwell is designed to fix vulnerabilities without breaking what is already in production. The post IBM and Red Hat Commit $5 Billion to Secure Open Source Supply Chains Under “Project Lightwell” appeared first on SecurityWeek .SECURITYWEEK.COM
28 MayQumulo NeuralProtect uses AI to detect and stop ransomware before encryptionQumulo has unveiled Qumulo NeuralProtect, a ransomware resilience solution built to protect data at the storage layer by detecting and stopping threats before data is encrypted, corrupted, or lost. Integrated directly into the Qumulo Data Platform, NeuralProtect inspects every fi…HELPNETSECURITY.COM
28 MayQevlar’s new AI agents correlate CVEs, incident data, and active exploitation signalsQevlar has announced a new set of AI agents designed to bridge the disconnect between Security Operations Centers (SOCs) and vulnerability management teams. The new capabilities help security teams correlate CVEs with live incident data for real-time risk prioritization, automati…HELPNETSECURITY.COM
28 MayMicrosoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account RemovalMicrosoft has come out strongly in favor of Coordinated Vulnerability Disclosure (CVD), urging the research community to share their findings and give affected vendors an opportunity to better understand the impact and address them before they are publicly disclosed. The developm…THEHACKERNEWS.COM
28 May KEVIndian CERT urges firms to contain exploited internet-facing flaws within 12 hoursIndia’s cybersecurity agency, CERT-In, has urged organizations to patch, mitigate, or isolate known exploited vulnerabilities affecting internet-facing “crown jewel” systems within 12 hours where feasible, warning that AI-assisted attacks are dramatically compressing the time bet…CSOONLINE.COM
28 MayCanadian man gets 33 years for using social media to coerce US children into sending sexual contentProsecutors said the man spent years using fake online identities to contact children and manipulate them into sending sexually explicit images and videos.THERECORD.MEDIA
28 MayDuckDuckGo sees 30% growth spike as Google forces AI on SearchDuckDuckGo says it experienced a significant spike in users following Google’s announcement of a sweeping AI-powered overhaul of Search at Google I/O 2026. According to figures shared by the privacy-focused search company, installs and visits increased sharply in the six days aft…CYBERINSIDER.COM
28 MayZapier exploit chain shows how known anti-patterns compose into critical riskA five-stage exploit chain disclosed by Token Security researchers turned a free Zapier account into write access on Zapier’s public developer SDK packages and on internal packages that load in every authenticated zapier.com session. Each link in the chain was a known anti-…HELPNETSECURITY.COM
28 MayNew Gogs zero-day flaw lets hackers get remote code executionAn unpatched zero-day vulnerability in the Gogs self-hosted Git service can allow attackers to gain remote code execution (RCE) on Internet-facing instances. [...]BLEEPINGCOMPUTER.COM
28 MayIBM and Red Hat are betting $5 billion that open source needs a security guardIBM and Red Hat announced Project Lightwell, a $5 billion commitment backed by new frontier AI capabilities and a global force of more than 20,000 engineers to help enterprises secure open source software. Together, these investments establish a new model for enterprise use of op…HELPNETSECURITY.COM
28 MayState of Post Quantum CryptographyDiscussion of PQC relevant statistics that we see across our customers and other data sources.WIZ.IO
28 MayIBM’s new $5B initiative will help enterprises rapidly patch open-source vulnerabilitiesThe tech giant’s project could make it easier for businesses to safely use open-source packages.CYBERSECURITYDIVE.COM
28 MayAttackers Move Past Typosquatting to Realistic Package ImpersonationMost malicious open source packages now mimic real code rather than rely on typosquattingINFOSECURITY-MAGAZINE.COM
28 MayThreat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential StealerThreat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server (EMS) deployments to deliver credential-stealing malware. "The campaign abused trusted endpoint management infrastructure to deliver malware across manag…THEHACKERNEWS.COM
28 MayCritical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary CodeA critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an authenticated user to execute arbitrary code under certain conditions. The security flaw, per Rapid7, is rated 9.4 on the CVSS scoring system. It does not h…THEHACKERNEWS.COM
28 MayDutch Raid Fails to Dent Russian Bulletproof HostDutch law enforcement seized 800 servers and arrested two operators of THE.Hosting but left the hosting provider's core IP address space intact.DARKREADING.COM
28 MayThe military wants to move at cyber speed.Cyber Command’s new chief pushes modernization as lawmakers warn commercial location data is exposing U.S. troops. A third-party UK visa site leaks passports and selfies. Microsoft slams unpatched zero-day disclosures. Researchers uncover a new macOS malware campaign targeting cr…THECYBERWIRE.COM
28 MayLinux Supply Chain How-To - PSW #928This week we have a technical segment focused on Linux! Paul released a script that helps you get a handle on Linux supply chain security, and new features allow you to assess the state of Secure Boot on your Linux systems (that also use MS certificates, ironically). The script i…YOUTUBE.COM
28 MayMITRE Couldn’t Scale Caldera AloneMITRE is transferring the Caldera cybersecurity platform to the Apache Foundation to encourage broader open source collaboration and long-term project support. Caldera is widely used for testing systems against the MITRE ATT&CK framework and simulating adversary behavior acro…YOUTUBE.COM
28 MayBreaking the Patch Sound Barrier Part 2: So Is The Apocalypse Coming and What Is It?So, you read my previous blog post about breaking the patch sound barrier , but it left you wanting more? Well, this is that “more.” Gemini blog illustration / steampunk vuln apoc Here are three useful ideas to advance the conversation. 1. Defining the “Vulnerability Apocalypse” …MEDIUM.COM
28 MayOracle May 2026 Critical Security Patch Update Addresses 35 CVEsOracle addresses 35 CVEs in its May 2026 Critical Security Patch Update with 35 patches, including 11 critical updates. Key Takeaways The May 2026 Critical Security Patch Update (CSPU) contains fixes for 35 unique CVEs in 35 security updates 11 issues (31.4% of all patches) were …TENABLE.COM
27 MayMicrosoft previews automatic device isolation in Defender for EndpointMicrosoft is previewing a new automatic device isolation capability in Defender for Endpoint’s auto attack disruption tool to help security pros contain cyber attacks in progress on their IT networks. The company announced the capability earlier this month in a column about new f…CSOONLINE.COM
27 MayEuropean AI adoption hits 99% with regulated data driving most policy violationsGenerative AI tools operate inside nearly every European workplace, embedded in meeting transcription services, writing assistants, coding copilots, and search features. Workers in the region pull these tools into daily routines that involve customer records, financial informatio…HELPNETSECURITY.COM
27 May KEVRisky Business #839 -- TeamPCP stole GitHub's internal reposOn this week’s show Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover: TeamPCP breached GitHub’s internal repos. Now what? Some absolute plonker glued Coruna to a hijacked npm package CISA is worried about about open source and wants th…RISKY.BIZ
27 MayVigolium: Open-source vulnerability scannerVigolium, an open-source vulnerability scanner that combines deterministic scanning with AI-driven auditing, launched its initial open-source release this month. The project ships 235+ scanner modules and an in-process agent runtime called olium that handles autonomous endpoint d…HELPNETSECURITY.COM
27 MayMytheresa - 84,108 breached accountsIn April 2026, the luxury fashion e-commerce platform Mytheresa was listed as a victim of the ShinyHunters "pay or leak" extortion group . After the ransom deadline passed, the group publicly released the data which contained 84k unique email addresses. The exposed data also incl…HAVEIBEENPWNED.COM
27 May KEVCISA Urges Immediate Patching of Exploited LiteSpeed cPanel Plugin Zero-DayResolved last week, the vulnerability was exploited in the wild as a zero-day to execute scripts with root privileges. The post CISA Urges Immediate Patching of Exploited LiteSpeed cPanel Plugin Zero-Day appeared first on SecurityWeek .SECURITYWEEK.COM
27 MayNovee’s Agentic Fix turns validated exploits into fixes through AI coding agentsNovee has announced Agentic Fix, an enhancement to its AI penetration testing platform that helps teams move from validating security findings to deploying fixes in a single step. Agentic Fix extends Novee’s platform by generating remediation guidance from the same exploit contex…HELPNETSECURITY.COM
27 MayJetico expands BestCrypt Data Shelter with zero-trust file access controlsJetico has announced the extension of BestCrypt Data Shelter to include centrally managed enterprise data access control for sensitive files. The solution allows security teams to define and enforce policies governing which applications, processes and users can access protected f…HELPNETSECURITY.COM
27 MayProofpoint Introduces Active Exploits Protection to Help Organizations Prioritize Vulnerability Patching for Real-World Attacks in the AI EraPROOFPOINT.COM
27 May KEVCISA gives feds 4 days to patch actively exploited cPanel plugin flawThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. federal agencies four days to secure their servers against a critical vulnerability in the LiteSpeed cPanel user-end plugin, which is actively being exploited in attacks. [...]BLEEPINGCOMPUTER.COM
27 MayFake ChatGPT and Claude installers on GitHub are dropping Deno RAT malwareAttackers are hosting counterfeit installers and plugins on GitHub and SourceForge that pose as widely used software, including ChatGPT, Claude, AutoTune, Kontakt, Ableton Live, and ZENOLOGY. The downloads deliver a backdoor called DinDoor, which then loads a remote access Trojan…HELPNETSECURITY.COM
27 MayApple makes its quantum-resistant encryption open sourceApple has published its post-quantum cryptography implementations in corecrypto, together with mathematical proofs and verification tools for independent expert evaluation, allowing external researchers to review the work and reproduce the company’s analysis. Post-quantum cryptog…HELPNETSECURITY.COM
27 MayDutch police arrest man over cyber breach at Ajax football clubThe suspect was detained in the central Dutch town of Buren, where law enforcement officers also searched his home and seized multiple digital storage devices, according to a statement released Tuesday by the Dutch National Police.THERECORD.MEDIA
27 MayCrowdStrike disrupts Glassworm botnet that preyed on open-source supply chainCrowdStrike has dismantled the Glassworm botnet in an operation aided by Google and Shadowserver, stripping the operators’ access to infrastructure that helped threat actors infect hundreds of pieces of open-source software with malware since early 2025, the company said Tuesday.…CYBERSCOOP.COM
27 MayInfosecurity Europe: Why Burnout in Cybersecurity Demands Risk-Based ResponseCybermindz warns that cybersecurity burnout is a growing risk, urging organizations to move beyond wellness initiatives and adopt a measurable, risk-based approach to workforce stressINFOSECURITY-MAGAZINE.COM
27 MayCogent targets exploit-to-remediation gap with new AI-powered security capabilitiesCogent has launched two new platform capabilities designed to reduce the time between vulnerability disclosure and confirmed remediation. Zero Day Response identifies exposure within minutes of public disclosure, without waiting for scanner signatures. Autonomous Remediation dete…HELPNETSECURITY.COM
27 MayMediaArea heap-based buffer overflow vulnerabilitiesTalos researchers find 4 heap-based buffer overflow vulnerabilities in MediaArea's MediaInfoLib.TALOSINTELLIGENCE.COM
27 MayCan you enforce strong Active Directory password rules without frustrating users?Strong Active Directory passwords don't have to come at the expense of usability. Specops Software explains how passphrases, breached password protection, and self-service resets can improve security without frustrating users. [...]BLEEPINGCOMPUTER.COM
27 MayVulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance RateNovee researchers discovered an account takeover vulnerability in the open source CFP management tool Pretalx. The post Vulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance Rate appeared first on SecurityWeek .SECURITYWEEK.COM
27 MayGoogle AI Threat Defense targets attackers using AI to find flaws fasterGoogle Cloud introduced AI Threat Defense, an automated cybersecurity platform that combines several of the company’s security assets to find, prioritize, and patch software vulnerabilities at machine speed. The product is aimed at enterprises contending with attackers who …HELPNETSECURITY.COM
27 MayCoordinated operation takes down Glassworm botnetThe botnet began in early 2025, targeting software developers across the open-source supply chain.CYBERSECURITYDIVE.COM
27 MayCrowdStrike and Google take down botnet used by hackers to target software developers in supply chain attacksCybercriminals used the Glassworm botnet to infect open source software projects with malware, and in turn hack the developers and companies that use that software.TECHCRUNCH.COM
27 MayAI-Assisted Exploit Development Outpaces Scanner DetectionAttackers are using AI to dramatically reduce the time they need to develop a working exploit for a CVE, according to new research.DARKREADING.COM
27 MayOpen Source Trust Is CollapsingDoug White talks about manually vetting software downloads from GitHub, NPM, and PyPI before allowing them onto a normal machine. That process included sandboxing the code in a Linux VM, reviewing it manually, and even using multiple AI models to inspect the files before installa…YOUTUBE.COM
27 MayGlassworm botnet targeting developers disrupted in coordinated takedownA coordinated cybersecurity operation has disrupted a botnet known as “Glassworm” that targeted software developers through malicious open-source packages, compromised GitHub repositories, and infected development tools. The takedown took place on May 26 with support from CrowdSt…CYBERINSIDER.COM
27 MayUK Cyberspying Chief Calls AI ‘an Unstoppable Force’ and Warns About RussiaThe speech is the latest in a string of warnings from intelligence experts that Russia is stepping up hostile activity in a “gray zone” that falls just below the threshold of war. The post UK Cyberspying Chief Calls AI ‘an Unstoppable Force’ and Warns About Russia appeared first …SECURITYWEEK.COM
27 MayAI chatbot recommendations lure users to cryptojacking malware sitesCybercriminals are using AI chatbot interactions alongside poisoned search results to direct users to malicious download sites in an active cryptojacking campaign, Microsoft has warned. The campaign impersonates legitimate software tools such as CrystalDiskInfo, HWMonitor, Displa…HELPNETSECURITY.COM
27 MayUK spy chief labels AI ‘unstoppable force’ with offensive, defensive ramifications for cyberspaceAnne Keast-Butler, head of the GCHQ, said her agency was developing an artificial intelligence-powered cyber shield as other nations were deploying AI in warfare. The post UK spy chief labels AI ‘unstoppable force’ with offensive, defensive ramifications for cyberspace appeared f…CYBERSCOOP.COM
27 MayReconstructing an Akira Ransomware Kill Chain from Perimeter and Endpoint Logs, (Wed, May 27th)Most Akira write-ups focus on the ransom note or the encryption routine. By the time those show up the interesting forensic work is over. The questions that matter to defenders sit earlier. How did they get in. When did they get domain admin. What did they touch before the binary…ISC.SANS.EDU
27 MayAI models more vulnerable than claimed when faced with iterative attacksCISOs relying on LLM runtime guardrails and official safety scores when making security decisions about their organizations’ AI usage and model selection are due for a wakeup call. According to a new study from Cisco, frontier models from OpenAI, Anthropic, Google, xAI, and Amazo…CSOONLINE.COM
27 MaySmashing Security podcast #469: What your Oura ring won’t tell youCISA, the US government agency whose entire job is keeping America's critical infrastructure safe from hackers, has had a contractor publish dozens of plain-text credentials to a public GitHub profile. Meanwhile, your Oura ring is quietly transmitting some of its data unencrypted…GRAHAMCLULEY.COM
27 MayAnother IT governance headache: AI-enabled sanction evasionOver the next three to five years, both governments and the private sector will need to rapidly adapt identification and mitigation protocols as adversaries move from AI-assisted to AI-enabled sanctions evasion and proliferation financing (PF), a new research paper warns. The rep…CSOONLINE.COM
26 MayProject Glasswing has uncovered 10,000 vulnerabilities: AnthropicAnthropic says it and upwards of 50 partners involved in Project Glasswing have uncovered an estimated 10,000 critical or high-severity vulnerabilities in their software offerings. The company launched the cybersecurity initiative, which is built around Claude Mythos Preview , in…CSOONLINE.COM
26 MaySecurity experts caution MFA alone can no longer stop threat actorsCybersecurity experts are warning enterprise admins about an increasing number of phishing campaigns aimed at stealing Microsoft 365 (M365) access tokens to bypass multifactor authentication login protection. Phishing kits aimed at capturing M365 tokens aren’t new; some reports s…CSOONLINE.COM
26 MayCybersecurity jobs available right now: May 26, 2026Application Security Engineer IG Group | India | Hybrid – View job details As an Application Security Engineer, you will assess the security of web, mobile, and cloud applications through penetration testing, secure code reviews, threat modeling, and architecture …HELPNETSECURITY.COM
26 May KEVCISA orders feds to patch actively exploited Drupal vulnerabilityCISA has given U.S. government agencies until Wednesday evening to secure their servers against an SQL injection vulnerability in the Drupal content management system (CMS) that it flagged as actively exploited. [...]BLEEPINGCOMPUTER.COM
26 MayCERT-In Mandates 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted AttacksThe Indian Computer Emergency Response Team (CERT-In) has issued new guidelines requiring organizations to patch critical security vulnerabilities in internet-exposed systems within 12 hours of being flagged where "feasible" to safeguard against potential threats stemming from th…THEHACKERNEWS.COM
26 MayStop treating AI governance as a review layer. Make it release infrastructureI’ve spent years building compliance into security products. FedRAMP and Department of War Impact Level authorizations, vulnerability management pipelines: They all follow the same pattern. Build the product, then prove it meets requirements. The compliance layer sits outside the…CSOONLINE.COM
26 MayAppSec Conversations on Agents, LLMs, and OWASP from RSAC - ASW #384We showcase recordings from this year's RSAC. At RSAC Conference 2026, Scott Clinton, Co-Chair and co-founder of the OWASP GenAI Security Project, shares insights from the project’s latest research, including new landscape guides and evolving approaches to securing generative and…YOUTUBE.COM
26 MayUS Law Enforcement Warns of ‘Anti-Tech Extremism’ as AI Hatred GrowsAs Americans stew over the looming risk of job-stealing AI and data centers in their back yards, the feds are raising the alarm about a new category of threat, documents obtained by WIRED show.WIRED.COM
26 MayWhat happens when security teams inherit identityAt the Span Cyber Security Arena conference, I sat down with Eric Woodruff, Chief Identity Architect at Semperis, to talk about how organizations perceive identity and the challenges those perceptions create for security. He shared his perspective on where organizations struggle …HELPNETSECURITY.COM
26 MayIndia's CERT-In Sets 12-Hour Patch Deadline for Exposed FlawsCERT-In urges 12-hour patching of exposed flaws as AI compresses exploitation timelinesINFOSECURITY-MAGAZINE.COM
26 MayAI Threat Landscape Digest March-April 2026Executive Summary During the March–April 2026 reporting period, AI use in offensive operations advanced from development and planning to real-time operational deployment. Multiple independent cases, involving individual criminal actors, mass exploitation platforms, ransomware gro…RESEARCH.CHECKPOINT.COM
26 MayOpen Source DockSec Uses AI to Cut Through Vulnerability Noise in Docker ImagesDockSec, an OWASP incubator project, correlates findings from multiple container security scanners and uses AI to generate plain-English remediation guidance and exact Dockerfile fixes. The post Open Source DockSec Uses AI to Cut Through Vulnerability Noise in Docker Images appea…SECURITYWEEK.COM
26 MayMFA Prompt Bombing: Why Your Second Factor Isn't Saving YouMulti-factor authentication (MFA) was supposed to close a critical gap in identity security. It meant that, even if an attacker possessed the account credentials, they couldn't log in without the second factor. While that logic was sound, attackers have now figured out that they …THEHACKERNEWS.COM
26 MayTrapDoor malware campaign puts developer workstations in CISO spotlightA malicious package campaign across npm, PyPI, and Crates.io has put developer workstations back under scrutiny, after researchers said it targeted developer workflows and AI coding assistant files. Researchers at Socket said the campaign, which they are tracking as TrapDoor, “sp…CSOONLINE.COM
26 MayHackers Exploited KnowledgeDeliver Zero-Day for Web Shell DeploymentHardcoded machineKey values in a configuration file enabled ViewState deserialization attacks leading to remote code execution. The post Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment appeared first on SecurityWeek .SECURITYWEEK.COM
26 MayTamnoon introduces skill-based AI orchestration for autonomous cloud defenseTamnoon has expanded its AI engine, Tami, into a skill-based orchestrator that generates customer-specific remediation skills tailored to each enterprise environment. Trained on more than 6 million real cloud fixes across 800+ accounts, Tami coordinates specialized AI skills to s…HELPNETSECURITY.COM
26 MayFake software on GitHub and SourceForge distribute Deno RATWe found fake installers and plugins for ChatGPT, Claude, AutoTune, and other popular software that can give attackers full control over your device.MALWAREBYTES.COM
26 MayHow Security Leaders Cut Through Complexity to Drive Better OutcomesSecurity leaders are operating in an environment that is only getting more complex. Expanding attack surfaces, rapid AI adoption, growing toolsets, and increasing pressure to respond faster have made it harder to maintain a clear view of risk and priorities. At the Rapid7 Global …RAPID7.COM
26 MayGitHub Actions abused by Megalodon attack to slip malicious commits into 5,500 reposA large-scale automated GitHub backdooring campaign was caught pushing thousands of malicious commits into public repositories while posing as routine CI/CD upkeep. Researchers at SafeDep observed the campaign, Megalodon, touching more than five thousand repositories over a six-h…CSOONLINE.COM
26 MayEXPOSURE 2026 prepares cybersecurity professionals for the AI eraCybersecurity leaders and practitioners brought their burning AI cybersecurity questions to EXPOSURE 2026. They left with clear answers and a blueprint for building an exposure management program. Get a recap and see highlights from the event in words and pictures. Key take…TENABLE.COM
26 MayChinese Threat Actors Ditch Static Phishing Pages for Live Credential InterceptionAlmost all organizations impersonated by Chinese phishing platforms are non-Chinese entities, suggesting operators deliberately avoid domestic targetsINFOSECURITY-MAGAZINE.COM
26 MayAnthropic: Claude Mythos identified 10,000+ software flawsAnthropic and its Project Glasswing partners have identified more than 10,000 high- or critical-severity vulnerabilities in critical software systems, the company announced in an update on the project’s progress. Mythos identifies thousands of high-severity vulnerabilities …HELPNETSECURITY.COM
26 MayChinese phishing gangs grow into a force to be reckoned withChinese-language phishing-as-a-service (PhaaS) communities are expanding in an area historically dominated by Russian-speaking cybercriminal groups. The Google Threat Intelligence Group (GTIG) analyzed a dozen active PhaaS offerings operating in Chinese-language underground commu…HELPNETSECURITY.COM
26 MayDetectify brings AppSec automation to AI agents with MCP Server and continuous testingDetectify has unveiled the Detectify MCP (Model Context Protocol) Server, a new integration layer that brings Detectify’s security testing engines directly into AI-driven development workflows, helping coding agents find and validate exploitable vulnerabilities and interpret atta…HELPNETSECURITY.COM
26 May7-Eleven data breach exposes personal information of 185,000 applicantsConvenience store giant 7-Eleven is notifying more than 185,000 individuals that their personal information was exposed in a cybersecurity incident linked to the ShinyHunters extortion group. The company disclosed the breach in filings with multiple US state attorneys general, st…CYBERINSIDER.COM
26 MayNew phishing kit targets Microsoft 365 accounts.Anthropic says Mythos has found over 23,000 flaws in open-source software. Dutch police arrest two alleged bulletproof hosting admins.THECYBERWIRE.COM
26 MayWell-architected best practices for software supply chain securityThere have been multiple notable supply chain attacks using the npm Registry since September: Shai-Hulud, Chalk/Debug, one abusing tea.xyz tokens, and recently axios. Thanks to community efforts involving the Amazon Inspector team, the Open Source Security Foundation, and others,…AWS.AMAZON.COM
26 MayWelcoming the AWS Customer Incident Response TeamMay 26, 2026: This post was originally published in July 2022. It has been updated to reflect current engagement options, new threat intelligence resources such as the Threat Technique Catalog for AWS (TTC), additional open-source tools, and the distinction between AWS CIRT suppo…AWS.AMAZON.COM
26 MayApple open-sources quantum-resistant encryption codeThe release includes implementations of two quantum-secure algorithms and demonstrates how formal verification caught bugs that traditional testing would have missed. The post Apple open-sources quantum-resistant encryption code appeared first on CyberScoop .CYBERSCOOP.COM
26 MayThe Hackers Behind Shai-Hulud: Lucky or Skilled?TeamPCP, the hackers behind the Shai-Hulud worm, has done significant damage to the open source ecosystem. But it's not necessarily due to skill alone.DARKREADING.COM
26 MayAttackers found a new way around MFA.The FBI warns attackers are abusing Microsoft OAuth authentication. India pushes faster patching as AI speeds up cyberattacks. Iranian hackers blend phishing with SEO poisoning. Anthropic’s AI finds thousands of open source flaws, while AI also reshapes bug bounties and fuels sup…THECYBERWIRE.COM
26 MayFake GTA 6 pre-orders and beta scams spread malware ahead of game launchCybercriminals are exploiting excitement around Grand Theft Auto 6 to spread malware, phishing pages, and fake pre-order scams ahead of the game’s official release, according to new research from NordVPN. Researchers at NordVPN’s Threat Protection team said they identified dozens…CYBERINSIDER.COM
26 MayKnowledgeDeliver flaw exploited as a zero-day to install web shellsHackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell. [...]BLEEPINGCOMPUTER.COM
26 MayAI Isn’t Creating Better HackersAaran describes a wartime-style cyber environment where experienced developers and reviewers may be unavailable, overwhelmed, or gone entirely. In that situation, junior operators end up shipping malware and attack variants rapidly using public resources, copied code, and LLM ass…YOUTUBE.COM
26 MayAmeriprise - 502,597 breached accountsIn March 2026, the financial services firm Ameriprise Financial was named by the ShinyHunters group in a "pay or leak" extortion campaign . The group claimed possession of more than 200GB of compressed data exfiltrated from Ameriprise's Salesforce environment and internal SharePo…HAVEIBEENPWNED.COM
26 MaySN 1080: Vulnerability Debt Repayment - Will Mythos Change Cybersecurity Forever?Mozilla found 271 unknown Firefox vulnerabilities in days using AI—bugs that millions of automated test runs had missed for years. Steve Gibson argues this isn't a crisis. It's the industry finally paying down decades of security debt, and for the first time, defenders may have t…TWIT.TV
25 MayTurns out the C-suite loves shadow AISenior decision-makers are the heaviest users of unapproved AI tools, and they continue using them despite being aware of the security and privacy risks linked to shadow AI, according to TrustedTech’s Shadow AI in the Workplace report. The study found that 65% of decision-makers …HELPNETSECURITY.COM
25 May2 PhaaS 2 Furious: The Evolution of Chinese-language Phishing ServicesWritten by: Jamie Collier While Russian-speaking threat actors have historically dominated the phishing-as-a-service (PhaaS) landscape, a rival ecosystem is rapidly growing within the Chinese-language underground. Google Threat Intelligence Group (GTIG) analyzed a dozen current P…CLOUD.GOOGLE.COM
25 MayOpenHack: Open-source AI-powered vulnerability researchSource-guided vulnerability research increasingly leans on coding harnesses such as Claude Code, Codex, and Cursor to drive agent-based reviews of application code. A new MIT-licensed project from the Dutch security firm Hadrian, called OpenHack, packages that approach into a fil…HELPNETSECURITY.COM
25 MayTo pay, or not to pay: 58% of CISOs say they would pay the ransom for their dataIf you were hit by ransomware tomorrow, would you pay to get your data back? That’s what more than half of CISOs in a recent survey said their organization would do. It’s a situation more companies are going to face in future. “Attacks are increasing and continuing to increase,” …CSOONLINE.COM
25 MayVisibility with EDR/MDR is still important, 'the basics' are impossible, and the news - ESW #460Interview with Rob Allen from Threatlocker This week, Rob Allen from Threatlocker is with us to discuss the importance of EDR and MDR visibility. We discuss some real world attacks and anecdotes where EDR was able to save the day when threats were missed by other controls. Topic:…YOUTUBE.COM
25 MayFake Streams, Counterfeit Merch and Other Scams: How Fraudsters Target F1 FansFrom fake F1 streams to counterfeit merch, fraudsters are exploiting fans online and the Bitdefender Cybersecurity Grand Prix Fan Threat Index details howINFOSECURITY-MAGAZINE.COM
25 MayThe AI Era Is Creating a Bug Hunting Arms RaceAs attackers ramp up their AI exploit development, the search for software vulnerabilities is changing rapidly.WIRED.COM
25 MayUS states step up cyber defenses to protect local communitiesU.S. state governments are taking on a larger role in cybersecurity to help protect local communities and essential services. Many states are building state-led cyber defense programs, including cybersecurity clinics, regional security operations centers (RSOCs), and state cyber …HELPNETSECURITY.COM
25 MayAI security needs a shift from models to systems, researchers argueEnterprises cannot secure AI agents by making the underlying models more robust and must instead enforce security controls at the system level around them, researchers behind a paper published this month argued, warning that traditional AI-security approaches are increasingly mis…CSOONLINE.COM
25 MayTeamPCP Supply Chain Campaign: Activity Through 2026-05-24, (Mon, May 25th)TeamPCP now operates across three package ecosystems in parallel, it reached GitHub&#;x26;#;39;s own internal codebase, it trojanized an officially Microsoft-published Python SDK, and it appears to have open-sourced its own framework on GitHub.
ISC.SANS.EDU
25 MayTeamPCP Supply Chain Campaign: Activity Through 2026-05-24, (Mon, May 25th)TeamPCP now operates across three package ecosystems in parallel, it reached GitHub&#;x26;#;39;s own internal codebase, it trojanized an officially Microsoft-published Python SDK, and it appears to have open-sourced its own framework on GitHub.
ISC.SANS.EDU
25 MayGhost CMS Vulnerability Exploited to Hack Over 700 WebsitesSites belonging to major universities such as Harvard and Oxford, as well as DuckDuckGo, have been compromised in the attack. The post Ghost CMS Vulnerability Exploited to Hack Over 700 Websites appeared first on SecurityWeek .SECURITYWEEK.COM
25 MayAuthorities seize 800 servers used for cyberattacks and disinformationDutch authorities arrested two men and seized 800 servers linked to a hosting provider that investigators say supported Russian activities aimed at undermining democracy and security through cyberattacks, disinformation, and disruption of public and economic systems. Servers seiz…HELPNETSECURITY.COM
25 May⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain ChaosMonday recap. Same mess, new week. A sketchy dev tool got people pwned, old bugs came back from the dead, and security products somehow needed protecting from themselves. A bunch of companies spent the week checking old boxes and forgotten servers they should've patched years ago…THEHACKERNEWS.COM
25 May25th May – Threat Intelligence ReportFor the latest discoveries in cyber research for the week of 25th May, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES 7-Eleven, the global convenience store chain, confirmed a breach after an unauthorized access to systems used for franchisee documents…RESEARCH.CHECKPOINT.COM
25 MayCisco refines its risk-based vulnerability disclosure for the AI eraSecurity teams already struggle with long lists of vulnerabilities and limited time to patch them. Cisco believes AI could increase that pressure by accelerating vulnerability discovery and increasing the number of findings security teams need to review. The company said it is mo…HELPNETSECURITY.COM
25 MayWhen Firewalls Become LiabilityCyber insurance providers are increasingly publishing reports explaining how ransomware attacks actually happened. In this clip, the discussion centers on Akira ransomware repeatedly targeting SonicWall firewalls — especially older or poorly maintained systems. One joke in the co…YOUTUBE.COM
24 MayThe current state of GPS following OCX with Dr. Sean Gorman, CEO of Zephr.xyz.Despite being an indispensable technology, traditional GPS remains vulnerable to exploitation and is needed for an update. In this week's episode, host Maria Varmazis sits down with Dr. Sean Gorman, CEO of Zephr.xyz, to discuss the current state of GPS. For decades, GPS has b…THECYBERWIRE.COM
24 MayWeek in review: GitHub breached via poisoned VS Code extension, critical NGINX flaw exploitedHere’s an overview of some of last week’s most interesting news, articles, interviews and videos: TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension Following TeamPCP’s claim that they’ve breached GitHub’s own private code repositories, the Microsoft-owned…HELPNETSECURITY.COM
24 MayWireshark 4.6.6 Released, (Sun, May 24th)Wireshark release 4.6.6 fixes 1 vulnerability and 11 bugs.
ISC.SANS.EDU
23 MayGoogle leaks details for Chromium bug that can turn browsers into botsChromium — the open-source browser that underpins Google Chrome, Microsoft Edge, and Opera, among others — contains an unpatched vulnerability that attackers can exploit to execute JavaScript code persistently across browser restarts. As a result, the flaw can be used to hijack u…CSOONLINE.COM
23 MayGhosted by GrafanaToday we are joined by Sasi Levi, Security Research Lead at Noma Security, sharing their team's work on "GrafanaGhost: The Phantom Stealing Your Data." Researchers at Noma Security disclosed “GrafanaGhost,” a vulnerability that could allow attackers to silently exfiltrate sen…THECYBERWIRE.COM
23 MayGitHub discloses breach of 3,800 internal code repositories.CISA contractor exposed AWS GovCloud keys on GitHub. Researchers craft a kernel exploit on Apple's M5 chips, with help from Mythos.THECYBERWIRE.COM
23 MayThe FBI Wants ‘Near Real-Time’ Access to US License Plate ReadersPlus: Google publishes a live exploit for an unpatched flaw, the feds arrest two men accused of creating thousands of nonconsensual deepfake nudes, and more.WIRED.COM
23 May‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted DomainsThe stealthy vulnerability impacts roughly 88 million domains and can be exploited to bypass DNS filtering and hide command-and-control traffic. The post ‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains appeared first on SecurityWeek .SECURITYWEEK.COM
23 MayClaude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used SoftwareAnthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across some of the most "systemically" important software across the world since the cybersecurity initiative went live last month. Project Glasswin…THEHACKERNEWS.COM
23 MayShipping Vulnerable Code On PurposeA large percentage of organizations knowingly ship software with unresolved vulnerabilities in order to meet business deadlines. This clip highlights the ongoing tension between production pressure and security requirements: one side wants to release features immediately, while t…YOUTUBE.COM
22 MayMini Shai-Hulud Attack Prompts npm to Revoke 2FA-Bypass Tokensnpm has forced a platform-wide reset of granular access tokens that bypass two-factor authentication (2FA) after a wave of supply chain attacks linked to the “Mini Shai-Hulud” campaign compromised hundreds of JavaScript packages. The emergency action, rolled out on May 19, invali…GBHACKERS.COM
22 MayMegalodon Malware Rapidly Infects Over 5,500 GitHub RepositoriesA newly identified malware campaign dubbed “Megalodon” has compromised more than 5,500 GitHub repositories, raising serious concerns about the security of open-source ecosystems. Security researchers from SafeDep report that the malware spreads through malicious code injections h…GBHACKERS.COM
22 MayFBI Warns Kali365 PhaaS Platform Targets Microsoft 365 Users to Steal LoginsThe U.S. Federal Bureau of Investigation (FBI) has issued a Public Service Announcement (Alert I-052126-PSA) warning about a newly identified Phishing-as-a-Service (PhaaS) platform named Kali365, which is actively targeting Microsoft 365 users. First observed in April 2026, the p…GBHACKERS.COM
22 MayGoogle folds CodeMender into agent ecosystem amid push for AI-led AppSecGoogle is expanding the role of its CodeMender security agent from autonomous vulnerability remediation toward a larger agentic development ecosystem, signalling a broader push toward AI-driven AppSec. Months after introducing CodeMender, an AI-powered agent designed to autonomou…CSOONLINE.COM
22 MaySplunk Patches Multiple Vulnerabilities Enabling DoS Attacks and Data ExposureSplunk has released security updates to fix three newly disclosed vulnerabilities that could allow low-privileged users to access sensitive data or disrupt Splunk Enterprise deployments through denial-of-service (DoS) conditions. The patches address issues in both Splunk Enterpri…GBHACKERS.COM
22 MayIdentity as the primary attack surface: What modern breaches are really exploitingThe “retro” way “The thing about the old days is… they are the old days” – Slim Charles , The Wire Protecting a specified network perimeter was the main focus of enterprise security strategy for several decades. Businesses made significant investments in firewalls, intrusion dete…CSOONLINE.COM
22 MayHackers Use Six-Layer Persistence on FreePBX SystemsHackers are actively exploiting FreePBX systems using a highly resilient six-layer persistence mechanism. The campaign has been attributed with high confidence to the threat actor INJ3CTOR3, known for targeting VoIP infrastructure for financial gain since 2019. The operation depl…GBHACKERS.COM
22 MayWhy your AI strategy stops where the PLC starts: Hard lessons from the OT frontlinesI spent two days at a substation connecting a major offshore wind farm to the grid. The control room featured three new AI-ready dashboards and a board mandate to “leverage machine learning for resilience.” It also had a maintenance laptop running Windows 7, literally taped to th…CSOONLINE.COM
22 MayPaved With Intent: ROADtools and Nation-State Tactics in the CloudOpen-source framework ROADtools is being misused by threat actors for cloud intrusions. Learn how to identify its malicious use. The post Paved With Intent: ROADtools and Nation-State Tactics in the Cloud appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
22 MayGitLab 19.0 adds AI workflows, secrets management, and self-hosted model supportGitLab released GitLab 19.0 with expanded secrets management, agentic merge request workflows, improved CI pipeline visibility, support for self-hosted open-source models, and supply chain visibility enhancements. Engineering organizations shipping more code than ever are confron…HELPNETSECURITY.COM
22 MayRussian Hackers Exploit RDP, VPNs, Supply Chains for Initial AccessRussian state-sponsored and aligned threat groups are increasingly combining Remote Desktop Protocol (RDP), Virtual Private Networks (VPNs), supply chain compromise, and sophisticated social engineering to gain initial access to targeted networks across government, critical infra…GBHACKERS.COM
22 MayPopular npm Package “art-template” Backdoored in Watering-Hole AttackHackers compromised the popular art-template npm package to inject a stealthy backdoor that redirected users’ browsers to a malicious watering‑hole site delivering a Coruna‑class iOS exploit framework. The campaign turned a widely used JavaScript templating library into a deliver…GBHACKERS.COM
22 MayWe hardened zizmor's GitHub Actions static analyzerIn March 2026, attackers exploited a pull_request_target misconfiguration in the aquasecurity/trivy-action GitHub Action to exfiltrate organization and repository secrets, then used those credentials to backdoor LiteLLM on PyPI (see Trivy’s post-mortem for the full timeline…TRAILOFBITS.COM
22 MayKore.ai unveils AI-native platform for enterprise multiagent systemsKore.ai has launched the new-generation Kore.ai Agent Platform Artemis edition, the AI-programmable, AI-native foundation that builds, governs, and optimizes the agents, systems, and workflows running across the enterprise. The platform launches initially on Microsoft Azure, with…HELPNETSECURITY.COM
22 MayMegalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD WorkflowsCybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub repositories within a six-hour window. "Using throwaway accounts and forged author identities (build-bot, auto-ci, ci-bot, pipelin…THEHACKERNEWS.COM
22 MayMaking Vulnerable Drivers Exploitable Without Hardware - The BYOVD Perspective1 Introduction This article provides a technical analysis of how many Windows kernel mode drivers can be interacted with from user mode without the hardware they were developed for. This work was motivated by driver-oriented vulnerability research and the need to evaluate the exp…THEHACKERNEWS.COM
22 MayUpdate Chrome now: Critical bugs could let attackers run codeThis Chrome update fixes critical flaws attackers could exploit through malicious websites, but not the “Browser Fetch” vulnerability.MALWAREBYTES.COM
22 MayHackers Exploit Middle East Telecoms for Massive C2 OperationsHackers are increasingly abusing Middle East telecommunications networks and hosting providers to operate large-scale command-and-control (C2) infrastructure. The findings highlight a strategic shift away from disposable indicators toward infrastructure-level tracking, allowing d…GBHACKERS.COM
22 MayGoogle’s Exploit Code Release Raises Concern Over Unfixed Chromium Security BugGoogle’s recent release of proof-of-concept (PoC) exploit code for a still-unpatched Chromium vulnerability has sparked significant concern across the cybersecurity community. The flaw, first reported in late 2022 by security researcher Lyra Rebane, remains unresolved after more …GBHACKERS.COM
22 MayCanadian arrested for operating KimWolf botnet tied to record DDoS attackCanadian authorities have arrested a 23-year-old Ottawa man who is accused of operating the DDoS-for-hire KimWolf IoT botnet platform. The arrest follows a broader international law enforcement operation earlier this year that dismantled infrastructure tied to the KimWolf, Aisuru…CYBERINSIDER.COM
22 May$20 per zero-day is already the WordPress plugin realityVulnerability researchers have spent the past year arguing about whether AI agents can find real bugs at scale or whether they mostly generate noise. A pipeline built in three days by researchers from TrendAI and CHT Security supplies an answer, along with a price tag that the se…HELPNETSECURITY.COM
22 May KEVPresident Trump delays signing of AI executive order.CISA warns of actively exploited Trend Micro and Langflow vulnerabilities. Two Americans admit to participation in tech support scam operations.THECYBERWIRE.COM
22 MayPolice take down VPN service (this time with a good reason)European authorities have cracked down on a VPN that has been used for various criminal activities. The operation, led by investigators in France and the Netherlands with help from Europol and Eurojust, has dismantled First VPN, a service that has been heavily promoted within Rus…CSOONLINE.COM
22 MayBreaking down the new Qualcomm chip vulnerability | Kaspersky official blogKaspersky experts have discovered an unpatchable vulnerability in popular Qualcomm chips used in smartphones, cars, smart devices, industrial equipment, and much more. We explain what this vulnerability is and what device owners should do.KASPERSKY.COM
22 MayFBI warns of Kali Oauth stealersThe FBI has warned of the danger from a new wave of phishing attack s generated by a tool called Kali365. It enables cyber criminals to obtain Microsoft 365 access tokens and bypass multi-factor authentication (MFA) protocols without intercepting the user’s credentials by capturi…CSOONLINE.COM
22 MayMicrosoft recognized as a Leader in The Forrester Wave™ for Workforce Identity Security PlatformsMicrosoft has been recognized as a Leader in The Forrester Wave™: Workforce Identity Security Platforms, Q2 2026, receiving the highest scores in both the current offering and strategy categories. The post Microsoft recognized as a Leader in The Forrester Wave™ for Workforce Iden…MICROSOFT.COM
22 MayFBI warns of Kali365 phishing-as-a-service after April Microsoft 365 attacksThe law enforcement agency published an advisory on Thursday about Kali365 — a Telegram-based service for cybercriminals that allows them to capture legitimate "OAuth" tokens enabling widespread access to Microsoft 365 environments.THERECORD.MEDIA
22 MayAI Deleted Production CodeA developer claimed that an AI coding assistant deleted roughly 30,000 lines of production code while modifying a live application. According to the story, the AI introduced unrelated changes, broke core functionality, and forced the team to roll the entire deployment back. The c…YOUTUBE.COM
21 MayNew GhostTree Attack Causes EDR Tools to Hang, Leaving Files UnscannedA newly disclosed attack technique dubbed “GhostTree” is raising concerns among defenders after researchers demonstrated how it can disrupt endpoint detection and response (EDR) tools and bypass file scanning mechanisms on Windows systems. The technique, discovered by Varonis Thr…GBHACKERS.COM
21 MayClaude Code Sandbox Flaw May Compromise User SecretsA newly disclosed security flaw in Anthropic’s Claude Code platform has exposed a critical weakness in its network sandbox, potentially allowing attackers to bypass restrictions and exfiltrate sensitive data. The issue, identified by security researcher Aonan Guan, marks the seco…GBHACKERS.COM
21 MayCyber threats push SMBs to spend more on securityCybersecurity has become a key priority for small and medium-sized businesses due to growing threats and wider AI adoption. An IDC survey of 2,200 SMBs in eight markets examined how organizations manage cyber risks, prepare for AI-related threats, and handle third-party vendor se…HELPNETSECURITY.COM
21 MayPoC Released for PinTheft Linux Flaw Enabling Root Privilege EscalationA public proof-of-concept (PoC) exploit called “PinTheft” has been released for a newly disclosed Linux kernel flaw that allows local attackers to escalate privileges to root on certain systems. PinTheft is a Linux local privilege escalation (LPE) exploit that targets a reference…GBHACKERS.COM
21 MayWantToCry Ransomware Exploits SMB to Encrypt Remote FilesA new ransomware campaign named “WantToCry” that leverages exposed Server Message Block (SMB) services to gain access and encrypt victim data without deploying traditional malware on compromised systems. This approach significantly reduces the detection surface, making it harder …GBHACKERS.COM
21 MayWindows93 / Myspace93 - 46,105 breached accountsIn January 2021, the parody site Windows93 suffered a data breach of the Myspace93 sub-site after a beta application was exploited to download server files. The compromised data was later leaked in June and included 46k Myspace93 accounts containing email and IP addresses, userna…HAVEIBEENPWNED.COM
21 MayThe friendly skies aren’t friendly.This week, hosts of N2K CyberWire Maria Varmazis and Dave Bittner alongside …THECYBERWIRE.COM
21 MayWhy AI changed the threat model for travel technologyIn this Help Net Security interview, Devon Bryan, SVP, Global CSO at Booking Holdings, reflects on his path from Air Force network security engineer to global CSO across financial services, hospitality, and travel technology. He discusses why the travel industry’s interconn…HELPNETSECURITY.COM
21 MayAI red teaming agents change how LLMs get testedAdversarial probing of LLMs has piled up a sprawling toolkit over the past three years. Attack techniques with names like Tree of Attacks with Pruning, Crescendo, and Skeleton Key sit alongside hundreds of prompt transforms and scoring methods across open-source frameworks includ…HELPNETSECURITY.COM
21 MayFollow the CryptoEvery threat actor leaves a financial signature. Ransomware operators, state-sponsored hackers, fraud networks — they all need to move money, and when they do, the blockchain records it permanently. Jackie Burns Koven leads cyber threat intelligence at Chainalysis, where she tr…THECYBERWIRE.COM
21 MayCritical Drupal Vulnerability Could Leave Sites Open to CyberattackThe Drupal Security Team has issued a warning about a highly critical vulnerability affecting Drupal core, with a security release scheduled for May 20, 2026 (PSA-2026-05-18). The flaw carries a severity rating of 20/25, indicating a significant risk that attackers could compromi…GBHACKERS.COM
21 MayMini Shai-Hulud Hits @antv npm Packages, Targets CI/CD SecretsAn Active and sophisticated supply chain attack targeting the widely used @antv npm ecosystem, where a threat actor compromised a maintainer account and pushed malicious package updates designed to steal sensitive CI/CD credentials. The campaign, dubbed “Mini Shai-Hulud,” demonst…GBHACKERS.COM
21 MayAI becoming an SOC imperative for curtailing emerging cyber threatsThe cybersecurity profession is on the verge of a sea change, and security pros must begin to master AI tools to combat emerging threats by building more autonomous, real-time protections. Expert panelists at a recent DTX conference session in Manchester, titled “ Bot vs Bot: Sur…CSOONLINE.COM
21 MayTerra adds continuous network exploitation validation to its platformTerra Security has announced the public preview of continuous exploitation validation for network infrastructure, now available to all customers through the Terra Platform. The launch expands Terra’s offensive security capabilities from web applications to network infrastructure …HELPNETSECURITY.COM
21 MayIndian Student Data Weaponized in Phishing and Financial Fraud CampaignsA growing trend in India where student data is increasingly being exploited for cybercrime activities, including phishing, impersonation, social engineering, and financial fraud. As educational institutions rapidly adopt digital platforms for admissions, fee payments, examination…GBHACKERS.COM
21 MayASAPP expands adversarial testing for enterprise AI systemsASAPP has launched Continuous Red Teaming, a new capability that integrates adversarial AI testing directly into ASAPP’s model evaluation framework. The new capability is built on Promptfoo, an AI security platform that helps enterprises detect and address vulnerabilities i…HELPNETSECURITY.COM
21 MayNew NGINX 0-Day RCE “nginx-poolslip” Threatens Millions of ServersA newly discovered zero-day vulnerability in NGINX, dubbed “nginx-poolslip,” is raising serious concerns across the global cybersecurity community, as it exposes millions of servers to potential remote code execution (RCE) attacks. The vulnerability affects NGINX version 1.31.0, …GBHACKERS.COM
21 MayFake Invitation Phishing Campaign Steals Credentials From U.S. OrganizationsA large-scale phishing campaign leveraging fake event invitations is actively targeting U.S. organizations, combining credential theft, OTP interception, and remote access tool abuse into a single attack chain. The campaign stands out due to its repeatable phishing framework, whi…GBHACKERS.COM
21 MayA Hacker Group Is Poisoning Open Source Code at an Unprecedented ScaleGitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.WIRED.COM
21 MayMicrosoft releases open-source tools to operationalize AI agent safetyMicrosoft has open-sourced two new tools aimed at bringing AI safety checks much earlier into the agent development lifecycle. The tools, called Rampart and Clarity, were announced this week as part of Microsoft’s broader push to operationalize safety engineering for agentic AI. …CSOONLINE.COM
21 MayApache OFBiz RCE Flaw Abuses Password-Change Restrictions for Authentication BypassA critical authentication bypass vulnerability in Apache OFBiz allows attackers to hijack forced password-change flows and achieve remote code execution (RCE) via a single HTTP request, affecting all versions before 24.09.06. Apache OFBiz RCE Flaw Apache OFBiz is an open-source E…GBHACKERS.COM
21 MayTenable One deepens third-party integrations with new Open Connector for unified risk visibilityThe days of rigid, vendor-locked security stacks are over. The Tenable One Open Connector amplifies Tenable One’s extensive capacity to ingest and consolidate third-party security data, giving you more complete visibility across your attack surface, so you can keep using your pre…TENABLE.COM
21 MayEuropol dismantles ‘First VPN’ service used by ransomware gangsEuropean law enforcement agencies have dismantled a long-running VPN service allegedly used by ransomware gangs and cybercriminals to conceal attacks, steal data, and evade investigators. The operation, coordinated by France and the Netherlands with support from Europol and Euroj…CYBERINSIDER.COM
21 MayThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New StoriesThis week starts small. A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking in. They are using the parts we already trust. That is what makes it…THEHACKERNEWS.COM
21 MaySelective HTTP Proxying in Linux, (Thu, May 21st)Recently, Rob wrote about a tool, Proxifier , that can intercept requests from specific processes. Proxifier is available for Windows, macOS, and Android. But I have not seen a generic Linux option yet. The advantage of a tool like Proxifier is the ability to target specific soft…ISC.SANS.EDU
21 MayReducing Phish-Prone Rates Without Training Fatigue: A Practical Playbook for Traditional OrganizationsPhishing remains the single biggest human-driven threat in most organizations. Yet many security leaders face a familiar problem: the stronger the push to run frequent training and simulations, the louder the employee backlash. Complaints range from “too many tests” to “training …KNOWBE4.COM
21 MayChinese APTs Share Linux Backdoor in Central Asia Telco Attacks"Showboat" doesn't show off, but clearly it doesn't need to, as it's long helped China spy on small market communications providers.DARKREADING.COM
21 MayContent Delivery Exploit Opens Websites to Brand HijackingThe Underminr domain-fronting attack allows threat actors to modify Web requests and leverage trusted websites to cloak malicious activity.DARKREADING.COM
21 MayQ1 2026 Threat Landscape Report: Zero-clicks, geopolitical tensions, and some wins for law enforcementThe first quarter of 2026 reinforced that attackers are moving faster, operating with greater coordination, and exploiting weaknesses before most organizations can respond effectively. From escalating geopolitical tensions to increasingly aggressive ransomware operations, the lat…RAPID7.COM
21 MayShowboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy BackdoorCybersecurity researchers have disclosed details of a new Linux malware dubbed Showboat that has been put to use in a campaign targeting a telecommunications provider in the Middle East since at least mid-2022. "Showboat is a modular post-exploitation framework designed for Linux…THEHACKERNEWS.COM
21 MayCybersecurity’s Hidden Communication RiskCybersecurity professionals often rely on acronyms and technical shorthand without realizing most people don’t understand them. The speaker connects this to a behavioral science concept called the “curse of experience” — experts naturally assume others share their knowledge. That…YOUTUBE.COM
21 MayUK plans for cybercrime law reform would protect almost no one, experts warnThe proposals would require researchers to cease activity the moment a vulnerability is identified, meaning they could not confirm it was real, assess its severity or determine its exploitability.THERECORD.MEDIA
21 MayAuthorities dismantle First VPN, used by ransomware actorsFirst VPN, a virtual private network service marketed to cybercriminals, promising anonymity for its users, was taken offline on May 19 and 20 as part of Operation Saffron. During the operation, French and Dutch authorities, with support from Europol and Eurojust, dismantled 33 s…HELPNETSECURITY.COM
21 May KEVCISA asks cybersecurity community to alert it to vulnerability exploitationThe agency wants to ensure that its public catalog of actively exploited flaws is as comprehensive as possible.CYBERSECURITYDIVE.COM
21 MayAttackers are bypassing MFA on SonicWall VPNs because something was wrong with previous fixAttackers bypassed MFA on patched SonicWall Gen6 VPNs because admins missed extra manual steps required to fully fix the flaw. There is a particular kind of security failure that is harder to catch than an unpatched system: a patched system where the patch did not actually work b…SECURITYAFFAIRS.COM
21 MaymacOS Kernel Memory Corruption ExploitA group used Anthropic’s Mythos AI model to help find a kernel memory corruption vulnerability and exploit on Apple’s M5. News article .SCHNEIER.COM
21 MayRobinhood Glitch Allowed Attackers to Send Phishing Emails to CustomersA phishing campaign exploited a glitch in Robinhood’s account creation process to send phishing emails from the investment platform’s own systems, SecurityWeek reports.KNOWBE4.COM
21 May KEVMicrosoft patches two actively exploited Defender vulnerabilities.Europol operation shutters First VPN. Ukrainian police identify suspected infostealer operator.THECYBERWIRE.COM
21 MayTrump Mobile exposes data of customers who ordered the T1 phoneTrump Mobile, the wireless carrier and smartphone brand tied to US President Donald Trump, is reportedly exposing sensitive customer information through an easily exploitable flaw on its website. That is according to claims made by YouTubers Coffeezilla and penguinz0, both of who…CYBERINSIDER.COM
21 MayMicrosoft open-sources tools for designing and testing AI agentsMicrosoft has open-sourced two tools aimed at bringing security discipline to AI agent development: Clarity, a structured design review tool, and RAMPART, a continuous testing framework. The release comes from Microsoft’s AI Red Team, the company’s internal unit that …HELPNETSECURITY.COM
21 MayCISA chief frets about open-source vulnerabilities, delayed security improvementsActing director Nick Andersen’s comments came as a wave of malware attacks hit tech that’s publicly available for collaboration. The post CISA chief frets about open-source vulnerabilities, delayed security improvements appeared first on CyberScoop .CYBERSCOOP.COM
21 MayThe art of being ungovernableIn this edition of the Threat Source newsletter, William explores the value of being "ungovernable" in a professional setting, sharing how challenging the status quo and seeking out the smartest people in the room can lead to a more fulfilling and successful career.TALOSINTELLIGENCE.COM
21 MayTrump postpones executive order focused on AI securityUnder a draft executive order, the NSA, Treasury Department and other federal agencies would get 90-days to test new models for cybersecurity and national security concerns. The post Trump postpones executive order focused on AI security appeared first on CyberScoop .CYBERSCOOP.COM
21 MayGlobal law enforcement operation takes First VPN offlinePolice seized First VPN in a global crackdown, exposed its cybercrime users, and shut down infrastructure tied to ransomware and data theft. A major international law enforcement operation has taken First VPN offline, a service that had become a quiet staple for ransomware crews,…SECURITYAFFAIRS.COM
21 MayLaw enforcement shuts down VPN service used by two dozen ransomware gangsFirst VPN promised hackers complete anonymity for their cyberattacks. But Europol said it was able to notify the service’s users that they have now been identified.TECHCRUNCH.COM
21 MayThat shield has cracks in it.Microsoft confirms active exploitation of two Defender flaws. Europol dismantles a VPN service tied to ransomware gangs. A nine-year-old Linux kernel bug exposes SSH keys and password hashes. Cisco patches a critical Secure Workload vulnerability, while Drupal fixes a highly crit…THECYBERWIRE.COM
21 May[Heads Up] GitHub Breach Shows Developer Tools Are Social Engineering TargetsGitHub disclosed that attackers accessed its internal repositories after compromising an employee device through a poisoned Visual Studio Code extension. The company said the activity appears limited to GitHub-owned internal repositories, with the attacker’s claim of roughly 3,80…KNOWBE4.COM
21 MayFCC, Github, MiniShai-hulud, Stated of Supply Chain, Itron, CRA, NIS2, and more!! - PSW #927In the security news this week: - FCC router bans and the hidden firmware update problem - Why extending support timelines actually improves security - Github supply chain concerns and the evolving SBOM ecosystem - CRA and NIS2 compliance deadlines are getting very real - The EU …YOUTUBE.COM
21 MayNew Verizon Report Reveals the Security Gap Attackers Are Exploiting MostVerizon’s 2026 DBIR shows vulnerability exploitation, AI-enabled attacks, third-party risk, and ransomware are reshaping cyber threats. The post New Verizon Report Reveals the Security Gap Attackers Are Exploiting Most appeared first on TechRepublic .TECHREPUBLIC.COM
21 May KEVEU’s 24-Hour Security DeadlineThe EU Cyber Resilience Act introduces a 24-hour disclosure requirement for actively exploited vulnerabilities affecting connected products sold in Europe. That includes hardware, firmware, submodules, and software dependencies. For many organizations, the challenge is not just p…YOUTUBE.COM
21 MayQuantifying 2026 Routinely Targeted Vulnerabilities (So Far)VulnCheck identified 25 CVEs disclosed in 2026 that have been routinely targeted by adversaries and researchers so far this year, drawing from a global body of exploit code and exploitation data.VULNCHECK.COM
20 MayWindows 11 BitLocker Zero-Day, TeamPCP Malware Leak, Iran Gas Station Hacks | Cybersecurity TodayA serious new Windows 11 BitLocker vulnerability, open-sourced offensive malware tools, a suspected Iranian cyber campaign targeting U.S. fuel infrastructure, and malware that appears designed to interfere with nuclear weapons simulation systems. Cybersecurity Today would like to…CYBERSECURITYTODAY.LIBSYN.COM
20 MayGitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal RepositoriesGitHub on Tuesday said it's investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform's source code and internal organizations for sale on a cybercrime forum. "While we currently have no evidence of impact…THEHACKERNEWS.COM
20 MayGrafana GitHub Breach Exposes Source Code via TanStack npm AttackGrafana Labs, on May 19, 2026, said an investigation into its recent breach found no evidence of customer production systems or operations being compromised. It said the scope of the incident is limited to the Grafana Labs GitHub environment, which includes public and private sou…THEHACKERNEWS.COM
20 MayPoC Exploit Released for DirtyDecrypt Linux Kernel VulnerabilityPoC exploit code for the DirtyDecrypt (DirtyCBC) Linux kernel vulnerability has been released publicly, turning a previously theoretical local privilege escalation into a practical, copy‑paste exploit path to root on specific Linux distributions. DirtyDecrypt (also called DirtyCB…GBHACKERS.COM
20 MayHackers Exploit MSHTA to Deploy LummaStealer and Amatera MalwareHackers are increasingly abusing the legacy Microsoft HTML Application Host (MSHTA) utility to deliver commodity malware such as LummaStealer and Amatera. Despite being tied to Internet Explorer, which was retired in 2022, MSHTA remains default in Windows, making it an attractive…GBHACKERS.COM
20 MayGitHub Source Code Reportedly Compromised, TeamPCP Claims BreachA threat actor group known as TeamPCP has claimed responsibility for a significant breach involving GitHub’s internal systems, alleging the theft of sensitive source code and proprietary organizational data. The group is currently offering the allegedly stolen dataset for sale on…GBHACKERS.COM
20 MayRisky Business #838 -- GitHub investigates possible breachOn this week’s show Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover: GitHub announced a possible breach CISA leaks important creds, keys in public repo Awful vulnerability in Bitlocker renders it useless without a PIN So. Many. Patche…RISKY.BIZ
20 MayNew NGINX Vulnerability Exposes Servers to Malicious Code ExecutionNGINX has disclosed a new high‑severity vulnerability in its JavaScript module that can allow remote attackers to crash servers and, in specific conditions, execute arbitrary code on vulnerable systems. F5 has published a security advisory (K000161307) describing a flaw in the NG…GBHACKERS.COM
20 MayAlleged Huawei zero-day blamed for the 2025 Luxembourg telecom crashA Huawei zero-day flaw reportedly caused Luxembourg’s 2025 nationwide outage, disrupting landline, 4G/5G, and emergency services On July 23, 2025, a nationwide telecom outage in Luxembourg was reportedly triggered by a previously undisclosed flaw in Huawei enterprise routers. The…SECURITYAFFAIRS.COM
20 MayInterpol's 'Operation Ramz' Pioneers Cross-Region Collabs in Middle EastWhile the numbers are modest, the crackdown on cybercrime involved 13 countries in the MENA region, the largest law enforcement collaboration to date.DARKREADING.COM
20 MayVerizon DBIR: Vulnerability Exploits Overtake Credentials as Top Access VectorVerizon DBIR finds 31% of data breaches began with software flaws last yearINFOSECURITY-MAGAZINE.COM
20 MayTeamPCP GitHub Breach: Internal GitHub Repositories Allegedly AccessedTeamPCP GitHub Breach: Internal GitHub Repositories Allegedly Accessed TeamPCP is back in the headlines, and this time the target is not a plugin, a CI/CD pipeline, or an open-source package. The group is claiming access to GitHub itself, one of the most critical pieces of infras…SOCRADAR.IO
20 MayShift to Prevention and Enforcement as We Repeat Security Mistakes With AI - Rob Allen - BSW #448Over the last decade, cybersecurity heavily invested in EDR, XDR, SIEM, telemetry, and SOC-driven operations. We stopped asking how to stop attacks and started asking how fast we could detect them. However, Mythos and frontier models have changed that paradigm. How do you detect …YOUTUBE.COM
20 MayGitHub confirms internal repository theft as TeamPCP claims attackGitHub disclosed that it is investigating unauthorized access to its internal repositories after attackers compromised an employee's device through a malicious Visual Studio Code extension. The company says there is currently no evidence that customer repositories or enterprise d…CYBERINSIDER.COM
20 MayTeamPCP breached GitHub’s internal codebase via poisoned VS Code extensionFollowing TeamPCP’s claim that they’ve breached GitHub’s own private code repositories, the Microsoft-owned company launched an investigation and confirmed the compromise. “Our current assessment is that the activity involved exfiltration of GitHub-interna…HELPNETSECURITY.COM
20 MaySHub Reaper impersonates Apple, Google, and Microsoft in one MacOS attack chainA newly disclosed macOS infostealer campaign is exploiting user trust in some of the biggest names in tech to slip past defenses. Researchers at SentinelOne have detailed a new variant of the SHub malware family, dubbed “Reaper,” that impersonates Apple, Google, and Microsoft at …CSOONLINE.COM
20 MayArmorCode gives security teams AI workers for exposure and remediationArmorCode has announced Anya Agents, a new agentic AI framework delivered on the patented ArmorCode Agentic AI Platform that enables organizations to operationalize AI-driven security workflows at enterprise scale. Built on ArmorCode’s Context Risk Graph, Anya Agents help securit…HELPNETSECURITY.COM
20 MayMicrosoft Open-Sources RAMPART and Clarity to Secure AI Agents During DevelopmentMicrosoft has unveiled two new open-source tools called RAMPART and Clarity to assist developers in better testing the security of artificial intelligence (AI) agents. RAMPART, short for Risk Assessment and Measurement Platform for Agentic Red Teaming, functions as a Pytest-nativ…THEHACKERNEWS.COM
20 MayGrafana GitHub Security Incident Reportedly Connected to TanStack npm RansomwareGrafana Labs has disclosed a targeted GitHub security incident linked to the ongoing TanStack npm supply chain ransomware campaign, raising concerns about software development pipeline security and token management practices. The company confirmed that attackers gained unauthoriz…GBHACKERS.COM
20 MayGremlin Stealer Hides C2 and Exfiltration Paths in Encrypted ResourcesA newly identified variant of the Gremlin stealer malware is leveraging advanced obfuscation techniques to conceal its command-and-control (C2) infrastructure and data exfiltration logic within encrypted .NET resource sections. This evolution highlights a significant shift toward…GBHACKERS.COM
20 MayOld Breaches Resold as New Corporate Data LeaksDark web data brokers are increasingly recycling old breach data and marketing it as fresh corporate leaks. The activity, largely observed in Chinese-language cybercrime forums and Telegram channels, is creating confusion among organizations and diverting security resources towar…GBHACKERS.COM
20 MayGitHub admits major source code leak after 3,800 internal repositories breachedMicrosoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers exfiltrated code from around 3,800 of the company’s internal repositories. News of the incident first emerged on May 19, when GitHub said it was investigating “unau…CSOONLINE.COM
20 MayImplement agentic AI in cybersecurity with Tenable Hexa AI: Reduce cyber risk at machine speedAs frontier AI models collapse the traditional exploit window, Tenable Hexa AI transforms the security operating model from manual triage to agentic orchestration. See how you can automate vulnerability remediation and super-charge exposure management with Tenable Hexa AI. Key ta…TENABLE.COM
20 MayUkraine probes teen suspect in cyber theft scheme targeting California online shoppersThe investigation began after U.S. authorities informed their Ukrainian counterparts that hackers operating from Ukraine could be involved in attacks targeting users of American e-commerce platforms, Ukraine's Prosecutor General said.THERECORD.MEDIA
20 MayCompromised coding tool helped hackers breach thousands of GitHub repositoriesThe attack is the latest example of hackers’ intense focus on open-source packages.CYBERSECURITYDIVE.COM
20 MayCarding site B1ack’s Stash dumps 4.6 Million stolen cards for freeCarding forum B1ack’s Stash claims to have released millions of stolen CVV2 payment card records for free after suspending sellers. B1ack’s Stash, one of the most active stolen card marketplaces on the dark web, has released 4.6 million credit card records for free, n…SECURITYAFFAIRS.COM
20 MayPatch Now: Critical Flaw in OT Robot OS Gives Attackers ControlAn unauthenticated attacker can exploit the command injection vulnerability to gain remote access to robotic systems, causing significant disruption to the environment.DARKREADING.COM
20 MayVerizon DBIR: Vulnerability exploitation is the dominant initial access vectorVulnerability exploitation has overtaken stolen credentials as the most common way attackers gain initial access to target networks, according to the 2026 Verizon Data Breach Investigations Report. This is the first time credential theft has been knocked off the top spot in the r…HELPNETSECURITY.COM
20 MayNanoCo lands $12 million seed funding, launches enterprise assistant built on NanoClawNanoCo announced a $12 million seed round, alongside the commercial launch of a professional assistant built on its open-source agent framework NanoClaw. Valley Capital Partners led the round. Docker, Vercel, monday.com, Slow Ventures, Clutch Capital, Factorial Capital, and Huggi…HELPNETSECURITY.COM
20 MayOperationalizing CTEM Faster: Build Surface Command Dashboards in MinutesModern attack surfaces don’t sit still. Cloud expansion, SaaS sprawl, identity complexity, and shadow IT are continuously reshaping organizational risk. For security leaders, visibility isn’t the challenge anymore, but actually operationalizing that visibility is. Surface Command…RAPID7.COM
20 MayThe cost of trusting the extension ecosystem.GitHub confirms a breach tied to a malicious VS Code extension. Anthropic fights a Pentagon blacklist as the White House weighs new AI security rules. Drupal scrambles to patch a critical flaw. Cisco Talos tracks the evolution of BadIIS malware-for-hire. Signal adds anti-phishing…THECYBERWIRE.COM
20 MayGitHub Confirms Breach, 4K Internal Repos StolenOpen source software giant GitHub confirmed a data breach this week involving the theft of thousands of repos. One threat actor — TeamPCP — took credit.DARKREADING.COM
20 MayThe AI Kill Switch ProblemThe UK is discussing cybersecurity legislation that could include emergency shutdown mechanisms — “kill switches” — for advanced AI systems that threaten national security or human life. The speaker argues that emergency stop capabilities are reasonable at the system level. AI sy…YOUTUBE.COM
20 MayPinTheft: Another Linux Privilege Escalation, Another Working Exploit, This Time Targeting ArchPinTheft is a Linux LPE flaw in the RDS subsystem with public exploit code. Arch Linux users face the highest risk and should patch immediately. The wave of Linux local privilege escalation vulnerabilities showing up with working exploit code is not slowing down. The latest is Pi…SECURITYAFFAIRS.COM
20 MayFake Android Apps Commit Carrier Billing Fraud for Premium Svcs.The disguised apps use WebView automation, JavaScript injection, and OTP interception to avoid detection and complete fraudulent subscriptions.DARKREADING.COM
20 MayIntroducing RAMPART and Clarity: Open source tools to bring safety into Agent development workflowThe AI systems shipping inside enterprises today are fundamentally different from the ones we were building even two years ago, because they have moved well past answering questions and into accessing your email, retrieving records from your CRM, writing and executing code, and t…MICROSOFT.COM
19 MayCTT - 468,124 breached accountsIn April 2026, data allegedly obtained from CTT, Portugal's national postal service, was posted to a public hacking forum . The data included 468k unique email addresses along with names, phone numbers and parcel tracking numbers which can be used to retrieve the tracking history…HAVEIBEENPWNED.COM
19 MayGitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD CredentialsIn yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious code that harvests sensitive credentials and exfiltrates them to an attacker-controlled server. "Every existing tag in the…THEHACKERNEWS.COM
19 MayCISA Admin Reportedly Exposes AWS GovCloud Credentials in Public GitHub RepositoryA significant security lapse involving the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has come to light after a contractor reportedly exposed highly sensitive AWS GovCloud credentials in a public GitHub repository. The incident, disclosed by security researchers…GBHACKERS.COM
19 MaySEPPmail Gateway Flaws Expose Organizations to RCE and Email Traffic InterceptionMultiple critical vulnerabilities in the SEPPmail Secure E-Mail Gateway are putting thousands of organizations at risk of remote code execution (RCE) and the interception of sensitive email. The flaws, tracked under several CVEs, impact widely deployed SEPPmail appliances used fo…GBHACKERS.COM
19 MayMythos Preview Automates PoC Exploit Creation for Vulnerability ResearchA new AI model from Anthropic is changing how security teams find and prove software vulnerabilities. It is raising hard questions about what happens when the same technology falls into the wrong hands. Cloudflare has published findings from its participation in Project Glasswing…GBHACKERS.COM
19 MayPublic Instagram posts provide raw material for AI phishing campaignsA handful of public Instagram posts can give attackers enough material to generate convincing phishing emails with GenAI. Research from the University of Texas at Arlington and Louisiana State University showed how public social media activity can be turned into phishing messages…HELPNETSECURITY.COM
19 MayEarbud sensors can authenticate users by their heartbeat, study findsResearchers built a continuous authentication system called AccLock that identifies a wearer by the tiny vibrations a heartbeat makes inside the ear canal. The signal comes from an accelerometer of the kind already sitting inside many wireless earbuds, so no extra hardware is nee…HELPNETSECURITY.COM
19 MayCompromised GitHub Action Steals Workflow CredentialsA widely used GitHub Action, actions-cool/issues-helper, has been compromised in a supply chain attack that exposes sensitive CI/CD secrets to an attacker-controlled domain. The attack hinges on a subtle but powerful manipulation of Git tags. Instead of altering the visible commi…GBHACKERS.COM
19 MayHackers Exploit Entra ID Accounts to Steal Microsoft 365, Azure DataHackers Abuse Microsoft Entra ID Accounts to Exfiltrate Microsoft 365 and Azure Data. A highly sophisticated cyberattack campaign carried out by a threat actor tracked as Storm-2949, targeting Microsoft Entra ID accounts to steal sensitive data from Microsoft 365 and Azure enviro…GBHACKERS.COM
19 MayProtecting the Neglected: Measuring County Cyber Risk with Dr. Ido Sivan SevillaIn this episode, host Caleb Tolin sits down with Dr. Ido Sivan Sevilla, an Assistant Professor at the Hebrew University School of Public Policy & Governance and the School of Computer Science and Engineering, to expose critical vulnerabilities within U.S. county governments. As t…THECYBERWIRE.COM
19 MayiProov brings identity verification to video meetings to reduce fraud risksiProov has launched iProov Verified Meetings, a new solution that enables organizations to verify the identity of video call participants without adding friction to the user experience. Video meetings have become a trusted and scalable communication channel, but attackers are inc…HELPNETSECURITY.COM
19 MayPostgreSQL Flaws Expose Databases to Remote Code Execution and SQL InjectionPostgreSQL has released critical security updates addressing multiple high-impact vulnerabilities that could allow remote code execution (RCE), SQL injection, and denial-of-service (DoS) attacks across widely deployed database environments. The PostgreSQL Global Development Group…GBHACKERS.COM
19 MayShai-Hulud worm copycats emerge after source code leakShai-Hulud worm copycats are already attacking NPM developers after its source code leaked, enabling fast supply chain exploitation. The first copycats of the Shai-Hulud worm have already started showing up online, only a few days after the malware’s source code was dumped on Git…SECURITYAFFAIRS.COM
19 May7 tips for accelerating cyber incident recoveryDespite strong and redundant defenses, enterprises remain vulnerable to a wide range of cyberattacks. And because attacks — and cyber incidents — are inevitable, developing an incident response and recovery process that’s quick, comprehensive, and coordinated is essential. Expedi…CSOONLINE.COM
19 MayGrafana Labs Confirms Hackers Stole Source CodeOpen source tool maker Grafana says hackers stole codebase via GitHub breachINFOSECURITY-MAGAZINE.COM
19 MaySEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic AccessCritical security vulnerabilities have been disclosed in SEPPMail Secure E-Mail Gateway, an enterprise-grade email security solution, that could be exploited to achieve remote code execution and enable an attacker to read arbitrary mails from the virtual appliance. "These vulnera…THEHACKERNEWS.COM
19 MayOperation Ramz Dismantles 53 Servers Used in Scam and Malware CampaignsA large-scale international cybercrime operation led by INTERPOL has resulted in 201 arrests and the takedown of 53 malicious servers linked to phishing, malware, and online scam campaigns across the Middle East and North Africa (MENA) region. Dubbed Operation Ramz, the init…GBHACKERS.COM
19 MayDrupal to Release Urgent Core Security Updates on May 20, Sites Told to PrepareDrupal has issued an alert stating that it intends to release a "core security release" for all supported branches on May 20, 2026, from 5-9 p.m. UTC. "The Drupal Security Team urges you to reserve time for core updates at that time because exploits might be developed within hour…THEHACKERNEWS.COM
19 MayUAC-0184 Uses Bitsadmin and HTA Files to Deliver Gated MalwareUAC-0184 uses a multi‑stage malware chain that abuses bitsadmin and HTA loaders to reach a heavily obfuscated payload bundle, ultimately hiding behind signed binaries such as VSLauncher.exe and PassMark Endpoint to gain stealthy network access on Ukrainian military networks. CERT…GBHACKERS.COM
19 MayAI Raises the Bar on Vulnerability Awareness and Secure-by-Design SoftwareAI-powered vulnerability scanning leaves no excuse for unpatched bugs as the EU Cyber Resilience Act pushes firms toward secure-by-design softwareINFOSECURITY-MAGAZINE.COM
19 MayPhishing Campaign Exploits Google AppSheets to Target Facebook AccountsResearchers at Guardo Labs are tracking a major phishing campaign that abused Google AppSheet as a relay to send phishing emails. The researchers identified more than 30,000 Facebook accounts that were compromised by this campaign. Since the emails are sent from Google’s legitima…KNOWBE4.COM
19 MayInternet Explorer may be dead, but its ghost still runs malwareMicrosoft’s aging “mshta.exe” utility, a leftover component from Internet Explorer, is still being actively abused in modern malware campaigns years after the browser itself was retired. According to new research from Bitdefender, attackers continue to abuse Microsoft HTML Applic…CSOONLINE.COM
19 MayPureLogs infostealer is stealing credentials worldwideA phishing campaign is smuggling the powerful PureLogs information stealer onto targets’ Windows machines by hiding encrypted malicious payloads inside cat photos, Fortinet researchers discovered. The attack The attack starts with a phishing email containing a TXZ archive a…HELPNETSECURITY.COM
19 MayHackers have compromised dozens of popular open source packages in an ongoing supply chain attackThe attacks are part of a wider campaign known as Mini Shai-Hulud, which has already compromised several open source projects and, in turn, developers and companies that use them.TECHCRUNCH.COM
19 MayGitHub scales back bug bounties, reminds users security is their responsibility tooFaced with the growing volume of submission to its bug bounty program, GitHub is replacing cash bounties with swag rewards for reports with low security impact — and asking researchers to stop submitting reports that are low quality or about things that aren’t its fault. The clou…CSOONLINE.COM
19 MayMini Shai-Hulud returns, compromising hundreds of npm packagesAnother malware wave is washing through open-source software repos, stealing publishing tokens, installing OS‑level backdoors and persisting in developer tools and CI pipelines. The post Mini Shai-Hulud returns, compromising hundreds of npm packages appeared first on CyberScoop .CYBERSCOOP.COM
19 MayPatch bypass allows hackers to exploit prior flaw in SonicWall SSL-VPNResearchers said a wave of attacks began in February targeting firewalls that appeared to be protected. CYBERSECURITYDIVE.COM
19 MayRapid7’s 2026 Global Cybersecurity Summit: Key Takeaways for Security LeadersSecurity teams are working in an environment where speed, scale, and complexity are all increasing at the same time. Across the Rapid7 2026 Global Cybersecurity Summit , the focus was not just on how the threat landscape is evolving, but on how teams are adapting their approach t…RAPID7.COM
19 MayTP-Link, Photoshop, OpenVPN, Norton VPN vulnerabilitiesCisco Talos’ Vulnerability Discovery & Research team recently disclosed eight vulnerabilities in TP-Link, and one each in Adobe Photoshop, OpenVPN, and Gen Digital's Norton VPN. The vulnerabilities mentioned in this blog post have been patched by their respective …TALOSINTELLIGENCE.COM
19 MayGoverning infrastructure as code using pattern-based policy as codeOrganizations often struggle to enforce security and compliance requirements consistently across their cloud infrastructure. In one environment, a workload might be deployed in an AWS Region that was never approved for that class of data. In another, a security group might allow …AWS.AMAZON.COM
19 MayTrapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 AppsCybersecurity researchers have disclosed details of a new ad fraud and malvertising operation dubbed Trapdoor targeting Android device users. The activity, per HUMAN's Satori Threat Intelligence and Research Team, encompassed 455 malicious Android apps and 183 threat actor-owned …THEHACKERNEWS.COM
19 MayMicrosoft dismantled malware-signing network Fox TempestMicrosoft disrupted Fox Tempest, a malware-signing-as-a-service (MSaaS) that allowed attackers to sign malware with fake trusted certificates. Microsoft said it disrupted a cybercrime operation run by a threat actor named Fox Tempest, which helped threat actors sign malware with …SECURITYAFFAIRS.COM
19 MayNews alert: Orchid Security study finds invisible identities now outnumber managed accountsNEW YORK, May 19, 2026, CyberNewswire— Orchid Security , the company solving identity at its core, today released its Identity Gap: 2026 Snapshot report, revealing that the majority of enterprise identity now exists outside the view of identity and access … (more…) The post…LASTWATCHDOG.COM
19 MayAntV data visualization tool the latest to be hit by ongoing npm supply chain attacksThe world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, this time targeting the widely-used AntV enterprise data visualization tool. Unlike last week’s high-profile npm attack on TanStack , which exploited a comple…CSOONLINE.COM
19 MayHuawei zero-day attack behind last year’s crash of Luxembourg's entire telecoms networkThere is no evidence that the incident has recurred, but the flaw remains unexplained and has not been publicly acknowledged by the company.THERECORD.MEDIA
19 MayCISA secrets left sitting on GitHub.A CISA contractor leaks GovCloud credentials on GitHub. INTERPOL cracks down on phishing infrastructure across the Middle East and North Africa. Microsoft patches a critical Authenticator flaw, while Poland moves officials off Signal after targeted phishing campaigns. A stealthie…THECYBERWIRE.COM
19 MayAttackers hit vulnerabilities hard last year, making exploits the top entry point for breachesVerizon’s annual Data Breach Investigations Report uncovered a surge of exploited vulnerabilities, and a growing lack of critical defect remediation industrywide. The post Attackers hit vulnerabilities hard last year, making exploits the top entry point for breaches appeared firs…CYBERSCOOP.COM
19 MayWindows Zero-Day Barrage Continues After Patch TuesdayYellowKey, GreenPlasma, and MiniPlasma add to the growing list of vulnerabilities a security researcher disclosed over the past six weeks.DARKREADING.COM
19 MayAI Spam Is Breaking Bug BountiesBug bounty programs created a structured way for security researchers to report vulnerabilities while helping software companies improve products without relying entirely on internal QA teams. The speaker argues that generative AI is now overwhelming some of these programs with l…YOUTUBE.COM
19 MayVerizon DBIR: Enterprises Face a Dangerous Vulnerability GlutVerizon's "2026 Data Breach Investigations Report" ("DBIR") finds that exploits are now involved in 31% of initial access for breaches, while patching lags too far behind the bad guys.DARKREADING.COM
19 MayMultiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code ExecutionMultiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large…CISECURITY.ORG
19 MaySN 1079: Daybreak and Codename MDASH - Microsoft's Edge Password BlunderOpenAI, Microsoft, and Google are racing to unleash next-gen AI that hunts for software vulnerabilities and hacks at scale. This episode explores how these advancements could shake up everything we thought we knew about cybersecurity. Microsoft rethinks Edge's "intended behavior"…TWIT.TV
18 MayThe Boring Stuff is Dangerous NowAI agents capable of discovering and exploiting obscure vulnerabilities are emerging alongside developers producing vast amounts of potentially flawed AI-generated code, forcing defenders to adapt accordingly.DARKREADING.COM
18 MayWhen ransomware hits, confidence doesn’t restore endpointsRansomware, supply chain vulnerabilities, insider threats, compliance failures, and software disruptions remain major concerns for security leaders, according to The Ransomware Reality: Zero Days to Recover report by Absolute Security. How CISOs currently ensure endpoint resilien…HELPNETSECURITY.COM
18 MayClaude Code Vulnerability Allows Attackers to Run Commands Through Crafted DeeplinksA recently disclosed flaw in Claude Code allowed attackers to execute arbitrary system commands using a single crafted deeplink URL, turning a convenience feature into a remote code execution (RCE) vector. The issue, documented by security researcher Joernchen, has been fixed in …GBHACKERS.COM
18 MayFormer CISA nominee Sean Plankey named US CEO of defense startupUFORCE, a London-based company founded by Ukrainians, is looking to make drones in America. The post Former CISA nominee Sean Plankey named US CEO of defense startup appeared first on CyberScoop .CYBERSCOOP.COM
18 MayCrafted JPEGs Could Trigger PHP Memory Bugs for ExploitationPHP, one of the most widely used web programming languages, is rarely viewed as a direct attack surface at its core level. Security focus typically shifts toward frameworks and third-party libraries. However, new research shows that PHP’s built-in functionality specifically the e…GBHACKERS.COM
18 MayResearchers Build First Public Apple M5 macOS Kernel Exploit with Mythos PreviewSecurity researchers have unveiled the first publicly known macOS kernel memory corruption exploit targeting Apple’s latest M5 silicon, marking a significant moment for both offensive security and Apple’s next-generation defenses. The exploit, developed in collaboration with Myth…GBHACKERS.COM
18 MayMalicious npm Packages Steal SSH Keys, Cloud Credentials, and Crypto WalletsA new supply chain attack campaign targeting developers has surfaced in the npm ecosystem, with four malicious packages discovered stealing sensitive data, including SSH keys, cloud credentials, and cryptocurrency wallets. The campaign, identified by OX Security within the past 2…GBHACKERS.COM
18 MayLyrie: Open-source autonomous pentesting agentPenetration testing has usually required weeks of manual work, specialized tooling, and teams with narrow skill sets. Lyrie, an open-source autonomous security agent built by OTT Cybersecurity, compresses that process into a command line tool and publishes the entire codebase. Th…HELPNETSECURITY.COM
18 MayAI shrinks vulnerability exploitation window to hoursTime has become organizations’ biggest vulnerability because the gap between vulnerability discovery and exploitation has narrowed to hours, according to Synack’s 2026 State of Vulnerabilities Report. Total vulnerabilities by severity (2022-2025) (Source: Synack) AI expands the a…HELPNETSECURITY.COM
18 MayCritical FunnelKit Vulnerability Puts 40,000+ WooCommerce Sites at RiskA critical security vulnerability in the Funnel Builder plugin by FunnelKit is actively being exploited, putting more than 40,000 WooCommerce websites at risk of payment data theft. The vulnerability affects all Funnel Builder versions prior to 3.15.0.3 and allows unauthenticated…GBHACKERS.COM
18 Mayn8n Security Flaws Could Let Attackers Achieve Remote Code ExecutionA set of critical vulnerabilities in the popular workflow automation platform n8n has raised serious security concerns, with researchers warning that attackers could chain multiple flaws to achieve full remote code execution (RCE) on affected systems. The issues, disclosed in mul…GBHACKERS.COM
18 May201 arrested in INTERPOL disruption of phishing and fraud networksOperation Ramz, a cybercrime initiative coordinated by INTERPOL across the MENA region, focused on disrupting phishing campaigns, malware activity, and cyber scams that caused substantial financial losses across the region. The operation resulted in the arrest of 201 individuals …HELPNETSECURITY.COM
18 MayWhy the best security investment a board can make in 2026 isn’t another toolThere is a conversation that happens in boardrooms every quarter that security leaders will recognize. The CISO presents the threat landscape. The board asks what the company needs. The answer, almost always, is another tool. Another platform, another module, another vendor to cl…CSOONLINE.COM
18 MayAI coding is fueling a secrets-sprawl crisis few CISOs are containingWhen Matt Schlicht built Moltbook, the social network where AI agents talk to one another, he didn’t write the code himself . He “just had a vision,” and vibe-coded it. The social network launched on Jan. 28, 2026, and within days, security researchers started to see serious secu…CSOONLINE.COM
18 MayAI Has a data problem, cascading breaches, and the weekly news - Dimitri Sirota - ESW #459### Interview with Dimitri Sirota from BigID Most organizations think AI risk lives in the model – or the identity. It doesn’t. It lives in the data. In this episode, BigID’s CEO reframes the conversation: why legacy access controls are breaking down, why visibility into sensitiv…YOUTUBE.COM
18 MaySecurity Researchers Find 47 Zero-Days at Pwn2Own BerlinThe research community was awarded $1.3m as it found dozens of novel vulnerabilities at Pwn2Own BerlinINFOSECURITY-MAGAZINE.COM
18 MayAttackers accessed, downloaded code from Grafana Labs’ GitHubA threat actor has managed to access Grafana Labs’ GitHub environment and download the company’s codebase, the open-source observability and data visualization firm announced on Sunday. The breach is significant given Grafana Labs’ widespread use across enterpri…HELPNETSECURITY.COM
18 MayMiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched SystemsChaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and GreenPlasma, has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day flaw that grants attackers SYSTEM privileges on fully patched Windows systems. Codena…THEHACKERNEWS.COM
18 MayFour Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS MalwareCybersecurity researchers have discovered four new npm packages containing information-stealing malware, one of which is a clone of the Shai-Hulud worm open-sourced by TeamPCP. The list of identified packages is below - chalk-tempalte (825 Downloads) @deadcode09284814/axios-util …THEHACKERNEWS.COM
18 MayZero-Day Exploit Against Windows BitLockerIt’s nasty , but it requires physical access to the computer: The exploit, named YellowKey, was published earlier this week by a researcher who goes by the alias Nightmare-Eclipse. It reliably bypasses default Windows 11 deployments of BitLocker, the full-volume encryption …SCHNEIER.COM
18 MayGremlin Stealer Hides Payloads in .NET Resources to Evade DetectionA newly discovered variant of the Gremlin Stealer is raising concerns among security researchers by adopting stealth-focused techniques that significantly reduce its detection footprint. Gremlin Stealer is an information-stealing malware actively sold on Telegram. It targets a wi…GBHACKERS.COM
18 MayNew image-based prompt injection attack targets multimodal AI modelsSecurity researchers have developed a new image-based prompt injection attack that can manipulate how multimodal AI systems interpret user instructions without modifying the original text prompt, potentially expanding security risks for AI agents and vision-language systems. In a…CSOONLINE.COM
18 MayOpen source tool maker Grafana Labs says hackers stole its code, refuses to pay ransomThe open source project said hackers stole its codebase and threatened to publish its source code if the company did not pay.TECHCRUNCH.COM
18 MayAI Security Shifts To Data ControlMost organizations today use commercial AI systems rather than hosting or training their own models. That includes platforms like OpenAI, Gemini, Microsoft Copilot, and Anthropic. This shift changes the security problem. Instead of focusing on testing model vulnerabilities, organ…YOUTUBE.COM
18 MayShinyHunters hack 7-Eleven: franchisee data and Salesforce records exposed7-Eleven confirmed a breach after ShinyHunters claimed theft of over 600,000 Salesforce records and franchisee data. 7-Eleven has confirmed a data breach after the ShinyHunters hacking group claimed it stole more than 600,000 Salesforce records containing personal and corporate i…SECURITYAFFAIRS.COM
18 May⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and MoreMonday opens with a trust problem. A mail server flaw is under active use. A network control system was targeted. Trusted packages were poisoned. A fake model page pushed a stealer. Then came the familiar ransom claim: the data was returned and deleted. The pattern is clear. One …THEHACKERNEWS.COM
18 MayResearchers craft a kernel exploit on Apple's M5 chips, with help from Mythos.Santa Clara County files lawsuit against Meta over alleged advertising practices. IBM security executive eyed for CISA director.THECYBERWIRE.COM
18 May18th May – Threat Intelligence ReportFor the latest discoveries in cyber research for the week of 18th May, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Vodafone, a major international telecom, has sustained a source code leak claimed by the Lapsus$ extortion group. The company confirme…RESEARCH.CHECKPOINT.COM
18 MayMY TAKE: AI agents force a rethink of enterprise service lines as vendors move up the tech tackORLANDO — Companies are pulling AI agents into their daily operations through a dozen side doors. Related: SaaS and AI agents converge One of them was in focus at KB4-CON , KnowBe4’s annual customer conference at the Marriott World Center … (more…) The post MY TAKE: AI agen…LASTWATCHDOG.COM
18 MayAI cyberattackers are getting better fasterThe ability of AI models to perform end-to-end, multi-stage penetration tests that match the capabilities of humans undertaking the same tasks has improved dramatically in recent months, according to new benchmarks published by the UK government’s AI Security Institute (AISI). In…CSOONLINE.COM
18 MayMicrosoft: Edge 148 will stop loading cleartext passwords in memoryMicrosoft says it is changing how Edge handles saved passwords in memory following public criticism and the release of a proof-of-concept tool that demonstrated credentials could be extracted in cleartext from the browser’s process memory. Microsoft confirmed that future versions…CYBERINSIDER.COM
18 MayAI is drowning software maintainers in junk security reportsAI-assisted vulnerability research has exploded, unleashing a firehose of low-quality reports on overworked software maintainers who are wasting hours sifting through noise instead of fixing real problems. Linus Torvalds, the Linux kernel’s creator, says the flood has made …HELPNETSECURITY.COM
18 MayGame over for 74 suspected scammers after Dutch cops plastered their faces on billboardsThe Dutch police’s Game Over?! campaign, which publicly displays images of suspected fraudsters to encourage self-surrenders and gather public tips, is proving successful, with the identities of 74 of the 100 suspects shown already identified. A digital display promoting the Dutc…HELPNETSECURITY.COM
18 MayAI Ends Productivity GuessworkAI tools and LLM-based workflows are changing how work output is produced and evaluated. Unlike traditional office environments or early remote work, output can now be tracked more directly through generated results and activity. This shifts productivity measurement away from phy…YOUTUBE.COM
18 MayGrafana confirms GitHub token breach cybercrime group claims the attackGrafana confirmed a GitHub token breach that exposed source code, but said no customer data or systems were affected. Grafana Labs confirmed a security incident after the extortion group Coinbase Cartel listed it on a leak site and claimed data theft on May 15. The breach was tri…SECURITYAFFAIRS.COM
18 MayMicrosoft May security patch fails for some due to boot partition size glitch“Something didn’t go as planned. Undoing changes.” That’s all the clue some Windows 11 users will get when Microsoft’s May Security Update fails to install because of insufficient free space on the EFI System Partition (ESP), leaving their systems unprotected by the dozens of pat…CSOONLINE.COM
18 MayThe M5 just met its memory problem.Researchers crack Apple’s M5 memory protections with a kernel exploit. An IBM Security executive emerges as a possible CISA pick. Researchers uncover four malicious npm packages. AI-generated “slop” floods bug bounty programs. Major healthcare breaches hit the HHS tracker, 7-Elev…THECYBERWIRE.COM
18 MayAI might cut false positives, but it won’t stop the slopAnthropic and OpenAI promise their latest tools will find more vulnerabilities. Cybersecurity employees say they’re already flooded with AI-generated reports. The post AI might cut false positives, but it won’t stop the slop appeared first on CyberScoop .CYBERSCOOP.COM
18 MayShai-Hulud Worm Clones Spread After Code ReleaseThe release of Shai-Hulud source code spells trouble for software developers as researchers worry the self-replicating worm could scale.DARKREADING.COM
18 MayMultiple Vulnerabilities in NGINX Could Allow for Remote Code ExecutionMultiple vulnerabilities have been discovered in NGINX, the most severe of which could allow for remote code execution. NGINX is a software used for web serving, reverse proxying, caching, and load balancing. Successful exploitation of the most severe of these vulnerabilities may…CISECURITY.ORG
18 MayHow Storm-2949 turned a compromised identity into a cloud-wide breachStorm-2949 turned stolen credentials into a cloud-wide breach, moving from identity compromise to large-scale data theft without using malware. This incident shows how threat actors can exploit trusted systems to operate undetected. The post How Storm-2949 turned a compromised id…MICROSOFT.COM
17 MayPwn2Own Berlin 2026, Day Three: DEVCORE Crowned Master of Pwn, $1.298 Million TotalPwn2Own Berlin 2026 ended with 47 zero-days and $1.29M in payouts, as DEVCORE dominated the competition across all categories. Pwn2Own Berlin 2026 ended after three intense days, with participants discovering 47 unique zero-days, and earning $1,298,250 in total payouts. Pwn2Own B…SECURITYAFFAIRS.COM
17 MayGrafana GitHub Token Breach Led to Codebase Download and Extortion AttemptGrafana has disclosed that an "unauthorized party" obtained a token that granted them the ability to access the company's GitHub environment and download its codebase. "Our investigation has determined that no customer data or personal information was accessed during this inciden…THEHACKERNEWS.COM
17 MayWeek in review: Cisco patches SD-WAN 0-day, unpatched Microsoft Exchange Server flaw exploitedHere’s an overview of some of last week’s most interesting news, articles, interviews and videos: Review: Foundations of Cybersecurity, 2nd edition Jason Andress has refreshed his introductory security text for No Starch Press. He writes in the introduction that the term security…HELPNETSECURITY.COM
17 MayGitHub Actions Cache Poisoning is eating open sourcesubmitted by codeinabox to security 3 points | 0 comments https://neciudan.dev/github-actions-poisoningPROGRAMMING.DEV
17 MayPwn2Own Berlin 2026 concludes with $1.29 million paid for 47 zero-daysPwn2Own Berlin 2026 wrapped up with another string of successful enterprise-targeted exploits, bringing the contest’s final tally to $1,298,250 awarded for 47 unique zero-day vulnerabilities discovered over three days. DEVCORE secured the “Master of Pwn” title with 50.5 points an…CYBERINSIDER.COM
17 MaySecurity Affairs newsletter Round 577 by Pierluigi Paganini – INTERNATIONAL EDITIONA new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Attackers exploit Funnel Buil…SECURITYAFFAIRS.COM
17 May KEVAttackers exploit Funnel Builder bug to inject e-skimmers into e-storesAttackers are exploiting a critical flaw in the WordPress Funnel Builder plugin to inject skimming code into WooCommerce checkout pages. A critical vulnerability in the WordPress Funnel Builder plugin is being actively exploited to inject malicious JavaScript into WooCommerce che…SECURITYAFFAIRS.COM
17 MayiodéOS review: Privacy-focused Android that doesn’t get in your wayiodéOS is a privacy-oriented Android operating system developed by the French company iodé, based on the Android Open Source Project (AOSP). The project focuses on reducing user tracking and dependence on Google services while still maintaining broad Android app compatibility and…CYBERINSIDER.COM
17 MayDebian 13.5 point release lands with security fixes, bug patchesDebian 13.5 is the fifth point release for the stable distribution “trixie.” The update folds in roughly 100 Debian Security Advisories and corrections for more than 130 source packages, covering everything from the Linux kernel and Apache HTTP Server to OpenSSH, sudo…HELPNETSECURITY.COM
16 MayInside CIRA: How Canada's .ca Registry Became a Global DNS & Cybersecurity ForceDavid Shipley interviews Jon Ferguson, VP at CIRA, about how the Canadian Internet Registration Authority evolved from early paper-based .ca registrations at UBC into a 142-person, member-based not-for-profit running .ca and authoritative Anycast DNS infrastructure now supporting…CYBERSECURITYTODAY.LIBSYN.COM
16 MayJDownloader Website Hack Exposes Windows and Linux Users to Malicious InstallersA popular open-source download manager trusted by millions suddenly became a malware delivery platform after attackers compromised its official website, replacing legitimate installers with trojanized versions targeting both Windows and Linux users. The incident, confirmed by JDo…GBHACKERS.COM
16 MayOpenAI and others deal with fallout from TanStack supply-chain attack.Disgruntled researcher discloses two Windows zero-days. Microsoft warns of critical zero-day in on-prem Exchange Servers.THECYBERWIRE.COM
16 MayOpenAI hit by supply chain attack linked to malicious TanStack packagesOpenAI said the TanStack supply chain attack compromised two employee devices and exposed credentials from code repositories. OpenAI confirmed that the recent TanStack supply chain attack compromised two employee devices and exposed credential material stored in internal source c…SECURITYAFFAIRS.COM
16 MayAI Broke Patch ManagementAI systems are now discovering software vulnerabilities at a pace that is forcing major vendors to rethink how they ship security updates. The speaker points to Mozilla fixes tied to Glasswing discoveries and Oracle shifting from quarterly to monthly patching cycles. That change …YOUTUBE.COM
16 MayFunnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout SkimmingA critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild to inject malicious JavaScript code into WooCommerce checkout pages with the goal of stealing payment data. Details of the activity were published by…THEHACKERNEWS.COM
15 MayHow a Google API Key Became an $8,000 AI Bill, Meta Scam Ads Lawsuit, and 73-Second Cyber AttacksGoogle Cloud customers are reporting shocking surprise bills after compromised or misused API keys were allegedly used to access expensive Gemini AI services. In one case, Rod Dinan says his monthly Google Cloud costs jumped from under $50 to nearly $8,000. Sydney developer Isuru…CYBERSECURITYTODAY.LIBSYN.COM
15 MayThe AI oversight paradox: Is the investment worth the cost of watching it?Unlike in 2025, when AI adoption and testing drove business strategies, organizations in 2026 want proven ROI before committing budgets, according to a report by Globalization Partners. How global executives characterize their organization’s approach to AI adoption (Source: Globa…HELPNETSECURITY.COM
15 MayHackers Exploit Scheduled Tasks for Persistence in FrostyNeighbor AttacksHackers linked to the long-running FrostyNeighbor cyber‑espionage group have intensified attacks against Ukrainian government organizations, deploying updated techniques that rely on scheduled tasks for stealthy persistence and server-side validation to evade detection. FrostyNei…GBHACKERS.COM
15 MayDell SupportAssist Update Forces Windows Systems Into BSOD LoopA faulty update to Dell’s SupportAssist Remediation service is triggering widespread system crashes, forcing thousands of Dell and Alienware devices into continuous Blue Screen of Death (BSOD) loops. Affected systems repeatedly crash with the “CRITICAL_PROCESS_DIED” error, often …GBHACKERS.COM
15 MaySoap Box: Where does AI fit into cloud security?In this sponsored soap box edition of the Risky Business podcast Patrick Gray chats with Toni de la Fuente, the founder of Prowler. Prowler started off as a bunch of scripts in a trenchcoat, then became an open source cloud security tool, and it’s now a venture-funded cloud secur…RISKY.BIZ
15 MayTeamPCP Hackers Exploit CI/CD Pipelines to Steal Cloud CredentialsA financially motivated threat group known as TeamPCP is aggressively targeting modern software supply chains, abusing trusted CI/CD pipelines to steal sensitive developer and cloud credentials at scale. TeamPCP’s core strategy is simple but highly effective: compromise trusted b…GBHACKERS.COM
15 MayPwn2Own Berlin 2026, Day One: $523,000 paid out, AI products fallPwn2Own Berlin 2026 day one saw 22 entries and 24 zero-days across major software, with researchers earning $523,000 in total rewards. Day one of Pwn2Own Berlin 2026 featured 22 entries targeting widely used technologies, including browsers, operating systems, AI platforms, and N…SECURITYAFFAIRS.COM
15 MayMultiple cPanel Vulnerabilities Could Lead to Sensitive Resource ExposureMultiple newly disclosed vulnerabilities in cPanel & WHM, including the critical CVE‑2026‑41940 authentication bypass bug and a cluster of May 2026 flaws, could allow attackers to access sensitive resources and hosting accounts if servers remain unpatched. Organizations runni…GBHACKERS.COM
15 MayChina-Linked Hackers Deploy New TencShell Malware Against Global ManufacturerA suspected China-linked threat actor targeted the Indian branch of a global manufacturer leveraging an open source offensive toolkitINFOSECURITY-MAGAZINE.COM
15 MayResearchers uncover YellowKey and GreenPlasma Windows Zero-DaysResearchers disclosed two new Windows zero-days named YellowKey and GreenPlasma affecting BitLocker and the CTFMON framework. A security researcher known as Chaotic Eclipse, also called Nightmare-Eclipse, disclosed two new Windows zero-day vulnerabilities named YellowKey and Gree…SECURITYAFFAIRS.COM
15 MayMicrosoft Edge, Windows 11, and LiteLLM Fall to Exploits at Pwn2Own Berlin 2026The world’s top ethical hackers wasted no time breaking into modern software and AI systems on the opening day of Pwn2Own Berlin 2026, exposing critical zero-day vulnerabilities in Microsoft Edge, Windows 11, LiteLLM, and NVIDIA platforms. On May 14, researchers demonstrated 24 u…GBHACKERS.COM
15 May KEVEU’s Cyber Resiliency Act will put IT leaders to the testUnlike most cyber security regulations, the EU’s Cyber Resilience Act is about product safety rather than processes or certification, extending the CE mark from the physical side of products to software, firmware, backend services, and anything with a network connection. It encod…CSOONLINE.COM
15 MayThe economics of ransomware 3.0The moment every boardroom dreads There is a moment in almost every ransomware negotiation — usually around 36 hours, when legal, IT and the CFO are all in the same room — when someone says it out loud: “Let’s just see what the insurance covers.” That instinct, understandable as …CSOONLINE.COM
15 MayRocky Linux launches opt-in security repository for urgent fixesRocky Linux has introduced a Security Repository that allows the distribution to ship urgent security fixes ahead of upstream Enterprise Linux when public exploit code exists and upstream patches are unavailable. “The repository is disabled by default. That’s intentio…HELPNETSECURITY.COM
15 MayMicrosoft Warns HPE Operations Agent Abused in Malware-Free AttacksMicrosoft has revealed a stealthy intrusion campaign where attackers bypassed traditional malware and exploits, instead abusing trusted enterprise tools to silently infiltrate networks. The technique highlights a growing shift in cyberattacks where adversaries rely on legitimate …GBHACKERS.COM
15 MayAutonomous systems are finally working. Security is nextWaymo recently crossed a major milestone: Over 170 million autonomous miles driven without a single serious crash or injury. For years, autonomous driving was treated as a promise that was always just out of reach — too complex, too risky and not ready for the real world. That ar…CSOONLINE.COM
15 MayGremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource FilesUnit 42 analyzes the evolution of Gremlin stealer. This variant uses advanced obfuscation, crypto clipping and session hijacking to compromise data. The post Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
15 MayTanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS UpdatesOpenAI has disclosed that two of its employee devices in its corporate environment were impacted via the Mini Shai-Hulud supply chain attack on TanStack, but noted that no user data, production systems, or intellectual property were compromised or modified in an unauthorized mann…THEHACKERNEWS.COM
15 MayAkamai to acquire LayerX for $205 millionAkamai has entered into a definitive agreement to acquire LayerX, a provider of browser-based AI usage control and secure enterprise browser (SEB) technology. LayerX’s solutions will extend Akamai’s protection into the browser, where the majority of enterprise tasks now occur and…HELPNETSECURITY.COM
15 MayShai-Hulud Worm Steals Dev Secrets Across npm, GitHub, AWS & KubernetesShai-Hulud is a major cybersecurity threat targeting the open-source software supply chain. Security researchers are raising alarms over “Shai-Hulud,” a self-propagating npm worm designed to steal sensitive developer credentials from GitHub, AWS, Kubernetes, and local environment…GBHACKERS.COM
15 MayGoogle Project Zero Details Pixel 10 Zero-Click Exploit ChainA powerful zero-click exploit chain for the Pixel 10 that can take an attacker from a remote Dolby decoding bug to full kernel control through a single vulnerable video processing driver. The work shows both how quickly Google can now patch critical issues and how shallow mistake…GBHACKERS.COM
15 MayHackers Exploit OAuth Device Flow to Steal Microsoft 365 TokensHackers are rapidly weaponizing a little-known Microsoft authentication feature to hijack enterprise accounts, as device code phishing surges across the threat landscape. The spike in activity is closely tied to the public release of criminal toolkits and phishing-as-a-service (P…GBHACKERS.COM
15 MayMicrosoft Reports Severe Zero-Day Flaw in On-Prem Exchange ServersThe zero-day vulnerability affects on-premises installations for all versions of Exchange Server 2016, 2019 and Subscription EditionINFOSECURITY-MAGAZINE.COM
15 MayRedesigning Security Culture for the Agentic AgeThe launch of platforms like Moltbook , OpenClaw , and RentAHuman in early 2026 has provided an unsettling glimpse into the future. We are entering a phase of the digital workplace where AI agents no longer just assist us, they interact with one another, act autonomously in the p…KNOWBE4.COM
15 MayCISA orders all federal agencies to patch exploited bug in Cisco SD-WAN systems by SundayCisco released a patch for the vulnerability on Thursday, writing in an advisory that it could “allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.”THERECORD.MEDIA
15 MayResearchers claim the first macOS kernel exploit on Apple M5 chipsSecurity researchers have announced what they describe as the first public macOS kernel memory corruption exploit capable of bypassing Apple’s Memory Integrity Enforcement (MIE) protections on the latest M5 chip. The exploit chain, developed by researchers at Calif with assistanc…CYBERINSIDER.COM
15 MayHack One, Own Every MowerRobotic lawnmowers and similar IoT devices can become security risks when attackers gain firmware access or exploit weak credential practices. When devices share identical configurations or weak default credentials, compromising one unit can potentially expose entire fleets. In p…YOUTUBE.COM
15 MayCisco zero-day under ongoing attack by persistent threat groupThe threat group behind the attacks is also linked to a series of recently disclosed vulnerabilities in the vendor’s firewalls and SD-WAN systems. The post Cisco zero-day under ongoing attack by persistent threat group appeared first on CyberScoop .CYBERSCOOP.COM
15 MayFour OpenClaw Flaws Enable Data Theft, Privilege Escalation, and PersistenceCybersecurity researchers have disclosed a set of four security flaws in OpenClaw that could be chained to achieve data theft, privilege escalation, and persistence. The vulnerabilities, collectively dubbed Claw Chain by Cyera, can permit an attacker to establish a foothold, expo…THEHACKERNEWS.COM
15 MayUS orders travelers on Air Force One to throw away gifts, pins, and burner phones after China tripPeople who travelled to Beijing for a summit between the United States and China had to throw away items they received during the trip before boarding Air Force One, presumably for security reasons.TECHCRUNCH.COM
15 MayOpenAI impacted by TanStack supply-chain attack.Shai-Hulud code has been leaked. Microsoft warns of critical zero-day in on-prem Exchange Servers.THECYBERWIRE.COM
15 MayAttackers exploit critical flaw in Cisco Catalyst SD-WAN ControllerResearchers discovered the authentication bypass vulnerability while investigating a prior issue in the same service.CYBERSECURITYDIVE.COM
15 MayMullvad VPN exit IP patterns could enable user fingerprintingA researcher has disclosed a privacy weakness in Mullvad VPN that could allow users to be probabilistically identified across different VPN servers by correlating the exit IP addresses assigned to their WireGuard connections. The issue stems from how Mullvad deterministically ass…CYBERINSIDER.COM
15 MayHere’s how the FTC plans to enforce the Take It Down ActThe commission will dole out hefty fines and promises investigations for Take It Down Act violators. Experts say questions remain around the agency’s resources and priorities. The post Here’s how the FTC plans to enforce the Take It Down Act appeared first on CyberScoop .CYBERSCOOP.COM
15 MayA Vulnerability in Microsoft Exchange Server Could Allow for Arbitrary Code ExecutionA vulnerability has been discovered in Microsoft Exchange Server that could allow for arbitrary code execution. Microsoft Exchange Server is an enterprise-level email and collaboration platform developed by Microsoft that runs on Windows Server. Successful exploitation could allo…CISECURITY.ORG
15 MayOne email could be all it takes.Microsoft sounds the alarm on a critical Exchange zero-day, OpenAI and Mistral AI deal with fallout from a widening supply-chain attack campaign, and researchers uncover a thriving underground market for unlocking stolen iPhones. A stealthy macOS infostealer spreads through Click…THECYBERWIRE.COM
15 MayMicrosoft Exchange zero-day chain nets DEVCORE $200K at Pwn2OwnPwn2Own Berlin 2026 continued with another wave of successful zero-day demonstrations on Thursday, as security researchers earned $385,750 for 15 unique vulnerabilities targeting enterprise software, AI platforms, operating systems, and developer tools. The biggest payout of the …CYBERINSIDER.COM
15 MayExpired domain leads to supply chain attack on node-ipc npm packageA popular npm package called node-ipc has been compromised, with hackers publishing malicious versions that bundle credential stealing malware. The root cause of the compromise was an expired domain name that attackers managed to register in order to hijack a maintainer’s account…CSOONLINE.COM
15 MayCisco, Canvas, Microsoft, Exchange 0-Days, NPM Backdoors, GPT-5.5 and more... - SWN #581Cisco Catalyst, Canvas, Exchange 0-Days, BitLocker Bypass, Mini Shai Hulud, Node IPC, Patch Tuesday, GPT-5.5, Supply Chain Attacks, and More on the Security Weekly News Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/sw…YOUTUBE.COM
15 MayPwn2Own Berlin 2026, Day Two: $385,750 more, Microsoft Exchange falls, and the running total crosses $900KDay two of Pwn2Own Berlin 2026 saw $385,750 earned for 15 zero-days, bringing the total to $908,750 and 39 vulnerabilities over two days. During the second day of Pwn2Own Berlin 2026, security researchers earned $385,750 after successfully demonstrating 15 unique zero-day vulnera…SECURITYAFFAIRS.COM
14 MayAmazon Quick Security Flaw Allowed Restricted Users to Access AI Chat AgentsA newly disclosed security flaw in Amazon’s AI-powered business intelligence platform has revealed how restricted users could quietly bypass controls and interact with AI chat agents, despite explicit administrative denial. The issue, discovered by Fog Security researcher Jason K…GBHACKERS.COM
14 MayGitLab Security Flaw Allows Cross-Site Scripting and Unauthenticated DoSGitLab has issued an urgent security update to neutralise a massive wave of vulnerabilities. Threat actors could exploit these newly disclosed flaws to silently hijack developer sessions or completely paralyze continuous integration pipelines with unauthenticated attacks. GitLab …GBHACKERS.COM
14 MayHackers Hijack HWMonitor to Sideload Malicious DLLHackers are once again exploiting user trust in legitimate software, this time abusing the popular CPUID HWMonitor utility to deliver a stealthy remote access trojan. The malicious archive mimics a legitimate installer, highlighting how trusted tools remain a powerful lure for in…GBHACKERS.COM
14 MayPoC Released for 18-Year-Old NGINX Flaw Allowing Remote Code ExecutionA critical vulnerability in NGINX’s source code, hidden since 2008, has finally been exposed, and a working exploit is already in the wild. Security researchers at depthfirst have publicly released a proof-of-concept (PoC) exploit demonstrating unauthenticated remote code e…GBHACKERS.COM
14 MayPackagist Warns: Update Composer Now After GitHub Actions Token LeakA sudden change in GitHub’s token format has triggered an unexpected security vulnerability in Composer, exposing sensitive authentication tokens in CI/CD logs and forcing Packagist to issue an urgent warning to PHP developers worldwide. The issue stems from a mismatch between Gi…GBHACKERS.COM
14 MayNew Exim BDAT GnuTLS Vulnerability Enables Code Execution AttacksA critical, stealthy vulnerability is lurking deep within Exim, the software powering a massive share of the world’s email infrastructure. Sitting exposed on the internet’s front lines, these message transfer agents are highly lucrative targets for ruthless threat act…GBHACKERS.COM
14 MayGentlemen RaaS Exploits Fortinet and Cisco Edge Devices for Initial AccessThe Gentlemen ransomware-as-a-service (RaaS) operation is turning exposed Fortinet and Cisco edge devices into a fast lane into enterprise networks and doing it at scale. What began as a rising RaaS brand in mid‑2025 has, by early 2026, evolved into one of the most active program…GBHACKERS.COM
14 MayAbrigo - 711,099 breached accountsIn April 2026, the fintech software company Abrigo was targeted in a "pay or leak" extortion attempt by the ShinyHunters group . Shortly after, data allegedly taken from the company's Salesforce instance was published publicly and contained over 700k unique email addresses belong…HAVEIBEENPWNED.COM
14 MayWhat CISOs need to land a board roleCybersecurity leaders often have complex relationships with their boards. Many boards lack cyber expertise, and CISOs can encounter roadblocks as a result when it comes to earning board approval. Other security leaders may not have a direct line to their board, or they may be vie…CSOONLINE.COM
14 MayDeepfake sextortion forces schools to remove student photos from websitesExperts are urging schools to take down identifiable photos of students, after AI deepfakes have led to sextortion cases at UK schools.MALWAREBYTES.COM
14 MayMy relationship status is “compromised.”This week, hosts of N2K CyberWire Maria Varmazis and Dave Bittner alongside …THECYBERWIRE.COM
14 MayCERN’s open source KiCad library gives the world 17,000 circuit board componentsCERN has released its complete KiCad component library under an open source license, making it available to hardware designers anywhere in the world. The library, maintained by CERN’s Design Office, contains more than 17,000 electronic components in the form of schematic sy…HELPNETSECURITY.COM
14 MayOver 70% of organizations hit by identity breachesAttackers rely on stolen credentials, compromised service accounts, and social engineering attacks targeting employees, according to Sophos’ The State of Identity Security 2026 survey. What do you estimate to be the overall cost to your organization to rectify the identity breach…HELPNETSECURITY.COM
14 MayMachine identities outnumber humans 109 to 1Organizations manage an average of 109 machine identities for every human identity. AI agents account for a growing share of those identities, with companies expecting AI agent growth of 85% over the next 12 months. Machine identities are projected to increase by 77%, and human i…HELPNETSECURITY.COM
14 MayWindows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege EscalationAn anonymous cybersecurity researcher who disclosed three Microsoft Defender vulnerabilities has returned with two more zero-days involving a BitLocker bypass and a privilege escalation impacting Windows Collaborative Translation Framework (CTFMON). The security defects have been…THEHACKERNEWS.COM
14 MayMicrosoft turns Copilot Studio into an AI agent control centerThe Microsoft Copilot Studio April 2026 updates improve visibility and governance for admins and expand workflow capabilities for managing agents. Copilot surfaces agent status in the authoring experience, giving admins insight into each agent’s security and protection posture. C…HELPNETSECURITY.COM
14 MayNew Malware Framework Enables Screen Control and UAC BypassA sophisticated malware framework capable of screen control, browser artifact access, and User Account Control (UAC) bypass, highlighting how attackers are increasingly adapting open-source tools for real-world intrusions. The attack chain revealed a carefully staged operation de…GBHACKERS.COM
14 MayCanon MailSuite Security Flaw Allows Attackers to Execute Code RemotelyCanon has disclosed a critical security vulnerability in its GUARDIANWALL MailSuite product that could allow attackers to execute arbitrary code remotely, raising serious concerns for organizations relying on the platform for email security. The issue, officially announced on May…GBHACKERS.COM
14 MayHow AI Hallucinations Are Creating Real Security RisksAI hallucinations are introducing serious security risks into critical infrastructure decision-making by exploiting human trust through highly confident yet incorrect outputs. When an AI model lacks certainty, it doesn’t have a mechanism to recognize that. Instead, it generates t…THEHACKERNEWS.COM
14 MayChinese APT Exploits Microsoft Exchange to Breach Energy Sector NetworkChinese state-aligned hackers compromised a Microsoft Exchange server at a major energy firm. They repeatedly reused that same entry point to run a months‑long espionage operation, deploying the Deed RAT and Terndoor backdoors to maintain deep access across the network. The activ…GBHACKERS.COM
14 MayTeamPCP, BreachForums Launch $1K Supply-Chain Attack ContestA new cybercrime campaign is turning supply chain attacks into a public competition, as TeamPCP and BreachForums operators launch a $1,000 contest that encourages hackers to compromise open-source packages. The initiative, first highlighted by Dark Web Informer, signals an escala…GBHACKERS.COM
14 MayFlowerStorm phishing gang adopts virtual-machine obfuscation to evade email defensesA widely active phishing-as-a-service (PhaaS) operation known as FlowerStorm has begun using a browser-based virtual machine to conceal credential theft code, marking what researchers say is an escalation in phishing-kit sophistication that could make attacks harder for tradition…CSOONLINE.COM
14 MayFrontier AI models reap rapid discovery of security vulnerabilitiesSecurity teams have just a few months before AI-driven exploitation becomes the norm, researchers warn.CYBERSECURITYDIVE.COM
14 MayThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ StoriesEverything is still on fire. This week feels dumb in the worst way — bad links, weak checks, fake help desks, shady forum posts, and people turning supply chain attacks into some cursed little game for clout and cash. Half of it feels new. Half of it feels like crap we should hav…THEHACKERNEWS.COM
14 MayThe time of much patching is comingIn this week’s newsletter, Martin reflects on what the next iteration of AI tools means for vulnerability discovery and our ability to manage large-scale patch releases.TALOSINTELLIGENCE.COM
14 MayODNI taps officials to coordinate response to foreign election threatsDirector of National Intelligence Tulsi Gabbard has tapped two individuals to coordinate work across U.S. spy agencies to monitor threats to the 2026 elections, according to multiple sources familiar with the matter.THERECORD.MEDIA
14 MayRegional routing for AWS access portals: Implementing custom vanity domains for IAM Identity CenterAWS IAM Identity Center provides a web-based access portal that gives your workforce a single place to view their AWS accounts and applications. With the recent launch of IAM Identity Center multi-Region replication, customers can replicate their IAM Identity Center instance acro…AWS.AMAZON.COM
14 MayThe era of AI-powered attacks is here.Google says AI-powered cybercrime has gone industrial scale. Two new Windows zero-days emerge. Signal threatens to leave Canada over lawful access legislation. Pentagon-linked influence operations shift to paid ads. Linux admins scramble to patch a new root-level flaw. FamousSpar…THECYBERWIRE.COM
14 MayGoogle announces hackers are using AI to create zero days.Canvas pays hackers.THECYBERWIRE.COM
14 MayOpenAI asks macOS users to update after TanStack npm supply chain attackThe actions are being taken in light of an expanding supply chain campaign impacting the popular open-source library TanStack and additional npm and PyPI packages tied to several AI companies.THERECORD.MEDIA
14 May KEVMaximum Severity Cisco SD-WAN Bug Exploited in the WildThis is the second time this year a threat actor has leveraged a CVSS 10.0 vulnerability in Cisco's network control system.DARKREADING.COM
14 MayYou're not going to patch your way out of this - PSW #926This week: - New Yellowkey bitlocker bypass and what it means for you - Hackers can run you over with a robot lawnmower - FCC says new things about routers, again - Glitching with AI - almost no false positives - AI thought it was evil - DirtyFrag and the sad state of Linux LPEs …YOUTUBE.COM
14 MayBring out your dead: How agentic AI for cybersecurity helps you rid your cloud of forgotten, risky assetsTenable Hexa AI eliminates “zombie” cloud infrastructure, helping you reduce risk and make a “killing” on cost reduction. Key takeaways As AI accelerates cloud growth, zombie cloud assets multiply in your environment. You need agentic AI to prevent a cloud zombie apocalypse. Clou…TENABLE.COM
14 MayAI Just Hacked HardwareAn AI agent was used to autonomously execute a voltage fault injection attack against an ESP32 Secure Boot V1 system. It was given direct access to hardware interfaces and handled major parts of the attack chain, including tool configuration, exploit script generation, and firmwa…YOUTUBE.COM
14 MayThe First CVE Wave: Signs That AI-Assisted Vulnerability Discovery Is Reshaping Disclosure VolumesPublic CVE disclosure volumes are surging across major software suppliers and open source projects, and the evidence increasingly points to AI-assisted vulnerability discovery as the driving force.VULNCHECK.COM
14 MayOrBit (Re)turns: Tracking an open-source Linux rootkit across four years of forks and deploymentsExplore how OrBit, a two-stage malware, has changed over the last 4 years and why it matters for defenders. The post OrBit (Re)turns: Tracking an open-source Linux rootkit across four years of forks and deployments appeared first on Intezer .INTEZER.COM
13 MayCanvas Breach 'Deal' With ShinyHunters, AI Zero-Day Warning, Checkmarx Hit AgainCybersecurity Today examines a troubling set of new security developments affecting schools, software supply chains, and account security. Instructure says it reached an "agreement" with the ShinyHunters threat group after the massive Canvas breach that may have affected up to 27…CYBERSECURITYTODAY.LIBSYN.COM
13 MayResearchers open-source a Wi-Fi cyber range for security trainingWireless security training programs lean heavily on generic network labs, with Wi-Fi appearing as a checkbox alongside Bluetooth, Zigbee, and cellular. Hands-on environments dedicated to IEEE 802.11 are uncommon, even as Wi-Fi remains the default on-ramp to corporate networks and…HELPNETSECURITY.COM
13 MayRisky Business #837 -- GitHub Actions footgun claims TanStackOn this week’s show Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover: Mini Shai-Hulud and the TanStack compromise using Github Actions Instructure pays Canvas elearning platform data extortionists More Linux privilege escalation 0days!…RISKY.BIZ
13 MaySandyaa: Open-source autonomous security bug hunterSource code auditing has traditionally relied on static analyzers that flag long lists of potential issues, leaving engineers to sort bugs from noise. A new open-source project from offensive-security firm SecureLayer7 takes a different route, using LLMs to read a codebase, trace…HELPNETSECURITY.COM
13 MayClickFix Evolves Using Decade-Old Open-Source Python SOCKS5 ProxyA newly observed ClickFix campaign is pushing beyond simple user-triggered infections, introducing a more persistent and stealthy intrusion chain using PySoxy, a 10-year-old open-source Python SOCKS5 proxy. Unlike traditional ClickFix attacks that rely on a single PowerShell exec…GBHACKERS.COM
13 May KEV2026 CSO Award winners showcase business-enabling cyber innovationThe annual CSO Awards annually recognize security projects that demonstrate outstanding security leadership and business value. For this year’s program, CSO honors 64 security organizations whose hard work and innovative approaches have had a significant impact on how their enter…CSOONLINE.COM
13 MayGoogle entdeckt erstmals KI-basierten Zero-Day-ExploitWillkommen im neuen, KI-geschwängerten Bedrohungszeitalter. Gorodenkoff / Shutterstock Die Google Threat Intelligence Group (GTIG) warnt davor, dass kriminelle Hacker mittlerweile KI einsetzen – sowohl, um Schwachstellen aufzuspüren, als auch um anschließend Malware zu entwickeln…CSOONLINE.COM
13 MayNetSPI AI-powered Continuous Pentesting identifies high-impact vulnerabilitiesNetSPI launched AI-powered Continuous Pentesting offerings, designed to help organizations continuously identify, validate and reduce risk across dynamic external and cloud environments. Organizations are managing an expanding number of potential entry points as new internet-faci…HELPNETSECURITY.COM
13 MayReport: 4 in 10 UK Businesses Were Breached by Phishing Last Year43% of businesses in the UK reported a breach last year, with phishing driving the vast majority (85%) of these attacks, the Register reports. A survey by the British government found that attacks involving only phishing grew by six percent in 2025.KNOWBE4.COM
13 MayCISA’s AI SBOM guidance pushes software supply-chain oversight into new territoryThe US Cybersecurity and Infrastructure Security Agency (CISA) and its G7 cyber agency partners have released a list of minimum elements for an AI software bill of materials, a move that could help CISOs assess the security and provenance of AI systems entering enterprise environ…CSOONLINE.COM
13 MayBreaking things to keep them safe with Philippe LaulheretPhilippe shares his unique journey from French engineering school to the front lines of cybersecurity, explaining how his lifelong love for solving puzzles helps him uncover critical security flaws before they can be exploited.TALOSINTELLIGENCE.COM
13 MayClickFix finds a backup plan in PySoxy proxy chainsClickFix, a one-shot social engineering technique that tricks victims into executing malicious workflows disguised as fixes to technical issues in their systems, has got a persistence upgrade. In a one-off instance, ReliaQuest researchers have spotted an intrusion chain using sch…CSOONLINE.COM
13 MayMay 2026 Patch Tuesday: no zero-days but plenty to fixMay’s Patch Tuesday may not be the giant release many expected, but there are still plenty of important fixes that shouldn’t be ignored.MALWAREBYTES.COM
13 MayKDE gets over €1 million investment to strengthen security and core infrastructureEuropean governments and public institutions have been shifting away from proprietary software for years, and the financial infrastructure supporting open-source alternatives is growing to match. Germany’s Sovereign Tech Fund announced today that it is investing more than €…HELPNETSECURITY.COM
13 May KEVMay 2026 Patch Tuesday: 137 Vulnerabilities, No Zero-DaysMay 2026 Patch Tuesday: 137 Vulnerabilities, No Zero-Days Microsoft released its May 2026 Patch Tuesday security updates, resolving a total of 137 vulnerabilities across Windows and a broad range of Microsoft products and components. Unlike the previous several months, this relea…SOCRADAR.IO
13 MayMost Remediation Programs Never Confirm the Fix Actually WorkedSecurity teams have never had better visibility into their environments and never been worse at confirming what they fix stays fixed. Mandiant's M-Trends 2026 report puts the mean time to exploit at an estimated negative seven days. The Verizon 2025 DBIR puts median time to remed…THEHACKERNEWS.COM
13 MayMicrosoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE FlawsMicrosoft on Tuesday released patches for 138 security vulnerabilities spanning its product portfolio, although none of them have been listed as publicly known or under active attack. Of the 138 flaws, 30 are rated Critical, 104 are rated Important, three are rated Moderate, and …THEHACKERNEWS.COM
13 MayPalo Alto bets on identity security for autonomous AI with Idira launchPalo Alto Networks has launched Idira, a new identity security platform aimed at securing human users, machine identities, and AI agents amid the rising adoption of autonomous AI systems amongst enterprises. The company is positioning Idira as a next-generation identity security …CSOONLINE.COM
13 MaySecuring data centers in the agentic AI eraFind out how data center operators can protect critical building-management systems and cyber-physical infrastructure from AI-powered threats, as well as comply with evolving regulations. Key takeaways Data centers have evolved from simple storage hubs into critical national infr…TENABLE.COM
13 MayMicrosoft on pace to break annual vulnerability record as AI-driven patch wave takes holdFive months into 2026, Microsoft has already patched more than 500 vulnerabilities — although the exact monthly count varies depending on whether analysts include Edge, Chromium and fixes shipped earlier in the month.THERECORD.MEDIA
13 MayMicrosoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch TuesdayMicrosoft has unveiled a new multi-model artificial intelligence (AI)-driven system called MDASH to facilitate vulnerability discovery and remediation at scale, adding that it's being tested by some customers as part of a limited private preview. MDASH, short for multi-model agen…THEHACKERNEWS.COM
13 MayAzerbaijani Energy Firm Hit by Repeated Microsoft Exchange ExploitationA threat actor with affiliations to China has been linked to a "multi-wave intrusion" targeting an unnamed Azerbaijani oil and gas company between late December 2025 and late February 2026, marking an expansion of its targeting. The activity has been attributed by Bitdefender wit…THEHACKERNEWS.COM
13 MayWhat happens when China’s AI catches up to Mythos?The Trump-Xi summit opening in Beijing this week carries an agenda item unlike any in the history of US-China diplomacy: what to do about artificial intelligence that can autonomously find and exploit vulnerabilities in the world’s most critical software — and what happens when b…CSOONLINE.COM
13 MayHow to Identify and Exploit New VulnerabilitiesIn the ever-evolving world of cybersecurity, staying ahead of the curve is not just a goal—it’s a necessity. As new vulnerabilities emerge, the race to identify and mitigate them begins. But how do we, the guardians of the digital realm, rapidly pinpoint these threats as they bec…BLACKHILLSINFOSEC.COM
13 MayRapid7 Partner Academy: Driving Impact with Gold Stevie Award-Winning Partner Services CertificationsAt Rapid7, our commitment to our partners is built on the foundation of the PACT (Partnering with Accountability, Consistency, and Transparency) program. Central to this mission is the Rapid7 Partner Academy, which was recently honored with a Gold Stevie Award in the 2026 America…RAPID7.COM
13 MayMicrosoft Teams Vulnerability Allows Hackers to Perform Spoofing AttacksA newly discovered security flaw in Microsoft Teams for Android could allow attackers to carry out dangerous spoofing attacks. By exploiting improperly secured files, hackers can trick users and compromise sensitive corporate information. Microsoft has rapidly issued an official …GBHACKERS.COM
13 MayPatch Tuesday notes: Microsoft patches over a hundred flaws, none of which are zero-days.Foxconn confirms disruptive cyberattack as ransomware gang claims responsibility. Business news: Exaforce raises $125 million in Series B funding.THECYBERWIRE.COM
13 MayViral ‘RuView’ GitHub project uses Wi-Fi to track movement through wallsA new open-source project called “RuView” is drawing widespread attention online for demonstrating how ordinary Wi-Fi signals can be used to detect human movement, breathing patterns, and even body posture through walls without cameras or wearable devices. The project surged on G…CYBERINSIDER.COM
13 MayMicrosoft’s Patch Tuesday Update Targets 120 Security FlawsMicrosoft’s May Patch Tuesday fixes 120 flaws, including 31 remote code execution bugs, with no zero-days reported at release. The post Microsoft’s Patch Tuesday Update Targets 120 Security Flaws appeared first on TechRepublic .TECHREPUBLIC.COM
13 MayExaforce raises $125 million in Series B funding.Israeli security awareness training platform provider Frame Security emerges from stealth with $50 million.THECYBERWIRE.COM
13 MayDark Reading Celebrates 20 Years as a Leading Authority on Cybersecurity, Highlighting the People, Events, Ideas, and Technologies Shaping the Modern Risk LandscapeInforma TechTarget's flagship cybersecurity media brand launches a special content series to mark two decades as a trusted source for cybersecurity professionals.DARKREADING.COM
13 MayTables Turn on 'The Gentlemen' RaaS Gang With Data LeakAn OPSEC failure provides a window into what helped the ransomware group rise: a generous affiliate model, opportunistic TTPs, and an effective organizational structure.DARKREADING.COM
13 MayFired employee sought AI help to hide deletion of hosting firm’s customer dataThe apparent revenge deletion of US federal databases after the dismissal of twin brothers from an online hosting company is another reminder to IT and HR leaders that tough off-boarding procedures have to be implemented to prevent insider attacks. Destructive attacks either from…CSOONLINE.COM
13 MayBeyond Findings: Connecting Exploitable Risk to Cloud Context with Wiz and HackerOneSee proven, exploitable risk in the context of your full cloud environmentWIZ.IO
13 MayFragnesia: Linux Kernel Local Privilege Escalation via ESP-in-TCPA new page-cache corruption vulnerability in the Dirty Frag family enables unprivileged local attackers to achieve rootWIZ.IO
12 MayGoogle Warns Hackers Are Using AI to Build Working Zero-Day ExploitsArtificial intelligence has officially transitioned from an experimental hacking novelty into an industrial-scale weapon for cybercriminals. Google Threat Intelligence Group (GTIG) adversaries are now actively using generative AI models to discover vulnerabilities and engineer fu…GBHACKERS.COM
12 MayHEIDI: Free IDE security plugin for open-source vulnerability checksOpen-source dependencies make up a large percentage of the code in production applications, and most vulnerability checks still run late in the pipeline, inside CI/CD systems or after a release ships. Meterian is moving those checks earlier with HEIDI, a free plugin for Visual St…HELPNETSECURITY.COM
12 MayMagecart Hackers Exploit Google Tag Manager to Inject Credit Card SkimmersMagecart-style attackers are once again abusing trusted web services, this time weaponizing Google Tag Manager (GTM) to inject credit card skimmers into ecommerce websites stealthily. Because GTM is widely used and loaded from the trusted domain googletagmanager.com, malicious sc…GBHACKERS.COM
12 MayOpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch ValidationOpenAI has launched Daybreak, a new cybersecurity initiative that brings together frontier artificial intelligence (AI) model capabilities and Codex Security to help organizations identify and patch vulnerabilities before attackers find a way in using the same issues. "Daybreak c…THEHACKERNEWS.COM
12 MayOpenAI Daybreak Automates Vulnerability Detection and PatchingThe relentless race against zero-day exploits and sophisticated cyberattacks requires a revolutionary approach to software security. Defenders are constantly overwhelmed by massive backlogs of alerts and the sheer volume of code requiring manual review. Enter OpenAI Daybreak, a f…GBHACKERS.COM
12 MayClaude Chrome Extension Flaw Lets Malicious Add-Ons Steal Gmail and Drive DataA critical vulnerability dubbed “ClaudeBleed” has compromised Anthropic’s trusted AI assistant, potentially turning it into a backdoor. This severe design flaw in the Claude Chrome extension allows malicious add-ons to hijack the AI secretly. Even extensions wit…GBHACKERS.COM
12 MayOpenAI’s Daybreak uses Codex Security to identify risky attack pathsOpenAI Daybreak is the company’s cybersecurity initiative focused on building AI-assisted software defense into the development process from the start. It combines OpenAI models, Codex Security, and cyber-focused GPT-5.5 variants to help organizations identify, validate, and prio…HELPNETSECURITY.COM
12 MayCISOs step into the AI spotlightServing in the military requires a precise, tactical mindset, and that’s exactly what Barry Hensley espoused during his 24 years in the US Army , where he rose to the rank of colonel. The military “is where you earn your stripes, showing your soldiers your willingness to jump int…CSOONLINE.COM
12 MayWhy Basic Security Practices Still Work - Rob Allen - ASW #382If you have to ditch your entire appsec strategy because you expect 2026 to bring more vulns more quickly, then you probably didn't have a good strategy in the first place. Rob Allen shares how the mentality of "assume breach" doesn't have to be a defeatist attitude and can inste…YOUTUBE.COM
12 MayDeveloper workstations are the new beachheadI spent the first week of April reading three separate threat intelligence reports that, on the surface, had nothing in common. One covered a North Korean campaign that had published over 1,700 malicious packages across five open-source ecosystems. Another detailed a malware oper…CSOONLINE.COM
12 MayWannaCry, the ransomware attack that changed the history of cybersecurityWannaCry showed how unpatched flaws and leaked cyber tools can cripple global systems, reshaping cybersecurity defenses worldwide. In memory of the day the digital world was shaken, but learned to fight back. The WannaCry ransomware attack represents one of the most significant e…SECURITYAFFAIRS.COM
12 MaySix new dnsmasq vulnerabilities open the door to DNS cache poisoning, local rootRecent disclosures have revealed that open-source networking tool dnsmasq is grappling with a serious set of vulnerabilities. The problems span memory safety and input validation, with researchers identifying heap buffer overflows, heap corruption, and code execution bugs among t…HELPNETSECURITY.COM
12 MayŠkoda confirms unauthorized access to its online shopCar manufacturer Škoda discovered that attackers had exploited a vulnerability in its online shop software and gained temporary unauthorized access to the system. What happened? After discovering the incident, the company took the shop offline as a precautionary measure, fixed th…HELPNETSECURITY.COM
12 MayOpen WebUI File Upload Vulnerability Enables 1-Click RCE AttackA critical, unpatched vulnerability is actively threatening Open WebUI users, turning a simple profile picture upload into a gateway for complete system compromise. Security researchers have publicly disclosed a severe stored Cross-Site Scripting (XSS) flaw that enables 1-click R…GBHACKERS.COM
12 MayFake Claude Code takes the IElevator to your browser secretsDevelopers looking for Anthropic’s increasingly popular Claude Code tool are now being lured into downloading malware. According to researchers at Ontinue, attackers are abusing a fake Claude Code installer to deliver a previously undocumented PowerShell payload. The malware is d…CSOONLINE.COM
12 MayGo fuzzing was missing half the toolkit. We forked the toolchain to fix it.Go’s native fuzzing is useful, but it stands far behind state-of-the-art tooling that the Rust, C, and C++ ecosystems offer with LibAFL and AFL++. Path constraints are hard to solve. Structured inputs usually need handmade parsing. It doesn’t even detect several common bug …TRAILOFBITS.COM
12 MayAttackers Combine ClickFix With PySoxy Proxying to Maintain PersistenceExploitation of open-source tools allows attackers to maintain persistent access after initial social engineering, warn ReliaQuest researchersINFOSECURITY-MAGAZINE.COM
12 MayCitrix moves secure access to a flexible, credit-based consumption modelCitrix has introduced Citrix Platform Flex, a secure access platform that combines software, management, and infrastructure to deliver managed desktops, enterprise browsing, and zero-trust access in a single offering. Built around workforce personas, Platform Flex replaces one-si…HELPNETSECURITY.COM
12 MayTop 10 Deep & Dark Web ForumsTop 10 Deep Web and Dark Web Forums in 2026 The top Deep Web and Dark Web Forums actively monitored in 2026 are XSS, Exploit.in, BHF, Dread, DarkForums, Altenen, CryptBB, Cracked, and DamageLib, based on how frequently they surface in threat intelligence investigations, court rec…SOCRADAR.IO
12 MayZoom Rooms and Workplace Flaws Expose Users to Elevated Access AttacksA newly disclosed batch of vulnerabilities in Zoom’s software suite could give attackers the leverage they need to hijack systems. Zoom has released critical security updates to patch three distinct flaws affecting its Windows and iOS applications. The most dangerous of the…GBHACKERS.COM
12 MayThreat Actors Abuse Vercel AI Tools to Mass-Produce Realistic Phishing SitesThreat actors are rapidly adopting generative AI platforms to scale phishing operations, and Vercel has emerged as a powerful enabler in this shift. Vercel is a cloud-based platform designed to help developers build and deploy modern web applications quickly. Its GenAI-powered to…GBHACKERS.COM
12 MaySAP Releases Patch for Critical SQL Injection Flaw in S/4HANAA severe vulnerability has struck the heart of enterprise resource planning systems this month, threatening organizations worldwide with potential data breaches. On May 12, 2026, the software giant released its monthly security patch update to address 15 newly discovered security…GBHACKERS.COM
12 MayOpenAI introduces Daybreak cyber platform, takes on Anthropic MythosOpenAI has unveiled Daybreak, its answer to Anthropic’s Claude Mythos, amid a growing market for frontier AI-powered cyber defense platforms. The initiative combines OpenAI’s large language models, Codex’s agentic capabilities, and integrations with the broader enterprise securit…CSOONLINE.COM
12 MayGoogle Says Hackers Used AI to Build Zero-Day ExploitGoogle says hackers used AI to help build a zero-day exploit targeting 2FA, raising concerns about AI-assisted hacking. The post Google Says Hackers Used AI to Build Zero-Day Exploit appeared first on TechRepublic .TECHREPUBLIC.COM
12 MayExaforce raises $125M Series B to build AI for catching and stopping cyberattacks as they happenThe round valued the three-year-old startup at $725 million.TECHCRUNCH.COM
12 MayThe world’s most “Dangerous” AI, Anthropic’s Mythos, found only one flaw in curlAnthropic’s AI found five vulnerabilities in curl, but only one low-severity issue proved to be a real vulnerability. In April, Anthropic made considerable noise announcing Mythos, a new artificial intelligence model described as so effective at identifying vulnerabilities in cod…SECURITYAFFAIRS.COM
12 MayMullvad shares workaround for Android 16 VPN leak that remains unfixedMullvad has warned that a recently disclosed Android 16 flaw can allow malicious applications to bypass VPN protections and leak a device’s real IP address, even when Android’s strictest VPN lockdown settings are enabled. The VPN provider says the issue impacts all VPN applicatio…CYBERINSIDER.COM
12 MayExaforce raises $125 million to respond to AI-powered attacksExaforce announced a $125 million Series B financing round, one of the largest ever in the emerging AI SOC space. The round includes participation from HarbourVest, Peak XV, Mayfield, Khosla Ventures, Seligman Ventures and AICONIC. The new capital will help Exaforce scale its AI-…HELPNETSECURITY.COM
12 MayAmazon Quick authorization bypass let users reach blocked AI chat agentsEnterprises running Amazon Quick, the AWS business intelligence and agentic AI service, rely on a feature called custom permissions to restrict who inside an account can use AI chat agents. Fog Security founder Jason Kao discovered that those restrictions were enforced only in th…HELPNETSECURITY.COM
12 MayGoogle launches new Android security feature to help uncover spyware attacksIntrusion Logging is a new part of Android’s Advanced Protection Mode, which aims to help protect human rights activists, journalists, and dissidents from government spyware attack and law enforcement forensic devices.TECHCRUNCH.COM
12 MayMistral AI SDK, TanStack Router hit in npm software supply chain attackThe TeamPCP threat group has pulled off another big supply chain attack which within a few hours this week was able to successfully compromise 170 Node Package Manager (npm) and PyPI packages. The attack affected the entire TanStack Router ecosystem (@tanstack) of 42 packages, a …CSOONLINE.COM
12 MayCritical Patches Issued for Microsoft Products, May 12, 2026Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user. …CISECURITY.ORG
12 MayMultiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code ExecutionMultiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated…CISECURITY.ORG
12 MayMultiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code ExecutionMultiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Adobe After Effects is a digital effects, motion graphics, and compositing application. Adobe Commerce is a composable ecommerce solution that lets …CISECURITY.ORG
12 MayStop Chasing Individual CVEsMozilla shifted away from patching individual Firefox sandbox escape and JavaScript prototype vulnerabilities. Instead, they implemented an architectural change by freezing JavaScript prototypes. This move reduced entire classes of exploit paths rather than addressing each vulner…YOUTUBE.COM
12 May KEVWindows 11 security update fixes critical Bing and Azure flawsMicrosoft has released the May 2026 Patch Tuesday updates for Windows 11, fixing 97 security vulnerabilities across the Windows ecosystem. This month’s updates include fixes spanning Windows components, Microsoft Office, Azure services, SQL Server, SharePoint, Hyper-V, .NET, and …CYBERINSIDER.COM
12 MayMultiple Vulnerabilities in Fortinet Products Could Allow for Remote Code ExecutionMultiple vulnerabilities have been discovered in Fortinet products, the most severe of which could allow for remote code execution. * FortiAuthenticator is a centralized identity and access management (IAM) solution that secures network access by managing user identities, Multi-F…CISECURITY.ORG
12 MayHackers accessed BWH Hotels reservation system for monthsBWH Hotels says hackers accessed guest reservation data, including names and contacts, for over six months across multiple hotel brands. BWH Hotels disclosed a data breach, with threat actors having had access to guest reservation data for more than six months. The incident expos…SECURITYAFFAIRS.COM
12 MayAWS Security Agent full repository code scanning feature now available in previewToday, we’re excited to announce the preview release of full repository code review, a new capability in AWS Security Agent that performs deep, context-aware security analysis of your entire code base. AI-driven cybersecurity capabilities are advancing rapidly. AWS Security Agent…AWS.AMAZON.COM
12 May‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attackThe campaign hit major registries and hid behind legitimate-looking release signatures, showing how attackers can weaponize the software update process itself. The post ‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack appeare…CYBERSCOOP.COM
12 MayIt's Patch Tuesday for Microsoft and Not a Zero-Day In SightIt's the first time in two years with no zero-days. But with 137 flaws to patch, including nine critical ones, admins still have plenty of work to do.DARKREADING.COM
12 MayAI-Written Exploits Are HereA reported AI-assisted exploit may be a preview of where cybercrime is heading next. In this clip, the hosts discuss claims that attackers used an LLM to help generate a Python exploit targeting a vulnerability tied to two-factor authentication in an open-source administration to…YOUTUBE.COM
12 MaySN 1078: DigiCert does it right - Hugging Face Under FireDigiCert's latest security mishap triggered not just a scramble behind the scenes, but a cascading crisis that briefly wiped trust from millions of Windows systems. Find out how a single support slip, followed by Microsoft's heavy-handed response, left critical infrastructures ex…TWIT.TV
12 MayIntroducing Wiz Audit History: Track Every Change Across your EnvironmentWiz Audit History is now GA, providing a continuous, cross-cloud timeline of changes to resource configurations and findings to accelerate incident response and simplify compliance.WIZ.IO
11 MayCanvas Breach Exposes 275M Accounts | AI Targets Water Systems | GM OnStar SettlementA massive cybersecurity week. On this episode of Cybersecurity Today, David Shipley breaks down the reported breach of Instructure's Canvas learning platform, where attacks linked to the ShinyHunters extortion group may have exposed data tied to up to 275 million user accounts ac…CYBERSECURITYTODAY.LIBSYN.COM
11 MayNew cPanel and WHM Vulnerabilities Expose Servers to Code Execution and DoS AttackscPanel and WebHost Manager (WHM) are critical administrative control panels used by hosting providers globally to manage servers, websites, and databases. Due to their widespread deployment, vulnerabilities in these platforms immediately become high-value targets for threat actor…GBHACKERS.COM
11 MayJDownloader Hack Spreads New Python RATThe official JDownloader website fell victim to a sophisticated supply-chain attack, resulting in malicious installers being distributed to users worldwide. Attackers exploited an unpatched vulnerability in the site’s content management system to redirect specific download …GBHACKERS.COM
11 MaySecurity teams are turning to AI to survive alert overloadThe World Economic Forum white paper “Empowering Defenders: AI for Cybersecurity” identified AI as the biggest driver of change in cybersecurity for 94% of survey respondents. The paper found that 77% of organizations already use AI in cybersecurity, with much of the activity foc…HELPNETSECURITY.COM
11 MaymacOS Malware Abuses Google Ads and Claude Shared Chats to Deliver PayloadsThreat actors are deploying a sophisticated malvertising campaign targeting macOS users by exploiting Google Ads and legitimate Anthropic Claude shared chats. Security researcher Berk Albayrak uncovered this novel attack chain on May 10, which distributes a variant of the MacSync…GBHACKERS.COM
11 MayODINI Malware Uses CPU Magnetic Signals to Exfiltrate Data from Air-Gapped SystemsAir-gapped systems and Faraday cages have long represented the gold standard for protecting critical infrastructure and sensitive military networks. However, a groundbreaking threat known as ODINI demonstrates that even these extreme isolation measures can be compromised. Researc…GBHACKERS.COM
11 MayRustinel: Open-source endpoint detection for Windows and LinuxOpen-source endpoint detection has long been split between Windows-focused tools built around Sysmon and Linux tools built around eBPF or auditd. Defenders running mixed environments have had to stitch together separate pipelines, separate rule sets, and separate maintenance burd…HELPNETSECURITY.COM
11 MayReview: Foundations of Cybersecurity, 2nd editionJason Andress has refreshed his introductory security text for No Starch Press. He writes in the introduction that the term security now extends past data center servers to cloud resources, mobile devices, the Internet of Things, and AI. About the author Jason Andress is an exper…HELPNETSECURITY.COM
11 MayWindows CreateFileW API Flaw Could Let Attackers Lock SMB Files at ScaleThe multi-billion-dollar ransomware defence industry operates on a fundamental assumption: to cause catastrophic operational damage, malicious actors must write corrupted data to a disk. However, a newly disclosed attack technique, GhostLock, completely invalidates this foundatio…GBHACKERS.COM
11 MayCrimenetwork Bust Reveals 22,000 Members and Over 100 Illicit VendorsLaw enforcement authorities have successfully dismantled the relaunched version of “Crimenetwork,” a prominent criminal online trading platform. A 35-year-old German citizen, suspected of operating the illicit platform, was apprehended at his residence in Mallorca, Sp…GBHACKERS.COM
11 MayShinyHunters Exploits Canvas LMS Free Teacher Accounts in New BreachIn early May 2026, ShinyHunters breached Instructure’s Canvas LMS by abusing the Free-For-Teacher (FFT) account program, triggering an active extortion campaign and exposing student and faculty data across thousands of schools worldwide. ShinyHunters claimed responsibility on 3 M…GBHACKERS.COM
11 MayMythos finds a curl vulnerabilitysubmitted by codeinabox to security 4 points | 1 comments https://daniel.haxx.se/blog/2026/05/11/mythos-finds-a-curl-vulnerability/ My personal conclusion can however not end up with anything else than that the big hype around this model so far was primarily marketing. I see no e…PROGRAMMING.DEV
11 May8 guiding principles for reskilling the SOC for agentic AIAt DXC Technology, global CISO Mike Baker has established one of the largest agentic security operation centers (SOCs) in the world. To upskill the workforce as part of this journey, he embedded experts from agentic SOC vendor 7AI within his security teams. When Damon McDougald ,…CSOONLINE.COM
11 MayThe scam economy has found its AI upgradeScam attempts continue to reach consumers via email, text messages, social media, online advertising, and phone calls. The volume of exposure has remained stable over the past year, with more than half of consumers encountering scam attempts at least monthly, according to the F-S…HELPNETSECURITY.COM
11 MayMicrosoft 365 Copilot Flaws Could Let Attackers Access Sensitive DataMicrosoft has disclosed a trio of critical information disclosure vulnerabilities affecting Microsoft 365 Copilot and Copilot Chat in Microsoft Edge. Released on May 7, 2026, these security flaws pose a substantial risk to enterprise data privacy and corporate confidentiality. If…GBHACKERS.COM
11 MayAI security is repeating endpoint security’s biggest mistakeThe security industry is experiencing déjà vu, and most teams haven’t recognized it yet. If you were in the trenches during the early 2000s, you remember the antivirus arms race. IT teams buried under signature updates. Configuration baselines checked obsessively. Patch cycles tr…CSOONLINE.COM
11 MayInstructure confirms Canvas user data exposed in cyberattackInstructure has confirmed that attackers gained unauthorized access to parts of its environment and exploited a vulnerability tied to the company’s Free for Teacher support ticket system. The company says Canvas is now fully operational and that core learning data, including cour…CYBERINSIDER.COM
11 MayYour Purple Team Isn't Purple — It's Just Red and Blue in the Same RoomDefending a network at 2 am looks a lot like this: an analyst copy-pasting a hash from a PDF into a SIEM query. A red team script is being rewritten by hand so the blue team can use it. A patch waiting on a change-approval window that's longer than the exploitation window itself.…THEHACKERNEWS.COM
11 MayPHP SOAP Extension Flaw Could Let Attackers Execute Code RemotelyRecently disclosed vulnerabilities in PHP, particularly within its widely used SOAP extension, have raised significant alarms across the cybersecurity community. Among the newly identified flaws is a high-severity vulnerability that could permit attackers to achieve Remote Code E…GBHACKERS.COM
11 MayMalicious Hugging Face model masquerading as OpenAI release hits 244K downloadsA malicious Hugging Face repository posing as an OpenAI release delivered infostealer malware to Windows systems and logged 244,000 downloads before being removed, raising fresh concerns about how enterprises source and validate AI models from public repositories. The repository,…CSOONLINE.COM
11 MayHackers Observed Using AI to Develop Zero-Day for the First TimeGoogle Threat Intelligence Group details how cybercriminals attempted to launch a campaign based around an AI-developed Zero-Day targeting open-source softwareINFOSECURITY-MAGAZINE.COM
11 MayHackers Use AI for Exploit Development, Attack AutomationCyber adversaries have long used AI, but now attackers are using large language models to develop exploits and orchestrate complex attacks.DARKREADING.COM
11 MayPolice take down relaunched criminal marketplace with 22,000 users, €3.6 million in revenueGerman authorities shut down a relaunched version of the criminal marketplace Crimenetwork and arrested its suspected operator. The domain seizure notice (Source: BKA) A special unit of the Spanish National Police arrested the suspected 35-year-old German operator at his residenc…HELPNETSECURITY.COM
11 Mayfsnotify Maintainer Access Change Sparks Supply Chain Security ConcernsA dispute over maintainer access in the widely used Go library fsnotify has triggered temporary supply chain concerns after contributors were removed from the project’s GitHub organization and recent releases came under scrutiny. While no evidence suggests that any version of fsn…GBHACKERS.COM
11 MayLyrie.ai Joins First Batch of Anthropic’s Cyber Verification ProgramDubai-founded OTT Cybersecurity LLC also unveils the Agent Trust Protocol (ATP), the first open cryptographic standard for AI agent identity, scope, and action verification — slated for IETF submission. OTT Cybersecurity LLC, the company behind Lyrie.ai, today announced two miles…CSOONLINE.COM
11 MayGoogle discovers weaponized zero-day exploits created with AIThe Google Threat Intelligence Group (GTIG) today released evidence of a zero-day exploit developed by a cybercriminal group with the help of AI. It marks the first time the security research group has identified what it believes to be an AI-crafted zero-day exploit in the wild. …CSOONLINE.COM
11 MayGTIG AI Threat Tracker: Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial AccessExecutive Summary Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial work…CLOUD.GOOGLE.COM
11 MayGoogle spotted an AI-developed zero-day before attackers could use itResearchers found artifacts in the code that proved AI was heavily involved. A prominent cybercrime group planned to exploit the zero-day en masse for financial gain. The post Google spotted an AI-developed zero-day before attackers could use it appeared first on CyberScoop .CYBERSCOOP.COM
11 MayGoogle researchers uncover criminal zero-day exploit likely built with AIGoogle’s threat intelligence researchers have linked a zero-day exploit to AI-assisted development by a criminal group. The exploit targeted a popular open-source web-based system administration tool. It allowed attackers to bypass two-factor authentication once they had va…HELPNETSECURITY.COM
11 MayWhy we use CAPTCHAs, (Mon, May 11th)A few months ago, I implemented Cloudflare&#;x26;#;39;s Turnstile CAPTCHA on some pages. The reason for implementing these CAPTCHAs is obvious: Bots make up a large percentage of traffic and affect site performance.
ISC.SANS.EDU
11 MayAI used to develop working zero-day exploit, researchers warnA report by GTIG shows threat groups are increasingly leveraging AI to scale attacks. The exploitation attempt was disclosed and patched, preventing a mass incident.CYBERSECURITYDIVE.COM
11 MayGoogle warns artificial intelligence is accelerating cyberattacks and zero-day exploitsGoogle says hackers now use AI to create exploits, automate attacks, evade defenses, and target AI supply chains at scale. Artificial intelligence is rapidly changing the cyber threat landscape, and a new report from the Google Cloud Threat Intelligence team highlights how attack…SECURITYAFFAIRS.COM
11 May'Dirty Frag' Exploit Poised to Blow Up on Enterprise Linux DistrosThe privilege escalation vulnerability, which is similar to other Linux flaws like Copy Fail and Dirty Pipe, may already be under limited exploitation.DARKREADING.COM
11 MayFinal Countdown: Last Chance to Join the Rapid7 Global Cybersecurity SummitThe Rapid7 2026 Global Cybersecurity Summit is just around the corner, and with it, a final opportunity to join the conversations shaping how security teams are adapting to a rapidly changing landscape. Over the past few weeks, we’ve shared a preview of what to expect, from the s…RAPID7.COM
11 MayHackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass ExploitationGoogle on Monday disclosed that it identified an unknown threat actor using a zero-day exploit that it said was likely developed with an artificial intelligence (AI) system, marking the first time the technology has been put to use in the wild in a malicious context for vulnerabi…THEHACKERNEWS.COM
11 MayIAM for MSSPs: The Hidden Risk of Blind Trust - Dustin Sachs - CSP #224Identity and access management is often sold as a technical problem, but real-world deployments tell a different story. For MSSPs managing access across multiple client environments, IAM becomes a test of trust, accountability, decision fatigue, and human behavior. In this episod…YOUTUBE.COM
11 MayRed Hat extends open source technology into spaceRed Hat and Voyager Technologies announced the successful deployment of Red Hat Enterprise Linux 10.1 and Red Hat Universal Base Image (UBI) to Voyager’s LEOcloud Space Edge IaaS Micro Datacenter aboard the International Space Station (ISS). This collaboration extends a container…HELPNETSECURITY.COM
11 MayIdentity security firm SailPoint discloses GitHub repository breachSailPoint disclosed a GitHub repository breach on April 20. The company contained the incident and said no customer data was affected. SailPoint is a cybersecurity company that provides identity security and identity governance solutions for enterprises. Its products help organiz…SECURITYAFFAIRS.COM
11 MayFCC Robocall Crackdown Raises Privacy Concerns Over Mandatory ID ChecksThe FCC’s proposed robocall crackdown could force carriers to verify customer identities, raising privacy concerns over anonymous phone use. The post FCC Robocall Crackdown Raises Privacy Concerns Over Mandatory ID Checks appeared first on TechRepublic .TECHREPUBLIC.COM
11 MayAI Isn’t Replacing CybersecurityThe speakers argue that AI in cybersecurity functions primarily as a force multiplier rather than a replacement. Experienced professionals can significantly increase their effectiveness using AI tools, but the technology is not yet replacing core human expertise. While AI has bee…YOUTUBE.COM
11 MayCalifornia hits GM with record $12.75M fine for selling driver location dataCalifornia Attorney General Rob Bonta and a coalition of state prosecutors have secured a $12.75 million settlement with General Motors over the automaker’s collection and sale of drivers’ location and behavior data. This marks the largest California Consumer Privacy Act (CCPA) p…CYBERINSIDER.COM
11 MayGoogle says cybercriminals used AI to develop zero-day exploitGoogle Threat Intelligence Group (GTIG) says it has identified what it believes is the first known case of cybercriminals using artificial intelligence to help develop a zero-day exploit intended for mass exploitation. According to Google, the exploit targeted a popular open-sour…CYBERINSIDER.COM
11 MayForeign routers get a longer lifeline.The FCC eases restrictions on foreign-made routers. Shiny Hunters hit Canvas and Zara. SailPoint discloses unauthorized access to its GitHub repositories. TrickMo Android banking malware has more tricks up its sleeve. Polish officials warn of increased targeting of ICS and public…THECYBERWIRE.COM
11 MayInside AD CS Escalation: Unpacking Advanced Misuse Techniques and ToolsUnit 42 analyzes AD CS exploitation through template misconfigurations and shadow credential misuse while offering behavioral detection for defenders. The post Inside AD CS Escalation: Unpacking Advanced Misuse Techniques and Tools appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
10 May KEVWeek in review: cPanel vulnerability actively exploited, DigiCert breach, LinkedIn job scamsHere’s an overview of some of last week’s most interesting news, articles, interviews and videos: Your work apps are quietly handing 19 data points to someone Office work in 2026 relies on mobile apps used alongside personal tools like banking and messaging. Ten widely used workp…HELPNETSECURITY.COM
10 MayOfficial JDownloader site served malware to Windows and Linux users between May 6 and May 7JDownloader website was hacked to distribute malicious Windows and Linux installers carrying a Python RAT between May 6–7, 2026. JDownloader official website was compromised in a supply chain attack that replaced legitimate Windows and Linux installers with malicious files betwee…SECURITYAFFAIRS.COM
10 MayNew cPanel vulnerabilities could allow file access and remote code executioncPanel fixed three flaws that could allow file reads, code execution, and privilege escalation. No active exploitation has been reported yet. cPanel has released security updates to fix three vulnerabilities affecting cPanel & WHM that could allow attackers to read files, exe…SECURITYAFFAIRS.COM
9 MayNVIDIA Confirms GeForce Data Breach Exposed Users’ Personal DataGFN Cloud Internet Services, operating as the regional NVIDIA GeForce NOW cloud gaming partner, GFN.AM has officially confirmed a significant data breach. The security incident exposed personal information of users registered on their streaming platform. While the company has now…GBHACKERS.COM
9 MayCybersecurity Today Month in Review: AI Coding Risks, Canvas Breach, QR Phishing SurgeThis week's panel dives into the cybersecurity stories that matter most for security leaders, IT teams, and anyone watching how AI is changing risk. Jim Love is joined by David Shipley (Beauceron Security), Laura Payne (White Tuque), and Jeff Williams (Contrast Security). Cyberse…CYBERSECURITYTODAY.LIBSYN.COM
9 MayVidar Infostealer Campaign Steals Passwords, Cookies, Crypto Wallets, and Device DataA highly evasive multi-stage malware campaign deploying the Vidar Infostealer. First discovered in late 2018 and built on the Arkei stealer source code, Vidar is notorious for aggressively harvesting user credentials, browser session cookies, cryptocurrency wallets, and detailed …GBHACKERS.COM
9 MayShinyHunters defaces Canvas portals during finals week.CISA orders Federal agencies to patch Ivanti zero-day by Sunday. Progress Software urges customers to patch critical MOVEit flaw.THECYBERWIRE.COM
8 MayBecome a millionaire by bug hunting on AndroidOver the past decade, Google has introduced a wide range of bug bounty programs for its software and services. The company has now announced that the reward for individuals who discover vulnerabilities in Android or the Chrome browser is being increased , bringing the maximum rew…CSOONLINE.COM
8 MayMeta allegedly made billions from scam advertising while online fraud explodes worldwide.In this special edition of Cybersecurity Today, David Shipley speaks with scam-fighting expert Erin West about the global fraud crisis, the rise of AI-powered scams, and why traditional law enforcement may be falling behind. Cybersecurity Today would like to thank Material Securi…CYBERSECURITYTODAY.LIBSYN.COM
8 MayNWHStealer Campaign Deploys Bun Loader, Anti-VM Evasion, and Encrypted C2A new distribution method for the NWHStealer infostealer that leverages the Bun JavaScript runtime, marking a significant evolution in the malware’s delivery infrastructure. The threat actors behind this Rust-based stealer are exploiting Bun’s relative newness and hig…GBHACKERS.COM
8 MayMultiple Critical Flaws Fixed in Next.js and React Server ComponentsVercel has released Next.js v16.2.6v16.2.6, fixing a large group of security flaws that affect modern web applications using Next.js and React Server Components. The update addresses high-, moderate-, and low-severity issues, including denial-of-service bugs, middleware bypasses,…GBHACKERS.COM
8 May423 Firefox Flaws Fixed as Browser Gains Support for Claude, Mythos, and MoreMozilla has successfully identified and patched 423 latent security vulnerabilities in Firefox using advanced artificial intelligence models, notably Claude Mythos Preview. Two weeks after initially announcing their AI-assisted security initiative, Firefox developers have shared …GBHACKERS.COM
8 MayMay 2026 Patch Tuesday forecast: AI starts driving security industry changesProject Glasswing. This is one of three major security industry changes I’ll cover today. The Anthropic Mythos vulnerability discovery model has already proven to be game changing in its ability to identify new vulnerabilities in software. Many of these vulnerabilities have exist…HELPNETSECURITY.COM
8 MayMental health apps are collecting more than emotional conversationsPeople use mental health apps to talk about depression, trauma and suicidal thoughts in moments they may not share with anyone else. Many users likely assume those conversations carry protections similar to therapy sessions. In reality, mental health apps operate without the same…HELPNETSECURITY.COM
8 MayProduct showcase: NetGuard open-source firewall for AndroidNetGuard is a free, open-source firewall for Android phones and tablets that provides users with a simple way to block internet access. Android does not allow VPN services to be chained, so the app uses the Android VPN service to route all internet traffic through itself. NetGuar…HELPNETSECURITY.COM
8 MaySnyk integrates Claude to advance AI-native application securitySnyk has announced it is leveraging Anthropic’s Claude models to advance software security. Snyk has integrated Claude into the Snyk AI Security Platform, enabling automated vulnerability discovery, prioritization, and developer-ready fixes across code, dependencies, containers, …HELPNETSECURITY.COM
8 MayFake Moustache Fools Age Checks, Sparks Online Safety Act FearsA critical gaps in age verification systems introduced under the Online Safety Act, with children easily bypassing safeguards using simple tricks including drawing fake facial hair to appear older on camera. The Online Safety Act, which came into force in July 2025, was designed …GBHACKERS.COM
8 MayTrellix Investigates RansomHouse Breach Claims Involving Source Code RepositoryLeading cybersecurity firm Trellix is actively investigating a potential security incident following claims made by the RansomHouse extortion group. The threat actors recently listed Trellix on their dark web leak site, alleging a successful cyberattack against the prominent secu…GBHACKERS.COM
8 MayPen tests show AI security flaws far more severe than legacy software bugsPenetration tests of AI-based systems are revealing a greater percentage of high-risk flaws than those discovered in legacy systems. Security consultancy Cobalt’s annual State of Pentesting Report reveals that 32% of all AI and large language model (LLM) findings are rated as hig…CSOONLINE.COM
8 MayHelping North Korean IT remote workers is becoming a fast track to prisonTwo U.S. nationals were sentenced to 18 months in prison for operating “laptop farms” that helped North Korean IT workers gain employment at nearly 70 American companies, generating more than $1.2 million for Pyongyang’s government. Although Matthew Issac Knoot of Nashville, Tenn…HELPNETSECURITY.COM
8 MayNew Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH CredentialsCybersecurity researchers have disclosed details of a new Linux backdoor named PamDOORa that's being advertised on the Rehub Russian cybercrime forum for $1,600 by a threat actor called "darkworm." The backdoor is designed as a Pluggable Authentication Module (PAM)-based post-exp…THEHACKERNEWS.COM
8 MayCline Kanban WebSocket Vulnerability Enables Malicious Sites to Take Over AI Coding AgentsCline, a widely adopted open-source AI coding agent, has recently patched a severe vulnerability in its local Kanban server. Trusted by developers with deep access to source code, cloud credentials, and terminals, Cline automates complex coding tasks. However, researchers from Oa…GBHACKERS.COM
8 MayClaude in Chrome is taking orders from the wrong extensionsAnthropic Claude’s Chrome browser extension, known as Claude in Chrome, has a bug that can allow other malicious extensions to hijack it, compromising trusted AI workflows. Researchers at LayerX Security have warned that Claude’s overly trusted browser communication flows can be …CSOONLINE.COM
8 MayDirty Frag: A new Linux privilege escalation vulnerability is already in the wildDirty Frag: unpatched Linux kernel flaw grants root access on Ubuntu, RHEL and Fedora. A working exploit is already public. Security researchers have disclosed a new unpatched vulnerability in the Linux kernel, code-named Dirty Frag, that allows an unprivileged local user to gain…SECURITYAFFAIRS.COM
8 MayFrom Cyberwar to Cognitive Warfare: The Geopolitical Impact on Cybersecurity in AfricaWe’ve long defined cybersecurity as the technical discipline of protecting networks, data and systems. But when viewed through a geopolitical lens, then this definition is no longer sufficient. What we are dealing with today goes beyond protecting organisational data, to protecti…KNOWBE4.COM
8 MayPam Backdoor Targets Linux Systems to Steal SSH CredentialsA newly observed Linux backdoor technique, dubbed Pam, is exploiting the flexibility of Pluggable Authentication Modules (PAM) to capture SSH credentials and maintain persistence on compromised systems stealthily. Since its introduction in 1991 by Linus Torvalds, Linux has been d…GBHACKERS.COM
8 MayZero Chaos: Scaling Detection Engineering at the Speed of Software, with Detection As CodeEvery engineering team in your organization ships code through a pipeline. They branch, test, review, and deploy. If something breaks, they roll back. If someone asks "what changed?", the answer is in the commit history. This isn't heroic discipline to process; it's just how soft…RAPID7.COM
8 MayMFA Alone Won’t Save YouRob Allen describes a model where SaaS applications like Office 365, GitHub, or Salesforce only accept connections from approved IP addresses routed through a trusted app or secure tunnel. That means stolen credentials alone may no longer be enough for attackers. Even successful …YOUTUBE.COM
8 MayShinyHunters defaces Canvas portals during finals week.CISA orders Federal agencies to patch Ivanti zero-day by Sunday. Sri Lankan police shut down scam center.THECYBERWIRE.COM
8 MayMultiple universities forced to reschedule final exams after Canvas cyber incidentOn Thursday, dozens of students took to social media to say they saw a message from a cybercriminal group as they navigated through Canvas, an educational platform created by Instructure that hosts teaching materials, tests, readings and more.THERECORD.MEDIA
8 MayApple and Meta warn Canada’s Bill C-22 forces encryption backdoorsApple and Meta are publicly opposing portions of Canada’s proposed lawful access legislation, warning that Bill C-22 could weaken encryption protections, introduce systemic cybersecurity risks, and force technology companies to facilitate government surveillance capabilities. The…CYBERINSIDER.COM
8 MayInsider Betting on PolymarketInsider trading is rife on Polymarket: Analysis by the Anti-Corruption Data Collective, a non-profit research and advocacy group, found that long-shot bets—defined as wagers of $2,500 or more at odds of 35 percent or less—on the platform had an average win rate of a…SCHNEIER.COM
8 May KEVThe four-day race you don’t want to be in.CISA orders rapid patching of actively exploited Ivanti zero-day. Canvas gets hacked during finals week. Dirty Frag is a new Linux zero-day. Researchers document a serious Claude Chrome extension bug. Meta ends Instagram encryption. PCPJack malware clean house before moving in. A…THECYBERWIRE.COM
8 MayCanvas, Shai-Hulud, QuasarRat, 0Days, Anthropic, Aaran Leyland, and EU Compliance! - SWN #579Canvas, Shai-Hulud, QuasarRat, 0Days, Anthropic, Aaran Leyland, and EU Compliance and more! Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-579YOUTUBE.COM
8 MayA Framework for AI Threat ReadinessAI models now find and exploit zero-days autonomously. This 4-pillar framework accelerates patching, analysis, and threat response.WIZ.IO
7 MayMirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS AttacksCybersecurity researchers have exposed a new Mirai-derived botnet that self-identifies as xlabs_v1 and targets internet-exposed devices running Android Debug Bridge (ADB) to enlist them in a network capable of carrying out distributed denial-of-service (DDoS) attacks. Hunt.io, wh…THEHACKERNEWS.COM
7 MayUS government agency to safety test frontier AI models before releaseThe Center for AI Standards and Innovation (CAISI), a division of the US Department of Commerce, has signed agreements with Google DeepMind, Microsoft, and xAI that would give the agency the ability to vet AI models from these organizations and others prior to their being made pu…CSOONLINE.COM
7 Mayvm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code ExecutionA dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the sandbox and execute arbitrary code on susceptible systems. vm2 is an open-source library used to run untrusted JavaScript code inside…THEHACKERNEWS.COM
7 MayCybercriminals Exploit Microsoft Teams to Phish Login Credentials and Bypass MFAIranian state-sponsored threat actors linked to MuddyWater (Seedworm) have been caught hiding behind the Chaos ransomware brand to conduct sophisticated espionage operations, using Microsoft Teams as a phishing vector to steal credentials and manipulate multi-factor authenticatio…GBHACKERS.COM
7 MayDeepFake it till you make it.This week, hosts of N2K CyberWire Maria Varmazis and Dave Bittner alongside …THECYBERWIRE.COM
7 MayOpen-source MCP server monitoring for Python appsPythonic Model Context Protocol servers handle tool calls, session events, module imports, and subprocess activity. BlueRock has released MCP Python Hooks, an open source runtime sensor that gives developers a way to capture those signals without modifying application code. What …HELPNETSECURITY.COM
7 MayCritical vm2 Node.js Library Flaws Enable Arbitrary Code Execution AttacksMultiple critical sandbox-escape vulnerabilities have been disclosed in vm2, one of the most widely used Node.js sandboxing libraries, allowing attackers to escape the isolated execution environment and run arbitrary commands directly on the host system. Eleven advisories were pu…GBHACKERS.COM
7 MayUAT-8302 Targets Government Agencies With Custom Malware and Open-Source ToolsA new China-linked hacking group, tracked as UAT-8302, that is using custom malware and open-source tools to spy on government organizations in South America and southeastern Europe. The campaign focuses on long-term access and data theft, combining advanced backdoors like NetDra…GBHACKERS.COM
7 MayHackers Exploit Google Ads to Steal GoDaddy ManageWP LoginsHackers are abusing Google Ads to steal GoDaddy ManageWP credentials by placing a look‑alike phishing ad above the legitimate ManageWP result and proxying victims’ logins in real time via an adversary‑in‑the‑middle (AiTM) setup. The attackers purchase a sponsored Google ads that …GBHACKERS.COM
7 MayTen years later, has the GDPR fulfilled its purpose?This year marks the 10th anniversary of the EU’s adoption of the General Data Protection Regulation , which became mandatory for all companies beginning on May 25, 2018. The aim of the GDPR was simple, but important: to improve individuals’ control over their personal data. This …CSOONLINE.COM
7 MayResearchers Spot Uptick in Use of Vercel for Phishing CampaignsCofense has warned of a “significant” increase in phishing campaigns abusing Vercel platformINFOSECURITY-MAGAZINE.COM
7 MayCallPhantom Android scam reached 7.3 million downloads on Google PlayScams targeting Android users in India and across the Asia-Pacific region have grown around a long-standing curiosity gap: the desire to look up call records tied to a phone number. A cluster of 28 fraudulent apps on Google Play exploited that gap and pulled in more than 7.3 mill…HELPNETSECURITY.COM
7 MayScammers Exploit Disposable VoIP Numbers to Bypass Reputation BlockingNew tactics used by threat actors who embed phone numbers in scam emails as a key indicator of compromise (IOC), revealing how attackers exploit VoIP infrastructure to evade detection and scale fraud operations. Telephone-oriented attack delivery (TOAD) remains a dominant phishin…GBHACKERS.COM
7 MayCISOs: Align cyber risk communication with boardroom psychologyBy now, executive boards across industries understand that cyberattacks can be costly. What they often lack, however, is a clear view of which risks pose the biggest threat to their business and why certain investments need to rise to the top. Many security leaders lose traction …CSOONLINE.COM
7 MayThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New StoriesBad week. Turns out the easiest way to get hacked in 2026 is still the same old garbage: shady packages, fake apps, forgotten DNS junk, scam ads, and stolen logins getting dumped into Discord channels like it’s normal. Some of these attack chains don’t even feel sophisticated any…THEHACKERNEWS.COM
7 MayClaude and SpaceX Join Forces to Enhance Large-Scale Compute CapacityAnthropic has officially announced a massive strategic partnership with SpaceX to expand its computing capabilities significantly. This collaboration aims to provide the necessary infrastructure to scale up the Claude artificial intelligence ecosystem. By securing dedicated compu…GBHACKERS.COM
7 MaySpring Vulnerabilities Open Door to Arbitrary File Access and GCP Secret LeaksSecurity researchers have identified four new vulnerabilities in the Spring Cloud Config Server, ranging from medium to critical severity. These newly disclosed flaws could allow attackers to access arbitrary files, leak Google Cloud Platform (GCP) secrets, and manipulate system …GBHACKERS.COM
7 MayThe AI-vs-AI battle is already happening. Watch it live at EXPOSURE 2026.Don’t singularly focus on the speed of AI attacks. You must also prepare for the shift AI is bringing to the threat landscape. Join Tenable at EXPOSURE 2026 to witness a live AI-vs-AI battle and get clarity to defend your organization against next-generation autonomous threats. K…TENABLE.COM
7 MayIf a fake moustache can fool age checks, is the Online Safety Act working?A UK report finds some progress since the Act came into force, but widespread workarounds, ongoing harm, and unresolved privacy concerns suggest the impact is still limited.MALWAREBYTES.COM
7 MayExploits and vulnerabilities in Q1 2026This report provides statistical data on published vulnerabilities and exploits we researched during Q1 2026. It also includes summary data on the use of C2 frameworks in APT attacks.SECURELIST.COM
7 MayOne House Democrat is pressing Commerce on the government’s spyware useRep. Summer Lee’s letter, first reported by CyberScoop, follows ICE confirmation of using spyware and news of a Trump ally becoming NSO Group’s executive chairman. The post One House Democrat is pressing Commerce on the government’s spyware use appeared first on CyberScoop .CYBERSCOOP.COM
7 MayHow Cloudflare responded to the “Copy Fail” Linux vulnerabilityWhen a critical Linux kernel privilege escalation was publicly disclosed, Cloudflare's security and engineering teams detected, investigated, and mitigated the threat across our global fleet, confirming zero customer impact and no malicious exploitation.CLOUDFLARE.COM
7 MayWhy Security in 2026 Requires Continuous Threat and Exposure Management (CTEM) at ScaleLet's be honest, the patching window just shrank to something no practitioner or organization can keep up with. Organizations now need to operate in an environment that must assume breach, which means fundamentals like attack surface management, micro-segmentation, identity manag…RAPID7.COM
7 MayBusinesses hide vast majority of ransomware attacks, report findsThe security firm BlackFog said the number of disclosed incidents it tracked in Q1 was roughly one-tenth of the number of undisclosed incidents.CYBERSECURITYDIVE.COM
7 MayPalo Alto Networks warns state-linked cluster behind zero-day exploitationA patch for the flaw, which hackers began targeting in early April, won’t be ready for another week.CYBERSECURITYDIVE.COM
7 MayCisco patches high-severity flaws enabling SSRF, code execution attacksCisco fixed several high‑severity flaws in its enterprise products, including SSRF bugs in Unity Connection that could enable code execution or service disruption. Cisco released patches for multiple high‑severity vulnerabilities affecting its enterprise products. Successful expl…SECURITYAFFAIRS.COM
7 MayMultiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code ExecutionMultiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large…CISECURITY.ORG
7 MayPCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud SystemsCybersecurity researchers have disclosed details of a new credential theft framework dubbed PCPJack that targets exposed cloud infrastructure and ousts any artifacts linked to TeamPCP from the environments. "The toolset harvests credentials from cloud, container, developer, produ…THEHACKERNEWS.COM
7 MayICYMI: April 2026 @AWS SecurityRead all about the latest AWS security features, compliance updates, and hands-on resources in our new, monthly digest posts. You’ll find expert blog posts, new service capabilities, code samples, and workshops. AWS Security Blog posts This month’s AWS Security Blog posts covered…AWS.AMAZON.COM
7 MayLinkedIn illegally blocking free accounts from seeing ‘who’s viewed your profile’ data, group allegesA LinkedIn feature that allows paid subscribers to view a list of visitors to their profile should be made available to all EU users free of charge to comply with the region’s General Data Protection Regulation (GDPR), a legal complaint launched by the None of Your Business (NOYB…CSOONLINE.COM
7 MayGetting Rid of Your VPN - Rob Allen - PSW #925Rob Allen from Threatlocker joins us to discuss the risks associated with VPN appliances and how to implement better security solutions that don't leave you hanging out on the open Internet. The interview segment is sponsored by ThreatLocker. Visit https://securityweekly.com/thre…YOUTUBE.COM
7 May KEVIvanti customers confront yet another actively exploited zero-dayAttackers are hitting a frequent target in the network edge space, intruding victim networks through a defect in a widely used mobile endpoint security product. The post Ivanti customers confront yet another actively exploited zero-day appeared first on CyberScoop .CYBERSCOOP.COM
7 MayRapid7 and OpenAI: Helping Defenders Move at Machine SpeedWade Woolwine is Senior Director, Product Security at Rapid7. Announcing OpenAI's Trusted Access for Cyber program CIOs and CISOs are telling us the same thing in different ways: Advances in frontier AI are accelerating the threat environment and putting pressure on security oper…RAPID7.COM
6 MayWeekly Update 502Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite It's a fascinating display of leverage: the ShinyHunters folks, with very limited resources and experience (their demographic will…TROYHUNT.COM
6 MayZero-Auth Vulnerability Enables Cross-Tenant Access at DoD ContractorA severe authorization vulnerability was recently discovered in Schemata, an AI-powered virtual training platform serving the United States Department of Defense. Security researcher Alex Schapiro, utilizing the open-source AI hacking agent Strix, identified a critical lack of AP…GBHACKERS.COM
6 MayMalicious OpenClaw Skill Targets Agentic AI Workflows to Deploy RATs and StealersOpenClaw’s agent “skill” ecosystem to deliver both Remcos RAT and a cross‑platform stealer called GhostLoader by hiding malware inside a deceptive DeepSeek integration called “DeepSeek‑Claw.” The campaign shows how agentic AI workflows with high local privileges can be quietly hi…GBHACKERS.COM
6 MayRansomware Gangs Escalate Attacks on Aviation and Aerospace SectorRansomware and data extortion groups are increasingly targeting the aviation and aerospace sector, exploiting interconnected systems, shared platforms, and identity-based access models to cause operational disruption and data compromise. Cyber risk across aviation has shifted bey…GBHACKERS.COM
6 MayRisky Business #836 -- You can't patch the bugpocalypseOn this week’s show, Patrick Gray and James Wilson are joined by special guest co-host Brad Arkin. They discuss the week’s cybersecurity news, including: The US Government says we just have to patch faster, but… Bugs in cPanel, MoveIt and all Linux distributions this week show th…RISKY.BIZ
6 MayRussia’s Forest Blizzard Is Abusing Home + Small Office Routers for Cred TheftThis week on the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo speaks with Danny Adamitis, Distinguished Engineer at Lumen Technologies’ Black Lotus Labs who break down how the Russian state-linked threat actor Forest Blizzard is exploiting home and small offi…THECYBERWIRE.COM
6 MayProofpoint Establishes Innovation Precedent for Source-Agnostic Modern Enterprise InvestigationsPROOFPOINT.COM
6 MayWindows Phone Link Exploited by CloudZ RAT to Steal Credentials and OTPsCybersecurity researchers have disclosed details of an intrusion that involved the use of a CloudZ remote access tool (RAT) and a previous undocumented plugin dubbed Pheno with the aim of facilitating credential theft. "According to the functionalities of the CloudZ RAT and Pheno…THEHACKERNEWS.COM
6 MaySalesforce Marketing Cloud Vulnerability Exposes Email Data RiskSalesforce Marketing Cloud (SFMC) recently patched a cluster of high‑impact vulnerabilities that could have allowed attackers to read and enumerate marketing emails and subscriber data across tenants, including Fortune 500 organizations. Modern enterprises rely on centralised mar…GBHACKERS.COM
6 MayPoisoned truth: The quiet security threat inside enterprise AIAs enterprises rush to deploy internal LLMs, AI copilots, and autonomous agents, most security conversations focus on familiar threats : prompt injection, jailbreaks, model abuse, and data exfiltration. But some security leaders argue a quieter risk deserves far more attention: w…CSOONLINE.COM
6 MayTrain like you fight: Why cyber operations teams need no-notice drillsSt. Michael’s Hospital in Toronto recently executed a full Code Orange simulation: A mass casualty emergency protocol requiring the activation of every clinical and operational team across the hospital. As a Level 1 trauma centre, it conducts large-scale exercises involving teams…CSOONLINE.COM
6 MayTeach to Sell and Two Interviews from RSAC 2026 from Dropzone AI and Microsoft - BSW #446As security leaders, we are continuously selling, maybe not as traditional sales folks, but as selling security across the organization. Whether you’re closing client deals, leading a team, running a business, or simply wanting your voice to be heard by other executives or the bo…YOUTUBE.COM
6 MayCloudZ RAT Exploits Microsoft Phone Link to Steal SMS OTPsCloudZ is a new modular remote access trojan that abuses Microsoft’s built‑in Phone Link feature to steal SMS one‑time passwords (OTPs) and other mobile notifications directly from Windows PCs, without infecting the phone itself. Microsoft Phone Link (formerly “Your Phone”) is in…GBHACKERS.COM
6 MayIntel 471 speeds threat hunting and remediation with Retroactive Threat DetectionsIntel 471 has announced Retroactive Threat Detections (RTD), a new capability within its Verity471 platform. RTD helps security teams quickly understand the impact of new threats on their environments. This transforms static intelligence reports into actionable answers within min…HELPNETSECURITY.COM
6 MayUiPath adds agentic AI capabilities to Automation Suite for government agenciesUiPath has announced the release of agentic AI capabilities on UiPath Automation Suite. The Automation Suite updates help government agencies and regulated industries accelerate agentic AI and automation adoption and are designed to address strict data sovereignty and compliance …HELPNETSECURITY.COM
6 MayNew Relic advances AI observability with new intelligence layerNew Relic has announced New Relic Knowledge, a new platform capability that integrates telemetry and knowledge sources to enhance issue detection and resolution. By combining real-time telemetry with historical incident data, system changes, and deep operational context, New Reli…HELPNETSECURITY.COM
6 MayServiceNow strengthens enterprise AI security with Autonomous Security & Risk platformServiceNow has launched Autonomous Security & Risk to govern every AI agent, identity, and connected asset. Armis delivers continuous asset intelligence across code, IT, OT, IoT, and connected assets, while Veza provides fine-grained visibility, intelligence, and governance …HELPNETSECURITY.COM
6 MayTaiwan High Speed Rail Hit by Spoofing Attack That Stops Three TrainsDuring the recent Qingming Festival holiday, the Taiwan High Speed Rail (THSR) experienced a severe cybersecurity incident that disrupted major transit operations. Three trains were suddenly forced into emergency stops, causing a 48-minute delay for passengers. Authorities have n…GBHACKERS.COM
6 MayNew malware turns Linux systems into P2P attack networksAttackers have found a new way to turn Linux systems into stealthy supply chain distribution hubs that are resistant to takedowns. Researchers from Trend Micro have disclosed a new malware framework, dubbed Quasar Linux or QLNX, describing it as a modular Linux remote access troj…CSOONLINE.COM
6 MayAttackers Continue to Pose as Help Desks in Social Engineering AttacksResearchers at Google’s Threat Intelligence Group (GTIG) are tracking a new threat actor that’s impersonating help desks to trick users into installing malware. The threat actor, which GTIG tracks as “UNC6692,” begins by sending a large volume of spam emails to the victim, then i…KNOWBE4.COM
6 MayPhishing Attack Weaponizes Calendar Invites to Steal Login CredentialsA new large-scale phishing campaign is abusing fake event invitations to compromise U.S. organizations, combining credential theft, OTP interception, and the deployment of remote monitoring and management (RMM) tools in a single operation. The campaign stands out because it blend…GBHACKERS.COM
6 MayMassive DDoS Attack Generates 2.45 Billion Requests Using 1.2 Million IP AddressesA distributed denial-of-service attack targeted a major user-generated content platform, generating an astonishing 2.45 billion malicious requests in just 5 hours. Security provider DataDome successfully intercepted the assault in real time, ensuring legitimate users experienced …GBHACKERS.COM
6 MayFEMITBOT Network Exploits Telegram Mini Apps to Spread Crypto Scams and Android MalwareA large-scale fraud and malware operation called FEMITBOT that abuses Telegram Mini Apps to steal cryptocurrency and infect Android devices. The campaign shows how trusted in-app web experiences can be turned into powerful tools for social engineering and credential theft. Telegr…GBHACKERS.COM
6 MayAnthropic’s CEO warns the “moment of danger” is real. But most are looking in the wrong place.Anthropic CEO Dario Amodei warns that AI’s rapid evolution is outpacing safety frameworks. Learn why the pace of vulnerability discovery isn't the real problem, why exposure management is now a strategic necessity, and how it can help you prioritize and remediate at scale. Key ta…TENABLE.COM
6 MayMuddying the Tracks: The State-Sponsored Shadow Behind Chaos RansomwareExecutive summary In early 2026, a sophisticated intrusion initially appearing to be a standard Chaos ransomware attack was assessed to be consistent with a targeted state-sponsored operation. While the threat actor operated under the banner of the Chaos ransomware-as-a-service (…RAPID7.COM
6 MayCloudZ Malware Abuses Phone Link to Steal SMS OTPsCisco Talos uncovers CloudZ RAT and Pheno plugin abusing Microsoft Phone Link to intercept SMS OTPsINFOSECURITY-MAGAZINE.COM
6 MayGrapheneOS fixes Android VPN leak Google refused to patchGrapheneOS has released a new update that fixes a recently disclosed Android VPN bypass vulnerability capable of leaking a user’s real IP address. The leak happens even when Android’s “Always-On VPN” and “Block connections without VPN” protections were enabled. The issue, disclos…CYBERINSIDER.COM
6 MayCISA warns of CopyFail exploitation.Attackers compromise installers for DAEMON Tools. New Linux RAT targets software developers.THECYBERWIRE.COM
6 MaySpeed, Not AI, Breaks YouThis clip argues that most enterprise breaches are driven by attack velocity, not advanced sophistication. Even AI-driven attack simulations can appear more effective than they are due to unrealistic conditions—like no defenders or penalties. Focusing too much on cutting-edge thr…YOUTUBE.COM
6 May KEVA critical Palo Alto PAN-OS zero-day is being exploited in the wildThe vendor hasn’t released a patch for the vulnerability or described the scope and objective of confirmed attacks. The post A critical Palo Alto PAN-OS zero-day is being exploited in the wild appeared first on CyberScoop .CYBERSCOOP.COM
6 MayA Vulnerability in Apache HTTP Server Could Allow for Remote Code ExecutionA vulnerability has been discovered in Apache HTTP Server with the HTTP/2 protocol that could allow for remote code execution. Apache is a free, open-source web server software that enables the delivery of web content over the internet. Successful exploitation could result in den…CISECURITY.ORG
6 MayThe exploit that writes its own story.CISA warns CopyFail is under active exploitation. Attackers compromise installers for a widely used disk imaging utility. MuddyWater masks cyberespionage as ransomware. Attackers spread malware through a fake OpenClaw plugin. Researchers ID a new Linux RAT. Vimeo blames a third p…THECYBERWIRE.COM
6 MayA Vulnerability in PAN-OS Could Allow for Remote Code ExecutionA vulnerability has been discovered in the PAN-OS Authentication Portal (aka Captive Portal) service that could allow for remote code execution. PAN-OS is the operating system that runs Palo Alto Networks next-generation firewalls. Successful exploitation could allow an unauthent…CISECURITY.ORG
5 MayAnthropic Mythos spurs White House to weigh pre-release reviews for high-risk AI modelsThe Trump administration is in early discussions about whether advanced AI models should be vetted before public release, according to reporting from the New York Times , the Wall Street Journal, and Axios . The conversations center on systems capable of facilitating cyberattacks…CSOONLINE.COM
5 MayMythbehavior under investigation.Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast …THECYBERWIRE.COM
5 May174: Pacific RimFor six years, Sophos fought a secret cyber war against a state-backed hacking group targeting its firewalls. This forced Sophos to drastically change tactics to properly secure their firewalls. Was it ethical? Was it effective? They disrupted nine zero-day attacks, exposed who w…DARKNETDIARIES.COM
5 MayMicrosoft Details Phishing Campaign Targeting 35,000 Users Across 26 CountriesMicrosoft has disclosed details of a large-scale credential theft campaign that has leveraged a combination of code of conduct-themed lures and legitimate email services to direct users to attacker-controlled domains and steal authentication tokens. The multi-stage campaign, obse…THEHACKERNEWS.COM
5 MayThe Terrorist Designation: A New Red Line for Ransomware with Cynthia KaiserIn this episode, host Caleb Tolin explores the battlefield of enterprise defense, which has moved from simple data theft to ultra heinous crimes that put patient outcomes at risk. Guest Cynthia Kaiser shares Battlefield Stories from her time at the FBI and her current wor…THECYBERWIRE.COM
5 MayQualcomm Chipset Vulnerabilities Raise Alarm Over Remote Code Execution RiskQualcomm Technologies has released its May 2026 security bulletin, addressing a sweeping array of vulnerabilities across its proprietary and open-source software ecosystems. Threat actors could exploit these security gaps to compromise smartphones, automotive systems, and industr…GBHACKERS.COM
5 MayAttackers Exploit Amazon SES to Send Authenticated Phishing EmailsAttackers are increasingly abusing Amazon Simple Email Service (SES) to deliver highly convincing phishing emails that bypass traditional security controls, marking a growing trend in email-based threats. The primary goal of any phishing campaign is to evade detection while trick…GBHACKERS.COM
5 MayCritical Android Zero-Click Vulnerability Enables Remote Shell AccessGoogle has released the Android Security Bulletin for May 2026, addressing a highly critical vulnerability that allows attackers to execute code remotely without any user interaction. Published on May 4, 2026, the latest security update focuses heavily on a severe flaw located wi…GBHACKERS.COM
5 MayTrellix Reveals Unauthorized Access to Source CodeSecurity vendor Trellix has suffered a breach involving unauthorized accessINFOSECURITY-MAGAZINE.COM
5 MayCISOs step up to the security workforce challengeA robust cybersecurity program needs a range of skilled people, yet many CISOs continue to face an ongoing skills shortage — and the squeeze may only get worse as AI gains traction. Some 95% of cybersecurity practitioners and decision-makers noted at least one security skills gap…CSOONLINE.COM
5 MayKeeping Up With the OWASP GenAI Project - Scott Clinton - ASW #381Speed is the most common theme among developers and appsec teams working with LLMs and agents, from trying to keep up with patterns for deploying agents to dealing with more code faster to how the latest models impact code quality and security. The OWASP GenAI Project is helping …YOUTUBE.COM
5 MayNCSC Warns of an AI-Fuelled “Vulnerability Patch Wave”The UK's National Cyber Security Centre is urging organizations to prepare for glut of new software updatesINFOSECURITY-MAGAZINE.COM
5 MayDarkSword MalwareDarkSword is a sophisticated piece of malware —probably government designed—that targets iOS. Google Threat Intelligence Group (GTIG) has identified a new iOS full-chain exploit that leveraged multiple zero-day vulnerabilities to fully compromise devices. Based on too…SCHNEIER.COM
5 MayWhatsApp Security Flaw Enables Malicious URL Execution Through Instagram ReelsWhatsApp has recently patched two notable security vulnerabilities that could have allowed attackers to execute malicious links and disguise dangerous files. The most alarming discovery involves a flaw in how WhatsApp processes Instagram Reels. This vulnerability allows remote th…GBHACKERS.COM
5 MayEducation Sector Hit by Espionage, Phishing, and Supply Chain AttacksEducational institutions are now facing a coordinated mix of state espionage, spear‑phishing, and supply chain intrusions, even as classic ransomware and vulnerability volumes show signs of easing. Every attributed campaign was linked to state actors, with no financially motivate…GBHACKERS.COM
5 MayMicrosoft warns of global campaign stealing auth tokens from 35K usersMicrosoft revealed a phishing campaign hitting 35,000 users in 26 countries, stealing login tokens via fake code-of-conduct emails and legit services. Microsoft disclosed a major phishing campaign that targeted over 35,000 users across 26 countries in mid-April 2026. Attackers us…SECURITYAFFAIRS.COM
5 MayCloudZ malware hijacks Microsoft Phone Link to intercept SMS and OTPsA new malware campaign abuses Microsoft’s Phone Link app to intercept sensitive mobile data, including one-time passwords (OTPs), without compromising the phone itself. The attack centers on a modular malware toolkit called CloudZ RAT and a previously undocumented plugin for it, …CYBERINSIDER.COM
5 MayWe Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually IsWhile the software industry has made genuine strides over the past few decades to deliver products securely, the furious pace of AI adoption is putting that progress at risk. Businesses are moving fast to self-host LLM infrastructure, drawn by the promise of AI as a force multipl…THEHACKERNEWS.COM
5 MaySilver Fox Uses Fake Tax Notices to Drop ValleyRAT and ABCDoor BackdoorSilver Fox is running a tax‑themed phishing campaign that abuses fake notices from Indian and Russian tax authorities to drop ValleyRAT and a new Python backdoor dubbed ABCDoor, using a customized RustSL loader to evade detection and enforce strict geofencing controls. The campai…GBHACKERS.COM
5 MayCisco Acquisition of Astrix Security Signals to Strengthen on Non-Human Identity SecurityNetworking and security leader Cisco has announced its intent to acquire Astrix Security, a pioneer in Non-Human Identity (NHI) management. Announced in May 2026, this acquisition is designed to help enterprises secure the rapidly expanding “agentic workforce”, the gr…GBHACKERS.COM
5 MayStealthy malware abuses Microsoft Phone Link to siphon SMS OTPs from enterprise PCsA newly identified malware campaign is abusing Microsoft’s Phone Link feature to intercept SMS-based one-time passwords and other sensitive mobile data directly from Windows systems. The activity, first observed by Cisco Talos in January 2026, involves a remote access trojan dubb…CSOONLINE.COM
5 MayC/C++ checklist challenges, solvedWe recently added a C/C++ security checklist to the Testing Handbook and challenged readers to spot the bugs in two code samples : a deceptively simple Linux ping program and a Windows driver registry handler. If you found the inet_ntoa global buffer gotcha or the missing RTL_QUE…TRAILOFBITS.COM
5 MayUS-Targeted Phishing Campaign Exposes Credential and Remote Access Risks for CISOsA new large-scale phishing campaign is targeting U.S. organizations with fake event invitations that lead to credential theft, OTP interception, or RMM tool installation. ANY.RUN researchers found that the campaign uses a repeatable phishing framework to create event-themed lure …ANY.RUN
5 MayHow Far the US Went to Rescue Hostage Bowe BergdahlIn 2009, Bowe Bergdahl walked away from his Army post in eastern Afghanistan, only to be abducted and held hostage until 2014. He was captured by the Taliban and then handed to the Haqqani network, an aligned terrorist group. US officials said they kept Bergdahl locked in a metal…THECYBERWIRE.COM
5 MayPoC tool extracts cleartext passwords from Microsoft Edge memoryA newly released proof-of-concept (PoC) tool shows how Microsoft Edge handles saved credentials, demonstrating that passwords may be exposed in cleartext within browser process memory. The researcher behind the tool, Tom Jøran Sønstebyseter Rønning, claims the behavior is longsta…CYBERINSIDER.COM
5 MayA Walkthrough of the 2026 Global Cybersecurity Summit AgendaThe full agenda for the Rapid7 2026 Global Cybersecurity Summit is now live, and it gives a clearer sense of how the conversation around security operations is evolving. Across two days, the sessions progress from a shared understanding of how threats are changing into a more det…RAPID7.COM
5 MayFake SSA Emails Drive Venomous#Helper Phishing CampaignVenomous#Helper attackers impersonate the US Social Security Administration to deploy signed RMM software and maintain persistent access across US networksINFOSECURITY-MAGAZINE.COM
5 MayGoogle to pay up to $1.5 million for zero-click Pixel Titan M exploitsGoogle has revised its Android and Chrome Vulnerability Reward Programs (VRPs), which pay security researchers to report vulnerabilities in Android, Google hardware, and the Chrome browser. The update raises top bounties to $1.5 million and adjusts rewards for lower-complexity re…HELPNETSECURITY.COM
5 MayChina-Linked UAT-8302 Targets Governments Using Shared APT Malware Across RegionsA sophisticated China-nexus advanced persistent threat (APT) group has been attributed to attacks targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025. The activity is being tracked by Cisco Talos under the…THEHACKERNEWS.COM
5 MayOracle will patch more often to counter AI cybersecurity threatOracle plans to issue security patches for its ERP, database, and other software on a monthly cycle, rather than quarterly, to respond to the increased pace of AI-enabled software vulnerability discovery. Other software vendors, notably Microsoft, SAP, and Adobe, already release …CSOONLINE.COM
5 MayTrellix investigating breach of source code repositoryThe cybersecurity company said there is no immediate evidence of code being exploited or released.CYBERSECURITYDIVE.COM
5 MayMicrosoft Edge Stores Passwords in Process Memory, Posing Enterprise RiskA proof-of-concept exploit (PoC) shows how someone with admin privileges can exploit the issue to steal passwords, and thus use them to engage in further malicious activity.DARKREADING.COM
5 MayUK's NCSC warns of AI-driven "patch wave."Google fixes critical Android vulnerability. Trellix discloses source code breach.THECYBERWIRE.COM
5 MayApple brings end-to-end encryption to RCS messaging in iOS 26.5Apple is preparing to roll out end-to-end encryption (E2EE) for RCS messaging in iOS 26.5, now in release candidate (RC) stage, marking a long-awaited step toward secure cross-platform communication between iPhone and Android users. The feature, currently in beta, ensures that me…CYBERINSIDER.COM
5 MayTanium Atlas aims to accelerate threat response in the AI eraTanium announced Tanium Atlas, an autonomous operating system (OS) that gives a single IT or security operator the data, guidance and reach to accomplish what once required an entire team – moving from intent to outcome in a single, governed experience. Tanium Atlas is built on a…HELPNETSECURITY.COM
5 MayCISA pushes critical infrastructure operators to prepare to work in isolationThe US Cybersecurity and Infrastructure Security Agency (CISA) has unveiled a new national initiative aimed at helping critical infrastructure operators withstand and recover from major cyberattacks by preparing to operate in isolation from the internet and third-party dependenci…CSOONLINE.COM
5 MayGoogle AppSheet Abuse Helped Phish 30,000 Facebook AccountsHackers abused Google AppSheet to send Meta phishing emails, compromising 30,000 Facebook business accounts across 50 countries. The post Google AppSheet Abuse Helped Phish 30,000 Facebook Accounts appeared first on TechRepublic .TECHREPUBLIC.COM
5 MayGoogle Update: Android Flaw Could Put Billions of Devices at RiskGoogle patched an Android zero-click RCE flaw affecting multiple versions. Here’s what IT teams should know and how to reduce mobile risk. The post Google Update: Android Flaw Could Put Billions of Devices at Risk appeared first on TechRepublic .TECHREPUBLIC.COM
5 MayEdge browser leaves passwords exposed in plain text, says researcherA Norwegian researcher has identified an issue with Microsoft Edge’s Password Manager that could be a serious concern for businesses. Tom Jøran Sønstebyseter Rønning found that passwords are being saved within the browser in plain text, with the effect that any PC, particularly a…CSOONLINE.COM
5 MayCVE Disclosures Become AI PromptsAI tools are already being used to discover vulnerabilities, including RCEs, through automated auditing and analysis. This raises the possibility that vulnerability disclosures could shift from detailed human-written reports to simple, reproducible AI prompts that generate the sa…YOUTUBE.COM
5 MayStrengthening cyber defense through policy and people.Markus Rauschecker, Executive Director of the University of Maryland Center for Cyber Health and Hazard Strategies, joins Dave Bittner on the CyberWire Daily podcast for a sponsored Industry Voices. He discusses why effective cybersecurity preparedness extends beyond technology, …THECYBERWIRE.COMHTTPS:
5 MayThe fixes keep coming.Brace for an AI-driven patch surge. Google fixes a critical Android flaw. Trellix confirms a source code breach. Apache Software Foundation ships urgent fixes. Data tied to Liberty Mutual leaks. CloudZ evolves to steal OTPs. Ouroboros persistence raises the stakes. A vishing susp…THECYBERWIRE.COM
5 MayTrellix Source Code Breach Highlights Growing Supply Chain ThreatsInfo is scant, but such breaches can reveal where a security product's controls are located and how detections are designed, giving attackers a leg up.DARKREADING.COM
5 May KEVPatch in 3 Days or BreakCISA is reportedly considering reducing remediation timelines for Known Exploited Vulnerabilities (KEV) from weeks down to just three days. Shorter deadlines reduce exposure to active threats—but dramatically increase operational pressure. Security teams may support the change, b…YOUTUBE.COM
5 MaySN 1077: A Browser AI API? - End of Bug Bounties?Google is sneaking a massive 4.7GB AI model into Chrome, and Mozilla is fighting back as the future of browsers threatens to turn into an AI arms race. Find out what's really happening behind this push and why it's setting off alarm bells across the web. Hackers AI-code a portal,…TWIT.TV
4 MaySpotting third-party cyber risk before attackers doIn this Help Net Security video, Jeffrey Wheatman, SVP and Cyber Strategist at Black Kite, discusses how organizations can identify and manage third-party cyber exposures before attackers exploit them. He argues that businesses should move beyond a data-loss mindset toward one ce…HELPNETSECURITY.COM
4 MayWhat researchers learned about building an LLM security workflowSecurity operations centers are running into the same wall everywhere. Detection tools generate more alerts than analysts can work through, and the early stages of any investigation involve pulling together logs from several sources to decide whether something is worth escalating…HELPNETSECURITY.COM
4 MayReborn Gaming - 126 breached accountsIn April 2026, the gaming community Reborn Gaming suffered a data breach due to a vulnerability in cPanel and WebHost Manager (WHM) . The breach exposed 126 unique email addresses along with IP addresses and Steam IDs. Reborn Gaming self-submitted the data to Have I Been Pwned.HAVEIBEENPWNED.COM
4 MayPipelock: Open-source AI agent firewallAI coding agents run with shell access, environment variables containing API keys, and unrestricted internet connectivity, creating a single point of failure where one compromised tool call can leak credentials to an attacker-controlled domain. Pipelock, an open-source security h…HELPNETSECURITY.COM
4 MayTrellix Source Code Breach Exposes Repository to Unauthorized AccessLeading cybersecurity firm Trellix has announced a security incident involving unauthorized access to a portion of its source code repository. The breach highlights a growing trend of threat actors targeting top-tier security vendors to uncover potential software vulnerabilities.…GBHACKERS.COM
4 MayTop 10 AI Pentest ToolsTop 10 AI Pentest Tools AI pentest tools are gaining popularity in offensive security workflows. These tools accelerate reconnaissance and automate workflows, but at the same time, enable less skilled actors to execute complex attacks. Now, security teams are forced to confront a…SOCRADAR.IO
4 MayAI-Powered Threat Actors Accelerate 0-Day Discovery at Machine SpeedThreat actors are already using AI models as autonomous operators to discover and exploit 0‑days in minutes, thereby collapsing the time and cost required to run complex intrusion campaigns. This shift, first clearly visible in late 2025 operations, is forcing defenders to rethin…GBHACKERS.COM
4 MayMOVEit Authentication Bypass Vulnerability Sparks Security ConcernsProgress Software has issued a critical security alert for its MOVEit Automation software. Two severe vulnerabilities have been discovered that could allow attackers to bypass authentication and escalate their privileges. Because of the critical nature of these flaws, administrat…GBHACKERS.COM
4 May KEVCISA Alert Highlights Active Exploitation of cPanel & WHM Security BugThe US Cybersecurity and Infrastructure Security Agency (CISA) has raised the alarm over a critical security vulnerability affecting WebPros cPanel & WebHost Manager (WHM) and WP2 (WordPress Squared). On April 30, 2026, CISA officially added this flaw to its Known Exploited V…GBHACKERS.COM
4 MayNew Apache MINA Vulnerabilities Open Door to Remote Code Execution AttacksThe Apache MINA project has issued urgent security updates to address two severe vulnerabilities. These security flaws could allow malicious actors to execute unauthorized code remotely. The development team has successfully patched these issues in the newly released Apache MINA …GBHACKERS.COM
4 MayThe fake IT worker problem CISOs can’t ignoreHiring fake IT workers has been a growing problem in recent years — but it’s often a problem very few want to admit to. From Fortune 500 companies down to smaller organizations, remote hiring practices have been exploited to grant trusted access to individuals who are not who the…CSOONLINE.COM
4 MayHow CISOs should utilize data security posture management to inform riskEvery CISO eventually faces the same tension: You know your security program needs to mature, but the budget and headcount to do it all aren’t there. That tension is especially sharp when it comes to data security posture management (DSPM) . Not every organization can afford, or …CSOONLINE.COM
4 MayPost Quantum Migration Struggles, AI Threats, and Modern Defenses - ESW #457Interview with Daniel dos Santos: Post-Quantum Cryptography and the Risks No One Is Talking About Post-quantum cryptography (PQC) is quickly shifting from theory to inevitability. In this segment, Daniel dos Santos, VP of Research at Forescout, explains why PQC isn’t the most imm…YOUTUBE.COM
4 MayClaude Security enters public beta with Opus 4.7 vulnerability scanning and patchingClaude Security, previously called Claude Code Security, is in public beta for Claude Enterprise customers. Available in Claude.ai, the capability scans codebases for security vulnerabilities and suggests targeted patches for review, helping teams identify and fix issues that mig…HELPNETSECURITY.COM
4 MayCritical cPanel Vulnerability Weaponized to Target Government and MSP NetworksA previously unknown threat actor has been observed targeting government and military entities in Southeast Asia, alongside a smaller cluster of managed service providers (MSPs) and hosting providers in the Philippines, Laos, Canada, South Africa, and the U.S., by exploiting the …THEHACKERNEWS.COM
4 May276 Arrested as Authorities Dismantle Crypto Scam Centers Targeting AmericansIn an unprecedented international law enforcement operation, authorities have dismantled at least nine overseas cryptocurrency scam centers, resulting in the arrest of 276 individuals. The coordinated effort, led by the FBI, Dubai Police, and the Chinese Ministry of Public Securi…GBHACKERS.COM
4 MayAI speeds flaw discovery, forcing rapid updates, UK NCSC warnsThe UK cyber agency NCSC warns AI is speeding up vulnerability discovery, likely causing a “patch wave” of urgent software updates to fix exposed flaws. The UK’s National Cyber Security Centre (NCSC) warns that AI is rapidly accelerating the discovery of software vulnerabilities,…SECURITYAFFAIRS.COM
4 MayDigiCert suffers breach, stolen certificates used to sign malwareDigiCert has disclosed a security incident in which attackers compromised internal support systems and abused stolen certificate issuance data to obtain valid EV code signing certificates. Some of the certificates were subsequently used to sign malware tied to the Zhong Stealer f…CYBERINSIDER.COM
4 MayStronger Cybersecurity, Stronger Business: NIST Celebrates 2026 National Small Business WeekHappy National Small Business Week! For over 60 years, the U.S. Small Business Administration has led this initiative to acknowledge the critical contributions of America’s entrepreneurs and small business owners. Part of the U.S. Department of Commerce, NIST’s mission is to driv…NIST.GOV
4 MayMalicious TanStack Package Abuses Postinstall Script to Steal Developer SecretsA malicious npm package named “tanstack” has been discovered deploying a stealthy data exfiltration campaign, targeting developers through a deceptive naming strategy and a hidden postinstall script. The package, impersonating the well-known TanStack ecosystem, was weaponized to …GBHACKERS.COM
4 MaySecurity agencies draw red lines around agentic AI deploymentsWith prompt injection and other attack pathways consistently surfacing across agentic AI deployments, security watchdogs have stepped in, collectively, to draw some hard boundaries. A joint advisory from the US Cybersecurity and Infrastructure Security Agency (CISA) and internati…CSOONLINE.COM
4 MayCisco Launches AI Provenance Tool to Strengthen Security and ComplianceArtificial intelligence models are integrated into countless enterprise applications, but knowing exactly where these models come from remains a major security hurdle. Cisco recently launched the Model Provenance Kit, an open-source tool for tracing the exact lineage of AI models…GBHACKERS.COM
4 MaySecurity for AI: A strategic framework for closing the AI exposure gapAs AI adoption accelerates, CISOs face a dual challenge: fueling innovation while mitigating the risks of a rapidly expanding attack surface. Tenable’s five-step framework for securing AI offers a systematic approach to reducing AI security risks as your organization races to ach…TENABLE.COM
4 May4th May – Threat Intelligence ReportFor the latest discoveries in cyber research for the week of 4th May, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Medtronic, a global medical device maker, has disclosed a cyberattack on its corporate IT systems. An unauthorized party accessed data,…RESEARCH.CHECKPOINT.COM
4 MayQ-Day Might Come SoonerIndustry timelines for quantum risk are tightening, with some projections pointing to 2029 for a cryptographically relevant quantum computer. If Q-Day arrives sooner than expected, organizations that delayed planning could be forced into rushed migrations under pressure. Advances…YOUTUBE.COM
4 MayOwl IRD enables one-way forensic data transfer for incident response teamsOwl Cyber Defense has announced the launch of its Incident Response Diode (IRD), a pocket-sized protocol filtering diode (PFD) designed for incident response and forensics teams. The Owl IRD was developed to help users securely move evidence from compromised endpoints into truste…HELPNETSECURITY.COM
4 May KEVTwo cybersecurity pros get prison time for helping ransomware gangTwo American cybersecurity professionals were sentenced to four years in prison for facilitating BlackCat ransomware attacks in 2023. They pleaded guilty in December 2025 to one count of conspiracy to obstruct, delay, or affect commerce, or the movement of any article or commodit…HELPNETSECURITY.COM
4 May⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & MoreThis week, the shadows moved faster than the patches. While most teams were still triaging last month’s alerts, attackers had already turned control panels into kill switches, kernels into open doors, and open-source pipelines into silent delivery systems. The game has shifted fr…THEHACKERNEWS.COM
4 MayProgress Software urges customers to patch critical MOVEit flaw.Educational tech firm Instructure confirms breach. Sorry ransomware gang exploits recently disclosed cPanel vulnerability.THECYBERWIRE.COM
4 MayCritical vulnerability in cPanel leads to widespread exploitationResearchers warn that threat activity continues to surge, including brute force attacks and ransomware.CYBERSECURITYDIVE.COM
4 MayA Vulnerability in WHM cPanel and WP Squared Could Allow for Remote Code ExecutionA vulnerability has been discovered in WHM, cPanel, and WP Squared that could allow for remote code execution. WHM, cPanel, and WP Squared are Linux-based web hosting control panels for server and website management. While WHM provides server-level control, cPanel provides admini…CISECURITY.ORG
4 MayPhishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM ToolsAn active phishing campaign has been observed targeting multiple vectors since at least April 2025, with legitimate Remote Monitoring and Management (RMM) software as a way to establish persistent remote access to compromised hosts. The activity, codenamed VENOMOUS#HELPER, has im…THEHACKERNEWS.COM
4 MayHackers are still exploiting the cPanel bug to gain control of thousands of websitesDays after the disclosure of a critical vulnerability in popular web hosting software cPanel and WHM, hackers keep targeting and hacking websites.TECHCRUNCH.COM
4 MaySecurity without a login screen.Progress Software urges customers to patch a critical MOVEit authentication bypass. Washington worries about limited access to advanced AI tools. Paid influencers promote pro-American AI. CISA warns Copy Fail is under active exploitation. The Canvas educational platform suffers a…THECYBERWIRE.COM
4 MayExploit Cyber-Frenzy Threatens Millions via Critical cPanel VulnerabilityShortly after the authentication-bypass flaw was disclosed multiple proof-of-concept exploits appeared, and one researcher claims there's been zero-day activity for at least a month.DARKREADING.COM
4 May KEV‘Copy Fail’ is a real Linux security crisis wrapped in AI slopThe actively exploited defect could affect every mainstream Linux distribution built since 2017, but some researchers found Theori’s AI-generated disclosure unhelpful and lacking. The post ‘Copy Fail’ is a real Linux security crisis wrapped in AI slop appeared first o…CYBERSCOOP.COM
4 MayFrom Foundation to Force: Your Guide to Operationalizing Wiz at ScaleFollowing your foundation, operationalize Wiz across development, detection and response, and program maturity so your security program never stops getting stronger.WIZ.IO
3 MayWeek in review: High-severity LPE vulnerability in the Linux kernel, cPanel 0-day exploited for monthsHere’s an overview of some of last week’s most interesting news, articles, interviews and videos: The AI criminal mastermind is already hiring on gig platforms Labor-hire platforms let anyone with a credit card post a task and pay a stranger to complete it. The RentAHuman platfor…HELPNETSECURITY.COM
3 MayGoogle Revamps Bug Bounty Programs: Android Rewards Rise, Chrome Payouts Drop in the Age of AIGoogle revamps bug bounties: Android rewards rise to $1.5M, Chrome payouts drop, shifting focus to high-impact, AI-resistant vulnerabilities. Google has announced a major overhaul of its Vulnerability Reward Programs (VRP) for Android and Chrome, marking a strategic shift in how …SECURITYAFFAIRS.COM
2 MayConnected Cars Are Rolling Spy Networks — And They Can Be HackedConnected cars are no longer just vehicles — they are rolling networks of sensors, cameras, microphones, and constant data transmission. In this Cybersecurity Today Weekend Edition, David Shipley is joined by former CSIS intelligence officer Neil Bisson and cybersecurity expert F…CYBERSECURITYTODAY.LIBSYN.COM
2 MayDouble-edged threat.Today we are joined by Justin Albrecht, Principal Researcher at Lookout, discussing "Attackers Wielding DarkSword Threaten iOS Users." DarkSword is a highly sophisticated iOS exploit chain discovered by Lookout that targets iPhones (iOS 18.4–18.6.2), enabling near zero-click …THECYBERWIRE.COM
2 MayOpenAI and Anthropic brief Congress on cyber-capable AI models."Copy Fail" flaw leads to privilege escalation on Linux. FISA Section 702 gets another stopgap extension.THECYBERWIRE.COM
2 MayTrellix Confirms Source Code Breach With Unauthorized Repository AccessCybersecurity company Trellix has announced that it suffered a breach that enabled unauthorized access to a "portion" of its source code. It said it "recently identified" the compromise of its source code repository and that it began working with "leading forensic experts" to res…THEHACKERNEWS.COM
2 MayZenBusiness - 5,118,184 breached accountsIn March 2026, the hacker and extortion group "ShinyHunters" claimed to have obtained a substantial corpus of data from ZenBusiness , a business formation and compliance platform. The group claimed the data had been exfiltrated from platforms including Snowflake, Mixpanel and Sal…HAVEIBEENPWNED.COM
2 MayTrellix discloses the breach of a code repositoryTrellix disclosed a security breach affecting part of its source code repository, however, the company says there’s no sign of code misuse. Trellix revealed a breach that allowed unauthorized access to part of its source code repository. The company said it quickly launched an in…SECURITYAFFAIRS.COM
1 MaySnake Oilers: Ent AI, Spacewalk and MondooIn this edition of the Snake Oilers podcast three vendors stop by to pitch the audience on their products: Ent AI: Co-founder Brandon Dixon pitched Ent, an intent-aware, AI-powered endpoint security control. Spacewalk AI: Founders Chris Fuller and Tim Wenzlau pitch Spacewalk, an …RISKY.BIZ
1 MayNew infosec products of the month: April 2026Here’s a look at the most interesting products from the past month, featuring releases from Advenica, Aptori, Axonius, Broadcom, GlobalSign, Intruder, IP Fabric, Mallory, Secureframe, Siemens, Sitehop, and Virtue AI. Mallory brings contextual threat intelligence to security opera…HELPNETSECURITY.COM
1 MayFake CAPTCHA Scam Uses SMS Pumping to Inflate Phone BillsA newly uncovered cyber fraud campaign is abusing fake CAPTCHA pages to trick mobile users into sending large volumes of international SMS messages, resulting in unexpected phone bills and illicit profits for attackers. Unlike traditional malware campaigns, this operation does no…GBHACKERS.COM
1 MayAman - 215,563 breached accountsIn April 2026, the ultra-luxury hotel brand Aman was named by ShinyHunters as the target of a "pay or leak" extortion campaign , with the data allegedly obtained from their Salesforce CRM. The data was subsequently leaked publicly and contained over 200k unique email addresses. W…HAVEIBEENPWNED.COM
1 MayAI traffic is getting bigger, louder, and less predictableAI workflows need storage that supports repeated movement across the model lifecycle. Large datasets are ingested, transformed, exported for training, pulled back for evaluation, and refreshed as models evolve. Backblaze’s Q1 2026 Network Stats report says this creates a shift fr…HELPNETSECURITY.COM
1 MayClaude Security Enters Public Beta for Enterprise CustomersAnthropic has officially launched the public beta of Claude Security, an advanced vulnerability detection and remediation tool now available to Claude Enterprise customers. Powered by the highly capable Claude Opus 4.7 model, this platform shifts application security testing from…GBHACKERS.COM
1 MayOpen-source privacy proxy masks PII before prompts reach external AI servicesEnterprise developers routinely send prompts to external large language models that contain customer emails, support transcripts, and other identifying information, often without a sanitization layer between the application and the API. Dataiku has released Kiji Privacy Proxy, an…HELPNETSECURITY.COM
1 MayShadow AI risks deepen as 31% of users get no employer trainingBetween one-fifth and one-third of workers use AI outside the influence and governance of the IT function, according to a global survey of 6,000 full-time employees at enterprise organizations. Researchers found a widening gap between employee AI adoption and the controls organiz…HELPNETSECURITY.COM
1 MayChina-Aligned Hackers Deploy ShadowPad in Multi-Stage Espionage CampaignChina-aligned threat actors tracked as SHADOW-EARTH-053 are exploiting old but unpatched Microsoft Exchange and IIS vulnerabilities to run a stealthy, multi-stage espionage campaign across Asian governments, critical infrastructure, and one NATO member state. The group primarily …GBHACKERS.COM
1 MayMultiple Wireshark Vulnerabilities Allow Arbitrary Code Execution via Malformed PacketsThe Wireshark Foundation has released version 4.6.5 of its widely used network protocol analyzer, addressing a massive wave of security vulnerabilities. This urgent update patches over 40 distinct security flaws, driven by a recent surge in AI-assisted vulnerability reports. The …GBHACKERS.COM
1 MayAI-Powered Ransomware Surge Hits 7,831 Victims WorldwideRansomware attacks surged dramatically in 2025, with global victims reaching 7,831. The sharp rise highlights how cybercrime has evolved into a highly organized, AI-driven ecosystem in which attackers operate at speed, with automation and scale. This surge is largely fueled by th…GBHACKERS.COM
1 MayDDoS Malware Targets Jenkins to Hit Valve Game ServersA new DDoS botnet that abuses exposed Jenkins servers to launch powerful attacks against Valve Source Engine game infrastructure, including servers hosting titles like Counter‑Strike and Team Fortress 2. The campaign shows how a single misconfigured CI server can be turned into a…GBHACKERS.COM
1 MayPoisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential TheftA new software supply chain attack campaign has been observed using sleeper packages as a conduit to subsequently push malicious payloads that enabled credential theft, GitHub Actions tampering, and SSH persistence. The activity has been attributed to the GitHub account "BufferZo…THEHACKERNEWS.COM
1 MayJust 34% of cyber pros plan to stick with their current employerDeclining job satisfaction means that only one in three (34%) cybersecurity professionals plan to stay with their current employer, increasing the pressure on CISOs’ talent retention strategies. And according to a survey of 500 cybersecurity professionals by IANS and Artico Searc…CSOONLINE.COM
1 MayManaging OT risk at scale: Why OT cyber decisions are leadership decisionsThe first time I approached an OT environment, I assumed that the strategies effective in IT cybersecurity would be equally applicable. I was wrong. The experience revealed a fundamental difference, highlighting the need for a distinct approach to OT cyber risk management. The mi…CSOONLINE.COM
1 MayHuman-centric failures: Why BEC continues to work despite MFABusiness email compromise (BEC) is still thriving even in organizations that have implemented multi-factor authentication (MFA). As security professionals, we often assume that MFA is the silver bullet for email security, but real-world incidents suggest otherwise. Attackers expl…CSOONLINE.COM
1 May KEVActively exploited cPanel bug exposes millions of websites to takeoverA vulnerability in the cPanel/WHM admin interface lets attackers access websites without a username and password.MALWAREBYTES.COM
1 MayNine-Year-Old Zero-Day Flaw in Linux Kernel Discovered by AI-Equipped Security ResearcherA researcher from offensive security firm Theori has found a nine-year-old flaw in the Linux kernel with the help of AIINFOSECURITY-MAGAZINE.COM
1 MayAnthropic launches Claude Security to counter rapid AI-Powered exploitsAnthropic launched Claude Security to counter faster AI-driven cyberattacks, as tools like Mythos enable near-instant exploitation by threat actors. Anthropic introduced Claude Security to help defenders keep up with a surge in AI-powered cyberattacks. As models like Mythos drast…SECURITYAFFAIRS.COM
1 MayUtah becomes first US state to require age verification for VPN useUtah is set to implement a first-of-its-kind law targeting VPN use to enforce online age verification, raising concerns about privacy, free speech, and technical feasibility. The measure, which takes effect on May 6, 2026, shifts liability onto websites and restricts how they can…CYBERINSIDER.COM
1 MayMozilla warns Chrome’s Prompt API threatens web neutralityMozilla has reiterated strong opposition to Google’s proposed Prompt API for Chrome, warning that it could fragment the web, lock developers into model-specific behavior, and introduce problematic policy enforcement at the browser level. The Prompt API aims to provide web develop…CYBERINSIDER.COM
1 MayAnthropic Rolls Out Claude Security for AI Vulnerability ScanningClaude Security enters public beta, giving enterprises AI driven code scanning with no API integration or custom agents requiredINFOSECURITY-MAGAZINE.COM
1 MayVulnerability remediation: Match CVEs to asset owners in seconds with Tenable Hexa AIDetecting a vulnerability is easy. Finding the person responsible for fixing it is where remediation programs often break down. See how Tenable Hexa AI uses MCP to connect your exposure data to your identity provider — automating the hunt for asset owners in seconds. Key takeaway…TENABLE.COM
1 MayBritish cyber agency warns of looming ‘patch wave’ as AI speeds flaw discoveryBritain’s cyber agency warned that organizations should prepare for a surge of urgent software updates as artificial intelligence accelerates the discovery of security flaws, raising the risk of widespread exploitation.THERECORD.MEDIA
1 MayChina-Linked Hackers Target Asian Governments, NATO State, Journalists, and ActivistsCybersecurity researchers have disclosed details of a new China-aligned espionage campaign targeting government and defense sectors across South, East, and Southeast Asia, along with one European government belonging to NATO. Trend Micro has attributed the activity to a threat ac…THEHACKERNEWS.COM
1 MayA Medicare database leaked Social Security numbers.FISA Section 702 gets another stopgap extension. "Mini Shai Hulud" campaign spreads through the open-source supply chain.THECYBERWIRE.COM
1 MayTCP Packet Walks Into a BarHacker culture often uses humor rooted in programming, networking, and system behavior—like TCP reliability, source code access, and deployment frustrations. These jokes aren’t just comedy; they reflect shared experiences in software and infrastructure work. Concepts like packet …YOUTUBE.COM
1 MayYour KnowBe4 Fresh Content Updates from April 2026John N Just, Ed.D. - Chief Learning Officer What's New: Celebrating World Password Day and Beyond Happy May! This month, we are putting a major spotlight on World Password Day (May 7) . While the "traditional" password might be evolving into passkeys and biometrics, the human ele…KNOWBE4.COM
1 MayThink before you deploy the agent.Five Eyes agencies issue agentic AI guidance. A federal database leaks Social Security numbers. A stealthy worm poisons open source packages. OT firms are sidelined from frontier cyber models. The FBI warns of a surge in cyber-enabled cargo theft. Officials flag likely election i…THECYBERWIRE.COM
1 MayHidden Risk QR Code PhishingQR code phishing attacks more than doubled in early 2026, making them one of the fastest-growing email-based attack vectors. Attackers exploit a simple trust gap: users are trained to inspect links, but QR codes hide the destination entirely. This removes visibility and makes tra…YOUTUBE.COM
1 MayAI agents can bypass guardrails and put credentials at risk, Okta study findsAn AI agent that revealed sensitive data without being asked. An agent that overruled its own guardrails. Another that sent credentials to an attacker via Telegram, because it forgot it wasn’t supposed to do so after a reset. It’s no secret that AI agents have huge potential, bal…CSOONLINE.COM
1 MayEssential Data Sources for Detection Beyond the EndpointUnit 42 highlights the need for a comprehensive security strategy that spans every IT zone. Explore the full details here. The post Essential Data Sources for Detection Beyond the Endpoint appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
30 AprAmazon Layoffs Hit Thousands Across Multiple States as Fresh Stores CloseAmazon layoffs are hitting workers across several states as Fresh closures, AI investments, and post-pandemic restructuring reshape its workforce. The post Amazon Layoffs Hit Thousands Across Multiple States as Fresh Stores Close appeared first on TechRepublic .TECHREPUBLIC.COM
30 AprMicrosoft Confirms Windows Flaw Is Being Exploited After Incomplete PatchMicrosoft confirmed a Windows zero-click flaw tied to an incomplete patch is being exploited, putting credentials at risk for unpatched users. The post Microsoft Confirms Windows Flaw Is Being Exploited After Incomplete Patch appeared first on TechRepublic .TECHREPUBLIC.COM
30 AprResearchers unearth industrial sabotage malware that predated Stuxnet by 5 yearsDesigned to cripple Iran’s nuclear enrichment program, the 2010 Stuxnet worm set a cybersecurity precedent as the first time a nation escalated its activities from strategic espionage to sabotage in cyberspace. Now, a new discovery suggests such operations were in full swing year…CSOONLINE.COM
30 AprSonicWall SonicOS Flaw Lets Attackers Bypass Access Controls and Crash FirewallsSonicWall has released a security advisory detailing three new vulnerabilities affecting its SonicOS software. Disclosed on April 29, 2026, under advisory ID SNWLID-2026-0004, these security flaws open the door for attackers to bypass access controls, manipulate restricted files,…GBHACKERS.COM
30 AprA game of loans.This week, while Maria is on vacation, Dave Bittner and Joe Carrigan are joined by Michele Kellerman as they discuss the latest in social eng…THECYBERWIRE.COM
30 AprGoogle Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code ExecutionGoogle has addressed a maximum severity security flaw in Gemini CLI -- the "@google/gemini-cli" npm package and the "google-github-actions/run-gemini-cli" GitHub Actions workflow -- that could have allowed attackers to execute arbitrary commands on host systems. "The vulnerabilit…THEHACKERNEWS.COM
30 Apr KEVQinglong Task Scheduler RCE Flaws Exploited in the WildHackers are actively exploiting two severe authentication bypass vulnerabilities in Qinglong, a popular open-source task scheduling platform. These flaws allow attackers to execute arbitrary code and deploy resource-draining cryptomining malware on vulnerable servers. Qinglong is…GBHACKERS.COM
30 AprJenkins Plugin Updates Fix Path Traversal and Stored XSS BugsThe Jenkins project released a critical security advisory addressing seven vulnerabilities across multiple widely used plugins. The disclosed flaws include high-severity path traversal and stored cross-site scripting (XSS) vulnerabilities that could allow threat actors to execute…GBHACKERS.COM
30 AprSAP npm package attack highlights risks in developer tools and CI/CD pipelinesA supply chain attack on SAP-related npm packages has put fresh scrutiny on the developer tools and build workflows that enterprises rely on to produce software. The campaign, referred to as “mini Shai-Hulud,” affected packages used in SAP’s JavaScript and cloud application devel…CSOONLINE.COM
30 AprStopping the quiet drift toward excessive agency with re-permissioningIn their infancy, LLM models were not difficult to contain. You gave a prompt; they responded, and if something was wrong it was usually “just text.” This could take the form of a summary that missed the best bits, a tone-deaf line or a wordy sentence. But then, agents were co-op…CSOONLINE.COM
30 AprODNI to CISOs on threat assessments: You’re on your ownEvery year, CISOs, CSOs, and chief risk officers pore over the Office of the Director of National Intelligence (ODNI)’s Annual Threat Assessment (ATA) for insights on emerging threats they may soon face. This year, however, structural changes to the report itself underscore a fou…CSOONLINE.COM
30 AprMax-severity RCE flaw found in Google Gemini CLISecurity researchers are warning about a max severity vulnerability in Google Gemini CLI that could allow remote code execution (RCE) in environments where the tool processes untrusted inputs. The issue was disclosed by Novee Security researchers and affects the @google/gemini-cl…CSOONLINE.COM
30 AprNew Python Backdoor Uses Tunneling Service to Steal Browser and Cloud CredentialsCybersecurity researchers have disclosed details of a stealthy Python-based backdoor framework called DEEP#DOOR that comes with capabilities to establish persistent access and harvest a wide range of sensitive information from compromised hosts. "The intrusion chain begins with e…THEHACKERNEWS.COM
30 AprDismantle implicit trust in OT networks, CISA tells critical infrastructure operatorsThe US Cybersecurity and Infrastructure Security Agency (CISA) has asked owners and operators of operational technology to stop assuming their networks are safe, and has released joint guidance to adapt zero trust principles for industrial systems that support US power, water, tr…CSOONLINE.COM
30 AprCisco releases open-source toolkit for verifying AI model lineageEnterprises pulling models from Hugging Face and other open repositories rarely keep records of how those models are altered after download, leaving organizations with little ability to confirm what they are running in production. The State of AI Security 2026 from Cisco places t…HELPNETSECURITY.COM
30 AprMet Police face criticism for using AI to spy on their own officersLondon police officers have been warned by the Metropolitan Police Federation to watch their backs after the force deployed controversial AI software to investigate misconduct. The staff association, representing more than 30,000 officers in London, reported it had not been infor…HELPNETSECURITY.COM
30 AprHackers arrested for stealing and reselling 600,000 Roblox accountsUkrainian police detained three suspects accused of hacking into Roblox accounts and reselling the data on Russian websites, with payments made in cryptocurrency. Police raid (Source: The Prosecutor General’s Office of Ukraine) “Prosecutors of the Lviv region, togethe…HELPNETSECURITY.COM
30 AprAI Is Scaling Cyber AttacksA recent report details how attackers are using AI tools to automate reconnaissance, target selection, and vulnerability discovery during cyber attacks. This significantly lowers the cost and effort required to launch attacks while increasing their scale and effectiveness. As a r…YOUTUBE.COM
30 AprArbitrary code execution and Claude Code CLI: How Claude executed code before you click 'trust'submitted by codeinabox to security 2 points | 0 comments https://www.sonarsource.com/blog/claude-arbitrary-code-executionPROGRAMMING.DEV
30 Apr"Copy Fail" flaw leads to privilege escalation on Linux.US House votes to extend FISA Section 702, though Senate passage is unlikely. OpenSSH flaw can lead to root shell access.THECYBERWIRE.COM
30 AprAgent’s claims on WhatsApp access spark security concernsA US agent claimed WhatsApp encryption is fake and Meta can access messages; the probe was abruptly shut, raising security concerns. A US agent claimed WhatsApp encryption is fake, alleging Meta accesses all unencrypted messages, but Commerce Department abruptly shut the probe, l…SECURITYAFFAIRS.COM
30 AprHackers are actively exploiting a bug in cPanel, used by millions of websitesWeb hosts are scrambling to fix the bug under active attack by hackers. One company said hackers have been abusing the bug for months.TECHCRUNCH.COM
30 AprBridging the gap: How to integrate Claude Security into the Tenable One Exposure Management PlatformBridge the gap between AI-driven vulnerability discovery and prioritized remediation. Learn how to integrate Claude Security’s deep-logic analysis into Tenable One to unify your attack surface, eliminate noise, and focus on the risks that matter most. Key takeaways As frontier AI…TENABLE.COM
30 AprAnother AI-Assisted Software Scan Yields 9-Year-Old Linux BugThe proof-of-concept exploit code runs only 10 lines long, but luckily, a patch is already available.DARKREADING.COM
30 AprFIRESTARTER - PSW #924This week in the security news: - Are you a FIRESTARTER? - Eavesdropping via fiber-optic cables - Copy Fail - more Linux LPE - Github RCE - Running Linux on a PS5 - BadUSB tricks - SilentGlass and HDMI threats - Sonicwall and vague details - Universities are for porn? - The Bansh…YOUTUBE.COM
30 AprWhen Trusted Sites Turn MaliciousAttackers have long exploited trusted domains—like university websites—by injecting malicious code that redirects traffic or hosts spam content, leveraging the site’s reputation to boost visibility. This “reputation theft” not only helps attackers rank higher in search results, b…YOUTUBE.COM
30 AprThat AI Extension Helping You Write Emails? It’s Reading Them FirstUnit 42 uncovers high-risk AI browser extensions. Disguised as productivity tools, they steal data, intercept prompts, and exfiltrate passwords. Protect your browser. The post That AI Extension Helping You Write Emails? It’s Reading Them First appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
30 AprBank regulator sounds warning over cybersecurity threat posed by AI modelsFrontier AI models inspired by Anthropic’s Claude Mythos could arm attackers with advanced capabilities that the banking sector is ill equipped to cope with, Australia’s financial regulator, the Australian Prudential Regulation Authority (APRA), has warned. In a letter addressed …CSOONLINE.COM
29 AprCI/CD pipeline abuse: the problem no one is watchingHow we built an open-source, drop-in CI template that uses signal extraction and LLM reasoning to catch CI/CD abuse in GitHub Actions, GitLab CI, and Azure DevOps pipelines.ELASTIC.CO
29 AprMore fake extensions linked to GlassWorm found in Open VSX code marketplaceThe threat actor seeding the Open VSX code marketplace with fraudulent extensions that download the GlassWorm malware has uploaded 73 more impersonated links, as its attempt to infect software supply chains continues. Philipp Burckhardt , head of threat intelligence at Socket, wh…CSOONLINE.COM
29 AprProduct showcase: SimpleX Chat removes user identifiers from messagingSimpleX Chat is a free, private, open-source messenger that uses encryption and does not require user identifiers. It is available on mobile and desktop platforms, including iOS, Android, Windows, macOS, and Linux. After downloading the app, the user creates a profile by entering…HELPNETSECURITY.COM
29 AprMassive Python Supply Chain Hack, $2.1B Scam Losses, North Korea Targets Crypto ExecsA major open source Python tool was hijacked in a supply chain attack, exposing developer credentials, cloud secrets, and crypto wallets. Meanwhile, the FTC says Americans lost more than $2.1 billion to scams that began on social media, with Facebook leading reported losses. Cybe…CYBERSECURITYTODAY.LIBSYN.COM
29 AprcPanel Releases Emergency Patch for Critical Authentication FlawWeb hosting administrators must take immediate action, as cPanel has rolled out an emergency security update to address a critical vulnerability. Disclosed on April 28, 2026, this flaw impacts various authentication paths within the cPanel and WebHost Manager (WHM) ecosystem. Con…GBHACKERS.COM
29 AprRisky Business #835 -- Why the Fast16 malware is badassOn this week’s show, Patrick Gray and James Wilson are joined by special guest-host Dmitri Alperovitch. They discuss the week’s cybersecurity news, including: The US government is mad as hell about Chinese firms stealing American AI technology Dmitri has an opinion or two about t…RISKY.BIZ
29 AprVimeo Confirms Data Breach After Hackers Access User DatabaseVimeo has officially confirmed a data breach affecting its user database. The security incident did not originate with Vimeo, but rather with Anodot, a third-party analytics vendor used by the video hosting platform. This event highlights the ongoing risks associated with softwar…GBHACKERS.COM
29 AprShinyHunters exploit Anodot incident to target VimeoThe video platform Vimeo confirmed a security breach via Anodot that exposed metadata, video titles, and some user emails. Vimeo said some user data was accessed after a breach at Anodot. Anodot is a company that provides AI-driven data analytics and anomaly detection tools. Most…SECURITYAFFAIRS.COM
29 AprVirtue AI PolicyGuard turns AI policies into enforceable runtime guardrailsVirtue AI has announced PolicyGuard, a system that enables enterprises to define, edit, and enforce custom AI runtime protection guardrails across models, agents, and applications. Most organizations have “AI acceptable use policies.” When they need to enforce those p…HELPNETSECURITY.COM
29 AprSLOTAGENT Malware Hides API Calls and Strings to Thwart AnalysisA previously unknown remote access trojan (RAT), dubbed SLOTAGENT, after analyzing a suspicious ZIP archive uploaded from Japan to a public malware repository in early 2026. The malware demonstrates advanced evasion techniques and flexible post-exploitation capabilities, making i…GBHACKERS.COM
29 AprDigitalOcean AI-Native Cloud unifies infrastructure, inference, and agents for production AIDigitalOcean has introduced the AI-Native Cloud, an end-to-end platform built for the inference and agentic era. Spanning infrastructure, core cloud, inference, data, and managed agents, it already supports production workloads at Higgsfield AI, Hippocratic AI, ISMG, Bright Data,…HELPNETSECURITY.COM
29 AprClaude Mythos Has Found 271 Zero-Days in FirefoxThat’s a lot . No, it’s an extraordinary number: Since February, the Firefox team has been working around the clock using frontier AI models to find and fix latent security vulnerabilities in the browser. We wrote previously about our collaboration with Anthropic to s…SCHNEIER.COM
29 AprCritical cPanel Authentication Vulnerability Identified — Update Your Server ImmediatelycPanel has released security updates to address a security issue impacting various authentication paths that could allow an attacker to obtain access to the control panel software. The problem affects all currently supported versions, according to an alert released by cPanel on T…THEHACKERNEWS.COM
29 AprAWS leans on prior ingenuity to face future AI and quantum threatsAs Amazon celebrates the 20th anniversary of its AWS cloud this year, the world’s biggest cloud computing provider now faces two giant cybersecurity threats — AI and quantum. How the company will navigate these emerging issues to ensure the security and resilience of systems used…CSOONLINE.COM
29 AprThe Next Frontier: Autonomous Security and RSAC Interviews from Quantro & SandboxAQ - BSW #445Attackers are increasingly weaponizing frontier models to accelerate the entire attack lifecycle, with current and emerging models reducing the time and expertise needed to start disruptive attacks. As offensive capabilities become more automated and agentic, organizations will n…YOUTUBE.COM
29 AprCursor AI Coding Agent Vulnerability Lets Attackers Run Code on Developers’ MachinesA newly disclosed high-severity vulnerability in the Cursor AI-powered coding environment could allow attackers to execute arbitrary code on a developer’s machine, raising fresh concerns about the security of AI-assisted development workflows. The vulnerability was officially pub…GBHACKERS.COM
29 AprU.S. Charges Suspected Scattered Spider Member Over Cyber IntrusionsFederal authorities have charged 19-year-old Peter Stokes, known online as “Bouquet,” for his alleged role in the notorious cybercriminal group Scattered Spider. Law enforcement arrested the dual U.S. and Estonian citizen earlier this month in Helsinki as he attempted…GBHACKERS.COM
29 AprExtending Ruzzy with LibAFLLibAFL is all the rage in the fuzzing community these days, especially with LLVM’s libFuzzer being placed in maintenance mode . Written in Rust, LibAFL claims improved performance, modularity, state-of-the-art fuzzing techniques, and libFuzzer compatibility . For these reasons, I…TRAILOFBITS.COM
29 AprCursor AI Extension Flaw Exposes Developer Tokens to Credential TheftSecurity researchers at LayerX have uncovered a high-severity vulnerability in the popular AI-powered development environment, Cursor. Dubbed “CursorJacking,” this flaw carries a CVSS score of 8.2 and exposes developers to immediate credential theft. Any installed ext…GBHACKERS.COM
29 AprMastering agentic AI security through exposure managementAs AI tools evolve from siloed chatbots to autonomous, hyperconnected systems, they create a vast new attack surface. Discover how to manage this risk by focusing on visibility, agency, and semantic security to protect your organization’s increasingly complex landscape of agentic…TENABLE.COM
29 AprExperts on Experts: The 2026 Threat Landscape is Moving Faster than Defenders ExpectThis week on Experts on Experts, I’m joined by Christiaan Beek, Rapid7’s VP of Threat Analytics, to talk through what we’re seeing in the 2026 threat landscape and how it connects to recent research coming out of Rapid7 Labs. We start with the report, but quickly move into what’s…RAPID7.COM
29 AprMicrosoft won’t patch PhantomRPC: Feature or bug?A researcher has detailed five ways to exploit PhantomRPC, which Microsoft rates “moderate” and does not plan to fix.MALWAREBYTES.COM
29 AprAll supported cPanel versions hit by critical auth bug, now patchedcPanel fixed a critical authentication flaw that could let attackers access servers. The issue affects all supported versions. cPanel released security updates to address a critical authentication vulnerability that could allow attackers to gain unauthorized access to its control…SECURITYAFFAIRS.COM
29 AprSwiss police arrest 10 suspected members of Nigeria-linked crime group Black AxeSwiss and German law enforcement have arrested 10 suspected members of the Nigerian criminal network Black Axe, including a regional leader believed to oversee operations in Southern Europe.THERECORD.MEDIA
29 AprAI Speeds Up Cyber AttacksAI is accelerating existing attack patterns rather than replacing them. Identity-based attacks account for the majority of cloud compromises, with human and system failures still the root cause. The real shift isn’t new tactics—it’s speed and scale. Attackers can move faster, aut…YOUTUBE.COM
29 AprAI Finds 38 Security Flaws in Electronic Health Record PlatformFlaws in OpenEMR's platform — used by more than 100,000 healthcare providers — enabled database compromise, remote code execution, and data theft.DARKREADING.COM
29 AprWhat It Takes to Run Marketing Solo with Sara Ceballos, Director of Marketing at BreachRxRunning marketing as a team of one means you’re responsible for everything, from attribution to brand to pipeline. Sara Ceballos, Director of Marketing, joins the show to talk through her time at Inspectiv, where she was brought in to support two new product launches, rethink the…THECYBERWIRE.COM
29 AprA wake-up call on frontier AI.OpenAI and Anthropic brief Congress on cyber-capable AI. The GAO flags improper DOGE access to Treasury payment systems. Greece moves to end online anonymity. CISA orders agencies to patch an exploited Windows zero-day. Researchers uncover ransomware that destroys data instead of…THECYBERWIRE.COM
29 AprReverse Engineering With AI Unearths High-Severity GitHub BugWiz used an AI reverse-engineering tool to pinpoint a vulnerability that previously would have been too costly and time-consuming to undertake.DARKREADING.COM
29 AprFive Things we Took Away from Gartner SRM Sydney 2026At this year's Gartner Security and Risk Management Summit in Sydney, Rapid7 CISO Brian Castagna joined industry CISO Nigel Hedges for a fireside chat on the decisions security leaders are actually making right now. They discussed the real decisions being made right now about bud…RAPID7.COM
29 AprModern Defensible Architecture: Resilience for the Australian Federal GovernmentHow Wiz enables Australian government agencies to operationalise MDA with real-time context, zero trust enforcement, and end-to-end cloud visibility.WIZ.IO
28 AprMicrosoft Patches Entra ID Role Flaw That Enabled Service Principal TakeoverAn administrative role meant for artificial intelligence (AI) agents within Microsoft Entra ID could enable privilege escalation and identity takeover attacks, according to new findings from Silverfort. Agent ID Administrator is a privileged built-in role introduced by Microsoft …THEHACKERNEWS.COM
28 AprClickUp Security Flaw Exposes 959 Emails Linked to Major Fortune 500 FirmsA major security flaw in the popular productivity platform ClickUp has exposed sensitive data, including 959 email addresses tied to Fortune 500 companies and government agencies. The primary vulnerability stems from a hardcoded Split.io SDK token left inside ClickUp’s production…GBHACKERS.COM
28 AprClaude Opus 4.6-Powered AI Coding Agent Wipes Production Database in 9 SecondsA Claude Opus 4.6-powered AI coding agent operating through the Cursor editor autonomously deleted the production database and backups of SaaS startup PocketOS in just nine seconds. The incident highlights critical security failures in AI guardrails and infrastructure access cont…GBHACKERS.COM
28 AprWhat CISOs need to get right as identity enters the agentic eraIdentity has always been central to security, but the proliferation of AI agents is rapidly changing the challenge of managing and securing identity, spurring CISOs to rethink their identity strategies — even how it is defined. “Identity is now both a control surface and an attac…CSOONLINE.COM
28 AprStopping AiTM attacks: The defenses that actually work after authentication succeedsThe security industry has spent years building better authentication. Longer passwords, second factors, hardware tokens. And attackers responded by moving past authentication entirely. Adversary-in-the-middle (AiTM) phishing does not steal credentials and replay them. It sits bet…CSOONLINE.COM
28 AprTop 10 Web Hacking Techniques of 2025 and a Hint for 2026 - James Kettle - ASW #380Portswigger's list of web hacking techniques is a long-running celebration of curiosity and research from the web hacking community. James Kettle shares his thoughts on the entries from 2025 and how he expects LLMs and agents to influence what the list will look like for next yea…YOUTUBE.COM
28 AprBuilding Resilience in a World of Constant ThreatsMegan Stifel, Chief Strategy Officer at the Institute for Security and Technology, joins Ann on this week’s episode of Afternoon Cyber Tea to discuss why cybersecurity must be treated as a shared governance responsibility, not just an IT issue. They explore how boardroom misalign…THECYBERWIRE.COM
28 AprVimeo suffers 3rd-party breach exposing user data, hackers threaten leakVimeo has disclosed a security incident stemming from a breach at third-party analytics provider Anodot, which resulted in unauthorized access to certain user and customer data. The company states that no video content, login credentials, or payment information were exposed, thou…CYBERINSIDER.COM
28 AprMDR Selection is a Partnership DecisionManaged Detection and Response (MDR) is a cybersecurity service that combines human expertise and technology to detect, investigate, and respond to threats 24/7. I write this as a Field CISO at Rapid7, but also as someone who has had to live with the operational reality of MDR on…RAPID7.COM
28 AprAfter Mythos: New Playbooks For a Zero-Window EraWhen patching isn’t fast enough, NDR helps contain the next era of threats. If you’ve been tracking advancements in AI, you know the exploit window, the short buffer that organizations relied on to patch and protect after a vulnerability disclosure, is closing fast. Anthropic’s n…THEHACKERNEWS.COM
28 AprSecuring RAG pipelines in enterprise SaaSIn the enterprise SaaS space, AI agents are becoming an integral part of the SaaS product. To make these intelligent agents truly useful, they need contextual, customer-specific knowledge, something standard Large Language Models (LLMs), open source or otherwise, inherently lack …CSOONLINE.COM
28 AprWhat Anthropic’s Mythos Means for the Future of CybersecurityTwo weeks ago, Anthropic announced that its new model, Claude Mythos Preview, can autonomously find and weaponize software vulnerabilities, turning them into working exploits without expert guidance. These were vulnerabilities in key software like operating systems and internet i…SCHNEIER.COM
28 AprMicrosoft fixes Entra ID flaw enabling privilege escalationMicrosoft fixed a Microsoft Entra ID flaw where the Agent ID Administrator role could enable privilege escalation and account takeover. Microsoft addressed a flaw in Microsoft Entra ID that could let attackers take over service accounts. The issue involved the Agent ID Administra…SECURITYAFFAIRS.COM
28 AprHTTP Requests with X-Vercel-Set-Bypass-Cookie Header, (Tue, Apr 28th)This weekend, we saw a few requests to our honeypot that included an "X-Vercel-Set-Bypass-Cookie" header. A sample request:
ISC.SANS.EDU
28 AprSecuring the git push pipeline: Responding to a critical remote code execution vulnerabilityHow we validated, fixed, and investigated a critical vulnerability in under two hours, and confirmed no exploitation. The post Securing the git push pipeline: Responding to a critical remote code execution vulnerability appeared first on The GitHub Blog .GITHUB.BLOG
28 AprSignal Phishing Campaign Targets German Officials in Suspected Russian OperationSuspected Russian phishing via Signal targeted German officials, exploiting trust to access accounts and sensitive political communications. A new wave of cyber operations targeting European political leadership is once again highlighting how modern espionage increasingly relies …SECURITYAFFAIRS.COM
28 AprGet Motivated: What to Expect from Our Keynote at Rapid7's Global Cybersecurity SummitSecurity teams prepare for incidents every day. Alerts are tuned, playbooks are built, and processes are tested. But when something actually happens, the challenge shifts. It becomes not just about making decisions under pressure, but how well that preparation has set teams up to…RAPID7.COM
28 AprAccess control with IAM Identity Center session tagsAs organizations expand their Amazon Web Services (AWS) footprint, managing secure, scalable, and cost-efficient access across multiple accounts becomes increasingly important. AWS IAM Identity Center offers a centralized, unified solution for managing workforce access to AWS acc…AWS.AMAZON.COM
28 AprA Vulnerability in OpenSSH Could Allow for Authentication BypassA vulnerability has been discovered in OpenSSH which could allow for authentication bypass. OpenSSH (Open Secdure Shell) is an open-source suite of secure networking utilities based on the SSH protocol. It provides encrypted communication sessions over unsecured networks in a cli…CISECURITY.ORG
28 AprWhy Sharing a Screenshot Can Get You Jailed in the UAEThe war in Iran has drawn attention to arrests in the United Arab Emirates over online content, but the legal framework behind that enforcement has existed for years.WIRED.COM
28 AprPitney Bowes confirms Salesforce breach after hacker leaks 25 million recordsPitney Bowes has confirmed to CyberInsider that it suffered a cybersecurity incident involving unauthorized access to customer data stored in its Salesforce environment. This admission follows claims by the ShinyHunters extortion group that it has stolen over 25 million records. …CYBERINSIDER.COM
28 AprMultiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code ExecutionMultiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large…CISECURITY.ORG
28 AprOracle Quarterly Critical Patches Issued April 21, 2026Multiple vulnerabilities have been discovered in Oracle products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user. Dep…CISECURITY.ORG
28 AprVidar Rises to Top of Chaotic Infostealer MarketThe malware has filled the gap created by last year's law enforcement takedowns of Lumma and Rhadamanthys.DARKREADING.COM
28 AprSpy agency officials say job loss anxiety, moving fast ‘safely’ among top challenges in AI workforce overhaulWhile tech leaders think about how to strategically deploy AI tools to support human intelligence needs, rank and filers express concerns about their livelihoods. The post Spy agency officials say job loss anxiety, moving fast ‘safely’ among top challenges in AI workforce overhau…CYBERSCOOP.COM
27 AprFake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto FraudCybersecurity researchers have disclosed details of a telecommunications fraud campaign that uses fake CAPTCHA verification tricks to dupe unsuspecting users into sending international text messages that incur charges on their mobile bills, generating illicit revenue for the thre…THEHACKERNEWS.COM
27 AprCritical Gemini CLI Flaw Raises Supply Chain Security ConcernsGoogle has rolled out urgent security updates for its Gemini CLI and the accompanying GitHub Action to address a critical vulnerability. Tracked as GHSA-wpqr-6v78-jr5g, this flaw exposes continuous integration and continuous deployment (CI/CD) pipelines to Remote Code Execution (…GBHACKERS.COM
27 AprAttackers Chain CODESYS Vulnerabilities to Backdoor ApplicationsNozomi Networks Labs published critical research detailing three new vulnerabilities in the CODESYS Control runtime. When chained together, these security flaws allow an authenticated attacker with low-level privileges to replace a legitimate industrial control application with a…GBHACKERS.COM
27 AprADT - 5,488,888 breached accountsIn April 2026, home security firm ADT confirmed a data breach by ShinyHunters , which listed the company on its website as part of a "pay or leak" extortion attempt. The breach impacted 5.5M unique email addresses along with names, phone numbers and physical addresses. ADT also a…HAVEIBEENPWNED.COM
27 AprU.S. utility giant Itron discloses a security breachItron detected unauthorized access to part of its IT environment on April 13, 2026, and launched incident response and notified authorities. Itron disclosed a cyber incident involving unauthorized access to part of its internal IT systems, detected on April 13, 2026. The company …SECURITYAFFAIRS.COM
27 Apr25 open-source cybersecurity tools that don’t care about your budgetRegardless of the operating system you use, managing secrets, apps, cloud, compliance, and security operations can be overwhelming. The free, open-source tools presented in this article can help you detect threats, increase visibility, enforce controls, and investigate and respon…HELPNETSECURITY.COM
27 AprProduct showcase: LuLu reveals unauthorized outbound connections from Mac appsLuLu is a free, open-source firewall for macOS that lets you control which apps are allowed to send data from your computer. macOS includes a built-in firewall, but it mainly handles incoming connections. LuLu also monitors outgoing traffic. Installing and setting Up LuLu After d…HELPNETSECURITY.COM
27 AprOpenClaw Flaws Expose Systems to Policy Bypass AttacksOpenClaw, a rapidly adopted open-source autonomous AI agent framework, has released critical security updates to address three moderate-severity vulnerabilities. Found in npm package versions before 2026.4.20, these complex flaws expose systems to severe policy bypasses, unauthor…GBHACKERS.COM
27 AprThe ‘manager of agents’: How AI evolves the SOC analyst roleEvery SOC analyst has heard it by now: “AI is coming for your job”. I hear it in conversations with SOC teams. I see it in the hesitation during evaluations. And increasingly, I feel it as a source of resistance — especially from the very people AI is supposed to help. But the re…CSOONLINE.COM
27 AprRethinking Security from the OS Up in the Age of AI and more RSAC 2026 Interviews - ESW #456Rethinking Security from the OS Up in the Age of AI Karen Heart discusses a file-system–first approach to security, arguing that most modern attacks—including ransomware and supply chain compromises—succeed because they inherit user permissions and operate inside overly trusted s…YOUTUBE.COM
27 AprFake Income Tax Notices Used to Spread MalwareCybercriminals are exploiting India’s tax season by launching sophisticated phishing campaigns that impersonate the Income Tax Department to deliver dangerous malware to unsuspecting taxpayers. The malicious operation uses fake assessment notices and tax compliance warnings…GBHACKERS.COM
27 AprItron Discloses Data Breach After Hackers Access Internal SystemsItron, Inc., a leading smart metering and energy infrastructure technology company, has disclosed a cybersecurity incident after an unauthorized third party gained access to certain of its internal systems, according to a Form 8-K filing submitted to the U.S. Securities and Excha…GBHACKERS.COM
27 AprMythos Changed the Math on Vulnerability Discovery. Most Teams Aren't Ready for the Remediation SideAnthropic’s Claude Mythos Preview has dominated security discussions since its April 7 announcement. Early reporting describes a powerful cybersecurity-focused AI system capable of identifying vulnerabilities at scale and raising serious questions about how quickly organizations …THEHACKERNEWS.COM
27 AprPhantomCore Exploits TrueConf Vulnerabilities to Breach Russian NetworksA pro-Ukrainian hacktivist group called PhantomCore has been attributed to attacks actively targeting servers running TrueConf video conferencing software in Russia since September 2025. That's according to a report published by Positive Technologies, which found the threat actor…THEHACKERNEWS.COM
27 AprMicrosoft patched an ‘agent-only’ role that was notAn administrative role meant for AI agents within Microsoft’s Entra ID ecosystem could allow privilege escalation and tenant takeover attacks, as it had privileges over more than agent-related objects. Researchers at Silverfort found that users assigned to Microsoft’s “Agent ID A…CSOONLINE.COM
27 Apr27th April – Threat Intelligence ReportFor the latest discoveries in cyber research for the week of 27th April, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Vercel, a frontend cloud platform, has disclosed a security incident linked to a compromise at Context.ai, where stolen OAuth tokens…RESEARCH.CHECKPOINT.COM
27 AprEU Proposes Forcing Google to Share Search Data With Rivals Under DMAThe European Commission has proposed new measures that could force Google to share key search engine data with rival platforms under the Digital Markets Act, or DMA. The move is part of the EU’s wider push to reduce the market power of major technology companies and create fairer…GBHACKERS.COM
27 AprUS, UK authorities warn that Firestarter backdoor malware survives patchingA federal agency was impacted by a hacking campaign that exploited flaws in Cisco devices.CYBERSECURITYDIVE.COM
27 AprMedical device giant Medtronic confirms data breach incidentMedtronic has disclosed that an unauthorized party accessed portions of its corporate IT environment, while stating there is currently no evidence of disruption to medical devices, patient care, or core operations. The healthcare technology giant revealed the incident in a public…CYBERINSIDER.COM
27 AprCheckmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 AttackCheckmarx has disclosed that its ongoing investigation tied to the supply chain security incident has revealed that a cybercriminal group published data related to the company on the dark web. "Based on current evidence, we believe this data originated from Checkmarx's GitHub rep…THEHACKERNEWS.COM
27 AprUnpatched 'PhantomRPC' Flaw in Windows Enables Privilege EscalationA researcher discovered five different exploit paths that stem from an architectural weakness in how Windows' Remote Procedure Call (RPC) mechanism handles connections to unavailable services.DARKREADING.COM
27 AprOptimize security operations through an AWS Security Hub POCApril 27, 2026: This post was first published in September 2025 when the enhanced AWS Security Hub was in public preview. It has since been updated to reflect the general availability of Security Hub. This revision also provides a more detailed, step-by-step framework for plannin…AWS.AMAZON.COM
27 AprOpen source package with 1 million monthly downloads stole user credentialssubmitted by schnurrito to security 5 points | 1 comments https://arstechnica.com/security/2026/04/open-source-package-with-1-million-monthly-downloads-stole-user-credentials/PROGRAMMING.DEV
26 AprWeek in review: Claude Mythos finds 271 Firefox flaws, Vercel breachHere’s an overview of some of last week’s most interesting news, articles, interviews and videos: SmokedMeat: Open-source tool shows what attackers do inside CI/CD pipelines Boost Security has released SmokedMeat, an open-source framework that runs attack chains against CI/CD inf…HELPNETSECURITY.COM
25 AprThe Patch Gap Is the ProblemMultiple public exploits are targeting Microsoft Defender’s internal privilege workflows, with confirmed use in active attacks. Some vulnerabilities have been patched, while others remain exposed. Security tools themselves can become attack surfaces. The delay between exploit rel…YOUTUBE.COM
25 AprGovernments and industry race to harness AI for vulnerability discovery.FIRESTARTER malware remained on Cisco devices after patches were applied. Cloud development platform Vercel confirms breach.THECYBERWIRE.COM
25 AprFirefox is quietly experimenting with Brave’s ad-blocking engineMozilla has quietly begun experimenting with Brave’s Rust-based ad-blocking engine in Firefox, signaling a potential shift in how the browser handles ads and trackers. The change was first spotted in Firefox 149 under Bugzilla entry 2013888, where Mozilla engineers introduced adb…CYBERINSIDER.COM
24 AprInside The Vercel Supply Chain ExploitInside the Vercel Breach: Highlighting OAuth Token Risk In a special edition of Cybersecurity Today, host Jim Love and guest Jamie Blasco (CTO, Nudge Security) discuss Vercel, a major developer hosting platform, and a breach tied to OAuth grants and shadow AI. Reporting shared by…CYBERSECURITYTODAY.LIBSYN.COM
24 AprHackers Exploit SS7 and Diameter Flaws to Track Mobile Users GloballyA recent investigation by Citizen Lab has uncovered sophisticated, multi-year surveillance campaigns exploiting foundational vulnerabilities in global mobile networks. The report, titled “Bad Connection,” reveals how suspected commercial surveillance vendors (CSVs) we…GBHACKERS.COM
24 AprPhantomRPC: A new privilege escalation technique in Windows RPCKaspersky researcher discovered a vulnerability in RPC architecture that enables an attacker to create a fake RPC server and escalate their privileges.SECURELIST.COM
24 AprTropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2Chinese-speaking individuals are the target of a new campaign that uses a trojanized version of SumatraPDF reader to deploy the AdaptixC2 Beacon post-exploitation agent and ultimately facilitate the abuse of Microsoft Visual Studio Code (VS Code) tunnels for remote access. Zscale…THEHACKERNEWS.COM
24 AprXiongmai IP Camera Flaw Lets Attackers Bypass AuthenticationA critical security vulnerability has been identified in Hangzhou Xiongmai Technology’s XM530 IP Cameras, putting countless commercial facilities at risk. This severe flaw allows remote attackers to bypass authentication protocols and access sensitive device information eas…GBHACKERS.COM
24 AprHackers Exploit Pastebin PowerShell Script to Hijack Telegram SessionsHackers are experimenting with a new Telegram‑focused session stealer that hides in a Pastebin‑hosted PowerShell script posing as a Windows telemetry update, giving defenders a rare view into how such tools are built and tested. The script does not attempt to grab passwords or br…GBHACKERS.COM
24 AprFirefox flaw enables cross-site tracking, undermines Tor Browser defensesA newly disclosed vulnerability in Firefox and Tor Browser allowed websites to generate a stable, process-level identifier using IndexedDB, undermining private browsing protections and cross-site isolation. The issue has been fixed in recent Firefox releases following responsible…CYBERINSIDER.COM
24 AprHackers Exploit Agent ID Administrator Role to Hijack Service PrincipalsA severe scoping vulnerability was recently discovered in Microsoft Entra ID’s new Agent Identity Platform. The security flaw allowed users assigned the Agent ID Administrator role to hijack arbitrary service principals across an organization’s tenant, leading to pote…GBHACKERS.COM
24 AprUK Biobank Data Breach: Health Data of 500,000 Listed for Sale in ChinaUK government Minister confirms that breached health records of UK Biobank volunteers were up for sale on Chinese ecommerce platforms before being removedINFOSECURITY-MAGAZINE.COM
24 Apr3 Reasons to Attend our Global Cybersecurity Summit if you’re Focused on AI, Threats, and CTEMSecurity teams are dealing with a different kind of pressure now. It is not just the volume of alerts or the pace of attacks, but also the gap between what teams can see and what they can act on with confidence. That gap shows up in different ways. Threats move across identity an…RAPID7.COM
24 AprCIS Control Becomes LawRegulators such as NYDFS are requiring financial institutions to formally attest to MFA adoption and maintain accurate inventories of their IT assets, aligning directly with CIS Control 1. These are considered foundational cybersecurity practices, yet they are still not universal…YOUTUBE.COM
24 AprFIRESTARTER malware remained on Cisco devices after patches were applied.Open-source AI models may match Mythos's capabilities. White House moves to fight foreign extraction of US AI capabilities.THECYBERWIRE.COM
24 AprMeta’s Biggest Layoff of 2026 Is Confirmed to Start Next MonthMeta will cut 10% of its workforce, impacting about 8,000 employees, as it shifts resources to AI and reduces costs amid ongoing restructuring efforts. The post Meta’s Biggest Layoff of 2026 Is Confirmed to Start Next Month appeared first on TechRepublic .TECHREPUBLIC.COM
24 AprCISA last in line for access to Anthropic MythosThe US Cybersecurity and Infrastructure Security Agency (CISA) does not yet have access to Anthropic’s bug-hunting AI model, Claude Mythos, even though other government agencies do, Axios reported earlier this week . As if that weren’t a big enough slap in the face for the nation…CSOONLINE.COM
24 AprNew US House privacy bills raise hard questions about enterprise data collectionUS House Republicans have introduced two major privacy proposals that would reshape how US companies collect, process, and retain consumer data: the SECURE Data Act for general consumer privacy and the GUARD Financial Data Act for financial institutions. The bills would create na…CSOONLINE.COM
24 AprWhen Updates Turn Into MalwareThe “Canister Worm” attack compromises legitimate NPM publishers and replaces package contents with malware that executes during installation or updates. Developers can unknowingly pull malicious code directly into their environments. Because the source appears trusted, tradition…YOUTUBE.COM
23 AprMalicious pgserve, automagik developer tools found in npm registryApplication developers are being warned that malicious versions of pgserve, an embedded PostgreSQL server for application development, and automagik, an AI coding tool, have been dropped into the npm JavaScript registry, where they could poison developers’ computers. Downloading …CSOONLINE.COM
23 AprClaude Mythos signals a new era in AI-driven security, finding 271 flaws in FirefoxThe Claude Mythos Preview appears to be living up to the hype, at least from a cybersecurity standpoint. The model, which Anthropic rolled out to a small group of users, including Firefox developer Mozilla, earlier this month, has discovered 271 vulnerabilities in version 148 of …CSOONLINE.COM
23 AprRiddled with flaws, serial-to-Ethernet converters endanger critical infrastructureSerial-to-Ethernet adapters used in industrial, retail, and healthcare environments to link serial devices to TCP/IP networks are riddled with vulnerabilities and outdated open-source components, researchers warn. The flaws enable various attacks scenarios, including taking full …CSOONLINE.COM
23 AprSLAM, scam, thank you ma’am.This week, while Maria is on vacation, Dave Bittner and Joe Carrigan are joined by Michele Kellerman as they discuss the latest in social engineeri…THECYBERWIRE.COM
23 AprApple Patches Privacy Issue Exposing Signal Message Data Through NotificationsApple recently rolled out iOS 26.4.2 and iPadOS 26.4.2 to patch a critical privacy vulnerability affecting millions of users. Released on April 22, 2026, this vital security update addresses a flaw that could accidentally expose sensitive message data from secure applications, mo…GBHACKERS.COM
23 AprClaude Mythos Exposes 271 Zero-Day Security Flaws in FirefoxMozilla has released Firefox 150, addressing a staggering 271 zero-day vulnerabilities. The security team identified these latent flaws using Anthropic’s early-stage Claude Mythos Preview AI model. This massive cleanup represents a major shift in how tech companies detect a…GBHACKERS.COM
23 AprApple fixes iOS privacy flaw that allowed Signal message retrievalApple has released iOS 26.4.2 and iPadOS 26.4.2 to fix a privacy issue that could cause deleted app notifications, including message content, to persist on devices. The update directly addresses concerns raised after reports revealed that law enforcement could recover Signal mess…CYBERINSIDER.COM
23 AprVercel Finds More Compromised Accounts in Context.ai-Linked BreachVercel on Wednesday revealed that it has identified an additional set of customer accounts that were compromised as part of a security incident that enabled unauthorized access to its internal systems. The company said it made the discovery after expanding its investigation to in…THEHACKERNEWS.COM
23 AprMicrosoft taps Anthropic’s Mythos to strengthen secure software developmentMicrosoft plans to integrate Anthropic’s Mythos AI model into its Security Development Lifecycle, a move that suggests advanced generative AI is beginning to play a direct role in how major software vendors identify vulnerabilities and harden code against attack. The company said…CSOONLINE.COM
23 AprResearchers Uncover 10 In-the-Wild Prompt Injection Payloads Targeting AI AgentsForcepoint has found 10 new indirect prompt injection attacks targeting AI agentsINFOSECURITY-MAGAZINE.COM
23 AprApple fixes iOS bug that kept deleted notifications, including chat previewsA vulnerability in iPhones and iPads allowed law enforcement to recover deleted notifications, including Signal message previews.MALWAREBYTES.COM
23 Apr[Webinar] Mythos Reality Check: Beating Automated Exploitation at AI SpeedImagine a world where hackers don't sleep, don't take breaks, and find weak spots in your systems instantly. Well, that world is already here. Thanks to AI, attackers are now launching automated, large-scale exploits faster than ever before. The time you have to fix a vulnerabili…THEHACKERNEWS.COM
23 AprGoogle gets agent-ready for the Mythos ageIn response to Anthropic Mythos, instead of launching another LLM, Google unveiled a broad push toward agentic, AI-driven defense at Google Cloud Next ‘26 to help SOC analysts as they scramble to keep up with the influx of CVEs Mythos threatens. As Mythos promises more vulnerabil…CSOONLINE.COM
23 AprDNN vulnerability puts 750,000 websites at risk | Cybernewssubmitted by kid to cybersecurity 1 points | 0 comments https://cybernews.com/security/dnn-vulnerability-enables-rce-exploits-on-web-servers/SH.ITJUST.WORKS
23 AprFlaw in Microsoft-owned GitHub repository allowed RCE via issue submission | news | SC Mediasubmitted by kid to cybersecurity 7 points | 0 comments https://www.scworld.com/news/flaw-in-microsoft-owned-github-repository-allowed-rce-via-issue-submissionSH.ITJUST.WORKS
23 AprTrailmark turns code into graphsWe’re open-sourcing Trailmark , a library that parses source code into a queryable call graph of functions, classes, call relationships, and semantic metadata, then exposes that graph through a Python API that Claude skills can call directly. Install it now: uv pip install …TRAILOFBITS.COM
23 AprVercel Confirms Security Breach Affecting Customer AccountsVercel has confirmed a security breach involving unauthorised access to certain internal systems, and the company says the incident affected a limited number of customer accounts and stored data. The cloud platform provider disclosed that it is actively investigating the incident…GBHACKERS.COM
23 AprOffer customers passkeys by default, UK’s NCSC tells enterprisesThe UK’s National Cyber Security Centre (NCSC) is recommending passkeys as the default authentication method for businesses to offer consumers, citing industry progress that now makes them a more secure and user-friendly alternative to passwords. In a blog post published this wee…CSOONLINE.COM
23 AprHouse Republicans unveil data privacy law that would override state protectionsThe bill, known as the SECURE Data Act, is backed by top Republicans on the House Energy and Commerce and Financial Services committees.THERECORD.MEDIA
23 AprThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New StoriesYou scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works with small changes. Same bugs. Same mistakes. The supply chain is messy. Packages you did not check are stealing data, adding backdoors, and spreading. A…THEHACKERNEWS.COM
23 AprVercel says some of its customers’ data was stolen prior to its recent hackThe app and website hosting company has found evidence of a second compromise of customer accounts after expanding its initial investigation following a breach in early April.TECHCRUNCH.COM
23 AprSnow Flurries: How UNC6692 Employed Social Engineering to Deploy a Custom Malware SuiteWritten by: JP Glab, Tufail Ahmed, Josh Kelley, Muhammad Umair Introduction Google Threat Intelligence Group (GTIG) identified a multistage intrusion campaign by a newly tracked threat group, UNC6692, that leveraged persistent social engineering, a custom modular malware suite, a…CLOUD.GOOGLE.COM
23 AprSony to enforce age checks for PlayStation users in the UK starting in JuneSony has announced that UK-based PlayStation users will soon need to verify their age to maintain access to key social features, with enforcement set to begin in June 2026. While players will still be able to access games and purchases, unverified accounts will face growing featu…CYBERINSIDER.COM
23 AprFive steps to become Mythos readyAI is uncovering vulnerabilities at a scale that will overwhelm legacy defenses. Here is how to build a security organization that is Mythos ready. Key takeaways While frontier AI models like Claude Mythos boost cyber defenses, they also empower attackers to discover and weaponiz…TENABLE.COM
23 AprSurveillance vendors exploit telecom weaknesses.Sean Plankey withdraws nomination to serve as CISA director. GopherWhisper targets Mongolian government entities.THECYBERWIRE.COM
23 AprLuxury cosmetics giant Rituals discloses data breach impacting member personal detailsRituals disclosed a breach where hackers accessed and downloaded some My Rituals members’ data, including names and addresses. Luxury cosmetics giant Rituals disclosed a data breach impacting My Rituals members after attackers gained unauthorized access to its systems and downloa…SECURITYAFFAIRS.COM
23 AprRecent Microsoft Defender Vulnerability Exploited as Zero-Day - SecurityWeeksubmitted by kid to cybersecurity 1 points | 0 comments https://www.securityweek.com/recent-microsoft-defender-vulnerability-exploited-as-zero-day/SH.ITJUST.WORKS
23 AprSurveillance companies exploiting telecom system to spy on targets’ locations, research showsThe campaigns exploited a weakness in telecom infrastructure to allow the unnamed vendors to secretly pose as real cellular providers and pinpoint victims’ locations.THERECORD.MEDIA
23 AprCISA: US agency breached through Cisco vulnerability, FIRESTARTER backdoor allowed access through MarchCISA said the unnamed department was infected with malware called “FIRESTARTER” that allowed the hackers to return to the Cisco device in March without re-exploiting the original vulnerabilities.THERECORD.MEDIA
23 AprSurveillance campaigns use commercial surveillance tools to exploit long-known telecom vulnerabilitiesResearchers said it’s the first-ever mapping of attack traffic to mobile operator signalling infrastructure. The post Surveillance campaigns use commercial surveillance tools to exploit long-known telecom vulnerabilities appeared first on CyberScoop .CYBERSCOOP.COM
23 AprMicrosoft Offers First-Ever Retirement Buyouts to Thousands of EmployeesMicrosoft is offering first-ever retirement buyouts to some US employees as AI-driven data center spending grows and tech layoffs continue. The post Microsoft Offers First-Ever Retirement Buyouts to Thousands of Employees appeared first on TechRepublic .TECHREPUBLIC.COM
23 Apr3 practical ways AI threat detection improves enterprise cyber resilienceWhy “more alerts” isn’t the same as better security If you run security in an enterprise environment, you already know the problem. Generic detection tools generate thousands of alerts, most of them low value. Analysts spend hours chasing noise while attackers quietly move latera…CSOONLINE.COM
23 AprThe curious case of Sean Plankey’s derailed CISA nominationDonald Trump’s nominee to lead the Cybersecurity and Infrastructure Security Agency (CISA), Sean Plankey, informed Homeland Security Secretary Markwayne Mullin and the White House that he is withdrawing his nomination after a 13-month stall, during which the well-regarded cyberse…CSOONLINE.COM
23 AprYour signal is showing.Researchers expose covert telecom surveillance campaigns. Lawmakers push new national privacy rules. China-linked actors hide inside compromised device networks. A ransomware forum leak reveals a criminal marketplace. GopherWhisper blends into cloud services for espionage. Attack…THECYBERWIRE.COM
23 AprBack to (or Start) Fundamentals? - Rajesh Khazanchi - PSW #923This week: Larry’s in the host seat and chaos ensues. We dig into: - A very questionable story about tracking a warship with a $5 Bluetooth tracker - Serial-to-IP devices quietly sitting in critical infrastructure… and full of holes - New York regulators mandating MFA and asset i…YOUTUBE.COM
23 AprAI threats in the wild: The current state of prompt injections on the webPosted by Thomas Brunner, Yu-Han Liu, Moni Pande At Google, our Threat Intelligence teams are dedicated to staying ahead of real-world adversarial activity, proactively monitoring emerging threats before they can impact users. Right now, Indirect Prompt Injection (IPI) is a top p…SECURITY.GOOGLEBLOG.COM
23 AprSupply Chain Defense LimitsA proposed security tool intercepts software package installs and checks them against a cloud database of known malicious or compromised packages, similar to traditional antivirus systems. While this approach can block known threats, it remains dependent on signature-based detect…YOUTUBE.COM
23 AprVercel attack fallout expands to more customers and third-party systemsThe company said it found more evidence of compromise across its customer base. Exposure, which has yet to be defined, poses significant downstream risk. The post Vercel attack fallout expands to more customers and third-party systems appeared first on CyberScoop .CYBERSCOOP.COM
23 AprBitwarden CLI password manager trojanized in supply chain attackResearchers warn of a new software supply chain attack that resulted in a malicious version of Bitwarden CLI, the terminal version of the extremely popular open-source password manager. The attack is believed to be related to the string of recent supply chain compromises attribut…CSOONLINE.COM
22 AprMicrosoft Issues Emergency .NET 10.0.7 Update to Patch Elevation of Privilege VulnerabilityMicrosoft has issued an emergency out-of-band security update to address a severe vulnerability within the .NET framework. The critical release of .NET 10.0.7 patches an Elevation of Privilege flaw that inadvertently surfaced after a recent routine system update. Out-of-band patc…GBHACKERS.COM
22 Apr KEV1,370+ Microsoft SharePoint Servers at Risk of Spoofing Attacks Found Exposed OnlineMore than 1,370 Microsoft SharePoint servers remain publicly exposed to an actively exploited spoofing vulnerability, putting countless corporate networks at severe risk. Identified by threat intelligence researchers at The Shadowserver Foundation, these unpatched systems are vul…GBHACKERS.COM
22 AprDinDoor Backdoor Exploits Deno and MSI Installers to Slip Past DetectionDinDoor is a newly documented backdoor that abuses the Deno JavaScript runtime and MSI installer files to execute attacker‑controlled code while sidestepping traditional detection controls quietly. Hiding behind trusted runtimes and common Windows tooling gives threat actors a fl…GBHACKERS.COM
22 AprFrom Shame to Fame: Changing Behaviors and RSAC Interviews from Tanium and Illumio - BSW #444Why have security awareness training programs failed? Maybe we need to understand human psychology. Humans don't like tricks, or to be shamed, or negative emotions. Humans want to be rewarded, but yet our training and phishing programs are not built for reward. Maybe it's time to…YOUTUBE.COM
22 AprRisky Business #834 -- Vercel gets owned, Mozilla dumps hundreds of Mythos bugsOn this week’s show, Patrick Gray and James Wilson are joined by special guest The Grugq. They discuss the week’s cybersecurity news, including: Vercel got owned, and there’s a few infostealer and compromised employee dots to connect Mozilla used Mythos to find 271 bugs, which fe…RISKY.BIZ
22 AprThe AI era demands a different kind of CISOWhen attackers can discover and exploit vulnerabilities in minutes, last quarter's audit doesn't mean much. CISOs need to shift from static measurement to real-time awareness -- and fast. The post The AI era demands a different kind of CISO appeared first on CyberScoop .CYBERSCOOP.COM
22 AprLotus Wiper Hits Energy Sector in Destructive CyberattackHackers have deployed a new destructive malware, dubbed Lotus Wiper , in a targeted cyberattack against energy and utilities organizations in Venezuela, aiming not to extort money but to destroy data and disrupt operations permanently. Artifacts from the Lotus Wiper attack chain …GBHACKERS.COM
22 AprMullvad to add feature that forces all iOS traffic through the VPN tunnelMullvad has announced a new feature that forces all iOS app traffic through its VPN tunnel, accepting significant usability trade-offs to close long-standing traffic leak risks caused by Apple’s networking limitations. The VPN provider explained that unresolved issues in Apple’s …CYBERINSIDER.COM
22 AprToxic Combinations: When Cross-App Permissions Stack into RiskOn January 31, 2026, researchers disclosed that Moltbook, a social network built for AI agents, had left its database wide open, exposing 35,000 email addresses and 1.5 million agent API tokens across 770,000 active agents. The more worrying part sat inside the private messages. …THEHACKERNEWS.COM
22 AprNFC tap-to-pay gets tapped by hackersCyber crooks are abusing a trojanized Android payment application to steal near field communication (NFC) data and PINs, enabling cloning of payment cards and draining victim accounts. According to ESET researchers, a new variant of the NGate malware has been infused into the Han…CSOONLINE.COM
22 AprMozilla says Claude’s Mythos AI helped uncover 271 flaws in FirefoxMozilla says it has fixed 271 previously unknown security vulnerabilities in Firefox 150 after testing an experimental AI model from Anthropic, marking a dramatic escalation in AI-assisted bug discovery. The announcement by Bobby Holley, a senior staff engineer on the Firefox tea…CYBERINSIDER.COM
22 Apr109 Fake GitHub Repos Spread SmartLoader, StealC MalwareA coordinated malware operation is abusing fake GitHub repositories to distribute a LuaJIT-based loader, SmartLoader, and a follow-on StealC infostealer, with at least 109 malicious repos active across 103 accounts. The campaign blends cloned open source code, obfuscated Lua stag…GBHACKERS.COM
22 AprIran claims US exploited networking equipment backdoors during strikessubmitted by floofloof to cybersecurity 5 points | 1 comments https://www.tomshardware.com/tech-industry/cyber-security/iran-claims-us-exploited-networking-equipment-backdoors-during-strikes cross-posted from: lemmy.bestiver.se/post/1063291 CommentsINFOSEC.PUB
22 AprUnsecured Perforce Servers Expose Sensitive Data From Major Orgs - SecurityWeeksubmitted by kid to cybersecurity 1 points | 0 comments https://www.securityweek.com/unsecured-perforce-servers-expose-sensitive-data-from-major-orgs/SH.ITJUST.WORKS
22 Apr KEVActively exploited Apache ActiveMQ flaw impacts 6,400 serverssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/actively-exploited-apache-activemq-flaw-impacts-6-400-servers/SH.ITJUST.WORKS
22 AprPunishment Fails Behavior ChangeSecurity awareness programs often rely on punishment—especially in phishing simulations and compliance training. But behavioral psychology shows that rewarded actions are far more likely to stick than punished ones. If employees only act securely to avoid consequences, the behavi…YOUTUBE.COM
22 AprNews alert: BreachLock’s integrated attack validation platform debuts in Gartner AEV categoryNEW YORK, Apr. 21, 2026, CyberNewswire— BreachLock , a global leader in offensive security, today announced it has been named a representative vendor in the 2026 Gartner Market Guide for Adversarial Exposure Validation . This recognition marks the first time … (more…) The p…LASTWATCHDOG.COM
22 AprMicrosoft SharePoint vulnerability widely exposed across multiple countriesThe disclosure comes just weeks after a prior SharePoint flaw was discovered.CYBERSECURITYDIVE.COM
22 AprNew Apple Phishing Scam Uses Fake $899 iPhone Purchase AlertAn Apple account notification has been exploited in a new email phishing attack that comes with a fake iPhone purchase claim. The post New Apple Phishing Scam Uses Fake $899 iPhone Purchase Alert appeared first on TechRepublic .TECHREPUBLIC.COM
22 AprDDoS wave continues as Mastodon hit after Bluesky incidentMastodon suffered a major DDoS attack shortly after a similar incident hit Bluesky. The outage was significant but resolved within a few hours. Mastodon was hit by a major DDoS attack just days after a similar disruption affected Bluesky. Mastodon is a free and open-source softwa…SECURITYAFFAIRS.COM
22 AprApple fixes bug that cops used to extract deleted chat messages from iPhonesThe iPhone and iPad bug allowed law enforcement using forensic tools to read messages that had long been deleted by the Signal app.TECHCRUNCH.COM
22 AprThe leak was only a matter of time.Mythos leaks. The DOD preps a more aggressive cyber strategy. A former FBI cyber official urges homicide charges for hospital ransomware deaths. Lotus Wiper targeted the Venezuelan energy and utilities sector. Over 1,300 SharePoint servers remain unpatched against a spoofing vuln…THECYBERWIRE.COM
21 AprLovable AI App Builder Hit by Reported API Flaw Exposing Thousands of ProjectsThe popular AI application builder, Lovable, is currently facing a massive data breach due to an unpatched API vulnerability. Security researchers have revealed that a critical flaw exposes sensitive project data, source code, and user credentials for any project created on the p…GBHACKERS.COM
21 AprAI-Driven Exploitation Could Shrink Defenders’ Patch WindowAI-powered cyberattacks are entering a new phase, with frontier AI models now capable of autonomously discovering and exploiting software vulnerabilities at unprecedented speed. Unit 42’s hands-on testing reveals that modern AI models are no longer مجرد coding assistants. Instead…GBHACKERS.COM
21 Apr173: TarjeterosIn the streets of the Dominican Republic, a new economy thrives in the shadows. It’s built not on tourism or sugar, but on stolen data. They call them tarjeteros. And they are making a lot of money from stolen credit cards. This is a story about one group of tarjeteros who came t…DARKNETDIARIES.COM
21 AprGitHub Issue Alerts Exploited in OAuth Phishing Scam Targeting DevelopersHackers are abusing GitHub’s own issue-notification emails to phish developers and silently take over their repositories using malicious OAuth applications, effectively turning trusted DevOps tooling into a supply-chain attack vector. Developers are now prime targets because comp…GBHACKERS.COM
21 Apr KEVCISA Alerts Defenders to Exploited Cisco Catalyst SD-WAN Manager Security FlawsThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning to network defenders regarding the active exploitation of Cisco Catalyst SD-WAN Manager. On April 20, 2026, CISA officially added three distinct security flaws affecting the platform to its K…GBHACKERS.COM
21 AprBluesky hit by 24-hour DDoS attack as pro-Iran group claims responsibilityBluesky suffered a 24-hour DDoS attack that caused outages. A pro-Iran hacker group claimed responsibility for the disruption. Bluesky experienced a sophisticated DDoS attack that disrupted its services for about 24 hours, starting on April 15. Bluesky is a decentralized, open-so…SECURITYAFFAIRS.COM
21 AprTop techniques attackers use to infiltrate your systems todayMuch of the talk around cybersecurity these days revolves around AI and the threat it poses to corporate systems when used by nefarious actors. But the reality on the ground remains a little more mundane than polymorphic AI malware and criminal masterminds putting machine learnin…CSOONLINE.COM
21 AprThe thin gray line: Handala, CyberAv3ngers and Iran’s proxy opsOn April 7, six US government agencies issued a critical advisory warning domestic private sector organizations of potential infrastructural cyberattacks conducted by Iranian-affiliated Advanced Persistent Threat (APT) actors. The advisory stops short of attributing these threats…CSOONLINE.COM
21 AprThe Human Aspect of Red Teams - Brian Fox, Tom Tovar, T. Gwyddon 'Data' Owen - ASW #379Red team exercises set goals to see if a particular outcome can be accomplished through a simulated attack, but the ultimate outcome should be educating the org about how to improve tools and processes that make attacks more difficult to succeed. Gwyddon "Data" Owen shares his ex…YOUTUBE.COM
21 AprVercel Confirms Cyber Incident After Sophisticated Attacker Exploits Third‑Party ToolCloud app developer Vercel appears to have suffered a security breachINFOSECURITY-MAGAZINE.COM
21 AprMicrosoft spots Sapphire Sleet macOS attack using AppleScript and social engineeringA new macOS-focused cyber campaign linked to the North Korean threat actor Sapphire Sleet, highlighting how attackers are increasingly relying on social engineering rather than software vulnerabilities to compromise systems. Rather than exploiting security flaws, the attackers ma…GBHACKERS.COM
21 AprWhy identity is the driving force behind digital transformationIdentity centric technologies have undergone a significant transformation in recent times. Gone are the days when it was all about logging in and out of any given system. Today, identity has become the backbone of all digital enterprises. It’s the ‘invisible engine’ that powers e…CSOONLINE.COM
21 AprMythos can find the vulnerability. It can’t tell you what to do about it.Anthropic’s new model can find vulnerabilities faster and cheaper than ever. The hardest part is still everything that comes after. The post Mythos can find the vulnerability. It can’t tell you what to do about it. appeared first on CyberScoop .CYBERSCOOP.COM
21 AprNo Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based AttacksThe cybersecurity industry has spent the last several years chasing sophisticated threats like zero-days, supply chain compromises, and AI-generated exploits. However, the most reliable entry point for attackers still hasn't changed: stolen credentials. Identity-based attacks rem…THEHACKERNEWS.COM
21 AprGoogle Patches Antigravity IDE Flaw Enabling Prompt Injection Code ExecutionCybersecurity researchers have discovered a vulnerability in Google's agentic integrated development environment (IDE), Antigravity, that could be exploited to achieve code execution. The flaw, since patched, combines Antigravity's permitted file-creation capabilities with an ins…THEHACKERNEWS.COM
21 AprUK probes Telegram and other chat apps over child safety failuresThe UK’s communications regulator Ofcom has opened formal investigations into Telegram, Teen Chat, and Chat Avenue over concerns they are failing to prevent the spread of child sexual abuse material (CSAM) and protect minors from online grooming. The enforcement action follows ev…CYBERINSIDER.COM
21 AprPrompt injection turned Google’s Antigravity file search into RCESecurity researchers have revealed a prompt injection flaw in Google’s Antigravity IDE that could be weaponized to bypass its sandbox protections and achieve remote code execution (RCE). The issue came from Antigravity’s ability to allow AI agents to invoke native functions, like…CSOONLINE.COM
21 AprThe Vercel breach started at a tool nobody was watchingsubmitted by codeinabox to security 1 points | 0 comments https://siddhantkhare.com/writing/vercel-breach-oauth-blast-radiusPROGRAMMING.DEV
21 AprAlert: WhatsApp Phishing Campaign Delivers MalwareA new phishing campaign is using WhatsApp messages to deliver malware, according to researchers at Microsoft. The attackers are attempting to trick users into installing malicious Visual Basic Script (VBS) files. “The campaign relies on a combination of social engineering and liv…KNOWBE4.COM
21 AprPhishing and MFA exploitation: Targeting the keys to the kingdomIn 2025, attackers increasingly targeted weaknesses in multi-factor authentication (MFA) workflows, and phishing attacks leveraged valid, compromised credentials to launch lures from trusted accounts. The trends focused entirely on trust, or the lack thereof, in everyday business…TALOSINTELLIGENCE.COM
21 AprCloud platform Vercel says company breached through third-party AI toolVercel released a statement acknowledging a breach and warning a “limited subset of customers” that their Vercel credentials were compromised.THERECORD.MEDIA
21 Apr22 BRIDGE:BREAK Flaws Expose 20,000 Lantronix and Silex Serial-to-IP ConvertersCybersecurity researchers have identified 22 new vulnerabilities in popular models of serial-to-IP converters from Lantronix and Silex that could be exploited to hijack susceptible devices and tamper with data exchanged by them. The vulnerabilities have been collectively codename…THEHACKERNEWS.COM
21 AprCISA confirms exploitation of 3 more Cisco networking device vulnerabilitiesCisco revealed six critical flaws in widely used products in February. The government has now seen evidence that hackers are abusing four of them.CYBERSECURITYDIVE.COM
21 AprThe Ungoverned Workforce: Cybersecurity Insiders Finds 92% Lack Visibility Into AI IdentitiesWashington D.C., USA, April 21st, 2026, CyberNewswire Cybersecurity Insiders, in collaboration with Saviynt, has released new research indicating that AI identities are increasingly operating within core enterprise systems, often without established governance or visibility. The …GBHACKERS.COM
21 AprSecurity Game Isn’t FairIn cybersecurity, attackers and defenders are often described as unequal—but not always in the way people assume. Defenders shape the environment: they define the rules, deploy layered defenses, and control the systems attackers must navigate. This creates a fundamentally asymmet…YOUTUBE.COM
21 AprMozilla: Anthropic's Mythos found 271 zero-day vulnerabilities in Firefox 150CTO says new AI model is "every bit as capable" as world's best security researchers.ARSTECHNICA.COM
21 AprRobosawmill, Gentleman, Vercel, GitHub, Claude, RS232, Josh Marpet, and More... - SWN #574Robosawmill, Gentleman, Vercel, GitHub, Claude, RS232, Josh Marpet, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-574YOUTUBE.COM
21 AprOracle April 2026 Critical Patch Update Addresses 241 CVEsOracle addresses 241 CVEs in its second quarterly update of 2026 with 481 patches, including 34 critical updates. Key takeaways: The second Critical Patch Update (CPU) for 2026 contains fixes for 241 unique CVEs in 481 security updates 34 issues (7.1% of all patches) were …TENABLE.COM
21 AprFormer DigitalMint ransomware negotiator pleads guilty to extortion schemeAngelo Martino helped accomplices extort a combined $75.3 million in ransom payments from five victim companies. The post Former DigitalMint ransomware negotiator pleads guilty to extortion scheme appeared first on CyberScoop .CYBERSCOOP.COM
20 Aprdeleteduser.com - a $15 Personally Identifiable Information (PII) Magnetsubmitted by artwork to cybersecurity 4 points | 0 comments https://mike-sheward.medium.com/deleteduser-com-a-15-pii-magnet-c4396eb21061 …deleting records could cause big problems. Referential integrity across database tables simply wouldn’t allow it… it would cause a resonance c…SH.ITJUST.WORKS
20 AprVercel Breach Tied to Context AI Hack Exposes Limited Customer CredentialsWeb infrastructure provider Vercel has disclosed a security breach that allows bad actors to gain unauthorized access to "certain" internal Vercel systems. The incident stemmed from the compromise of Context.ai, a third-party artificial intelligence (AI) tool, that was used by an…THEHACKERNEWS.COM
20 AprVercel Reports Data Breach Amid Claims of Compromised Internal InfrastructureAccording to a recent security bulletin published by Vercel, the cloud platform company has suffered a data breach involving unauthorized access to its internal infrastructure. The incident, which was updated on April 20, 2026, highlights the growing risks associated with third-p…GBHACKERS.COM
20 AprQEMU Hijacked as Stealth Backdoor for Credential Theft, RansomwareAttackers are increasingly abusing QEMU virtual machines to hide credential theft and ransomware staging inside “invisible” virtual environments, making detection and forensics significantly harder for defenders. QEMU is a legitimate open-source emulator and virtualizer that allo…GBHACKERS.COM
20 AprCritical Gardyn Flaws Open Smart Garden Devices to Remote HijackingA recently updated advisory from the Cybersecurity and Infrastructure Security Agency (CISA) has revealed severe vulnerabilities in Gardyn Home Kit systems. These critical flaws carry a maximum CVSS score of 9.3 and could allow malicious actors to hijack smart gardening devices r…GBHACKERS.COM
20 AprHandling the CVE Flood With EPSS, (Mon, Apr 20th)Every morning, security people around the world face the same ritual: opening their vulnerability feed to find a lot of new CVE entries that appeared overnight. Over the past decade, this flood has become a defining challenge of modern defensive security. Some numbers[ 1 &#x…ISC.SANS.EDU
20 AprUngepatchte Windows-Zero-Days RedSun, UnDefend und BlueHammer werden attackiertDie Zero-Day-Lücken im Windows Defender mit den Namen BlueHammer, RedSun und UnDefend werden offenbar attackiert.HEISE.DE
20 AprAI Model Claude Opus turns bugs into exploits for just $2,283Claude Opus created a working Chrome exploit for $2,283, showing that widely available AI models can already find and weaponize vulnerabilities. Claude Opus managed to produce a functional Chrome exploit for just $2,283, raising concerns about how easily AI can be used to find an…SECURITYAFFAIRS.COM
20 AprAngriff auf Next.js-Hersteller Vercel: Kundendaten abgegriffenInterne Vercel-Systeme und damit auch Kundendaten wurden in einem Security-Vorfall kompromittiert. Ein externes KI-Tool diente als Einfallstor.HEISE.DE
20 AprMaking AI actually work in the enterprise and more RSAC Conference 2026 interviews - A... - ESW #455Interview with Jim Spignardo What does it take to build AI workflows that work? Why do so many fail? Jim isn’t a typical ESW guest. I think it’s essential for security folks to regularly step outside the security bubble and understand other perspectives and mindsets. That’s what …YOUTUBE.COM
20 AprAnthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply ChainCybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) architecture that could pave the way for remote code execution and have a cascading effect on the artificial intelligence (AI) supply chain. "This flaw enables Arbitrar…THEHACKERNEWS.COM
20 AprCISOs reshape their roles as business risk strategistsNitin Raina ’s career history resembles that of many CISOs: He worked in IT infrastructure, operations, and services before moving into security and advancing through the ranks. He’s now global chief information security officer at technology consultancy Thoughtworks. But in a le…CSOONLINE.COM
20 AprNetwork ‘background noise’ may predict the next big edge-device vulnerabilityGreyNoise researchers spotted a consistent trend in forthcoming vulnerabilities affecting security tools, providing defenders an early-warning system for likely imminent attacks. The post Network ‘background noise’ may predict the next big edge-device vulnerability appeared first…CYBERSCOOP.COM
20 AprFracturing Software Security With Frontier AI ModelsUnit 42 finds frontier AI models enhance vulnerability discovery, acting as full-spectrum security researchers. They enable autonomous zero-day discovery and faster N-day patching. The post Fracturing Software Security With Frontier AI Models appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
20 AprThird-party AI hack triggers Vercel breach, internal environments accessedVercel suffered a breach after a hacked Context.ai tool exposed an employee account, letting attackers access limited internal systems and non-sensitive data. Vercel reported a security breach caused by the compromise of a third-party AI tool, Context.ai, used by one of its emplo…SECURITYAFFAIRS.COM
20 AprAnthropic MCP Hit by Critical Vulnerability Enabling Remote Code ExecutionA critical, systemic vulnerability discovered in Anthropic’s Model Context Protocol (MCP) has exposed over 150 million downloads and up to 200,000 servers to complete takeover, according to research published April 15, 2026, by the OX Security Research team. The flaw enable…GBHACKERS.COM
20 Apr KEVThree Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatchedsubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2026/04/three-microsoft-defender-zero-days.htmlSH.ITJUST.WORKS
20 AprAttackers abuse Microsoft Teams to impersonate the IT helpdesk in a new enterprise intrusion playbookAttackers are increasingly exploiting enterprise collaboration platforms such as Microsoft Teams to gain initial access, impersonating IT helpdesk staff and persuading employees to grant remote control, according to new research from Microsoft. In a blog post , Microsoft describe…CSOONLINE.COM
20 AprHackers exploit Vercel’s trust in AI integrationFrontend cloud platform Vercel, the creator of Next.js and Turbo.js, has warned about a data breach after a compromised third-party AI application abused OAuth to access its internal systems. A Vercel employee used the third party app, identified as Context.ai , which allowed the…CSOONLINE.COM
20 Apr KEVCISA flags Apache ActiveMQ flaw as actively exploited in attackssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/cisa-flags-apache-activemq-flaw-as-actively-exploited-in-attacks/SH.ITJUST.WORKS
20 AprVercel confirms breach as hackers claim to be selling stolen datasubmitted by kid to cybersecurity 3 points | 0 comments https://www.bleepingcomputer.com/news/security/vercel-confirms-breach-as-hackers-claim-to-be-selling-stolen-data/SH.ITJUST.WORKS
20 AprGh0st RAT, CloverPlus Hit Victims in Dual-Malware CampaignA new malware campaign is bundling a powerful remote access trojan (RAT) with intrusive adware, giving attackers both long-term control of infected systems and an immediate revenue stream from fraudulent advertising activity. The loader hides two encrypted payloads in its resourc…GBHACKERS.COM
20 AprShowDoc Vulnerability Patched in 2020 Now Used in Active Server Takeoverssubmitted by kid to cybersecurity 4 points | 0 comments https://hackread.com/showdoc-vulnerability-patch-2020-server-takeover/SH.ITJUST.WORKS
20 Apr⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & MoreMonday’s recap shows the same pattern in different places. A third-party tool becomes a way in, then leads to internal access. A trusted download path is briefly swapped to deliver malware. Browser extensions act normally while pulling data and running code. Even update channels …THEHACKERNEWS.COM
20 AprApp host Vercel says it was hacked and customer data stolenVercel blamed its breach on an earlier hack at Context AI, which allowed hackers to hijack a Vercel employee's account to steal customer data.TECHCRUNCH.COM
20 AprAI Agents Are Insider RiskAI agents and chatbots are increasingly integrated into systems with access to data and services. However, they often lack traditional identity controls like MFA and may not be fully monitored. Without visibility and restrictions, these agents can behave like unmanaged insiders—a…YOUTUBE.COM
20 AprFireside Chat: PKI has carried digital trust through every tech advance—now comes the hardest onePublic key infrastructure — the authentication and encryption framework that has held digital commerce together through every chaotic leap forward in technology — is facing a double whammy. Related: Achieveing AI security won’t be easy Autonomous AI agents are f…LASTWATCHDOG.COM
20 AprVulnerability exploitation surges often precede disclosure, offering possible early warningsOrganizations can get ahead of major flaws with the right threat intelligence, according to a new report.CYBERSECURITYDIVE.COM
20 AprVercel systems targeted after third-party tool compromisedAn employee using a consumer app was breached after granting too many permissions.CYBERSECURITYDIVE.COM
20 AprCloud development platform Vercel confirms breach.White House officials meet with Anthropic CEO over Mythos concerns. Scattered Spider hacker pleads guilty.THECYBERWIRE.COM
20 Apr2026’s Breach List So Far: FBI Hacked, 1B Androids at Risk, 270M iPhones VulnerableFrom the FBI breach to the DarkSword iPhone exploit, these are the biggest cyber attacks and security failures that have shaped 2026 so far. The post 2026’s Breach List So Far: FBI Hacked, 1B Androids at Risk, 270M iPhones Vulnerable appeared first on TechRepublic .TECHREPUBLIC.COM
20 AprVercel Confirms Major Security Incident as Hacker Claims $2M Ransom DemandVercel confirms a security incident after a threat actor claims internal access and demands a $2M ransom, raising concerns about API keys, CI/CD pipelines, and cloud security. The post Vercel Confirms Major Security Incident as Hacker Claims $2M Ransom Demand appeared first on Te…TECHREPUBLIC.COM
20 AprSurvey: Security Leaders Emphasize Need for Workforce EducationA new survey from LevelBlue has found that a majority of Chief Technology Officers (CTOs) believe the human-related elements of their cybersecurity strategies are falling short. These concerns are exacerbated by the emergence of new threats, such as AI-assisted attacks.KNOWBE4.COM
20 AprMicrosoft Defender Flaws Exploited on Windows, Two Left UnpatchedAlthough the team with Microsoft moved swiftly to patch the BlueHammer vulnerability, other exploits still threaten Microsoft Defender and Windows users. The post Microsoft Defender Flaws Exploited on Windows, Two Left Unpatched appeared first on TechRepublic .TECHREPUBLIC.COM
20 AprThe MCP Disclosure Is the AI Era’s ‘Open Redirect’ MomentThe MCP flaw reveals a systemic AI security gap, exposing enterprise systems to supply chain attacks and forcing a shift toward data-layer governance. The post The MCP Disclosure Is the AI Era’s ‘Open Redirect’ Moment appeared first on TechRepublic .TECHREPUBLIC.COM
20 AprWhen one weak link is enough.Cloud platform Vercel confirms a data breach. Microsoft releases emergency updates to fix Windows Server restart loops. Bluesky gets DDoSed. Insurers keep close watch on an AI hiring discrimination suit. Cybersecurity workforce turnover rises. Scammers abuse Apple’s email notific…THECYBERWIRE.COM
20 AprThe FTC’s AI portfolio is about to get biggerThe commission is preparing to enforce key parts of a new law against sexual deepfakes and searching for ways to block AI-driven scamming using voice clones. The post The FTC’s AI portfolio is about to get bigger appeared first on CyberScoop .CYBERSCOOP.COM
20 AprVercel’s security breach started with malware disguised as Roblox cheatsThe attack, which originated at Context.ai, showcases the pitfalls of interconnected cloud applications and SaaS integrations with overly privileged permissions. The post Vercel’s security breach started with malware disguised as Roblox cheats appeared first on CyberScoop .CYBERSCOOP.COM
20 AprSmall Banks at Risk of CollapseStablecoins could be used to inject large amounts of perceived “equity” into small community banks, even though that capital may not be واقعی or stable. If banks treat this as real money, they could start issuing loans based on unstable or fraudulent backing. That creates a syste…YOUTUBE.COM
20 AprVuln in Google’s Antigravity AI agent manager could escape sandbox, give attackers remote code executionGoogle’s highest security setting for its agents runs command operations through a sandbox and throttles network access, but is still vulnerable to prompt injection. The post Vuln in Google’s Antigravity AI agent manager could escape sandbox, give attackers remote code execution …CYBERSCOOP.COM
19 AprVercel confirms security incident as hackers claim to sell internal accessVercel has disclosed a security incident involving unauthorized access to parts of its internal systems, as a threat actor simultaneously claims to be selling access keys, source code, and database information allegedly linked to the company. The incident was confirmed on April 1…CYBERINSIDER.COM
18 AprClaude Opus wrote a Chrome exploit for $2,283submitted by cm0002 to cybersecurity 3 points | 0 comments https://www.theregister.com/2026/04/17/claude_opus_wrote_chrome_exploit/INFOSEC.PUB
18 AprCybersecurity Today Month in Review of March/April 2026Cybersecurity Today Month-in-Review: RSAC AI Hype, Agentic Risks, Mythos Claims, and Real-World Resilience Jim Love hosts a delayed March month-in-review with panelists David Shipley and Laura Payne, starting with RSAC takeaways: agentic AI everywhere, heightened marketing specta…CYBERSECURITYTODAY.LIBSYN.COM
18 AprMicrosoft Defender under attack as three zero-days, two of them still unpatched, enable elevated accessAttackers exploit three Microsoft Defender zero-days, code-named BlueHammer, RedSun, and UnDefend, to gain elevated access. Attackers are exploiting three recently disclosed zero-day flaws in Microsoft Defender to gain higher privileges on compromised systems. The vulnerabilities…SECURITYAFFAIRS.COM
18 AprNexcorium Mirai variant exploits TBK DVR flaw to launch DDoS attacksA Mirai variant called Nexcorium exploits a flaw in TBK DVRs to infect devices and use them in DDoS attacks, along with outdated TP-Link routers. Fortinet researchers found that threat actors are exploiting vulnerabilities in TBK DVRs and end-of-life TP-Link routers to spread a M…SECURITYAFFAIRS.COM
18 AprResearcher Claims Claude Opus Enabled Creation of Working Chrome ExploitA security researcher has shown that Anthropic’s Claude Opus can help build a working browser exploit chain against Google Chrome’s V8 engine, raising fresh concerns about how quickly AI can speed up offensive security work. The experiment was published by Mohan Pedhapati, also k…GBHACKERS.COM
18 AprHidden VMs: how hackers leverage QEMU to stealthily steal data and spread malwareAttackers abuse QEMU to hide malware in virtual machines, bypass detection, steal data, and deploy ransomware without leaving any trace. Sophos researchers report a rise in attackers abusing QEMU, an open-source emulator, to hide malicious activity inside virtual machines. By run…SECURITYAFFAIRS.COM
17 AprOperation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal AccountsAn international law enforcement operation has taken down 53 domains and arrested four people in connection with commercial distributed denial-of-service (DDoS) operations that were used by more than 75,000 cybercriminals. The ongoing effort, dubbed Operation PowerOFF, disrupted …THEHACKERNEWS.COM
17 AprFake Zoom SDK Update Spreads Sapphire Sleet Malware in New macOS Attack ChainA sophisticated macOS-focused cyber campaign orchestrated by the North Korean threat actor Sapphire Sleet, revealing a shift toward social engineering over traditional software exploitation. Instead of relying on vulnerabilities, the attackers trick users into executing malicious…GBHACKERS.COM
17 AprCritical Flowise Flaw Enables Remote Command Execution via MCP AdaptersOX Security researchers have uncovered a critical, systemic vulnerability built directly into the architecture of Anthropic’s Model Context Protocol (MCP). As the industry standard for AI agent communication, this foundational flaw exposes systems to Arbitrary Command Execution (…GBHACKERS.COM
17 AprGoogle Deploys Gemini AI to Stop Threat Actors, Blocking 8.3 Billion AdsGoogle has significantly escalated its fight against cybercriminals, deploying its advanced Gemini AI to neutralize malicious advertising campaigns. By leveraging generative AI, the tech giant intercepted more than 99% of these harmful advertisements before they ever reached end …GBHACKERS.COM
17 AprAmtrak - 2,147,679 breached accountsIn April 2026, the hacking group ShinyHunters claimed they had breached Amtrak . The group typically compromises organisations' Salesforce instances before demanding a ransom and later, if not paid, dumping the data publicly. They subsequently published the alleged data which con…HAVEIBEENPWNED.COM
17 AprLocal area network anonymity hardening tool for Linuxsubmitted by Nikolas5476 to cybersecurity 4 points | 0 comments Source code and details: github.com/nikolas-trey/LANGhost Description LANGhost is a Linux anonymity hardening layer for systems managed by NetworkManager. It minimizes identity leakage across multiple network surface…SH.ITJUST.WORKS
17 AprPalo Alto’s Helmut Reisinger sees a cyber sea change ahead as AI advancesIn two decades, Palo Alto Networks has evolved from a next-generation niche player to one of the largest global cybersecurity giants today. Under its mantra of “platformization,” the company has catapulted its revenues over its closest competitors and boosted its stock valuation …CSOONLINE.COM
17 AprMythos and CybersecurityLast week, Anthropic pulled back the curtain on Claude Mythos Preview , an AI model so capable at finding and exploiting software vulnerabilities that the company decided it was too dangerous to release to the public. Instead, access has been restricted to roughly 50 organization…SCHNEIER.COM
17 AprTails 7.6.2 patches vulnerability that could expose saved files - Help Net Securitysubmitted by kid to cybersecurity 4 points | 0 comments https://www.helpnetsecurity.com/2026/04/16/tails-vulnerability-expose-saved-files/SH.ITJUST.WORKS
17 AprWe beat Google’s zero-knowledge proof of quantum cryptanalysisTwo weeks ago, Google’s Quantum AI group published a zero-knowledge proof of a quantum circuit so optimized, they concluded that first-generation quantum computers will break elliptic curve cryptography keys in as little as 9 minutes. Today, Trail of Bits is publishing our own ze…TRAILOFBITS.COM
17 AprSEO Poisoning Attack Uses Microsoft Binary to Install RMM ToolNew research has exposed a search engine poisoning campaign that delivers a trojanized TestDisk installer, abuses a Microsoft-signed binary for DLL sideloading, and silently deploys the ScreenConnect remote monitoring and management (RMM) client for hands-on keyboard access. The …GBHACKERS.COM
17 AprOperation PowerOFF Knocks Out 75,000 DDoS Attackers and Over 50 Service DomainsA major international law enforcement campaign has hit the DDoS-for-hire ecosystem, warning more than 75,000 suspected users and disrupting the infrastructure that helped power online attacks around the world. Backed by Europol, Operation PowerOFF brought together authorities fro…GBHACKERS.COM
17 AprWhite House moves to give federal agencies access to Anthropic’s Claude MythosThe US government is preparing to authorize a version of Anthropic’s Claude Mythos model for use by major US federal agencies, amid concerns that the AI model could rapidly spot cybersecurity vulnerabilities and offer the ability to exploit them. Federal Chief Information Officer…CSOONLINE.COM
17 AprHackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Facesubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/hackers-exploit-marimo-flaw-to-deploy-nkabuse-malware-from-hugging-face/SH.ITJUST.WORKS
17 Apr KEVThree Microsoft Defender Zero-Days Actively Exploited; Two Still UnpatchedHuntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems. The activity involves the exploitation of three vulnerabilities that are codenamed BlueHammer (requires Git…THEHACKERNEWS.COM
17 AprPowMix botnet targets Czech workforcesubmitted by kid to cybersecurity 2 points | 0 comments https://blog.talosintelligence.com/powmix-botnet-targets-czech-workforce/SH.ITJUST.WORKS
17 AprOperation PowerOFF: 53 DDoS domains seized and 3 Million criminal accounts uncoveredOperation PowerOFF shut down 53 DDoS-for-hire domains, arrested four suspects, and exposed data on over 3 million criminal user accounts. Operation PowerOFF is an international law enforcement action that dismantled 53 domains linked to DDoS-for-hire services used by over 75,000 …SECURITYAFFAIRS.COM
17 AprPen Test Took Down Campus WiFiA routine Nmap scan against a Cisco wireless LAN controller caused a full outage of a college’s Wi-Fi network. The issue was later confirmed as a denial-of-service vulnerability and patched. Even standard security testing techniques can trigger real outages when systems have hidd…YOUTUBE.COM
17 AprWe Reproduced Anthropic's Mythos Findings With Public Modelssubmitted by codeinabox to security 3 points | 0 comments https://blog.vidocsecurity.com/blog/we-reproduced-anthropics-mythos-findings-with-public-models Anthropic presents Mythos and Project Glasswing as evidence that advanced AI vulnerability research should be restricted. But …PROGRAMMING.DEV
17 AprInditex confirms third-party breach as hackers threaten Zara data leakInditex, the owner of Zara, has disclosed a data breach linked to a former technology provider, stating that no customer data was exposed. However, the ShinyHunters extortion group has since listed Zara on its leak site, claiming it will publish stolen data within days. The Spani…CYBERINSIDER.COM
17 Apr KEVNew “RedSun” Windows Defender zero-day exploited in the wildA newly disclosed Windows zero-day vulnerability dubbed “RedSun” is being actively exploited in the wild, allowing attackers to gain SYSTEM privileges by abusing Microsoft Defender. The vulnerability was publicly disclosed by the researcher “Nightmare-Eclipse,” who also released …CYBERINSIDER.COM
17 AprHackers are abusing unpatched Windows security flaws to hack into organizationsA security researcher published details of three security vulnerabilities in Windows Defender, and the code used to exploit them. Now, hackers are taking advantage of the vulnerabilities in real life attacks, according to a cybersecurity firm.TECHCRUNCH.COM
17 Apr KEVThree Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatchedsubmitted by monica_b1998 to cybersecurity 7 points | 0 comments https://thehackernews.com/2026/04/three-microsoft-defender-zero-days.html?m=1INFOSEC.PUB
17 AprFlawed Cisco update threatens to stop APs from getting further patchesCisco admins are scrambling to patch a critical flash memory overflow vulnerability in over 200 Cisco Systems IOS XE-based models of wireless access points (APs), caused by a recent flawed software update. If the issue is not corrected quickly, the AP’s memory will become so floo…CSOONLINE.COM
17 Apr KEVTemporary fix for Section 702.The House extends Section 702, for now. Mythos raises fresh cyber risk concerns. CISA warns of reduced capacity. ZionSiphon targets Israeli water systems. Operation PowerOFF hits DDoS-for-hire networks. CISA flags an actively exploited ActiveMQ flaw. WordPress plugin supply chain…THECYBERWIRE.COM
17 AprSecuring autonomous AI at scale with Arvind (Nitro) Nithrakashyap from RubrikArvind (Nitro) Nithrakashyap, CTO and Co-Founder of Rubrik joins Dave Bittner on the CyberWire Daily podcast for a sponsored Industry Voices at the RSAC Conference 2026. He explores the rise of “AI sprawl,” the challenges of securing autonomous agents at scale, and what organizat…THECYBERWIRE.COMHTTPS:
16 AprMcGraw Hill - 13,500,136 breached accountsIn April 2026, education company McGraw Hill confirmed a data breach following an extortion attempt . Attributed to a Salesforce misconfiguration, the company stated the incident exposed "a limited set of data from a webpage hosted by Salesforce on its platform". More than 100GB …HAVEIBEENPWNED.COM
16 AprKonform Browser - Open source web browser taking privacy, security and freedom to the next levelsubmitted by ken to cybersecurity 8 points | 1 comments https://codeberg.org/konform-browser/ Would like to share this FLOSS project been working on for a while now and hope that is cool with you all! Was not satisfied with status quo on browser options for our use-cases and need…SH.ITJUST.WORKS
16 AprWho is winning the scam game?This week, hosts of N2K CyberWire Maria Varmazis and Dave Bittner alongside …THECYBERWIRE.COM
16 AprAI Content Hijacks Google Discover to Deliver Malicious AlertsA new large-scale cyber operation is exploiting Google’s Discovery feed to spread malicious notifications and scams through AI-generated content. Pushpaganda begins with threat actors creating around 113 fake domains filled with AI-written articles and clickbait headlines. These …GBHACKERS.COM
16 AprUAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware CampaignThe Computer Emergencies Response Team of Ukraine (CERT-UA) has disclosed details of a new campaign that has targeted governments and municipal healthcare institutions, mainly clinics and emergency hospitals, to deliver malware capable of stealing sensitive data fr…THEHACKERNEWS.COM
16 Apr KEVCisco FMC Zero-Day Among 31 High-Impact Vulnerabilities Exploited in March31 high-impact vulnerabilities were actively exploited in March 2026, with a Cisco firewall zero-day abused by the Interlock ransomware group emerging as one of the most dangerous threats to enterprise networks. Affected vendors span core enterprise and developer ecosystems, incl…GBHACKERS.COM
16 AprChrome Privacy Vulnerability Exposes Users via Fingerprinting and Header LeaksA new technical review of Google Chrome’s privacy posture shows that modern tracking no longer depends only on cookies, because websites can combine browser fingerprinting, storage tricks, and HTTP header leaks to identify users with surprising accuracy. Chrome has reduced some o…GBHACKERS.COM
16 AprCritical Cisco ISE Flaws Let Remote Attackers Execute Malicious CodeNetworking giant Cisco has issued an urgent security advisory warning of two newly discovered vulnerabilities impacting its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). Cisco Identity Services Engine (ISE) is a widely deployed security policy manag…GBHACKERS.COM
16 AprSniffnet 1.5: Welches Programm funkt nach Hause?Der Open-Source-Netzwerkmonitor Sniffnet ordnet Traffic nun einzelnen Programmen zu. Version 1.5.0 bringt zudem Blacklists und Adapter-Vorschauen.HEISE.DE
16 AprHuman Trust of AI AgentsInteresting research: “ Humans expect rationality and cooperation from LLM opponents in strategic games .” Abstract: As Large Language Models (LLMs) integrate into our social and economic interactions, we need to deepen our understanding of how humans respond to LLMs …SCHNEIER.COM
16 AprHackers Exploit n8n Webhooks to Spread MalwareA new abuse campaign targeting AI-driven workflow automation platforms particularly n8n that turns legitimate automation tools into powerful malware delivery systems. Between October 2025 and March 2026, security analysts observed a sharp surge in phishing emails that weaponized …GBHACKERS.COM
16 AprThe endless CISO reporting line debate — and what it says about cybersecurity leadershipIt is difficult to understand why, in 2026, we are still debating the reporting line of the chief information security officer (CISO). It is one of the first topics I wrote about in 2015 , and after more than two decades of high-profile cyber incidents, sustained regulatory press…CSOONLINE.COM
16 AprPowMix botnet targets Czech workforceCisco Talos discovered an ongoing malicious campaign, operating since at least December 2025, affecting a broader workforce in the Czech Republic with a previously undocumented botnet we call “PowMix.”TALOSINTELLIGENCE.COM
16 Apr KEVDefending Your Enterprise When AI Models Can Find Vulnerabilities Faster Than EverIntroduction Advances in AI model-powered exploitation have demonstrated that general-purpose AI models can excel at vulnerability discovery, even without being purpose-built for the task. Eventually, capabilities such as these will be integrated directly into the development cyc…CLOUD.GOOGLE.COM
16 AprFake ProtonVPN, game mod sites spread NWHStealer in new Windows malware campaignMultiple ongoing malware campaigns are distributing a powerful information-stealing trojan, tracked as NWHStealer, through fake VPN installers, gaming mods, and system tools. Unlike typical phishing campaigns, these attacks exploit users’ trust in popular software. Threat actors …GBHACKERS.COM
16 Apr KEVMicrosoft’s Windows Recall still allows silent data extractionMicrosoft’s Windows Recall feature remains vulnerable to complete data extraction despite a major security overhaul, according to a cybersecurity researcher who says malware running in a user’s context can quietly siphon off everything Recall has captured, without administrator p…CSOONLINE.COM
16 AprMicrosoft, Salesforce Patch AI Agent Data Leak Flawssubmitted by kid to cybersecurity 5 points | 0 comments https://www.darkreading.com/cloud-security/microsoft-salesforce-patch-ai-agent-data-leak-flawsSH.ITJUST.WORKS
16 AprPHP Composer flaws enable remote command execution via Perforce VCSsubmitted by kid to cybersecurity 7 points | 0 comments https://securityaffairs.com/190824/security/php-composer-flaws-enable-remote-command-execution-via-perforce-vcs.htmlSH.ITJUST.WORKS
16 AprThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More StoriesYou know that feeling when you open your feed on a Thursday morning and it's just... a lot? Yeah. This week delivered. We've got hackers getting creative in ways that are almost impressive if you ignore the whole "crime" part, ancient vulnerabilities somehow still ruining people'…THEHACKERNEWS.COM
16 AprVom BlueHammer-Autor: Neuer Windows-Zeroday verschafft AdminrechteDer Exploit nutzt ausgerechnet ein unsicheres Verhalten des Windows Defender und eines Datei-API, um sich Systemrechte zu sichern. Er ist noch ungepatcht.HEISE.DE
16 AprAI platform n8n abused for stealthy phishing and malware deliveryAttackers abuse AI automation platform n8n to run phishing campaigns, deliver malware, and evade security by using trusted infrastructure. Threat actors are exploiting the popular AI workflow automation platform n8n to launch advanced phishing campaigns, deliver malware, and coll…SECURITYAFFAIRS.COM
16 AprEU’s official age verification app found exposing sensitive user dataThe European Commission has unveiled its official age-verification app, presenting it as a privacy-preserving, open-source solution to protect minors online. Within hours of its release, however, security researchers reported critical flaws that could expose biometric data and al…CYBERINSIDER.COM
16 AprFake Proton VPN sites are pushing NWHStealer malware to Windows usersA newly uncovered malware campaign is leveraging fake Proton VPN websites, alongside gaming mods and utility tools, to distribute a Windows infostealer known as NWHStealer. According to Malwarebytes, which documented the activity, attackers rely on a mix of deceptive websites, op…CYBERINSIDER.COM
16 AprNewly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 TrafficCybersecurity researchers have warned of an active malicious campaign that's targeting the workforce in the Czech Republic with a previously undocumented botnet dubbed PowMix since at least December 2025. "PowMix employs randomized command-and-control (C2) beaconing int…THEHACKERNEWS.COM
16 AprEU’s official age verification app found exposing sensitive user data; also EU Age Verification can be bypassed using their own infrastructuresubmitted by beep to cybersecurity 28 points | 2 comments https://video.twimg.com/amplify_video/2044718576485953536/vid/avc1/996x2160/hyLmEHaGr6DltAA6.mp4 Hacking the EU Age Verification app in under 2 minutes. During setup, the app asks you to create a PIN. After entry, the app …INFOSEC.PUB
16 AprThe Q1 vulnerability pulseThor provides an overview of the Q1 2026 vulnerability statistics, highlighting key trends in legacy CVEs and the evolving impact of AI on the threat landscape.TALOSINTELLIGENCE.COM
16 AprFoxit, LibRaw vulnerabilitiesCisco Talos’ Vulnerability Discovery & Research team recently disclosed one Foxit Reader vulnerability, and six LibRaw file reader vulnerabilities. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco&…TALOSINTELLIGENCE.COM
16 AprBeating the Mythos clock: Using Tenable Hexa AI custom agents for automated patchingSee how Tenable Hexa AI custom agents empower you to counter machine-speed threats by automating vulnerability remediation. Learn how the Model Context Protocol (MCP) automates execution of risk-driven patching workflows, shifting your strategy from reactive tracking to continuou…TENABLE.COM
16 AprMcGraw-Hill Confirms Data Exposure, Hackers Claim 45M Salesforce Records LeakedMcGraw-Hill confirms a data exposure tied to a Salesforce misconfiguration as hackers claim 45M records, raising concerns over SaaS security risks. The post McGraw-Hill Confirms Data Exposure, Hackers Claim 45M Salesforce Records Leaked appeared first on TechRepublic .TECHREPUBLIC.COM
16 AprRCE by design: MCP architectural choice haunts AI agent ecosystemAI agent building tools enable users to configure Model Context Protocol (MCP) servers may be exposing systems to remote code execution due to an architectural decision in Anthropic’s reference implementation. At issue are unsafe defaults in how MCP configuration works over the S…CSOONLINE.COM
16 AprWhen “No Exploit” Becomes OneSecurity teams sometimes rank vulnerabilities lower if no exploit exists or if exploitation seems difficult. That assumption is often based on current knowledge—like proof-of-concept code or known exploitation in the wild. This approach can fail fast. Exploits can appear suddenly…YOUTUBE.COM
16 AprThe AI "Vulnpocolypse" Is Real? - PSW #922This week: - CSA issues guidance to CISOs on Mythos - Vuln management woes - Windows tells you about Secure Boot - AI-assisted firmware vuln hunting - The dumbest hack - Edge decay and the failing perimeter - Mac OS X on a Wii - Little snitch comes to Linux - CPUID served malware…YOUTUBE.COM
15 AprCurity looks to reinvent IAM with runtime authorization for AI agentsIn 2026, enterprise developers are building and deploying the first generation of powerful, increasingly autonomous AI agents at incredible speed. Now comes the hard part: working out how to secure them. Vendors in the space are facing multiple challenges. To begin with, traditio…CSOONLINE.COM
15 AprNorth Korean Spies DM You On FacebookAndroid Mirax RAT, North Korea's Friend-Request Hacks, Adobe PDF Zero-Day, and FBI Phishing Takedown | Cybersecurity Today David Shipley covers multiple trust-based cyber threats: Mirax Android malware pushed via Meta ads posing as free streaming apps, functioning as a remote acc…CYBERSECURITYTODAY.LIBSYN.COM
15 AprTop 10 Best Passwordless Authentication Solutions in 2026Passwords are susceptible to phishing, brute-force attacks, credential stuffing, and human error, leading to an alarming number of data breaches and significant financial losses for enterprises worldwide. The frustration of forgotten passwords and endless resets also plagues user…GBHACKERS.COM
15 Apr13 Fragen gegen DrittanbieterrisikenDrum prüfe… Miljan Zivkovic | shutterstock.com Die zunehmende Abhängigkeit von IT-Dienstleistern und Software von Drittanbietern vergrößert die Angriffsfläche von Unternehmen erheblich. Das wird auch durch zahlreiche Cyberattacken immer wieder unterstrichen. Zwar lassen sich die …CSOONLINE.COM
15 Apr KEVMicrosoft Patch Tuesday April 2026 Fixes 168 Flaws, Including an Actively Exploited Zero-DayMicrosoft has released its highly anticipated April 2026 Patch Tuesday security updates, addressing a massive 168 vulnerabilities across its vast product portfolio. According to recent cybersecurity news reports, this comprehensive update includes a patch for one actively exploit…GBHACKERS.COM
15 AprOpenAI Introduces GPT-5.4 for Reverse Engineering, Vulnerability Discovery, and Malware AnalysisOpenAI has officially launched GPT-5.4-Cyber, a specialized variant of its latest artificial intelligence model explicitly fine-tuned for defensive cybersecurity. Alongside this release, the organization is significantly scaling its Trusted Access for Cyber (TAC) program, providi…GBHACKERS.COM
15 AprIvanti Neurons for ITSM Vulnerabilities Let Remote Attackers Hijack User SessionsIvanti has issued a security advisory detailing two medium-severity vulnerabilities affecting its Neurons for IT Service Management (ITSM) platform. If left unpatched, these security flaws could allow remote authenticated attackers to compromise user sessions and maintain unautho…GBHACKERS.COM
15 AprMallory Launches AI-Native Threat Intelligence Platform, Turning Global Threat Data Into Prioritized ActionBuilt by a veteran security team and led by a former Google and Mandiant executive, Mallory delivers intelligence that drives action for enterprise security teams. Mallory is launching a AI-native threat intelligence platform, purpose-built to answer the questions CISOs and their…CSOONLINE.COM
15 AprMicrosoft Issues Patches for SharePoint Zero-Day and 168 Other New VulnerabilitiesMicrosoft on Tuesday released updates to address a record 169 security flaws across its product portfolio, including one vulnerability that has been actively exploited in the wild. Of these 169 vulnerabilities, 157 are rated Important, eight are rated&nbs…THEHACKERNEWS.COM
15 AprHackers Exploit Hidden Microsoft 365 Mailbox Rules to Steal Sensitive Business EmailsAttackers are quietly abusing Microsoft 365 mailbox rules to steal emails, hide alerts, and maintain long-term access without installing malware. These stealthy tactics are increasingly common in business email compromise (BEC) campaigns targeting enterprise users worldwide. Afte…GBHACKERS.COM
15 AprPHP Composer flaws enable remote command execution via Perforce VCSTwo high-severity flaws in PHP Composer could let attackers run arbitrary commands via malicious repository configs and crafted inputs affecting Perforce VCS. Two high-severity vulnerabilities in PHP Composer could allow attackers to execute arbitrary commands. PHP Composer is a …SECURITYAFFAIRS.COM
15 AprThe need for a board-level definition of cyber resilienceCyber resilience has become a critical governance concern as organizations face increasingly complex and costly cyber threats. However, recent research reveals that the concept of cyber resilience remains inconsistently defined across regulatory frameworks and in some cases prese…CSOONLINE.COM
15 AprCredit Resources Vault: Why this credit email set off our scam alarmsInside a targeted email campaign that funnels the most vulnerable financial people into handing over sensitive data, and signing up for weekly fees.MALWAREBYTES.COM
15 AprThe deepfake dilemma: From financial fraud to reputational crisisDeepfake technology has crossed a critical threshold. What was impossible 10 years ago and required specific expertise only a few years ago is now cheap and accessible. Worse, it’s now good enough to fool a wide range of employees and executives. In fact, a 2025 Gartner survey fo…CSOONLINE.COM
15 AprApril Patch Tuesday fixes two zero-days, including one under active attackThis month’s Patch Tuesday addresses 167 vulnerabilities, including two zero-days that could lead to system compromise, data exposure, and privilege escalation.MALWAREBYTES.COM
15 AprHackers Abuse Google Cloud Storage to Slip Remcos RAT Past Email FiltersHackers are exploiting Google Cloud Storage to bypass email and web filters and deliver Remcos RAT through convincing Google Drive–themed phishing campaigns that blend social engineering with fileless, multi‑stage execution chains. Phishing emails link to Google Cloud Storage buc…GBHACKERS.COM
15 AprMuddyWater-Style Hackers Probe 12,000+ Systems Ahead of Middle EastA threat group resembling MuddyWater has conducted a large-scale reconnaissance and intrusion operation targeting critical sectors in the Middle East, including aviation, energy, and government entities. The attackers reportedly scanned over 12,000 internet-facing systems before …GBHACKERS.COM
15 AprUnlocking foundational visibility for cyber-physical systems with OT vulnerability managementStop managing risk in silos. VM-Native OT Discovery, now available in Tenable Vulnerability Management and Tenable Security Center provides unified visibility across IT and OT domains. See every asset and manage your total cyber exposure in a unified view. Key takeaways The air g…TENABLE.COM
15 AprTop 10 Best Application Security Testing Companies in 2026In the rapidly evolving digital landscape of 2026, applications are the backbone of every enterprise. From customer-facing web portals and mobile apps to intricate internal systems and APIs, software drives business operations, innovation, and customer engagement. However, this u…GBHACKERS.COM
15 AprOrganizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities - SecurityWeeksubmitted by kid to cybersecurity 1 points | 0 comments https://www.securityweek.com/organizations-warned-of-exploited-windows-adobe-acrobat-vulnerabilities/SH.ITJUST.WORKS
15 AprMicrosoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilitiessubmitted by kid to cybersecurity 5 points | 0 comments https://thehackernews.com/2026/04/microsoft-issues-patches-for-sharepoint.htmlSH.ITJUST.WORKS
15 AprwolfSSL Vulnerability Hits IoT, Routers and Military Systems, Update Now!submitted by kid to cybersecurity 2 points | 0 comments https://hackread.com/wolfssl-vulnerability-iot-routers-military-systems/SH.ITJUST.WORKS
15 AprEFF urges state probe into Google over undisclosed data sharing with ICEThe Electronic Frontier Foundation (EFF) has filed complaints with California and New York authorities accusing Google of deceptive practices, alleging that the company failed to notify users before handing their data to law enforcement. The case centers on a Ph.D. student whose …CYBERINSIDER.COM
15 AprPatch Tuesday notes: Microsoft addresses two zero-days.CISA recalls furloughed employees despite funding lapse. Business news: Cisco to acquire AI observability platform Galileo.THECYBERWIRE.COM
15 AprMicrosoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-DaysMicrosoft’s April 2026 Patch Tuesday fixes 165 vulnerabilities, including two zero-days, in one of the company’s largest monthly security updates. The post Microsoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-Days appeared first on TechRepublic .TECHREPUBLIC.COM
15 AprA heavy patch Tuesday lands.Patch Tuesday. CISA directs furloughed employees back to work. Experts warn Anthropic’s Glasswing signals a new era of AI-driven vulnerability discovery. Federal prosecutors crack down on chip smuggling. Sweden says a pro-Russian cyber group attempted to disrupt power plant opera…THECYBERWIRE.COM
15 AprSmashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifyingA hacking group claims to have broken into the flood defence system protecting Venice's Piazza San Marco - and is offering to sell access to whoever wants it. The asking price? A frankly insulting $600. Meanwhile, Anthropic accidentally leaked the source code for Claude Code via …GRAHAMCLULEY.COM
14 AprHow Hackers Are Thinking About AIInteresting paper: “ What hackers talk about when they talk about AI: Early-stage diffusion of a cybercrime innovation. ” Abstract: The rapid expansion of artificial intelligence (AI) is raising concerns about its potential to transform cybercrime. Beyond empowering n…SCHNEIER.COM
14 AprAnalysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)OX Security recently analyzed 216 million security findings across 250 organizations over a 90-day period. The primary takeaway: while raw alert volume grew by 52% year-over-year, prioritized critical risk grew by nearly 400%. The surge in AI-assisted development is cre…THEHACKERNEWS.COM
14 Apr KEVCISA Alerts on Exploited Microsoft Exchange and Windows CLFS Security FlawsThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert regarding two actively exploited security vulnerabilities in Microsoft products. Added to the Known Exploited Vulnerabilities (KEV) catalog on April 13, 2026, these flaws impact the Micro…GBHACKERS.COM
14 AprHackers Exploit Obsidian Plugin to Deploy Cross-Platform MalwareHackers are abusing Obsidian’s Shell Commands plugin and shared cloud vaults to deliver a new cross‑platform malware chain that ends with the PHANTOMPULSE remote access trojan. Attackers pose as a venture capital firm targeting financial and cryptocurrency professionals, first en…GBHACKERS.COM
14 AprSynology SSL VPN Client Vulnerability Enabled Remote Access to Sensitive FilesSynology has recently released a crucial security update to fix two notable vulnerabilities in its SSL VPN Client utility. Tracked under the security advisory Synology-SA-26:05, these flaws could allow remote attackers to access sensitive system files and intercept secure network…GBHACKERS.COM
14 AprThe AI inflection point: What security leaders must do nowAI is no longer a speculative topic for security leaders. It has moved from experimentation to implementation, and increasingly, to measurable production impact. Over the past year, my conversations with CISOs have shifted. The question is no longer whether AI belongs in cybersec…CSOONLINE.COM
14 AprSecuring Software's Journey with the OWASP SPVS - ASW #378It's one thing to write secure code, it's another to release it into the wild. That code needs to be designed, built, tested, released, and maintained. Farshad Abasi and Cameron Walters explain how the OWASP Secure Pipeline Verification Standard picks up from where ASVS left off,…YOUTUBE.COM
14 AprAI Codex Exploits Samsung TV Driver Flaw to Gain Root AccessA new experiment has shown how an AI coding assistant, Codex, can independently escalate privileges on a Samsung Smart TV by abusing dangerously exposed kernel drivers in Samsung’s KantS2 Tizen firmware. Working from an existing browser foothold, Codex chained together source-cod…GBHACKERS.COM
14 AprChina-linked cloud credential heist runs on typos and SMTPChina-aligned hackers have deployed a Linux-based ELF backdoor to steal cloud credentials at scale from workloads across AWS, GCP, Azure, and Alibaba Cloud environments. According to Breakglass Intelligence findings, the backdoor uses a “zero-detection” technique, employing SMTP …CSOONLINE.COM
14 AprSecuring non-human identities: automated revocation, OAuth, and scoped permissionsCloudflare is introducing scannable API tokens, enhanced OAuth visibility, and GA for resource-scoped permissions. These tools help developers implement a true least-privilege architecture while protecting against credential leakage.CLOUDFLARE.COM
14 AprUS, UK and Canada disrupt $45M crypto theft in Operation AtlanticUS, UK and Canada ran Operation Atlantic, uncovering $45M in crypto theft and freezing $12M to return to victims. An international law enforcement operation from the US, UK and Canada, codenamed Operation Atlantic, has targeted large-scale cryptocurrency theft schemes. Authoritie…SECURITYAFFAIRS.COM
14 AprAdobe fixes PDF zero-day security bug that hackers have exploited for monthsIt's not clear how many people were compromised by this hacking campaign, but a security researcher said the hackers were targeting victims since at least November 2025.TECHCRUNCH.COM
14 AprAI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad FraudCybersecurity researchers have unmasked a novel ad fraud scheme that has been found to leverage search engine poisoning (SEO) techniques and artificial intelligence (AI)-generated content to push deceptive news stories into Google's Discover feed and trick users into en…THEHACKERNEWS.COM
14 AprEU regulators largely denied access to Anthropic MythosEuropean regulators have largely been frozen out of early access to Anthropic’s new Mythos model, Politico reports . The AI technology, aimed at cybersecurity use cases , is said to be able to identify and exploit technical vulnerabilities at a level that surpasses most humans — …CSOONLINE.COM
14 AprKali Forms Vulnerability Enables Remote Code Execution RCEsubmitted by kid to cybersecurity 6 points | 0 comments https://thecyberexpress.com/kali-forms-vulnerability-wordpress-plugin/SH.ITJUST.WORKS
14 AprHack the AI agent: Build agentic AI security skills with the GitHub Secure Code GameLearn to find and exploit real-world agentic AI vulnerabilities through five progressive challenges in this free, open source game that over 10,000 developers have already used to sharpen their security skills. The post Hack the AI agent: Build agentic AI security skills with the…GITHUB.BLOG
14 AprPersonal data of 1 million gym members compromised in Basic-Fit security incidentA breach at Basic-Fit exposed data of 1M members, including names, birth dates and bank details after unauthorized access. Basic-Fit, Europe’s largest gym chain, has disclosed a data breach affecting around 1 million members. Hackers gained unauthorized access to the company syst…SECURITYAFFAIRS.COM
14 AprAdobe Issues Emergency Patch for Critical PDF Flaw Exploited For MonthsAdobe patches a critical PDF flaw exploited for months, allowing attackers to bypass sandbox protections and deliver malware. Users urged to update now. The post Adobe Issues Emergency Patch for Critical PDF Flaw Exploited For Months appeared first on TechRepublic .TECHREPUBLIC.COM
14 Apr4 questions to ask before outsourcing MDRSecurity teams are stretched thin. Alerts never stop, attackers move faster, and expectations for uptime and resilience keep rising. For many IT and security leaders, Managed Detection and Response (MDR) has become less of a “nice to have” and more of a practical way to stay ahea…CSOONLINE.COM
14 Apr5 trends defining the future of AI-powered cybersecurityThe new N-able and Futurum Report reveals how AI is reshaping cyber resilience as it accelerates both business innovation and adversarial tradecraft. Attackers are scaling their operations with unprecedented speed, leveraging automation to bypass traditional defenses. For IT secu…CSOONLINE.COM
14 Apr KEVPatch Tuesday, April 2026 EditionMicrosoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed "BlueHammer." Separately, Google Chr…KREBSONSECURITY.COM
14 AprZuckbot, Rockstar, Klaude, Browsers Galore, Microsoft 365, ATC, Kieran Human and more - SWN #572Amish Conversion, Zuckbot, Rockstar, Klaude, Browsers Galore, Microsoft 365, Outlook Lite, Air Traffic Control, Kieran Human, and More on the Security Weekly News. Segment Resources: https://www.bleepingcomputer.com/news/security/medtech-giant-stryker-fully-operational-after-data…YOUTUBE.COM
14 Apr KEVMicrosoft’s April Windows update fixes 165 flaws, one exploited zero-dayMicrosoft has released its April 2026 Patch Tuesday updates for Windows 11 versions 24H2 and 25H2, to fix security bugs across the operating system. The security release addresses 165 flaws, including one actively exploited SharePoint spoofing flaw and multiple “more likely to be…CYBERINSIDER.COM
14 AprSecure AI agent access patterns to AWS resources using Model Context ProtocolAI agents and coding assistants interact with AWS resources through the Model Context Protocol (MCP). Unlike traditional applications with deterministic code paths, agents reason dynamically, choosing different tools or accessing different data depending on context. You must assu…AWS.AMAZON.COM
13 AprBanks Panic As Anthropic Mythos Exposes Software VulnerabiltiesMythos Sparks Urgent Bank Meetings, AI Shrinks Exploit Windows, CEO Phishing Beats MFA + Crypto Fraud Bust Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one…CYBERSECURITYTODAY.LIBSYN.COM
13 AprApache Tomcat Flaws Enable EncryptInterceptor BypassThe Apache Software Foundation has released critical security updates for Apache Tomcat to address three newly disclosed vulnerabilities. Because Apache Tomcat is a widely deployed open-source web server, these flaws pose a significant risk to many enterprise environments. The ne…GBHACKERS.COM
13 AprCISOs tackle the AI visibility gapDale Hoak found himself asking a question that has become familiar to CISOs through the decades: What am I missing? More specifically, Hoak , CISO at software firm RegScale, was wondering what he might be missing around his company’s AI deployments. “The business was moving so fa…CSOONLINE.COM
13 AprWe catch up on the news, including AI vuln hunting; also more RSAC interviews! - ESW #454Segment 1: We cover the weekly enterprise news! Segment 2: RSAC interviews from ArmorCode and Filigran ArmorCode: AI Exposure Management and Governing Shadow AI AI is moving faster than most governance models can keep up. As organizations race to adopt new AI tools, developer wor…YOUTUBE.COM
13 AprAI Chatbots and TrustAll the leading AI chatbots are sycophantic, and that’s a problem : Participants rated sycophantic AI responses as more trustworthy than balanced ones. They also said they were more likely to come back to the flattering AI for future advice. And critically they couldnR…SCHNEIER.COM
13 AprInternational Operation Targets Multimillion-Dollar Crypto Theft SchemesLaw enforcement in the US, UK and Canada identified more than $45 million in cryptocurrency and froze $12 million. The post International Operation Targets Multimillion-Dollar Crypto Theft Schemes appeared first on SecurityWeek .SECURITYWEEK.COM
13 AprHackers Exploit MSBuild LOLBin to Evade Detection in Fileless Windows AttacksCyber attackers are increasingly using Living Off the Land Binaries (LOLBins) to bypass security detection. By leveraging legitimate system tools, these attacks avoid signature-based defenses and operate without dropping traditional malware files. One such LOLBin now gaining atte…GBHACKERS.COM
13 AprCritical Marimo pre-auth RCE flaw now under active exploitationsubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/critical-marimo-pre-auth-rce-flaw-now-under-active-exploitation/SH.ITJUST.WORKS
13 AprYour MTTD Looks Great. Your Post-Alert Gap Doesn'tAnthropic restricted its Mythos Preview model last week after it autonomously found and exploited zero-day vulnerabilities in every major operating system and browser. Palo Alto Networks' Wendi Whitmorewarned that similar capabilities are weeks or months from proliferat…THEHACKERNEWS.COM
13 Apr⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and MoreMonday is back, and the weekend’s backlog of chaos is officially hitting the fan. We are tracking a critical zero-day that has been quietly living in your PDFs for months, plus some aggressive state-sponsored meddling in infrastructure that is finally coming to light. I…THEHACKERNEWS.COM
13 AprToo Many Vulnerabilities to FixOrganizations struggle to apply patches because uptime is prioritized, and remediation is disruptive. Vulnerability management teams often can’t get fixes deployed. An overload of vulnerabilities doesn’t improve security—it creates paralysis. Teams lose the ability to prioritize,…YOUTUBE.COM
13 AprFrom Compliance to Code: Rethinking Cloud Security - Richard Marcus - CSP #223Jess talks with Rich about what it takes to secure a cloud-first organization at scale. Rich explains how compliance as code helps teams build secure-by-default environments in AWS and Azure. He also shares why continuous monitoring gives organizations stronger visibility and a m…YOUTUBE.COM
13 AprOn Anthropic’s Mythos Preview and Project GlasswingThe cybersecurity industry is obsessing over Anthropic’s new model, Claude Mythos Preview, and its effects on cybersecurity. Anthropic said that it is not releasing it to the general public because of its cyberattack capabilities, and has launched Project Glasswing to run t…SCHNEIER.COM
13 AprAnthropic's Mythos Preview: Why the Human Layer Matters More, Not LessThe human layer is not impacted by Anthropic's Mythos Preview announcement. If anything, it is reinforced, and for reasons that deserve to be spelled out clearly.KNOWBE4.COM
13 AprAnthropic’s Mythos signals a structural cybersecurity shiftOver the past week, reaction to Anthropic’s Glasswing disclosure has split along familiar lines. At one end: alarm over an AI system capable of autonomously identifying and exploiting vulnerabilities. At the other: dismissive hot takes, arguing there is nothing new here. A more g…CSOONLINE.COM
13 AprMarch 2026 CVE Landscape: 31 High-Impact Vulnerabilities Identified, Interlock Ransomware Group Exploits Cisco FMC Zero-DayMarch 2026 saw a 139% increase in high-impact vulnerabilities, with Recorded Future's Insikt Group® identifying 31 vulnerabilities requiring immediate remediation, up from 13 in February 2026.RECORDEDFUTURE.COM
13 Apr KEVSimply opening a PDF could trigger this Adobe Reader zero-dayEven though it’s patched, Adobe confirmed it was exploited in the wild, so updating is urgent, not optional.MALWAREBYTES.COM
13 AprCitizen Lab: Webloc tracked 500M devices for global law enforcementCitizen Lab reported that law enforcement used the surveillance tool Webloc to track up to 500M devices via ad data globally. A report by Citizen Lab revealed that law enforcement agencies in the U.S., Hungary, and El Salvador used a surveillance tool called Webloc to track devic…SECURITYAFFAIRS.COM
13 AprGrafanaGhost: The AI That Leaked Everything Without Being HackedA newly disclosed vulnerability reveals how AI assistants can become invisible channels for data exfiltration — and why security enforcement must shift to the data layer. The post GrafanaGhost: The AI That Leaked Everything Without Being Hacked appeared first on TechRepublic .TECHREPUBLIC.COM
13 AprGet Secure Cloud Storage on a 2TB Lifetime Plan with Internxt for $100This secure storage platform uses open source code, zero-knowledge file systems, and end-to-end encryption to keep your online data truly private. The post Get Secure Cloud Storage on a 2TB Lifetime Plan with Internxt for $100 appeared first on TechRepublic .TECHREPUBLIC.COM
13 AprRockstar Games confirms data breach as ShinyHunters leaks 78 million recordsRockstar Games has confirmed that it suffered a data breach incident that exposed internal analytics data. Earlier today, the ShinyHunters threat group leaked the data online, claiming access to Snowflake-hosted datasets tied to the company’s online services. The incident first s…CYBERINSIDER.COM
13 AprBooking.com data breach exposed users’ reservation detailsBooking.com has notified customers of a security incident involving unauthorized access to reservation data, warning that personal and booking-related information may have been exposed. The company says it has taken steps to contain the issue, but has not disclosed how many users…CYBERINSIDER.COM
13 AprStandard fiber optic cables can be turned into remote microphonesResearchers have demonstrated that standard fiber-optic internet cables can be covertly repurposed into highly sensitive listening devices, capable of capturing speech and tracking human activity inside buildings. The study shows that, under realistic conditions, attackers could …CYBERINSIDER.COM
13 AprHallmark data breach exposed information of 1.7 million accountsA newly surfaced dataset tied to Hallmark has been added to the Have I Been Pwned (HIBP) breach notification service. The leaked data exposed the personal information of approximately 1.7 million users following an alleged March 2026 intrusion, claimed by the ShinyHunters extorti…CYBERINSIDER.COM
12 AprHallmark - 1,736,520 breached accountsIn March 2026, Hallmark suffered an alleged breach and subsequent extortion after attackers gained access to data stored within Salesforce. The data was later published after the extortion deadline passed, exposing 1.7M unique email addresses across both Hallmark and the Hallmark…HAVEIBEENPWNED.COM
12 AprCritical Marimo pre-auth RCE flaw now under active exploitationA critical pre-authentication remote code execution (RCE) vulnerability in Marimo is now under active exploitation, leveraged for credential theft. [...]BLEEPINGCOMPUTER.COM
11 AprClaude and ChatGPT Exploited in Sweeping Cyber Campaign Against Government AgenciesIn a groundbreaking technical report released by Gambit Security researcher Eyal Sela, new details have emerged about a massive cyberattack targeting government infrastructure. A single threat actor successfully leveraged artificial intelligence platforms to breach nine Mexican g…GBHACKERS.COM
11 AprCitizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad DataHungarian domestic intelligence, the national police in El Salvador, and several U.S. law enforcement and police departments have been attributed to the use of an advertising-based global geolocation surveillance system called Webloc. The tool was developed by Israeli c…THEHACKERNEWS.COM
11 AprOver 20,000 crypto fraud victims identified in international crackdownAn international law enforcement action led by the U.K.'s National Crime Agency (NCA) has identified over 20,000 victims of cryptocurrency fraud across Canada, the United Kingdom, and the United States. [...]BLEEPINGCOMPUTER.COM
11 AprTwo different attackers poisoned popular open source tools - and showed us the future of supply chain compromisesubmitted by cm0002 to cybersecurity 3 points | 0 comments https://www.theregister.com/2026/04/11/trivy_axios_supply_chain_attacks/INFOSEC.PUB
10 AprNews alert: Mallory launches AI-native platform to cut through alert noise and surface real riskAUSTIN, Texas, Apr. 9, 2026, CyberNewswire — Mallory is launching a AI-native threat intelligence platform, purpose-built to answer the questions CISOs and their teams are asking every day: •What are the real threat vectors for our organization? •What’s actually exploitable ̷…LASTWATCHDOG.COM
10 AprAWS Fixes Severe RCE, Privilege Escalation Flaws in Research and Engineering StudioAWS recently issued a critical security bulletin addressing severe vulnerabilities in its Research and Engineering Studio (RES). RES is an open-source web portal that allows administrators to create and manage secure cloud-based research environments. Security researchers identif…GBHACKERS.COM
10 AprChatGPT, Claude, and Gemini Among 11 AI Models Vulnerable to One-Line JailbreakA newly discovered jailbreak technique named “sockpuppeting” successfully forces 11 leading artificial intelligence models, including ChatGPT, Claude, and Gemini, to bypass their safety guardrails. By exploiting a standard application programming interface (API) featu…GBHACKERS.COM
10 AprMicrosoft Finds Vulnerability Exposing Millions of Android Crypto Wallet UsersThe security hole affected an EngageLab SDK and it was reported by Microsoft to the vendor one year ago. The post Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet Users appeared first on SecurityWeek .SECURITYWEEK.COM
10 AprTP-Link Devices at Risk as Multiple Security Flaws Enable TakeoverCybersecurity researchers have uncovered five significant security vulnerabilities in the TP-Link Archer AX53 v1.0 router. If left unpatched, these critical flaws could allow attackers to take full control of the device, steal sensitive network data, and compromise connected syst…GBHACKERS.COM
10 AprCritical Marimo Flaw Exploited Hours After Public DisclosureWithin nine hours, a hacker built an exploit from the unauthenticated bug’s advisory and started using it in the wild. The post Critical Marimo Flaw Exploited Hours After Public Disclosure appeared first on SecurityWeek .SECURITYWEEK.COM
10 AprThe cyber winners and losers in Trump’s 2027 budgetFederal cybersecurity spending will decline in 2027 under Donald Trump’s proposed budget, with uneven shifts across agencies, as some see sizable increases while others face sharp reductions. According to the Office of Management and Budget (OMB) crosscut tables released with Tru…CSOONLINE.COM
10 AprCMMC compliance in the age of AICybersecurity Maturity Model Certification 2.0 ( CMMC 2.0 ) is pushing federal contractors to demonstrate, not just assert, that they can protect sensitive government data. Eligibility for contracts now depends on the ability to show how controlled unclassified information (CUI) …CSOONLINE.COM
10 AprWhy most zero-trust architectures fail at the traffic layerZero trust has become one of the most widely adopted security models in enterprise environments. Organizations invest heavily in identity systems, access policies, and modern security tooling. On paper, these environments look well-protected. Yet during incidents, a different rea…CSOONLINE.COM
10 AprFake BTS Tour Ticket Scams Target Fans WorldwideCybercriminals are exploiting the massive hype around BTS’s return to the global stage by launching a wave of fake ticketing websites targeting fans across multiple countries. The K-pop group recently reunited after nearly four years, during which members completed mandatory mili…GBHACKERS.COM
10 AprOrthanc DICOM Vulnerabilities Lead to Crashes, RCEAttackers could exploit these vulnerabilities in denial-of-service, information disclosure, and arbitrary code execution attacks. The post Orthanc DICOM Vulnerabilities Lead to Crashes, RCE appeared first on SecurityWeek .SECURITYWEEK.COM
10 AprHungarian government email passwords exposed ahead of electionWhen voters in the forthcoming Hungarian election assess the current government, its record on internet security will not be one of its proudest achievements. An analysis by open source investigation organization Bellingcat has revealed that the passwords for almost 800 Hungarian…CSOONLINE.COM
10 AprJuniper Networks Patches Dozens of Junos OS VulnerabilitiesA critical-severity flaw could be exploited remotely, without authentication, to take over a vulnerable device. The post Juniper Networks Patches Dozens of Junos OS Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
10 AprEngageSDK Vulnerability puts millions of crypto wallets at riskA newly disclosed vulnerability in the widely used Android library EngageSDK has raised serious concerns across the cryptocurrency ecosystem, potentially exposing millions of users to data theft and unauthorized access. Security researchers identified a critical “intent redirecti…GBHACKERS.COM
10 AprFCC Can’t Define a RouterThe FCC guidance discussed is described as ambiguous, even requiring updates to clarify that devices like phones with hotspots are not considered routers. Unclear definitions in regulation can lead to overreach or inconsistent enforcement, especially when agencies expand into sof…YOUTUBE.COM
10 AprIn Other News: Cyberattack Stings Stryker, Windows Zero-Day, China Supercomputer HackOther noteworthy stories that might have slipped under the radar: Jones Day hacked, Internet Bug Bounty program paused due to AI, new Mac stealer malware. The post In Other News: Cyberattack Stings Stryker, Windows Zero-Day, China Supercomputer Hack appeared first on SecurityWeek…SECURITYWEEK.COM
10 AprHacker Unknown now known, named on Europol’s most-wanted listGerman police have pinned a name to one of the world’s most notorious hackers. Danii Shchukin operated under the names of UNKN or Unknown and GandCrab and was, according to German police, the leader of one of the largest globally active ransomware groups, known as GandCrab/Revi. …CSOONLINE.COM
10 AprGoogle adds end-to-end Gmail encryption to Android, iOS devices for enterprisesGoogle has made a big step forward by extending end-to-end encryption to Android and iOS devices for Gmail client-side encryption (CSE) users, says an expert. “All in all, this is a welcome update, especially in light of recent concerns surrounding WhatsApp’s encryption methods,”…CSOONLINE.COM
10 AprCrushing the Axios supply chain threat with Tenable Hexa AI: Use cases for agentic AISee how you can use Tenable Hexa AI to determine in minutes if you’re impacted by the Axios npm supply chain attack. Learn how easy it is to automate configuration of scans, identify impacted assets, prioritize remediation, and more using agentic AI from Tenable. Key takeaways:&n…TENABLE.COM
10 Apr[local] NetBT e-Fatura - Privilege EscalationNetBT e-Fatura - Privilege EscalationEXPLOIT-DB.COM
10 AprMicrosoft: Third-Party Android Vulnerability Leaves Over 50M Users ExposedA flaw in the EngageLab SDK exposed 50 million Android users, allowing malicious apps to exploit trusted permissions and access sensitive data. The post Microsoft: Third-Party Android Vulnerability Leaves Over 50M Users Exposed appeared first on TechRepublic .TECHREPUBLIC.COM
10 AprAI Expansion, Security Crises, and Workforce Upheaval Define This Week in TechSee what you missed in Daily Tech Insider from April 6–10. The post AI Expansion, Security Crises, and Workforce Upheaval Define This Week in Tech appeared first on TechRepublic .TECHREPUBLIC.COM
10 AprWebloc surveillance system tracks millions using mobile ad dataA little-known surveillance platform called Webloc can track hundreds of millions of people worldwide by repurposing data harvested from mobile apps and digital advertising ecosystems. A related investigation confirms that government agencies across multiple countries, including …CYBERINSIDER.COM
10 AprWarten auf Sicherheitsupdate: Angreifer attackieren Adobe ReaderAngreifer nutzen derzeit eine Zero-Day-Lücke in Adobe Reader aus. Bis es ein Sicherheitsupdate gibt, sollte man keine PDFs aus unbekannten Quellen öffnen.HEISE.DE
9 AprQuestions raised about how LinkedIn uses the petabytes of data it collectsThrough LinkedIn’s more than one billion business users, the Microsoft unit has access to a vast array of personally-identifiable information, including data that could identify religious and political positions. What is less clear is what LinkedIn does with all of that data. A s…CSOONLINE.COM
9 AprGitLab Addresses Multiple Vulnerabilities Linked to DoS and Code InjectionGitLab has rolled out a crucial security update to fix multiple vulnerabilities across its Community Edition (CE) and Enterprise Edition (EE) platforms. Organizations utilizing self-managed GitLab instances are strongly advised by GitLab security experts to apply these updates im…GBHACKERS.COM
9 AprMultiple SonicWall Flaws Enable SQL Injection and Privilege Escalation AttacksSonicWall has published a critical security advisory addressing four distinct vulnerabilities in its SMA1000 series appliances. These security flaws open the door for attackers to escalate their system privileges, guess user credentials, and bypass essential multi-factor authenti…GBHACKERS.COM
9 AprMicrosoft suspends dev accounts for high-profile open source projectsMicrosoft has suspended developer accounts used to maintain multiple high-profile open-source projects without proper notification and no way to quickly reinstate them, effectively blocking them from publishing new software builds and security patches for Windows users. [...]BLEEPINGCOMPUTER.COM
9 AprLinux Foundation Leader Impersonated in Slack Attack on Open Source DevelopersA social engineering campaign is actively targeting open source developers through Slack. The warning was shared through the OpenSSF Siren mailing list, a public threat intelligence platform designed to alert developers and security teams about active threats after initial disclo…GBHACKERS.COM
9 AprAdobe Reader Zero-Day Exploited for Months: ResearcherReputable researcher Haifei Li has come across what appears to be a PDF designed to exploit an unpatched vulnerability. The post Adobe Reader Zero-Day Exploited for Months: Researcher appeared first on SecurityWeek .SECURITYWEEK.COM
9 AprWeak at the seamsBefore I ever held a security title, I was a software engineer implementing vertically integrated automation systems for industrial manufacturing, warehouse-scale conveyor networks, robotic material handling, physical infrastructure controlled by software on increasingly connecte…CSOONLINE.COM
9 AprHackers exploiting Acrobat Reader zero-day flaw since DecemberAttackers have been exploiting a zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December. [...]BLEEPINGCOMPUTER.COM
9 AprAdobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025Threat actors have been exploiting a previously unknown zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December 2025. The finding, detailed by EXPMON's Haifei Li, has been described as a highly-sophisticated PDF exploit.&nb…THEHACKERNEWS.COM
9 AprCritical Vulnerability in Ninja Forms Exposes WordPress Sites - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/flaw-ninja-forms-wordpress/SH.ITJUST.WORKS
9 AprPalo Alto Networks, SonicWall Patch High-Severity VulnerabilitiesThe bugs could allow attackers to modify protected resources and escalate their privileges to administrator. The post Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
9 AprNew ClickFix variant bypasses Apple safeguards with one‑click script executionClickFix malware campaigns are evolving again, with threat actors removing one of their most obvious and user‑dependent steps: convincing victims to paste malicious commands into Terminal. Instead, the latest variant uses a single browser click to trigger script execution, stream…CSOONLINE.COM
9 AprNew Phishing Campaign Exploits Google Storage to Deliver Remcos RATA recently observed phishing campaign is abusing Google Cloud Storage to deliver the Remcos remote access trojan (RAT), relying on trusted Google infrastructure and a signed Microsoft binary to evade traditional defenses. Attackers host a fake Google Drive login page on the legit…GBHACKERS.COM
9 AprAttackers Deploy Hidden Magecart Skimmer on Magento Using SVG onload AbuseSecurity researchers at Sansec uncovered a large-scale Magecart campaign targeting Magento e-commerce platforms. Nearly 100 online stores were infected with a sophisticated credit card skimmer. To evade security scanners and steal shopper payment data seamlessly, attackers concea…GBHACKERS.COM
9 AprHackers Actively Attacking Adobe Reader Users Using Sophisticated 0-Day Exploitsubmitted by kid to cybersecurity 2 points | 0 comments https://cybersecuritynews.com/adobe-reader-0-day-exploit/SH.ITJUST.WORKS
9 AprThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More StoriesThursday. Another week, another batch of things that probably should've been caught sooner but weren't. This one's got some range — old vulnerabilities getting new life, a few "why was that even possible" moments, attackers leaning on platforms and tools you'd normally …THEHACKERNEWS.COM
9 AprIntent redirection vulnerability in third-party SDK exposed millions of Android wallets to potential riskA severe Android intent‑redirection vulnerability in a widely deployed SDK exposed sensitive user data across millions of apps. Microsoft researchers detail how the flaw works, why it matters, and how developers can mitigate similar risks by updating affected SDKs. The post Inten…MICROSOFT.COM
9 AprMicrosoft BANNED WireGuard, VeraCrypt & Windscribe With Zero Warningsubmitted by cm0002 to cybersecurity 1 points | 0 comments https://www.youtube.com/watch?v=fTui3CQuL9I Microsoft silently suspended developer accounts for WireGuard, VeraCrypt, and Windscribe with zero warning, leaving these critical open source security tools unable to push upda…INFOSEC.PUB
9 AprCloudflare ‘actively adjusting’ quantum priorities in wake of Google warningGoogle’s accelerated post-quantum encryption deadline has spurred other leaders in the industry, including Cloudflare, to consider pushing forward their own plans. The US National Institute of Standards and Technology (NIST) has set a 2030 deadline for depreciating legacy encrypt…CSOONLINE.COM
9 AprEngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto WalletsDetails have emerged about a now-patched security vulnerability in a widely used third-party Android software development kit (SDK) called EngageLab SDK that could have put millions of cryptocurrency wallet users at risk. "This flaw allows apps on the same dev…THEHACKERNEWS.COM
9 AprHealthcare IT solutions provider ChipSoft hit by ransomware attackDutch healthcare software vendor ChipSoft has been impacted by a ransomware attack that forced the company to take offline its website and digital services for patients and healthcare providers. [...]BLEEPINGCOMPUTER.COM
9 AprAI Makes All Bug Shallow? - PSW #921This week: - Rage dropping 0-Day - Claude Mythos, things are different now - From UART to root, on a device made in China, where's the FCC? - More CUPS vulnerabilities - Russians are hacking routers, FCC ban doesn't stop them - Mongoose vulnerabilities, and FCC still does nothing…YOUTUBE.COM
9 AprU.S. Public Sector Under Siege: Threat Intelligence for Q1 2026The first quarter of 2026 has reinforced a hard truth: U.S. government agencies and educational institutions are operating in the most hostile cyber threat environment ever recorded.TRENDMICRO.COM
9 Apr[webapps] React Server 19.2.0 - Remote Code ExecutionReact Server 19.2.0 - Remote Code ExecutionEXPLOIT-DB.COM
9 Apr[webapps] Jumbo Website Manager - Remote Code ExecutionJumbo Website Manager - Remote Code ExecutionEXPLOIT-DB.COM
9 AprMaster C and C++ with our new Testing Handbook chapterWe added a new chapter to our Testing Handbook: a comprehensive security checklist for C and C++ code . We’ve identified a broad range of common bug classes, known footguns, and API gotchas across C and C++ codebases and organized them into sections covering Linux, Windows, and s…TRAILOFBITS.COM
8 AprCybercriminals Use Fake Zoom, Teams Calls to Deliver MalwareHackers are increasingly using fake Zoom and Microsoft Teams meetings to trick victims into infecting their own systems with malware. SEAL says it has blocked 164 malicious domains tied to this operation using MetaMask’s eth-phishing-detect system. The campaign primarily targets …GBHACKERS.COM
8 AprClaude Code Leak Exploited to Spread Vidar and GhostSocks via GitHub ReleasesHackers are turning the Claude Code source leak into an active malware-delivery channel, using GitHub Releases to push the Vidar stealer and GhostSocks under the guise of “leaked” Anthropic tooling. The incident shows how human and governance failures around AI development can ra…GBHACKERS.COM
8 AprRemus Infostealer Debuts With Stealthy New Credential-Theft TacticsHackers are rolling out a new 64‑bit infostealer dubbed Remus. The code strongly suggests it is a direct successor to the notorious Lumma Stealer, arriving just months after law‑enforcement disruption and public doxxing of Lumma’s core operators in 2025. Remus is a 64‑bit informa…GBHACKERS.COM
8 AprAssessing Claude Mythos Preview’s cybersecurity capabilitiessubmitted by codeinabox to security 1 points | 0 comments https://red.anthropic.com/2026/mythos-preview/ During our testing, we found that Mythos Preview is capable of identifying and then exploiting zero-day vulnerabilities in every major operating system and every major web bro…PROGRAMMING.DEV
8 AprGreyNoise Launches C2 Detection for Exploited Edge DevicesGreyNoise has introduced a new capability, C2 Detection, to identify compromised edge devices such as firewalls, routers, and VPN systems assets that are increasingly targeted but often lack visibility in traditional security tools. Unlike endpoints, these devices rarely generate…GBHACKERS.COM
8 AprTop 10 Best Multi-Factor Authentication (MFA) Providers in 2026In the digital realm of 2026, the traditional password stands as a flimsy barrier against an onslaught of sophisticated cyber threats. From phishing campaigns and credential stuffing to ever-evolving malware, attackers are relentlessly targeting the weakest link in cybersecurity:…GBHACKERS.COM
8 AprThe tabletop exercise grows upIn the early 1800s, Prussian officers began rehearsing battles around sand tables. They called it Kriegsspiel, and it worked because it forced them to make high-stakes decisions under pressure. Fast forward to today, and that same concept has become cybersecurity’s go-to tool for…CSOONLINE.COM
8 AprMicrosoft’s new Agent Governance Toolkit targets top OWASP risks for AI agentsMicrosoft has quietly introduced the Agent Governance Toolkit, an open-source project designed to monitor and control AI agents during execution as enterprises try to move them into production workflows. The toolkit, which is a response to the Open Worldwide Application Security …CSOONLINE.COM
8 AprAnthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major SystemsArtificial Intelligence (AI) company Anthropic announced a new cybersecurity initiative called Project Glasswing that will use a preview version of its new frontier model, Claude Mythos, to find and address security vulnerabilities. The model will be…THEHACKERNEWS.COM
8 AprThe zero-day timeline just collapsed. Here’s what security leaders do nextA zero-day is not frightening because it is sophisticated. It is frightening because it is unknown. There is no patch in the moment it matters most. That single condition undermines the comfort most security programs rely on: time. In the past, attackers didn’t need zero-days bec…CSOONLINE.COM
8 AprUS Disrupts Russian Espionage Operation Involving Hacked Routers and DNS HijackingThe APT28 threat group exploited vulnerable TP-Link and MikroTik routers to conduct adversary-in-the-middle (AitM) attacks. The post US Disrupts Russian Espionage Operation Involving Hacked Routers and DNS Hijacking appeared first on SecurityWeek .SECURITYWEEK.COM
8 AprLLM-generated passwords are indefensible. Your codebase may already prove itTwo independent research programs, one from AI security firm Irregular, one from Kaspersky, have now converged on the same conclusion: Every frontier LLM generates structurally predictable passwords that standard entropy meters catastrophically overrate. AI coding agents are auto…CSOONLINE.COM
8 AprForest Blizzard leverages router compromises to launch AiTM attacks, target Outlook sessionsRussian threat actor Forest Blizzard has been exploiting unsecured home and small-office internet equipment, such as routers, to redirect traffic through attacker-controlled DNS servers. The group has leveraged this DNS hijacking activity to support post-compromise adversary-in-t…CSOONLINE.COM
8 AprHackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to TakeoverThe vulnerability allows hackers to upload arbitrary files to a site’s server and achieve remote code execution. The post Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover appeared first on SecurityWeek .SECURITYWEEK.COM
8 AprHackers Target Adobe Reader Users With Sophisticated Zero-Day ExploitSecurity researchers at EXPMON have uncovered a highly sophisticated, unpatched zero-day vulnerability actively targeting Adobe Reader users. The exploit, first detected in the wild late last month, allows threat actors to silently steal local files, gather sensitive system infor…GBHACKERS.COM
8 AprIran‑linked PLC attacks cause real‑world disruption at critical US infra sitesAs the US and Iran agreed to a ceasefire on Tuesday, six US federal agencies have warned that Iran-affiliated threat actors have compromised internet-exposed programmable logic controllers at critical infrastructure facilities in the US. The attacks, which the agencies linked to …CSOONLINE.COM
8 AprMassachusetts Hospital Diverts Ambulances as Cyberattack Causes DisruptionSignature Healthcare was forced to cancel some services, and pharmacies are unable to fill prescriptions due to the hacker attack. The post Massachusetts Hospital Diverts Ambulances as Cyberattack Causes Disruption appeared first on SecurityWeek .SECURITYWEEK.COM
8 AprAnthropic Launches Claude Mythos Preview Focused on Zero-Day Vulnerability DiscoveryAnthropic recently unveiled Claude Mythos Preview, a groundbreaking general-purpose language model demonstrating an unprecedented, emergent ability to autonomously discover and exploit zero-day vulnerabilities. In response to these powerful capabilities, the company introduced Pr…GBHACKERS.COM
8 AprRussian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaignsubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2026/04/russian-state-linked-apt28-exploits.htmlSH.ITJUST.WORKS
8 AprVoice Phishing is a Growing Social Engineering ThreatVoice phishing (vishing) overtook email-based phishing as a top initial intrusion vector in 2025, according to a new report from Mandiant. Notably, vishing is live and interactive, giving the attacker more control over the social engineering objectives.KNOWBE4.COM
8 AprJoint advisory on Russian GRU exploiting vulnerable routers to steal sensitive informationCYBER.GC.CA
8 AprRCE Bug Lurked in Apache ActiveMQ Classic for 13 YearsThe vulnerability requires authentication for successful exploitation, but another flaw exposes the Jolokia API without authentication. The post RCE Bug Lurked in Apache ActiveMQ Classic for 13 Years appeared first on SecurityWeek .SECURITYWEEK.COM
8 AprGrafanaGhost Exploit Bypasses AI Guardrails for Silent Data Exfiltratisubmitted by kid to cybersecurity 2 points | 0 comments https://www.infosecurity-magazine.com/news/grafanaghost-silent-data/SH.ITJUST.WORKS
8 AprDeveloper of VeraCrypt encryption software says Windows users may face boot-up issues after Microsoft locked his accountThe maker of the popular open-source file encryption software VeraCrypt said Microsoft locked his online account, which may prevent device owners from booting up their computers.TECHCRUNCH.COM
8 AprData Leakage Vulnerability Patched in OpenSSLA total of seven vulnerabilities, most of which can be exploited for DoS attacks, have been patched in OpenSSL. The post Data Leakage Vulnerability Patched in OpenSSL appeared first on SecurityWeek .SECURITYWEEK.COM
8 AprYael Nardi joins Minimus as Chief Business Officer to drive hyper-growthNew York, NY: Minimus, a provider of hardened container images and secure container images designed to reduce CVE risk, today announced the appointment of Yael Nardi as Chief Business Officer (CBO). In this newly created role, Nardi will lead the company’s next phase of operation…CSOONLINE.COM
8 AprLegit Login Flow Turned AttackDevice code phishing leverages the OAuth 2.0 device authorization grant flow, a legitimate login method designed for devices with limited input like TVs and printers. Attackers exploit the split authentication process, where users complete login on a second device. This creates a…YOUTUBE.COM
8 Apr13-year-old bug in ActiveMQ lets hackers remotely execute commandsSecurity researchers discovered a remote code execution (RCE) vulnerability in Apache ActiveMQ Classic that has gone undetected for 13 years and could be exploited to execute arbitrary commands. [...]BLEEPINGCOMPUTER.COM
8 AprHow botnet-driven DDoS attacks evolved in 2H 2025The second half of 2025 marked a pivotal shift in the world of distributed denial-of-service (DDoS) attacks . Organizations across the globe faced a perfect storm: Artificial intelligence (AI) matured as an offensive weapon, botnet infrastructure reached new heights with multiter…CSOONLINE.COM
8 AprCISA orders feds to patch exploited Ivanti EPMM flaw by SundayCISA has given U.S. government agencies four days to secure their systems against a critical-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) that has been exploited in attacks since January. [...]BLEEPINGCOMPUTER.COM
8 AprArelion employs NETSCOUT Arbor DDoS protection productsArelion operates the world’s best-connected IP fiber backbone, providing high-capacity transit services to a variety of the globe’s leading ISPs as well as many large enterprises. They provide an award-winning customer experience to clients in 129 countries worldwide, and their g…CSOONLINE.COM
8 AprWireGuard VPN developer can’t ship software updates after Microsoft locks accountThe popular open source VPN maker is the second high-profile developer to say Microsoft locked his account without notifying him and are blocking their ability to send software updates to users.TECHCRUNCH.COM
8 AprHackers use pixel-large SVG trick to hide credit card stealerA massive campaign impacting nearly 100 online stores using the Magento e-commerce platform hides credit card-stealing code in a pixel-sized Scalable Vector Graphics (SVG) image. [...]BLEEPINGCOMPUTER.COM
8 Apr[webapps] FortiWeb 8.0.2 - Remote Code ExecutionFortiWeb 8.0.2 - Remote Code ExecutionEXPLOIT-DB.COM
8 AprRisky Business #832 -- Anthropic unveils magical 0day computer GodOn this week’s show, Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover: Anthropic’s new Mythos model hunts bugs and chains exploits together so well that… you cant have it… …Unless you’re one of their Project Glasswing partners The worl…RISKY.BIZ
7 AprNorth Korea's $285M Crypto Heist, China Breaches FBI System, Delve Faces New AllegationsHost David Shiple covers major cybersecurity news: investigators attribute a record $285 million April 1 hack of crypto platform Drift Protocol to North Korea, describing a three-week setup involving a fake "Carbon Vote Token," wash trading to inflate value, social engineering to…CYBERSECURITYTODAY.LIBSYN.COM
7 AprWindows Defender 0-Day Published Online, Giving Attackers Potential Full AccessA newly discovered zero-day vulnerability, dubbed “BlueHammer,” has been publicly disclosed. The flaw, which has been linked to Windows Defender, allows attackers to achieve Local Privilege Escalation (LPE) and potentially gain full administrative access to compromise…GBHACKERS.COM
7 AprMicrosoft Warns Storm-1175 Exploiting Web-Facing Vulnerabilities to Deploy Medusa RansomwareMicrosoft is warning that a fast‑moving threat actor it tracks as Storm‑1175 is aggressively exploiting vulnerabilities in internet‑exposed systems to deliver Medusa ransomware in days and sometimes in under 24 hours. Storm‑1175 is a financially motivated group known for high‑vel…GBHACKERS.COM
7 Apr172: SuperBoxWhat if there was a device which gave you endless movies and TV shows without ads? Ok great sign me up! In this episode we interview “D3ada55”, who found such a device, but as she gazed into it, she discovered it gazing back at her. Sponsors Support for this show comes from Threa…DARKNETDIARIES.COM
7 AprThreat Actors Exploit LogMeIn Resolve, ScreenConnect in Phishing CampaignsThreat actors are abusing legitimate remote monitoring and management (RMM) tools LogMeIn Resolve and ScreenConnect in a multi‑stage phishing campaign that blends social engineering, living‑off‑the‑land techniques, and stealthy information‑stealing malware. Sophos’ Managed Detect…GBHACKERS.COM
7 AprChina-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa RansomwareA China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero-day and N-day vulnerabilities to orchestrate "high-velocity" attacks and break into susceptible internet-facing systems. "The threat actor's hi…THEHACKERNEWS.COM
7 AprLife imprisonment for Cambodian scam compound operators – but will it make a difference?Cambodia has taken a dramatic step in its fight against scam compounds that have imprisoned innocent people, and forced them to work as virtual slaves defrauding victims via the internet around the world with romance scams and dodgy investment schemes. Read more in my article on …BITDEFENDER.COM
7 AprThe rise of proactive cyber: Why defense is no longer enoughFor more than two decades, cybersecurity has been built on a reactive model: detect intrusions, patch vulnerabilities, respond to incidents, and repeat. That model is now under sustained pressure from a threat environment that is faster, more coordinated, and increasingly automat…CSOONLINE.COM
7 AprThe noisy tenants: Engineering fairness in multi-tenant SIEM solutionsI recently had the opportunity to review five popular SIEM solutions as part of a judging panel for a Security award. While each platform had its own unique flair, their core promises were remarkably consistent: 24/7/365 SOC monitoring: Round-the-clock coverage backed by global e…CSOONLINE.COM
7 AprAppSec News Roundup on Claude Code Leak, Axios NPM Compromise, Secure Design - ASW #377Security problems aren't changing very much even though security teams are. We catch up on the implications of the Claude Code source leak, the very human lessons from the axios NPM compromise, and what secure design looks like when it involves agents, humans, or both. AppSec has…YOUTUBE.COM
7 AprCritical Android Flaw Allows Zero-Interaction Denial-of-Service AttacksGoogle has rolled out its April 2026 Android Security Bulletin, addressing multiple vulnerabilities across the mobile operating system. The most alarming discovery this month is a critical security flaw in the Android Framework that allows attackers to trigger a local denial-of-s…GBHACKERS.COM
7 AprHong Kong Police Can Force You to Reveal Your Encryption KeysAccording to a new law, the Hong Kong police can demand that you reveal the encryption keys protecting your computer, phone, hard drives, etc.—even if you are just transiting the airport. In a security alert dated March 26, the U.S. Consulate General said that, on March 23,…SCHNEIER.COM
7 AprNew GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-FlipsNew academic research has identified multiple RowHammer attacks against high-performance graphics processing units (GPUs) that could be exploited to escalate privileges and, in some cases, even take full control of a host. The efforts have been codenamed GPUBreach, GDDR…THEHACKERNEWS.COM
7 AprSupply chain security is now a board-level issue: Here’s what CSOs need to knowFor many years, supply chain security was viewed purely as a technical concern. However, with high-profile vulnerabilities and regulations, it is now a board-level issue that requires organizations to rethink how to build resiliency and insulate their operations. The changing reg…CSOONLINE.COM
7 AprDisgruntled researcher leaks “BlueHammer” Windows zero-day exploitsubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/disgruntled-researcher-leaks-bluehammer-windows-zero-day-exploit/SH.ITJUST.WORKS
7 AprMedusa Ransomware Fast to Exploit Vulnerabilities, Breached SystemsThe group is using zero-days, quickly weaponizes fresh bugs, and exfiltrates and encrypts data within days of initial access. The post Medusa Ransomware Fast to Exploit Vulnerabilities, Breached Systems appeared first on SecurityWeek .SECURITYWEEK.COM
7 AprHackers Exploit Next.js React2Shell Vulnerability, Breach 766 Hosts in 24 HoursHackers are abusing a critical React2Shell vulnerability in Next.js applications to run an automated credential‑theft operation that has already compromised at least 766 servers in under 24 hours. The threat activity is tracked as “UAT‑10608”. It relies on a custom framework dubb…GBHACKERS.COM
7 AprMicrosoft says Medusa-linked Storm-1175 is speeding ransomware attacksMicrosoft has warned that Storm-1175, a cybercrime group linked to Medusa ransomware, is exploiting vulnerable web-facing systems in fast-moving attacks, at times moving from initial access to data theft and ransomware deployment within 24 hours. The company said the group has he…CSOONLINE.COM
7 AprFake Gemini npm Package Steals AI Tool TokensHackers are abusing a fake Gemini-themed npm package to steal tokens and secrets from developers using AI coding tools like Claude, Cursor, Windsurf, PearAI, and others. The README text was copied from the unrelated chai-await-async library, a mismatch that should have been a red…GBHACKERS.COM
7 AprGPUBreach Attack Could Lead to Full System Takeover and Root Shell AccessA newly discovered vulnerability dubbed “GPUBreach” demonstrates that GPU-based Rowhammer attacks can now achieve complete system compromise. Scheduled for presentation at the IEEE Symposium on Security & Privacy in 2026, University of Toronto researchers revealed…GBHACKERS.COM
7 Apr[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise RiskIn the rapid evolution of the 2026 threat landscape, a frustrating paradox has emerged for CISOs and security leaders: Identity programs are maturing, yet the risk is actually increasing. According to new research from the Ponemon Institute, hundreds of a…THEHACKERNEWS.COM
7 AprZero‑click Grafana AI attack can enable enterprise data exfiltrationIndirect prompt injection is possible on AI-powered dashboards, allowing exfiltration of sensitive enterprise data without user authentication. Security researchers are warning about a critical Grafana issue, dubbed GrafanaGhost, that allows attackers to leak sensitive data from …CSOONLINE.COM
7 AprCampaign Mode: Because Your SOC Team Has a LifeIn the world of cybersecurity, busy is an understatement. SOC teams are often drowning in a sea of repetitive alerts. Looking at the same threat or graymail spread across 50 pages of logs isn't just tedious, it’s a drain on your most valuable resource: time.KNOWBE4.COM
7 AprWindmill Developer Platform Flaws Expose Users to RCE Attacks, Proof-of-Concept PublishedCybersecurity researchers have discovered critical vulnerabilities in the Windmill developer platform and Nextcloud Flow, an integration embedding the Windmill engine. These severe flaws allow remote attackers to take full control of affected systems without requiring any passwor…GBHACKERS.COM
7 AprOver 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet CampaignAn active campaign has been observed targeting internet-exposed instances running ComfyUI, a popular stable diffusion platform, to enlist them into a cryptocurrency mining and proxy botnet. "A purpose-built Python scanner continuously sweeps major cloud IP ranges for vulnera…THEHACKERNEWS.COM
7 AprCUPS Vulnerabilities Could Allow Remote Attackers to Achieve Root-Level Code ExecutionA team of AI-driven vulnerability hunting agents directed by security researcher Asim Viladi Oglu Manizada has discovered two critical security flaws in CUPS, the standard printing system for Linux and Unix-like operating systems. When chained together, these vulnerabilities allo…GBHACKERS.COM
7 AprGrafanaGhost: Attackers Can Abuse Grafana to Leak Enterprise DataBy targeting Grafana’s AI components, attackers can point to external resources and inject indirect prompts to bypass safeguards. The post GrafanaGhost: Attackers Can Abuse Grafana to Leak Enterprise Data appeared first on SecurityWeek .SECURITYWEEK.COM
7 AprTrump administration plans to cut cybersecurity agency’s budget by $700 millionThe budget proposal would force CISA to operate with a significantly lower budget than previous years, citing the government's claims that the election misinformation programs were used to "target the President."TECHCRUNCH.COM
7 AprWhy Your Automated Pentesting Tool Just Hit a WallAutomated pentesting tools deliver strong early results, then quickly plateau. Picus Security explains how the "PoC cliff" leaves major attack surfaces untested and creates a dangerous validation gap. [...]BLEEPINGCOMPUTER.COM
7 AprSevere StrongBox Vulnerability Patched in AndroidA critical DoS vulnerability in the Framework component of Android has also been fixed with the latest update. The post Severe StrongBox Vulnerability Patched in Android appeared first on SecurityWeek .SECURITYWEEK.COM
7 AprOne Click Took Down the Supply ChainA widely used NPM package was compromised after a maintainer was socially engineered into installing malware on their development machine. Attackers then introduced a malicious dependency, impacting downstream users. Modern supply chain attacks don’t require breaking systems—they…YOUTUBE.COM
7 AprCritical Flowise Vulnerability in Attacker CrosshairsThe improper validation of user-supplied JavaScript code allows attackers to execute arbitrary code and access the file system. The post Critical Flowise Vulnerability in Attacker Crosshairs appeared first on SecurityWeek .SECURITYWEEK.COM
7 AprAuthorities disrupt router DNS hijacks used to steal Microsoft 365 loginsAn international operation from law enforcement authorities in partnership with private companies has disrupted FrostArmada, an APT28 campaign hijacking local traffic from MikroTik and TP-Link routers to steal Microsoft account credentials. [...]BLEEPINGCOMPUTER.COM
7 AprMilking the last drop of Intego - Time for Windows to get its LPEExploitation of an arbitrary directory deletion via symlink following in the antivirus Intego.QUARKSLAB.COM
7 AprRussian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking CampaignThe Russia-linked threat actor known as APT28 (aka Forest Blizzard) has been linked to a new campaign that has compromised insecure MikroTik and TP-Link routers and modified their settings to turn them into malicious infrastructure under their control as part of a cyber espi…THEHACKERNEWS.COM
7 AprA Little Bit Pivoting: What Web Shells are Attackers Looking for?, (Tue, Apr 7th)Webshells remain a popular method for attackers to maintain persistence on a compromised web server. Many "arbitrary file write" and "remote code execution" vulnerabilities are used to drop small files on systems for later execution of additional payloads. The names of these file…ISC.SANS.EDU
7 Apr5 steps to strengthen supply chain security and improve cyber resilienceSupply chain attacks have rapidly become one of the most damaging and difficult threats facing IT and security teams. When an adversary compromises a trusted vendor, software component, cloud service, or MSP tool, they bypass traditional defenses and enter through the front door.…CSOONLINE.COM
7 Apr5 ways to strengthen identity security and improve attack resilienceIdentity compromise has become one of the most effective ways for attackers to infiltrate business systems. Firewalls, endpoint protection, and monitoring tools mean little once an attacker logs in using valid credentials. For MSPs and corporate IT teams, strengthening identity s…CSOONLINE.COM
7 Apr KEV5 practical steps to strengthen attack resilience with attack surface managementEvery asset you manage expands your attack surface. Internet‑facing applications, cloud workloads, credentials, endpoints, and third‑party integrations all represent potential entry points for attackers. As environments grow more distributed, that exposure expands faster than mos…CSOONLINE.COM
7 AprAI Found and Exploited Bugs AutomaticallyResearchers using Claude and other Anthropic models have shown AI can find bugs in popular software like Vim and Emacs—and automatically generate exploits. This isn’t just bug hunting. It’s a new level of risk where AI can turn theoretical vulnerabilities into actionable exploits…YOUTUBE.COM
7 AprMultiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code ExecutionMultiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large…CISECURITY.ORG
7 AprHackers exploit critical flaw in Ninja Forms WordPress pluginA critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows uploading arbitrary files without authentication, which can lead to remote code execution. [...]BLEEPINGCOMPUTER.COM
7 AprWhat Anthropic Glasswing reveals about the future of vulnerability discoveryAI giant Anthropic has unveiled Project Glasswing , a cybersecurity initiative built around Claude Mythos Preview, a model it describes as “cybersecurity in the age of AI” that can autonomously identify software vulnerabilities at scale. Rather than release the model publicly, An…CSOONLINE.COM
7 AprWhat we learned about TEE security from auditing WhatsApp's Private InferenceWhatsApp’s new “Private Inference” feature represents one of the most ambitious attempts to combine end-to-end encryption with AI-powered capabilities, such as message summarization. To make this possible, Meta built a system that processes encrypted user messages inside trusted …TRAILOFBITS.COM
7 AprClickFix Meets AI: A Multi-Platform Attack Targeting macOS in the WildFor years, macOS environments carried an aura of relative safety. Not immunity, but lower priority in the threat landscape. That perception has aged about as well as an unpatched server. The reality in 2026 is very different. Apple devices now make up a …ANY.RUN
6 AprGermany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrabAn elusive hacker who went by the handle "UNKN" and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry out at least 130 acts…KREBSONSECURITY.COM
6 Apr36 Malicious Strapi npm Packages Deliver Redis RCE, Persistent C2 MalwareA coordinated supply chain attack has been uncovered involving 36 malicious npm packages masquerading as Strapi CMS plugins, delivering a range of payloads including Redis remote code execution (RCE), credential harvesting, and persistent command-and-control (C2) malware. The cam…GBHACKERS.COM
6 AprGoogle DeepMind Flags New Threat as Malicious Web Content Puts AI Agents at RiskAs artificial intelligence evolves from simple chatbots to autonomous agents that actively browse the web, a new cybersecurity threat has emerged. Researchers at Google DeepMind have identified a critical vulnerability they call “AI Agent Traps.” These are adversarial…GBHACKERS.COM
6 AprHackers Breach ILSpy WordPress Domain to Deliver MalwareThe official WordPress website for ILSpy, a highly popular open-source tool used by software developers to examine .NET code, has been compromised. Hackers successfully breached the site to redirect visitors and deliver malware, turning a trusted developer resource into a dangero…GBHACKERS.COM
6 AprApache Traffic Server Flaw Allowed Attackers to Trigger Denial-of-Service AttacksThe Apache Software Foundation has released critical security updates to address two vulnerabilities in Apache Traffic Server (ATS). Disclosed on April 2, 2026, these flaws could allow remote threat actors to trigger denial-of-service (DoS) conditions or execute HTTP request smug…GBHACKERS.COM
6 AprHow often are redirects used in phishing in 2026?, (Mon, Apr 6th)In one of his recent diaries, Johannes discussed how open redirects are actively being sought out by threat actors[ 1 ], which made me wonder about how commonly these mechanisms are actually misused…
ISC.SANS.EDU
6 AprEscaping the COTS trapOver the years, enterprise cybersecurity environments have accumulated staggering numbers of commercial tools. Industry research converges on a consistent picture of tool proliferation that drives complexity, cost, and risk. The global cybersecurity market is valued at approximat…CSOONLINE.COM
6 AprBattling payment fraud with tokenization and executive interviews from RSAC 2026 - ESW #453Interview with Brian Oh from FIS Global Merchant-Specific Tokenization: Making Embedded Finance More Fraud-Resistant Payment fraud has not gone away. It has evolved into a largely social engineering-driven problem that increasingly lands on security leaders’ desks. In this episod…YOUTUBE.COM
6 AprFortinet Rushes Emergency Fixes for Exploited Zero-DayThe improper access control bug in FortiClient EMS allows unauthenticated attackers to execute arbitrary code remotely. The post Fortinet Rushes Emergency Fixes for Exploited Zero-Day appeared first on SecurityWeek .SECURITYWEEK.COM
6 AprGoogle’s Bug Bounty Program Hits Record $17 Million in 2025 PayoutsGoogle has announced a record-breaking year for its Vulnerability Reward Program (VRP). In 2025, the tech giant paid out more than $17 million to ethical hackers worldwide to help secure its platforms. This major milestone marks a massive 40% increase compared to 2024 and perfect…GBHACKERS.COM
6 AprAuthentication is broken: Here’s how security leaders can actually fix itAuthentication keeps breaking where it matters most: On regulated front lines such as healthcare, government, aerospace and travel. The core issue is not a lack of innovation. Instead, it is a brittle and fragmented ecosystem of cards, readers, middleware and software that rarely…CSOONLINE.COM
6 AprCritical Claude Code Flaw Silently Bypasses User-Configured Security RulesAnthropic’s flagship AI coding agent, Claude Code, was recently discovered to contain a critical security flaw that silently bypasses developer-configured safety rules. The vulnerability allows attackers to execute blocked commands, such as data exfiltration scripts, by sim…GBHACKERS.COM
6 AprNorth Korea’s Modular Malware Strategy Hides Attribution, Defies TakedownsNorth Korea’s cyber program is shifting from monolithic “families” to a modular, portfolio-style malware ecosystem designed to survive exposure, frustrate attribution, and keep operations running under constant pressure. Years of sanctions, coordinated law-enforcement pressure, a…GBHACKERS.COM
6 AprNorth Korean hackers abuse LNKs and GitHub repos in ongoing campaignDPRK-linked threat actors are preferring stealth over sophistication in their targeting of South Korean organizations, as researchers report use of weaponized Windows shortcut ( .LNK ) files and GitHub-based command-and-control (C2) channels in a new campaign. According to new Fo…CSOONLINE.COM
6 AprHackers exploit React2Shell in automated credential theft campaignsubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/hackers-exploit-react2shell-in-automated-credential-theft-campaign/SH.ITJUST.WORKS
6 AprA Vulnerability in Fortinet FortiClientEMS Could Allow for Arbitrary Code Executionsubmitted by kid to cybersecurity 1 points | 0 comments https://www.cisecurity.org/advisory/a-vulnerability-in-fortinet-forticlientemscould-allow-for-arbitrary-code-execution_2026-031SH.ITJUST.WORKS
6 AprYour KnowBe4 Fresh Compliance Plus Content Updates | March 2026John N Just, Ed.D. - Chief Learning Officer Evolving Standards for Digital and Workplace Compliance It is a common misconception that digital accessibility and AI safety are niche concerns for specialized teams, but they are actually core operational requirements for every employ…KNOWBE4.COM
6 AprGoogle Brings Lazy Loading to Media Files in New Chrome ReleaseGoogle has announced a significant update for its Chrome browser, extending native lazy loading capabilities to audio and video elements. This highly anticipated feature aims to improve web performance, drastically save bandwidth, and offer subtle security benefits by controlling…GBHACKERS.COM
6 Apr⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and MoreThis week had real hits. The key software got tampered with. Active bugs showed up in the tools people use every day. Some attacks didn’t even need much effort because the path was already there. One weak spot now spreads wider than before. What star…THEHACKERNEWS.COM
6 AprGoogle DeepMind Researchers Map Web Attacks Against AI AgentsMalicious web content can be used to manipulate, deceive, and exploit autonomous AI agents navigating the internet, Google DeepMind researchers show. The researchers have identified six types of attacks against AI agents that can be mounted via web content to inject malicious con…SECURITYWEEK.COM
6 Apr KEVCISA orders feds to patch Fortinet flaw exploited in attacks by FridayThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to secure FortiClient Enterprise Management Server (EMS) instances against an actively exploited vulnerability by Friday. [...]BLEEPINGCOMPUTER.COM
6 AprNorth Korea’s hijack of one of the web’s most used open source projects was likely weeks in the makingNorth Korean hackers pushed out malicious updates to a popular open source project by hacking a top developer's computer in a long-running campaign.TECHCRUNCH.COM
6 AprStorm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operationsThe financially motivated cybercriminal threat actor Storm-1175 operates high-velocity ransomware campaigns that weaponize recently disclosed vulnerabilities to obtain initial access, exfiltrate data, and deploy Medusa ransomware (Gaze.exe). The post Storm-1175 focuses gaze on vu…MICROSOFT.COM
6 AprMicrosoft links Medusa ransomware affiliate to zero-day attacksMicrosoft says that Storm-1175, a China-based financially motivated cybercriminal group known for deploying Medusa ransomware payloads, has been deploying n-day and zero-day exploits in high-velocity attacks. [...]BLEEPINGCOMPUTER.COM
6 AprNew Mexico’s Meta Ruling and EncryptionMike Masnick points out that the recent New Mexico court ruling against Meta has some bad implications for end-to-end encryption, and security in general: If the “design choices create liability” framework seems worrying in the abstract, the New Mexico case provides a…SCHNEIER.COM
6 AprDisgruntled researcher leaks “BlueHammer” Windows zero-day exploitExploit code has been released for an unpatched Windows privilege escalation flaw reported privately to Microsoft, allowing attackers to gain SYSTEM or elevated administrator permissions. [...]BLEEPINGCOMPUTER.COM
6 AprMicrosoft links Medusa ransomware affiliate to zero-day attackssubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/microsoft-links-medusa-ransomware-affiliate-to-zero-day-attacks/SH.ITJUST.WORKS
6 Apr[local] Desktop Window Manager Core Library 10.0.10240.0 - Privilege EscalationDesktop Window Manager Core Library 10.0.10240.0 - Privilege EscalationEXPLOIT-DB.COM
6 Apr[webapps] WBCE CMS 1.6.4 - Remote Code ExecutionWBCE CMS 1.6.4 - Remote Code ExecutionEXPLOIT-DB.COM
6 Apr[webapps] RiteCMS 3.1.0 - Authenticated Remote Code ExecutionRiteCMS 3.1.0 - Authenticated Remote Code ExecutionEXPLOIT-DB.COM
5 Apr36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent ImplantsCybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL exploitation, deploy reverse shells, harvest credentials, and drop a persistent im…THEHACKERNEWS.COM
5 Apr KEVNew FortiClient EMS flaw exploited in attacks, emergency patch releasedFortinet has released an emergency weekend security update for a new critical FortiClient Enterprise Management Server (EMS) vulnerability that is actively exploited in attacks. [...]BLEEPINGCOMPUTER.COM
5 Apr KEVNew FortiClient EMS flaw exploited in attacks, emergency patch releasedFortinet has released an emergency weekend security update for a new critical FortiClient Enterprise Management Server (EMS) vulnerability that is actively exploited in attacks. [...]BLEEPINGCOMPUTER.COM
4 AprSongTrivia2 - 291,739 breached accountsIn April 2026, the music trivia platform SongTrivia2 suffered a data breach that was subsequently published to a public hacking forum . The data contained a total of 291k unique email addresses sourced from either Google OAuth logins or accounts created on the site, the latter al…HAVEIBEENPWNED.COM
4 AprLinkedIn Hidden Code Secretly Scans Users’ Computers for Installed SoftwareA new investigation by Fairlinked e.V. claims that Microsoft-owned LinkedIn is running a massive, undisclosed corporate surveillance operation. According to the “BrowserGate” report, hidden code on LinkedIn’s website secretly scans the computers of its one billi…GBHACKERS.COM
4 AprTop 10 Best Identity And Access Management (IAM) Companies 2026In the rapidly evolving digital landscape of 2026, Identity and Access Management (IAM) has transcended its traditional role to become the foundational pillar of enterprise security. As organizations navigate the complexities of multi-cloud environments, remote workforces, burgeo…GBHACKERS.COM
4 AprA Vulnerability in Fortinet FortiClientEMS Could Allow for Arbitrary Code ExecutionA Vulnerability has been discovered in Fortinet FortiClientEMS that could allow for arbitrary code execution. FortiClientEMS is a centralized management platform for deploying, configuring, monitoring, and enforcing security policies across numerous endpoints (computers) running …CISECURITY.ORG
4 AprHow Attackers Bypass MFA TodayAttackers are exploiting authentication flows and APIs to capture MFA data, register their own devices, and take over accounts—sometimes using techniques like device code flow abuse. This shifts MFA from a strong defense into a potential attack surface. With organized tools and s…YOUTUBE.COM
3 AprCloudflare’s new CMS is not a WordPress killer, it’s a WordPress alternativeCloudflare on Wednesday rolled out EmDash, which it described as “the spiritual successor to WordPress.” The security vendor positioned EmDash as a far more secure site building tool that avoids the extensive cybersecurity problems with WordPress plugins . But the Cloudflare clai…CSOONLINE.COM
3 AprMicrosoft now force upgrades unmanaged Windows 11 24H2 PCsStarting this week, Microsoft has begun force-upgrading unmanaged devices running Windows 11 24H2 Home and Pro editions to Windows 11 25H2. [...]BLEEPINGCOMPUTER.COM
3 Apr12 cyber industry trends revealed at RSAC 2026The 2026 RSA circus is over. The tents are packed and the elephants have been loaded onto the train. Nevertheless, it was an eventful week. There were fleets of vehicles — Escalades, Rivians, trucks but curiously, no Teslas — strewn with vendor names and tag lines, and you couldn…CSOONLINE.COM
3 AprTrusted Platforms Exploited to Steal Philippine Banking CredentialsHackers are increasingly exploiting trusted online platforms to launch sophisticated phishing campaigns targeting bank users in the Philippines. Despite ongoing improvements in email security, phishing remains one of the most effective attack methods due to its scalability and ea…GBHACKERS.COM
3 AprNigerian romance scammer jailed after being caught out by fellow fraudsterA Nigerian fraudster spent years posing as a woman online, romancing unsuspecting American men out of their savings - until he accidentally tried the same trick on a fellow scammer, who told him to "learn how to do a clean job." The recovered chat logs helped put him behind bars …BITDEFENDER.COM
3 AprAxios npm compromise traced to targeted social engineering attackThe recent compromise of the widely used Axios npm package has been confirmed as the result of a targeted social engineering attack. The incident, which briefly exposed developers to malicious code, highlights growing risks within the open-source software supply chain. On March 3…GBHACKERS.COM
3 AprReact2Shell Exploited in Large-Scale Credential Harvesting CampaignUsing automated scanning and the Nexus Listener collection framework, the hackers compromised over 750 systems. The post React2Shell Exploited in Large-Scale Credential Harvesting Campaign appeared first on SecurityWeek .SECURITYWEEK.COM
3 AprMobile Attack Surface Expands as Enterprises Lose ControlShadow AI embedded in everyday apps, combined with outdated mobile devices and zero-click exploits, is creating a new and largely unseen mobile risk. The post Mobile Attack Surface Expands as Enterprises Lose Control appeared first on SecurityWeek .SECURITYWEEK.COM
3 AprCritical ShareFile Flaws Lead to Unauthenticated RCEThe vulnerabilities can be chained together to bypass authentication and upload arbitrary files to the server. The post Critical ShareFile Flaws Lead to Unauthenticated RCE appeared first on SecurityWeek .SECURITYWEEK.COM
3 AprMicrosoft Forces Unmanaged Windows 11 Devices to Upgrade to Version 24H2Microsoft has officially initiated an automated, machine-learning-based rollout for Windows 11, version 25H2, targeting unmanaged systems. As part of its ongoing efforts to keep devices secure, similar to routine patch deployments that address critical system vulnerabilities, the…GBHACKERS.COM
3 AprIn Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by RansomwareOther noteworthy stories that might have slipped under the radar: Symantec vulnerability, anti-ClickFix mechanism added to macOS, FBI hack classified as major incident. The post In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware appeared first on …SECURITYWEEK.COM
3 AprWeaponizing Trust Signals: Claude Code Lures and GitHub Release PayloadsA packaging error in Anthropic’s Claude Code npm release briefly exposed internal source code. This entry examines how threat actors rapidly weaponized the resulting attention, pivoting an existing AI-themed campaign to spread Vidar and GhostSocks.TRENDMICRO.COM
3 AprTrueConf Zero-Day Exploited in Asian Government AttacksA Chinese threat actor exploited the video conferencing platform to perform reconnaissance, escalate privileges, and execute additional payloads. The post TrueConf Zero-Day Exploited in Asian Government Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
3 AprWarning: Phishing Attacks Are Exploiting the War in IranCriminal threat actors are taking advantage of the fear and uncertainty surrounding the conflict in the Middle East, according to researchers at Bitdefender. The researchers observed a 130% spike in phishing emails targeting Gulf countries following the first US-Israeli strikes o…KNOWBE4.COM
3 AprWhen Vendors Skip Linux SupportHardware and software vendors often choose not to support Linux, despite its widespread use. While Linux fragmentation (distros, kernels, libraries) makes support harder, the decision not to support it shifts risk onto users. This can lead to insecure workarounds, unsupported dev…YOUTUBE.COM
3 AprYour KnowBe4 Fresh Content Updates from March 2026John N Just, Ed.D. - Chief Learning Officer IT & Technical Staff Need More Training, Not Less There is a common misconception that IT and technical staff "know about security awareness" and that they should should simply take the same training that all other employees take.&n…KNOWBE4.COM
3 AprManaging open-source vulnerabilities | Kaspersky official blogHow to enrich data, fine-tune AI-powered systems, and update corporate policies to mitigate open-source supply chain risks.KASPERSKY.COM
3 AprClaude Code is still vulnerable to an attack Anthropic has already fixedThe leak of Claude Code’s source is already having consequences for the tool’s security . Researchers have spotted a vulnerability documented in the code. The vulnerability, revealed by AI security company Adversa , is that if Claude Code is presented with a command composed of m…CSOONLINE.COM
3 AprMicrosoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux ServersThreat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and to achieve remote code execution, according to findings from the Microsoft Defender Security Research Team. "Instead of exposing command execution throug…THEHACKERNEWS.COM
3 AprInternet Bug Bounty program hits pause on payoutsResearchers who identify and report bugs in open-source software will no longer be rewarded by the Internet Bug Bounty team. HackerOne, which administers the program, has said that it is “pausing submissions” while it contemplates ways in which open source security can be handled…CSOONLINE.COM
3 AprThe developer credential economy: Why exposure data is the new front line in the supply chain warRecent supply chain attacks have highlighted an urgent need for organizations to shift from a reactive security posture to a preemptive exposure management strategy. Learn why endpoint detection and response tools don’t have you covered when highly privileged developer credential…TENABLE.COM
3 AprSimplifying MBA obfuscation with CoBRAMixed Boolean-Arithmetic (MBA) obfuscation disguises simple operations like x + y behind tangles of arithmetic and bitwise operators. Malware authors and software protectors rely on it because no standard simplification technique covers both domains simultaneously; algebraic simp…TRAILOFBITS.COM
2 AprAfterPack: Claude Code's Source Didn't Leak. It Was Already Public for Years.submitted by artwork to security 2 points | 0 comments cross-posted from: lemmy.world/post/45050923 The internet is on fire over Claude Code’s (NPM CLI to be precise) “leaked” source. 512,000 lines! Feature flags! System prompts! Unreleased features! VentureBeat, Fortune, Gizmodo…PROGRAMMING.DEV
2 AprApple Expands iOS 18.7.7 Update to More Devices to Block DarkSword ExploitApple on Wednesday expanded the availability of iOS 18.7.7 and iPadOS 18.7.7 to a broader range of devices to protect users from the risk posed by a recently disclosed exploit kit known as DarkSword. "We enabled the availability of iOS 18.7.7 for mor…THEHACKERNEWS.COM
2 AprOver 14,000 F5 BIG-IP APM instances still exposed to RCE attacksInternet security watchdog Shadowserver has found over 14,000 BIG-IP APM instances exposed online amid ongoing attacks exploiting a critical-severity remote code execution (RCE) vulnerability. [...]BLEEPINGCOMPUTER.COM
2 AprApple Releases iOS 18.7.7 Update to Defend Against DarkSword ExploitApple has officially expanded the rollout of iOS 18.7.7 and iPadOS 18.7.7 to defend users against a critical web-based threat known as the DarkSword exploit. Originally released on March 24, 2026, Apple aggressively pushed the update to more devices via Automatic Updates on April…GBHACKERS.COM
2 AprNoVoice on Google Play Exploits 22 Flaws to Hit Millions of Android UsersNoVoice is a new Android rootkit campaign that hid in more than 50 apps on Google Play, exploiting 22 vulnerabilities to hijack millions of older and unpatched Android devices and even clone WhatsApp sessions. The apps posed as everyday utilities such as cleaners, casual games, a…GBHACKERS.COM
2 AprPossible US Government iPhone Hacking Tool LeakedWired writes (alternate source ): Security researchers at Google on Tuesday released a report describing what they’re calling “Coruna,” a highly sophisticated iPhone hacking toolkit that includes five complete hacking techniques capable of bypassing all the defe…SCHNEIER.COM
2 AprHackers exploit TrueConf zero-day to push malicious software updatessubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/hackers-exploit-trueconf-zero-day-to-push-malicious-software-updates/SH.ITJUST.WORKS
2 AprThe State of Trusted Open Source ReportIn December 2025, we shared the first-ever The State of Trusted Open Source report, featuring insights from our product data and customer base on open source consumption across our catalog of container image projects, versions, images, language libraries, and builds. Th…THEHACKERNEWS.COM
2 AprCisco Patches Critical and High-Severity VulnerabilitiesThe bugs could lead to authentication bypass, remote code execution, information disclosure, and privilege escalation. The post Cisco Patches Critical and High-Severity Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
2 AprEvilTokens abuses Microsoft device code flow for account takeoversA new phishing-as-a-service (PhaaS) campaign is abusing Microsoft’s device code authentication flow to gain unauthorized access to user accounts. Sekoia researchers first spotted the toolkit “EvilTokens” that lets attackers capture authentication tokens by tricking users into com…CSOONLINE.COM
2 AprAkira-Style Ransomware Campaign Hits Windows Users Across South AmericaA newly identified ransomware campaign is targeting Windows users across South America, leveraging tactics that closely mimic the notorious Akira ransomware group. According to ESET’s findings, the threat actors behind this campaign are attempting to exploit Akira’s reputation by…GBHACKERS.COM
2 AprMatrix Protocol Surveillance and Forensic Analysis Suitesubmitted by Nikolas5476 to cybersecurity 5 points | 0 comments Source code and details: github.com/nikolas-trey/Prometheus What Project Does: Prometheus is a forensic intelligence toolkit for the Matrix federation. Given one or more target MXIDs, it reconstructs who invited them…SH.ITJUST.WORKS
2 AprNew Progress ShareFile flaws can be chained in pre-auth RCE attacksTwo vulnerabilities in Progress ShareFile, an enterprise-grade secure file transfer solution, can be chained to enable unauthenticated file exfiltration from affected environments. [...]BLEEPINGCOMPUTER.COM
2 AprAdversaries Exploit Vacant Homes to Intercept Mail in Hybrid CybercrimeThreat actors are exploiting vacant homes as "drop addresses" to intercept mail and enable fraud. Flare shows how postal services and fake identities are abused to turn mail into a fraud vector. [...]BLEEPINGCOMPUTER.COM
2 AprICE says it bought Paragon’s spyware to use in drug trafficking casesThe acting director of U.S. Immigration and Customs Enforcement told lawmakers that the use of Paragon spyware is necessary to counter terrorists’ “thriving exploitation of encrypted communications platforms.”TECHCRUNCH.COM
2 AprApple Rolls Out DarkSword Exploit Protection to More DevicesThe DarkSword exploit kit has been used by both state-sponsored hackers and commercial spyware vendors. The post Apple Rolls Out DarkSword Exploit Protection to More Devices appeared first on SecurityWeek .SECURITYWEEK.COM
2 AprUS Bans All Foreign-Made Consumer RoutersThis is for new routers ; you don’t have to throw away your existing ones: The Executive Branch determination noted that foreign-produced routers (1) introduce “a supply chain vulnerability that could disrupt the U.S. economy, critical infrastructure, and national def…SCHNEIER.COM
2 AprCritical Vulnerability in Claude Code Emerges Days After Source LeakWithin days of each other, Anthropic first leaked the source code to Claude Code, and then a critical vulnerability was found by Adversa AI. The post Critical Vulnerability in Claude Code Emerges Days After Source Leak appeared first on SecurityWeek .SECURITYWEEK.COM
2 AprGoogle Workspace’s continuous approach to mitigating indirect prompt injectionsPosted by Adam Gavish, Google GenAI Security Team Indirect prompt injection (IPI) is an evolving threat vector targeting users of complex AI applications with multiple data sources, such as Workspace with Gemini. This technique enables the attacker to influence the behavior of an…SECURITY.GOOGLEBLOG.COM
2 AprClaude Code leak used to push infostealer malware on GitHubThreat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar information-stealing malware. [...]BLEEPINGCOMPUTER.COM
2 AprRisks, emerging when developing or using open-source softwareHow the popularization of AI and the simplification of development are creating new risks for corporate security.KASPERSKY.COM
2 AprWhat Is A Router? (And all things AI) - PSW #920In the Security News: - Claude leaks source code and new models - Two really smart people say AI is finding vulnerabilities better than ever - Windows is using your internet to send updates to strangers - BIG-IP APM vulnerability - all you need to know - Linux KVM for the win - T…YOUTUBE.COM
2 AprAI Configures Vulnerabilities for YouAI tools like Claude can guide users through configuring complex systems and even help enable vulnerable features for testing. This dramatically lowers the expertise required to build realistic vulnerability labs across platforms like F5, Citrix, and Fortinet. But the same capabi…YOUTUBE.COM
2 AprMultiple Vulnerabilities in Progress ShareFile Could Allow for Remote Code ExecutionMultiple vulnerabilities have been discovered in Progress ShareFile, which when chained together, could allow for remote code execution. Progress ShareFile is a secure, cloud-based content collaboration and file-sharing platform. It enables businesses to securely exchange documen…CISECURITY.ORG
2 AprMultiple Vulnerabilities in Cisco Products Could Allow for Arbitrary Code ExecutionMultiple vulnerabilities have been discovered in Cisco products, the most severe of which could allow for arbitrary code execution. Cisco Smart Software Manager On‑Prem is a centralized Cisco tool used by organizations to manage software licenses, entitlements, and compliance for…CISECURITY.ORG
2 AprSightHouse: Automated function identificationIn this blog post we present SightHouse, an open-source tool designed to assist reverse engineers by retrieving information and metadata from programs and identifying similar functions already known from other libraries, binaries or any other source codes that can be found online…QUARKSLAB.COM
2 AprApple expands “DarkSword” patches to iOS 18.7.7Apple has quietly expanded patches against the vulnerabilities in the DarkSword exploit kit to include iOS and iPadOS 18.7.7MALWAREBYTES.COM
1 AprMercor says it was hit by cyberattack tied to compromise of open-source LiteLLM projectThe AI recruiting startup confirmed a security incident after an extortion hacking crew took credit for stealing data from the company's systems.TECHCRUNCH.COM
1 AprAnthropic employee error exposes Claude Code sourceAn Anthropic employee accidentally exposed the entire proprietary source code for its AI programming tool, Claude Code, by including a source map file in a version of the tool posted on Anthropic’s open npm registry account, a risky mistake, says an AI expert. “A compromised sour…CSOONLINE.COM
1 AprGoogle Cloud’s Vertex AI Hit by Vulnerability Enabling Sensitive Data AccessArtificial intelligence agents are transforming enterprise workflows, but they also introduce dangerous new attack vectors. Security researchers from Palo Alto Networks’ Unit 42 recently uncovered a significant vulnerability in Google Cloud Platform’s (GCP) Vertex AI Agent Engine…GBHACKERS.COM
1 AprClaude Code Source Leaked via npm Packaging Error, Anthropic ConfirmsAnthropic on Tuesday confirmed that internal code for its popular artificial intelligence (AI) coding assistant, Claude Code, had been inadvertently released due to a human error. "No sensitive customer data or credentials were involved or exposed," an Anthropic spokesperson said…THEHACKERNEWS.COM
1 AprGoogle Addresses Vertex Security Issues After Researchers Weaponize AI AgentsPalo Alto Networks has disclosed the details of its analysis of Google Cloud Platform’s Vertex AI. The post Google Addresses Vertex Security Issues After Researchers Weaponize AI Agents appeared first on SecurityWeek .SECURITYWEEK.COM
1 Apr9 ways CISOs can combat AI hallucinationsAI hallucinations are a well-known problem and, when it comes to compliance assessments, these convincing but inaccurate assessments can cause real damage with poor risk assessments, incorrect policy guidance, or even inaccurate incident reports. Cybersecurity leaders say the rea…CSOONLINE.COM
1 AprSecurity awareness is not a control: Rethinking human risk in enterprise securityOrganizations have been responding to phishing, business email compromise, and credential theft in essentially the same manner for over ten years. They essentially follow a playbook that involves investing in awareness training, running phishing simulations, and requiring employe…CSOONLINE.COM
1 AprA Taxonomy of Cognitive SecurityLast week, I listened to a fascinating talk by K. Melton on cognitive security, cognitive hacking, and reality pentesting. The slides from the talk are here , but—even better—Menton has a long essay laying out the basic concepts and ideas. The whole thing is important…SCHNEIER.COM
1 AprGoogle fixes fourth Chrome zero-day exploited in attacks in 2026Google has fixed the fourth Chrome vulnerability exploited in zero-day attacks since the start of the year. [...]BLEEPINGCOMPUTER.COM
1 AprHackers Exploit Hotel Booking Systems to Send Fake Payment Requests to GuestsHackers are increasingly targeting hotel booking workflows to trick travelers into handing over payment details, using a technique that blends real reservation data with convincing social engineering. The message references real booking details such as the hotel name, stay dates,…GBHACKERS.COM
1 AprUnrelenting Threats Against Government and Education: Why Human Risk Is the Front LinePublic sector organizations are operating in a threat environment that is both relentless and increasingly personal. Federal agencies, state and local governments and educational institutions are prime targets for ransomware , phishing , business email compromise (BEC) and creden…KNOWBE4.COM
1 AprWhatsApp malware campaign uses malicious VBS files to gain persistent accessMicrosoft is warning WhatsApp users of a new malware campaign that tricks them into executing malicious Visual Basic Script (VBS) files, ultimately enabling persistence and remote access. In a March 31 report , Microsoft Defender Experts said attackers have been distributing mali…CSOONLINE.COM
1 AprCisco Faces Alleged Data Leak as ShinyHunters Claims ResponsibilityCisco is actively dealing with a major cybersecurity incident after threat actors breached its internal development networks. The notorious hacking group ShinyHunters has claimed responsibility for the attack, alleging they stole sensitive source code and data affecting Cisco, Sa…GBHACKERS.COM
1 AprMicrosoft Teams to Improve Privacy With EXIF Data Removal FeatureMicrosoft is rolling out a wave of privacy and security updates for Microsoft Teams, headlining with a critical new feature that automatically removes EXIF metadata from shared images. These upcoming changes are designed to protect user privacy by default, streamline biometric da…GBHACKERS.COM
1 AprVertex AI Vulnerability Exposes Google Cloud Data and Private Artifactssubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2026/03/vertex-ai-vulnerability-exposes-google.htmlSH.ITJUST.WORKS
1 AprTeamPCP Explores Ways to Exploit Stolen Supply Chain Secrets - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/teampcp-exploit-stolen-supply/SH.ITJUST.WORKS
1 Apr KEVGoogle Warns of New Chrome Zero-Day Under Active Exploitation – Users Urged to Update ImmediatelyGoogle has released an urgent security update for its Chrome desktop browser to address 21 vulnerabilities, including a critical zero-day flaw that is actively being exploited in the wild. Users are strongly urged to update their browsers immediately to version 146.0.7680.177/.17…GBHACKERS.COM
1 AprUS Charges Uranium Crypto Exchange HackerJonathan Spalletta exploited smart contract vulnerabilities to steal approximately $55 million in cryptocurrency and cause Uranium to shut down. The post US Charges Uranium Crypto Exchange Hacker appeared first on SecurityWeek .SECURITYWEEK.COM
1 AprRoutine Access Is Powering Modern Intrusions, a New Threat Report FindsModern intrusions increasingly start with valid credentials and routine access, not exploits. Blackpoint Cyber's upcoming threat report shows how VPN abuse, RMM tools, and social engineering drive most incidents. [...]BLEEPINGCOMPUTER.COM
1 AprCERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million EmailsThe Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a new phishing campaign in which the cybersecurity agency itself was impersonated to distribute a remote administration tool known as AGEWHEEZE. As part of the attacks, the threat actors, tracked a…THEHACKERNEWS.COM
1 AprFireside Chat: AI agents are reshaping mobile attacks — and exposing weak API trust modelsSAN FRANCISCO — A new exposure is emerging in mobile security as AI begins to act on behalf of users — and attackers move to exploit that shift. Related: RSAC wrap-up—no easy fixes for AI exposures In a Fireside Chat … (more…) The post Fireside Chat: AI agents are reshaping…LASTWATCHDOG.COM
1 AprMultiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code ExecutionMultiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. De…CISECURITY.ORG
1 AprChronic Resource Constraints: Doing More With Less in Public Sector CybersecurityIf the public sector had unlimited cybersecurity budgets and fully staffed SOCs, today’s threat landscape would look very different. But that’s not reality.KNOWBE4.COM
1 AprHackers exploit TrueConf zero-day to push malicious software updatesHackers have targeted TrueConf conference servers in attacks that exploit a zero-day vulnerability, allowing them to execute arbitrary files on all connected endpoints. [...]BLEEPINGCOMPUTER.COM
1 AprRSA 2026: Agentic Future, Analog Fundamentals — The Paradox of Why the Old Guard Still SurvivesOK, RSA 2026 is over. If my record keeping is correct, I first attended RSA in 2006 . At that time, I was annoyed by … AI? XDR? NIDS? …. noooo… I was annoyed by NAC ( “As many other RSA observers agreed, under each tree you now see a NAC.” NAC rapidly arose from the “wormy” early…MEDIUM.COM
1 Apr KEVApple expands iOS 18 updates to more iPhones to block DarkSword attacksApple has now made it possible for more iPhones still running iOS 18 to receive security updates that protect against the actively exploited DarkSword exploit kit. [...]BLEEPINGCOMPUTER.COM
1 AprTrendAI Insight: New U.S. National Cyber StrategyTrendAI reviews the White House National Cyber Strategy, outlining six pillars to strengthen U.S. cybersecurity—from deterrence and regulation to federal modernization, critical infrastructure protection, AI leadership, and workforce development.TRENDMICRO.COM
1 Apr6 critical mistakes that undermine cyber resilience (and how to fix them)Silos are the enemy of business resilience. As IT leaders, we’ve all felt the pain: the backup administrator, SOC analyst, and endpoint engineer operating in separate worlds—often meeting for the first time in the chaos of a live cyberattack. The result? Delayed responses, missed…CSOONLINE.COM
1 Apr6 metrics IT leaders can’t afford to ignore for business resilienceIf you’re in IT, you know: what we don’t measure puts business resilience at risk. In the face of rising threat volumes, scaling complexity, and board-level scrutiny, tracking the right operational metrics isn’t just about visibility—it’s the foundation for proactive risk managem…CSOONLINE.COM
1 Apr5 critical steps to achieve business resilience in cybersecurityWhat does it really take to keep your organization running when attackers strike? The answer is business resilience—being able to detect, contain, and recover fast enough that disruptions are minimized, customers stay confident, and operations keep moving. From the latest 2026 St…CSOONLINE.COM
1 Apr7 ways to improve your business resilience with backup and recoveryWhen your network goes down, your business stops. That’s a stark truth we see confirmed daily in incident response—and N-able’s 2026 State of the SOC Report only underscores it. Backup isn’t just an IT routine anymore; it’s the backbone of your business resilience strategy. Yet, …CSOONLINE.COM
1 Apr5 Steps to break free from alert fatigue and build resilient security operationsHow many times has your SOC hit crisis mode at 2:00 AM, with the dashboard blaring red and analysts scrambling to separate real threats from useless noise? We’ve all been there, and if you’re still measuring success by the number of alerts closed, chances are you’re feeling the s…CSOONLINE.COM
1 Apr5 essential steps to bulletproof your endpoint security (and avoid the biggest mistakes)Business resilience starts at the endpoint. Between March and December 2025, the N-able SOC processed over 900,000 alerts—and a staggering 18% originated from network and perimeter exploits that most endpoint-only security never saw. Attackers are constantly shifting tactics, and…CSOONLINE.COM
1 AprFrequently Asked Questions About the Axios npm Supply Chain Attack by North Korea-Nexus Threat Actor UNC1069A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access trojan to potentially millions of developer environments during a three-hour window on March 31. Key takeaways: The axios npm package, which has over 100 mill…TENABLE.COM
1 AprSecuring the open source supply chain across GitHubRecent attacks on open source focus on exfiltrating secrets; here are the prevention steps you can take today, plus a look at the security capabilities GitHub is working on. The post Securing the open source supply chain across GitHub appeared first on The GitHub Blog .GITHUB.BLOG
1 AprMutation testing for the agentic eraCode coverage is one of the most dangerous quality metrics in software testing. Many developers fail to realize that code coverage lies by omission: it measures execution, not verification. Test suites with high coverage can obfuscate the fact that critical functionality is untes…TRAILOFBITS.COM
1 Apr KEVRisky Business #831 -- The AI bugpocalypse beginsOn this week’s show, Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover: Those pesky North Koreans shim a backdoor into a 100M-downloads-a-week npm package TeamPCP appear to have ransacked Cisco’s source and cloud environments AI is gett…RISKY.BIZ
31 Mar KEVCISA orders feds to patch actively exploited Citrix flaw by ThursdayThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their Citrix NetScaler appliances against an actively exploited vulnerability by Thursday. [...]BLEEPINGCOMPUTER.COM
31 MarCrewAI Vulnerabilities Expose Devices to HackingAttackers can exploit the bugs through prompt injection, chaining them together to escape the sandbox and execute arbitrary code. The post CrewAI Vulnerabilities Expose Devices to Hacking appeared first on SecurityWeek .SECURITYWEEK.COM
31 MarGoogle Slashes Quantum Resource Requirements for Breaking Cryptocurrency EncryptionGoogle researchers have shown that breaking the encryption of Bitcoin and Ethereum requires 20x fewer qubits. The post Google Slashes Quantum Resource Requirements for Breaking Cryptocurrency Encryption appeared first on SecurityWeek .SECURITYWEEK.COM
31 MarExploitation of Critical Fortinet FortiClient EMS Flaw BeginsThe SQL injection vulnerability allows unauthenticated attackers to execute arbitrary code remotely, via crafted HTTP requests. The post Exploitation of Critical Fortinet FortiClient EMS Flaw Begins appeared first on SecurityWeek .SECURITYWEEK.COM
31 MarStrongSwan Flaw Allows Unauthenticated Attackers to Crash VPNsRemotely exploitable, the integer underflow vulnerability impacts StrongSwan releases spanning 15 years. The post StrongSwan Flaw Allows Unauthenticated Attackers to Crash VPNs appeared first on SecurityWeek .SECURITYWEEK.COM
31 MarVertex AI Vulnerability Exposes Google Cloud Data and Private ArtifactsCybersecurity researchers have disclosed a security "blind spot" in Google Cloud's Vertex AI platform that could allow artificial intelligence (AI) agents to be weaponized by an attacker to gain unauthorized access to sensitive data and compromise an organization's cloud environm…THEHACKERNEWS.COM
31 MarThe AI Arms Race – Why Unified Exposure Management Is Becoming a Boardroom PriorityThe cybersecurity landscape is accelerating at an unprecedented rate. What is emerging is not simply a rise in the number of vulnerabilities or tools, but a dramatic increase in speed. Speed of attack, speed of exploitation, and speed of change across modern environments. This is…THEHACKERNEWS.COM
31 MarSilver Fox Expands Asia Cyber Campaign with AtlasCross RAT and Fake DomainsChinese-speaking users are the target of an active campaign that uses typosquatted domains impersonating trusted software brands to deliver a previously undocumented remote access trojan named AtlasCross RAT. "The operation covers VPN clients, encrypted messengers, video conferen…THEHACKERNEWS.COM
31 MarThe New Playground for Cybercriminals: Securing the Microsoft Teams FrontierWith 320 million daily users on Microsoft Teams, the ability to connect with colleagues across the organization has never been more seamless… or more targeted. The shift isn’t just about where we talk; it's about how we are being attacked. Threat actors moving beyond phishing ema…KNOWBE4.COM
31 MarPNG Vulnerabilities Allow Attackers to Trigger Crashes and Leak Sensitive DataSecurity researchers have disclosed two high-severity vulnerabilities in libpng, the widely deployed reference library used for processing Portable Network Graphics (PNG) image files. These critical flaws allow remote attackers to trigger process crashes, leak sensitive heap memo…GBHACKERS.COM
31 MarApple Adds ClickFix Attack Warnings in New macOS Tahoe Security FeatureApple has silently introduced a new security mechanism in macOS Tahoe 26.4 to protect users against social engineering campaigns known as ClickFix attacks. This defense intercepts potentially harmful commands before they are pasted into the Terminal application, breaking the infe…GBHACKERS.COM
31 MarTax Filing Scams Used to Deliver Malware in New Cybercrime CampaignsCybercriminals are once again exploiting global tax seasons, abusing IRS and tax filing lures to deliver malware, remote monitoring and management (RMM) tools, and credential phishing in a wave of new 2026 campaigns. Security researchers have already tracked more than a hundred t…GBHACKERS.COM
31 MarCareCloud Data Breach Exposes Patient Data After Hackers Access IT SystemsCareCloud, Inc., a prominent healthcare technology provider, has disclosed a material cybersecurity incident involving unauthorized access to its electronic health record (EHR) infrastructure. The security event was first detected on March 16, 2026, when the CareCloud Health divi…GBHACKERS.COM
31 MarHacker hijacks Axios open-source project, used by millions, to push malwareA hacker inserted malware in Axios, an open-source web tool downloaded tens of millions of times weekly, in a widespread hack.TECHCRUNCH.COM
31 MarIranian hackers breach FBI director’s personal email, and post his CV and photos onlineIt's not every day that you read that the head of America's top law enforcement agency has been hacked, but then - these aren't ordinary times. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
31 MarVRP 2025 Year in ReviewPosted by Dirk G ö hmann, Tony Mendez, and the Vulnerability Rewards Program Team 2025 marked a special year in the history of vulnerability rewards and bug bounty programs at Google: our 15th anniversary 🎉🎉🎉! Originally started in 2010 , our vulnerability reward program (VRP) ha…SECURITY.GOOGLEBLOG.COM
31 MarOpenAI patches twin leaks as Codex slips and ChatGPT spillsOpenAI has fixed two flaws in its AI stack that could allow AI agents to move sensitive data in unintended ways. The issues, disclosed by researchers at BeyondTrust and Check Point Research, affect the OpenAI Codex coding agent and ChatGPT’s code execution environment, respective…CSOONLINE.COM
31 Mar8 ways to bolster your security posture on the cheapAs every CISO knows, maintaining a strong cybersecurity posture is costly. What’s not so well known is that there are many ways cybersecurity can be enhanced with the help of relatively trivial investments. Simply by thinking creatively, a security leader can substantially boost …CSOONLINE.COM
31 MarThe external pressures redefining cybersecurity riskOver the last four years, I’ve watched organizations get blindsided by threats that originated in a third-party network. More than 35% of data breaches are caused by a compromised vendor or partner, not by any failure in the organization’s controls. While many organizations know …CSOONLINE.COM
31 Mar KEV6 key takeaways from RSA Conference 2026Writing a conference preview is an act of professional speculation. You read the agenda, map the schedule session density, and make your personal best call about where the intellectual energy will concentrate. From my perspective going in, RSA Conference 2026 outlined a defining …CSOONLINE.COM
31 MarDeveloping the Skills Needed for Modern Software Development - Keith Hoodlet, Ron Rasi... - ASW #376The future of secure software is going through a mix of skills expected of humans and skills files created for LLMs. We might even posit that appsec as a discipline will fade (and that might not even be a bad thing!). Keith Hoodlet describes the skills he was looking for in build…YOUTUBE.COM
31 MarVulnerability Research Is Cooked — Quarrelsomesubmitted by cm0002 to cybersecurity 2 points | 1 comments https://sockpuppet.org/blog/2026/03/30/vulnerability-research-is-cooked/ For the last two years, technologists have ominously predicted that AI coding agents will be responsible for a deluge of security vulnerabilities. T…INFOSEC.PUB
31 MarCybercriminals Exploit Tax Season With New Phishing Tactics - Infosecurity Magazinesubmitted by kid to cybersecurity 7 points | 0 comments https://www.infosecurity-magazine.com/news/tax-season-new-phishing-tactics/SH.ITJUST.WORKS
31 MarHackers exploiting critical F5 BIG-IP flaw in attacks, patch nowsubmitted by kid to cybersecurity 8 points | 0 comments https://www.bleepingcomputer.com/news/security/hackers-now-exploit-critical-f5-big-ip-flaw-in-attacks-patch-now/SH.ITJUST.WORKS
31 MarCisco source code stolen in Trivy-linked dev environment breachCisco has suffered a cyberattack after threat actors used stolen credentials from the recent Trivy supply chain attack to breach its internal development environment and steal source code belonging to the company and its customers. [...]BLEEPINGCOMPUTER.COM
31 MarAndroid Developer Verification Rollout Begins Ahead of September EnforcementGoogle on Monday said it's officially rolling out Android developer verification to all developers to combat the problem of bad actors distributing harmful apps while "hiding behind anonymity." The development comes ahead of a planned verification mandate that goes into effect in…THEHACKERNEWS.COM
31 MarAttackers trojanize Axios HTTP library in highest-impact npm supply chain attackAttackers compromised the npm account of the lead maintainer of Axios, a widely used JavaScript HTTP client library, and used it to publish malicious versions of the package that deployed a cross-platform remote access trojan on developer machines. The incident represents the hig…CSOONLINE.COM
31 MarBeyond the Hype: Cyber Readiness, Zero Trust, and an Unscripted Conversation - SWN #568In the AI era, cybersecurity is undergoing a fundamental shift as AI agents transform both the speed and scale of attacks. In this interview, Gibb Witham, President and Chief Financial Officer of Hack The Box, explains why organizations must move beyond assumed AI capability towa…YOUTUBE.COM
31 MarClaude AI finds Vim, Emacs RCE bugs that trigger on file openVulnerabilities in the Vim and GNU Emacs text editors, discovered using simple prompts with the Claude assistant, allow remote code execution simply by opening a file. [...]BLEEPINGCOMPUTER.COM
31 MarCisco source code stolen in Trivy-linked dev environment breachsubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/cisco-source-code-stolen-in-trivy-linked-dev-environment-breach/SH.ITJUST.WORKS
31 MarClaude Code source code accidentally leaked in NPM packageAnthropic says it accidentally leaked the source code for Claude Code, which is closed source, but the company says no customer data or credentials were exposed. [...]BLEEPINGCOMPUTER.COM
31 MarMultiple Vulnerabilities in Apple Products Could Allow for Privilege EscalationMultiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for privilege escalation. Successful exploitation of the most severe of these vulnerabilities could allow a user to elevate privileges. Depending on the privileges associated wit…CISECURITY.ORG
31 MarNorth Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain AttackWritten by: Austin Larsen, Dima Lenz, Adrian Hernandez, Tyler McLellan, Christopher Gardner, Ashley Zaya, Michael Rudden, Mon Liclican Introduction Google Threat Intelligence Group (GTIG) is tracking an active software supply chain attack targeting the popular Node Package Manage…CLOUD.GOOGLE.COM
31 MarSupply chain attack on Axios npm package: Scope, impact, and remediationsThe Axios npm package has been compromised in a supply chain attack that uploaded new versions of the package containing malicious code. Any environment that downloaded these compromised Axios versions is at risk of severe data theft, including the loss of credentials and API key…TENABLE.COM
31 MarWhat’s new in Tenable Cloud Security: Custom policies, AWS ABAC, and research-driven protectionStop the noise and scale your cloud security. Our latest updates introduce custom policy automation via Explorer, AWS ABAC support for true least privilege, and research-backed protection against critical vulnerabilities, all designed to slash MTTR without disrupting your DevOps …TENABLE.COM
31 MarHow we made Trail of Bits AI-native (so far)This post is adapted from a talk I gave at [un]prompted , the AI security practitioner conference. Thanks to Gadi Evron for inviting me to speak. You can watch the recorded presentation below or download the slides . Most companies hand out ChatGPT licenses and wait for the produ…TRAILOFBITS.COM
30 MarRussian State Hackers Go After IoS DevicesMac Malware 'Infinity Stealer,' DarkSword iOS Exploits, China Telecom Espionage & TeamTNT Supply Chain Hits Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in on…CYBERSECURITYTODAY.LIBSYN.COM
30 MarA Vulnerability in F5 Products Could Allow for Remote Code ExecutionA vulnerability has been discovered in F5 Products that could allow for remote code execution. F5 BIG IP APM is an access policy management solution designed to enforce secure access to applications, APIs, and sensitive data. It is commonly deployed by enterprises, financial inst…CISECURITY.ORG
30 MarMultiple Vulnerabilities in NetScaler ADC and NetScaler Gateway Could Allow for Memory OverreadMultiple Vulnerabilities have been discovered in NetScaler ADC and NetScaler Gateway, the most severe of which could allow for memory overread. NetScaler ADC is a networking product that functions as an Application Delivery Controller (ADC), a tool that optimizes, secures, and en…CISECURITY.ORG
30 MarHealthcare tech firm CareCloud says hackers stole patient dataHealthcare IT firm CareCloud has disclosed a data breach incident that exposed sensitive data and caused a network disruption lasting approximately eight hours. [...]BLEEPINGCOMPUTER.COM
30 MarHackers exploiting critical F5 BIG-IP flaw in attacks, patch nowF5 has reclassified a BIG-IP APM denial-of-service (DoS) vulnerability as a critical-severity remote code execution (RCE) flaw, warning that attackers are exploiting it to deploy webshells on unpatched devices. [...]BLEEPINGCOMPUTER.COM
30 MarCritical Fortinet Forticlient EMS flaw now exploited in attacksAttackers are now actively exploiting a critical vulnerability in Fortinet's FortiClient EMS platform, according to threat intelligence company Defused. [...]BLEEPINGCOMPUTER.COM
30 MarOpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token VulnerabilityA previously unknown vulnerability in OpenAI ChatGPT allowed sensitive conversation data to be exfiltrated without user knowledge or consent, according to new findings from Check Point. "A single malicious prompt could turn an otherwise ordinary conversation into a covert exfiltr…THEHACKERNEWS.COM
30 Mar⚡ Weekly Recap: Telecom Sleeper Cells, LLM Jailbreaks, Apple Forces U.K. Age Checks and MoreSome weeks are loud. This one was quieter but not in a good way. Long-running operations are finally hitting courtrooms, old attack methods are showing up in new places, and research that stopped being theoretical right around the time defenders stopped paying attention. There's …THEHACKERNEWS.COM
30 MarThree China-Linked Clusters Target Southeast Asian Government in 2025 Cyber CampaignThree threat activity clusters aligned with China have targeted a government organization in Southeast Asia as part of what has been described as a "complex and well-resourced operation." The campaigns have led to the deployment of various malware families, including HIUPAN (aka …THEHACKERNEWS.COM
30 MarReport: There Are Nearly 66 Billion Stolen Identity Records on Criminal ForumsResearchers at SpyCloud warn that the number of stolen identity records on criminal forums rose to 65.7 billion in 2025, a 23% increase from the previous year.KNOWBE4.COM
30 MarLeak reveals Anthropic’s ‘Mythos,’ a powerful AI model aimed at cybersecurity use casesAnthropic didn’t intend to introduce Mythos this way. Details of what it calls its most capable AI model yet surfaced through a data leak in its content management system (CMS), revealing a LLM with sharply improved reasoning and coding skills. The data leak, which was the result…CSOONLINE.COM
30 MarAPIs are the new perimeter: Here’s how CISOs are securing themRecent breaches suggest attackers are shifting beyond traditional endpoints to target application programming interfaces (APIs). But typical perimeter protections can completely miss this vector. “We used to talk about defense-in-depth and endpoint protection,” says Sean Murphy ,…CSOONLINE.COM
30 MarWhy Kubernetes controllers are the perfect backdoorIn my years securing cloud-native environments, I’ve noticed a recurring blind spot. We obsess over the “front doors” such as exposed dashboards, misconfigured RBAC , or unpatched container vulnerabilities. We harden the perimeter, but we often ignore the machinery humming inside…CSOONLINE.COM
30 MarOops, all Interviews: Switching to Cyber, CISO Reflections, and the State of TPCRM - ESW #452Interview with Helen Patton about her new book, Switching to Cyber Helen joins us to discuss her second book, "Switching to Cyber." Her first book discussed strategies for handling various stages of the cybersecurity career, while this one, co-written with Josiah Dykstra, provide…YOUTUBE.COM
30 MarVU#655822: Kyverno is vulnerable to server-side request forgery (SSRF)Overview Kyverno, versions 1.16.0 to present, contains an SSRF vulnerability in its CEL-based HTTP functions, which lack URL validation or namespace scoping and allow namespaced policies to trigger arbitrary internal HTTP requests. An attacker with only namespace-level permission…KB.CERT.ORG
30 MarCloudflare Client-Side Security: smarter detection, now open to everyoneWe are opening our advanced Client-Side Security tools to all users, featuring a new cascading AI detection system. By combining graph neural networks and LLMs, we've reduced false positives by up to 200x while catching sophisticated zero-day exploits.CLOUDFLARE.COM
28 MarOpen VSX Scanner Vulnerability Lets Malicious Extensions Go LiveOpen VSX, the extension marketplace used by VS Code forks such as Cursor and Windsurf, recently fixed a critical vulnerability in its newly introduced pre-publish scanning pipeline that could allow malicious extensions to bypass security checks and go live undetected. The issue, …GBHACKERS.COM
28 MarTA446 Deploys Leaked DarkSword iOS Exploit Kit in Targeted Spear-Phishing CampaignProofpoint has disclosed details of a targeted email campaign in which threat actors with ties to Russia are leveraging the recently disclosed DarkSword exploit kit to target iOS devices. The activity has been attributed with high confidence to the Russian state-sponsored threat …THEHACKERNEWS.COM
28 MarNew Infinity Stealer malware grabs macOS data via ClickFix luresA new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler. [...]BLEEPINGCOMPUTER.COM
27 MarGoogle: The quantum apocalypse is coming sooner than we thoughtGoogle isn’t just responsible for the encryption of a big chunk of the communications on the internet. It is also building its own quantum computers, so it’s well placed to evaluate how close the technology is to fruition. Until now, the company has been aligned with the NIST tim…CSOONLINE.COM
27 MarBreachForums Verion 5 - 339,778 breached accountsIn March 2026, a breach of one of the many iterations of the BreachForums hacking forum known as "Version 5" was publicly disclosed . The incident exposed 340k unique email addresses along with usernames and argon2 password hashes.HAVEIBEENPWNED.COM
27 MarRed Hat Warns of Malware Embedded in Popular Linux Tool, Opening Doors for Unauthorized AccessRed Hat has issued an urgent security alert regarding a highly sophisticated supply chain attack targeting the popular xz compression utility. Cybersecurity researchers discovered malicious code embedded within recent versions of the xz libraries, which could potentiall…GBHACKERS.COM
27 MarLangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI FrameworksCybersecurity researchers have disclosed three security vulnerabilities impacting LangChain and LangGraph that, if successfully exploited, could expose filesystem data, environment secrets, and conversation history. Both LangChain and LangGraph are open-source frameworks that are…THEHACKERNEWS.COM
27 MarTeamPCP Hackers Focus on AI Developers, Planting Malicious Code to Disrupt ProjectsThe FBI Cyber Division has issued a critical alert following a massive supply chain attack orchestrated by the threat actor group TeamPCP. The hackers successfully compromised two widely used developer tools, creating a cascading security incident for organizations building artif…GBHACKERS.COM
27 Mar8 steps CISOs can take to empower their teamsMany leaders know empowered teams deliver better results, but not all leaders understand how to get there. It all starts with knowing what empowerment truly means. Put simply: Empowerment is the absence of micromanagement. Empowerment provides the foundation for people to develop…CSOONLINE.COM
27 MarCoruna iOS Exploit Kit Likely an Update to Operation TriangulationCoruna contains the updated version of a kernel exploit used in Operation Triangulation three years ago. The post Coruna iOS Exploit Kit Likely an Update to Operation Triangulation appeared first on SecurityWeek .SECURITYWEEK.COM
27 Mar KEVCISA: New Langflow flaw actively exploited to hijack AI workflowssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/cisa-new-langflow-flaw-actively-exploited-to-hijack-ai-workflows/SH.ITJUST.WORKS
27 MarBIND 9 Security Flaws Allow Attackers to Bypass Security Controls and Crash ServersThe Internet Systems Consortium (ISC) has released critical security advisories addressing three new vulnerabilities in the widely used BIND 9 Domain Name System (DNS) software suite. If left unpatched, remote attackers could exploit these weaknesses to bypass access control list…GBHACKERS.COM
27 MarA forensic intelligence suite for Matrix investigatorssubmitted by nemesis3856 to cybersecurity 1 points | 0 comments Source code and details: github.com/umutatalar/Sherlocked Sherlocked is a purpose-built forensic suite for Matrix investigators. It correlates invite events, message activity, and user relationships across rooms to s…SH.ITJUST.WORKS
27 MarOpen VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security ChecksCybersecurity researchers have disclosed details of a now-patched bug impacting Open VSX's pre-publish scanning pipeline to cause the tool to allow a malicious Microsoft Visual Studio Code (VS Code) extension to pass the vetting process and go live in the registry. "The pipeline …THEHACKERNEWS.COM
27 MarApple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based ExploitsApple is now sending Lock Screen notifications to iPhones and iPads running older versions of iOS and iPadOS to alert users of web-based attacks and urge them to install the update. The development was first reported by MacRumors. "Apple is aware of attacks targeting out-of-date …THEHACKERNEWS.COM
27 MarA Matrix forensic intelligence suite for investigatorssubmitted by nemesis3856 to cybersecurity 1 points | 0 comments Source code and details: github.com/umutatalar/Sherlocked Sherlocked correlates invite events, message activity, and user relationships across Matrix rooms to surface behavioural patterns that would otherwise require…SH.ITJUST.WORKS
27 MarCustom Fonts Can Trick AI Assistants Into Approving Phishing SitesResearchers at LayerX warn that custom fonts can fool AI web assistants into thinking phishing pages are benign, while the human user sees something completely different.KNOWBE4.COM
27 MarTrivy Under Attack Again: Widespread GitHub Actions Tag Compromise Exposes CI/CD Secretssubmitted by Kissaki to security 1 points | 0 comments https://socket.dev/blog/trivy-under-attack-again-github-actions-compromise Attackers compromised Trivy GitHub Actions by force-updating tags to deliver malware, exposing CI/CD secrets across affected pipelines. Recent updates…PROGRAMMING.DEV
27 MarEuropean Commission data stolen in a cyberattack on the infrastructure hosting its web sitesThe European Commission is continuing to investigate the theft of data from its cloud infrastructure earlier this week. On Thursday, the Commission revealed there had been an attack on its Europa.eu platform, offering few details, then, on Friday, security news site Bleeping Comp…CSOONLINE.COM
27 MarSpot Scam Red Flags FastCommon scam indicators include unrealistic offers, unexpected charges, and pressure to act immediately without thinking. These tactics are designed to override judgment and push quick decisions. Slowing down, verifying with trusted sources (like your bank), and recognizing urgenc…YOUTUBE.COM
26 MarDelve did the security compliance on LiteLLM, an AI project hit by malwareLiteLLM offers an AI open source project used by millions that was infected by credential harvesting malware.TECHCRUNCH.COM
26 MarSound Radix - 292,993 breached accountsIn March 2026, the audio production tools company Sound Radix disclosed a data breach that they subsequently self-submitted to HIBP . Attributed to unauthorised access to a customer support platform, the incident impacted 293k unique email addresses and names of users who had int…HAVEIBEENPWNED.COM
26 MarNode.js Releases Urgent Patches for Multiple Vulnerabilities Exposing Systems to DoS and CrashesThe Node.js project issued a critical security update for its Long-Term Support (LTS) branch, marking version 20.20.2 ‘Iron’ as a security release. This urgent patch addresses seven distinct vulnerabilities impacting TLS error handling, HTTP/2 flow control, cryptographic timing, …GBHACKERS.COM
26 MarFake VS Code Security Alerts on GitHub Spread Malware in Massive Phishing AttackA large-scale phishing campaign is actively targeting developers on GitHub by abusing the platform’s Discussions feature to distribute fake Visual Studio Code (VS Code) security alerts. The campaign appears highly coordinated, with thousands of near-identical posts discovered acr…GBHACKERS.COM
26 MarLeakBase Forum Admin Arrested by Russian Authorities in Global Cybercrime OperationRussian law enforcement agencies have successfully apprehended the suspected administrator of LeakBase, a prominent international cybercrime forum. The arrest, executed by officers from the Russian Ministry of Internal Affairs (MVD) alongside regional security services in Rostov,…GBHACKERS.COM
26 MarFake npm Install Messages Conceal RAT Malware in New Open Source Supply Chain AttackFake npm install messages are the latest social engineering trick in the open source supply chain, with attackers abusing npm post‑install scripts to silently deploy a crypto‑stealing remote access trojan (RAT) in what ReversingLabs is calling the “Ghost campaign.” By wrapping th…GBHACKERS.COM
26 MarPreventing Account Takeovers: A Practical Guide to Detection and ResponseYesterday’s password leak can become tomorrow’s identity crisis. According to research firm Gitnux, account-takeover attacks jumped 354 percent in 2023, driven by bots that replay stolen credentials and infostealer malware that sidesteps multi-factor prompts. The fallout, billion…GBHACKERS.COM
26 MarSynology DiskStation Manager Vulnerability Puts Users at Risk of Remote Command Execution AttacksSynology has issued an urgent security update for its DiskStation Manager (DSM) software to address a critical vulnerability. If left unpatched, this flaw could allow unauthenticated remote attackers to execute arbitrary commands on affected network-attached storage (NAS) devices…GBHACKERS.COM
26 MarWebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce SitesCybersecurity researchers have discovered a new payment skimmer that uses WebRTC data channels as a means to receive payloads and exfiltrate data, effectively bypassing security controls. "Instead of the usual HTTP requests or image beacons, this malware uses WebRTC data channels…THEHACKERNEWS.COM
26 MarCoruna iOS Kit Reuses 2023 Triangulation Exploit Code in New Mass AttacksThe kernel exploit for two security vulnerabilities used in the recently uncovered Apple iOS exploit kit known as Coruna is an updated version of the same exploit that was used in the Operation Triangulation campaign back in 2023, according to new findings from Kaspersky. "When C…THEHACKERNEWS.COM
26 MarCritical NVIDIA Vulnerabilities Risk Remote Code Execution and Denial-of-Service AttacksNVIDIA has recently published its March 2026 security bulletins, addressing a wave of newly discovered vulnerabilities across its hardware and software ecosystems. The technology giant has urged organizations to immediately evaluate their environments and apply the necessary corr…GBHACKERS.COM
26 MarSilver Fox Tax Audit Phishing Campaign Shifts from RATs to Python StealersThreat intelligence teams have tracked Silver Fox (also known as Void Arachne), a China-based intrusion set that sits at the intersection of financially motivated cybercrime and APT-style espionage. Originally associated with large-scale, profit-driven campaigns, the group has st…GBHACKERS.COM
26 MarGitHub phishers use fake OpenClaw tokens to drain crypto walletsThreat actors are actively exploiting OpenClaw’s viral popularity to run a phishing campaign that targets developers on GitHub with lures of free crypto tokens. According to a disclosure by OX Security, the campaign involves fake “CLAW” token airdrops that promise thousands of do…CSOONLINE.COM
26 Mar KEVCritical Ivanti EPMM Vulnerabilities Expose Systems to Arbitrary Code Execution AttacksIn February 2026, threat actors actively exploited two critical remote code execution (RCE) vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM). A recent incident response investigation by WithSecure’s STINGR Group revealed that attackers used highly automated methods …GBHACKERS.COM
26 MarCisco Patches Multiple Vulnerabilities in IOS SoftwareThe high- and medium-severity flaws could lead to denial-of-service, secure boot bypass, information disclosure, and privilege escalation. The post Cisco Patches Multiple Vulnerabilities in IOS Software appeared first on SecurityWeek .SECURITYWEEK.COM
26 MarDatabricks pitches Lakewatch as a cheaper SIEM — but is it really?Databricks has previewed a new open agentic Security Information and Event Management software (SIEM) named Lakewatch that signals its first deliberate step beyond data warehousing into security analytics. The data warehouse-provider is pitching Lakewatch as a lower-cost alternat…CSOONLINE.COM
26 MarCoruna iOS exploit framework linked to Triangulation attacksThe Coruna exploit kit is an evolution of the framework used in the Operation Triangulation espionage campaign, which in 2023 targeted iPhones via zero-click iMessage exploits. [...]BLEEPINGCOMPUTER.COM
26 MarClaude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any WebsiteCybersecurity researchers have disclosed a vulnerability in Anthropic's Claude Google Chrome Extension that could have been exploited to trigger malicious prompts simply by visiting a web page. The flaw "allowed any website to silently inject prompts into that assistant as if the…THEHACKERNEWS.COM
26 MarUniversity Donor Data Under AttackUniversities are increasingly seeing attacks that target donor data, with several high-profile institutions already appearing in public reports. While this data may not directly impact students day-to-day, it plays a critical role in funding scholarships, grants, and institutiona…YOUTUBE.COM
26 MarNew ClickFix Attack Exploits Windows Run Dialog and macOS Terminal to Deploy MalwareThreat actors are standardizing a powerful ClickFix-based attack that abuses the Windows Run dialog box and macOS Terminal to deliver malware while sidestepping traditional browser protections. Insikt Group has tracked five distinct ClickFix activity clusters active since at leas…GBHACKERS.COM
26 MarGreat Patching Lessons To Learn From The Zero Day ClockI just came across the Zero Day Clock, and I love it. Everyone should go there, see the stats, see the trends, and figure out what that means for your ongoing and future patch management plans.KNOWBE4.COM
26 MarIn WAF we (should not) trustDeep dive into Web Application Firewall (WAF) bypasses, from misconfiguration exploitation to crafting obfuscated payloads. We show the impact of the parsing discrepancy between how a WAF reads a request and how a backend executes it. It is not a bug, it is a feature.QUARKSLAB.COM
26 MarAI is the Top Cyber Priority for Defenders as Criminals Exploit it - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/ai-top-cyber-priority-defenders-pwc/SH.ITJUST.WORKS
26 MarThe CISO’s guide to responding to shadow AIMove over shadow IT; shadow AI is the new risk on the scene. The explosion of available AI tools, leadership’s enthusiasm for the new technology, the push for employees to do more with less, nascent governance and the sheer speed at which AI is evolving has created the perfect en…CSOONLINE.COM
26 MarReport: Attackers Can Trick AI Assistants Into Displaying Phishing MessagesResearchers at Permiso warn that threat actors can plant phishing messages within Copilot AI summaries. Notably, the researchers found that attackers can trick Copilot into including internal information to craft a more targeted message.KNOWBE4.COM
26 MarAjax football club hack exposed fan data, enabled ticket hijackDutch professional football club Ajax Amsterdam (AFC Ajax) disclosed that a hacker exploited vulnerabilities in its IT systems and accessed data belonging to a few hundred people. [...]BLEEPINGCOMPUTER.COM
26 MarScanning The Internet with Linux Tools - PSW #919In this segment, we will explore some pretty awesome tools for scanning the Internet, with a focus on network edge devices. We'll bring it all together with Claude Code and look at some sample results. Tools include: Shodan | Passive recon — query existing scan data for exposed d…YOUTUBE.COM
26 MarUncover prompt injection, insider threats with the Tenable One Model Refusal DetectionTenable One's new Model Refusal Detection turns an LLM's refusal to execute a risky or suspicious prompt into a high-fidelity early warning signal. It helps you uncover and stop prompt injection attacks, insider threats, and other risky user behaviors before they escalate into a …TENABLE.COM
26 MarA year of open source vulnerability trends: CVEs, advisories, and malwareReviewed advisories hit a four-year low, malware advisories surged, and CNA publishing grew—here’s what changed and what it means for your triage and response. The post A year of open source vulnerability trends: CVEs, advisories, and malware appeared first on The GitHub Blog .GITHUB.BLOG
26 MarActive Magecart Campaign Targets Spain, Steals Card Data via Hijacked eStores for Bank FraudA large-scale magecart operation remained active for over 24 months, leveraging an infrastructure of 100+ domains. While the targeted victims are e-commerce websites, the actual pressure falls on banks and payment systems. As ANY.RUN’s analysis shows, threat actors…ANY.RUN
25 MarAqua Security’s Trivy Scanner Hit by Supply Chain Attack, Threatening Software IntegrityA sophisticated supply chain attack compromised Aqua Security’s popular open-source Trivy vulnerability scanner. Threat actors successfully distributed malicious code through the project’s GitHub Actions, targeting deployment pipelines to silently exfiltrate sensitive crede…GBHACKERS.COM
25 MarHackerOne Confirms Employee Data Stolen Following Linked Navia HackHackerOne, a leading vulnerability coordination and bug bounty platform, has officially confirmed a data breach impacting its employees. The security incident did not occur directly on HackerOne’s internal network or infrastructure. Instead, the sensitive data was exposed t…GBHACKERS.COM
25 MarCompromised LiteLLM Package With 95M Downloads Tied to TeamPCP, After Trivy & KICS HacksSecurity researchers discovered that the popular Python library litellm was compromised on PyPI. With over 95 million monthly downloads, this open-source tool helps developers route requests across various LLM providers through a single API. The threat actor, identified as TeamPC…GBHACKERS.COM
25 MarAI is breaking traditional security models — Here’s where they fail firstTraditionally, enterprise security operating models operated a fixed and regular cycle: Findings surfaced through periodic scans, security teams triaged results and remediation followed through ticket-based workflows. It was almost an SOP of sorts; the accountability existed, but…CSOONLINE.COM
25 MarSay Easy, Do Hard - Crypto-Agility - BSW #440With Q-day getting closer, regulatory guidance pushing firms to migrate to quantum security in the next five years, and an extensive remediation backlog waiting to be discovered, security leaders must start their quantum security migration today. Easier said than done. In this Sa…YOUTUBE.COM
25 Mar6 key trends reshaping the IAM marketThe identity and access management (IAM) market has shifted its focus from traditional “login and MFA” mechanisms toward treating identity as a security control plane. Buyers are prioritizing phishing-resistant authentication, including passkeys, and the management of non-human i…CSOONLINE.COM
25 MarClawHub Vulnerability Lets Attackers Manipulate Rankings to Become Top SkillSilverfort researchers recently uncovered a critical security flaw in ClawHub, the main public registry for the OpenClaw agent ecosystem. This vulnerability allowed attackers to artificially boost download numbers, pushing malicious code to the top of the search results. This cre…GBHACKERS.COM
25 MarHackers Exploiting Magento Flaw to Execute Remote Code and Seize Full Account AccessA critical vulnerability dubbed “PolyShell” is actively being exploited across Magento and Adobe Commerce platforms. Discovered by the Sansec Forensics Team and published on March 17, 2026, this flaw allows unauthenticated attackers to upload executable files via the …GBHACKERS.COM
25 MarPyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentialsPyPI is warning of possible credential theft from AI applications and developer pipelines after two malicious versions of the widely used Python middleware for large language models, LiteLLM, were briefly published. “Anyone who has installed and run the project should assume any …CSOONLINE.COM
25 MarPTC warns of imminent threat from critical Windchill, FlexPLM RCE bugsubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/ptc-warns-of-imminent-threat-from-critical-windchill-flexplm-rce-bug/SH.ITJUST.WORKS
25 MarTrivy supply chain breach compromises over 1,000 SaaS environments, Lapsus$ joins the extortion waveWhat started as a supply chain attack on Trivy, a widely used security scanner, has become a Lapsus$-linked extortion campaign, with more than 1,000 enterprise SaaS environments already compromised. Charles Carmakal, CTO of Mandiant Consulting, made the assessment at a Google-hos…CSOONLINE.COM
25 MarThe Kill Chain Is Obsolete When Your AI Agent Is the ThreatIn September 2025, Anthropic disclosed that a state-sponsored threat actor used an AI coding agent to execute an autonomous cyber espionage campaign against 30 global targets. The AI handled 80-90% of tactical operations on its own, performing reconnaissance, writing exploit code…THEHACKERNEWS.COM
25 MarVulnMCP 1.0.0 releasedsubmitted by cm0002 to cybersecurity 1 points | 0 comments https://www.vulnerability-lookup.org/2026/03/25/vulnmcp-1-0-0/INFOSEC.PUB
25 MarSecurity for the Quantum Era: Implementing Post-Quantum Cryptography in AndroidPosted by Eric Lynch, Product Manager, Android and Dom Elliot, Group Product Manager, Google Play Modern digital security is at a turning point. We are on the threshold of using quantum computers to solve "impossible" problems in drug discovery, materials science, and energy—task…SECURITY.GOOGLEBLOG.COM
25 MarCitrix urges admins to patch NetScaler flaws as soon as possibleCitrix has patched two NetScaler ADC and NetScaler Gateway vulnerabilities, one of which is very similar to the CitrixBleed and CitrixBleed2 flaws exploited in zero-day attacks in recent years. [...]BLEEPINGCOMPUTER.COM
25 MarTrojanization of Trivy, Checkmarx, and LiteLLM solutions | Kaspersky official blogHow Trivy and CheckMarx open-source solutions became the starting point for a massive TeamPCP attack on other applications, and what organizations using them should do.KASPERSKY.COM
25 MarLeakBase Admin Arrested in Russia Over Massive Stolen Credential MarketplaceThe alleged administrator of the LeakBase cybercrime forum has been arrested by Russian law enforcement authorities, state media reported Thursday. According to TASS and MVD Media, a news website linked to the Russian Interior Ministry, the suspect is a resident of the city of Ta…THEHACKERNEWS.COM
25 MarMatrix forensic toolset for tracing membership eventssubmitted by nemesis3856 to cybersecurity 1 points | 0 comments Source code and details: github.com/umutatalar/Sherlocked Overview Sherlocked is a two-tool forensic suite for Matrix investigators. Given a target MXID, it locates m.room.member invite events across rooms and spaces…SH.ITJUST.WORKS
25 MarWhy Your Human Risk Management Strategy Can’t Ignore AIAI isn’t just another technology wave—it’s a force multiplier for both innovation and risk. In a recent webinar featuring insights from Bryan Palma and guest speaker Jinan Budge, Vice President and Research Director at Forrester, one message came through clearly: the rise of AI a…KNOWBE4.COM
25 MarApple Patches (almost) everything again. March 2026 edition., (Wed, Mar 25th)Apple released the next version of its operating system, patching 85 different vulnerabilities across all of them. None of the vulnerabilities are currently being exploited. The last three macOS "generations" are covered, as are the last two versions of iOS/iPadOS. For tvOS, watc…ISC.SANS.EDU
25 MarPolyShell attacks target 56% of all vulnerable Magento storesAttacks leveraging the 'PolyShell' vulnerability in version 2 of Magento Open Source and Adobe Commerce installations are underway, targeting more than half of all vulnerable stores. [...]BLEEPINGCOMPUTER.COM
25 MarGitHub adds AI-powered bug detection to expand security coverageGitHub is adopting AI-based scanning for its Code Security tool to expand vulnerability detections beyond the CodeQL static analysis and cover more languages and frameworks. [...]BLEEPINGCOMPUTER.COM
25 MarClickFix Campaigns Targeting Windows and macOSInsikt Group reveals five ClickFix social engineering clusters (QuickBooks, Booking.com, Birdeye) targeting Windows and macOS. Learn how threat actors exploit native system tools with malicious, obfuscated commands to gain initial access, and get key mitigations for defenseRECORDEDFUTURE.COM
25 MarTry our new dimensional analysis Claude pluginWe’re releasing a new Claude plugin for developing and auditing code that implements dimensional analysis, a technique we explored in our most recent blog post . Most LLM-based security skills ask the model to find bugs. Our new dimensional-analysis plugin for Claude Code takes a…TRAILOFBITS.COM
25 MarRisky Business #830 -- LiteLLM and security scanner supply chains compromisedOn this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They talk through: TeamPCP’s supply chain attack on Github, and they threw in an anti-Iran wiper, because why not?! Anthropic hooks up its models to just… use your whole comput…RISKY.BIZ
24 MarPalo Alto updates security platform to discover AI agentsAs CISOs worry about AI agent sprawl, Palo Alto Networks has announced an update to its Prisma AIRS security platform and enterprise browser to include the ability to discover AI agents, models, and connections across the entire IT environment, to scan agents for vulnerabilities,…CSOONLINE.COM
24 MarChrome Security Update Fixes 8 Vulnerabilities That Could Enable Remote Code ExecutionGoogle has released a crucial security update for its Chrome browser, addressing eight high-severity vulnerabilities. Users are strongly advised to update their browsers immediately to protect their systems from potential remote code execution attacks. The stable channel update r…GBHACKERS.COM
24 MarRoundcube Releases Urgent Security Update to Fix Critical BugsRoundcube Webmail, a widely deployed open-source webmail interface, has released an urgent security update to address multiple critical vulnerabilities. The new stable release, version 1.6.14, patches eight distinct security flaws reported by independent security researchers. Bec…GBHACKERS.COM
24 MarNIST Releases Quick-Start Guide Linking Cybersecurity, Enterprise Risk, and Workforce ManagementThe National Institute of Standards and Technology (NIST) has officially released Special Publication 1308, a new quick-start guide designed to align cybersecurity, enterprise risk, and workforce management. Published in March 2026, this documentation addresses the growing need f…GBHACKERS.COM
24 MarWhy CISOs should embrace AI honeypotsThe nightmare begins with our protagonist trying to find a way inside to get to the firm’s files, but every door is bolted shut. Then they spot a back entrance and they’re in, first walking, then running down one corridor, then another, and another, feeling that they’re getting e…CSOONLINE.COM
24 MarFounder of CoinDCX Arrested Amid Serious Fraud and Cheating ChargesThe Indian cryptocurrency sector is currently facing a significant legal and cybersecurity controversy following the recent arrest of prominent CoinDCX executives. Local law enforcement from Mumbra police in Thane apprehended co-founders Sumit Gupta and Neeraj Khandelwal in Benga…GBHACKERS.COM
24 MarStreamline physical security to enable data center growth in the era of AIAI is the new space race for data centers, and consistency at speed is the rocket fuel that colocation and hyperscale providers need to reach orbit. Everything you already know about physical security still applies but it won’t matter unless you have the right plan and partnershi…CSOONLINE.COM
24 MarWhy Proactive Security Is Far Better Than Patching - Erik Nost - ASW #375So much of appsec’s efforts can be consumed by vuln management and a race to patch security flaws. But that’s more a symptom of the ease of scanning and the volume of CVEs. Erik Nost walks through the principles behind proactive security, why the concept sounds familiar to secure…YOUTUBE.COM
24 MarAutonomous AI adoption is on the rise, but it’s riskyTwo AI releases early this year are prompting users to give up control and let autonomous agentic tools complete tasks on their behalf. IT leaders should be ready to deal with the consequences. Anthropic rolled out its agentic platform Claude Cowork in January for macOs and Febru…CSOONLINE.COM
24 MarThreat Actors Target MS-SQL Servers to Deploy ICE Cloud Scanner MalwareThreat actors are continuing to aggressively target Microsoft SQL (MS-SQL) servers in 2026, with new evidence showing the deployment of a scanner malware known as ICE Cloud Client. Larva-26002 has maintained a consistent focus on poorly secured MS-SQL servers exposed to the inter…GBHACKERS.COM
24 MarMultiple Vulnerabilities in TP-Link Devices Enable Arbitrary Command ExecutionTP-Link recently published a critical security advisory addressing four high-severity vulnerabilities in its Archer series routers. The flaws impact the Archer NX200, NX210, NX500, and NX600 models. If successfully exploited, these vulnerabilities enable threat actors to bypass a…GBHACKERS.COM
24 MarCritical Citrix NetScaler Vulnerability Poised for Exploitation, Security Firms WarnAn out-of-bounds read vulnerability can be exploited remotely without authentication to read sensitive information from memory. The post Critical Citrix NetScaler Vulnerability Poised for Exploitation, Security Firms Warn appeared first on SecurityWeek .SECURITYWEEK.COM
24 MarDell Wyse Management Flaws Could Lead to Full System CompromiseSecurity researcher Aleksandr Zhurnakov from PT Security has discovered a critical exploit chain in Dell Wyse Management Suite. By combining seemingly minor logic flaws, an attacker can achieve unauthenticated remote code execution. This attack targets the On-Premises version of …GBHACKERS.COM
24 MarNew ‘StoatWaffle’ malware auto‑executes attacks on developersA newly disclosed malware strain dubbed “StoatWaffle” is giving fresh teeth to the notorious, developer-targeting “Contagious Interview” threat campaign. According to NTT Security findings, the malware marks an evolution from the long-running campaign’s user-triggered execution t…CSOONLINE.COM
24 MarDarkSword Exploit Chain Leaked Online, Posing Risk to Millions of iPhonesSecurity researchers have confirmed that the sophisticated iOS exploit chain known as DarkSword is now accessible outside of its original threat actor groups. Recently, security researcher @matteyeux successfully achieved kernel read/write access on an iPad mini 6th generation ru…GBHACKERS.COM
24 MarTycoon2FA Operators Resume Cloud Account Phishing Following InfrastructureTycoon2FA operators have resumed large-scale cloud account phishing just days after law enforcement and industry partners disrupted the platform’s core infrastructure, underscoring the resilience of phishing-as-a-service (PhaaS) ecosystems and the limits of infrastructure-only ta…GBHACKERS.COM
24 MarHP launches TPM Guard to help defeat physical TPM attacksThe Trusted Platform Module (TPM), developed by the Trusted Computing Group (TCG), is a mandatory security component in any computer running Windows 11. It stores sensitive information such as encryption keys in a separate, secure chip, passing it to the CPU as required. However,…CSOONLINE.COM
24 MarNews alert: DDoS attacks surge 150%—Gcore analysis shows faster, cheaper more frequent attacksLUXEMBOURG, Luxembourg, March 24, 2026, CyberNewswire— Gcore , the global infrastructure and software provider for AI, cloud, network, and security solutions, today announced the findings of its Q3-Q4 2025 Gcore Radar report DDoS attack trends. The report reveals growing attack &…LASTWATCHDOG.COM
24 MarBest Practices for Implementing AI AgentsOn March 9th, Codewall.ai disclosed how it had hacked McKinsey & Company’s AI platform called Lilli, a purpose-built system for 43,000+ employees to analyze documents, chat, and access decades of proprietary research. The researchers unleashed an AI agent which quickly scanne…KNOWBE4.COM
24 MarYour Attack Surface Just ExpandedSecurity platforms are expanding the definition of assets beyond endpoints to include identities, applications, cloud workloads, and IoT devices. As the attack surface grows, traditional security controls may no longer be applied in the right places. Organizations must rethink wh…YOUTUBE.COM
24 Mar100,000+ New Vulnerabilities This Year and Most Will Be Zero-Days Exploited FasterThe number of publicly reported unique vulnerabilities has risen year after year . There was a brief decrease and stabilization in 2015 - 2016, but those are the only years in the over two decades (1999 - on) I have been following vulnerability metrics. Other than that, it has be…KNOWBE4.COM
24 MarPTC warns of imminent threat from critical Windchill, FlexPLM RCE bugPTC Inc. is warning of a critical vulnerability in Windchill and FlexPLM, widely used product lifecycle management (PLM) solutions, that could allow remote code execution. [...]BLEEPINGCOMPUTER.COM
24 MarCloud workload security: Mind the gapsAs IT infrastructure expands, visibility and control often lag behind – until an incident forces a reckoningWELIVESECURITY.COM
24 MarZDI-26-226: (0Day) Microsoft Azure MCP AzureCliService Command Injection Remote Code Execution VulnerabilityThis vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Azure. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8.ZERODAYINITIATIVE.COM
24 MarMeet Tenable Hexa AI: Agentic AI for exposure managementMeet Tenable Hexa AI: the agentic engine of the Tenable One Exposure Management Platform. Learn how Tenable Hexa AI automates complex security workflows and transforms exposure intelligence into coordinated action to help your security team meaningfully reduce cyber risk. Key tak…TENABLE.COM
24 MarVU#577436: Hard coded credentials vulnerability in GoHarbor's HarborOverview GoHarbor's Harbor default admin password presents a security risk because it does not require change upon initial deployment. Description GoHarbor's Harbor is an open-source OCI-compliant container registry project that stores, signs, and manages container images. Harbor…KB.CERT.ORG
24 MarSpotting issues in DeFi with dimensional analysisUsing dimensional analysis, you can categorically rule out a whole category of logic and arithmetic bugs that plague DeFi formulas. No code changes required, just better reasoning! One of the first lessons in physics is learning to think in terms of dimensions . Physicists can of…TRAILOFBITS.COM
23 MarMicrosoft Xbox One HackedIt’s an impressive feat , over a decade after the box was released: Since reset glitching wasn’t possible, Gaasedelen thought some voltage glitching could do the trick. So, instead of tinkering with the system rest pin(s) the hacker targeted the momentary collapse of …SCHNEIER.COM
23 MarStartup Accused Of Helping Fake Privacy and Security AuditsCompliance Startup Audit-Faking Claims, Trivy Supply-Chain Backdoor, Russia Targets Signal/WhatsApp, and Iran-Linked Stryker Disruption Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired,…CYBERSECURITYTODAY.LIBSYN.COM
23 MarCISA orders feds to patch DarkSword iOS flaws exploited attacksCISA ordered U.S. government agencies to patch three iOS vulnerabilities targeted in cryptocurrency theft and cyberespionage attacks using the DarkSword exploit kit. [...]BLEEPINGCOMPUTER.COM
23 MarAqua’s Trivy Vulnerability Scanner Hit by Supply Chain AttackHackers published a malicious scanner release and replaced tags to point to information-stealer malware. The post Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack appeared first on SecurityWeek .SECURITYWEEK.COM
23 MarQNAP Patches Four Vulnerabilities Exploited at Pwn2OwnThe flaws could allow attackers to access sensitive information, execute code, or cause unexpected behavior. The post QNAP Patches Four Vulnerabilities Exploited at Pwn2Own appeared first on SecurityWeek .SECURITYWEEK.COM
23 MarTycoon 2FA Fully Operational Despite Law Enforcement TakedownAttack volumes are back to pre-disruption levels, and the adversary tactics have remained unchanged. The post Tycoon 2FA Fully Operational Despite Law Enforcement Takedown appeared first on SecurityWeek .SECURITYWEEK.COM
23 Mar⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & MoreAnother week, another reminder that the internet is still a mess. Systems people thought were secure are being broken in simple ways, showing many still ignore basic advisories. This edition covers a mix of issues: supply chain attacks hitting CI/CD setups, long-abused IoT device…THEHACKERNEWS.COM
23 MarWe Found Eight Attack Vectors Inside AWS Bedrock. Here's What Attackers Can Do with ThemAWS Bedrock is Amazon's platform for building AI-powered applications. It gives developers access to foundation models and the tools to connect those models directly to enterprise data and systems. That connectivity is what makes it powerful – but it’s also what makes Bedrock a t…THEHACKERNEWS.COM
23 MarThe ‘Urgency Trap’: Why Time Pressure is Your Biggest Email Red FlagThe old rules for spotting a phishing email are changing. Remember looking for bad grammar and clumsy spelling? Thanks to AI, hackers' emails are increasingly polished and hard to spot. But a new poll from KnowBe4 reveals the modern worker's most reliable alarm bell for a cyberat…KNOWBE4.COM
23 MarCritical QNAP QVR Pro Flaw Could Let Remote Attackers Access SystemsQNAP has released an urgent security advisory regarding a critical vulnerability affecting its QVR Pro application, a widely deployed network video surveillance solution. Disclosed on March 21, 2026, under the security advisory identifier QSA-26-07, this severe security flaw coul…GBHACKERS.COM
23 MarFaster attacks and ‘recovery denial’ ransomware reshape threat landscapeMandiant’s M-Trends 2026 report, released today at the RSA Conference, shows that attackers are moving faster, operating more collaboratively, and increasingly focusing on the systems organizations rely on to recover from breaches. The report , based on more than 500,000 hours of…CSOONLINE.COM
23 MarChrome ABE bypass discovered: New VoidStealer malware steals passwords and cookiesA new infostealer is bypassing Chrome’s Application-Bound Encryption ( ABE ), using a debugger-based technique researchers say hasn’t been seen in the wild before. Called “VoidStealer,” the stealer seems to have found a way around ABE, introduced in Chrome 127 in 2024, a security…CSOONLINE.COM
23 MarBehavioral XDR and threat intel nab North Korean fake IT worker within 10 days of hireThe North Korea fake IT worker scheme has become a pernicious threat across several industries. While best practices emphasize precautions throughout the hiring phase, once onboarded such operatives can be challenging to detect. Combinations of behavioral analytics, threat intell…CSOONLINE.COM
23 MarWhy US companies must be ready for quantum by 2030: A practical roadmapLast year, I asked a room of infrastructure, identity and application leaders a simple question: “Where in our environment do we rely on RSA or elliptic curve cryptography?” The first answers were the usual suspects: TLS on the edge, our VPN and the certificates on laptops. Then …CSOONLINE.COM
23 MarThe insider threat rises againInsider threats are coming back in a consequential way. According to the State of Human Risk Report from Mimecast, 42% of organizations have experienced an increase in malicious insider incidents over the past year, with 42% also reporting a rise in negligent incidents for the fi…CSOONLINE.COM
23 Marcpe-guesser 2.0 releasedsubmitted by cm0002 to cybersecurity 2 points | 0 comments https://www.vulnerability-lookup.org/2026/03/22/cpe-guesser-2.0-released/INFOSEC.PUB
23 MarPatch Now: Oracle's Fusion Middleware Has Critical RCE Flawsubmitted by kid to cybersecurity 4 points | 0 comments https://www.darkreading.com/vulnerabilities-threats/patch-oracle-fusion-middleware-rce-flawSH.ITJUST.WORKS
23 MarTrivy vulnerability scanner backdoored with credential stealer in supply chain attack | CSO Onlinesubmitted by kid to cybersecurity 12 points | 1 comments https://www.csoonline.com/article/4148317/trivy-vulnerability-scanner-backdoored-with-credential-stealer-in-supply-chain-attack.htmlSH.ITJUST.WORKS
23 MarWhy One-Time Pen Testing Isn’t EnoughAnnual pen tests no longer suffice in today’s fast-changing technology environment. The landscape demands continuous, adversarial testing for real-time risk assessment. Without modernizing security validation, organizations risk being overwhelmed by vulnerabilities that go unnoti…YOUTUBE.COM
23 MarSomeone has publicly leaked an exploit kit that can hack millions of iPhonesLeaked "DarkSword" exploits published to GitHub allow hackers and cybercriminals to target iPhone users running old versions of iOS with spyware, according to cybersecurity researchers.TECHCRUNCH.COM
23 MarA Vulnerability in Oracle Products Could Allow for Remote Code ExecutionA vulnerability has been discovered in Oracle Products that could allow for remote code execution. Oracle Identity Manager is an identity management product that automates user provisioning, identity administration, and password management, integrated in a comprehensive workflow …CISECURITY.ORG
23 MarI Built 7 MCP Servers for Security Tools. The Protocol Was the Easy Part.submitted by solomonneas to cybersecurity 2 points | 1 comments I built 7 MCP servers connecting AI agents to security tools. Here’s what I learned. The servers cover Wazuh (SIEM alerts, agent management, vulnerability scans), Zeek (network connection logs, DNS, SSL), Suricata (I…SH.ITJUST.WORKS
23 MarSomeone has publicly leaked an exploit kit that can hack millions of iPhonessubmitted by cm0002 to cybersecurity 5 points | 0 comments https://techcrunch.com/2026/03/23/someone-has-publicly-leaked-an-exploit-kit-that-can-hack-millions-of-iphones/INFOSEC.PUB
23 MarSecuring the AI Enterprise — Introducing Prisma AIRS 3.0Prisma AIRS 3.0 provides enterprise-grade visibility, assurance and control to secure your autonomous workforce. The post Securing the AI Enterprise — Introducing Prisma AIRS 3.0 appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
23 MarThe Cryptographic Reset Has BegunThe 200-day TLS certificates signals a structural change in cryptographic trust. Continuous enforcement is key. Discover Next-Generation Trust Security. The post The Cryptographic Reset Has Begun appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
23 MarM-Trends 2026: Data, Insights, and Strategies From the FrontlinesEvery year, the cyber threat landscape forces defenders to adapt to evolving adversary tactics, techniques, and procedures (TTPs). In 2025, Mandiant observed a clear divergence in adversary pacing that closely aligns with the trends we have been documenting for defenders over the…CLOUD.GOOGLE.COM
23 MarIAM policy types: How and when to use themJune 3, 2022: Original publication date of this post. This post has been updated to add the additional IAM policy types: Resource control policies. You manage access in AWS by creating policies and attaching them to AWS Identity and Access Management (IAM) principals (roles, user…AWS.AMAZON.COM
22 Mar KEVFIRESIDE CHAT: In the AI age, your MFA, authentication apps can be compromised in minutesThe authentication layer that corporate America spent a decade building is now a liability. Listen to the podcast: The day MFA became the problem That’s the blunt assessment of Kevin Surace, chairman of Token , a Rochester, N.Y.-based security company … (more…) The post FIR…LASTWATCHDOG.COM
21 MarThe Fundamental Mistake in Cybersecurity Risk ManagementCybersecurity Isn't Managing Risk—It's Managing Threats... And That's the Problem Host David Shipley speaks with Jeff Gardiner, a former university CISO and now at Morgan Stanley, about Gardiner's doctoral research arguing that cybersecurity has structurally misclassified "risk m…CYBERSECURITYTODAY.LIBSYN.COM
21 MarTrivy vulnerability scanner breach pushed infostealer via GitHub ActionsThe Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed credential-stealing malware through official releases and GitHub Actions. [...]BLEEPINGCOMPUTER.COM
21 MarTrivy vulnerability scanner backdoored with credential stealer in supply chain attackAttackers have compromised the widely used open-source Trivy vulnerability scanner, injecting credential-stealing malware into official releases and GitHub Actions used by thousands of CI/CD workflows. The breach could trigger a cascade of additional supply-chain compromises if i…CSOONLINE.COM
21 MarLinux Telnet Vulnerability ExposedCVE 2026.32746 is a newly disclosed Linux vulnerability affecting all major distributions via common libraries like iNet utils. Despite being linked to Telnet, often dismissed as obsolete, this flaw poses a wide-reaching threat, including to AI and MCP servers that still rely on …YOUTUBE.COM
20 Mar54 EDR Killers Use BYOVD to Exploit 34 Signed Vulnerable Drivers and Disable SecurityA new analysis of endpoint detection and response (EDR) killers has revealed that 54 of them leverage a technique known as bring your own vulnerable driver (BYOVD) by abusing a total of 34 vulnerable drivers. EDR killer programs have been a common presence in ransomware intrusion…THEHACKERNEWS.COM
20 MarProton Mail Shared User Information with the Police404 Media has a story about Proton Mail giving subscriber data to the Swiss government, who passed the information to the FBI. It’s metadata—payment information related to a particular account—but still important knowledge. This sort of thing happens, even to pr…SCHNEIER.COM
20 Mar KEVFBI Seizes Iran-Linked Handala Leak Site After Stryker Intune Wipe Attack: Cybersecurity TodayFBI Seizes Iran-Linked Handala Leak Site After Stryker Intune Wipe Attack; Apple iPhone Exploit Patch; North Korean Fake IT Workers Grow Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired…CYBERSECURITYTODAY.LIBSYN.COM
20 MarPolice take down 373,000 fake CSAM sites in Operation AliceAn international law enforcement action called Operation Alice has shut down over 373,000 dark web sites that offered fake CSAM packages. [...]BLEEPINGCOMPUTER.COM
20 MarTrivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD SecretsTrivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a month to deliver malware capable of stealing sensitive CI/CD secrets. The latest incident impacted GitHub Actions "aquasecurity/trivy-action" and "aq…THEHACKERNEWS.COM
20 MarMagento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account TakeoverSansec is warning of a critical security flaw in Magento's REST API that could allow unauthenticated attackers to upload arbitrary executables and achieve code execution and account takeover. The vulnerability has been codenamed PolyShell by Sansec owing to the fact that the atta…THEHACKERNEWS.COM
20 MarDoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS AttacksThe U.S. Department of Justice (DoJ) on Thursday announced the disruption of command-and-control (C2) infrastructure used by several Internet of Things (IoT) botnets like AISURU, Kimwolf, JackSkid, and Mossad as part of a court-authorized law enforcement operation. The effort als…THEHACKERNEWS.COM
20 MarApple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit AttacksApple is urging users who are still running an outdated version of iOS to update their iPhones to secure against web-based attacks carried out via powerful exploit kits like Coruna and DarkSword. These attacks employ malicious web content to target out-of-date versions of iOS, tr…THEHACKERNEWS.COM
20 MarAll aboard: the NIST Cybersecurity for IoT Program is headed to our next stop! Share your input on where we’re headed during our Future Directions Two-Day Workshop on March 31st.Workshop Details… We’re looking forward to hearing from the community during our “Future Directions” Workshop! Date: March 31 - April 1, 2026 Where: NIST’s Gaithersburg campus! Registration and Details: HERE Can’t make it? We still want to hear from you – email us at IoTSecurity …NIST.GOV
20 MarGSocket Backdoor Delivered Through Bash Script, (Fri, Mar 20th)Yesterday, I discovered a malicious Bash script that installs a GSocket backdoor on the victim's computer. I don't know the source of the script not how it is delivered to the victim.
ISC.SANS.EDU
20 MarCTI-REALM: A new benchmark for end-to-end detection rule generation with AI agentsExcerpt: CTI-REALM is Microsoft’s open-source benchmark for evaluating AI agents on real-world detection engineering—turning cyber threat intelligence (CTI) into validated detections. The post CTI-REALM: A new benchmark for end-to-end detection rule generation with AI agents appe…MICROSOFT.COM
20 MarStop using AI to submit bug reports, says GoogleGoogle will no longer accept AI-generated submissions to a program it funded to find bugs in open-source software. However, it is contributing to a separate program that uses AI to strengthen security in open-source code. The Google Open Source Software Vulnerability Reward Progr…CSOONLINE.COM
20 MarThe espionage reality: Your infrastructure is already in the collection pathThreat actors have always sought advantage over their targets. Recently we’ve seen two efforts designed for long-term intelligence gain. This activity surfaced right where you would expect inside the enterprise. Enterprises now sit directly in the adversary’s collection path. The…CSOONLINE.COM
20 MarAhab and Peewee Herman, Zoom, Vibe Hacking, SharePoint, Meta, AgeID, Josh Marpet - SWN #565Macbeth, Ahab, Peewee Herman, Microsoft, Zoom, Vibe Hacking, SharePoint, Meta, AgeID, Josh Marpet, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-565 00:00:00 S…YOUTUBE.COM
20 MarUnexpected Flaw in Laundry CardsA student used a Flipper Zero and AI assistance to reverse engineer an NFC-based laundry card and identify a flaw that allows transaction reversal. Even simple systems like prepaid cards can contain fundamental architectural weaknesses. Tools like Flipper Zero and AI coding assis…YOUTUBE.COM
20 MarCryptographers engage in war of words over RustSec bug reports and subsequent bansubmitted by floofloof to cybersecurity 3 points | 0 comments https://www.theregister.com/2026/03/20/cryptographer_nadim_kobeissi_rustsec_ban/ cross-posted from: infosec.pub/post/43738524 Rust security maintainers contend Nadim Kobeissi’s vulnerability claims are too much Since F…INFOSEC.PUB
20 MarAn Android physical security toolsubmitted by nemesis3856 to cybersecurity 8 points | 0 comments Source code and details: github.com/umutcamliyurt/Praesidium Praesidium is an Android security tool designed to protect devices from physical and software-level intrusion. Running as a persistent foreground service, …SH.ITJUST.WORKS
20 MarIntego X9: Never trust my updatesThis blog post dives into the most common classes of macOS Local Privilege Escalation vulnerabilities, from insecure XPC communications and time-of-check to time-of-use (TOCTOU) Race Conditions to a range of implementation and configuration oversights. We will explore how attacke…QUARKSLAB.COM
19 MarInteresting Message Stored in Cowrie Logs, (Wed, Mar 18th)This activity was found and reported by BACS student Adam ThormanÂ; ;as part of one of his assignments which I posted his final paper [; 1 ]; last week. This activity appeared to only have occurred on the…ISC.SANS.EDU
19 Mar KEVCisco Firewall Zero-Day Actively Exploited to Deliver Interlock RansomwareSecurity research has uncovered an active Interlock ransomware campaign exploiting a critical zero-day vulnerability in Cisco Secure Firewall Management Centre (FMC) software. Utilizing this unauthenticated remote code execution flaw via the Amazon MadPot network, threat actors c…GBHACKERS.COM
19 MarNew iOS Exploit Uses Advanced iPhone Hacking Tools to Steal Personal DataGoogle Threat Intelligence Group (GTIG) has uncovered a highly sophisticated iOS full-chain exploit dubbed DarkSword. Active since November 2025, this exploit leverages multiple zero-day vulnerabilities to compromise Apple devices running iOS 18.4 through 18.7 fully. DarkSword is…GBHACKERS.COM
19 MarScreenConnect Flaw Lets Hackers Steal Machine Keys and Hijack SessionsConnectWise has released a critical security update for its ScreenConnect remote desktop software to address a severe vulnerability that allows attackers to hijack user sessions. The flaw, which compromises the protection of server-level cryptographic material, prompted the compa…GBHACKERS.COM
19 MarAura Confirms Data Breach Exposing 900,000 Customer RecordsDigital security provider Aura has confirmed a data breach affecting approximately 900,000 user records following a targeted social engineering attack. The incident highlights the ongoing threat of sophisticated phishing campaigns aimed at bypassing technical defenses by exploiti…GBHACKERS.COM
19 MarAnthropic ban heralds new era of supply chain risk — with no clear playbookThe Trump administration’s decision to ban AI company Anthropic from Pentagon assets and other government systems as a “supply chain risk” could force CISOs into a position few have faced before: preparing to identify, isolate, and potentially remove a specific AI technology from…CSOONLINE.COM
19 MarCisco Firewall Vulnerability Exploited as Zero-Day in Interlock Ransomware AttacksAmazon found evidence that the FMC software vulnerability has been exploited since late January, and found links to Russia. The post Cisco Firewall Vulnerability Exploited as Zero-Day in Interlock Ransomware Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
19 MarYour MFA isn’t broken — it’s being bypassed, and your employees can’t tell the differenceMulti-factor authentication was supposed to be the solution. For years, security teams have told employees that MFA would keep them safe. Password stolen? No problem — attackers still need that second factor. But adversary-in-the-middle (AiTM) phishing has changed everything. The…CSOONLINE.COM
19 MarHacking a Robot VacuumSomeone tries to remote control his own DJI Romo vacuum, and ends up controlling 7,000 of them from all around the world. The IoT is horribly insecure, but we already knew that .SCHNEIER.COM
19 MarDarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device TakeoverA new exploit kit for Apple iOS devices designed to steal sensitive data from is being wielded by multiple threat actors since at least November 2025, according to reports from Google Threat Intelligence Group (GTIG), iVerify, and Lookout. According to GTIG, multiple commercial s…THEHACKERNEWS.COM
19 MarCritical Microsoft SharePoint flaw now exploited in attacksA critical Microsoft SharePoint vulnerability patched in January is now being exploited in attacks, the Cybersecurity and Infrastructure Security Agency (CISA) warned. [...]BLEEPINGCOMPUTER.COM
19 MarPyronut Package Backdoors Telegram Bots With RCEMalicious ‘Pyronut’ is a trojanized Python package that backdoors Telegram bots and userbots, giving attackers remote code execution over both the Telegram session and the underlying host system. The malicious package , pyronut , was uploaded to PyPI as a fake alternative to pyr…GBHACKERS.COM
19 MarThe multi-billion dollar mistake: Why cloud misconfigurations are your biggest security threatLast year, most businesses faced a cloud security incident. Here’s what stands out — it wasn’t sophisticated cybercriminals behind these events. Instead, basic errors opened the door. According to the Cloud Security Alliance’s 2024 report on risks in cloud computing , misconfigur…CSOONLINE.COM
19 MarCISA urges US orgs to secure Microsoft Intune systems after Stryker breachCISA warned U.S. organizations to follow Microsoft guidance to strengthen the Intune endpoint management tool after a cyberattack exploited it to wipe medical technology giant Stryker's systems. [...]BLEEPINGCOMPUTER.COM
19 MarClaude Vulnerabilities Allow Data Exfiltration and Malicious Redirect AttacksSecurity researchers recently uncovered a critical attack chain within Anthropic’s Claude.ai platform. Dubbed “Claudy Day,” this vulnerability sequence allows attackers to silently extract sensitive user data through prompt manipulation and malicious redirects. …GBHACKERS.COM
19 MarCISA orders feds to patch Zimbra XSS flaw exploited in attackssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-zimbra-xss-flaw-exploited-in-attacks/SH.ITJUST.WORKS
19 MarRussian APT Exploits Zimbra Vulnerability Against UkraineInsufficient sanitization of CSS content within HTML emails leads to inline script execution when the message is opened in a browser. The post Russian APT Exploits Zimbra Vulnerability Against Ukraine appeared first on SecurityWeek .SECURITYWEEK.COM
19 MarNew Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive DataCybersecurity researchers have disclosed a new Android malware family called Perseus that's being actively distributed in the wild with an aim to conduct device takeover (DTO) and financial fraud. Perseus is built upon the foundations of Cerberus and Phoenix, at the same time evo…THEHACKERNEWS.COM
19 Mar7 Ways to Prevent Privilege Escalation via Password ResetsPassword resets are often weaker than login security, making them a prime target for privilege escalation. Specops Software explains how attackers abuse reset workflows and how to secure them. [...]BLEEPINGCOMPUTER.COM
19 MarCybersecurity Responsibility Is ShiftingA new shift in cybersecurity policy is placing more responsibility on state and local governments instead of relying primarily on federal leadership. This creates a coordination challenge across government, private industry, and education. Local entities may lack the resources, e…YOUTUBE.COM
19 MarThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & MoreThreatsDay Bulletin is back on The Hacker News, and this week feels off in a familiar way. Nothing loud, nothing breaking everything at once. Just a lot of small things that shouldn’t work anymore but still do. Some of it looks simple, almost sloppy, until you see how well …THEHACKERNEWS.COM
19 MarRussian hackers exploit Zimbra flaw in Ukrainian govt attacksHackers part of APT28, a state-backed threat group linked to Russia's military intelligence service (GRU), are exploiting a Zimbra Collaboration Suite (ZCS) vulnerability in attacks targeting Ukrainian government entities. [...]BLEEPINGCOMPUTER.COM
19 MarBeijing wants its own quantum-resistant encryption standards rather than adopt NIST’sChina is reportedly planning to develop its own national post-quantum cryptography standards within the next three years, even as most of the world has already begun migrating to those finalized by the US in 2024 . Post-quantum cryptography deals with algorithms that can protect …CSOONLINE.COM
19 MarCritical ScreenConnect Vulnerability Exposes Machine KeysLatest ScreenConnect version adds encrypted storage and management to prevent unauthorized access to machine keys. The post Critical ScreenConnect Vulnerability Exposes Machine Keys appeared first on SecurityWeek .SECURITYWEEK.COM
19 MarPrivacy Platform Cloaked Raises $375M to Expand Consumer Tools and Enterprise ReachCloaked plans to introduce AI agents designed to act on behalf of users to monitor, manage, and enforce privacy preferences and security postures. The post Privacy Platform Cloaked Raises $375M to Expand Consumer Tools and Enterprise Reach appeared first on SecurityWeek .SECURITYWEEK.COM
19 MarNews alert: SpyCloud study reveal stolen tokens, session data fuel surge in non-human identity attacksAUSTIN, Texas, Mar. 19, 2026, CyberNewswire — SpyCloud , the leader in identity threat protection, today released its annual 2026 Identity Exposure Report , one of the most comprehensive analyses of stolen credentials and identity exposure data circulating in the … (more…) …LASTWATCHDOG.COM
19 Mar KEVAnton’s Security Blog Quarterly Q1 2026My Anton’s Security Blog (And Podcast!) Quarterly this covers both Anton on Security and my posts from Google Cloud blog , Google Cloud community blog , and our Cloud Security Podcast ( subscribe on Spotify, now with VIDEO ). Gemini image for this Top 10 posts with the most lifet…MEDIUM.COM
19 MarCISA urges IT to harden endpoint management systems after cyberattack by pro-Iranian groupThe US is urging infosec leaders to harden their endpoint management system configurations after last week’s hack of American medical supplies provider Stryker by pro-Iranian threat actor Handala. The warning from the US Cybersecurity and Infrastructure Security Agency (CISA) is …CSOONLINE.COM
19 MarThat cheap KVM device could expose your network to remote compromiseResearchers have found nine vulnerabilities in four popular low-cost KVM-over-IP devices, ranging from unauthenticated command injection to weak authentication defenses and insecure firmware updates. The flaws are particularly concerning given the growing presence of such devices…CSOONLINE.COM
19 MarSpyCloud’s 2026 Identity Exposure Report Reveals Explosion of Non-Human Identity TheftNew Report Highlights Surge in Exposed API Keys, Session Tokens, and Machine Identities, and more. SpyCloud , the leader in identity threat protection, today released its annual 2026 Identity Exposure Report , one of the most comprehensive analyses of stolen credentials and ident…CSOONLINE.COM
19 MarHacking IP KVMs & Reversing with Radare2 - Sergi Àlvarez - PSW #918In this episode, we sit down with the Radare community leader, Pancake, the creator of the Radare2 reverse engineering framework. Whether you’ve never heard of Radare, already use it daily, or are thinking about contributing to its development, this conversation will demystify wh…YOUTUBE.COM
19 MarBuilding an Adversarial Consensus Engine | Multi-Agent LLMs for Automated Malware AnalysisSingle-tool LLM analysis produces reports that look authoritative but aren't. A serial consensus pipeline catches artifacts and hallucinations at source.SENTINELONE.COM
19 MarLinux & Cloud Detection Engineering - Getting Started with Defend for Containers (D4C)This technical resource provides a comprehensive walkthrough of Elastic’s Defend for Containers (D4C) integration, covering Kubernetes-based deployment, the analysis of BPF-enriched runtime telemetry, and the practical application of policy-driven security controls to monitor and…ELASTIC.CO
18 MarAnother Medicat Device Firm HitMedical Device Breaches, Anti-Scam Pledge Scrutiny, AI Font Trick, and Iran-Linked Cyber Updates. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrat…CYBERSECURITYTODAY.LIBSYN.COM
18 MarAWS Bedrock AgentCore Sandbox Bypass Enables Stealthy C2 and Data ExfiltrationA newly disclosed vulnerability in AWS Bedrock AgentCore Code Interpreter allows threat actors to bypass network isolation and establish stealthy command-and-control (C2) channels. AWS originally advertised this mode as providing complete isolation without external access, resear…GBHACKERS.COM
18 MarFake Telegram Download Site Delivers Stealthy In-Memory Malware LoaderA newly discovered malware campaign is exploiting user trust in Telegram by distributing a trojanized installer through a typosquatted website, telegrgam[.]com. The site closely mimics the official Telegram download portal and delivers a malicious executable named tsetup-x64.6.ex…GBHACKERS.COM
18 MarCISOs rethink their data protection strategiesScott Kopcha witnessed what CISOs everywhere are seeing: employees eager to use artificial intelligence, whether through public models or custom AI tools, accessing company data at a breathtaking rate and volume. Kopcha already had a mature data protection strategy in place; as a…CSOONLINE.COM
18 MarAura - 903,080 breached accountsIn March 2026, the online safety service Aura disclosed a data breach that exposed 900k unique email addresses . The data was primarily associated with a marketing tool from a previously acquired company, with fewer than 20k active Aura customers affected. Exposed data included n…HAVEIBEENPWNED.COM
18 MarFrom Misconfigured Spring Boot Actuator to SharePoint Exfiltration: How Stolen Credentials Bypass MFANot every cloud breach starts with malware or a zero-day. In this incident, attackers discovered an exposed Spring Boot Actuator endpoint, harvested credentials from leaked configuration data, then used the OAuth2 Resource Owner Password Credentials (ROPC) flow to authenticate wi…TRENDMICRO.COM
18 MarCybersecurity and privacy priorities for 2026: The legal risk mapEscalating cybersecurity threats and growing privacy concerns lurk around every corner these days. Evolving technology and mounting regulations continue to present both the perils and solutions. All players — public and private, organizations and individuals alike — are to conque…CSOONLINE.COM
18 MarClickFix treibt neue Infostealer-Kampagnen anClickFix-Kampagnen werden immer raffinierter und zielen verstärkt auf WordPress-Webseiten. Gorodenkoff | shutterstock.com Cyberkriminelle kombinieren kompromittierte Websites mit immer raffinierteren Social-Engineering-Köder-Methoden, um neue Infostealer-Malware zu verbreiten. Be…CSOONLINE.COM
18 MarCan you prove the person on the other side is real?In my role, I spend a lot of time thinking about what “trust” means when money, grief and identity collide. By 2026, the real competition in our space won’t be who automates fastest or offers the most AI features. It will be who can still tell a legitimate executor, beneficiary o…CSOONLINE.COM
18 MarResearcher Discovers 4th WhatsApp View Once Bypass; Meta Won’t PatchMeta does not plan on fixing the vulnerability because it involves the use of a modified client application. The post Researcher Discovers 4th WhatsApp View Once Bypass; Meta Won’t Patch appeared first on SecurityWeek .SECURITYWEEK.COM
18 MarForceMemo Hijacks GitHub Accounts, Backdoors Python ReposForceMemo is an active software supply‑chain campaign hijacking GitHub accounts and silently backdooring Python repositories via force‑pushed commits that look legitimate in the web UI. It builds on GlassWorm’s stolen‑token ecosystem and uses the Solana blockchain as a resilient …GBHACKERS.COM
18 MarReco targets AI agent blind spots with new security capabilitySaaS security platform Reco has decided to address the “agent sprawl” challenge from the increased adoption of AI-driven tools by enterprises. It argues that enterprises are faced with a security situation as numerous autonomous agents now traverse multiple systems, accessing sen…CSOONLINE.COM
18 MarApple WebKit Security Flaw Exposes iOS and macOS Users to Content-Based Bypass AttacksApple has released emergency security updates to address a critical WebKit vulnerability that currently exposes iPhone, iPad, and Mac users to sophisticated content-based bypass attacks. Delivered seamlessly via the Background Security Improvements mechanism on March 17, 2026, th…GBHACKERS.COM
18 MarCrypto e-commerce platform Bitrefill accuses North Korea of stealing 18,500 purchase records | The Record from Recorded Future Newssubmitted by kid to cybersecurity 1 points | 0 comments https://therecord.media/crypto-platform-accuses-north-korea-hackSH.ITJUST.WORKS
18 MarThe Refund Fraud Economy: Exploiting Major Retailers and Payment PlatformsRefund fraud is now a business, with methods and tutorials sold to exploit return policies for profit. Flare shows how fraudsters turn refunds and chargebacks into a repeatable profit model. [...]BLEEPINGCOMPUTER.COM
18 MarNew “Darksword” iOS exploit used in infostealer attack on iPhonesA new exploit kit for iOS devices and delivery framework dubbed "Darksword" has been used to steal a wide range of personal information, including data from cryptocurrency wallet app. [...]BLEEPINGCOMPUTER.COM
18 Mar‘DarkSword’ iOS Exploit Kit Used by State-Sponsored Hackers, Spyware VendorsTargeting six iOS vulnerabilities and leading to full device compromise, the exploit chain is meant for surveillance. The post ‘DarkSword’ iOS Exploit Kit Used by State-Sponsored Hackers, Spyware Vendors appeared first on SecurityWeek .SECURITYWEEK.COM
18 MarRansomware gang exploits Cisco flaw in zero-day attacks since JanuaryThe Interlock ransomware gang has been exploiting a maximum severity remote code execution (RCE) vulnerability in Cisco's Secure Firewall Management Center (FMC) software in zero-day attacks since late January. [...]BLEEPINGCOMPUTER.COM
18 MarAI Reinforces Your BiasAI systems can pick up on user language and reinforce it throughout a conversation. Even casual framing—like praising a coding technique—can influence responses and steer the model toward agreement. This creates a subtle but serious risk: AI may present biased or incorrect ideas …YOUTUBE.COM
18 MarConnectWise patches new flaw allowing ScreenConnect hijackingConnectWise is warning ScreenConnect customers of a cryptographic signature verification vulnerability that could lead to unauthorized access and privilege escalation. [...]BLEEPINGCOMPUTER.COM
18 MarShipping-Themed Phishing Scams Target the Middle East and AfricaA surge in shipping-related phishing scams is targeting the Middle East and Africa (MEA) region, according to researchers at Group-IB.KNOWBE4.COM
18 MarThe Collapse of Predictive Security in the Age of Machine-Speed AttacksWith exploitation of vulnerabilities taking just days, preemptive security must be the new model for defenders. The post The Collapse of Predictive Security in the Age of Machine-Speed Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
18 Mar KEVCISA orders feds to patch Zimbra XSS flaw exploited in attacksCISA has ordered U.S. government agencies to secure their servers against an actively exploited vulnerability in the Zimbra Collaboration Suite (ZCS). [...]BLEEPINGCOMPUTER.COM
18 MarCISA Urges Endpoint Management System Hardening After Cyberattack Against US OrganizationCISA is aware of malicious cyber activity targeting endpoint management systems of U.S. organizations based on the March 11, 2026 cyberattack against U.S.-based medical technology firm Stryker Corporation, which affected their Microsoft environment. 1 To defend against similar ma…CISA.GOV
17 MarGlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python ReposThe GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repositories. "The attack targets Python projects — including Django apps, ML research code, Streamlit dashboards, and PyPI pac…THEHACKERNEWS.COM
17 MarNew CondiBot Variant and ‘Monaco’ Miner Target More Network DevicesOver the past few years, the enterprise attack surface has shifted decisively toward network infrastructure, with attackers increasingly abusing routers, VPNs, firewalls, and other edge devices for initial access and long‑term persistence. Research from Verizon and others has doc…GBHACKERS.COM
17 Mar KEVCISA Alerts Users to Exploited Chrome 0-Day FlawsThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding two highly critical zero-day vulnerabilities. These flaws, which primarily affect Google Chrome and its underlying technologies, are currently being exploited in the wild by malicio…GBHACKERS.COM
17 MarRuntime: The new frontier of AI agent securityAI agents are already operating inside enterprise networks, quietly doing some of the work employees once handled themselves — writing code, drafting emails, retrieving files, and connecting to internal systems. Sometimes they also make costly mistakes. At Meta, an employee asked…CSOONLINE.COM
17 MarWebFiling Flaw at UK Companies House Exposed Director Data for MonthsThe UK Companies House recently disclosed a significant security vulnerability in its WebFiling service that exposed sensitive director information for several months. Chief Executive Andy King confirmed that the flaw was initially introduced during a system update in October 202…GBHACKERS.COM
17 Mar KEVCISA Issues Alert on Wing FTP Server Vulnerability Used in AttacksThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent security alert regarding a critical vulnerability in the Wing FTP Server. On March 16, 2026, the agency officially added this security flaw to its Known Exploited Vulnerabilities (KEV) catalog. This …GBHACKERS.COM
17 MarCreating Better Security Guidance and Code with LLMs - Mark Curphey - ASW #374What happens when secure coding guidance goes stale? What happens LLMs write code from scratch? Mark Curphy walks us through his experience updating documentation for writing secure code in Go and recreating one of his own startups. One of the themes of this conversation is how i…YOUTUBE.COM
17 MarSouth Korean Police Accidentally Post Cryptocurrency Wallet PasswordAn expensive mistake : Someone jumped at the opportunity to steal $4.4 million in crypto assets after South Korea’s National Tax Service exposed publicly the mnemonic recovery phrase of a seized cryptocurrency wallet. The funds were stored in a Ledger cold wallet seized in …SCHNEIER.COM
17 MarMicrosoft Launches AI-Driven Troubleshooting for Purview Data Lifecycle ToolsMicrosoft has officially released a new open-source tool designed to simplify how IT and security administrators manage data governance. Announced on March 16, 2026, the DLM Diagnostics Model Context Protocol (MCP) Server brings artificial intelligence directly into the troublesh…GBHACKERS.COM
17 MarAWS Bedrock’s ‘isolated’ sandbox comes with a DNS escape hatchAWS’ promise of “complete isolation” for agentic AI workflows on Bedrock is facing scrutiny after researchers found its sandbox mode isn’t as sealed as advertised. In a recent disclosure, BeyondTrust detailed how the “Sandbox” mode in AWS Bedrock AgentCore’s Code Interpreter can …CSOONLINE.COM
17 MarGlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repossubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2026/03/glassworm-attack-uses-stolen-github.htmlSH.ITJUST.WORKS
17 MarLeakNet ransomware uses ClickFix and Deno runtime for stealthy attacksThe LeakNet ransomware gang is now using the ClickFix technique for initial access into corporate environments and deploys a malware loader based on the open-source Deno runtime for JavaScript and TypeScript. [...]BLEEPINGCOMPUTER.COM
17 Mar KEVCISA flags Wing FTP Server flaw as actively exploited in attackssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/cisa-flags-wing-ftp-server-flaw-as-actively-exploited-in-attacks/SH.ITJUST.WORKS
17 Mar174 Vulnerabilities Targeted by RondoDox BotnetThe botnet has increased its activity, peaking at 15,000 exploitation attempts per day, and taking a more targeted approach. The post 174 Vulnerabilities Targeted by RondoDox Botnet appeared first on SecurityWeek .SECURITYWEEK.COM
17 MarIranian Hackers Use Compromised Cameras for Regional SurveillanceIranian cyber actors are expanding operations targeting US organizations while also exploiting internet-connected cameras across the Middle East for intelligence collection and battlefield awareness. Recent incidents tied to APT group MuddyWater, camera‑focused infrastructure, an…GBHACKERS.COM
17 MarMicrosoft stops force-installing the Microsoft 365 Copilot appMicrosoft has stopped automatically installing the Microsoft 365 Copilot app on Windows devices outside the European Economic Area (EEA) that have the Microsoft 365 desktop client apps. [...]BLEEPINGCOMPUTER.COM
17 MarOutdated OWASP AdviceThe OWASP Go Secure Coding Practices project contains outdated libraries and flawed advice that can lead to insecure code. Relying on stale or incorrect security guidance can cause developers—and AI code generators—to produce vulnerable applications. This hidden risk undermines s…YOUTUBE.COM
17 MarUK Companies House Exposed Details of Millions of FirmsThe government agency confirmed the vulnerability could have been exploited to obtain company details and alter records. The post UK Companies House Exposed Details of Millions of Firms appeared first on SecurityWeek .SECURITYWEEK.COM
17 MarTech Giants Invest $12.5 Million in Open Source SecurityAnthropic, AWS, Google, Microsoft, and OpenAI fund the Linux Foundation’s long-term security initiatives focused on open source software. The post Tech Giants Invest $12.5 Million in Open Source Security appeared first on SecurityWeek .SECURITYWEEK.COM
17 MarAI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCECybersecurity researchers have disclosed details of a new method for exfiltrating sensitive data from artificial intelligence (AI) code execution environments using domain name system (DNS) queries. In a report published Monday, BeyondTrust revealed that Amazon Bedrock AgentCore …THEHACKERNEWS.COM
17 MarEnd / Collapse: New Code, New RisksNot all vulnerabilities come from legacy systems; sometimes new code introduces serious security flaws like SQL injection or XSS. When fresh code contains vulnerabilities, it signals gaps in the security process and oversight, making it a bigger failure than discovering old, unpa…YOUTUBE.COM
17 MarApple rolls out first ‘background security’ update for iPhones, iPads, and Macs to fix Safari bugApple's first-ever "background security improvement" fixes a vulnerability in its Safari browser running its latest software.TECHCRUNCH.COM
17 MarAnton’s Vibe Coding Experience: A Reflection on Risk DecisionsLook, I’m not a developer, and the last time I truly “wrote code” was probably a good number of years ago (and it was probably Perl so you may hate me). I am also not an appsec expert (as I often remind people). Below I am describing my experience “vibe coding” an application. Be…MEDIUM.COM
17 MarMalware Hiding on SteamSeveral games on Steam were found to contain malware, impacting users who downloaded them between 2024 and 2026. The FBI is actively investigating and asking affected users to come forward. This challenges a core assumption: that trusted platforms are inherently safe. As users gr…YOUTUBE.COM
17 MarLABScon25 Replay | Your Apps May Be Gone, But the Hackers Made $9 Billion and They’re Still HereAndrew MacPherson exposes how crypto thieves exploit DeFi architecture, from the $1.5 billion Bybit heist to drainers-as-a-service and fund laundering.SENTINELONE.COM
17 MarInvesting in the people shaping open source and securing the future togetherSee how GitHub is investing in open source security funding maintainers, partnering with Alpha-Omega, and expanding access to help reduce burden and strengthen software supply chains. The post Investing in the people shaping open source and securing the future together appeared f…GITHUB.BLOG
17 MarGet started with Elastic Security from your AI agentGo from zero to a fully populated Elastic Security environment without leaving your IDE, using open source Agent Skills.ELASTIC.CO
16 MarNotorious Hacker Group "The Comm," Operation Synergia Takedown, Stryker Cyberattack Update & MoreAlleged Canadian 'The Comm' Hacker Arrested, Interpol's Operation Synergia Takedown, Stryker Cyberattack Update and more.. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and…CYBERSECURITYTODAY.LIBSYN.COM
16 MarMicrosoft Issues Out-of-Band Patch for Critical Windows 11 RRAS RCE FlawsMicrosoft released an urgent out-of-band security update on March 13, 2026, to address a series of critical vulnerabilities in Windows 11. The update, identified as hotpatch KB5084597, specifically resolves Remote Code Execution (RCE) flaws within the Windows Routing and Remote A…GBHACKERS.COM
16 MarAttackers Exploit Teams, Quick Assist to Deploy Stealthy A0BackdoorAttackers are evolving a well-known Microsoft Teams and Quick Assist social-engineering playbook to install a new, stealthy backdoor dubbed A0Backdoor. The campaign closely mirrors activity previously attributed to Blitz Brigantine (also tracked as Storm‑1811), a financially moti…GBHACKERS.COM
16 MarClickFix techniques evolve in new infostealer campaignsCybercriminals are combining compromised websites with increasingly sophisticated ClickFix social engineering lures to deliver new infostealer malware, with one campaign alone weaponizing more than 250 WordPress sites across 12 countries. The campaign leads to stealthy in-memory …CSOONLINE.COM
16 MarWhat it takes to win that CSO roleCSO and CISO roles are among the hardest to fill in IT. Which should be good news for cybersecurity professionals that aspire to leadership positions as the organization’s top security exec. For those that do, the authority, clout, pay, and benefits are increasing significantly. …CSOONLINE.COM
16 MarAI Governance, new book (Code War) from Allie Mellen, and the weekly news! - ESW #450Interview with Jeremy Snyder from FireTail about AI Governance Death by a thousand cuts: the AI shadow IT problem I think the best description of the AI governance problem during this interview was the title of the award-winning movie, __Everything, Everywhere, All At Once__. Gen…YOUTUBE.COM
16 MarDRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth EspionageUkrainian entities have emerged as the target of a new campaign likely orchestrated by threat actors linked to Russia, according to a report from S2 Grupo's LAB52 threat intelligence team. The campaign, observed in February 2026, has been assessed to share overlaps with a prior c…THEHACKERNEWS.COM
16 MarMEA Shipment Phishing Scams Surge, Stealing Banking Data in Real TimeEvery day, billions of people rely on postal and courier services to deliver everything from handwritten letters to high value online orders.The rapid growth of global e-commerce has made parcel delivery services a critical part of everyday life. According to the Universal Postal…GBHACKERS.COM
16 MarOpen VSX extensions hijacked: GlassWorm malware spreads via dependency abuseThreat actors are abusing extension dependency relationships in the Open VSX registry to indirectly deliver malware in a new phase of the GlassWorm supply-chain campaign. Researchers at Socket said they have identified at least 72 additional malicious Open VSX extensions linked t…CSOONLINE.COM
16 MarForceMemo: Python Repositories Compromised in GlassWorm AftermathHundreds of GitHub accounts were accessed using credentials stolen in the VS Code GlassWorm campaign. The post ForceMemo: Python Repositories Compromised in GlassWorm Aftermath appeared first on SecurityWeek .SECURITYWEEK.COM
16 MarBetterleaks Launches as Open-Source Tool for Scanning Files, Directories, and Git RepositoriesZach Rice, the original creator of the widely popular secret scanning tool Gitleaks, has officially launched its successor, Betterleaks. Sponsored by Aikido Security, this new open-source project aims to be a faster, smarter, and highly configurable replacement for finding hardco…GBHACKERS.COM
16 MarRondoDox Botnet Scales Up, Exploiting 174 Vulnerabilities via Residential IPsRondoDox is a Mirai‑style botnet that has quickly evolved into a highly automated exploitation engine, chaining 174 vulnerabilities with large‑scale use of compromised residential IP infrastructure. This explosive growth widens the global attack surface, especially as many vendo…GBHACKERS.COM
16 MarWhy Security Validation Is Becoming AgenticIf you run security at any reasonably complex organization, your validation stack probably looks something like this: a BAS tool in one corner. A pentest engagement, or maybe an automated pentesting product, in another. A vulnerability scanner feeding an attack surface management…THEHACKERNEWS.COM
16 MarClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool InstallersThree different ClickFix campaigns have been found to act as a delivery vector for the deployment of a macOS information stealer called MacSync. "Unlike traditional exploit-based attacks, this method relies entirely on user interaction – usually in the form of copying and executi…THEHACKERNEWS.COM
16 MarChrome 146 Update Patches Two Exploited Zero-Days - SecurityWeeksubmitted by kid to cybersecurity 1 points | 0 comments https://www.securityweek.com/chrome-146-update-patches-two-exploited-zero-days/SH.ITJUST.WORKS
16 MarHandala Hackers Exploit RDP and NetBird in Coordinated Wiper AttacksHandala Hack is an Iranian state-linked destructive actor that combines old-school RDP-heavy intrusions with new tools like NetBird and AI-assisted wipers to devastate victim networks rapidly. Handala Hack is an online persona operated by Void Manticore (also tracked as Red Sands…GBHACKERS.COM
16 MarWhy Cyber Attribution Gets ComplicatedCyber attribution—the process of determining who conducted a cyber attack—is one of the hardest problems in cybersecurity. Evidence is often incomplete, indirect, or intentionally misleading. Even when attacks appear to target specific countries, proving which nation carried them…YOUTUBE.COM
16 Mar⚡ Weekly Recap: Chrome 0-Days, Router Botnets, AWS Breach, Rogue AI Agents & MoreSome weeks in security feel normal. Then you read a few tabs and get that immediate “ah, great, we’re doing this now” feeling. This week has that energy. Fresh messes, old problems getting sharper, and research that stops feeling theoretical real fast. A few bits hit a little too…THEHACKERNEWS.COM
16 Mar KEVCISA flags Wing FTP Server flaw as actively exploited in attacksCISA warned U.S. government agencies to secure their Wing FTP Server instances against an actively exploited vulnerability that may be chained in remote code execution attacks. [...]BLEEPINGCOMPUTER.COM
16 MarTrendAI™ Supports Global Law Enforcement EffortsLearn how TrendAI™ and our researchers contributed threat intelligence and analysis to support INTERPOL against cybercrime.TRENDMICRO.COM
16 MarVU#624941: LibreChat RAG API contains a log-injection vulnerabilityOverview A log-injection vulnerability in the LibreChat RAG API, version 0.7.0, is caused by improper sanitization of user-supplied input written to system logs. An authenticated attacker can forge or manipulate log entries by inserting CRLF characters, compromising the integrity…KB.CERT.ORG
15 MarDivine Skins - 105,814 breached accountsIn March 2026, the League of Legends custom skins service Divine Skins suffered a data breach . The incident was disclosed via the service's Discord server, where Divine Skins stated that an unauthorised third party accessed part of its systems, deleted all skins from the databas…HAVEIBEENPWNED.COM
15 MarHow do I Send a Secure Email in Outlook?Sending an unsecured email can be likened to writing sensitive information on a sticky note and leaving it on someone else's desk: anybody can intercept and share that information. Fortunately, there are ways to ensure your emails are safe from the prying eyes of hackers through …KNOWBE4.COM
15 MarBetterleaks, a new open-source secrets scanner to replace GitleaksA new open-source tool called Betterleaks can scan directories, files, and git repositories and identify valid secrets using default or customized rules. [...]BLEEPINGCOMPUTER.COM
📋 SECURITY BULLETINS 46[+]
11 JunMicrosoft fixes BitLocker recovery bug on Windows Server 2025Microsoft has resolved a known issue causing some Windows Server 2025 devices to boot into BitLocker recovery after installing the April 2026 security update. [...]BLEEPINGCOMPUTER.COM
10 JunICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Phoenix ContactIn addition, Rockwell Automation announced some enhancements to its SecureOT cybersecurity solution for OT. The post ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Phoenix Contact appeared first on SecurityWeek .SECURITYWEEK.COM
9 JunMicrosoft releases Windows 10 KB5094127 extended security updateMicrosoft has released the Windows 10 KB5094127 extended security update, which fixes the June 2026 Patch Tuesday vulnerabilities and adds new functionality to monitor the rollout of updated Secure Boot certificates that replace those expiring this month. [...]BLEEPINGCOMPUTER.COM
9 JunMicrosoft breaks Patch Tuesday record with 206 vulnerabilitiesFears and warnings about a roaring flood of error-riddled software have materialized. And the disease is spreading. The post Microsoft breaks Patch Tuesday record with 206 vulnerabilities appeared first on CyberScoop .CYBERSCOOP.COM
9 JunMicrosoft Patch Tuesday for June 2026 — Snort rules and prominent vulnerabilitiesMicrosoft Patch Tuesday details for June 2026.TALOSINTELLIGENCE.COM
8 JunMicrosoft changes how Defender for Endpoint EDR updates are delivered on WindowsMicrosoft will distribute Defender for Endpoint EDR updates through Microsoft Update, enabling EDR security improvements to be released independently of monthly Windows operating system updates. The rollout started for Windows 10 devices in late May 2026 and will expand to Window…HELPNETSECURITY.COM
5 JunJune 2026 Patch Tuesday forecast: Where are the CVEs?My forecast from last month was only partly right. After the Anthropic Mythos announcements and the deluge of newly discovered vulnerabilities from vendors like Mozilla, Microsoft’s updates were standard fare, 65 CVEs reported in Windows 11 and 58 in Windows 10. The Microsoft Off…HELPNETSECURITY.COM
1 JunMicrosoft fixes KB5089549 Windows security update install issuesMicrosoft has resolved a known issue causing installation failures and 0x800f0922 errors when deploying the May 2026 Windows 11 security update (KB5089549). [...]BLEEPINGCOMPUTER.COM
26 MayMicrosoft: Domain Controller lookup may fail on Windows Server 2016Microsoft has confirmed a new known issue affecting Windows Server 2016 systems that causes domain controller lookups to fail after installing the KB5087537 May 2026 security update. [...]BLEEPINGCOMPUTER.COM
21 MayGoogle Chrome Security Flaws Could Let Attackers Execute Code RemotelyGoogle has released a critical security update for its Chrome browser, addressing multiple vulnerabilities that could allow attackers to execute arbitrary code on affected systems. The update, now rolling out to users globally, upgrades Chrome to version 148.0.7778.178/179 for Wi…GBHACKERS.COM
20 MaySmashing Security podcast #468: High-speed train hacks and homicidal lawnmowersA 23-year-old radio enthusiast spent £300 on a piece of kit from the internet, and used it to bring four packed high-speed trains to a screeching halt. His defence in court? Possibly the most creative excuse we've heard all year. Meanwhile, owners of $4,000 robot lawnmowers are d…GRAHAMCLULEY.COM
19 MaymacOS Malware Abuses Fake Google Update for PersistenceA newly observed variant of the SHub macOS infostealer, dubbed “Reaper,” is expanding its capabilities with stealthier delivery, enhanced data theft, and a persistence mechanism disguised as a legitimate Google software update. The Reaper variant continues SHub’s use of fake appl…GBHACKERS.COM
19 MayDrupal is rolling out an emergency security update on May 20. You cannot miss itDrupal Is Pushing an Emergency Security Update Tomorrow. If You Run a Drupal Site, This Is Not One to Miss. Something significant is coming out of the Drupal project tomorrow, and the way the announcement is worded should be enough to get any site administrator’s attention.…SECURITYAFFAIRS.COM
15 MayGoogle Patches 79 Chrome Security Vulnerabilities, 14 Rated CriticalGoogle has rolled out a major Chrome security update, fixing 79 vulnerabilities in the Stable channel, including 14 critical flaws that could allow attackers to execute arbitrary code or crash systems. The update, now available as version 148.0.7778.167/168 for Windows and Mac an…GBHACKERS.COM
13 MayMicrosoft Fixes 17 Critical Flaws in May Patch TuesdayMicrosoft has patched 120 vulnerabilities in this month’s security update roundINFOSECURITY-MAGAZINE.COM
13 MayMicrosoft Releases Cumulative Update for Windows 11, Version 25H2 and 24H2Microsoft has officially released its May 2026 Patch Tuesday updates, delivering critical security fixes and system improvements for multiple Windows 11 versions. According to Microsoft release notes, the deployment includes cumulative update KB5089549 for Windows 11 versions 25H…GBHACKERS.COM
13 MayGoogle Launches New Android Security Features to Fight Scams, TheftGoogle detailed Android security updates for 2026, including verified bank calls, stronger theft protection, OTP hiding, and spyware forensics. The post Google Launches New Android Security Features to Fight Scams, Theft appeared first on TechRepublic .TECHREPUBLIC.COM
13 MayMicrosoft Patch Tuesday for May 2026 fix 138 bugs, some of them are alarmingMicrosoft’s May 2026 Patch Tuesday fixed 138 flaws, including 30 critical bugs, across Windows, Office, Azure, Edge, SQL Server, and more. Microsoft’s May 2026 Patch Tuesday patched 138 vulnerabilities in a single release. That is a number that gives pause even for people a…SECURITYAFFAIRS.COM
13 MayEvery layer needs a patch now.Patch Tuesday. Global agencies update SBOM guidance. Iran-linked espionage group Seedworm breached a major South Korean electronics manufacturer. A telehealth platform breach affects 716,000. Foxconn confirms a cyberattack. Maria Varmazis has an update on orbital data centers. A …THECYBERWIRE.COM
12 MayMicrosoft May 2026 Patch Tuesday, (Tue, May 12th)Today&#;x26;#;39;s Microsoft patch Tuesday fixes 137 different vulnerabilities. In addition, the update addresses 137 Chromium-related issues affecting Microsoft Edge.
ISC.SANS.EDU
12 MayiOS 26.5 Updates RCS Messaging, Apple Maps, and iPhone WallpapersApple’s iOS 26.5 update adds encrypted RCS, new wallpapers, Maps suggestions, and security updates for older devices. The post iOS 26.5 Updates RCS Messaging, Apple Maps, and iPhone Wallpapers appeared first on TechRepublic .TECHREPUBLIC.COM
12 MayPatch Tuesday, May 2026 EditionArtificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month with some of the more widely-used s…KREBSONSECURITY.COM
12 MayMicrosoft Patch Tuesday for May 2026 — Snort rules and prominent vulnerabilitiesMicrosoft has released its monthly security update for May 2026, which includes 112 vulnerabilities affecting a range of products, including 16 that Microsoft marked as “critical”.TALOSINTELLIGENCE.COM
12 MayMicrosoft addresses 137 vulnerabilities in May’s Patch Tuesday, including 13 rated criticalThe high volume of vulnerabilities reflects a growing trend researchers have been anticipating as artificial intelligence models are deployed to find previously uncovered defects in code. The post Microsoft addresses 137 vulnerabilities in May’s Patch Tuesday, including 13 rated …CYBERSCOOP.COM
11 MayUS: FCC Relaxes Foreign-Made Router Ban to Allow for Security UpdatesThe same extension applies to security updates shipped to US-based users of foreign-made dronesINFOSECURITY-MAGAZINE.COM
11 MayFCC pushes ban on security updates for foreign-made routers, drones to 2029The router deadline, originally slated for March 1, 2027, has been pushed back to at least January 1, 2029, according to the announcement from the FCC’s Office of Engineering and Technology (OET).THERECORD.MEDIA
7 MayGoogle pushes massive Chrome security update to patch 127 flawsGoogle has released Chrome 148 to the stable channel with one of the largest security update batches in the browser’s history, patching 127 vulnerabilities across Windows, macOS, and Linux systems. The update includes three critical flaws and dozens of high-severity memory safety…CYBERINSIDER.COM
5 MayOracle rolls out monthly security patch updatesOracle is changing how its security fixes are delivered: starting in May 2026, there will be a monthly Critical Security Patch Update. “Each [monthly] CSPU is smaller and more focused, making it easier to apply critical fixes quickly [to customer-managed deployments],”…HELPNETSECURITY.COM
1 MayMicrosoft Windows 11 April 2026 Security Update Disrupts Third-Party Backup ToolsThe April 2026 security update for Windows 11, designated as KB5083769, is causing severe disruptions for users relying on third-party backup solutions. Deployed for Windows 11 versions 24H2 and 25H2, this patch introduces a critical flaw that breaks the Microsoft Volume Shadow C…GBHACKERS.COM
1 MaySonicWall patches three SonicOS flaws in Gen 6, 7 and 8 firewalls. Patch them nowSonicWall patches three SonicOS flaws in Gen 6, 7 and 8 firewalls. The company released firmware updates to block bypass attacks and unauthorized access. SonicWall released urgent firmware updates to fix three SonicOS vulnerabilities affecting Gen 6, Gen 7, and Gen 8 firewalls. T…SECURITYAFFAIRS.COM
29 AprMicrosoft Confirms Remote Desktop Warning Issue After April UpdateMicrosoft has officially confirmed a known issue affecting Remote Desktop Protocol (RDP) connections following the April 14, 2026, Patch Tuesday updates. Specifically impacting Windows 11 version 26H1 (KB5083768, OS Build 28000.1836), the update was intended to harden systems aga…GBHACKERS.COM
28 AprFake Tax Audits and Updates Fuel Silver Fox Malware CampaignA China-linked threat group known as Silver Fox is running a new wave of cyber campaigns using fake tax audit notifications and software update lures to deliver malware across Asia. Active since at least 2022, the group initially focused on financially motivated attacks but, sinc…GBHACKERS.COM
27 AprMicrosoft Releases Enterprise Policy Option to Disable Windows 11 CopilotMicrosoft has introduced a new enterprise policy setting that allows IT administrators to silently uninstall the Microsoft Copilot app from managed Windows 11 devices, marking a significant shift in how organizations can control AI tool deployment across their fleets. The new Rem…GBHACKERS.COM
16 AprCritical Chrome Flaws Allow Arbitrary Code Execution – Patch ImmediatelyGoogle has released an urgent security update for its Chrome web browser to address 31 vulnerabilities, including five rated as critical. The stable channel has been updated to version 147.0.7727.101/102 for Windows and Mac, and 147.0.7727.101 for Linux. This update is currently …GBHACKERS.COM
15 AprFortinet Fixes 11 Security Flaws Affecting FortiSandbox, FortiOS, FortiAnalyzer, and FortiManagerFortinet has recently released a comprehensive security update, patching 11 newly identified vulnerabilities across several of its core enterprise products. The security flaws affect critical infrastructure components, including FortiSandbox, FortiOS, FortiAnalyzer, and FortiMana…GBHACKERS.COM
15 AprMicrosoft Rolls Out KB5083769 Update for Windows 11 24H2 and 25H2Microsoft has released KB5083769, the April 14, 2026 cumulative security update for Windows 11 versions 24H2 and 25H2, moving the operating system to builds 26100.8246 and 26200.8246 respectively. The update bundles the latest security fixes with quality improvements that were pr…GBHACKERS.COM
14 AprSAP Patch Day Fixes Critical SQL Injection, DoS, and Code Injection FlawsSAP released its monthly Security Patch Day updates, addressing 19 new security notes and one update to a previously released note. According to the official SAP Support Portal, these patches resolve severe vulnerabilities, including critical SQL injection, Denial of Service (DoS…GBHACKERS.COM
14 AprMicrosoft Patch Tuesday April 2026., (Tue, Apr 14th)This month&#;x26;#;39;s Microsoft Patch Tuesday looks like a record one, but let&#;x26;#;39;s look at it a bit closer to understand what is happening
ISC.SANS.EDU
14 AprMicrosoft Patch Tuesday for April 2026 - Snort Rule and Prominent VulnerabilitiesOverview of patch tuesday release from Microsoft for April 2026.TALOSINTELLIGENCE.COM
9 AprCritical Chrome Flaws Let Attackers Execute Arbitrary CodeGoogle has released an urgent security update for its Chrome browser, resolving multiple dangerous vulnerabilities. The Chrome team promoted version 147 to the stable channel for Windows, Mac, and Linux users on April 7, 2026. This major release patches flaws that could allow att…GBHACKERS.COM
9 AprAI Can Catch Malicious UpdatesA tool compares software updates using diffs and analyzes them with AI to detect malicious changes. Supply chain attacks bypass trust by hiding inside legitimate updates. Automating detection at the diff level could shift defense from reactive to proactive—and potentially reduce …YOUTUBE.COM
8 AprIBM Security Verify Access Flaws Let Remote Attackers Access Sensitive DataIBM has issued an urgent security bulletin addressing a slew of vulnerabilities impacting IBM Verify Identity Access and IBM Security Verify Access. These flaws span across critical dependencies and internal mechanisms, exposing organizations to risks ranging from remote data the…GBHACKERS.COM
1 AprApple releases security fix for older iPhones and iPads to protect against DarkSword attacksThe security update protects a raft of older iPhones and iPads from attacks linked to leaked hacking tools called DarkSword.TECHCRUNCH.COM
31 MarLloyds Data Security Incident Impacts 450,000 IndividualsA faulty software update led to the exposure of mobile banking users’ transactions to other users of the application. The post Lloyds Data Security Incident Impacts 450,000 Individuals appeared first on SecurityWeek .SECURITYWEEK.COM
23 Mar511,000+ End-of-Life IIS Instances Found Online, Raising Security RisksSecurity researchers at The Shadowserver Foundation have identified a massive internet-facing attack surface, discovering more than 511,000 End-of-Life Microsoft Internet Information Services (IIS) instances currently active online. This widespread deployment of outdated web serv…GBHACKERS.COM
18 MarApple Debuts Background Security Improvements With Fresh WebKit PatchesThe lightweight updates are meant to deliver security protections between security updates. The post Apple Debuts Background Security Improvements With Fresh WebKit Patches appeared first on SecurityWeek .SECURITYWEEK.COM
📢 SECURITY ADVISORIES 405[+]
13 JunAnthropic Says It Has Taken Its Latest AI Models Offline to Comply With New Export ControlsAnthropic takes Fable 5 and Mythos 5 offline to comply with a directive from the Trump administration to prevent use by foreign nationals. The post Anthropic Says It Has Taken Its Latest AI Models Offline to Comply With New Export Controls appeared first on SecurityWeek .SECURITYWEEK.COM
12 JunHow to use NIST and ISO frameworks to govern AI agentsSecurity leaders no longer need convincing that AI agents introduce risk. What’s missing is how to govern them once they move into production and begin operating autonomously across enterprise environments. AI agents already read sensitive documents, invoke internal APIs, trigger…HELPNETSECURITY.COM
12 JunINTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests AdministratorAn INTERPOL-led operation last month resulted in the disruption of Sniper Dz, a decade-long phishing-as-a-service (PhaaS) platform, Group-IB said Thursday. The effort, codenamed Operation Ramz, took place between October 2025 and February 2026, and saw authorities from 13 countri…THEHACKERNEWS.COM
12 JunFrench government’s secure messaging system breachedAn intruder has breached the French government’s encrypted messaging service, Tchap, showing once again that human error is a weak spot in any security system. Tchap was developed in France as an example of national sovereignty and was designed to be a more secure option than Wha…CSOONLINE.COM
12 JunWarrantless wiretaps cut off for a week following US Congress voteLawmakers have failed to extend a surveillance law that allows US intelligence agencies to monitor targets abroad without a warrant. Congress rejected a vote to extend Section 702 of the Foreign Intelligence Surveillance Act to July 2, which means, for a few days at least, some s…CSOONLINE.COM
11 JunTrump’s AI pivot.This week, Dave and Ben sit down with N2K's lead analyst Ethan Cook to examine President Trump's recent Executive Order centered on AI. With this order, the Trump administration is looking to increase its oversight of new AI models to better account for potential security vulnera…THECYBERWIRE.COM
11 JunCISA Orders Agencies to Patch by Risk, Not SeverityNew CISA directive tells federal agencies to patch by real-world risk, not CVSS severity scoresINFOSECURITY-MAGAZINE.COM
10 JunCISA, researchers warn of escalating attacks using Cisco Catalyst SD-WAN flawsMultiple vulnerabilities are being chained together to gain additional access to systems.CYBERSECURITYDIVE.COM
10 JunCISA to require federal agencies to patch some cyber vulnerabilities within 3 daysCISA is giving agencies 180 days to adopt the new patching time frame, according to a directive released Wednesday.THERECORD.MEDIA
10 JunCISA Tells US Agencies to Fix Security Bugs in as Little as 3 Days Thanks to AI Threats“Defenders cannot afford to take weeks to patch,” one Cybersecurity and Infrastructure Security Agency official warned on Wednesday.WIRED.COM
10 JunCISA Rewrites Federal Patching Requirements for AI Threat EraThe new directive gives federal agencies three days to fix the most dangerous flaws, while less severe issues can be deferred.DARKREADING.COM
9 JunFrench government confirms breach at secure messaging platform TchapFrance's Interministerial Directorate for Digital Affairs (DINUM) has confirmed a security incident affecting Tchap, the encrypted messaging platform used across French government agencies. The disclosure comes after a threat actor attempted to sell or leak data allegedly stolen …CYBERINSIDER.COM
9 Jun75% of Firms Deploy Vulnerable Code Amid Pressure on CISOs, Report FindsCheckmarx report warns that business pressure is among the reason security leaders let security compliance slipINFOSECURITY-MAGAZINE.COM
9 JunCISA to transform how it assesses cyber vulnerabilities and risks, Andersen saysA binding operational directive being released Wednesday will direct federal agencies to change the way they address vulnerabilities by elevating some while putting others to the side.THERECORD.MEDIA
8 JunUkraine’s foreign minister offer recipe for improved resilienceCybersecurity professionals were offered lessons of resilience in the most extreme circumstances from Ukraine’s former minister of foreign affairs. Dmytro Kuleba, who served as Ukraine’s Minister of Foreign Affairs between 2020 and 2024, told Infosecurity Europe delegates that th…CSOONLINE.COM
8 JunThe AI security race needs accountability, not overregulationPartnership between policymakers and tech companies, not government oversight, offers the best path forward for responsible AI innovation. The post The AI security race needs accountability, not overregulation appeared first on CyberScoop .CYBERSCOOP.COM
8 JunRussia upgrades rules for its digital spy system to better track citizens onlineNew regulations published by Russia's Ministry of Digital Development at the end of May updated the technical standards governing SORM, formally known as the System for Operative Investigative Activities.THERECORD.MEDIA
8 Jun8th June – Threat Intelligence ReportFor the latest discoveries in cyber research for the week of 1st June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES DentaQuest, a U.S. dental benefits administrator owned by Sun Life, has suffered a data breach after threat group ShinyHunters leaked …RESEARCH.CHECKPOINT.COM
8 JunMeta’s recovery plan needed recovery.Meta exposes 20,000 Instagram accounts through a support tool bug. CISA warns of active attacks on SolarWinds Serv-U. WordPress sites face takeover through a widely used plugin. A new Gafgyt variant broadens its reach. Pink extortionists steal cloud data with vishing and legitima…THECYBERWIRE.COM
8 JunUK gives big tech 3 months to create device controls to block nude images of kidsThe companies “must activate built-in features or implement technical solutions on smartphones and tablets to detect and block nude images for children,” according to a press release from the Home Office. Prime Minister Keir Starmer announced the measure in a speech at London Tec…THERECORD.MEDIA
5 JunIndustry Reactions to New Trump AI Cybersecurity Executive Order: Feedback FridayExperts commented on the EO’s voluntary nature, the balance between innovation and security, and potential implementation gaps. The post Industry Reactions to New Trump AI Cybersecurity Executive Order: Feedback Friday appeared first on SecurityWeek .SECURITYWEEK.COM
5 JunHackers Leak DentaQuest Information Impacting 2.6 MillionThe ShinyHunters extortion group leaked roughly 234 GB of data allegedly stolen from the dental benefits administrator. The post Hackers Leak DentaQuest Information Impacting 2.6 Million appeared first on SecurityWeek .SECURITYWEEK.COM
5 JunMicrosoft Outlook leaves email connections unencrypted despite SSL/TLS settingA server upgrade that introduced stricter email security checks has uncovered what appears to be a long-standing Outlook issue that may have caused some users to retrieve email over unencrypted connections despite having SSL/TLS enabled in their account settings. The discovery wa…CYBERINSIDER.COM
5 JunNorway fines largest electronics retailer $2.1M for client data violationsNorway’s Data Protection Authority (Datatilsynet) has imposed a NOK 20 million (approximately $2.1 million) administrative fine on electronics retail giant Elkjøp for multiple GDPR violations tied to its customer club, targeted marketing activities, and handling of customer priva…CYBERINSIDER.COM
5 JunTrump AI Order Seeks Voluntary Frontier Model TestingThe White House's executive order establishes voluntary framework for early government access to frontier models while investing in federal security.DARKREADING.COM
5 JunThe NSA gets an AI upgrade.Anthropic brings Mythos to the NSA. A Palantir executive emerges as a possible CISA pick. A Linux flaw is under active attack. Minecraft malware goes commercial. An npm package gets caught in the Miasma worm campaign. Researchers document the first AI-driven container escape. A b…THECYBERWIRE.COM
4 JunInfosecurity Europe: Ukraine’s Experience Highlights the Need for Preparation and Resilience in CybersecurityFormer Ukrainian foreign minister, Dmytro Kuleba, urges Infosecurity Europe attendees to fight the good fightINFOSECURITY-MAGAZINE.COM
4 JunPakistan Spies on Afghan Finance Ministry With Xeno RATDespite broadly connected digital infrastructure, standard fare TTPs are enough to cause trouble for Afghanistan's porous cybersecurity.DARKREADING.COM
4 JunSpotless compliance evidence can still hide a broken controlIn this interview with Help Net Security, Marc Rubbinaccio, Head of Cybersecurity and Compliance at Secureframe, explains where security teams go wrong when preparing for CMMC and FedRAMP 20x. The conversation covers how organizations check the 110 requirements but miss the 320 a…HELPNETSECURITY.COM
4 JunInfosecurity Europe: How Businesses Can Prepare for a Cybersecurity Crisis with Effective PlansCybersecurity and business leaders with experience of dealing with major incidents from within the NCSC and at JLR detail what you need to prioritize if your organization is hit by a cyber-attackINFOSECURITY-MAGAZINE.COM
4 JunChinese spies are using LinkedIn to lure Westerners into sharing sensitive informationThe advisory warns that Chinese spies are using public job search platforms to recruit people with access to non-public information.TECHCRUNCH.COM
4 JunFive Eyes allies issue advisory on Chinese intelligence operations.Researchers track versatile China-based cybercrime group. Cisco fixes critical flaw affecting Unified CM.THECYBERWIRE.COM
4 JunCISA chief says Trump AI EO implementation will start soonThe agency, depleted after several rounds of cuts imposed by the White House, insists it can handle its new AI security responsibilities.CYBERSECURITYDIVE.COM
4 JunSupreme Court rules FCC fines punishing telecom giants for sharing location data were legalThe Trump administration had backed the FCC’s position and, apart from Justice Clarence Thomas, the high court agreed.THERECORD.MEDIA
4 JunDentaQuest data breach exposed info of 2.6 million accountsA data breach at the dental benefits administrator DentaQuest has reportedly exposed the sensitive data of 2.6 million accounts. [...]BLEEPINGCOMPUTER.COM
4 JunHill Dems hammer GOP for $250M CISA budget cutA House Appropriations subcommittee is set to mark up fiscal 2027 DHS funding legislation Friday. The post Hill Dems hammer GOP for $250M CISA budget cut appeared first on CyberScoop .CYBERSCOOP.COM
3 JunTrump Signs Order Inviting Voluntary Review of Frontier AI ModelsTrump's executive order invites voluntary pre-release review of frontier AI modelsINFOSECURITY-MAGAZINE.COM
3 JunCitizen Lab urges Canada to withdraw parts of Bill C-22 over privacy concernsCitizen Lab and the Canadian Civil Liberties Association (CCLA) are urging lawmakers to withdraw key provisions of Canada's proposed lawful access legislation, Bill C-22, warning that it would create sweeping surveillance powers, undermine privacy rights, and pose significant cyb…CYBERINSIDER.COM
3 JunCISA, FBI warn that hackers are targeting systems used to monitor industrial fluidsAutomatic tank gauge systems are widely used across multiple industries, including energy, agriculture and transportation.CYBERSECURITYDIVE.COM
3 JunDentaQuest - 2,553,599 breached accountsIn May 2026, the dental benefits administrator DentaQuest was the target of a ShinyHunters "pay or leak" extortion campaign that resulted in the group publicly publishing hundreds of gigabytes of data allegedly obtained from the company. The data included 2.6M unique email addres…HAVEIBEENPWNED.COM
3 JunDHS chief signals efforts to reshape CISAIn his first appearance before the panel since being confirmed in March, Mullin said that CISA probably needs “somewhere around” 2,800 employees, despite its ability to hire up to 3,400.THERECORD.MEDIA
3 JunDHS Secretary Markwayne Mullin pinpoints optimal CISA staffing levelsHe told lawmakers that he wants approximately 600 more people than it has now, which would still be well below personnel numbers prior to Trump’s second term. The post DHS Secretary Markwayne Mullin pinpoints optimal CISA staffing levels appeared first on CyberScoop .CYBERSCOOP.COM
3 JunCISA warns of cyberattacks targeting fuel tank monitoring systemsCISA, the FBI, the NSA, the Department of Energy, and other US government partners are warning that hackers are targeting internet-exposed automatic tank gauge (ATG) systems used to monitor fuel and liquid storage tanks across various critical infrastructure sectors. [...]BLEEPINGCOMPUTER.COM
2 JunSensitive government personnel data posted online, Spanish police arrest suspectThe Spanish National Police arrested a man in Granada for allegedly leaking personal data belonging to members of several sensitive state institutions. According to police, the suspect published the information on multiple online platforms, exposing personnel associated with orga…HELPNETSECURITY.COM
2 JunInfosecurity Europe: NCSC Urges Immediate Action to Boost Resilience as Uncertainty PersistsNCSC director of operations, Paul Chichester, says it’s time to future-proof cybersecurity todayINFOSECURITY-MAGAZINE.COM
2 JunTrump administration releases scaled-back AI executive orderThe order – which Trump refrained from signing at the last minute, appears to make significant concessions to industry compared to earlier drafts. The post Trump administration releases scaled-back AI executive order appeared first on CyberScoop .CYBERSCOOP.COM
2 JunDOD wants to integrate cyber in all operations, and integrate security into AITop Pentagon cyber policy official Katherine Sutton said recent conflicts have emphasized the importance of cyber, and that the department can’t make old mistakes with AI security. The post DOD wants to integrate cyber in all operations, and integrate security into AI appeared fi…CYBERSCOOP.COM
2 JunTrump signs EO seeking early government access to powerful AI modelsThe directive represents an about-face for an administration that previously repudiated government AI reviews.CYBERSECURITYDIVE.COM
2 JunIdentify unused AWS KMS keys and prevent accidental key deletionsAs you scale your use of Amazon Web Services (AWS), managing KMS keys becomes increasingly important. Whether you manage a handful of keys or thousands across multiple AWS accounts and AWS Regions, there’s often a need to audit key usage to help you meet compliance requirements, …AWS.AMAZON.COM
2 JunWhite House unveils pared-back AI executive orderThe order notes that federal access to the models should be subject to “appropriate confidentiality, cybersecurity, insider-risk, and intellectual-property protection, use, and nondisclosure requirements.”THERECORD.MEDIA
2 JunTrump Signs Executive Order That Invites Vetting of Top AI Models for National Security RisksThe order establishes a framework for the federal government to vet the national security risks of the most advanced AI systems for up to a month before their public release. The post Trump Signs Executive Order That Invites Vetting of Top AI Models for National Security Risks ap…SECURITYWEEK.COM
1 JunEU organizations buckle under rising compliance pressureCybersecurity governance in the EU is shifting under expanding frameworks such as NIS2 and DORA, while AI raises new questions for security teams. What the future brings is hard to predict, and organizations must find a way to cope. Antonija Vojnović, Governance, Risk and Complia…HELPNETSECURITY.COM
1 JunData discovery gaps that catch enterprises off guardIn this interview with Help Net Security, Avani Desai, CEO at Schellman, talks about the gap between what organizations think they know about their data and what discovery scans turn up. She shares stories of shadow data in abandoned cloud storage, post-merger surprises where dup…HELPNETSECURITY.COM
1 Jun1,000 Data Breaches Later, the Disclosure Lag is Worse Than EverPresently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite Today, I loaded the 1,000th data breach into Have I Been Pwned . Reflecting on that milestone number, I pondered how to mark the occasi…TROYHUNT.COM
1 JunThe Security Growth Platform: Why MSPs Are Moving Beyond vCISO ToolsThree years ago, the practical question for an MSP building a cybersecurity practice was which "vCISO platform" to buy. The term was good shorthand for the work at the time: assessments, advisory, reporting, maybe a compliance module bolted on the side. The work has since outgrow…THEHACKERNEWS.COM
1 JunAs the Pentagon Pushes for Battlefield AI, Some Military Leaders Urge CautionAI’s use in the military is part of the administration’s larger push to grow the capability it sees as a unique American advantage. The post As the Pentagon Pushes for Battlefield AI, Some Military Leaders Urge Caution appeared first on SecurityWeek .SECURITYWEEK.COM
1 JunMullvad VPN on Android passes Google-backed MASA security auditMullvad has announced that its Android VPN application has successfully passed the Mobile Application Security Assessment (MASA) for a second consecutive year. The assessment identified several minor issues, all of which were addressed in a subsequent release, resulting in a succ…CYBERINSIDER.COM
1 JunUSPS moving forward with mail-in ballot changes as courts weigh Trump’s election orderA judge said Democrats and civil groups filed the lawsuit too early to demonstrate harm, but that could change after newly proposed postal regulations. The post USPS moving forward with mail-in ballot changes as courts weigh Trump’s election order appeared first on CyberScoop .CYBERSCOOP.COM
1 JunAI joins the chain of command.Battlefield AI sparks debate. Election cyber threats rise. A critical Windows flaw is under active attack. CISA weighs new reporting rules. Russian targets face a stealthy hacking campaign. A 19-year-old Linux bug gets its day in the sun. Today’s business update. Our guest is Hea…THECYBERWIRE.COM
1 JunAnthropic to Open Mythos AI to EU's ENISAThe European security agency's entry to Project Glasswing is the result of "strong bilateral cooperation" between the European Commission and Anthropic.DARKREADING.COM
31 MayCyberWire Daily at 10: The evolution of ransomware.In this special edition of CyberWire Daily’s 10th anniversary series, N2K CyberWire's Maria Varmazis and Dave Bittner consider the tactics, trends, and turning points that shaped the threat landscape over the last decade of ransomware. Ransomware has evolved from small-scale exto…THECYBERWIRE.COM
31 MayDutch Authorities Dismantle Botnet Linked to 17 Million Infected DevicesDutch authorities have announced the takedown of a botnet that enslaved millions of infected devices, including computers, tablets, smartphones, and IoT devices, to carry out malicious attacks. The bot network, per the Dutch Politie and the National Cyber Security Center (NCSC), …THEHACKERNEWS.COM
30 MayAI Sees Trees, Humans See ForestsAI systems are becoming extremely effective at processing security logs, compliance data, and operational telemetry at massive scale. In cybersecurity environments, that creates major efficiency gains for analysis, monitoring, and identifying patterns humans might miss manually. …YOUTUBE.COM
29 MayNetskope extends data localization capabilities with NewEdge updatesNetskope has enhanced its NewEdge Network infrastructure, expanding data sovereignty capabilities to more regions than any other SASE cloud provider. The NewEdge Network architecture provides national data localization features that address requirements for network transport, dat…HELPNETSECURITY.COM
29 MayChilling EffectsYounger Americans have soured on the second Donald Trump presidency , but they are not protesting it. Despite an unpopular Iran war and an even more unpopular Trump administration , college campus protests nationwide have gone silent . And at many schools, student activism is vir…SCHNEIER.COM
29 MayCISA urges security teams to check for software development compromisesThe agency warned about a wave of attacks targeting credentials and other secrets across critical supply chains.CYBERSECURITYDIVE.COM
29 MayIn Other News: Trump Mobile Data Breach, FIFA World Cup Phishing, CISA Responds to Supply Chain AttacksNoteworthy stories that might have slipped under the radar: Trump Mobile exposes customer data, phishers target the 2026 FIFA World Cup, CISA responds to recent supply chain attacks. The post In Other News: Trump Mobile Data Breach, FIFA World Cup Phishing, CISA Responds to Suppl…SECURITYWEEK.COM
29 MayThe White House’s Aliens.gov Site Brags That ICE Arrested More Than 700 US CitizensThe website, which compares human beings to extraterrestrials, touts arrest numbers from the Trump administration’s sweeping immigration crackdown. But some of its details are really out there.WIRED.COM
28 MaySextortionist sentenced to 33 years for targeting 145 childrenA Canadian man was sentenced to 33 years in prison after pleading guilty to targeting more than 145 children across the United States, some as young as 6 years old, in an eight-year-long sextortion scheme. [...]BLEEPINGCOMPUTER.COM
28 MayExperts on Experts: Why Compliance is becoming ContinuousThis week on Experts on Experts, I’m joined by Sergio Alonso – Rapid7’s Director of Trust, Risk, and Compliance – to talk about how compliance is changing and why many security teams are rethinking the way they approach readiness, reporting, and operational risk. One of the bigge…RAPID7.COM
28 MayNew Cyber Command chief commissions MITRE to review modernization efforts.CISA orders US agencies to patch maximum-severity cPanel flaw by tomorrow. Carnival confirms breach affecting just under six million people.THECYBERWIRE.COM
28 MaySimplifying policy management with URL and Domain Category filtering on AWS Network FirewallNetwork administrators face a persistent challenge: maintaining domain blocklists and allowlists that keep pace with the internet. New websites and services emerge daily, and keeping these lists current requires constant manual updates that leave gaps in coverage. This challenge …AWS.AMAZON.COM
27 MayIranian intelligence service behind hack of LA transit system, researchers sayThe hacking group claimed to be a standalone hacktivist crew but actually has ties to the Ministry of Intelligence of the Islamic Republic of Iran (MOIS), researchers at Gambit Security said in a report published Tuesday.THERECORD.MEDIA
27 MayPing Identity advances agentic security with AI governance and trusted accessPing Identity announced new capabilities that extend the Ping Identity Platform for the agentic enterprise, where AI agents, automation, and developers increasingly shape how access is managed, governed, and secured across organizations. AI agents are changing both sides of the i…HELPNETSECURITY.COM
27 MayFBI warns extortion hackers are visiting US law firms to steal dataIn a public advisory issued Tuesday the FBI said a hacking group has targeted law firms using social engineering schemes to gain remote access to corporate systems and exfiltrate data.THERECORD.MEDIA
27 MayBreaking the GlassWorm.A major takedown disrupts the GlassWorm botnet. The White House rewrites federal cyber logging rules as CISA faces cuts amid rising AI threats. Federal agencies ramp up scrutiny of so-called anti-tech extremism. GCHQ warns Russia is targeting UK infrastructure. Researchers uncove…THECYBERWIRE.COM
26 MayHow Varonis Atlas integrates Claude Compliance API for AI governanceAI governance requires visibility into how AI tools interact with enterprise data. Varonis explains how its Atlas platform uses Claude Compliance API data to help monitor usage, investigate risk, and support compliance. [...]BLEEPINGCOMPUTER.COM
26 MayFBI warns of Kali365 phishing kit targeting Microsoft 365 accountsThe FBI has issued a warning about a phishing-as-a-service (PhaaS) platform known as “Kali365” that is being used to compromise Microsoft 365 accounts through sophisticated phishing and adversary-in-the-middle (AiTM) attacks. According to a public advisory published by the FBI’s …CYBERINSIDER.COM
26 MayWhite House charts new course for federal agencies and cybersecurity loggingA Trump administration memo published last week replaces one from its predecessor, with at least one analyst fearful of potential harmful results. The post White House charts new course for federal agencies and cybersecurity logging appeared first on CyberScoop .CYBERSCOOP.COM
25 MayAnthropic adds 28 security and compliance integrations for ClaudeAI tools are becoming part of everyday work in organizations, creating new security and oversight requirements as usage grows. To address that, Anthropic introduced 28 integrations with security and compliance tools that allow IT and security teams to manage Claude in the same wa…HELPNETSECURITY.COM
23 MayResearcher Finds Public GitHub Repo Exposing Sensitive CISA CredentialsThe episode recounts how GitGuardian security researcher Guillaume Valadon, while monitoring public GitHub for leaked secrets, discovered a publicly accessible repository labeled "CISA-Private" containing highly sensitive CISA materials, including internal DHS/CISA credentials, c…CYBERSECURITYTODAY.LIBSYN.COM
22 MaySuspected KimWolf botnet admin arrested over DDoS-for-hire operationU.S. and Canadian authorities arrested and charged a Canadian man accused of operating the KimWolf DDoS botnet, a service linked to attacks that infected more than one million devices worldwide. Jacob Butler, 23, of Ottawa, Canada, also known online as “Dort,” was arr…HELPNETSECURITY.COM
22 MayVersa extends zero trust principles to AI agents and MCP workflowsVersa has introduced a patent-pending zero trust architecture for the Model Context Protocol (MCP), applying zero trust principles to AI execution. The company said every AI-generated action is validated against user identity, role-based access controls, and system policies befor…HELPNETSECURITY.COM
22 MayCISA Security LeakCrazy story : Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Se…SCHNEIER.COM
22 MayMicrosoft says it’s making AI ‘safe for work’ in your browserMicrosoft is testing the addition of agentic AI to its corporate browser, Edge for Business . A new version, currently available in a limited preview, will help perform routine tasks more efficiently, according to Microsoft’s partner product manager for Edge, Lindsay Kubasik. Age…CSOONLINE.COM
22 MayLawmakers Demand Answers as CISA Tries to Contain Data LeakLawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets o…KREBSONSECURITY.COM
22 MayProton VPN vows to resist Canadian surveillance demands under Bill C-22Proton VPN General Manager David Peterson said the Swiss-based VPN provider will not comply with any Canadian surveillance demands stemming from the country’s proposed lawful access legislation, Bill C-22, pledging to challenge the law “by every means available.” In a statement p…CYBERINSIDER.COM
22 MayToo many cooks in the algorithm.Trump hits pause on an AI executive order. Lawmakers sound alarms over CISA cuts. A sophisticated scareware campaign traps users in fake tech support scams. Ubiquiti patches critical UniFi flaws. The U.S. pours billions into quantum computing. Researchers uncover delayed Google A…THECYBERWIRE.COM
21 MayMullvad confirms VPN fingerprinting flaw, says fix is on the wayMullvad has published an official advisory confirming a fingerprinting issue in its VPN infrastructure that could allow online services to probabilistically correlate users as they switch between VPN servers. The company says the flaw does not expose a user’s identity, but it can…CYBERINSIDER.COM
21 MayEuropean authorities take down prolific cybercrime VPN serviceOfficials arrested the alleged administrator of First VPN, seized its servers and domains. Europol said the service appeared in almost every major recent cybercrime investigation. The post European authorities take down prolific cybercrime VPN service appeared first on CyberScoop…CYBERSCOOP.COM
21 MayProofpoint Integrates with the Claude Compliance API to Extend Data Security and Governance to ClaudePROOFPOINT.COM
21 MayDC court could provide potential resolution to Anthropic’s lawsuit.Poland adopts new cryptocurrency regulations.THECYBERWIRE.COM
21 MayLawmakers from both parties say CISA cuts have gone too farReps. Don Bacon, R-Neb., and James Walkinshaw, D-Va., found rare bipartisan agreement that the agency tasked with defending civilian networks has been diminished at a moment when threats from China and others are growing. The post Lawmakers from both parties say CISA cuts have go…CYBERSCOOP.COM
21 MayAlleged leader of Kimwolf, a sweeping botnet for cybercriminals, arrested in CanadaJacob Butler, a 23-year-old from Ottawa, awaits extradition to the United States and faces up to 10 years in prison. The post Alleged leader of Kimwolf, a sweeping botnet for cybercriminals, arrested in Canada appeared first on CyberScoop .CYBERSCOOP.COM
21 MayClaude Enterprise Meets the Security Graph: Wiz Integrates with Anthropic's Compliance APISecurity and compliance teams can now monitor Claude activity directly in Wiz, extending the workflows they already rely on to AIWIZ.IO
20 MayWhy Policy in Amazon Bedrock AgentCore chose Cedar for securing agentic workflowsAgents have agency: they adapt and find multiple ways to solve problems. This autonomy creates a fundamental security challenge: the large language model (LLM) at the heart of the agent is non-deterministic, and its decisions can’t be predicted or guaranteed in advance. It can ha…AWS.AMAZON.COM
19 MayCybersecurity jobs available right now: May 19, 2026CISO DataFence | Israel | Hybrid – View job details As a CISO, you will develop security roadmaps, compliance plans, risk registers, policies, and control implementation plans while leading audit and regulatory compliance activities. You will manage client project…HELPNETSECURITY.COM
19 MayAI infrastructure is cracking under sovereignty demandsAI deployments are moving into environments with tighter controls around data, infrastructure, and system operations. Organizations are building AI systems across multiple providers, platforms, and computing environments while managing governance, security, and compliance obligat…HELPNETSECURITY.COM
19 MayKimsuky Uses LNK, JSE Lures to Target Recruiters, Crypto Users, Defense OfficialsKimsuky Hackers Use LNK and JSE Lures to Target Recruiters, Crypto Users, and Defense Officials. North Korea-linked threat group Kimsuky has launched at least four distinct spear-phishing campaigns in early 2026, targeting recruiters, cryptocurrency users, developers, defense per…GBHACKERS.COM
19 MayUS cyber agency CISA exposed reams of passwords and cloud keys to the open webThe federal cybersecurity agency left plaintext passwords in a spreadsheet uploaded to a public GitHub repository, per a report by independent journalist Brian Krebs.TECHCRUNCH.COM
19 MayCISA contractor exposed AWS GovCloud keys on GitHub.Microsoft fixes critical Authenticator flaw. INTERPOL operation nabs 200 suspected cybercriminals.THECYBERWIRE.COM
19 MayCISA Exposes Secrets, Credentials in 'Private' RepoThe agency's GitHub repository, publicly available since November 2025, was ironically named "Private-CISA."DARKREADING.COM
19 MayCISA credential leak raises alarms, and Capitol Hill demands answersA researcher who found a repository that leaked on GitHub said it was one of the worst he’s witnessed. The post CISA credential leak raises alarms, and Capitol Hill demands answers appeared first on CyberScoop .CYBERSCOOP.COM
18 MayCan Laws Stop Deepfakes? South Korea Aims to Find OutSouth Korea's local elections next month will be a test bed for how effective regulations might be to stymie the flow of deepfakes.DARKREADING.COM
18 MayMicrosoft Acknowledges Windows 11 Update Failure Linked to Error 0x800f0922Microsoft has acknowledged a growing issue affecting Windows 11 users: the May 2026 cumulative update (KB5089549) fails to install, resulting in error code 0x800f0922. The problem is affecting systems running Windows 11 versions 24H2 and 25H2, raising concerns among enterprise ad…GBHACKERS.COM
18 MayNCSC Publishes Guidance on Securing Agentic AI UseThe UK’s National Cyber Security Centre is helping organizations to understand agentic AI security risksINFOSECURITY-MAGAZINE.COM
18 MayCISA Admin Leaked AWS GovCloud Keys on GithubUntil this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts…KREBSONSECURITY.COM
15 MaySignal threatens to leave Canada over proposed lawful access billEncrypted messaging platform Signal says it would withdraw from the Canadian market rather than comply with provisions in Ottawa’s proposed lawful access legislation that it believes could undermine encryption and introduce dangerous security vulnerabilities. In an interview with…CYBERINSIDER.COM
15 MayWhat 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack SurfaceIn Your Biggest Security Risk Isn't Malware — It's What You Already Trust, we made a simple argument: the most dangerous activity inside most organizations no longer looks like an attack. It looks like administration. PowerShell, WMIC, netsh, Certutil, MSBuild — the same trusted …THEHACKERNEWS.COM
15 MayTurla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent AccessThe Russian state-sponsored hacking group known as Turla has transformed its custom backdoor Kazuar into a modular peer-to-peer (P2P) botnet that's engineered for stealth and persistent access to compromised hosts. Turla, per the U.S. Cybersecurity and Infrastructure Security Age…THEHACKERNEWS.COM
14 MayThe Human Side of Threat IntelligenceIngrid Parker, Director of Intel Response at Unit 42, has a background that doesn't fit the mold: art student, Army linguist, systems administrator deployed to Afghanistan, co-author of 11 Strategies of a World-Class Cybersecurity Operations Center. In this conversation, she and …THECYBERWIRE.COM
14 MaySony's failed attempt to stop piracy.This week, Dave and Ben sit down to discuss how Sony's failed lawsuit could have major impacts on other copyright lawsuits alongside how the EU's AI approach might be grounded in nuclear deterrence strategies. Additionally, our team sits down with Dr. Liz James, a managing securi…THECYBERWIRE.COM
14 MayHYCU aiR detects insider risk and AI activity from backupsHYCU has announced HYCU aiR (AI Resilience), an AI-native solution that turns backup data across dozens of applications into a live and actionable intelligence for security, compliance, and IT teams. aiR lets organizations search, query, and run purpose-built agents to surface in…HELPNETSECURITY.COM
14 MayPentagon cyber official calls advanced AI ‘revolutionary warfare’Paul Lyons, principal deputy assistant secretary for cyber policy, also discussed the importance of cyber offense. The post Pentagon cyber official calls advanced AI ‘revolutionary warfare’ appeared first on CyberScoop .CYBERSCOOP.COM
13 MayVersa CSPM brings continuous visibility to cloud risk and compliance exposureVersa has announced Versa Cloud Security Posture Management (CSPM), extending the VersaONE Universal SASE Platform to provide continuous visibility, prioritization, and remediation of cloud risk across environments. With CSPM, Versa combines secure access protection and cloud pos…HELPNETSECURITY.COM
13 MayApricorn hardens ASK3 encrypted USB drive for extreme conditionsApricorn has announced enhancements to its Aegis Secure Key 3.0 (ASK3), delivering faster performance and new environmental protection capabilities designed to secure the device and its data in the most demanding physical circumstances. The ASK3 was updated to meet and exceed the…HELPNETSECURITY.COM
13 MaySignal responds to phishing attacks with new in-app security warningsSignal is adding new protections for users following recent phishing and social engineering attacks. In March, the FBI and CISA issued a warning stating that Signal had become a primary target of Russian intelligence-linked hackers. Dutch and German security authorities were amon…HELPNETSECURITY.COM
13 MayNavigating the Cybersecurity Landscape in India Empowering Human and AI AgentsIntroduction The Asia-Pacific and Japan (APJ) region, with its dynamic economic growth and technological advancements, presents unique challenges and opportunities in the realm of human risk management and agentic risk management, particularly within the financial services sector…KNOWBE4.COM
13 MayPCI PIN and P2PE compliance packages for AWS Payment Cryptography are now availableAmazon Web Services (AWS) is pleased to announce the successful completion of Payment Card Industry Personal Identification Number (PCI PIN) and PCI Point-to-Point Encryption (PCI P2PE) assessments for the AWS Payment Cryptography service. This assessment expands the AWS Payment …AWS.AMAZON.COM
13 MayIntroducing the updated AWS User Guide to Governance, Risk, and Compliance for Responsible AI AdoptionThe financial services industry (FSI) is using AI to transform how financial institutions serve their customers. AI solutions can help proactively manage portfolios, automatically refinance mortgages when rates decrease, and negotiate insurance premiums for customers. However, th…AWS.AMAZON.COM
13 MayCheckbox Assessments Aren't Fit to Measure to RiskSecurity governance needs to be more than an annual compliance exercise. New companies are emerging to address risk-management gaps in current audit tools.DARKREADING.COM
12 MayNavigating Human and Agentic Risks for Financial Institutions in the APJ RegionIntroduction The Asia-Pacific and Japan (APJ) region, with its dynamic economic growth and technological advancements, presents unique challenges and opportunities in the realm of human risk management and agentic risk management, particularly within the financial services sector…KNOWBE4.COM
12 MayMajor world economies spell out key elements of AI ‘ingredients list’Experts on the topic say the G7 guidance is good, but could still use some improvements. The post Major world economies spell out key elements of AI ‘ingredients list’ appeared first on CyberScoop .CYBERSCOOP.COM
11 MayPolice Shut Relaunched Crimenetwork Dark Web MarketplaceSpanish police have arrested the suspected administrator of German dark web marketplace CrimenetworkINFOSECURITY-MAGAZINE.COM
11 MayDirty Frag: Linux kernel hit by second major security flaw in two weeksThe issue was found in the same area of the Linux kernel that produced last month’s Copy Fail bug, and also allows anyone with a basic account on an affected computer to seize full administrative control.THERECORD.MEDIA
11 MayAlation AI Governance creates a system of record for AI oversightAlation has introduced Alation AI Governance, a new offering that gives enterprises the system of record they are missing for AI compliance. Enterprises are deploying AI models, agents, and tools faster than they can govern them. As a result, when a board or regulator asks about …HELPNETSECURITY.COM
11 MayWhen Ransomware Negotiators Flip SidesA ransomware negotiator pleaded guilty to conspiracy involving ransomware deployment and extortion against U.S. victims. The speaker also notes this is reportedly the third case involving someone connected to ransomware negotiations. Ransomware negotiators often sit in a uniquely…YOUTUBE.COM
9 MayHackable Robot Lawn Mower Unlocks a New NightmarePlus: Meta officially kills encrypted Instagram DMs, the Trump administration targets “violent left wing extremists,” leaked documents reveal Russia's school for elite hackers, and more.WIRED.COM
8 MayEU calls VPNs “a loophole that needs closing” in age verification pushThe European Parliamentary Research Service (EPRS) has warned that virtual private networks (VPNs) are increasingly being used to bypass online age-verification systems, describing the trend as “a loophole in the legislation that needs closing.” The warning comes as governments a…CYBERINSIDER.COM
8 MayKingdom Market administrator given 16-year sentenceSlovakian national Alan Bill, 33, pleaded guilty in January to a conspiracy to distribute controlled substances charge after admitting to his role in running Kingdom Market — a platform used by drug dealers and cybercriminals between March 2021 and December 2023.THERECORD.MEDIA
7 MayTrump’s AI Preemption Playbook.This week, Dave and Ben look at how the Trump administration is reshaping federalism through AI policy alongside looking at a lawsuit filed by a college student against a dating app for using her image without permission. Afterwards, Ben sits down with Jen Sovada, Claroty’s Publi…THECYBERWIRE.COM
7 MayKloudfuse 4.0 delivers AI-governed observability and scalable workload isolationKloudfuse has announced the general availability of Kloudfuse 4.0. The release helps enterprises meet rising compliance requirements, adopt AI-driven observability with production-grade governance, and scale their observability infrastructure without platform bottlenecks, while k…HELPNETSECURITY.COM
7 MayBots in translation: Can AI really fix SIEM rule sprawl across vendors?Enterprises migrating between SIEM platforms often have to manually rewrite detection rules because vendors such as Splunk, Microsoft Sentinel, IBM QRadar, and Google Chronicle use different query languages and data models. Researchers now say AI may be able to automate much of t…CSOONLINE.COM
7 MayNew CISA initiative aims to help critical infrastructure operators prepare for disruptions.Taiwanese police arrest student for allegedly hacking train systems. Scam apps offer fake phone call records.THECYBERWIRE.COM
7 MayHas CISA Finally Found Its New Leader in Tom Parker?Dark Reading investigates rumors that Tom Parker, a board room 'operator' and longtime cyber exec, could be next in line to take over CISA.DARKREADING.COM
7 MayPentagon reaches deals with seven AI providers.Trump administration considering pivot on AI oversight requirements.THECYBERWIRE.COM
7 MayTrump officials are steering a cybersecurity scholarship program toward AIThe latest development has thrown scholars for a curveball, and has some worried about being “left out to dry” when it comes to job positions. The post Trump officials are steering a cybersecurity scholarship program toward AI appeared first on CyberScoop .CYBERSCOOP.COM
7 MayThe backup plan needs a backup plan.CISA pushes critical infrastructure to prepare for offline operations during cyberattacks. Questions grow over a shared U.S.-China AI threat. A Russian university is accused of feeding talent into GRU cyber units. Researchers warn poisoned data could quietly corrupt enterprise AI…THECYBERWIRE.COM
7 MayIranian government hackers using Chaos ransomware as cover, researchers sayIncident responders from cybersecurity firm Rapid7 published a report about a recent intrusion that initially appeared to be a Chaos ransomware attack but was later discovered to be an attack attributed to MuddyWater, an Iranian APT group tied to the country’s Ministry of Intelli…THERECORD.MEDIA
6 MayIran-Linked Hackers Target Oman Ministries in Webshell and Data Theft CampaignIran-linked operators have mounted a broad espionage operation against multiple Omani ministries, abusing exposed webshells, SQL escalation scripts, and a poorly secured C2 server to steal judicial and identity data at scale. Attacker’s own open directory strongly suggests a Mini…GBHACKERS.COM
6 MayAttackers Bypass Azure AD Conditional Access Using Phantom Device RegistrationA recent authorized red team operation by Howler Cell has demonstrated a critical attack path that completely bypasses Microsoft Entra ID (Azure AD) Conditional Access. Azure Conditional Access acts as the primary gatekeeper for cloud identity security, enforcing access rules bas…GBHACKERS.COM
6 MayHow CISOs Reduce Cyber Risk with MITRE ATT&CKNowadays CISOs face escalating threats that outpace traditional defenses. The strategy is evolving from compliance-driven checklists to a threat-informed approach. MITRE ATT&CK provides a globally accessible knowledge base of real-world adversary tactics, techniques…ANY.RUN
6 MayCISA Urges Critical Infrastructure Providers to Make Plans to Remain Operational if hit by Cyber-AttackCISA’s CI Fortify initiative aim for critical infrastructure operators to build isolation & recoveryINFOSECURITY-MAGAZINE.COM
6 MayNIST will test three major tech firms’ frontier AI models for cybersecurity risksAfter Anthropic’s announcement of Claude Mythos, agencies across the government are racing to get ahead of new AI models’ potential dangers.CYBERSECURITYDIVE.COM
6 MayIranian state-backed spies pose as ransomware slingers in false flag attacksAn Iranian state-sponsored espionage group is pretending to be a regular ransomware gang in a new wave of ransomware attacks targeting enterprises. APT group MuddyWater (aka Seedworm) is masquerading as the Chaos ransomware-as-a-service group to confuse incident response and mask…CSOONLINE.COM
6 MayNew CISA initiative aims for critical infrastructure to operate offline during cyberattacksThe initiative, named CI Fortify, focuses on isolation and recovery efforts that would see critical infrastructure organizations proactively disconnect from third-party dependencies and find ways to operate without reliable telecommunications and internet.THERECORD.MEDIA
6 MayNew compliance guide available: ISO/IEC 42001:2023 on AWSWe have released our latest compliance guide, ISO/IEC 42001:2023 on AWS, which provides practical guidance for organizations designing and operating an Artificial Intelligence Management System (AIMS) using AWS services. As organizations deploy AI and generative AI workloads in t…AWS.AMAZON.COM
5 MayDownload: Secure Foundations for AI Workloads on AWSCenter for Internet Security helps organizations deploy AI and high-performance compute environments from a trusted, hardened operating system baseline. CIS Hardened Images help teams reduce misconfiguration risk, support compliance efforts, and move faster in AWS. What are AI-op…HELPNETSECURITY.COM
5 MayMicrosoft: Phishing campaign used fake compliance notices to compromise employee accountsPhishers have been using fake workplace compliance notices to try to trick Microsoft account owners into signing in via a fake sign-in page, says the company’s Defender Research team. The email campaign targeted more than 35,000 users across 13,000 organizations in 26 count…HELPNETSECURITY.COM
5 MayLuxSci Launches Enterprise-Grade HIPAA-Compliant Email Security for Mid-Sized Healthcare OrganizationsCambridge, MA, May 5th, 2026, CyberNewswire New right-sized offering brings advanced encryption, easy API integration, and HITRUST-certified compliance to the most underserved segment in healthcare email — with pricing starting at $99/month LuxSci, a leading provider of HIPAA com…GBHACKERS.COM
5 MayCISA urges critical infrastructure firms to ‘fortify’ now before it’s too lateAs concerns mount about potential cyber sabotage by the Chinese government, the U.S. is warning infrastructure operators to practice maintaining services in a degraded state.CYBERSECURITYDIVE.COM
5 MayMicrosoft Flags Mass Phishing Campaign Using Fake Compliance EmailsMicrosoft researchers warn of a large-scale phishing campaign using fake compliance emails to steal credentials, targeting 35,000 users across 13,000 organizations worldwideINFOSECURITY-MAGAZINE.COM
5 MayCISA boasts AI automation improvements to threat analysis, mission supportCybersecurity and Infrastructure Security Agency officials said it’s proven a boon in numerous areas, but there are some hurdles to adoption, still. The post CISA boasts AI automation improvements to threat analysis, mission support appeared first on CyberScoop .CYBERSCOOP.COM
5 MaySupply-chain attacks take aim at your AI coding agentsAttackers too are looking to cash in on the AI coding craze, adapting their supply-chain techniques to target coding agents themselves. Many AI agents autonomously scan package registries such as NPM and PyPI for components to integrate into their coding projects, and attackers a…CSOONLINE.COM
5 May KEVZino, 0auth, VSS, Mental Health Hackers, 3 Days of KEV, Copy/Fail, AI, Aaran Leyland - SWN #578Zino of Citium, 0auth, VSS, Mental Health Hackers, 3 Days of the CISA, Copy/Fail, AI Gone Wild, Aaran Leyland, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-578YOUTUBE.COM
5 MayCISA wants critical infrastructure to operate ‘weeks to months’ in isolation during conflictThe agency will begin targeted assessments meant to help critical infrastructure entities operate while disconnecting OT networks from IT and third-party vendors. The post CISA wants critical infrastructure to operate ‘weeks to months’ in isolation during conflict appeared first …CYBERSCOOP.COM
4 MayGlobal Crackdown Arrests 276, Shuts 9 Crypto Scam Centers, Seizes $701MA coordinated international operation involving U.S. and Chinese authorities has arrested at least 276 suspects and shut down nine scam centers used for cryptocurrency investment fraud schemes targeting Americans, resulting in millions of dollars in losses. The crackdown was led …THEHACKERNEWS.COM
4 MayDigiCert Root Certificates Incorrectly Detected as Malware by Microsoft DefenderOn May 3, 2026, system administrators and everyday users worldwide experienced a sudden, massive spike in severe security alerts from Microsoft Defender. The native Windows security platform began aggressively flagging system files as “Trojan:Win32/Cerdigent.A!dha.” T…GBHACKERS.COM
4 MayPenske Logistics launches platform for real-time supply chain visibilityPenske Logistics has announced the launch of Supply Chain Insight, a secure technology platform and mobile application that provides customers with a real-time view of their supply chain operations across transportation and warehousing. Supply chain leaders are under increased pr…HELPNETSECURITY.COM
4 MayUS government warns of severe CopyFail bug affecting major versions of LinuxU.S. cybersecurity agency CISA says the CopyFail bug is being actively used in hacking campaigns, and poses a major risk to servers and data centers that rely on Linux.TECHCRUNCH.COM
1 MayMultiple Exim Mail Server Vulnerabilities Could Trigger Crashes via Malicious DNS DataThe developers of the Exim mail server have officially rolled out version 4.99.2 to address four newly discovered security vulnerabilities. This critical update patches multiple software flaws that could allow attackers to crash server connections, corrupt memory heaps, or potent…GBHACKERS.COM
1 MayEtherRAT Uses SEO Poisoning and Fake GitHub Pages to Target Enterprise AdminsA newly uncovered cyber campaign dubbed “EtherRAT” is raising concerns across enterprise environments, as attackers combine SEO poisoning, GitHub abuse, and blockchain-based infrastructure to target high-privilege IT professionals. Instead of broadly targeting users, the attacker…GBHACKERS.COM
1 MayNearly every Linux system built since 2017 vulnerable to ‘Copy Fail’ flawSecurity researchers and European cybersecurity officials are urging administrators to address the risk posed by a newly discovered security flaw that has been hiding in the Linux operating system for nearly a decade.THERECORD.MEDIA
1 MayUK Tech Ministers Opposing Government Plans to Align with EU AI RulesUK technology ministers are briefing against government plans to adopt EU regulations, arguing that it could restrict the growth of Britain’s tech and AI sector. The post UK Tech Ministers Opposing Government Plans to Align with EU AI Rules appeared first on TechRepublic .TECHREPUBLIC.COM
1 MayUS government, allies publish guidance on how to safely deploy AI agentsThe guidance warns that agents capable of taking real-world actions on networks are already inside critical infrastructure, and most organizations are granting them far more access than they can safely monitor or control. The post US government, allies publish guidance on how to …CYBERSCOOP.COM
1 MayAnnouncing the ISO 31000:2018 Risk Management on AWS Compliance GuideAWS Security Assurance Services is announcing the release of our latest compliance guide, ISO 31000:2018 Risk Management on AWS, which provides practical guidance for organizations establishing and operating a risk management program in AWS environments using ISO 31000:2018 princ…AWS.AMAZON.COM
30 AprEtherRAT Distribution Spoofing Administrative Tools via GitHub FacadesIntro A sophisticated, high-resilience malicious campaign was identified by Atos Threat Research Center (TRC) in March 2026. This operation specifically targets the high-privilege professional accounts of enterprise administrators, DevOps engineers, and security analysts by imper…THEHACKERNEWS.COM
30 AprCISA and Partners Publish Zero Trust Guidance For OT SecurityA new CISA‑led guide explains how zero‑trust security can be applied to operational technology, balancing cyber defence with safety and system availabilityINFOSECURITY-MAGAZINE.COM
30 AprZambia cancels global digital freedoms conference days before startOn Tuesday, Zambia’s Minister of Technology and Science offered the first hint that the conference would be cancelled, telling a Zambian news outlet that participants’ security clearances were incomplete and that the government has concerns about the conference’s “dialogue.”THERECORD.MEDIA
30 AprHackers earning millions from hijacked cargo, FBI saysIn an advisory this week, FBI officials said cyber actors have spent the last two years breaking into the systems of brokers and carriers — allowing them to pose as victim companies and post fraudulent listings on freight delivery message boards.THERECORD.MEDIA
29 Apramazee.ai’s amazeeClaw simplifies production deployment of AI agents with regional controlamazee.ai has announced the launch of amazeeClaw, a managed OpenClaw hosting platform that enables developers and enterprises to deploy production-ready AI agents with data sovereignty and regional control without having to set up their own infrastructure. As adoption of AI agent…HELPNETSECURITY.COM
29 AprAlleged Silk Typhoon hacker extradited to the United States to face chargesA man accused of working as a hacker for China's Ministry of State Security has been extradited to the USA from Italy, and faces - if found guilty - the prospect of decades behind bars. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
29 AprSri Lanka discloses another missing payment, days after hackers stole $2.5M from its finance ministryThe government of Sri Lanka has lost more than $3 million in two recent, separate cybersecurity incidents as the country continues to recover from its 2022 debt crisis.TECHCRUNCH.COM
28 AprFrench police arrest 21-year-old “HexDex” hacker over 100 alleged data breachesA 21-year-old man suspected of conducting approximately 100 data breaches since late 2025 - including a hack of the French Ministry of National Education that exposed records on almost a quarter of a million employees - has been arrested at his home in western France. Read more i…BITDEFENDER.COM
28 AprNo Metrics Are Better Than Bad Metrics in the SOC, Says NCSCThe National Cyber Security Centre has warned against measuring SOCs with ticket-based metricsINFOSECURITY-MAGAZINE.COM
28 AprNCSC launches SilentGlass, a plug-in device to secure HDMI and DisplayPort linksNCSC’s SilentGlass blocks malicious HDMI/DisplayPort links, protecting monitors from hardware attacks. Now commercialized for global use. The UK’s National Cyber Security Centre (NCSC) has launched SilentGlass, a new device to protect one of the most overlooked parts of modern IT…SECURITYAFFAIRS.COM
28 AprSignal to roll out anti-phishing safeguards following account takeoversSignal says recent reports describing attacks against its users do not reflect a breach of its platform, while also announcing plans to introduce new protections aimed at stopping similar phishing campaigns in the future. The clarification follows a joint advisory issued earlier …CYBERINSIDER.COM
28 AprWar hits where it hurts.Conflict in the Middle East disrupts the circuit board supply chain. The Supreme Court considers arguments on geofence searches. A new report highlights Chinese digital transnational repression. The NCSC protects HDMI and DisplayPort links. Tennessee bans cryptocurrency ATMs. Res…THECYBERWIRE.COM
27 AprTLS Connect gives SMBs a right-sized automated tool to manage TLS certificatesGMO GlobalSign today launched TLS Connect, a Certificate Lifecycle Management (CLM) tool designed specifically for SMBs. TLS Connect automates public trust TLS certificate deployment and renewal, allowing SMBs to strengthen security, maintain regulatory compliance and reduce busi…HELPNETSECURITY.COM
25 AprCISA reports persistent FIRESTARTER backdoor on Cisco ASA device in federal networkCISA said a federal Cisco Firepower ASA device was infected with the FIRESTARTER backdoor in Sept 2025, and it survived security patches. CISA revealed that a U.S. federal civilian agency’s Cisco Firepower device running ASA software was compromised in September 2025 by the FIRES…SECURITYAFFAIRS.COM
24 AprChinese attackers are pwning your infrastructure to use in attacks, 10 countries warnsubmitted by Sepia to cybersecurity 1 points | 0 comments https://www.theregister.com/2026/04/23/china_covert_networks/ Here is the report, Defending against China-nexus covert networks of compromised devices (pdf) . A majority of China-linked threat actors are using compromised …SH.ITJUST.WORKS
24 AprChinese attackers are pwning your infrastructure to use in attacks, 10 countries warnsubmitted by Sepia to cybersecurity 5 points | 1 comments https://www.theregister.com/2026/04/23/china_covert_networks/ cross-posted from: mander.xyz/post/50988211 Here is the report, Defending against China-nexus covert networks of compromised devices (pdf) . A majority of China…INFOSEC.PUB
24 AprChina-linked threat actors use consumer device botnets to evade detection, warn UK and partnersUK National Cyber Security Centre (NCSC) warns China-linked hackers use hijacked devices as proxy networks to hide activity and evade detection. UK National Cyber Security Centre (NCSC) and global partners warn that China-linked threat actors now rely on large proxy networks buil…SECURITYAFFAIRS.COM
24 AprCompromised everyday devices power Chinese cyber espionage operationsChina-linked threat actors have shifted from individually procured infrastructure to large-scale covert networks, botnets built from compromised routers and other edge devices, the National Cyber Security Centre (NCSC) warns. To help organizations address this threat, the NCSC, t…HELPNETSECURITY.COM
24 AprNew Cisco firewall malware can only be killed by pulling the plugSuspected state-sponsored attackers are using a custom backdoor to persistently compromise Cisco security devices (firewalls), the US CISA and the UK National Cyber Security Centre warned on Thusday. “The [Firestarter] malware (…) is relevant for both Cisco Firepower …HELPNETSECURITY.COM
24 AprNorway's prime minister proposes ban on social media access for young teensAn upcoming proposed bill will include language that holds big tech accountable for using age verification tools to block young users.THERECORD.MEDIA
24 AprNASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense SoftwareThe Office of Inspector General (OIG) of the U.S. National Aeronautics and Space Administration (NASA) has revealed how a Chinese national posed as a U.S. researcher as part of a spear-phishing campaign to obtain sensitive information from the space agency, as well as from govern…THEHACKERNEWS.COM
24 AprFIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security PatchesThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed federal civilian agency's Cisco Firepower device running Adaptive Security Appliance (ASA) software was compromised in September 2025 with malware called FIRESTARTER. FIRESTARTER, per CI…THEHACKERNEWS.COM
24 AprIran’s cyber threat may be less ‘shock and awe’ than ‘low and slow,’ officials sayOfficials and experts believe the most likely threat from Iranian hackers is not a digital shock-and-awe campaign, but something quieter: opportunistic intrusions, dressed up to look bigger than they are.THERECORD.MEDIA
24 AprA digital battlefield in practice.Locked Shields wraps another year. Open models challenge Mythos. CISA tracks FIRESTARTER inside a federal agency. The White House targets foreign AI model extraction. Microsoft lets admins remove Copilot. Treasury sanctions a Cambodian scam-compound senator. Breeze Cache rushes a…THECYBERWIRE.COM
24 AprLatest spy power reauthorization bill leaves critics unimpressedAn April 30 deadline is looming to extend expiring Section 702 powers, and the newest legislation to re-up it is drawing fire from the left and right. The post Latest spy power reauthorization bill leaves critics unimpressed appeared first on CyberScoop .CYBERSCOOP.COM
23 AprNCSC Backs Passkeys, Hailing a New Era of Sign-inThe UK’s NCSC has fully backed passkeys as consumers’ first choice for login, citing progress with FIDO and successful use across the NHSINFOSECURITY-MAGAZINE.COM
23 AprDefending Against China-Nexus Covert Networks of Compromised Devices | CISAsubmitted by kid to cybersecurity 2 points | 0 comments https://www.cisa.gov/news-events/cybersecurity-advisories/aa26-113aSH.ITJUST.WORKS
23 AprTrump’s pick for CISA director withdraws from considerationSean Plankey reportedly told colleagues that he needed to focus on assuaging concerns about his Coast Guard work that had led Sen. Rick Scott (R-FL) to block his nomination.THERECORD.MEDIA
23 AprChina disguises cyberattacks with ‘covert network’ botnets, US and allies warnA new security advisory highlights Beijing’s stealthy techniques.CYBERSECURITYDIVE.COM
23 AprA dozen allied agencies say China is building covert hacker networks out of everyday routersThe joint warning describes a major tactical shift by Chinese-linked hackers and lays out what organizations should do about it. The post A dozen allied agencies say China is building covert hacker networks out of everyday routers appeared first on CyberScoop .CYBERSCOOP.COM
23 AprTrump’s pick to run US cyber agency CISA asks to drop outSean Plankey has requested to withdraw his name to run the U.S. cybersecurity agency after a tumultuous year of chaotic temporary leadership.TECHCRUNCH.COM
23 AprUS, UK agencies warn hackers were hiding on Cisco firewalls long after patches were appliedInvestigators found the malware, dubbed Firestarter, on a federal agency's network in a campaign dating back to at least September 2025. The post US, UK agencies warn hackers were hiding on Cisco firewalls long after patches were applied appeared first on CyberScoop .CYBERSCOOP.COM
22 AprNamastex npm Packages Spread TeamPCP-Style CanisterWorm MalwareCompromised Namastex npm packages are delivering a new TeamPCP-style CanisterWorm variant that targets developer secrets, browser and wallet data, and then attempts to spread across npm and PyPI ecosystems using canister-backed exfiltration infrastructure. The campaign closely mi…GBHACKERS.COM
22 AprThe Cybercrime Shift: From Opportunistic Attacks to Marketplace-Driven EcosystemIn this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo speaks with Maurice Mason and Jackie Burns-Koven to explore how cybercrime has shifted into a highly organized, marketplace-driven ecosystem. They break down the growing convergence between c…THECYBERWIRE.COM
22 AprUK Faces a Cyber ‘Perfect Storm’ Driven by Tech Advances and Nation State Threats, NCSC WarnsThe convergence of global tensions and rapid technological change is driving a new era of cyber risk, the NCSC warnsINFOSECURITY-MAGAZINE.COM
22 AprIR Trends Q1 2026: Phishing reemerges as top initial access vector, as attacks targeting public administration persistPhishing reemerged as the most observed means of gaining initial access, accounting for over a third of the engagements where initial access could be determined. Phishing has not been the top vertical for initial access since Q2 2025.TALOSINTELLIGENCE.COM
22 AprIran, Russia and China behind most major cyberattacks on UK, security chief warnssubmitted by randomname to cybersecurity 1 points | 0 comments https://www.the-independent.com/news/uk/home-news/cyber-attacks-uk-iran-russia-china-b2961955.html cross-posted from: scribe.disroot.org/post/8496807 cross-posted from: scribe.disroot.org/post/8496678 Archived version…INFOSEC.PUB
22 AprIran, Russia and China behind most major cyberattacks on UK, security chief warnssubmitted by randomname to cybersecurity 1 points | 0 comments https://www.the-independent.com/news/uk/home-news/cyber-attacks-uk-iran-russia-china-b2961955.html cross-posted from: scribe.disroot.org/post/8496807 cross-posted from: scribe.disroot.org/post/8496678 Archived version…SH.ITJUST.WORKS
22 AprNew Defense Department cyber strategy imminent, official saysThe U.S. Defense Department is crafting a new cyber strategy that will better align with the Trump administration’s plans to more aggressively combat digital adversaries, a senior official told the House Armed Services Committee.THERECORD.MEDIA
22 AprNCSC Unveils SilentGlass, a Plug-In Device to Protect Monitors from Cyber-AttacksThe UK’s cybersecurity agency said the devices will be available for purchase by organizations around the worldINFOSECURITY-MAGAZINE.COM
22 AprSelf-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer TokensCybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self-propagating worm that spreads through stolen developer npm tokens. The supply chain worm has been detected by both Socket and StepSecurity, with the companies…THEHACKERNEWS.COM
22 AprCISA director pick Sean Plankey withdraws his nominationPlankey had been waiting for more than a year, prompting the request to withdraw him as the one tapped to lead an agency now in further upheaval. The post CISA director pick Sean Plankey withdraws his nomination appeared first on CyberScoop .CYBERSCOOP.COM
22 AprHouse Republicans roll out national privacy billExperts say the federal legislation takes inspiration from states laws in Virginia and Kentucky, but a lack of bipartisan support could spell trouble. The post House Republicans roll out national privacy bill appeared first on CyberScoop .CYBERSCOOP.COM
22 AprAnonymous Competition Drives ExecutivesIntroducing anonymous leaderboards into security training led to a sharp increase in executive participation. Leaders could see their ranking—but not others’ identities. This approach removes public shaming while preserving competitive pressure. For high-achieving individuals, si…YOUTUBE.COM
22 AprTrump’s CISA director pick withdraws after tumultuous nominationCISA has been without a permanent director for more than a year, imperiling its efforts to establish a strategic direction. CYBERSECURITYDIVE.COM
21 AprSideWinder Spoofs Chrome PDF Viewer, Zimbra to Steal Government Webmail LoginsSideWinder is running an active credential‑harvesting campaign that uses a fake Chrome PDF viewer and a pixel‑perfect Zimbra clone on Cloudflare Workers to steal government webmail credentials from South Asian targets, including the Bangladesh Navy and Pakistan’s Ministry of Fore…GBHACKERS.COM
21 AprCISA Warns Compromised Axios npm Package Fueled Major Supply Chain AttackThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a severe software supply chain compromise affecting the widely used Axios node package manager (npm). Axios is a highly popular JavaScript library that developers rely on to handle HT…GBHACKERS.COM
21 AprEuropean Commission Moving to Classify ChatGPT as ‘Very Large Online Search Engine’ Under Digital Services ActThe European Commission is set to designate ChatGPT as a ‘Very Large Online Search Engine,’ subjecting OpenAI to strict Digital Services Act compliance rules. The post European Commission Moving to Classify ChatGPT as ‘Very Large Online Search Engine’ Under Digital Services Act a…TECHREPUBLIC.COM
21 AprCISA urges security teams to view environments following axios compromiseA suspected North Korea-linked actor is behind a supply chain attack on the widely used library.CYBERSECURITYDIVE.COM
20 AprNCSC Outlines Coordinated Plan to Boost NHS Cyber ResilienceThe National Cyber Security Centre has shared an update of its resilience-building efforts for the NHSINFOSECURITY-MAGAZINE.COM
20 AprIran’s MOIS Tied to Coordinated Cyber Campaign Using Multiple Hacker PersonasA single Iranian state-directed operation is hiding behind several so‑called “hacktivist” brands, using different online identities to run one coordinated global cyber campaign. New analysis links three prominent personas Homeland Justice, Karma/KarmaBelow80, and Handala to Iran’…GBHACKERS.COM
20 AprMinister: Swedish heating plant targeted by pro-Russian cyberattacksubmitted by kid to cybersecurity 1 points | 0 comments https://energywatch.com/EnergyNews/grid/article19202558.eceSH.ITJUST.WORKS
20 AprCyberattack at French identity document agency may have exposed personal dataA cyberattack targeting a French government website used to manage identity documents and driver’s licenses may have exposed users’ personal data, the Interior Ministry said.THERECORD.MEDIA
19 AprA new licensing period and legal regulations for VPN services are being discussed in Türkiye.submitted by gokayburucdev to cybersecurity 10 points | 0 comments https://shiftdelete.net/turkiyede-vpn-saglayicilari-icin-lisans-donemi-basliyor Under the new legal framework, all VPN platforms accessible in Turkey will first be required to fulfill certain legal obligations. Se…SH.ITJUST.WORKS
18 AprNIST gives up enriching most CVEssubmitted by beep to cybersecurity 1 points | 0 comments https://risky.biz/risky-bulletin-nist-gives-up-enriching-most-cves/ Hacker News .INFOSEC.PUB
17 AprWith US spy laws set to expire, lawmakers are split over protecting Americans from warrantless surveillanceSome lawmakers are calling for widespread reforms following years of surveillance scandals and abuses across successive U.S. administrations. But even if the spy law known as Section 702 expires in April, the government's spy powers will not automatically lapse.TECHCRUNCH.COM
17 AprUS House extends FISA Section 702 for ten days.CISA's acting director warns lawmakers of reduced capacity. New malware strain targets Israeli water facilities.THECYBERWIRE.COM
16 AprInsurance carriers quietly back away from covering AI outputsSeveral major insurance carriers have begun to back away from providing cybersecurity and other insurance to companies using AI to run internal processes, insiders say. While there’s no standard response to customer use of AI in the insurance market, many carriers are now quietly…CSOONLINE.COM
16 AprSpionageangst im Bendlerblock: Pistorius verbannt Privat-Handys aus SitzungenWegen akuter Abhörgefahren durch Russland und China verschärft das Verteidigungsministerium die Regeln für Smartphones und Smartwatches in sensiblen Bereichen.HEISE.DE
16 AprEarly Results From KnowBe4’s AI Agents Show Easier Administration and Lower Cyber RiskYou often hear companies touting that they are AI enabled. But most do not give you the results of how that new AI stacks up with their previous non-AI offerings. We have some early data and want to share it. KnowBe4 was the first Human Risk Management (HRM) vendor to use AI…KNOWBE4.COM
15 AprChile’s Cybersecurity Framework Law: How SOCs Achieve Compliance and Response ReadinessIn Chile, cybersecurity compliance is becoming an operational issue, not just a legal one. Under the new Cybersecurity Framework Law, organizations must show they have real capabilities for threat detection, incident analysis, and response. For many teams, that exposes a serious …ANY.RUN
15 AprMichigan’s New Bill Takes Aim at AI Employee SurveillanceThe AI surveillance boom is colliding with regulation—and employers are the ones in the crosshairs. The post Michigan’s New Bill Takes Aim at AI Employee Surveillance appeared first on TechRepublic .TECHREPUBLIC.COM
15 AprDeterministic + Agentic AI: The Architecture Exposure Validation RequiresFew technologies have moved from experimentation to boardroom mandate as quickly as AI. Across industries, leadership teams have embraced its broader potential, and boards, investors, and executives are already pushing organizations to adopt it across operational and securit…THEHACKERNEWS.COM
15 AprGoogle, Microsoft, Meta Accused of Tracking Users Even After Privacy Opt-OutA recent independent audit conducted by privacy technology firm webXray has revealed that major technology companies, including Google, Microsoft, and Meta, are actively tracking users who have explicitly opted out of data sharing. The findings suggest widespread, industrial-scal…GBHACKERS.COM
15 AprSweden blames Russian hackers for attempting ‘destructive’ cyberattack on thermal plantSweden's minister for civil defense said Russian hackers are "now attempting destructive cyber attacks against organizations in Europe."TECHCRUNCH.COM
14 AprAngriffe auf sieben Sicherheitslücken beobachtet – eine ist 14 Jahre altDie US-Cybersicherheitsbehörde CISA warnt vor Angriffen auf sieben Sicherheitslücken. Eine davon hat 14 Jahre auf dem Buckel.HEISE.DE
14 AprOmnistealer uses the blockchain to steal everything it canThis malware is coming for your password managers, saved logins, cloud storage, crypto wallets, and just about anything else it can reach.MALWAREBYTES.COM
14 AprAnthropic co-founder confirms the company briefed the Trump administration on MythosIn an interview at the Semafor World Economy summit this week, Anthropic co-founder Jack Clark explained why the company was still engaged with the U.S. government while simultaneously suing them.TECHCRUNCH.COM
14 AprAI Breaks Identity ModelsTraditional identity models separate humans and services, both of which are relatively predictable in behavior. AI disrupts this model by introducing unpredictability. It behaves neither fully like a human nor a deterministic service, which creates gaps in how identity and access…YOUTUBE.COM
13 AprGoogle Brings End-to-End Encrypted Gmail to Android and iPhoneGoogle has officially expanded Gmail’s end-to-end encryption (E2EE) feature to Android and iOS devices, empowering organizations and users to protect the confidentiality of email content directly from their mobile devices. This enhancement is part of Gmail’s client-side encryptio…GBHACKERS.COM
13 AprNew Nginx 1.29.8 and FreeNginx Versions Patch Critical Security FlawsWeb server administrators need to prioritize a crucial update this week. The developers behind Nginx and the community-driven FreeNginx project have released new versions to address critical security flaws and introduce key enhancements. Released on April 7, 2026, Nginx version 1…GBHACKERS.COM
10 AprRising Compliance Oversight Pressure: From Audit Fatigue to Continuous ReadinessPublic sector cybersecurity leaders are no longer measured solely on whether they stop attacks, they are measured on whether they can prove it. Across federal, state, local and education environments, compliance obligations continue to expand. Frameworks and mandates include:KNOWBE4.COM
10 AprFriday Squid Blogging: Squid Overfishing in the South PacificRegulation is hard : The South Pacific Regional Fisheries Management Organization (SPRFMO) oversees fishing across roughly 59 million square kilometers (22 million square miles) of the South Pacific high seas, trying to impose order on a region double the size of Africa, where di…SCHNEIER.COM
10 Aprur best techno-babble to bypass clueless auditors?submitted by astrobird to cybersecurity 1 points | 0 comments https://dev.to/anderson_leite/stop-calling-everything-security-why-your-expert-doesnt-know-what-theyre-talking-about-1i4f quick question for the dev/cybersec folks here. dealing with a wave of non-tech dpo/compliance t…INFOSEC.PUB
10 Aprur best techno-babble to bypass clueless auditors?submitted by astrobird to cybersecurity 1 points | 0 comments https://dev.to/anderson_leite/stop-calling-everything-security-why-your-expert-doesnt-know-what-theyre-talking-about-1i4f quick question for the dev/cybersec folks here. dealing with a wave of non-tech dpo/compliance t…SH.ITJUST.WORKS
9 AprMicrosoft Details How Defender Protects High-Value Assets in Real-World AttacksMicrosoft has significantly upgraded its Defender platform to automatically detect and block sophisticated cyberattacks targeting High-Value Assets (HVAs) like domain controllers and web servers. By leveraging the new Microsoft Security Exposure Management tool, the system now us…GBHACKERS.COM
9 AprThe Hidden ROI of Visibility: Better Decisions, Better Behavior, Better SecurityBeyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. The post The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security appeare…SECURITYWEEK.COM
9 AprSTX RAT Hides Remote Desktop, Steals Data to Dodge DetectionA stealthy new remote access trojan, dubbed STX RAT, that blends hidden remote desktop control with powerful infostealer capabilities while using advanced evasion and encryption techniques to stay under the radar of security tools. The operators rely on opportunistic initial acce…GBHACKERS.COM
9 AprElastic on Defence Cyber Marvel 2026: A Technical overview from the Exercise FloorAn overview of the Elastic Security and AI infrastructure deployed to support the UK Ministry of Defence's flagship cyber exercise, Defence Cyber Marvel 2026.ELASTIC.CO
8 AprA framework for securely collecting forensic artifacts into S3 bucketsWhen customers experience a security incident, they need to acquire forensic artifacts to identify root cause, extract indicators of compromise (IoCs), and validate remediation efforts. NIST 800-86, Guide to Integrating Forensic Techniques into Incident Response, defines digital …AWS.AMAZON.COM
8 AprRussian hacking group targets home and small office routers to spy on usersThe FBI, NCSC, and Microsoft warn of an ongoing Russian campaign hijacking DNS settings on home and small office routers to spy on users.MALWAREBYTES.COM
7 AprWhite House Seeks to Slash CISA Funding by $707 MillionThe Trump administration says the FY2027 budget refocuses CISA on its core mission: protecting federal agencies and critical infrastructure. The post White House Seeks to Slash CISA Funding by $707 Million appeared first on SecurityWeek .SECURITYWEEK.COM
7 AprIranian hackers are targeting American critical infrastructure, U.S. agencies warnA joint FBI, NSA and CISA advisory warns that Iranian hackers have 'escalated' their tactics in response to the ongoing U.S.-Israel war with Iran.TECHCRUNCH.COM
4 AprTop 10 Best Privileged Access Management (PAM) Solutions 2026In the dynamic and increasingly complex cybersecurity landscape of 2026, privileged accounts remain the most coveted targets for cybercriminals and malicious insiders alike. From system administrators and database managers to automated scripts and applications, these “digit…GBHACKERS.COM
4 AprIntroducing the Landing Zone Accelerator on AWS Universal Configuration and LZA Compliance WorkbookNovember 20, 2025: Original publication date of this post. This post has been updated to reference the most recent version of the LZA Compliance Workbook published to AWS Artifact in March 2026. We’re pleased to announce the availability of the latest sample security baseline fro…AWS.AMAZON.COM
3 AprOpenSSH 10.3 Released With Patch for Shell Injection and Other Security Flawsthe OpenSSH project released version 10.3 alongside its portable version 10.3p1. Following a brief testing phase in late March, this major update addresses several important security vulnerabilities. The most critical fix prevents a dangerous shell injection flaw, making this an …GBHACKERS.COM
3 AprDrift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRKSolana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a security incident that took place on April 1, 2026. "Earlier today, a malicious actor gained unauthorized access to Drift Protocol through a novel att…THEHACKERNEWS.COM
3 AprInfrastructure Engineer Pleads Guilty to Locking 254 Windows Servers at Former EmployerDaniel Rhyne, a 59-year-old former core infrastructure engineer, pleaded guilty on April 1, 2026, to federal hacking and extortion charges. He admitted to locking out administrators and sabotaging systems at his former New Jersey-based employer in an attack that began in November…GBHACKERS.COM
3 AprA core infrastructure engineer pleads guilty to federal charges in insider attackWhen Daniel Rhyne pleaded guilty on April 1 to having launched an insider extortion attack against his then-employer, authorities enumerated the techniques he used, including unauthorized remote desktop sessions, deletion of network administrator accounts, changing of passwords, …CSOONLINE.COM
2 AprFBI Warns Chinese Mobile Apps Could Expose User Data to CyberattacksThe Federal Bureau of Investigation (FBI) has issued a public warning about potential data security risks associated with foreign-developed mobile applications, particularly those developed by companies based in China. While the advisory focuses on apps widely used in the United …GBHACKERS.COM
2 AprVariance Raises $21.5M for Compliance Investigation Platform Powered by AI AgentsVariance has raised a total of $26 million in funding and the latest investment will fuel platform growth. The post Variance Raises $21.5M for Compliance Investigation Platform Powered by AI Agents appeared first on SecurityWeek .SECURITYWEEK.COM
2 AprDrift loses $280 million as hackers seize Security Council powersThe Drift Protocol lost at least $280 million after a threat actor took control of its Security Council administrative powers in a planned, sophisticated operation. [...]BLEEPINGCOMPUTER.COM
2 AprDrift loses $280 million North Korean hackers seize Security Council powersThe Drift Protocol lost at least $280 million after a threat actor took control of its Security Council administrative powers in a planned, sophisticated operation. [...]BLEEPINGCOMPUTER.COM
2 AprFour security principles for agentic AI systemsAgentic AI represents a qualitative shift in how software operates. Traditional software executes deterministic instructions. Generative AI responds to human prompts with output that humans review and use at their discretion. Agentic AI differs from both. Agents connect to softwa…AWS.AMAZON.COM
1 AprClosing the Gap by Enhancing Visibility and Mitigating RisksSecure your UK public sector digital estate. Cortex Xpanse delivers active External Attack Surface Management (EASM) with continuous monitoring, NCSC alignment and risk mitigation. The post Closing the Gap by Enhancing Visibility and Mitigating Risks appeared first on Palo Alto N…PALOALTONETWORKS.COM
1 AprExecutive Paralysis and Two Pre-Recorded RSAC 2026 Interviews from DigiCert and Okta - BSW #441Most organizations don’t fail because of technology. They fail because decision authority is unclear in the first critical minutes. “Being careful” is often interpreted as waiting for certainty, but that delay creates exposure. How should executives make decisions under pressure?…YOUTUBE.COM
31 MarDutch Finance Ministry takes treasury banking portal offline after breachThe Dutch Ministry of Finance took some of its systems offline, including the digital portal for treasury banking, while investigating a cyberattack detected two weeks ago. [...]BLEEPINGCOMPUTER.COM
31 MarWindows Tools Abused to Kill AV Ahead of Ransomware AttacksHackers are increasingly turning legitimate Windows administration tools into stealthy weapons to disable antivirus and EDR before launching ransomware, making attacks faster, quieter, and harder to stop. Instead of dropping noisy custom malware upfront, modern operators chain tr…GBHACKERS.COM
31 MarDutch Finance Ministry Responds to Cyberattack by Taking Systems OfflineThe Dutch Ministry of Finance is actively managing a significant cybersecurity incident after discovering unauthorized access to its internal Information and Communication Technology (ICT) systems. The breach has prompted immediate defensive measures, including the deliberate shu…GBHACKERS.COM
31 MarDutch Finance Ministry takes treasury banking portal offline after breachsubmitted by kid to cybersecurity 5 points | 0 comments https://www.bleepingcomputer.com/news/security/dutch-finance-ministry-takes-treasury-banking-portal-offline-after-breach/SH.ITJUST.WORKS
31 MarNew compliance guide available: ISO/IEC 27001:2022 on AWSWe’re excited to announce the release of our latest compliance guide, ISO/IEC 27001:2022 on AWS, which provides practical guidance for organizations designing and operating an Information Security Management System (ISMS) using AWS services. As organizations migrate critical work…AWS.AMAZON.COM
30 MarPopular AI gateway startup LiteLLM ditches controversial startup DelveLiteLLM had obtained two security compliance certifications via Delve and fell victim to some horrific credential-stealing malware last week.TECHCRUNCH.COM
30 MarAutomated Audits vs. Manual: The Binary ChoiceTraditional manual audits require sending auditors, filling questionnaires, and gathering evidence manually. New automated tools connect directly to your security infrastructure to gather and anonymize evidence continuously. This reduces workload for vendors and clients, speeds u…YOUTUBE.COM
26 MarAlleged RedLine Malware Administrator Extradited to USHambardzum Minasyan of Armenia has been accused of being involved in the development and administration of the infostealer malware. The post Alleged RedLine Malware Administrator Extradited to US appeared first on SecurityWeek .SECURITYWEEK.COM
26 MarTeamPCP deploys CanisterWorm on NPM following Trivy compromisesubmitted by codeinabox to security 1 points | 0 comments https://www.aikido.dev/blog/teampcp-deploys-worm-npm-trivy-compromisePROGRAMMING.DEV
26 MarAs the US Midterms Approach, AI Is Going to Emerge as a Key Issue Concerning VotersIn December, the Trump administration signed an executive order that neutered states’ ability to regulate AI by ordering his administration to both sue and withhold funds from states that try to do so. This action pointedly supported industry lobbyists keen to avoid any con…SCHNEIER.COM
25 MarSen. Wyden Warns of Another Section 702 AbuseSen. Ron Wyden is warning us of an abuse of Section 702: Wyden took to the Senate floor to deliver a lengthy speech, ostensibly about the since approved (with support of many Democrats) nomination of Joshua Rudd to lead the NSA. Wyden was protesting that nomination, but in the co…SCHNEIER.COM
25 MarDutch Finance Ministry probing cyber breach affecting internal systems | The Record from Recorded Future Newssubmitted by kid to cybersecurity 1 points | 0 comments https://therecord.media/netherlands-finance-ministry-cyberattack-breachSH.ITJUST.WORKS
25 MarRussia arrests alleged owner of cybercrime forum LeakBase, report saysRussian state-owned media reported that police in Russia arrested the administrator of LeakBase, a large hacking forum.TECHCRUNCH.COM
25 MarConvicted spyware chief hints that Greece’s government was behind dozens of phone hacksThe spyware founder's comments are the most direct suggestion yet from anyone inside Intellexa that the Mitsotakis government authorized the hacking of dozens of phones belonging to senior Greek government ministers, opposition leaders, military officials, and journalists.TECHCRUNCH.COM
24 MarDelve halts demos, Insight Partners scrubs investment post amid ‘fake compliance’ allegationsAfter a whistleblower alleged that the startup fabricated audit evidence, its prominent Series A investor removed an article detailing why it led the deal.TECHCRUNCH.COM
24 MarDelve - Fake Compliance as a Servicesubmitted by Kissaki to cybersecurity 1 points | 0 comments https://deepdelver.substack.com/p/delve-fake-compliance-as-a-serviceINFOSEC.PUB
24 MarDelve - Fake Compliance as a Servicesubmitted by Kissaki to security 1 points | 0 comments https://deepdelver.substack.com/p/delve-fake-compliance-as-a-servicePROGRAMMING.DEV
24 MarTeamPCP Unleashes Iran-Targeted CanisterWorm Kubernetes WiperCanisterWorm’s latest evolution turns TeamPCP’s cloud-native toolkit into a geopolitically tuned wiper, capable of bricking entire Kubernetes clusters when it lands on systems configured for Iran. The campaign reuses the same Internet Computer Protocol (ICP) canister C2 and backd…GBHACKERS.COM
24 MarDutch Ministry of Finance discloses breach affecting employeesThe Dutch Ministry of Finance confirmed on Monday that some of its systems were breached in a cyberattack detected last week. [...]BLEEPINGCOMPUTER.COM
24 MarHackerOne discloses employee data breach after Navia hackBug bounty platform HackerOne is notifying hundreds of employees that their data was stolen after attackers hacked Navia, one of its U.S. benefits administrators. [...]BLEEPINGCOMPUTER.COM
23 MarFBI warns of Handala hackers using Telegram in malware attacksThe U.S. Federal Bureau of Investigation (FBI) warned network defenders that Iranian hackers linked to the country's Ministry of Intelligence and Security (MOIS) are using Telegram in malware attacks. [...]BLEEPINGCOMPUTER.COM
23 Mar‘CanisterWorm’ Springs Wiper Attack Targeting IranA financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran's time zone or have Farsi set as the default language.KREBSONSECURITY.COM
23 MarReflections from the Second NIST Cyber AI Profile WorkshopThank you to everyone who participated in the Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile) Workshop in January! The input we received on the Preliminary Draft during this workshop has been invaluable and is informing the development of the next d…NIST.GOV
23 MarFederal immigration agents filmed making airport arrests as Trump calls in ICE to ease security line delaysThe Trump administration has deployed ICE agents to over a dozen U.S. airports amid an ongoing federal shutdown that's causing long wait times. Eyewitnesses have already recorded at least one arrest in San Francisco's airport.TECHCRUNCH.COM
23 MarCISA orders feds to patch max-severity Cisco flaw by Sundaysubmitted by kid to cybersecurity 17 points | 1 comments https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-max-severity-cisco-flaw-by-sunday/SH.ITJUST.WORKS
22 MarDelve accused of misleading customers with ‘fake compliance’An anonymous Substack post accuses compliance startup Delve of “falsely” convincing “hundreds of customers they were compliant” with privacy and security regulations.TECHCRUNCH.COM
21 MarFBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing AttacksThreat actors affiliated with Russian Intelligence Services are conducting phishing campaigns to compromise commercial messaging applications (CMAs) like WhatsApp and Signal to seize control of accounts belonging to individuals with high intelligence value, the U.S. Cybersecurity…THEHACKERNEWS.COM
21 MarTrivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm PackagesThe threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to the compromise of a large number of npm packages with a previously undocumented self-propagating worm dubbed CanisterWorm. The na…THEHACKERNEWS.COM
20 MarUS accuses Iran’s government of operating hacktivist group that hacked StrykerThe U.S. Justice Department said an Iranian security ministry operates the fake activist persona known as Handala, which claimed responsibility for the destructive hack targeting medical tech giant Stryker.TECHCRUNCH.COM
20 MarDDoS-Attacken: Schlag gegen internationale CyberkriminelleDDos bleibt ein Evergreen unter den Security-Bedrohungen. Karsten Kunert mit ChatGPT In einem großangelegten Schlag gegen ein internationales Hacker-Netzwerk haben Sicherheitsbehörden in Nordamerika und Deutschland die beiden weltgrößten Botnetze zerschlagen. Die Infrastruktur de…CSOONLINE.COM
19 Mar5 key priorities for your RSAC 2026 agendaRSA Conference 2026 arrives at a significant inflection point for the cybersecurity industry — one that will see its more than 43,000 attendees and 600-plus exhibitors navigating an agenda that has fundamentally shifted in character. For the first time, “AI” is not a track at RSA…CSOONLINE.COM
19 MarCISA Calls on Organizations to Strengthen Microsoft Intune Security After Stryker IncidentThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert calling on organizations to aggressively harden their endpoint management systems. Released on March 18, 2026, the critical warning follows a significant cyberattack against U.S.-based medical …GBHACKERS.COM
19 MarCISA urges companies to secure Microsoft Intune systems after hackers mass-wipe Stryker devicesThe U.S. cybersecurity agency urged companies to prevent access to systems used for remotely managing their fleets of employee devices after hackers broke into a major U.S. medical tech giant and remotely wiped thousands of phones and computers.TECHCRUNCH.COM
17 MarWindows 11 25H2/24H2 Update Addresses Bluetooth Device Visibility IssuesMicrosoft has rolled out an unexpected out-of-band hotpatch, KB5084897, targeting Windows 11 versions 25H2 and 24H2. Released on March 16, 2026, this specific update resolves a highly disruptive visual bug affecting Bluetooth connectivity management. The patch elevates supported …GBHACKERS.COM
17 MarStryker says it’s restoring systems after pro-Iran hackers wiped thousands of employee devicesThe hack, which brought ongoing widespread disruption to the company's operations, is thought to be the first major cyberattack in the United States in response to the Trump administration's war in Iran.TECHCRUNCH.COM
🔥 INCIDENT REPORTING 846[−]
13 JunCyberTitan Champions: Inside Canada's National High School Cybersecurity Competition (and CyberPatriot)Cybersecurity Today on the Weekend interviews the winning Canadian CyberTitan team ("S-ores"/a regex-based name) along with coach Phil, educator Tim, and CyberTitan manager Sheena to explain how CyberTitan (run by ICTC) connects to the international CyberPatriot program. They des…CYBERSECURITYTODAY.LIBSYN.COM
13 JunThe FBI built its own replica small town to simulate real-world cyberattacksHidden inside a building in Alabama, the FBI has created its own small town as a dedicated cyber training ground for simulating cyberattacks.TECHCRUNCH.COM
12 JunEuropol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware GangsAuthorities in Europe have disrupted AudiA6, a cryptocurrency laundering service used by ransomware gangs and cybercriminal networks. Europol, in a statement issued Thursday, said the dismantling of AudiA6 cut off a "key financial pipeline used to wash hundreds of millions in ill…THEHACKERNEWS.COM
12 JunOver 73,000 French govt employees affected in Tchap messenger breachThe French government revealed that a recent breach of its Tchap encrypted messaging platform affects the accounts of over 73,000 employees in the French public sector. [...]BLEEPINGCOMPUTER.COM
12 JunRansomware Payment Crypto Laundering Platform Taken Out by FBI and EuropolDomain of dark web money laundering platform AudiA6 seized and suspects arrested in joint operation by the FBI, Europol and othersINFOSECURITY-MAGAZINE.COM
12 JunSouth Korea hits Coupang with record $409 million fine over data breachThe penalty is the largest ever issued by the commission for a personal data breach, surpassing the record 134.8 billion won ($88.8 million) fine levied against SK Telecom earlier this year.THERECORD.MEDIA
12 JunAgentic AI surges in financial sector even as many firms fail to manage security risksOne-fifth of firms aren’t even sure if they’ve been hacked through their AI tools, according to a new report.CYBERSECURITYDIVE.COM
12 JunIn Other News: Google Security Layoffs, AudiA6 Takedown, $400 Million Coupang FineOther noteworthy stories that might have slipped under the radar: ICS device exposure remains flat as attack surface widens, Microsoft issues incident response playbook for AI, IBM and AT&T accused of hack cover-ups. The post In Other News: Google Security Layoffs, AudiA6 Ta…SECURITYWEEK.COM
12 JunBankruptcy admin approves settlement fund of $47 million for 23andMe data breach victimsAbout 7 million customers of the genetics testing company had their data stolen by hackers starting in April 2023, and many had their information posted on the dark web.THERECORD.MEDIA
12 JunConti ransomware group member pleads guilty, faces up to 20 years in prisonOleksii Lytvynenko, a 44-year-old Ukrainian national, admitted to joining the prolific cybercrime group in 2021. Officials said he engaged in cybercrime up until his arrest in Ireland in 2023. The post Conti ransomware group member pleads guilty, faces up to 20 years in prison ap…CYBERSCOOP.COM
12 JunUkrainian national pleads guilty to role in Conti ransomware operationA Ukrainian national extradited from Ireland to the United States last year has pleaded guilty to conspiracy charges tied to the Conti ransomware operation. [...]BLEEPINGCOMPUTER.COM
12 JunOver 400 Arch Linux packages compromised to push rootkit, infostealerMore than 400 packages in the Arch User Repository (AUR) are distributing a Linux rootkit and infostealer malware targeting credentials and access tokens. [...]BLEEPINGCOMPUTER.COM
12 JunMaine disables data breach notification portal after fake disclosuresMaine has taken its public data breach reporting portal offline after fraudulent breach disclosures were published on the state's website, prompting a review of procedures to prevent abuse in the future. [...]BLEEPINGCOMPUTER.COM
11 JunPrompt injection still drives most agentic AI security failures in productionA backdoor sat on PyPI for three hours in March 2026. Nearly 47,000 downloads occurred during the window. The compromised package, LiteLLM, serves as the language-model gateway for CrewAI, DSPy, Microsoft GraphRAG, and dozens of other AI agent frameworks. Anyone pulling an update…HELPNETSECURITY.COM
11 JunNottingham University data breach affects over 450,000 studentsThe University of Nottingham confirmed on Wednesday that a hacking group gained access to its student records system in a breach affecting both current students and alums. [...]BLEEPINGCOMPUTER.COM
11 JunUniversity of Nottingham Confirms Breach After Hackers Leak DataThe ShinyHunters hacker group has taken credit for the attack, leaking more than 450,000 email addresses and other information. The post University of Nottingham Confirms Breach After Hackers Leak Data appeared first on SecurityWeek .SECURITYWEEK.COM
11 JunExtortion-Only Attacks Increase, With Data Theft Dominating Ransomware ClaimsExtortion-only attacks are increasing as data theft drives most ransomware claims, with many organizations unable to stop stolen data from being exposedINFOSECURITY-MAGAZINE.COM
11 JunCybersecurity Stars Awards 2026: Winners Announced Across 95 CategoriesMost good security work is invisible by design. Today is the exception. The 2026 Cybersecurity Stars Awards winners are announced across 95 subcategories in four main award categories. The reason is simple. Cybersecurity is full of work that deserves recognition and rarely gets i…THEHACKERNEWS.COM
11 JunSouth Korea hits Coupang with $400M+ fine for data breach that affected millionsSouth Korean authorities issued the record-breaking fine following a data breach that affected over 30 million customers.TECHCRUNCH.COM
11 JunUniversity of Nottingham confirms cyber incident as Shiny Hunters group claims data theftAccording to the university’s statement, it is still working to understand what data has been accessed and said it had already directly contacted affected students and alumni, potentially including those in its foreign campuses in Malaysia and China as well as in Nottingham.THERECORD.MEDIA
11 JunAI Is Upgrading Hackers FastAI is rapidly increasing the effectiveness of cyber attackers at every level. Tasks that once required deeper expertise can now be automated, accelerated, or simplified with AI-assisted tooling. That shift compresses the gap between inexperienced, mid-tier, and highly advanced th…YOUTUBE.COM
11 JunGerman court holds Google liable for AI-generated claims.OpenAI disrupts two China-linked influence operations. Cyberattack disrupts Australian sugar mills.THECYBERWIRE.COM
11 JunBritish high school sends students home following cyberattackGreat Marlow School, which has 1,428 pupils according to the Department for Education (DfE), said it was set to remain closed while it works with specialist IT and cybersecurity professionals to resolve the issue.THERECORD.MEDIA
11 JunRussian national charged in connection with Void Blizzard espionage campaignDenis Obrezko accused of orchestrating cyberattacks that compromised at least 11 U.S. companies as part of the Kremlin-linked group's sprawling espionage operation.\ The post Russian national charged in connection with Void Blizzard espionage campaign appeared first on CyberScoop…CYBERSCOOP.COM
11 JunThe court calls Google’s bluff.Google faces liability for AI-generated claims. Washington pauses public AI model assessments. Anthropic ships a safer AI model. OpenAI disrupts influence operations. Ransomware operators get a powerful new backdoor. Urgent patches land for Ivanti and Veeam. PyPI supply chain att…THECYBERWIRE.COM
11 JunMaine breach portal abused to publish fake data breach disclosuresIn an unusual misinformation campaign, fraudulent data breach disclosures were submitted to Maine's official breach portal and publicly posted before their legitimacy could be verified, prompting companies to deny the claims. [...]BLEEPINGCOMPUTER.COM
10 JunWeekly Update 507Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite 1,000 breaches is one hell of a milestone. It's not just the process of getting data, verifying it, loading it, sending notificati…TROYHUNT.COM
10 JunOver a Quarter of Identity Crime Victims Hit by Multiple Incidents, ITRC Data ShowsNearly 26% of identity crime victims faced multiple incidents in the past year, as ITRC warns of a growing "multi-layered crisis"INFOSECURITY-MAGAZINE.COM
10 JunWhy schools remain one of cybercriminals’ favourite targetsSchools on both sides of the Atlantic have been revealed in recent days to have been hit by hackers, reminding all of us that ransomware gangs see educational instituions as targets all year round. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
10 JunCyberattack shuts down major Australian sugar mills, disrupting harvestAustralia's second-largest sugar producer said on Wednesday that it was responding to a cybersecurity incident affecting parts of its operations and had engaged cybersecurity experts and local authorities to investigate the attack and restore its systems safely.THERECORD.MEDIA
10 JunUniversity of Nottingham confirms hackers accessed student dataThe University of Nottingham has confirmed to CyberInsider in a statement that it suffered a cyber incident resulting in unauthorized access to data stored in its student record system. The disclosure comes after ShinyHunters listed the university on its leak site, alleging it ha…CYBERINSIDER.COM
10 JunOracle PeopleSoft servers hacked in ShinyHunters data theft attacksOracle PeopleSoft servers are being targeted in ongoing data theft attacks by the ShinyHunters extortion gang, which claims to have stolen data from over 100 organizations. [...]BLEEPINGCOMPUTER.COM
10 JunBug Bounty Research Triggers ServiceNow Security AlertBug bounty research inadvertently led organizations to believe they were being breached through their ServiceNow instances.DARKREADING.COM
10 JunCybercriminals claim breach of Oracle PeopleSoft servers at 100-plus organizationsThe ShinyHunters hacking gang claims to have compromised the Oracle PeopleSoft servers of more than 100 organizations, including many universities.TECHCRUNCH.COM
10 JunUniversity of Nottingham - 454,635 breached accountsIn June 2026, the University of Nottingham was the target of a cyber attack , later linked to a ShinyHunters "pay or leak" extortion campaign. Tens of gigabytes of data were subsequently published online and included 455k unique email addresses along with extensive personal infor…HAVEIBEENPWNED.COM
9 JunOpenAI’s Lockdown Mode is trying to solve the problem that it createdOpenAI’s move to implement a Lockdown Mode that tries to limit data exfiltration by shutting down external capabilities is being seen as making the best out of a bad situation. But Lockdown Mode doesn’t block exfiltration as much as it slightly reduces it, and the reality of ente…CSOONLINE.COM
9 JunCybersecurity jobs available right now: June 9, 2026Application Security Architect INTENSITY Global Group | Israel | Hybrid – View job details As an Application Security Architect, you will design secure application architectures, perform threat modeling and security assessments, define security standards and contr…HELPNETSECURITY.COM
9 JunHades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential StealerThe Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (PyPI) registry, as the Mini Shai-Hulud-style attacks continue to be refined and splintered to target spe…THEHACKERNEWS.COM
9 JunFrench govt messaging service breached in account hijacking attackDINUM, the digital affairs directorate of the French government, warned that hackers used a hijacked user account to breach Tchap, the French government's encrypted messaging platform. [...]BLEEPINGCOMPUTER.COM
9 JunElastic brings AI-driven incident investigation to Kubernetes and observability toolsElastic has introduced an agentic Kubernetes investigation workflow and MCP-based observability skills that diagnose incidents the moment an alert fires. By the time an SRE opens the alert, the root cause has already been identified, evidence has been assembled, and recommended n…HELPNETSECURITY.COM
9 JunAnthropic Offers Mythos Upgrade for Cyber Partners and a ‘Safe’ Version for the Rest of YouAnthropic is releasing Claude Mythos 5 to trusted organizations and Claude Fable 5 to the public, a version it says can’t be used for cyberattacks.WIRED.COM
9 JunMiasma Supply Chain Worm Burrows Into 73 Microsoft RepositoriesThe attacks stemmed from a GitHub account that was also compromised in a previous Miasmi attack on Microsoft last month.DARKREADING.COM
8 JunClaude Outage Data Leak, Microsoft GitHub Worm, IBM Hack, M Instagram Takeovers, Canada's Bill C-8TClaude Outage Data Leak Fears, Microsoft GitHub Worm, IBM Hack Allegations, Meta AI Instagram Takeovers, and Canada's Bill C-8 David Shipley reports that Anthropic's Claude suffered a roughly two-hour outage affecting models including Opus, during which a user alleged receiving …CYBERSECURITYTODAY.LIBSYN.COM
8 JunCybercriminals create 19,000 FIFA-themed domains ahead of 2026 World CupFans looking for tickets, accommodation and match broadcasts are already encountering scams tied to the 2026 FIFA World Cup. The 2026 FIFA World Cup will bring millions of visitors and an estimated 6 billion spectators to a tournament spread across 16 host cities in the United St…HELPNETSECURITY.COM
8 JunOver 20,000 Instagram accounts stolen in Meta AI support hackMeta has revealed that over 20,000 Instagram users had their accounts hijacked in a recent incident where attackers used Meta's AI-powered support system to reset passwords. [...]BLEEPINGCOMPUTER.COM
8 JunWhen attacks spread too far: Lessons from real cyber attack case studiesIn this Help Net Security video, Michael Adjei, Director, Systems Engineering at Illumio, explains three real world cyber attacks and what went wrong during detection. Adjei walks through a collaboration tool scam that copied Microsoft Teams, an identity phishing case used for pa…HELPNETSECURITY.COM
8 JunMeta Says 20,000 Instagram Accounts Hacked via AI Tool AbuseThe social media giant has informed authorities about the impact of the recent attack involving an account recovery support tool. The post Meta Says 20,000 Instagram Accounts Hacked via AI Tool Abuse appeared first on SecurityWeek .SECURITYWEEK.COM
8 JunSilent Ransom Group Uses DNS Fast Flux in AttacksFocusing on hacking law firms in the US, the ransomware group relies on fast flux to hide its C&C infrastructure. The post Silent Ransom Group Uses DNS Fast Flux in Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
8 Jun174,000 Impacted by Lansing Community College Data BreachHackers accessed personal information stored on certain Lansing Community College systems in February 2025. The post 174,000 Impacted by Lansing Community College Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
8 JunNew Shai-Hulud attack trojanizes 19 science-focused PyPI packagesHackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud supply-chain attack that delivered malware designed to steal developer secrets. [...]BLEEPINGCOMPUTER.COM
8 JunSoFi confirms third-party data breach at Hong Kong subsidiarySoFi Hong Kong is warning that it suffered a data breach after hackers gained access to a database at a third-party vendor containing customer information. [...]BLEEPINGCOMPUTER.COM
8 JunNew Apple feature automatically changes your compromised passwordsAt WWDC 26, Apple announced an Apple Intelligence-powered feature that can automatically fix weak and compromised passwords. This works in Safari, and it's rolling out with iOS 27. [...]BLEEPINGCOMPUTER.COM
6 JunNew ChatGPT Lockdown Mode Limits Tools That Could Enable Data ExfiltrationOpenAI has begun rolling out a new Lockdown Mode to ChatGPT for eligible personal accounts to reduce the risk of data exfiltration arising from prompt injection attacks. The feature is primarily designed for people and organizations that handle sensitive data and require stricter…THEHACKERNEWS.COM
5 JunPCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay NetworkThe threat actor known as PCPJack has hijacked cloud servers associated with Amazon Web Services (AWS), Google Cloud, and Microsoft Azure to create a covert SMTP email relay network. "Compromised business servers across the U.S., Europe, and Asia were quietly converted into SMTP …THEHACKERNEWS.COM
5 JunBCD Travel - 396,313 breached accountsIn May 2026, the corporate travel management company BCD Travel was claimed as a victim of the ShinyHunters "pay or leak" extortion campaign . Data allegedly obtained from BCD was subsequently published publicly in early June and contained 396k unique email addresses. Other expos…HAVEIBEENPWNED.COM
5 JunNightclub Giant RCI Says Data Breach Affects 40,000 IndividualsThe company detected a network intrusion in March and an investigation showed that some files were stolen during the attack. The post Nightclub Giant RCI Says Data Breach Affects 40,000 Individuals appeared first on SecurityWeek .SECURITYWEEK.COM
5 JunAI is helping low-skill hackers pull off advanced cyberattacksAnthropic has published an analysis of cyber-related misuse of its AI systems, examining 832 accounts that were banned for malicious cyber activity between March 2025 and March 2026. The company mapped the observed behavior to the MITRE ATT&CK framework, which documents tact…HELPNETSECURITY.COM
5 JunNSA said to be readying Anthropic’s Mythos for use in cyber operationsThe U.S. eavesdropping agency is reportedly preparing Anthropic's Mythos for use in cyberattacks, despite a federal ban on using the AI model maker.TECHCRUNCH.COM
5 JunGoogle and FBI warn of ransomware group that sends fake IT workers to hack victims in personCybercriminals, part of a gang known as Silent Ransom Group, have sent people pretending to be IT support employees to law firms' offices, where the criminals have stolen data using USB drives or remote access tools.TECHCRUNCH.COM
5 JunMicrosoft identifies seven new ways AI agents can be hackedMicrosoft has identified seven new failure modes in agentic AI systems, in addition to those it identified last year in its first Taxonomy of Failure Modes in Agentic AI Systems . Four things contributed to the growing list of ways agentic AI can go wrong : the speed at which the…CSOONLINE.COM
5 JunChinese APT deploys new malware to keep access to hacked networksA Chinese espionage group tracked as UNC5221 has been accessing Microsoft 365 environments using the Brickstorm backdoor and previously undocumented malware named Plenet and AgentPSD. [...]BLEEPINGCOMPUTER.COM
5 JunFormer cyber executive turned whistleblower accuses IBM of covering up several data breachesIBM and two of its subsidiary companies were allegedly breached during the mid-2010s, which a lawsuit filed by a former cybersecurity executive accuses IBM of not disclosing and actively covering up.TECHCRUNCH.COM
5 JunExposed Fuel Tank Gauges Under Attack in the USThreat actors are taking advantage of Internet-exposed tank gauges by breaching gas stations, opening the door to disruption.DARKREADING.COM
4 JunDentaQuest data breach exposed sensitive info of 2.6 million peopleDentaQuest says it is investigating a cybersecurity incident involving unauthorized access to part of its network, following the ShinyHunters extortion group's public leak of data allegedly stolen from the company. The breach has since been added to Have I Been Pwned (HIBP), whic…CYBERINSIDER.COM
4 JunUN food agency investigates breach exposing data of Gaza aid recipientsIn a message sent to aid recipients via Telegram over the weekend, the World Food Programme (WFP) said that "unauthorized parties" had accessed data stored in its self-registration application in Gaza.THERECORD.MEDIA
4 JunSecurity Tools Don’t Reduce RiskThe Peltzman effect describes how people often feel safer once protections are in place, even when the underlying risk has not meaningfully changed. In cybersecurity, organizations may assume firewalls, MSSPs, or security tools automatically make incidents less likely. That assum…YOUTUBE.COM
4 JunHola Browser supply chain breach delivered crypto-miner to usersA supply chain compromise resulted in a crypto-mining executable being distributed alongside certain installations of Hola Browser for Windows. The unexpected component, named me.exe, was discovered by Sophos X-Ops during a software certification test and was not part of the brow…CYBERINSIDER.COM
4 JunUN food agency discloses breach affecting 600,000 Gaza householdsThe United Nations' World Food Programme (WFP), the world's largest humanitarian organization, revealed over the weekend that its self-registration application (SRA) for Palestine was breached. [...]BLEEPINGCOMPUTER.COM
4 JunAgentic AI Is Transforming Defense, But Only Secure IT Infrastructure Will Maximize ItOver the past several weeks, the cybersecurity community has been reminded how quickly frontier and agentic AI in defense networks can challenge our assumptions. When Anthropic's Claude Mythos model was made available to a limited set of organizations as a technical preview, it w…THEHACKERNEWS.COM
4 JunRussia seeks to label two anti-Kremlin hacker groups as ‘extremist’The groups have previously claimed responsibility for cyberattacks targeting critical infrastructure and government institutions in Russia and Belarus.THERECORD.MEDIA
4 JunEU fines Temu 200 million Euros for breaching the DSA.Trump signs new EO focused on AI.THECYBERWIRE.COM
4 JunCredit card theft campaign abuses Stripe to host stolen payment infoA new Magecart campaign is using Stripe's API infrastructure to host the credit card-stealing payload and the data exfiltrated from checkout pages. [...]BLEEPINGCOMPUTER.COM
4 JunVerdantBamboo: Just Another BRICKSTORM in the FirewallIn September 2025, Volexity conducted an incident response engagement that began after suspicious network traffic was observed from a Linux-based virtual machine appliance on a customer’s network. The virtual machine […] The post VerdantBamboo: Just Another BRICKSTORM in th…VOLEXITY.COM
4 JunHola Browser for Windows compromised to deliver cryptominerThe Windows version of the Hola Browser has been compromised in a supply chain attack that delivered an undeclared executable identified by researchers as a cryptocurrency miner. [...]BLEEPINGCOMPUTER.COM
3 JunWelcoming the Philippine Government to Have I Been PwnedPresently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite Today, we welcome the 46th government onboarded to Have I Been Pwned’s free gov service: the Philippines. The Philippines’…TROYHUNT.COM
3 JunA small Slovenian team handles 6,000 cyber incidents a yearOnline fraud complaints, ransomware cases, and phishing tips reach Slovenia’s national cyber response center in steady volume, and a team of around a dozen analysts sorts through them. Gorazd Božič, who manages SI-CERT at the public agency ARNES, described that work in an i…HELPNETSECURITY.COM
3 JunPreinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaignA large-scale npm supply chain attack compromised over 90 versions of @redhat-cloud-services packages, silently infecting CI/CD environments and developer systems. The malicious code steals credentials from GitHub, cloud platforms, and local machines, then spreads like a worm by …MICROSOFT.COM
3 JunSecurity of 100 AI Agents Tested and Ranked – What You Need to KnowThe AI Risk Quadrant evaluates AI agents based on three factors: how vulnerable they are to compromise, the potential impact of a breach, and the strength of their security defenses. The post Security of 100 AI Agents Tested and Ranked – What You Need to Know appeared first on Se…SECURITYWEEK.COM
3 JunHackers Target Global Stock Exchange in Espionage OperationThe attackers had access to a senior executive’s email account for 150 days and exfiltrated data for months. The post Hackers Target Global Stock Exchange in Espionage Operation appeared first on SecurityWeek .SECURITYWEEK.COM
3 JunIMA Diligence Services Data Breach Impacts 525,000 PeopleThe affected individuals’ personal information was stolen from a legacy server managed by a third party. The post IMA Diligence Services Data Breach Impacts 525,000 People appeared first on SecurityWeek .SECURITYWEEK.COM
3 JunThe worst hacks and breaches of 2026 (so far)From a massive DOGE data breach and the hacking of critical energy and water systems to the hack of an FBI surveillance system, here are the most damaging security incidents and data breaches of 2026.TECHCRUNCH.COM
3 JunUltrahuman says hackers accessed customers’ wellness data via internal toolThe breach at wearable ring maker Ultrahuman stemmed from credentials stolen from a malware-infected employee laptop.TECHCRUNCH.COM
3 JunChinese hackers use new Atlas RAT malware in European cyberattacksA Chinese-speaking cybercrime group has expanded its targeting to the European space, deploying previously undocumented malware and the Atlas backdoor. [...]BLEEPINGCOMPUTER.COM
3 JunU.S. sanctions Nobitex crypto exchange used by Iranian ransomware actorsThe U.S. Treasury's Office of Foreign Assets Control (OFAC) has announced sanctions against Nobitex, Iran's largest cryptocurrency exchange, for facilitating payments related to terrorist activities. [...]BLEEPINGCOMPUTER.COM
2 JunThe Intersection of Encryption and AIAs part of their 20th Anniversary celebration, Dark Reading asked five cybersecurity industry leaders who wrote blogs or columns for them over the years to select their favorite piece and share their reflections on the topic today. This is my section. Renowned technologist and au…SCHNEIER.COM
2 JunBeyond Assume-Breach: How AI-Native Security Will Reshape Enterprise DefenseTwenty years after Dark Reading launched, we're looking ahead at what's next for enterprise security. Spoiler: It's hyper-segmented, AI-orchestrated, and way more sophisticated than your dad's firewall.DARKREADING.COM
2 JunRed Hat removes tainted packages after software pipeline compromiseAccording to the company’s preliminary analysis, a compromised GitHub account was used to push the malicious code out to customers, hitting 32 packages downloaded roughly 117,000 times a week.THERECORD.MEDIA
2 Jun64,000 accounts exposed in breach of GTA V cheat service Atlas MenuAtlas Menu, a cheat service for Grand Theft Auto V and Counter-Strike 2, has been added to the Have I Been Pwned database following a data breach that exposed tens of thousands of user records. The incident exposed approximately 64,000 accounts, including email addresses, usernam…HELPNETSECURITY.COM
2 JunRussia claims foreign spy agencies hacked officials' phonesIn a statement, Russia's Federal Security Service (FSB) said it had uncovered what it described as a "large-scale operation" involving malicious software installed on the mobile devices of senior Russian officials.THERECORD.MEDIA
2 JunAI-built ransomware toolkit automates EDR evasion, AD discoveryA threat actor is using an AI-built attack toolkit that automates Active Directory discovery and helps evade endpoint detection and response (EDR) solutions. [...]BLEEPINGCOMPUTER.COM
2 JunChina Uses Dual-Method Cyberattack on Czech OrgsChina is stealing data from high-value targets via a sneaky, double-layer spear-phishing campaign that includes the Azureveil malware.DARKREADING.COM
2 JunOne Account, Total BreachA single account can serve as an entry point into interconnected systems. With technologies like single sign-on and widespread SaaS adoption, one compromised credential may provide access to multiple services and environments. The impact of identity compromise is no longer isolat…YOUTUBE.COM
1 JunWeekly Update 506Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite I'm finding it quite fascinating to watch the current spate of ShinyHunters breaches and dumps. There's the obvious criminali…TROYHUNT.COM
1 JunEdmunds - 177,860 breached accountsIn January 2026, the automotive research and car-shopping platform Edmunds was listed by the ShinyHunters hacking group as having been breached . Data purportedly obtained in the incident was later published publicly and included 178k unique email addresses, usernames, passwords,…HAVEIBEENPWNED.COM
1 JunMicrosoft confirms outage affecting MFA, My Sign-Ins platformMicrosoft is working to address an ongoing incident preventing customers from setting up multi-factor authentication (MFA) or accessing the My Sign-Ins platform. [...]BLEEPINGCOMPUTER.COM
1 JunInfosecurity Europe: Tabletop Exercise to Test How CISOs Respond to Major Supermarket Cyber-AttackSemperis is set to bring ‘Enter the War Room: A Tabletop Experience’ to Infosecurity Europe to help cybersecurity leaders prepare to face real incidentsINFOSECURITY-MAGAZINE.COM
1 JunWebinar tomorrow: From alert to resolution in network incident responseNetwork incidents are often detected quickly, but investigations and coordination can delay resolution. Join our webinar tomorrow to learn how automation and AI-assisted workflows can help IT teams accelerate incident response. [...]BLEEPINGCOMPUTER.COM
1 JunMicrosoft fixes outage affecting MFA setup, MySignIn serviceMicrosoft is working to address an ongoing incident preventing customers from setting up multi-factor authentication (MFA) or accessing the My Sign-Ins platform. [...]BLEEPINGCOMPUTER.COM
1 Jun1st June – Threat Intelligence ReportFor the latest discoveries in cyber research for the week of 1st June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Carnival Corporation, a global cruise line operator, has confirmed a data breach affecting nearly 6 million people after attackers use…RESEARCH.CHECKPOINT.COM
1 JunMicrosoft investigates Office Apps, Teams file access issuesMicrosoft says an ongoing incident is preventing users of its Teams collaboration platform and Office for the web cloud-based productivity suite from opening files. [...]BLEEPINGCOMPUTER.COM
1 JunGrand Theft Auto V cheat service gets hacked, exposing thousands of gamersHackers stole usernames, hashed passwords, and other data from a service that allowed players to cheat in Grand Theft Auto V.TECHCRUNCH.COM
1 JunMiasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing WormA new Mini Shai-Hulud supply chain attack campaign, codenamed Miasma, has compromised @redhat-cloud-services packages to steal credentials and secrets from developer machines and deliver a self-propagating worm. "This is effectively a Mini Shai-Hulud campaign: it uses the same co…THEHACKERNEWS.COM
1 JunHackers hijacked Instagram accounts by tricking Meta AI support chatbot into granting accessSeveral users on social media reported having their Instagram accounts hacked over the weekend. Meta's own support chatbot was blamed for allowing hackers to hijack accounts.TECHCRUNCH.COM
1 JunTina Peters, convicted in election-security breach, emerges defiant and vows legal fightThe former Colorado election clerk struck an unrepentant pose in her first interview after her prison sentence was commuted by Colorado Governor Jared Polis. The post Tina Peters, convicted in election-security breach, emerges defiant and vows legal fight appeared first on CyberS…CYBERSCOOP.COM
1 JunRed Hat npm packages compromised to steal developer credentialsMore than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-stealing malware, dubbed "Miasma." [...]BLEEPINGCOMPUTER.COM
1 JunHackers hijack thousands of sites for ClickFix and FakeUpdate attacksA threat actor tracked as DriveSurge has been operating large-scale malware distribution campaigns using ClickFix and FakeUpdates techniques on compromised sites. [...]BLEEPINGCOMPUTER.COM
30 MayRussia-aligned crime group Greyvibe extensively uses AI in attacksResearchers have uncovered a previously undocumented Russian group that makes extensive use of large language models (LLMs) in its attacks against private, government, and military organizations in Ukraine. It uses a variety of attack vectors along with custom malware, with the g…CSOONLINE.COM
30 MayCybercrime Crew Claims It Hacked Mike Lindell’s MyPillowPlus: A ransomware group is now stealing data in person, BusPatrol wants to hand its license plate surveillance data to the cops, and more.WIRED.COM
30 MayAtlas Menu - 63,926 breached accountsIn May 2026, the GTA V and CS2 cheat service Atlas Menu suffered a data breach. An attacker claimed to have gained access to all Atlas systems and published the service's database to a public GitHub repository. The incident exposed 64k unique email addresses along with usernames,…HAVEIBEENPWNED.COM
29 MayProduct showcase: TotalAV helps iOS users clean up their digital messTotalAV Mobile Security helps protect devices from malicious websites, SMS scams, unsafe public Wi-Fi networks, and exposed credentials. The app is available for Windows, Android, macOS, and iOS devices. After downloading the app from the App Store, users provide an email address…HELPNETSECURITY.COM
29 MayKimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code TunnelsThe North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been attributed to a fresh set of cyber attacks targeting South Korean military and corporate entities through March and April 2026. "Kimsuky employed a range of tailored social engineering t…THEHACKERNEWS.COM
29 MayHumanix expands detection to identify live violations of security proceduresHumanix has announced a capability to identify live violations of organization-defined procedures governing IT support workflows. Designed to prevent unauthorized access, these procedures typically require help desk and service desk agents to follow identity verification steps be…HELPNETSECURITY.COM
29 MayCharter Communications data breach affects 4.9 million accountsThe ShinyHunters extortion gang stole personal information from 4.9 million accounts after hacking the U.S. telecom giant Charter Communications in early April, according to data breach notification service Have I Been Pwned. [...]BLEEPINGCOMPUTER.COM
29 MayMalicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud SecretsCybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of Brazil's largest cooperative financial systems, to siphon client IDs and PFX certificates. According to Socket, versions 2.0.0 through 2.0.4 of…THEHACKERNEWS.COM
29 MayCalifornia Sues 23andMe, Alleging It Failed to Protect User Data in 2023 BreachAttorney General Rob Bonta filed the lawsuit against Chrome Holding Co., which 23andMe rebranded under after filing for bankruptcy last March. The post California Sues 23andMe, Alleging It Failed to Protect User Data in 2023 Breach appeared first on SecurityWeek .SECURITYWEEK.COM
29 MayNew Russian-Linked GREYVIBE Targets Ukraine with AI-Powered CyberattacksA previously undocumented threat actor dubbed GREYVIBE has been attributed to ongoing and persistent attacks targeting Ukraine and Ukraine-related entities since at least August 2025. GREYVIBE, per WithSecure, is assessed to be a Russian-speaking group operating broadly in the Ru…THEHACKERNEWS.COM
29 MaySilent Ransom Group Uses In-Person IT Impersonation to Breach SystemsThreat actors from the Silent Ransom Group, aka Luna Moth, are escalating attacks by impersonating IT staff in phone calls and even showing up in person to gain direct access to victim systemsINFOSECURITY-MAGAZINE.COM
29 MayCharter Communications Data Breach Could Impact Nearly 5 MillionThe notorious ShinyHunters extortion group leaked over 42 million records allegedly stolen from Charter in April. The post Charter Communications Data Breach Could Impact Nearly 5 Million appeared first on SecurityWeek .SECURITYWEEK.COM
29 MayMokN Raises $15 Million for Phish-Back PlatformMokN's platform deploys realistic decoy access points to lure attackers into revealing compromised credentials, enabling organizations to respond before abuse occurs. The post MokN Raises $15 Million for Phish-Back Platform appeared first on SecurityWeek .SECURITYWEEK.COM
29 MayCalifornia AG sues 23andMe over 2023 breach exposing health dataCalifornia Attorney General Rob Bonta filed a lawsuit against 23andMe, now Chrome Holding Co., over the company's failure to protect sensitive customer genetic and personal information. [...]BLEEPINGCOMPUTER.COM
28 MayThe CISO selling confidence in a market full of breach headlinesEngineering teams across enterprise IT are writing their own software with AI coding assistants, spinning up agents that act on their behalf, and assigning those agents the same access privileges their human creators hold. The shift has pulled the role of the chief information se…HELPNETSECURITY.COM
28 MayNordic CISOs Handle Rising Cyber Threats Remarkably WellArtificial intelligence notwithstanding, the vast majority of CISOs in northern Europe say they're facing no more serious cyberattacks than they did two years ago.DARKREADING.COM
28 MayXM Cyber enhances identity risk visibility with continuous exposure management capabilitiesXM Cyber has announced platform enhancements aimed at helping organizations reduce identity risk, compounded by AI-enabled attackers. According to Gartner, “By 2028, 70% of CISOs will use identity visibility and intelligence capabilities to shrink the IAM attack surface, reducing…HELPNETSECURITY.COM
28 MayPolice arrest suspect in Ajax football club hack that exposed 300,000 fan recordsThe Dutch National Police arrested a man suspected of hacking into the computer systems of AFC Ajax, a football club from Amsterdam. “On the morning of Tuesday, May 26, detectives arrested a 35-year-old man from the municipality of Buren for computer intrusion at the Amsterdam fo…HELPNETSECURITY.COM
28 MayGoogle Unveils AI Threat Defense Platform to Fight AI-Powered CyberattacksNew AI Threat Defense platform combines capabilities from Mandiant, Wiz and Gemini to help customers fight AI with AI. The post Google Unveils AI Threat Defense Platform to Fight AI-Powered Cyberattacks appeared first on SecurityWeek .SECURITYWEEK.COM
28 MayInfosecurity Europe: Cybersecurity Staff Prefer CISOs With Real Attack Response Experience, Study RevealsISC2 survey of cybersecurity professionals suggests that staff want their information security leaders to have experienced reacting to a significant cyber incidentINFOSECURITY-MAGAZINE.COM
28 May2026 World Cup: Discussing The World’s Biggest Game’s Attack SurfaceThe 2026 World Cup presents major cyber risks from ransomware groups, state-aligned actors, and other groups targeting critical infrastructure. Learn more here. The post 2026 World Cup: Discussing The World’s Biggest Game’s Attack Surface appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
28 MayCarnival Cruise confirms data breach affecting nearly 6 million peopleCarnival Corporation, the world's largest cruise line operator, has confirmed a data breach affecting nearly 6 million people claimed by the ShinyHunters extortion gang in April 2026. [...]BLEEPINGCOMPUTER.COM
28 MayCarnival confirms data breach impacting nearly 6 millionCruise giant Carnival has suffered yet another data breach, with ShinyHunters claiming to have stolen personal data affecting nearly 6 million people.MALWAREBYTES.COM
28 MayRomanian gets 5 years in prison for hacking Oregon govt networkA Romanian national was sentenced this week to 56 months in federal prison for breaking into an Oregon state government computer network and fr cyberattacks targeting dozens of other U.S. victims. [...]BLEEPINGCOMPUTER.COM
28 MayWebinar: Why network incidents take too long to resolveMany organizations can detect network issues quickly, but investigations and coordination often slow incident resolution. This webinar explores how automation and AI-assisted workflows can help IT teams reduce delays and improve response times. [...]BLEEPINGCOMPUTER.COM
28 MayMyPillow listed on ransomware gang’s leak site, but denies it has been breachedA notorious ransomware gang claims to have stolen MyPillow's private data, but CEO Mike Lindell calls it a politically motivated "hit job." With the countdown ticking toward a massive dark web leak, who is telling the truth? Read more in my article on the Hot for Security blog.BITDEFENDER.COM
28 MayNew BTMOB Android Malware Enables Full Device TakeoverDelivered via phishing lures, the malware combines financial theft with data exfiltration and remote access. The post New BTMOB Android Malware Enables Full Device Takeover appeared first on SecurityWeek .SECURITYWEEK.COM
28 MayCruise giant Carnival confirms data breach affecting nearly 6 million peopleThe company said the threat actor gained access to a limited portion of its IT environment last month after compromising an employee account. By the end of April, Carnival determined that the attacker had copied personal information from its systems.THERECORD.MEDIA
28 MayCarnival begins notifying 6 million people of a data breachCarnival Corporation has begun notifying roughly six million individuals that their personal information was stolen in the cyberattack claimed by the ShinyHunters extortion group earlier this year. The disclosure follows the public leak of data allegedly containing 8.7 million re…CYBERINSIDER.COM
28 MayCarnival Data Breach Exposed 6 Million PeopleData breach leaves nearly 6 million Carnival customers navigating identity theft risks. The post Carnival Data Breach Exposed 6 Million People appeared first on SecurityWeek .SECURITYWEEK.COM
28 MayCybercriminals sail away with data from 6 million Carnival customersCarnival Corporation, one of the world’s largest cruise operators, confirmed a data breach weeks after the ShinyHunters hacking group claimed it had stolen millions of customer records. Carnival acknowledged a phishing incident involving a single employee account and stated that …HELPNETSECURITY.COM
28 MayThe Gentlemen ransomware: Dissecting a self-propagating Go encryptorMicrosoft Threat Intelligence presents a comprehensive analysis of The Gentlemen, a Go-based ransomware deployed by affiliates of Storm-2697 that combines per-file ephemeral key encryption with an aggressive self-propagation module to deploy itself across an entire network using …MICROSOFT.COM
28 MayRussia-Linked ‘GreyVibe’ Attackers Use AI to Supercharge CyberattacksResearchers warn GreyVibe’s extensive use of ChatGPT, Gemini, and other AI tools offers a glimpse into how future cybercriminal and state-aligned groups will operate. The post Russia-Linked ‘GreyVibe’ Attackers Use AI to Supercharge Cyberattacks appeared first on SecurityWeek .SECURITYWEEK.COM
28 MayCharter - 4,851,517 breached accountsIn May 2026, the telecommunications company Charter Communications (the parent company behind the consumer broadband and cable brand Spectrum) was named by the ShinyHunters group in a "pay or leak" extortion campaign . The group later published the data, which exposed 4.9M unique…HAVEIBEENPWNED.COM
28 MayGreyVibe hackers use ChatGPT, Gemini to power cyberattacksA likely Russian threat cluster tracked as GreyVibe has been targeting Ukrainian entities with AI-generated lures and a rich set of custom malware tools. [...]BLEEPINGCOMPUTER.COM
27 MayLA Metro Cyberattack Linked to Iranian State-Sponsored HackersThe attack was claimed by a hacktivist group, but evidence showed it used infrastructure linked to Iranian government threat actors. The post LA Metro Cyberattack Linked to Iranian State-Sponsored Hackers appeared first on SecurityWeek .SECURITYWEEK.COM
27 May3 SOC Steps that Shut Down Incident Risks EarlyMost organizations still picture cyber defense as a fortress problem: build stronger walls, add more guards, buy another detection engine. But modern incidents rarely crash through the front gate. They drift in disguised as routine activity, hide inside legitimate processes, and …THEHACKERNEWS.COM
27 MayCrowdStrike shuts down the Glassworm botnet.Extortion group sends individuals to infiltrate organizations in person. Lithuania investigates breach of the Centre of Registers. Business news: Zscaler to acquire Symmetry Systems.THECYBERWIRE.COM
27 MayLatin American Cybercriminals Hoover Up Government DataA purported leak exposing 5.8 million records of Uruguayan citizens is the latest incident where cybercriminals targeted government agencies to monetize citizen data.DARKREADING.COM
27 MayThe Small Model CliffCASI Leaderboard, Bias Jailbreak, and Three Coordinated Supply Chain IncidentsF5.COM
27 MayRansomware Actors Show Up In Person to Steal Law Firm DataThe FBI warned that the extortion gang Silent Ransom Group is targeting law firms and socially engineering its way into servers and databases.DARKREADING.COM
26 MayProduct showcase: F-Secure Internet Security blocks phishing sites, fake stores, and SMS scamsF-Secure Internet Security protects against viruses, ransomware, spyware, infected email attachments, and other cyber threats. It focuses on securing devices and online activity through malware protection, scam prevention, safe browsing, and banking safeguards. The platform suppo…HELPNETSECURITY.COM
26 May7-Eleven data breach exposes personal information of 185,000 peopleThe ShinyHunters extortion gang stole the personal information of over 183,000 people after hacking the systems of convenience store chain giant 7-Eleven in April, according to data breach notification service Have I Been Pwned. [...]BLEEPINGCOMPUTER.COM
26 MayWatch on Demand: Threat Detection & Incident Response Summit – All Sessions AvailableRegister to enjoy free access and explore the tools, strategies, and frameworks needed to build a resilient security program for a world where every minute counts. The post Watch on Demand: Threat Detection & Incident Response Summit – All Sessions Available appeared fi…SECURITYWEEK.COM
26 May185,000 Likely Impacted by 7-Eleven Data BreachThe allegedly stolen information leaked by ShinyHunters contains email addresses, names, addresses, and dates of birth. The post 185,000 Likely Impacted by 7-Eleven Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
26 MayPersonal information of 185,000 people exposed after cyberattack on 7-ElevenData belonging to about 185,000 people was exposed following a cyberattack on convenience store chain 7-Eleven that was later claimed by the ShinyHunters extortion gang, according to Have I Been Pwned. The exposed information includes email addresses, names, physical addresses, d…HELPNETSECURITY.COM
26 MayMicrosoft Defender can now automatically isolate hacked endpointsMicrosoft is testing a new Defender for Endpoint capability that will automatically isolate compromised endpoints to thwart attackers' attempts to move laterally across the network. [...]BLEEPINGCOMPUTER.COM
26 MayWebinar: Too many tools are slowing network incident responseIT teams often need to jump between monitoring dashboards, infrastructure tools, ticketing systems, and communication platforms during network incidents. This webinar explores how automation and AI-assisted workflows can help reduce manual coordination and improve incident respon…BLEEPINGCOMPUTER.COM
26 May7-Eleven data breach affects over 185,000 people’s personal dataThe data breach included names, dates-of-birth, postal addresses, and Social Security numbers, according to a state government listing.TECHCRUNCH.COM
26 MayLithuania investigates theft of 600,000 state registry records by foreign actorThe Lithuanian Prosecutor General’s Office said Friday that attackers gained unauthorized access to more than 600,000 records managed by the Centre of Registers, the state agency responsible for handling property and legal entity records.THERECORD.MEDIA
26 MayIranian hackers blamed for breach of Los Angeles transit system that took weeks to recoverAn Israeli cybersecurity firm said Iran’s government is behind Ababil of Minab, a fake hacktivist persona that has claimed a series of data breaches after the start of the war in Iran.TECHCRUNCH.COM
26 MayIranian government, not hacktivist group, breached LA Metro system, security firm saysA report by Israel-based Gambit Security dismisses the hackers’ claims of being patriotic but unaffiliated activists.CYBERSECURITYDIVE.COM
26 MayCharter confirms data breach after ShinyHunters extortion threatU.S. telecommunications giant Charter Communications has confirmed it suffered a data breach after the ShinyHunters extortion group threatened to leak stolen data unless a ransom is paid. [...]BLEEPINGCOMPUTER.COM
25 MayLessons for organizations from the Verizon 2026 Data Breach Investigations ReportThis is my favourite time of the year, not just because spring is here and the promise of summer is on the way. But also, because one of my must reads each year gets published. There are a few must read reports that I have on my reading list for each year and the Verizon Data Bre…HELPNETSECURITY.COM
25 MayDocketWise Data Breach Impacts 143,000Hackers accessed names, addresses, Social Security numbers, financial information, and medical data from third-party partner repositories. The post DocketWise Data Breach Impacts 143,000 appeared first on SecurityWeek .SECURITYWEEK.COM
25 MayLaravel-Lang Packages Poisoned for Malware DeliveryPublished within a 15-minute window, the malicious tags introduced backdoors to exfiltrate CI secrets. The post Laravel-Lang Packages Poisoned for Malware Delivery appeared first on SecurityWeek .SECURITYWEEK.COM
25 May266,000 Affected by Data Breach at Radiology Associates of RichmondThreat actors stole files containing names and protected health information from the healthcare organization’s systems. The post 266,000 Affected by Data Breach at Radiology Associates of Richmond appeared first on SecurityWeek .SECURITYWEEK.COM
25 MayOncology Institute Discloses Data BreachThe affected third-party vendor has not been named, but one possible candidate is TriZetto. The post Oncology Institute Discloses Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
25 MayNetherlands Seizes 800 Servers, Arrests 2 for Aiding CyberattacksAuthorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by Russia to carry out cyberattacks, influence operations and disinformation campaigns inside the European Union. The two men were the focus o…KREBSONSECURITY.COM
25 MayWelcoming the Bhutanese Government to Have I Been PwnedPresently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite Today, we welcome the 45th government onboarded to Have I Been Pwned’s free gov service: Bhutan. The Bhutan Computer Incident Re…TROYHUNT.COM
24 MayWeekly Update 505Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite Well, that didn't last long! Recording this on Saturday morning my time, I observed ShinyHunters having gone quiet since the massi…TROYHUNT.COM
24 May7-Eleven - 185,256 breached accountsIn April 2026, 7-Eleven was the victim of a "pay or leak" extortion campaign by ShinyHunters , with the data later published that month. The incident exposed 185k unique email addresses, along with names, physical addresses, dates of birth and phone numbers. A small number of rec…HAVEIBEENPWNED.COM
23 MayLaravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential StealerCybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing framework. The affected packages include - laravel-lang/lang laravel-lang/http-sta…THEHACKERNEWS.COM
23 MayCharter Communications confirms data breach as hackers threaten leak of 42 million recordsCharter Communications has confirmed a cybersecurity incident after the ShinyHunters extortion group claimed it breached the telecommunications giant and stole data belonging to more than 42 million customers. The threat actor added Charter Communications to its leak site this we…CYBERINSIDER.COM
22 MayAuthorities Take Down “First VPN” Service Used in Ransomware AttacksAuthorities in Europe have dismantled a major criminal VPN service known as “First VPN,” which was widely used by ransomware operators and cybercriminal groups to conceal their activities. The coordinated operation, led by French and Dutch authorities with support from Eurojust a…GBHACKERS.COM
22 MayHackers Abuse Hugging Face to Deliver npm MalwareA newly uncovered supply chain attack targeting the npm ecosystem has been linked to North Korean (DPRK)-aligned threat actors. The campaign centers around a malicious npm package named terminal-logger-utils, which embeds a sophisticated multi-stage malware capable of keylogging,…GBHACKERS.COM
22 MayOperation Dragon Whistle Targets Changzhou University with Malicious LNK FilesA recent phishing campaign dubbed “Operation Dragon Whistle” highlights an evolving trend in cyberattacks: threat actors abusing legitimate developer tools and cloud services to maintain stealth and persistence. Although initially linked to targeting academic environments such as…GBHACKERS.COM
22 MayGoogle API Key Issue Allows Deleted Keys to Retain Access to Cloud ServicesGoogle Cloud API keys may continue functioning for up to 23 minutes after deletion, exposing a significant security gap that could allow attackers to retain unauthorized access to cloud services even after credentials are revoked. Google API Deleted Keys to Retain Access Security…GBHACKERS.COM
22 MayCloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payloadThe experienced Cloud Atlas group remains active, continuing to target government sectors and diplomatic entities in Russia and Belarus, employing both new and established techniques to maintain persistence in compromised systems.SECURELIST.COM
22 MayKeepnet contributes voice and SMS phishing data to the 2026 Verizon DBIRKeepnet, an Extended Human Risk Management (xHRM) platform, today announced that its voice and SMS phishing simulation data contributed to the 2026 Verizon Data Breach Investigations Report (DBIR). The 2026 edition is the first to include voice and SMS phishing simulation data at…HELPNETSECURITY.COM
22 MayAI Alone Won’t Stop the Breach: Why Email Security Needs Humans-on-the-Loop2026 has officially become the year of speed, scale and support. The delta between a phishing email landing and a full organizational compromise has shrunk to mere seconds. KNOWBE4.COM
22 MayVerizon DBIR: Healthcare Fends Off Increased Social Engineering AttacksRansomware and vendor breaches persist, but the 2026 Data Breach Investigations Report (DBIR) highlights how evolving social engineering tactics make the sector more vulnerable.DARKREADING.COM
22 MayFast and Furious – Nimbus Manticore Operations During the Iranian ConflictKey Findings Introduction During the recent geopolitical tensions in the Middle East, we reported on multiple Iran-nexus threat actors advancing Iran’s strategic objectives through cyber operations. These activities included targeting internet-connected cameras, co…RESEARCH.CHECKPOINT.COM
22 MayKash Patel’s clothing brand website shut down after reports it was hackedAccording to users on X, the website was hijacked by hackers in an attempt to trick visitors into installing malware.TECHCRUNCH.COM
22 MayMcDonald’s France resets accounts after customer data breachMcDonald’s France has confirmed that attackers accessed customer loyalty account information after a breach affecting partners tied to its McDo+ rewards program. The incident led to widespread fraud in which stolen loyalty points were reportedly used to place unauthorized food or…CYBERINSIDER.COM
22 MayNetherlands seizes 800 servers of hosting firm enabling cyberattacksFinancial crime investigators in the Netherlands (FIOD) arrested two men and seized 800 servers linked to a web hosting company that enabled cyberattacks, interference operations, and disinformation campaigns. [...]BLEEPINGCOMPUTER.COM
22 MayFirst VPN Dismantled in Global Takedown Over Use by 25 Ransomware GroupsAuthorities in Europe and North America have announced the dismantling of a criminal virtual private network (VPN) service used by criminal actors to obscure the origins of ransomware attacks, data theft, scanning, and denial-of-service attacks. The disruption of First VPN Servic…THEHACKERNEWS.COM
21 MayGitHub Internal Repositories Breached via Malicious Nx Console VS Code ExtensionGitHub on Wednesday officially confirmed that the breach of its internal repositories was the result of a compromise of an employee device involving a poisoned version of the Nx Console Microsoft Visual Studio Code (VS Code) extension. The development comes as the Nx team r…THEHACKERNEWS.COM
21 MayDragonica Lunaris - 126,293 breached accountsIn December 2025, the European Dragonica private server Dragonica Lunaris suffered a data breach. The incident exposed 126k email addresses, usernames, dates of birth and bcrypt password hashes. The service operator confirmed the breach and advised it has since been fixed.HAVEIBEENPWNED.COM
21 MayGrafana Labs Says Code Breach Stemmed from TanStack AttackGrafana Labs has confirmed a recent data breach was caused by the TanStack supply chain attackINFOSECURITY-MAGAZINE.COM
21 MayGitHub, Grafana Labs breaches traced back to TanStack supply chain compromiseGitHub CISO Alexis Wales has named the malicious VS Code extension behind the breach they suffered at the hands of the threat group TeamPCP: Nx Console, a popular developer tool with 2.2 million installs. A malicious version of the otherwise benign extension was used to steal sec…HELPNETSECURITY.COM
21 MayGitHub Breach Traced to Malicious 'Nx Console' VS Code ExtensionA threat actor compromised an Nx developer and posed as a legitimate maintainer to publish a malicious extension on Visual Studio MarketplaceINFOSECURITY-MAGAZINE.COM
21 MayGrafana Labs links GitHub environment breach to TanStack npm supply chain attackThe company behind the widely used observability platform refused an extortion demand and has since taken steps to harden its security.CYBERSECURITYDIVE.COM
21 MayCybercriminal VPN Dismantled in Europol CrackdownFirst VPN, a service used by ransomware actors and fraudsters, was dismantled by EuropolINFOSECURITY-MAGAZINE.COM
21 MayDefenders fall behind, as AI rewrites the rules of a data breachFor almost 20 years, stolen credentials have been the most common route for attackers into organizations, according to the Verizon Data Breach Investigations Report (DBIR). But that's no longer the case. Read more in my article on the Fortra blog.FORTRA.COM
20 MayMicrosoft disrupts malware code-signing service used by ransomware gangsMicrosoft has disrupted the infrastructure powering the largest malware code-signing service used to help ransomware groups and other cybercriminals make malicious programs harder to detect on Windows. The threat actors behind the service used stolen identities and impersonated l…CSOONLINE.COM
20 MayWhat happens when your identity provider becomes the kill chainIn this Help Net Security video, Colin Constable, CTO at Atsign, explains why your identity provider (IdP) has become the kill chain in cyberattacks. Attackers steal session cookies, tokens, or consent grants you’ve already issued and walk in behind you. Constable breaks do…HELPNETSECURITY.COM
20 MayFBI warns students and staff that ShinyHunters may come knocking after Canvas breachHaving receive a ransom payment for its attack on Canvas, ShinyHunters and other extortion gangs are only likely to be further incentivised to launch similar attacks in future. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
20 MayA malicious VS code extension just breached GitHub ‘s internal repositoriesOne employee installed a trojanized VS Code extension. Result: ~3,800 GitHub internal repositories exfiltrated. TeamPCP claims credit, wants $50K. There is something almost ironic about GitHub, the platform that hosts the code for most of the world’s software, getting breac…SECURITYAFFAIRS.COM
20 MayEncryption Consulting launches CertSecure Manager v3.3 with zero-touch certificate renewalsEncryption Consulting has released CertSecure Manager v3.3, which automates zero-touch certificate renewal across all major enterprise server platforms and extends CA support to 11 providers, including Google Public CA and AWS. Certificate-related outages can cost enterprises mil…HELPNETSECURITY.COM
20 MayGitHub Confirms Breach of Internal Repositories Via Malicious VS Code ExtensionThe prolific threat group TeamPCP has claimed a hack into GitHub’s internal repositoriesINFOSECURITY-MAGAZINE.COM
20 MayFox Tempest Linked to Malware-Signing Service Abusing Microsoft Artifact SigningFox Tempest, a financially motivated threat actor, has been linked to a large-scale malware-signing-as-a-service (MSaaS) operation that abused Microsoft’s Artefact Signing platform to enable cybercriminals to distribute malicious software that appeared to be trusted. According to…GBHACKERS.COM
20 MayMicrosoft Takes Down Malware-Signing Service Behind Ransomware AttacksMicrosoft on Tuesday said it disrupted a malware-signing-as-a-service (MSaaS) operation that weaponized the company's Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of machines and networks across the world. The …THEHACKERNEWS.COM
20 MayMicrosoft DurableTask Python Client Targeted in TeamPCP CyberattackThe ongoing TeamPCP software supply chain campaign has compromised the official Microsoft DurableTask Python client, a widely used package for orchestrating workflows in Python applications. Three versions of the durabletask package on PyPI, 1.4.1, 1.4.2, and 1.4.3, were identifi…GBHACKERS.COM
20 MayCustomers say Trump Mobile is leaking their personal informationTrump Mobile is leaking customers’ email and home addresses but has not responded to people alerting the company of the data exposure, according to two YouTubers who said they verified that their leaked data is authentic.TECHCRUNCH.COM
20 MayGitHub says hackers stole data from thousands of internal repositoriesThe code hosting giant GitHub said it was investigating a breach, but said there was no evidence of customer data theft.TECHCRUNCH.COM
20 MayGitHub discloses breach of 3,800 internal code repositories.Microsoft disrupts malware signing service. Business news: Akamai to acquire LayerX for $205 million.THECYBERWIRE.COM
20 May7-Eleven confirms breach after ShinyHunters claimsThe breach notification letters say 7-Eleven discovered the breach on April 8 and, after an investigation, determined that the cybercriminals gained access to “certain 7-Eleven systems used to store franchisee documents.”THERECORD.MEDIA
20 MayGitHub says internal repositories were impacted in poisoned VS Code extension attackGitHub said late Tuesday that internal repositories were exfiltrated after an employee device was compromised through a poisoned Visual Studio Code extension, an incident that underscores the growing risks facing software development platforms and the ecosystems built around thir…CYBERSCOOP.COM
20 May7-Eleven hit by data breachThe retailer confirmed that an unauthorized third party gained access to certain systems used to store franchisee documents earlier this spring.CYBERSECURITYDIVE.COM
20 MayMicrosoft disrupts cybercrime operation that hid behind legitimate softwareThe Fox Tempest malware-signing-as-a-service operation was linked to numerous ransomware attacks.CYBERSECURITYDIVE.COM
20 MayMeet Rampart and Clarity, Microsoft’s new red team combo AI agentsMicrosoft’s AI red team lead talked to CyberScoop about the goals behind open sourcing a pair of security tools meant for developers and incident responders. The post Meet Rampart and Clarity, Microsoft’s new red team combo AI agents appeared first on CyberScoop .CYBERSCOOP.COM
20 MayProcesses and Culture Top Reasons Behind Data BreachesGovernment leaders revealed that, in spite of state laws meant to improve cyber hygiene, an analysis of incidents showed issues persist and visibility falls short.DARKREADING.COM
20 MayInvestigating unauthorized access to GitHub’s internal repositoriesIf any impact is discovered, customers will be notified via established incident response and notification channels. The post Investigating unauthorized access to GitHub’s internal repositories appeared first on The GitHub Blog .GITHUB.BLOG
20 MayMini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theftCompromised @antv npm packages deploy the Mini Shai-Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and targets credentials across GitHub, AWS, Kubernetes, Vault, npm, and 1Password platforms. The post Mini Sh…MICROSOFT.COM
19 MayMini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer AccountCybersecurity researchers have discovered a fresh software supply chain attack campaign that has compromised various npm packages associated with the @antv ecosystem as part of the ongoing Mini Shai-Hulud attack wave. "The attack affects packages tied to the npm maintainer accoun…THEHACKERNEWS.COM
19 MayCompromised Nx Console VS Code Extension Steals Developer and Cloud SecretsNx Console’s popular VS Code extension was briefly weaponized into a credential-stealing tool that can leak developer and cloud secrets and plant a persistent backdoor. Anyone who installed v18.95.0 should treat their environment as fully compromised. On May 18, 2026, a malicious…GBHACKERS.COM
19 MayMini Shai-Hulud Attack Hits @antv npm PackagesA large-scale npm supply chain attack has compromised multiple widely used packages within the @antv ecosystem, to investigate what appears to be an active and rapidly evolving campaign linked to the Mini Shai-Hulud malware family. The attack centers on the compromise of the npm …GBHACKERS.COM
19 MayCompromised Nx Console 18.95.0 Targeted VS Code Developers with Credential StealerCybersecurity researchers have flagged a compromised version of the Nx Console extension that was published to the Microsoft Visual Studio Code (VS Code) Marketplace. The extension in question is rwl.angular-console (version 18.95.0), a popular user interface and plugin for code …THEHACKERNEWS.COM
19 MayGentlemen Ransomware Targets Windows, Linux, NAS, BSD, and ESXi SystemsThe Gentlemen ransomware operation has rapidly emerged as one of the most active and scalable cybercrime threats since its public appearance in the second half of 2025. The Gentlemen stands out for its ability to target a wide range of enterprise systems, including Windows, Linux…GBHACKERS.COM
19 MayPoland shifts away from Signal following cyberattacks on officials’ accountsPoland told officials to stop using the popular instant messaging app Signal after cyberattacks targeted government accounts. Poland has instructed government officials to stop using Signal for sensitive communications and move to a state-developed alternative. The decision follo…SECURITYAFFAIRS.COM
19 MayShinyHunters Takes Responsibility for Attack on Learning Management PlatformA cyberattack linked to the notorious threat group ShinyHunters has disrupted a widely used Learning Management System (LMS), impacting educational institutions and students across the United States. According to a Public Service Announcement (PSA) issued by the FBI on May 15, 20…GBHACKERS.COM
19 MayThe New Phishing Click: How OAuth Consent Bypasses MFAIn February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries. The targets of the platform received a message asking them to enter a short code at…THEHACKERNEWS.COM
19 MayCyberheistNews Vol 16 #20 [Heads Up] Today You Have Only 60 Seconds to Stop That Breach. Are You Ready?KNOWBE4.COM
19 MayLooking Back, Looking Forward: Digesting a Dynamic Bouillabaisse of Cyber EvolutionDark Reading editors reflect on two decades of dramatic change — from perimeter defense to assume-breach strategies — and warn that while AI, cloud, and COVID-19 have transformed the threat landscape, organizations are still failing at fundamental security hygiene that could stop…DARKREADING.COM
19 MaySelector extends AI-driven observability into multi-cloud environmentsSelector has announced the expansion of its platform with AI-powered multi-cloud observability capabilities. The extension of Selector’s AI-driven observability approach into multi-cloud environments enables organizations to correlate signals across the full hybrid path. By…HELPNETSECURITY.COM
19 MayWhen AI Starts Acting MaliciousKeith Hoodlet defines AI misalignment through observable security behavior: agents taking actions that resemble malicious hacking activity even when they were not instructed to perform offensive tasks. In this example, the AI was given benign objectives but reacted to surrounding…YOUTUBE.COM
19 MayMicrosoft Takes Down Fox Tempest for Providing Ransomware-Enabling Signing ToolMicrosoft’s Digital Crimes Unit has taken down the infrastructure of Fox Tempest, a prolific cybercrime-enabling threat groupINFOSECURITY-MAGAZINE.COM
19 MayMicrosoft disrupts cybercrime service that abused software verification systems en masseFox Tempest, a financially-motivated threat group, allowed ransomware operators and other cybercriminals to slip malware-laced software past security controls. The post Microsoft disrupts cybercrime service that abused software verification systems en masse appeared first on Cybe…CYBERSCOOP.COM
19 MayBiometrics, diagnoses, and bank details exposed in major healthcare breachNYC Health + Hospitals says attackers accessed its systems for months through a third-party vendor compromise, affecting at least 1.8 million people.MALWAREBYTES.COM
19 MayMicrosoft disrupts Fox Tempest malware-signing-as-a-service platform tied to ransomware gangsThe company unsealed a legal case in U.S. District Court on Tuesday detailing the disruption of Fox Tempest — a popular service that has operated since May 2025 and provides cybercriminals with code signing tools.THERECORD.MEDIA
19 MayCIRT insights: How to help prevent unauthorized account removals from AWS OrganizationsThe AWS Customer Incident Response Team works with customers to help them recover from active security incidents. As part of this work, the team often uncovers new or trending tactics used by various threat actors that take advantage of specific customer configurations and design…AWS.AMAZON.COM
19 MayExposing Fox Tempest: A malware-signing service operationFox Tempest is a financially motivated threat actor operating a malware‑signing‑as‑a‑service (MSaaS) used by other cybercriminals, including Vanilla Tempest and Storm groups, to more effectively distribute malicious code, including ransomware. The post Exposing Fox Tempest: A mal…MICROSOFT.COM
18 MayWeekly Update 504Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite It's a hot topic, the old "pay or don't pay" for hackers not to leak your data. Since recording this a few days ago…TROYHUNT.COM
18 MayGrafana Labs Confirms Security Incident Involving GitHub Codebase AccessGrafana Labs has confirmed a security incident involving unauthorized access to its internal GitHub environment, after a threat actor obtained a compromised access token and downloaded portions of the company’s codebase. The disclosure, made via an official statement on May 17, 2…GBHACKERS.COM
18 MayHackers Abuse Cloudflare Storage to Exfiltrate Network FilesA sophisticated cyber espionage campaign targeting multiple Malaysian organizations has been uncovered, revealing a highly structured attack chain that blends custom tooling, cloud infrastructure, and stealthy data exfiltration. At the center of the operation is an Azure virtual …GBHACKERS.COM
18 MayPaper Werewolf APT Spreads EchoGather RAT via Fake Adobe InstallerA sophisticated Russian-language threat cluster known as Paper Werewolf (also tracked as GOFFEE) has launched a fresh wave of targeted cyberattacks against Russian industrial, financial, and transport organizations between March and April 2026. The attack begins with a …GBHACKERS.COM
18 MayThe Canvas breach proved that prevention is no longer enoughCybercriminals brought down the most widely used learning platform in North America. The Canvas breach is a blueprint for how SaaS attacks now work — and a warning about how unprepared most organizations still are. The post The Canvas breach proved that prevention is no longer en…CYBERSCOOP.COM
18 MayNYC Health and Hospitals says hackers stole medical data and fingerprints during breach affecting at least 1.8 million peopleThe New York public healthcare system said hackers stole personal and medical data, and scans of biometrics — including fingerprints — in one of the largest recorded breaches of 2026.TECHCRUNCH.COM
18 MayFuel Tank Breaches Expand Scope of Iran's Cyber OffensiveSecurity experts have long warned that insecure automatic tank gauge (ATG) systems exposed on the Internet can be tampered with by threat actors.DARKREADING.COM
18 MayGrafana refuses to pay ransom after codebase theftOn Saturday night, the company released a statement confirming the incident and outlining their decision not to pay a ransom issued by the hackers behind the attack.THERECORD.MEDIA
18 MayMore than 200 arrested in cyber raids aimed at Middle East scam networksInvestigators found hundreds of compromised devices that were used as part of the cybercriminal operation and notified device owners as part of the raids.THERECORD.MEDIA
18 MayAddi - 34,532,941 breached accountsIn March 2026, the Colombian fintech company Addi identified unauthorised activity on its platform and advised customers that "it is possible that your personal information may have been compromised". The "pay or leak" extortion group ShinyHunters subsequently claimed responsibil…HAVEIBEENPWNED.COM
16 MayCybercriminal Twins Caught After They Forgot to Turn Off Microsoft Teams RecordingPlus: Instructure’s Canvas ransomware debacle comes to a close, an alleged dark net market kingpin gets arrested, OpenAI workers fall victim to a supply chain attack, and more.WIRED.COM
16 MayRussian APT Turla builds long-term access tool with Kazuar Botnet evolutionRussia-linked APT group Turla turned its Kazuar malware into a stealthy P2P botnet for long-term access to compromised systems. Russia-linked APT group Turla upgraded its Kazuar backdoor into a modular peer-to-peer botnet designed for stealth and persistent access to infected sys…SECURITYAFFAIRS.COM
15 MayTaiwan Incident Highlights Cybersecurity Gaps in Rail SystemsA Taiwanese student experimenting with software-defined radio technology shut down three bullet trains for nearly an hour, leading to an anti-terrorism response.DARKREADING.COM
15 MayWindows 11 and NVIDIA hacked on the first day of Pwn2Own Berlin 2026Researchers earned more than half a million dollars on the opening day of Pwn2Own Berlin 2026 after successfully demonstrating 24 previously unknown vulnerabilities across AI platforms, NVIDIA software, Windows 11, Linux systems, and developer tools. The first day of the hacking …CYBERINSIDER.COM
15 MayOpenAI confirms exposure in recent ‘Shai-Hulud’ supply-chain attackOpenAI says a recent software supply-chain attack tied to the “Mini Shai-Hulud” malware campaign impacted two employee devices and exposed limited internal credentials, prompting the company to rotate code-signing certificates for its desktop applications. The company said it fou…CYBERINSIDER.COM
15 MayInside The Gentlemen Ransomware Leak: When the Hunter Becomes the HuntedInside The Gentlemen Ransomware Leak: When the Hunter Becomes the Hunted Ransomware groups spend their days breaking into networks, stealing data, and pressuring victims into paying. They rarely find themselves on the other side of that equation. But in early May 2026, one of the…SOCRADAR.IO
15 MayGunra Ransomware Expands RaaS After Conti Locker ShiftGunra ransomware is rapidly evolving into a more structured and dangerous cybercrime operation after shifting from a Conti-based locker to its own Ransomware-as-a-Service (RaaS) model. First discovered in April 2025, the group initially targeted a small number of victims, but its…GBHACKERS.COM
15 MayAttackers replaced JDownloader installer downloads with malwareThe JDownloader website was compromised and installer download links served malware for several days.MALWAREBYTES.COM
15 MayMore than $10 million stolen from crypto platform THORChainTHORChain officials said the investigation into the incident is ongoing but explained that one of their six vaults was compromised, leading to a loss of about $10.7 million.THERECORD.MEDIA
15 MayYour NPM Package Is Stealing SecretsMalicious versions of the Node IPC NPM package contained heavily obfuscated payloads designed to steal developer and cloud credentials. The malware targeted AWS, Azure, GCP, GitHub, Kubernetes, Terraform, SSH keys, and dozens of other secret categories while disguising outbound t…YOUTUBE.COM
14 MayWelcoming the Bahamian Government to Have I Been PwnedPresently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite Today, we welcome the 44th government onboarded to Have I Been Pwned’s free gov service: The Bahamas. The National Computer Inci…TROYHUNT.COM
14 MayWhen ransomware gets physical: cybercriminals turn to threats of violencePay up, or we'll pay someone to pay you a visit. Cybercrime gangs are increasingly turning to real-world threats - and even hiring local muscle to deliver the message. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
14 MayFamousSparrow targets Azerbaijani energy sector in multi-wave espionage campaignChinese-linked FamousSparrow repeatedly targeted an Azerbaijani oil and gas company, reusing the same entry point in three intrusions from Dec 2025 to Feb 2026. Chinese-linked threat actor FamousSparrow has conducted a sustained intrusion campaign against an Azerbaijani oil and g…SECURITYAFFAIRS.COM
14 MayNitrogen Ransomware claims massive data theft from FoxconnFoxconn confirmed a cyberattack on some North American factories. The Nitrogen ransomware group claims it stole 8TB of data from the firm. Foxconn confirmed that several of its North American factories were affected by a cyberattack. The manufacturer confirmed it was targeted by …SECURITYAFFAIRS.COM
14 MayBreachForums & TeamPCP Promote Supply Chain Competition as Cybercrime Gets GamifiedBreachForums & TeamPCP Promote Supply Chain Competition as Cybercrime Gets Gamified Underground cybercrime communities are increasingly borrowing ideas from legitimate tech ecosystems: branding, public challenges, shared tools, reputation building, and even prize-based compet…SOCRADAR.IO
14 MayMicrosoft Research: AI Can Generate Realistic Command-Line and Process TelemetryA new approach showing how artificial intelligence can generate highly realistic command-line data and process telemetry potentially transforming how security teams build and test threat detection systems. Logs and telemetry form modern cybersecurity risk, powering threat detecti…GBHACKERS.COM
14 MayLATAM Under Siege: Agent Tesla’s 18-Month Credential Theft Campaign Against Chilean EnterprisesCredential theft malware rarely announces itself with ransomware-level noise. Instead, it operates like a silent siphon hidden inside everyday business workflows: invoices, payroll files, purchase orders, procurement requests. Agent Tesla campaigns are especia…ANY.RUN
14 MayFoxconn Attack Highlights Manufacturing's Cyber CrisisA Nitrogen ransomware attack on Foxconn's North American facilities is one of 600 hits on manufacturers this year, as gangs increasingly target the sector for its low tolerance for downtime.DARKREADING.COM
14 MayTop 5 Surface Web Hacker Forums in 2026Top 5 Hacker Forums on the Surface Web Security teams often associate cybercrime forums exclusively with the Dark Web and Tor. However, several of the most active underground communities now operate openly on the surface web, accessible via standard browsers and indexed infrastru…SOCRADAR.IO
14 MaySandworm Hackers Shift From IT Breaches to Critical OT TargetsA new wave of cyber activity linked to the notorious Sandworm group is raising fresh alarms across global critical infrastructure. Security researchers warn that the Russian state-backed threat actor is no longer just infiltrating IT networks it is actively pivoting into operatio…GBHACKERS.COM
14 MayLABScon25 Replay | Breach Alpha: Trading on Cyber FalloutMick Baccio and Scott Roberts examine whether public breach signals and market timing models can turn cyber incidents into actionable trading opportunities.SENTINELONE.COM
14 MayWhen Nobody Reports the ThreatSecurity teams often depend on users or employees to report suspicious behavior, anomalies, or identity-related issues. But humans naturally assume another person will step in first. That creates a dangerous reporting gap. If everyone ignores unusual activity because they expect …YOUTUBE.COM
14 MayMajor tech manufacturer Foxconn confirms cyberattack hit North American factoriesThe ransomware group Nitrogen claimed responsibility for the attack and said it stole 8 terabytes of data spanning more than 11 million files belonging to the company’s top customers. The post Major tech manufacturer Foxconn confirms cyberattack hit North American factories appea…CYBERSCOOP.COM
14 MayWest Pharmaceutical starts restoring operations after ransomware attackThe company confirmed data was stolen and encrypted by the attackers.CYBERSECURITYDIVE.COM
14 MayFighting AI-Assisted Ransomware ThreatsThis Anti-Ransomware Day, it's important to recognize the ever-changing landscape of cyber threats and how organizations can fortify their defenses. The evolution from traditional ransomware to cyber extortion over the last few years reflects a professionalized, decentralized eco…KNOWBE4.COM
13 MayGemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal DataCybersecurity researchers are calling attention to a new campaign dubbed GemStuffer that has targeted the RubyGems repository with more than 150 gems that use the registry as a data exfiltration channel rather than for malware distribution. "The packages do not appear designed fo…THEHACKERNEWS.COM
13 MayRansomware Gangs Use BYOVD and EDR Killers to Disable Security ToolsRansomware is evolving faster than many defenses can keep up. In 2026, attackers are no longer just encrypting files they are systematically dismantling security tools, stealing sensitive data, and even preparing for a post-quantum future. Despite a slight global decline in ranso…GBHACKERS.COM
13 MayInfostealer Malware Fuels Corporate Breaches From Personal DevicesInfostealer malware is no longer just a consumer nuisance it has become a direct bridge between personal device infections and full-scale enterprise breaches. Once these credentials are harvested and posted on dark web forums, attackers gain immediate footholds into corporate env…GBHACKERS.COM
13 MayQ1 2026 Ransomware Attacks Hits 2,122 Orgs Amid Fewer, More Impactful GroupsRansomware activity remained elevated in Q1 2026, continuing the trend established over the past year. The latest State of Ransomware Q1 2026 report reveals that 2,122 organizations were listed on ransomware data leak sites (DLS), marking the second-highest Q1 total on record. Wh…GBHACKERS.COM
13 MayCanada Life - 237,810 breached accountsIn April 2026, Canada Life was the victim of a "pay or leak" extortion campaign by the ShinyHunters group . The group subsequently published the data which contained over 200k unique email addresses along with names, phone numbers, physical addresses and, in some cases, customer …HAVEIBEENPWNED.COM
13 MayOptimize Legal Operations as the CISO Role Changes to Address Skills Gaps and AI - BSW #447Legal departments are under continual pressure to solve problems effectively and integrate innovative technology all while reducing costs and complexity. Enter cybersecurity, a complex and potentially costly risk. How should legal departments prepare? Walter Wilkens, Head of Deli…YOUTUBE.COM
13 MayNew SOC-Ready Reporting for Faster Triage, Escalation, and Incident Response with ANY.RUNSuccessful SOC operations require more than accurate detections. Instant access to context, clear conclusions, and operationally relevant insights allow incidents to move across workflows without delays: Making ANY.RUN’…ANY.RUN
13 MayInstructure settles with hackers following massive student data theftEducational tech firm Instructure reached a deal with hackers after a major Canvas breach exposed data stolen from schools and universities. Educational tech firm Instructure says it reached an agreement with the cybercrime group behind a major Canvas data theft, after attackers …SECURITYAFFAIRS.COM
13 MayRansomware: Over Half of CISOs Would Consider Paying Ransom to HackersSurvey of cybersecurity leaders suggests that majority would strongly consider paying cybercriminals, if that’s what it took to help restore encrypted systemsINFOSECURITY-MAGAZINE.COM
13 MayCanvas owner reaches ‘agreement’ with threat actors after data breachCybersecurity experts suggest that Instructure appears to have made a ransomware payment, which the FBI highly discourages.CYBERSECURITYDIVE.COM
13 MayThus Spoke…The GentlemenKey Points Introduction The Gentlemen ransomware‑as‑a‑service (RaaS) operation is a relatively new group that emerged around mid‑2025. Its operators advertise the service across multiple underground forums, promoting their ransomware platform and inviting penetration testers and …RESEARCH.CHECKPOINT.COM
13 MayTuskira’s Kairo exposes hidden AI-driven breach pathsTuskira has announced the launch of Kairo, a breach modeling capability that detects deep, hidden breach paths by leveraging its security data mesh and digital twin technology. Kairo helps security teams improve breach resilience by modeling how attackers can leverage new AI mode…HELPNETSECURITY.COM
13 MayUS lawmakers demand answers from Instructure after Canvas data breachesU.S. House lawmakers want to know how hackers broke into education tech giant Instructure twice, and stole reams of data from students who use the company's flagship student data software Canvas.TECHCRUNCH.COM
13 MayThe Real Work Starts After BreachAfter a cyberattack, the first priority is containment and forensic analysis. But according to Walter Wilkens, another major phase begins immediately after: data mining the breached environment to determine what sensitive information was exposed. That includes identifying PII (pe…YOUTUBE.COM
13 MayCanvas Owner Reaches Agreement With Cybercriminals After Ransomware AttackInstructure says it reached an agreement with ShinyHunters over the Canvas breach dataINFOSECURITY-MAGAZINE.COM
13 MayRansomware hackers claim breach at Foxconn, a major electronics manufacturer for Apple, Google, and NvidiaA ransomware group has claimed responsibility for hacking the electronics manufacturing giant Foxconn, and is attempting to extort the company.TECHCRUNCH.COM
13 MayHackers Claim 11M Files Stolen From Foxconn, Supplier to Apple and NvidiaFoxconn confirmed a North American cyberattack after Nitrogen claimed it had stolen 11M files tied to major tech customer projects. The post Hackers Claim 11M Files Stolen From Foxconn, Supplier to Apple and Nvidia appeared first on TechRepublic .TECHREPUBLIC.COM
13 MayCanvas Breach Hackers Reach Deal After Claiming 275M Records StolenInstructure reached a deal with the Canvas hackers after they claimed to have stolen data tied to nearly 9,000 schools and 275 million people. The post Canvas Breach Hackers Reach Deal After Claiming 275M Records Stolen appeared first on TechRepublic .TECHREPUBLIC.COM
13 MayGoogle Enhances Android Mobile Security with New AI-powered ProtectionsMobile devices have become ground zero for a ruthless wave of cyberattacks, with invisible threat actors draining bank accounts and hijacking digital identities before victims even realize they’ve been compromised. Now, Google is striking back with a massive counteroffensiv…GBHACKERS.COM
13 MayFoxconn confirms cyberattack affecting some North American facilitiesA ransomware group has claimed a major attack against the electronics manufacturer.CYBERSECURITYDIVE.COM
13 MayStudent Messages Were the Real TargetMost breach headlines focus on passwords, credit cards, or government IDs. This breach hit somewhere more personal. Attackers reportedly breached Canvas — a learning platform used across colleges and universities — and may have accessed billions of private inbox messages exchange…YOUTUBE.COM
13 MayOpenLoop Health confirms January 2026 Data breach affecting 716,000In January 2026, telehealth infrastructure firm OpenLoop Health suffered a security breach that exposed information of 716,000 people. OpenLoop Health confirmed a January 2026 cyberattack that exposed personal information of 716,000 individuals using its telehealth services. The …SECURITYAFFAIRS.COM
13 MaySmashing Security podcast #467: How ShinyHunters hacked the world’s biggest universitiesWelcome to the largest educational data breach in history - affecting nearly 9,000 institutions, every Ivy League university, and 30 million students mid-finals. When Canvas's parent company refused to pay and announced they had deployed "security patches" instead, the hackers we…GRAHAMCLULEY.COM
12 MayCheckmarx Jenkins AST Plugin Compromised in KICS Supply Chain AttackSupply chain campaign has now extended to Checkmarx’s Jenkins ecosystem, with attackers pushing a malicious Checkmarx Jenkins AST plugin to the official Jenkins Marketplace as part of the ongoing KICS/Trivy-linked compromise. The rogue release is identified as version 2026.5.09 a…GBHACKERS.COM
12 May84 npm Packages Linked to TanStack Hit by Supply-Chain BreachA massive supply chain breach affecting 84 npm packages within the widely used TanStack ecosystem. Malicious actors compromised these packages by injecting a sophisticated credential-stealing tool designed to target continuous integration environments such as GitHub Actions. Pack…GBHACKERS.COM
12 MayInstructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas LeakAmerican educational technology company Instructure, the parent company of Canvas, said it reached an "agreement" with a decentralized cybercrime extortion group after it breached its network and threatened to leak stolen information from thousands of schools and universities. In…THEHACKERNEWS.COM
12 MayState of ransomware in 2026Kaspersky researchers are sharing insights into the main ransomware trends for 2026: EDR killers on the rise, switching from data encryption to data leaks, and more.SECURELIST.COM
12 MayMicrosoft Warns: MistralAI PyPI Package Compromised with MalwareMistral’s official Python client on PyPI has been pulled into the ongoing wave of AI supply‑chain attacks, with Microsoft warning that version 2.4.6 of the mistralai package was backdoored to silently deploy a credential‑stealing payload on Linux systems. The logic is designed to…GBHACKERS.COM
12 MayStolen Canvas data was “returned” after hacker agreement, Instructure saysInstructure says the stolen Canvas data impacting millions of students and staff was “returned.” That’s not how breaches work.MALWAREBYTES.COM
12 MaySouth Staffordshire Water Fined £1m After Data BreachThe ICO has fined South Staffordshire Water nearly £1m for a series of data protection failingsINFOSECURITY-MAGAZINE.COM
12 MayCushman & Wakefield - 310,431 breached accountsIn May 2026, the real estate services firm Cushman & Wakefield was the target of a "pay or leak" extortion campaign by the ShinyHunters group . Following the threat, the group publicly published data they alleged had been obtained from the firm, consisting mostly of C&W email…HAVEIBEENPWNED.COM
12 MayState-sponsored actors, better known as the friends you don’t wantResponding to a state-sponsored threat is nothing like responding to ransomware, and the differences can make or break the outcome. Learn why your IR plan might need revisiting, and the factors you should consider.TALOSINTELLIGENCE.COM
12 MayNew ‘Shai-Hulud’ attack breached hundreds of npm and PyPI packagesA rapidly expanding supply-chain attack tied to the “Mini Shai-Hulud” malware campaign has compromised more than 400 package artifacts across npm, PyPI, and Composer repositories. The breached projects include widely used libraries from TanStack, Mistral AI, UiPath, OpenSearch, a…CYBERINSIDER.COM
12 MayHackers Hijack Microsoft Teams Accounts to Spread ModeloRAT MalwareHackers are now abusing hijacked Microsoft Teams accounts and fake IT helpdesk chats to push a new, undocumented version of the Python‑based ModeloRAT into corporate environments. Instead, they use compromised or newly created Microsoft Teams accounts that impersonate internal IT…GBHACKERS.COM
12 MayANY.RUN & Elastic Security: Bring Threat Intelligence into Detection and Investigation WorkflowsSecurity teams don’t lack data. They lack timely, usable intelligence. Analysts spend too much time validating indicators, switching between tools, and figuring out what actually matters. This introduces delays and puts organizations at risk of a mis…ANY.RUN
12 MayCushman and Wakefield Confirms Data Breach Impacting Over 310,000 AccountsGlobal real estate powerhouse Cushman & Wakefield is the latest casualty in an escalating war of corporate extortion. Following a tense “pay or leak” standoff, the notorious ShinyHunters threat syndicate has carried out its threat, dumping hundreds of thousands of…GBHACKERS.COM
12 MayInstructure strikes deal with hackers who breached it twiceThe maker of the Canvas school software said it "reached an agreement" with the hackers, but provided no guarantees that the hackers would not release the data or keep their word.TECHCRUNCH.COM
12 MayInstructure pays ransom after Canvas incident as Congress announces investigationThe company said its agreement with the hackers involved their data being “returned” to them and digital confirmation of data destruction.THERECORD.MEDIA
12 MayCanvas owner reaches agreement with ShinyHunters, says user data was deletedInstructure says it reached an agreement with the threat actors behind the recent cyberattack targeting its Canvas learning platform. The company stated that stolen data was returned and that the attackers provided “digital confirmation of data destruction.” The attack was previo…CYBERINSIDER.COM
12 MayInstructure took a risky approach to recover stolen Canvas dataInstructure, the company behind the online learning platform Canvas, said it reached an agreement with the extortion group ShinyHunters to prevent data stolen in a recent breach from being leaked online. According to the company’s website, Canvas has more than 30 million active u…HELPNETSECURITY.COM
12 MayIdentity takes center stage as a leading factor in enterprise cyberattacksA new report shows two-thirds of ransomware attacks began with an identity-related breach.CYBERSECURITYDIVE.COM
12 MayHugging Face Packages Weaponized With a Single File TweakA tokenizer library file present in Hugging Face AI models can be manipulated to hijack the model's outputs and exfiltrate data.DARKREADING.COM
12 MayReport: Most Phishing Attacks Abuse Trusted ServicesPhishing attacks are increasingly abusing trusted services to evade security filters, according to VIPRE’s Email Threat Trends Report for Q1 2026. The two primary methods of delivery were compromised accounts at 33% and free email services 32%. Additionally, just under 90% of att…KNOWBE4.COM
12 MayWest Pharmaceutical warns of ransomware attack impacting business operationsWest Pharmaceutical Services filed a report with the Securities and Exchange Commission (SEC) on Monday evening warning customers that a hacker breached the company network on May 4, stole data and encrypted systems.THERECORD.MEDIA
12 MayFoxconn confirms cyberattack impacting North American factoriesA spokesperson for the company confirmed the incident but declined to provide specifics on how many factories in North America were impacted. Foxconn has factories in Wisconsin, Ohio, Texas, Virginia, Indiana and several across Mexico.THERECORD.MEDIA
12 MayFoxconn Ransomware Attack Shows Nothing Is Safe ForeverFamous for helping build Apple's iPhones, Foxconn just suffered another cyberattack, highlighting the perils of warehousing some of the world's most valuable data.WIRED.COM
12 MayMini Shai-Hulud Strikes Again: TanStack + more npm Packages CompromisedDetect and mitigate malicious npm packages linked to the latest Mini Shai-Hulud supply chain campaign targeting high-value developer tooling.WIZ.IO
11 MayWelcoming the Costa Rican Government to Have I Been PwnedPresently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite Today, we welcome the 42nd government onboarded to Have I Been Pwned’s free gov service: Costa Rica. The CSIRT of the Government…TROYHUNT.COM
11 MayWeaponized JPEG file Drops Trojanized ScreenConnect MalwareHackers are abusing a weaponized JPEG file to quietly install a trojanized version of the ConnectWise ScreenConnect remote‑access tool on Windows systems, enabling full surveillance, credential theft, and long‑term control over compromised networks. The campaign shows how a simpl…GBHACKERS.COM
11 MayZara Data Breach Impacts Nearly 200,000 CustomersShinyHunters gets away with emails and other data on 200,000 Zara customersINFOSECURITY-MAGAZINE.COM
11 MayThe State of Ransomware – Q1 2026Key Findings Ransomware in Q1 2026: Consolidation at Scale During the first quarter of 2026, we monitored more than 70 active data leak sites (DLS) that collectively listed 2,122 new victims. This figure represents a 12.2% decline from the Q4 2025 all-time record of 2,416 victims…RESEARCH.CHECKPOINT.COM
11 MayShinyHunters Escalates Canvas Extortion with School by School Ransom CampaignShinyHunters has escalated its Canvas extortion campaign, defacing hundreds of school login pages and threatening to leak stolen data unless institutions negotiateINFOSECURITY-MAGAZINE.COM
11 MayUK water company allowed hackers to lurk undetected for nearly two years, regulator findsThe Information Commissioner's Office (ICO) fined South Staffordshire Water £963,900 ($1.3 million) on Monday over an attack by the Cl0p ransomware group that led to the personal data of 633,887 customers and employees being published in August 2022.THERECORD.MEDIA
11 May11th May – Threat Intelligence ReportFor the latest discoveries in cyber research for the week of 11th May, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Instructure, the US education technology company behind the Canvas learning platform, has confirmed a major data breach affecting its …RESEARCH.CHECKPOINT.COM
11 MayCyber Espionage Group Targets Aviation Firms to Steal Map DataThe campaign quietly compromises aerospace and drone operators to exfiltrate GIS files, terrain models, and GPS data and gain a clear picture of adversaries' world view.DARKREADING.COM
11 MayA 2nd Canvas data breach causes major disruptions for schools, collegesThe Instructure-owned learning management system went offline on May 7 after a threat actor once again gained unauthorized access.CYBERSECURITYDIVE.COM
11 MayPoor security left hackers inside water company network for nearly two yearsThe UK’s data protection regulator, the Information Commissioner’s Office (ICO), fined South Staffordshire Water’s parent company £963,900 over security failures linked to a cyberattack that exposed the personal data of 633,887 people. According to the ICO, the South Staffordshir…HELPNETSECURITY.COM
11 MayZimperium Mobile App Response Agent helps security teams counter mobile attacksZimperium launched Mobile App Response Agent, enabling security teams to respond faster than ever before to fraud and security threats. Leveraging Zimperium’s expertise in mobile security, Mobile App Response Agent is part of Zimperium’s Mobile App Protection Suite (MAPS), empowe…HELPNETSECURITY.COM
11 MayWelcoming the Bangladesh Government to Have I Been PwnedPresently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite Today, we welcome the 43rd government onboarded to Have I Been Pwned's free gov service, Bangladesh. The BGD e-GOV CIRT department…TROYHUNT.COM
10 MayCyberWire Daily at 10: The evolution of geopolitics and warfare.In this special edition of CyberWire Daily’s 10th anniversary series, N2K CyberWire's Maria Varmazis and Dave Bittner discuss cybersecurity geopolitics and warfare that have been in the news over the past 10 years. Our conversation treks around the globe beginning with the su…THECYBERWIRE.COM
10 MaySecurity Affairs newsletter Round 576 by Pierluigi Paganini – INTERNATIONAL EDITIONA new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Quasar Linux RAT (QLNX): A Fi…SECURITYAFFAIRS.COM
10 MayWeekly Update 503Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite Well, it's the day before the Instructure "pay or leak" deadline (at least by my Aussie watch), and the company remains …TROYHUNT.COM
9 MayBraintrust security incident raises concerns over AI supply chain risksBraintrust warned customers to rotate API keys after hackers breached an AWS account, exposing secrets tied to cloud-based AI models. AI observability startup Braintrust warned customers to rotate API keys after attackers gained unauthorized access to one of the company’s AWS acc…SECURITYAFFAIRS.COM
8 MayCanvas Breach Disrupts Schools & Colleges NationwideAn ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the service's login page with a ransom demand tha…KREBSONSECURITY.COM
8 MayThe Canvas Hack Is a New Kind of Ransomware DebacleThousands of schools around the US were paralyzed on Thursday after education tech firm Instructure shut down access to its Canvas platform following a breach by hackers going by the name ShinyHunters.WIRED.COM
8 MayHackers Use Morse Code to Trick Grok and Bankrbot, Steal $200K in Crypto TokensThreat actors have successfully executed a novel prompt injection attack against artificial intelligence agents, draining approximately $200,000 in cryptocurrency. By using Morse code to bypass standard AI safety filters, an attacker tricked the Grok AI model and an autonomous wa…GBHACKERS.COM
8 MayZara - 197,376 breached accountsIn April 2026, the fashion brand Zara was among a number of organisations targeted by the ShinyHunters extortion group as part of their "pay or leak" campaign. The group claimed the breach was related to a compromise of the Anodot analytics platform and subsequently published a t…HAVEIBEENPWNED.COM
8 MayPCPJack Campaign Boots TeamPCP Off Compromised MachinesSentinelOne believes the PCPJack campaign may be the brainchild of a former TeamPCP memberINFOSECURITY-MAGAZINE.COM
8 MayCanvas outage hits thousands of universities as ShinyHunters threatens leakA major outage impacting Canvas, one of the world’s most widely used learning management systems, disrupted universities and school districts across the United States and worldwide. The disruption came after threat actors linked to the ShinyHunters extortion group breached the pa…CYBERINSIDER.COM
8 MayAvantra’s new AI can diagnose SAP failures in secondsAvantra launched Avantra 26, an advancement in AI-driven operations, strengthening native integration with SAP Cloud ALM, and delivering automated visibility across SAP Business Technology Platform (BTP). Avantra also announced Avantra AIR Root Cause Analyzer, an AI-powered intel…HELPNETSECURITY.COM
8 MayFormer IT contractor convicted for wiping 96 US government databasesA federal jury has convicted a Virginia man for his role in a retaliatory cyberattack that wiped dozens of US government databases after he and his twin brother were fired from a federal contractor in 2025. Prosecutors said the attack affected systems used by more than 45 federal…CYBERINSIDER.COM
8 MayMicrosoft says Edge’s plaintext password behavior is “by design”A researcher found Edge loads saved passwords into computer memory when it starts, making them easier to steal if a device is already compromised.MALWAREBYTES.COM
8 MayYou Have 60 Seconds to Stop the Breach. Are You Ready?2026 has officially become the year of speed, scale and support The delta between a phishing email landing and a full organizational compromise has shrunk to mere seconds.KNOWBE4.COM
8 MayPro-Ukraine BO Team and Head Mare hackers appear to team up in attacks against RussiaResearchers at Moscow-based cybersecurity firm Kaspersky said they identified overlapping infrastructure and tools used by both groups — including command-and-control systems operating on the same compromised host — suggesting some coordination.THERECORD.MEDIA
8 MayShinyHunters claims nearly 9,000 schools affected by Canvas data breachThe group that stole data from Instructure users claims that it will release the data of students from nearly 9,000 education institutions around the country. The post ShinyHunters claims nearly 9,000 schools affected by Canvas data breach appeared first on CyberScoop .EDSCOOP.COM
8 MayInstructure confirms cybersecurity incidentThe ed tech company that operates Canvas said information impacted by the data breach includes messages, names, email addresses and student ID numbers.CYBERSECURITYDIVE.COM
8 MayAnthropic’s Claude used in attempted compromise of Mexican water utilityResearchers warn the incident highlights how AI tools can help untrained threat actors develop complex cyberattack capabilities.CYBERSECURITYDIVE.COM
8 MayZara Data Breach: 197,000 Customers Exposed in Third-Party Security IncidentNearly 200,000 Zara customers were exposed in a third-party breach linked to ShinyHunters, revealing emails, purchase history, and support data. Personal data belonging to nearly 197,000 Zara customers has been compromised following a cyberattack on a former technology provider u…SECURITYAFFAIRS.COM
8 MayPoland says hackers breached water treatment plants, and the U.S. is facing the same threatA report by Poland’s top intelligence agency accused Russia of sabotage and hacking activities against the country’s military and civilian infrastructure.TECHCRUNCH.COM
8 MayCyberattacks on Poland’s Water Plants: A Blueprint for Hybrid WarfarePoland’s ABW confirmed hackers breached ICS at five water plants, gaining ability to alter equipment settings. Russia-linked APT groups suspected. Poland’s Internal Security Agency (ABW) has published a detailed account of a sustained campaign targeting the country’s water …SECURITYAFFAIRS.COM
8 MayRansomHouse says it breached Trellix and exposes internal systemsRansomHouse claimed responsibility for the Trellix breach, adding the security firm to its Tor data leak site and sharing screenshots of internal systems. The RansomHouse ransomware group has claimed responsibility for the recent cyberattack on cybersecurity firm Trellix. To supp…SECURITYAFFAIRS.COM
8 MayDevelopers Are the New TargetA Linux RAT known as Quasar is reportedly targeting developers instead of end users. The malware focuses on stealing Git credentials, NPM tokens, PyPI credentials, and other secrets tied to software repositories. Once attackers gain access to developer accounts, they may be able …YOUTUBE.COM
7 MayWoflow - 447,593 breached accountsIn March 2026, the AI-driven merchant data platform Woflow was named as a victim by the ShinyHunters data extortion group . The group subsequently published tens of thousands of files allegedly obtained from the company, comprising more than 2TB of data. The trove included hundre…HAVEIBEENPWNED.COM
7 MayDay Zero Readiness: The Operational Gaps That Break Incident ResponseHaving an incident response retainer, or even a pre-approved external incident response firm, is not the same as being ready for an incident. A retainer means someone will answer the phone. Operational readiness determines whether that team can do meaningful work the moment they …THEHACKERNEWS.COM
7 MayPolish intelligence warns hackers attacked water treatment control systemsThe agency did not publicly attribute the incidents to a specific group or country but said Poland faced intensified hostile cyber activity in 2024 and 2025, “with particular emphasis on the special services of the Russian Federation.”THERECORD.MEDIA
7 MayWorld's First AI-Driven Cyberattack Couldn't Breach OT SystemsThe most sophisticated AI-integrated campaign to date hit a brick wall in the form of a SCADA login screen.DARKREADING.COM
7 MayOne Click, Total Shutdown: The "Patient Zero" Webinar on Killing Stealth BreachesThe hardest part of cybersecurity isn't the technology, it’s the people. Every major breach you’ve read about lately usually starts the same way: one employee, one clever email, and one "Patient Zero" infection. In 2026, hackers are using AI to make these "first clicks" nearly im…THEHACKERNEWS.COM
7 MayNorth Carolina man pleads guilty to doxxing Supreme Court justicesThe incident underscores the dangers public officials face from doxxing, as well as how easy it has become to find sensitive information online.THERECORD.MEDIA
7 MayHackers hack victims hacked by other hackersAn unknown group of hackers is breaking into systems previously breached by the cybercrime group TeamPCP. Once inside, the hackers immediately kick out TeamPCP and remove its hacking tools from the victims’ systems.TECHCRUNCH.COM
7 MayUnplug your way to better codeCybersecurity concepts — logs, packets, DNS exfiltration, and more — are usually intangible, and its practitioners are prone to mental fatigue, Amy takes a second to yell at you to go touch grass.TALOSINTELLIGENCE.COM
7 May“ClaudeBleed” allows any Chrome extension to control Anthropic’s AI assistantA critical flaw in Anthropic’s “Claude in Chrome” browser extension allows any Chrome extension, even one with zero permissions, to hijack Claude’s AI capabilities and perform sensitive actions on behalf of users. The issue, discovered by LayerX and dubbed “ClaudeBleed,” could en…CYBERINSIDER.COM
7 MayHackers deface school login pages after claiming another Instructure hackThe cybercrime group ShinyHunters claimed to have hacked Instructure again, defacing the login pages of several Instructure customer schools with an extortion message.TECHCRUNCH.COM
7 MayVPN Access Without Open PortsThreatLocker is adding remote-access functionality directly into its existing endpoint agent. The idea is similar to tools like Tailscale, WireGuard, or Cloudflare Tunnel: create secure connections to devices without exposing ports to the public internet. That changes the traditi…YOUTUBE.COM
6 MayQLNX Targets Developers in Supply Chain Credential Theft CampaignQLNX is a newly documented Linux remote access trojan (RAT) that targets the theft on developers’ and DevOps credentials to hijack software supply chains. Recent attacks against popular projects like LiteLLM on PyPI and the Axios npm package have shown how a single compromised ma…GBHACKERS.COM
6 MayRansomware Gang Member Linked to Russian Cybercrime Group Sentenced to PrisonA Latvian national operating from Moscow has been sentenced to 102 months in federal prison for his role as a key negotiator within a prolific Russian ransomware network. Deniss Zolotarjovs, 35, participated in a cybercrime syndicate that orchestrated data theft and extortion cam…GBHACKERS.COM
6 MayVimeo Confirms Breach Exposing 119,000 Unique User Email AddressesVideo hosting platform Vimeo has confirmed a data breach that exposed approximately 119,000 unique user email addresses, attributing the incident to a security compromise at Anodot, a third-party analytics vendor integrated with its systems. The breach came to light after the Shi…GBHACKERS.COM
6 MayMiddle East Cyber Battle Field Broadens — Especially in UAEAs the war with Iran continues, breach attempts targeting the United Arab Emirates tripled in a few weeks — many targeting critical infrastructure.DARKREADING.COM
6 MayLegionProxy - 10,144 breached accountsIn April 2026, the commercial residential and ISP proxy network LegionProxy suffered a data breach . The incident exposed 10k email addresses, bcrypt password hashes, names and purchases.HAVEIBEENPWNED.COM
6 MayMillions of students’ personal data stolen in major education breachShinyHunters claims it stole personal data from 275 million users on Instructure’s Canvas platform across schools and education providers.MALWAREBYTES.COM
6 MayIran-Linked APT Posed as Chaos Ransomware Member in Espionage CampaignRapid7 reveals an Iranian false flag operation masquerading as a Chaos ransomware attackINFOSECURITY-MAGAZINE.COM
6 MayMuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware AttackThe Iranian state-sponsored hacking group known as MuddyWater (aka Mango Sandstorm, Seedworm, and Static Kitten) has been attributed to a ransomware attack in what has been described as a "false flag" operation. The attack, observed by Rapid7 in early 2026, has been found to leve…THEHACKERNEWS.COM
6 MayIran-sponsored threat group behind false flag social engineering campaignThe state-linked actor has been masquerading as a criminal ransomware group in attacks targeting U.S. organizations.CYBERSECURITYDIVE.COM
6 MayCybercriminals Are Complaining About AI Slop Flooding Their ForumsIt's not just you. Hackers and other cybercriminals are complaining about “AI shit” flooding platforms where they discuss cyberattacks and other illegal activity.WIRED.COM
6 MayIranian cyber espionage disguised as a Chaos Ransomware attackIran-linked APT MuddyWater used ransomware-style tactics to mask espionage, combining phishing, credential theft, data exfiltration, and extortion without encryption. A newly discovered cyber intrusion attributed to the Iran-linked APT MuddyWater (aka SeedWorm, TEMP.Zagros, Mango…SECURITYAFFAIRS.COM
6 MayDOJ says ransomware gang tapped into Russian government databasesU.S. prosecutors said a ransomware gang fueled Russian government corruption, and allowed the gang's leaders to avoid paying taxes and dodge the country's military draft.TECHCRUNCH.COM
6 MayAI evaluation startup Braintrust confirms breach, tells every customer to rotate sensitive keysBraintrust, a startup that makes an “operating system for engineers building AI software,” notified customers that hackers broke into one of its Amazon cloud environments, and is asking customers to rotate their API keys.TECHCRUNCH.COM
6 MayInstructure Breach Exposes Schools' Vendor DependenceShinyHunters' attack on Instructure, which owns the widely used Canvas learning management system (LMS), carries big questions about the trust educational institutions put into their vendors.DARKREADING.COM
5 MayVimeo - 119,167 breached accountsIn April 2026, the ShinyHunters extortion group listed Vimeo on their extortion portal as part of their "pay or leak" campaign . They subsequently published hundreds of gigabytes of data, predominantly consisting of video titles, technical data and metadata. The data also include…HAVEIBEENPWNED.COM
5 MayDigiCert Hacked in Screensaver-Based Attack to Fraudulently Obtain EV Code Signing CertificatesDigiCert, a major Certificate Authority, recently suffered a significant security breach where hackers used a malicious screensaver file to steal 60 Extended Validation (EV) Code Signing certificates. These highly trusted certificates were subsequently used to sign the “Zho…GBHACKERS.COM
5 MayEducational tech firm Instructure data breach may have impacted 9,000 schoolsInstructure, maker of the Canvas learning platform, is investigating a cyber incident that exposed users’ personal data. Instructure is a U.S.-based educational technology company best known for developing Canvas, one of the world’s most widely used learning management systems (L…SECURITYAFFAIRS.COM
5 MayScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and WindowsThe North Korea-aligned state-sponsored hacking group known as ScarCruft has compromised a video game platform in a supply chain espionage attack, trojanizing its components with a backdoor called BirdCallto likely target ethnic Koreans residing in China. While prior versions of …THEHACKERNEWS.COM
5 MayAPT37 hacks gaming platform to spread new BirdCall Android spywareNorth Korean hackers compromised a gaming platform in a supply-chain attack, using trojanized Windows and Android games to deploy a previously undocumented mobile variant of its BirdCall spyware. Security researchers at ESET detailed the operation in a recent report, describing h…CYBERINSIDER.COM
5 MayAustralia launches cyber review board modeled on version disbanded in USThe Cyber Incident Review Board will carry out no-fault, post-incident reviews of significant cyberattacks on Australian government and industry, focusing on systemic lessons rather than individual or corporate culpability.THERECORD.MEDIA
5 MayConti ransomware gang member sentenced to 102 months in prisonA Latvian national who was part of a major Russian ransomware organization that stole from and extorted more than 54 companies has been sentenced to 102 months in prison. Deniss Zolotarjovs, 35, of Moscow, Russia, was part of a group linked to former members of the Conti ransomwa…HELPNETSECURITY.COM
5 MayIntroducing the New AI-Native KnowBe4 SATCybercriminals are getting smarter and faster. Social engineering attacks are evolving rapidly, and AI is making them more convincing than ever. According to the 2025 Verizon Data Breach Investigations Report, up to 68% of cyberattacks involve some form of social engineering. Mea…KNOWBE4.COM
5 MayScarCruft Targets Gaming Platform With Windows, Android BackdoorsA sophisticated multiplatform supply-chain attack orchestrated by the North Korea-aligned APT group ScarCruft, targeting ethnic Koreans in China’s Yanbian region through a compromised gaming platform. The attack, believed to have been ongoing since late 2024, weaponized bot…GBHACKERS.COM
5 MayHackers Abuse DAEMON Tools Distribution Channel to Deliver Malicious PayloadsA sophisticated supply-chain attack has compromised the official distribution channel for DAEMON Tools, delivering multi-stage malware to users worldwide. Since April 8, 2026, threat actors have distributed trojanized installers signed with legitimate digital certificates to cond…GBHACKERS.COM
5 MayHackers steal students’ data during breach at education tech giant InstructureThe data breach at education tech giant Instructure includes students' private data, according to a sample of the allegedly stolen data seen by TechCrunch.TECHCRUNCH.COM
5 MayNorth Korean APT Targets Yanbian Gamers via Trojanized PlatformESET warns that North Korean hackers compromised a Yanbian gaming site in a supply‑chain attack, trojanizing Windows and Android software to spy on usersINFOSECURITY-MAGAZINE.COM
5 MayDAEMON Tools Supply Chain Attack Compromises Official Installers with MalwareA newly identified supply chain attack targeting DAEMON Tools software has compromised its installers to serve a malicious payload, according to findings from Kaspersky. "These installers are distributed from the legitimate website of DAEMON Tools and are signed with digital cert…THEHACKERNEWS.COM
5 MayLatvian national sentenced for ransomware attacks run by former Conti leadersDeniss Zolotarjovs was mostly tasked with putting pressure on the Russia-based crew’s victims, in one case leaking hundreds of children’s health records. The post Latvian national sentenced for ransomware attacks run by former Conti leaders appeared first on CyberScoop .CYBERSCOOP.COM
5 MayConti, Akira ransomware affiliate given 8-year sentenceDeniss Zolotarjovs pleaded guilty in July 2025 to money laundering and wire fraud charges after being arrested in the country of Georgia.THERECORD.MEDIA
5 MayVimeo confirms breach via third-party vendor impacts 119K usersHackers stole data of 119,000 Vimeo users in April. The breach, linked to a third‑party vendor, exposed personal details. Vimeo confirmed a data breach after the ShinyHunters gang stole personal information of 119,000 users in April 2026. According to Have I Been Pwned, the attac…SECURITYAFFAIRS.COM
5 MayU.S. court sentences Karakurt ransomware negotiator to 8.5 yearsDeniss Zolotarjovs was sentenced to 8.5 years in the U.S. after pleading guilty to money laundering and fraud tied to ransomware. Deniss Zolotarjovs, a Latvian national linked to the Karakurt ransomware gang, has been sentenced to 8.5 years in U.S. prison, marking a significant s…SECURITYAFFAIRS.COM
4 May15-year-old detained over massive data breach at French government agencyFrench authorities have detained a 15-year-old suspected of involvement in a data breach at France Titres, the government agency responsible for issuing official documents. “Between 12 and 18 million data records were reportedly being offered for sale on cybercriminal forum…HELPNETSECURITY.COM
4 May KEVDOJ Sentences Two Americans for ALPHV BlackCat Ransomware AttacksThe U.S. Department of Justice (DOJ) has sentenced two American cybersecurity professionals to prison for their involvement in ALPHV BlackCat ransomware attacks that targeted multiple U.S. organizations in 2023. The case highlights the growing threat of insider expertise being mi…GBHACKERS.COM
4 May2026: The Year of AI-Assisted AttacksOn December 4, 2025, a 17-year-old was arrested in Osaka under Japan’s Unauthorized Access Prohibition Act. The young man had run malicious code to extract the personal data of over 7 million users of Kaikatsu Club, Japan's largest internet cafe chain. When asked, the young man s…THEHACKERNEWS.COM
4 MayBluekit Phishing Kit Streamlines Domains, 2FA Lures, and Session HijackingA newly discovered phishing kit called “Bluekit” is reshaping how cybercriminals run phishing campaigns by combining multiple attack stages into a single, centralized platform. Instead, Bluekit integrates these capabilities into one operator panel, streamlining the entire attack …GBHACKERS.COM
4 MayCanvas Confirms Data Breach Following ShinyHunters ClaimInstructure, the educational technology company behind the widely used Canvas Learning Management System (LMS), has officially confirmed a major data breach. This confirmation directly follows recent claims made by the notorious threat actor group known as ShinyHunters. Canvas is…GBHACKERS.COM
4 MayDigiCert breached via malicious screensaver fileA targeted social engineering attack against DigiCert’s support channel led to the compromise of internal systems and the unauthorized issuance of EV Code Signing certificates. DigiCert is a global Certificate Authority (CA) providing digital trust services, specializing in TLS/S…HELPNETSECURITY.COM
4 MayCyberattacks are raising your prices (Lock and Code S07E09)This week on the Lock and Code podcast, we speak with Eva Velasquez about small business cyberattacks and the "cyber tax" coming for us all.MALWAREBYTES.COM
4 MayRansomware group claims breach of pro-Orbán Hungarian media firmMediaworks confirmed the incident on Friday, warning that “a significant amount of illegally obtained data may have come into the possession of unauthorized persons."THERECORD.MEDIA
4 MayEducational company Infrastructure reports cyber incidentBy Saturday, Infrastructure’s chief information security officer Steve Proud confirmed that the hackers gained access to information about users at some educational institutions, including names, email addresses, student ID numbers and messages between users.THERECORD.MEDIA
3 MaySecurity Affairs newsletter Round 575 by Pierluigi Paganini – INTERNATIONAL EDITIONA new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Two US cybersecurity experts …SECURITYAFFAIRS.COM
3 MaySalt Typhoon breach IBM subsidiary in Italy: a warning for Europe’s digital defensesApril 2026 breach at Sistemi Informativi (IBM Italy) raises concerns over Chinese-linked cyber ops in Europe, including Salt Typhoon. In late April 2026, the Italian cybersecurity landscape was shaken by a significant breach targeting Sistemi Informativi, a company wholly owned b…SECURITYAFFAIRS.COM
3 MayMarcus & Millichap - 1,837,078 breached accountsIn April 2026, the commercial real estate brokerage firm Marcus & Millichap was named as one of multiple alleged victims of the ShinyHunters hacking and extortion group . Data alleged to have been obtained from the company was subsequently released publicly and included 1.8M uniq…HAVEIBEENPWNED.COM
2 MayMassive Facebook Phishing Operation Leverages AppSheet, Netlify, and TelegramCybersecurity researchers at Guardio Labs have uncovered a massive phishing operation dubbed AccountDumpling that has compromised more than 30,000 Facebook accounts worldwide. Unlike conventional phishing campaigns that rely on spoofed domains or compromised SMTP servers, this Vi…GBHACKERS.COM
2 MayNew Deep#Door RAT uses stealth and persistence to target WindowsDeep#Door hides a Python RAT inside a batch file, kills Windows defenses, survives via multiple persistence methods, and exfiltrates data through a public TCP tunnel. Security researchers at Securonix uncovered a sophisticated malware campaign called Deep#Door. Threat actors empl…SECURITYAFFAIRS.COM
2 May KEVTwo US cybersecurity experts sentenced in ransomware case, third awaits July rulingTwo US security experts were sentenced to 4 years for helping ransomware attacks. A third accomplice pleaded guilty and awaits sentencing. Two US cybersecurity professionals, Ryan Goldberg and Kevin Martin, were sentenced to four years in prison for their role in supporting ranso…SECURITYAFFAIRS.COM
1 MayA Ransomware Negotiator Was Working for a Ransomware GangSomeone pleaded guilty to secretly working for a ransomware gang as he negotiated ransomware payments for clients.SCHNEIER.COM
1 May KEVTwo Cybersecurity Professionals Get 4-Year Sentences in BlackCat Ransomware AttacksThe U.S. Department of Justice (DoJ) on Thursday announced the sentencing of two cybersecurity professionals to four years each in prison for their role in facilitating BlackCat ransomware attacks in 2023. Ryan Goldberg, 40, of Georgia, and Kevin Martin, 36, of Texas, were accuse…THEHACKERNEWS.COM
1 MayTwo American Cybersecurity Workers Jailed for BlackCat Ransomware AttacksThe cybersecurity workers used their knowledge and skills to conduct ransomware attacks for notorious gang, rather than protect victims against themINFOSECURITY-MAGAZINE.COM
1 MayCyber incident responders who carried out ransomware attacks given 4-year sentencesTwo cybersecurity incident responders who abused their positions to carry out covert ransomware attacks were sentenced to four years in prison.THERECORD.MEDIA
1 May30,000 Facebook Accounts Hacked via Google AppSheet Phishing CampaignA newly discovered Vietnamese-linked operation has been observed using a Google AppSheet as a "phishing relay" to distribute phishing emails with an aim to compromise Facebook accounts. The activity has been codenamed AccountDumpling by Guardio, with the scheme selling the stolen…THEHACKERNEWS.COM
1 MayThe new speed of cyber defense with Andrew Carr from Booz AllenAndrew Carr, Managing Director and head of Threat Detection and Response at Booz Allen, joins Dave Bittner on the CyberWire Daily podcast for a sponsored Industry Voices. Drawing on years of incident response and ransomware negotiation experience, he explains how AI is compressin…THECYBERWIRE.COMHTTPS:
30 AprCompromised SAP npm Packages Found Harvesting Developer and CI/CD SecretsSecurity researchers have identified a severe supply chain attack targeting the SAP developer ecosystem. A threat group identified as TeamPCP has compromised multiple legitimate SAP npm packages in a new campaign named Mini Shai Hulud. The operation relies on injecting malicious …GBHACKERS.COM
30 AprOperation Winter SHIELD: What the FBI Wants Industry to Do NowThe FBI sees every breach. You see yours. Adam Maddock, Section Chief of the FBI's Cyber Technical Analytics and Operations Section, and Jarrod Schlenker, Assistant Section Chief leading the FBI Cyber Division's private-sector engagement, join David Moulton to walk through …THECYBERWIRE.COM
30 AprMeta accused of violating DSA by failing to safeguard minorsThe European Commission accuses Meta of failing to protect children, allowing users under 13 on Instagram and Facebook, in breach of the DSA rules. The European Commission has accused Meta of violating child safety rules. Instagram and Facebook allegedly failed to prevent childre…SECURITYAFFAIRS.COM
30 AprWhy Your Email Security Needs a Global Human Network to Close the Detection GapThe biggest challenge in email security today isn’t just detecting a threat; it’s the speed of response across a global landscape. As we head into the second half of 2026, the stakes with speed have gotten higher. According to SQ Magazine, AI-generated phishing attempts are 68% h…KNOWBE4.COM
30 AprMoldova’s health insurance agency reports possible data leak after cyberattackThe agency said the incident occurred several weeks ago and that technical assessments indicated a possible theft of limited information.THERECORD.MEDIA
30 AprUK: Education Sector Faces Surge in Cyber Breaches Despite Stable National Threat LevelsThe British public education sector has faced the nation’s most dramatic increase in cyber breach prevalence over the past yearINFOSECURITY-MAGAZINE.COM
30 AprAnti-DDoS Firm Heaped Attacks on Brazilian ISPsA Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks against other network operators in Brazil, KrebsOnSecurity has learned. The firm…KREBSONSECURITY.COM
30 AprFrance investigates 15-year-old over alleged hack of national ID agencyThe minor was taken into police custody on April 25 on suspicion of involvement in a data breach affecting the National Agency for Secure Documents (ANTS), which processes applications for passports, national identity cards, residence permits and driver’s licenses.THERECORD.MEDIA
30 AprFrance arrests 15-year-old hacker who stole data of 11.7 million peopleFrench authorities have detained a 15-year-old suspect in connection with the recent ANTS data breach, which exposed millions of sensitive user records on cybercrime forums. According to a statement published earlier today by Paris public prosecutor Laure Beccuau, the minor was t…CYBERINSIDER.COM
30 AprPyTorch Lightning Compromised in PyPI Supply Chain Attack to Steal CredentialsIn yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft. According to Aikido Security, Socket, and StepSecurity, the two malicious versions are versions 2…THEHACKERNEWS.COM
30 AprTeamPCP Hits SAP Packages With 'Mini Shai-Hulud' AttackSeveral npm packages for SAP's cloud application development ecosystem have been compromised as TeamPCP's supply chain attacks broaden.DARKREADING.COM
30 Apr KEVFormer incident responders sentenced to 4 years in prison for committing ransomware attacksRyan Goldberg and Kevin Martin attacked five companies in 2023 and extorted nearly $1.3 million from one of their victims. The post Former incident responders sentenced to 4 years in prison for committing ransomware attacks appeared first on CyberScoop .CYBERSCOOP.COM
29 AprBlueNoroff Deploys Fileless PowerShell in AI-Generated Zoom Lure CampaignA sophisticated BlueNoroff campaign targeting cryptocurrency executives through fake Zoom meetings enhanced with AI-generated deepfakes and fileless PowerShell malware. The North Korean state-sponsored group successfully compromised a North American Web3 company in January 2026, …GBHACKERS.COM
29 AprVect 2.0 RaaS Expands Attacks Across Windows, Linux, and ESXiVect 2.0 Ransomware‑as‑a‑Service (RaaS) operation is rapidly evolving into a multi‑platform threat that can encrypt Windows, Linux, and VMware ESXi environments across modern hybrid infrastructures. The group runs a classic affiliate model, renting out its ransomware and TOR‑base…GBHACKERS.COM
29 AprLofyStealer Targets Minecraft Players via Node.js Loader and Browser InjectionMinecraft players are being lured with a fake hacking tool called “Slinky” that secretly installs a powerful infostealer dubbed LofyStealer (also tracked as GrabBot), linked to the Brazilian cybercrime group LofyGang. The malware uses a Node. js-based loader and an in-memory C++ …GBHACKERS.COM
29 AprVECT 2.0 Ransomware Wipes Large Files Across Windows, Linux & ESXiThe “new” VECT 2.0 ransomware is essentially a cross‑platform data wiper that permanently destroys most enterprise files rather than encrypting them for recovery. For any file larger than 131,072 bytes (128 KB), VECT processes four separate chunks using four different randomly ge…GBHACKERS.COM
29 AprCritical Flaw Turns Vect Ransomware into Data Destroying WiperThe Vect 2.0 ransomware wipes large files instead of merely encrypting them, making recovery impossible – even for the attackersINFOSECURITY-MAGAZINE.COM
29 AprResearchers Track 2.9 Billion Compromised CredentialsKELA claims infostealers remained the primary access vector for attacks in 2025INFOSECURITY-MAGAZINE.COM
29 AprOpenAI and Anthropic brief Congress on cyber-capable AI models.Rival ransomware gangs list each other as victims. Business news: Silverfort will acquire Fabrix Security.THECYBERWIRE.COM
29 AprEuropean Commission accuses Meta of breaching child safety rulesThe platforms allegedly flouted the bloc’s Digital Services Act (DSA) by “failing to diligently identify, assess and mitigate the risks of minors under 13 years old accessing their services,” the commission said.THERECORD.MEDIA
29 AprVect 2.0 Ransomware Acts as Wiper, Thanks to Design ErrorThe emerging ransomware has been deployed against victims of the TeamPCP supply chain attacks, but organizations should think twice before paying for a decryptor.DARKREADING.COM
29 AprSAP npm Packages Compromised by “Mini Shai-Hulud” Credential-Stealing MalwareCybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related npm Packages with credential-stealing malware. According to reports from Aikido Security, SafeDep, Socket, StepSecurity, and Google-owned Wiz, the campaign – calling it…THEHACKERNEWS.COM
29 AprGoogle AppSheet abused to compromise 30,000 Facebook accountsA large-scale phishing operation abusing Google’s AppSheet platform has compromised at least 30,000 Facebook accounts, using fully authenticated emails that bypass traditional security checks. Guardio Labs uncovered the campaign while investigating a wave of phishing emails sent …CYBERINSIDER.COM
29 AprSmashing Security podcast #465: This developer wanted to cheat at Roblox. It cost millionsA developer at an AI startup wanted to cheat at Roblox. They downloaded a dodgy script on their work laptop. That one decision triggered a cascade of failures that ended with a $2 million data breach affecting hundreds of thousands of organisations. All for some free in-game curr…GRAHAMCLULEY.COM
28 AprWeekly Update 501Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite This is so "peak 2026" - writing an equality policy to ensure people treat our AI bot with the same respect as they do their …TROYHUNT.COM
28 AprChinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research CyberattacksA Chinese national accused of being a member of the Silk Typhoon hacking group has been extradited to the U.S. from Italy. Xu Zewei, 34, was arrested in July 2025 by Italian authorities for his alleged links to the Chinese state-sponsored threat group and for orchestrating …THEHACKERNEWS.COM
28 AprProofpoint Research Reveals Half of Global Organizations Experienced AI Incidents Despite Having AI Security Controls in PlacePROOFPOINT.COM
28 AprCheckmarx Confirms Security Incident Involving GitHub Repository ExposureApplication security provider Checkmarx has officially confirmed a new security incident involving the exposure of its internal GitHub repository. On April 27, 2026, Udi-Yehuda Tamar, the company’s VP of Platform Engineering and Global CISO, revealed that a cybercriminal gr…GBHACKERS.COM
28 AprRansomware Turf War as 0APT and KryBit Groups Trade BlowsRansomware groups 0APT and KryBit have doxxed each other onlineINFOSECURITY-MAGAZINE.COM
28 AprVECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXiThreat hunters are warning that the cybercriminal operation known as VECT 2.0 acts more like a wiper than a ransomware due to a critical flaw in its encryption implementation across Windows, Linux, and ESXi variants that renders recovery impossible even for the threat actors. The…THEHACKERNEWS.COM
28 AprIran war updates.US Supreme Court leans toward requiring warrants for geofencing searches. ShinyHunters claims responsibility for Pitney Bowes breach.THECYBERWIRE.COM
28 AprMedtronic Confirms Data Breach After ShinyHunters ClaimsMedtronic confirms IT breach as ShinyHunters claims millions of records accessedaINFOSECURITY-MAGAZINE.COM
28 AprVECT: Ransomware by design, Wiper by accidentKey Takeaways Background VECT Ransomware is a Ransomware-as-a-Service (RaaS) program that made its first appearance in December 2025 on a Russian-language cybercrime forum. After claiming their first two victims in January 2026, the group got back into the public eye due to an an…RESEARCH.CHECKPOINT.COM
28 AprVideo site Vimeo blames security incident on Anodot breachThe hackers did not access video content, user logins or payment card information, and there was no disruption to Vimeo’s services,THERECORD.MEDIA
28 AprADT Confirms Major Data Breach Exposing Millions of Names, Partial SSNsADT confirmed a data breach exposing customer names, addresses, phone numbers, and partial SSNs, with millions of records reportedly affected. The post ADT Confirms Major Data Breach Exposing Millions of Names, Partial SSNs appeared first on TechRepublic .TECHREPUBLIC.COM
28 AprWhat the March 2026 Threat Technique Catalog update means for your AWS environmentThe AWS Customer Incident Response Team (AWS CIRT) regularly encounters patterns that repeat across their engagements when helping customers respond to security incidents. We’re passionate about making sure that information is widely accessible so that everyone can improve their …AWS.AMAZON.COM
28 AprFeuding Ransomware Groups Leak Each Other's DataWhen 0APT and KryBit attacked each other, they exposed infrastructure and operational data, giving defenders rare insight into ransomware operations.DARKREADING.COM
27 AprCyber Weapon in Toronto, Grid Attack, Stuxnet Lie ExposedA rogue cyber weapon drove through Toronto blasting scam texts to thousands of phones. A major U.S. critical infrastructure provider confirms a cyberattack. And researchers reveal that Stuxnet may not have been the first cyber weapon after all. In today's Cybersecurity Today with…CYBERSECURITYTODAY.LIBSYN.COM
27 AprCritical infrastructure giant Itron says it was hackedThe American technology giant provides water and energy monitoring and utility meters to hundreds of millions of homes and businesses.TECHCRUNCH.COM
27 AprHackers impersonate Microsoft Teams help desk to breach corporate networksHackers are impersonating Microsoft Teams help desk workers to trick victims into installing data-stealing malware, researchers found.THERECORD.MEDIA
27 AprUtilities Tech Supplier Itron Discloses Cyber-Attack, Operations UnaffectedItron confirmed a cyber incident but does not believe it is likely to have a material impact on the companyINFOSECURITY-MAGAZINE.COM
27 AprLINKEDIN BROWSERGATEBrowserGate claims LinkedIn secretly fingerprints users via extensions and device data, sending encrypted results to third parties for tracking. BrowserGate is an investigation conducted by Fairlinked (https://browsergate.eu/), an association of commercial LinkedIn users, which d…SECURITYAFFAIRS.COM
27 AprFIRESIDE CHAT: Leaked secrets are now the go-to attack vector — and AI is accelerating exposuresA consequential shift is underway in how enterprise breaches begin. The leaked credential — once treated as a hygiene problem — has become the primary on-ramp. Related: No easy fixes for AI risk Last August’s Salesloft campaign was the pattern … (more…) The post FIRESIDE CH…LASTWATCHDOG.COM
27 AprRansomware Uses Your Own PermissionsRansomware operates using the same permissions as the infected user. If your account can access and modify files, so can the malware running under it. This turns the permission system into a liability. Instead of blocking malicious activity, it enables it—because the system assum…YOUTUBE.COM
27 AprMajor critical infrastructure supplier reports cyberattackItron, which makes devices that measure energy and water use, said its operations were continuing, despite the intrusion.CYBERSECURITYDIVE.COM
27 AprSenators seek answers about hackers obtaining sensitive student data from ostensibly anonymous tip lineSens. Maggie Hassan and Jim Banks wrote to Navigate360 after a hacker claimed to compromise the school safety tool. The post Senators seek answers about hackers obtaining sensitive student data from ostensibly anonymous tip line appeared first on CyberScoop .CYBERSCOOP.COM
27 AprHacker who allegedly carried out cyberattacks for China is extradited to U.S.Xu Zewei is accused of participating in a Chinese government hacking group that broke into thousands of U.S. organizations and stole COVID-19-related research.TECHCRUNCH.COM
27 AprSimplicity Stops Data ExfiltrationThis approach limits both file access and network connectivity using allowlisting—only approved actions are permitted, reducing the attack surface. By controlling sockets (network access) and files together, it becomes much harder for attackers to exfiltrate data or pull down mal…YOUTUBE.COM
27 AprMedtronic discloses security incident after ShinyHunters claimed theft of 9M+ recordsMedtronic confirmed a breach of its IT systems after ShinyHunters claimed the theft of over 9 million records. Medtronic confirmed a cyberattack on its corporate IT systems after the hacker group ShinyHunters claimed to have stolen over 9 million records. The company did not shar…SECURITYAFFAIRS.COM
27 AprThe Supreme Court sits on the geofence.The Supreme Court weighs geofence warrants. Iran leans toward quieter cyber ops. Researchers unpack Fast16 sabotage malware. Microsoft tracks an Outlook outage. Snow malware moves deep inside networks. Itron reports a breach. SMS blasters hit Canada. Italy extradites an accused h…THECYBERWIRE.COM
27 AprPitney Bowes - 8,243,989 breached accountsIn April 2026, the hacking collective ShinyHunters claimed to have obtained data from Pitney Bowes as part of a broader extortion campaign that also named several other organisations. After negotiations allegedly failed, the group publicly released the data which included 8.2M un…HAVEIBEENPWNED.COM
26 AprTrigona ransomware adopts custom tool to steal data and evade detectionTrigona ransomware now uses a custom command-line tool to steal data faster and evade detection, replacing tools like Rclone and MegaSync. Symantec researchers report that recent Trigona ransomware attacks used a custom-built data exfiltration tool instead of common utilities lik…SECURITYAFFAIRS.COM
26 AprUdemy - 1,401,259 breached accountsIn April 2026, online training company Udemy was the victim of a “pay or leak” extortion attempt perpetrated by the ShinyHunters group. The data was subsequently leaked publicly and contained 1.4M unique email addresses belonging to customers and instructors. The data also includ…HAVEIBEENPWNED.COM
25 AprDiscord Sleuths Gained Unauthorized Access to Anthropic’s MythosPlus: Spy firms tap into a global telecom weakness to track targets, 500,000 UK health records go up for sale on Alibaba, Apple patches a revealing notification bug, and more.WIRED.COM
24 AprBitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Attacksubmitted by cm0002 to cybersecurity 4 points | 0 comments https://socket.dev/blog/bitwarden-cli-compromisedINFOSEC.PUB
24 AprCarnival - 7,531,359 breached accountsIn April 2026, the notorious hacking collective ShinyHunters claimed they had obtained a substantial volume of data belonging to the Carnival cruise operator and attempted to extort the organisation to prevent the data from being leaked. The following week, the group published th…HAVEIBEENPWNED.COM
24 AprRansomware Gang Unveils Custom Data-Theft ToolRansomware operators introduced a custom-built data exfiltration tool, signaling a notable evolution in attack techniques. Unlike most ransomware groups that rely on publicly available utilities such as Rclone or MegaSync, Trigona affiliates are now using a proprietary tool to st…GBHACKERS.COM
24 AprHackers Impersonate IT Helpdesk Staff to Breach Firms via Microsoft TeamsA newly identified cyber threat group, UNC6692, is using a clever mix of social engineering and custom malware to infiltrate corporate networks. By impersonating IT helpdesk personnel on Microsoft Teams, these hackers trick employees into downloading a sophisticated malware suite…GBHACKERS.COM
24 AprBitwarden CLI Compromised After Malicious GitHub Actions WorkflowCybersecurity researchers at Socket have uncovered a major supply chain compromise affecting the Bitwarden CLI. Attackers successfully abused a GitHub Action in Bitwarden’s CI/CD pipeline to inject malicious code into the popular password manager’s npm package. This breach …GBHACKERS.COM
24 AprChina-Linked Hackers Hide Behind Compromised RoutersHackers linked to China are increasingly abusing compromised routers and edge devices to build covert networks, enabling stealthy cyber operations that are harder to detect and block. Instead of relying on dedicated servers or purchased hosting, threat actors are now leveraging l…GBHACKERS.COM
24 AprAI is speeding up nation-state cyber programsIn this Help Net Security interview, Kaja Ciglic, Senior Director, Cybersecurity Policy and Diplomacy at Microsoft, discusses how nation-state cyber programs have changed over three years. Cyber has become a core instrument of state power, integrated with military, economic, and …HELPNETSECURITY.COM
24 AprCheckmarx supply chain attack impacts Bitwarden npm distribution pathBitwarden CLI was hit by the Checkmarx supply chain attack. Version 2026.4.0 shipped malicious code in bw1.js via a compromised GitHub Action. Bitwarden CLI has been compromised as part of the ongoing Checkmarx supply chain campaign, researchers warn. The affected version, @bitwa…SECURITYAFFAIRS.COM
24 AprAI Phishing Is No. 1 With a Bullet for CyberattackersIn the last six months, companies have seen a significant influx of AI-powered phishing, as cyberattackers progress from small campaigns to 1-to-1 personalized attacks.DARKREADING.COM
24 AprSignal phishing campaign targets Germany’s Bundestag President Julia KlöcknerGermany’s Bundestag President Klöckner was targeted in a Signal phishing attack via a fake CDU group chat. Germany’s Bundestag President Julia Klöckner has reportedly become the latest European political figure targeted through a Signal-based phishing attack, reported Der Spiegel…SECURITYAFFAIRS.COM
24 AprHasbro expects March cyberattack to impact second-quarter revenueThe toy maker is reviewing files and working to fully bring certain systems back online. The company will incur some costs related to the investigation.CYBERSECURITYDIVE.COM
24 AprScattered Spider co-conspirator pleads guiltyAnother member of the notorious Scattered Spider gang of cyber criminals has pleaded guilty in a US court, and will be sentenced later this year. Tyler Buchanan pleaded guilty in a Florida court to conspiring with others to hack into companies’ computer systems with the intent of…CSOONLINE.COM
24 AprADT says customer data stolen in cyber intrusionThe home security company ADT said cybercriminals breached company systems on Monday and stole a “limited set” of customer and prospective customer information.THERECORD.MEDIA
24 AprADT confirms data breach after hacker claims 10 million records stolenThe American security company ADT has confirmed via a statement to CyberInsider a cybersecurity incident involving unauthorized access to a subset of customer data. The admission follows claims by the ShinyHunters extortion group that it breached the company and stole over 10 mil…CYBERINSIDER.COM
23 AprHow does AI change the economics of cybercrime?Robert (Bob) McArdle has spent two decades tracking cybercriminals - from ransomware groups to nation-state actors to financially motivated crime organizations. As a result, he has a front-row seat on how agentic AI is reshaping the threat landscape right now. In conversation wit…THECYBERWIRE.COM
23 AprCheckmarx KICS Docker Repo Hijacked in Malicious Code Injection AttackA massive software supply chain attack has targeted the official Checkmarx KICS (Keeping Infrastructure as Code Secure) Docker Hub repository. Discovered on April 22, 2026, by Docker and Socket, the compromise involves trojanized Docker images and malicious VS Code extensions des…GBHACKERS.COM
23 AprBreach SchoolWhat does it take to go from staring at forensic images to sitting across from a CEO whose company is on fire? Steve Elovitz has spent his entire career in the room when things go wrong. He started in forensics and eDiscovery at PwC, moved to Booz Allen doing government work, t…THECYBERWIRE.COM
23 AprXinference PyPI Breach Exposes Developers to Cloud Credential TheftA severe supply chain attack has compromised the popular Python package Xinference, exposing developers to massive data theft. Threat actors uploaded malicious versions of the tool to the Python Package Index (PyPI), embedding a heavily obfuscated infostealer into the code. Xinfe…GBHACKERS.COM
23 AprLazarus Lures Developers With Backdoored Coding TestsNorth Korea-linked hackers are using AI-assisted malware and backdoored coding challenges to quietly loot millions in cryptocurrency from Web3 developers. Expel assesses with high confidence that HexagonalRodent is a DPRK state-sponsored subgroup that likely evolved from fraudule…GBHACKERS.COM
23 AprMalicious npm Package Hijacks Hugging Face for Malware DeliveryMalicious npm package js-logger-pack is now abusing Hugging Face not just as a malware CDN, but also as a live exfiltration backend for stolen data, turning a popular AI platform into part of a full-featured cross‑platform implant chain. Earlier campaign phases already used Huggi…GBHACKERS.COM
23 AprRAMP Uncovered: Anatomy of Russia’s Ransomware MarketplaceLeaked data from RAMP reveals Russia’s ransomware ecosystem, analyzing 1,732 threads, 7,707 users, and 340,000 IP records from the forum. RAMP was not just another dark web forum. It was one of the clearest examples of how ransomware has become an organized marketplace, with sell…SECURITYAFFAIRS.COM
23 AprDiscord-Linked Group Accessed Anthropic’s Claude Mythos AI in Vendor Breachsubmitted by kid to cybersecurity 10 points | 0 comments https://hackread.com/discord-access-anthropic-claude-mythos-ai-breach/SH.ITJUST.WORKS
23 AprMost Serious Cyberattacks Against the UK Now From Russia, Iran and China, Cyber Chief Says - SecurityWeeksubmitted by kid to cybersecurity 4 points | 0 comments https://www.securityweek.com/most-serious-cyberattacks-against-the-uk-now-from-russia-iran-and-china-cyber-chief-says/SH.ITJUST.WORKS
23 AprBitwarden CLI Compromised in Ongoing Checkmarx Supply Chain CampaignBitwarden CLI has been compromised as part of the newly discovered and ongoing Checkmarx supply chain campaign, according to new findings from Socket. "The affected package version appears to be @bitwarden/cli@2026.4.0, and the malicious code was published in 'bw1.js,' a file inc…THEHACKERNEWS.COM
23 AprHow cyberattacks on companies affect everyoneWe look at how cybercrime targeting companies affects all of us, especially their customers.MALWAREBYTES.COM
23 AprBitwarden CLI backdoored in Checkmarx supply chain attackThe Bitwarden CLI has been compromised as part of the ongoing Checkmarx supply chain campaign, with attackers injecting malicious code into an official release through a poisoned CI/CD workflow. According to a brief report from the Socket Research Team, the compromised package is…CYBERINSIDER.COM
23 AprUNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW MalwareA previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a custom malware suite on compromised hosts. "As with many other intrusions in recent years, UNC6692 relied heavily on imperson…THEHACKERNEWS.COM
22 Apr[Guest Diary] Beyond Cryptojacking: Telegram tdata as a Credential Harvesting Vector, Lessons from a Honeypot Incident, (Wed, Apr 22nd)[This is a Guest Diary by L. Carty, an ISC intern as part of the SANS.edu Bachelor&#;39;s Degree in Applied Cybersecurity (BACS) program [1].]
ISC.SANS.EDU
22 AprExclusive Anthropic Cyber Tool Mythos Accessed by Unapproved ActorsA group of unauthorized users has successfully bypassed access controls to reach Claude Mythos Preview, Anthropic’s closely guarded cybersecurity AI. This breach highlights critical concerns about third-party vendor security and the severe risks posed by advanced offensive AI fal…GBHACKERS.COM
22 AprFrench Authorities Confirm Data Breach Amid Hackers’ Data Leak AllegationsThe French National Agency for Secure Documents (ANTS) has officially confirmed a severe data breach affecting its central government portal. This critical infrastructure system manages the issuance of national identity cards, passports, vehicle registration certificates, and dri…GBHACKERS.COM
22 AprFormer Ransomware Negotiator Pleads Guilty to Working For BlackCat Cyber GangA former ransomware negotiator has pleaded guilty to abusing his position by working with noted cybercrime group BlackCatINFOSECURITY-MAGAZINE.COM
22 AprRansomware Negotiator Pleads Guilty to BlackCat Schemesubmitted by kid to cybersecurity 1 points | 0 comments https://www.darkreading.com/insider-threats/ransomware-negotiator-pleads-guilty-blackcat-schemeSH.ITJUST.WORKS
22 AprUK cyber agency handling four major incidents a week as nation-state attacks surgeBritain's cybersecurity chief warned Tuesday that the country is handling four nationally significant cyber incidents every week, with the majority now traced back to hostile foreign governments rather than criminal hackers.THERECORD.MEDIA
22 AprFrench govt agency confirms breach as hacker offers to sell datasubmitted by kid to cybersecurity 3 points | 0 comments https://www.bleepingcomputer.com/news/security/french-govt-agency-confirms-breach-as-hacker-offers-to-sell-data/SH.ITJUST.WORKS
22 AprData Breaches at Healthcare Organizations in Illinois and Texas Affect 600,000 - SecurityWeeksubmitted by kid to cybersecurity 8 points | 0 comments https://www.securityweek.com/data-breaches-at-healthcare-organizations-in-illinois-and-texas-affect-600000/SH.ITJUST.WORKS
22 AprCosmetics giant Rituals confirms data breach of customer membership recordsThe cosmetics retailer, which counts 41 million customers in its membership data, declined to provide an accurate total number of customers affected.TECHCRUNCH.COM
22 AprFrench police arrest suspected hacker behind dozens of data breachesFrench authorities have arrested a suspected hacker believed to be behind dozens of data breaches targeting public institutions, sports federations and private organizations across the country.THERECORD.MEDIA
22 AprMalicious TikTok Downloader Extensions Quietly Compromised 130K UsersMalicious browser extensions disguised as TikTok downloaders compromised 130,000 users, exposing a growing blind spot in enterprise security. The post Malicious TikTok Downloader Extensions Quietly Compromised 130K Users appeared first on TechRepublic .TECHREPUBLIC.COM
22 AprFrance confirms data breach at government agency that manages citizens’ IDsThe French government agency that issues and manages national IDs, passports, and other documents, announced that hackers stole the personal information of an unspecified number of citizens.TECHCRUNCH.COM
22 AprSmashing Security podcast #464: Rockstar got hacked. The data was junk. The secrets it revealed were notA company that ran anonymous tip lines for 35,000 American schools - handling reports of bullying, weapons, and self-harm - boasted on its website that it had suffered zero security breaches in over 20 years. A hacker called Internet Yiff Machine thought that sounded like a chall…GRAHAMCLULEY.COM
21 Apr12 Fraudulent Browser Extensions Disguised as TikTok Downloaders Compromise 130K UsersLayerX security researchers have uncovered a massive, highly coordinated campaign involving at least 12 malicious browser extensions on the Google Chrome and Microsoft Edge marketplaces. Disguised as legitimate TikTok video downloaders, these extensions secretly track user activi…GBHACKERS.COM
21 AprGentlemen RaaS Hits Windows, Linux, and ESXi With New C-Based LockerGentlemen is a fast‑growing ransomware‑as‑a‑service (RaaS) operation now targeting Windows, Linux, NAS, BSD, and VMware ESXi with a new locker written in C for hypervisor environments. Its multi‑platform design and strong defense‑evasion features make it a high‑impact threat to c…GBHACKERS.COM
21 AprPureRAT Hides PE Payloads in PNGs for Fileless ExecutionA multi-stage PureRAT campaign that hides portable executable (PE) payloads inside PNG images and executes them almost entirely in memory, making detection and forensics significantly harder for defenders. The campaign combines steganography, PowerShell-based loaders, UAC bypass,…GBHACKERS.COM
21 AprUnchecked AI Agents Cause Cybersecurity Incidents at Two Thirds of FirmsData exposure, operational disruption and financial losses among issues faced by businesses struggling with the rapid rise of AI agents, warns Cloud Security Alliance reportINFOSECURITY-MAGAZINE.COM
21 Apr5 Places where Mature SOCs Keep MTTR Fast and Others Waste TimeSecurity teams often present MTTR as an internal KPI. Leadership sees it differently: every hour a threat dwells inside the environment is an hour of potential data exfiltration, service disruption, regulatory exposure, and brand damage. The root cause of slow MTTR is almos…THEHACKERNEWS.COM
21 AprThe Gentlemen Ransomware Expands With Rapid Affiliate GrowthGentlemen RaaS expands quickly with multi-platform attacks and SystemBC-linked infectionsINFOSECURITY-MAGAZINE.COM
21 AprRansomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023A third individual who was employed as a ransomware negotiator has pleaded guilty to conducting ransomware attacks against U.S. companies in 2023. Angelo Martino, 41, of Land O'Lakes, Florida, teamed up with the operators of the BlackCat ransomware starting in April 2023 to assis…THEHACKERNEWS.COM
21 AprRansomware negotiator pleads guilty to helping ransomware gangA former employee of a cybersecurity firm pleaded guilty to aiding ransomware criminals to maximize their profits, with the goal of taking a cut of the ransom.TECHCRUNCH.COM
21 AprBreachLock Named Representative Vendor in the 2026 Gartner Market Guide for Adversarial Exposure ValidationNew York, United States, April 21st, 2026, CyberNewswire BreachLock, a global leader in offensive security, today announced it has been named a representative vendor in the 2026 Gartner Market Guide for Adversarial Exposure Validation. This recognition marks the …GBHACKERS.COM
21 AprLawmakers ponder terrorism designations, homicide charges over hospital ransomware attacksThe ideas came up at a House Homeland Security Committee hearing, as health care ransomware attacks are on the rise. The post Lawmakers ponder terrorism designations, homicide charges over hospital ransomware attacks appeared first on CyberScoop .CYBERSCOOP.COM
21 AprSystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware OperationThreat actors associated with The Gentlemen ransomware‑as‑a‑service (RaaS) operation have been observed attempting to deploy a known proxy malware called SystemBC. According to new research published by Check Point, the command-and-control (C2 or C&C) server linked to SystemB…THEHACKERNEWS.COM
21 AprRansomware negotiator caught secretly assisting BlackCat extortion schemeAngelo Martino pleaded guilty to helping BlackCat ransomware group while acting as a ransomware negotiator. Another U.S. cybersecurity expert, Angelo Martino, admitted helping the BlackCat ransomware group while working as a ransomware negotiator. Angelo Martino (41) admitted hel…SECURITYAFFAIRS.COM
21 AprWeekly Update 500Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite Looking back at this milestone video, it's the audience question towards the end I liked most: "are you happy"? Charlott…TROYHUNT.COM
20 AprFake Helpdesk Attack Uses Teams and Quick Assist to Breach TargetsAttackers are increasingly abusing Microsoft Teams and Windows Quick Assist to run a helpdesk‑themed social engineering attack chain that leads to full enterprise compromise and stealthy data theft. By impersonating IT support and relying on legitimate tools and protocols, advers…GBHACKERS.COM
20 AprBritish Hacker Admits Stealing Millions in Virtual Currency From Targeted CompaniesA 24-year-old British national, Tyler Robert Buchanan, has pleaded guilty to orchestrating a massive cyberattack campaign that compromised over a dozen U.S. companies and resulted in the theft of at least $8 million in cryptocurrency. According to a Friday announcement from the U…GBHACKERS.COM
20 AprJanaWare Ransomware Hits Turkish Users via Tailored Adwind RATA newly analyzed ransomware campaign dubbed “JanaWare” is targeting users in Turkey by leveraging a customized version of the Adwind Remote Access Trojan (RAT). The campaign combines stealthy delivery techniques, geographic restrictions, and polymorphic malware to evade detection…GBHACKERS.COM
20 AprDFIR Report – The Gentlemen & SystemBC: A Sneak Peek Behind the ProxyKey Points The Gentlemen RaaS The Gentlemen ransomware‑as‑a‑service (RaaS) operation is a relatively new group that emerged around mid‑2025. The operators advertise their services across multiple underground forums, promoting their ransomware platform and inviting penetration tes…RESEARCH.CHECKPOINT.COM
20 AprBluesky blames app outage on ‘sophisticated’ DDoS attackThe decentralized social network said the incident began on April 15, when the company received reports of intermittent outages affecting the app.THERECORD.MEDIA
20 Apr20th April – Threat Intelligence ReportFor the latest discoveries in cyber research for the week of 20th April, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Booking.com, the Amsterdam-based travel platform, has confirmed a data breach after unauthorized parties accessed reservation data l…RESEARCH.CHECKPOINT.COM
20 AprCrypto infrastructure company blames $290 million theft on North Korean hackersA theft of nearly $300 million worth of cryptocurrency has been attributed to hackers from North Korea, as the industry grapples with the fallout of a wide-ranging incident involving multiple prominent platforms.THERECORD.MEDIA
20 AprScattered Spider member Tyler Buchanan pleads guilty to major crypto theftTyler Buchanan, linked to Scattered Spider, pleaded guilty in the US to hacking companies and stealing millions in cryptocurrency. Tyler Buchanan, a 24-year-old from Scotland linked to the Scattered Spider group, admitted in a US court that he hacked dozens of companies, committe…SECURITYAFFAIRS.COM
20 AprAmtrak Data Breach Exposes 2.1M Records, Reports Suggest Larger LeakAmtrak data breach exposes over 2.1 million customer records after CRM access. Learn what was leaked, risks, and steps users and IT teams should take now. The post Amtrak Data Breach Exposes 2.1M Records, Reports Suggest Larger Leak appeared first on TechRepublic .TECHREPUBLIC.COM
20 AprFrance’s ANTS ID System website hit by cyberattack, possible data breachA cyberattack hit France’s ANTS website, possibly exposing personal data from users applying for IDs, passports, and driver’s licenses. A cyberattack targeted France’s ANTS platform, which handles applications for passports, ID cards, residence permits, and driver’s licenses. Aut…SECURITYAFFAIRS.COM
19 AprCyber attacks fuel surge in cargo theft across logistics industryHackers infiltrate logistics firms to steal cargo and divert payments, cyberattacks are linked to organized crime and rising losses. Proofpoint researchers observed crooks targeting trucking and logistics companies, running coordinated remote access campaigns to steal cargo and d…SECURITYAFFAIRS.COM
19 AprCarnival Corporation probes data breach after claims of 8.7M records theftCarnival Corporation is investigating a potential data breach after the ShinyHunters extortion group claimed to have stolen millions of records and threatened to leak the data if its demands are not met. ShinyHunters listed Carnival Corporation on its “pay or leak” portal on Apri…CYBERINSIDER.COM
18 AprA new breed of RAT.Today we are joined by Dr. Darren Williams, Founder and CEO of BlackFog, to discuss his team's work on "Steaelite RAT Enables Double Extortion Attacks from a Single Panel." A new remote access trojan, Steaelite, is being marketed on underground forums as an all-in-one platfor…THECYBERWIRE.COM
18 Apr$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence ClaimsGrinex, a Kyrgyzstan-incorporated cryptocurrency exchange sanctioned by the U.K. and the U.S. last year, said it's suspending operations after it blamed Western intelligence agencies for a $13.74 million hack. The exchange said it fell victim to what it described as a large-scale…THEHACKERNEWS.COM
18 AprProaktive Ermittlungen gegen Cybercrime auf LandesebeneRansomware-Banden setzen auf KI und das Darknet, um kritische Infrastruktur zu treffen. Ermittler in Koblenz agieren zunehmend proaktiv.HEISE.DE
17 AprPayouts King Emerges: New Ransomware Operation Tied to Ex-BlackBasta MembersPayouts King is emerging as a technically sophisticated ransomware operation believed to be run by former BlackBasta affiliates, reusing their social‑engineering playbook while introducing hardened obfuscation and encryption routines. The group focuses on high‑value data theft an…GBHACKERS.COM
17 Apr108 Chrome extensions caught stealing user data and hijacking sessionssubmitted by beep to cybersecurity 1 points | 0 comments https://socket.dev/blog/108-chrome-ext-linked-to-data-exfil-session-theft-shared-c2 54 extensions steal Google account identity via OAuth2; 1 extension actively exfiltrates Telegram Web sessions every 15 seconds; 1 extensio…INFOSEC.PUB
17 Apr“Your shipment has arrived” email hides remote access softwareThis DHL-themed email tries to get recipients to install remote access software attackers can use to deploy further malware, including ransomware.MALWAREBYTES.COM
17 AprData breach at edtech giant McGraw Hill affects 13.5 million accountssubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/data-breach-at-edtech-giant-mcgraw-hill-affects-135-million-accounts/SH.ITJUST.WORKS
17 AprIndustrial Systems Hit by New Email-Worm Threat WaveEmail-borne worms are driving a fresh wave of incidents against industrial control systems (ICS), even as overall malware activity on these networks appears to be slowly declining. New data from Q4 2025 shows that phishing-driven distribution of the XWorm backdoor has sharply shi…GBHACKERS.COM
17 AprAmtrak data breach exposed information of 2.1 million accountsAmtrak is the latest organization to have a major dataset added to the Have I Been Pwned (HIBP) database, following claims by the ShinyHunters hacking group that it breached the US passenger rail service and exfiltrated millions of customer records. The development comes days aft…CYBERINSIDER.COM
17 AprAI Upgrades, Security Breaches, and Industry Shifts Define This Week in TechSee what you missed in Daily Tech Insider from April 13–17. The post AI Upgrades, Security Breaches, and Industry Shifts Define This Week in Tech appeared first on TechRepublic .TECHREPUBLIC.COM
17 AprMan who hacked US Supreme Court filing system sentenced to probationNicholas Moore hacked into three U.S. government networks using stolen credentials, and then bragged about it and posted victims' personal data on Instagram under the handle @ihackedthegovernment.TECHCRUNCH.COM
17 AprKyrgyzstan-based crypto exchange Grinex shuts down after $13.7M cyber heist, blames Western IntelligenceGrinex halted operations after a $13.7M hack, blaming Western intelligence. Stolen funds came from wallets of Russian users on the platform. Kyrgyz crypto exchange Grinex halted operations after a threat actor stole $13.7 million in a cyber attack that the company attributes to W…SECURITYAFFAIRS.COM
16 AprHow Nations Hack, Spy, and WinMost people think nation-state cyberattacks are unpredictable. Allie Mellen wrote the book that proves they’re not. Allie Mellen is the author of Code War: How Nations Hack, Spy, and Shape the Digital Battlefield and a leading industry analyst and former hacker. She advises Glo…THECYBERWIRE.COM
16 AprSweden reports cyberattack attempt on heating plant amid rising energy threatsSweden says a pro-Russian group attacked a heating plant in 2025. The failed cyberattack highlights growing threats to Europe’s energy infrastructure. Sweden has blamed a pro-Russian group linked to Russian intelligence for a failed cyberattack on a heating plant in 2025. Officia…SECURITYAFFAIRS.COM
16 AprBooking.com breach gives scammers what they need to target guestsGuest reservation data stolen from the booking giant can be used by scammers to impersonate hotels to steal payment and personal info.MALWAREBYTES.COM
16 AprMcGraw Hill data breach incident exposed 13.5 million accountsA data breach affecting education publisher McGraw Hill has resulted in the exposure of 13.5 million user records. The incident, which occurred earlier this month, has now been independently verified through analysis of the leaked dataset by Have I Been Pwned (HIBP). The breach f…CYBERINSIDER.COM
16 Apr[Webinar] Find and Eliminate Orphaned Non-Human Identities in Your EnvironmentIn 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities that nobody was watching. For every employee in your org, there are 40 to 50 automated credentials: serv…THEHACKERNEWS.COM
16 AprUAC-0247 Hits Hospitals, Governments With Browser and WhatsApp Data TheftA surge of targeted cyberattacks was detected against local governments and municipal healthcare institutions particularly clinical and ambulance hospitals. The campaign has been attributed to threat cluster UAC-0247, known for advanced data theft, persistence, and lateral moveme…GBHACKERS.COM
16 AprAutovista blames ransomware for service disruption • The Registersubmitted by kid to cybersecurity 2 points | 0 comments https://www.theregister.com/2026/04/15/automotive_data_biz_autovista_ransomwareSH.ITJUST.WORKS
16 Apr KEVCookeville hospital notifies 337K after hack | Cybernewssubmitted by kid to cybersecurity 1 points | 0 comments https://cybernews.com/news/cookeville-regional-medical-center-ransomware-337k-exposed/SH.ITJUST.WORKS
16 AprMalicious WordPress Plugins with Backdoors Compromise Thousands of WebsitesMore than 30 WordPress plugins were shut down after a supply-chain backdoor compromised thousands of sites through the Essential Plugin portfolio. The post Malicious WordPress Plugins with Backdoors Compromise Thousands of Websites appeared first on TechRepublic .TECHREPUBLIC.COM
16 Apr KEVCookeville Regional Medical Center hospital data breach impacts 337,917 peopleA ransomware attack on Cookeville Regional Medical Center hospital (Tennessee) exposed data of 337,000 people after hackers stole 500GB of sensitive information from its systems. A ransomware attack on Cookeville Regional Medical Center (CRMC) in Tennessee led to a major data bre…SECURITYAFFAIRS.COM
16 AprHere's What Agentic AI Can Do With Have I Been Pwned's APIsPresently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite I love cutting-edge tech, but I hate hyperbole, so I find AI to be a real paradox. Somewhere in that whole mess of overnight influencer…TROYHUNT.COM
15 Apr'Addicted to hacking': Young hacker behind historic breach speaks out for 1st time, before reporting to prisonsubmitted by monica_b1998 to cybersecurity 4 points | 0 comments https://abcnews.com/US/addicted-hacking-young-hacker-historic-breach-speaks-1st/story?id=131855776SH.ITJUST.WORKS
15 AprJanaWare Ransomware Hits Turkish Users via Customized Adwind RATA new ransomware campaign dubbed “JanaWare”, leveraging a customized variant of the Adwind remote access Trojan (RAT) to target users in Turkey. The malware exhibits polymorphic behavior, advanced obfuscation, and strict geofencing controls to restrict activity to Turkish systems…GBHACKERS.COM
15 AprNot All CISO Gigs Are Created Equal and RSAC Interviews from ESET and Mimecast - BSW #443So you want to be a CISO? Do you know what that role entails? It depends on a number of factors, including industry, country location, technical vs. business, and more. Each position is more different than you think. Joanna Chen, Chief Information Security Officer at Dashlane, jo…YOUTUBE.COM
15 AprTrusted WordPress Plugins Hijacked in 8-Month Stealth Backdoor CampaignHackers secretly planted a remote code-execution backdoor in more than 30 popular WordPress plugins, leaving it dormant for about 8 months before activating malware that rewrote wp-config.php and injected cloaked SEO spam at scale. The incident centers on “Essential Plugin,” a po…GBHACKERS.COM
15 AprComcast’s $117.5M Breach Settlement: Up to 30M People May QualifyComcast customers affected by the 2023 breach may qualify for cash, reimbursement, and identity protection under a proposed $117.5 million settlement. The post Comcast’s $117.5M Breach Settlement: Up to 30M People May Qualify appeared first on TechRepublic .TECHREPUBLIC.COM
15 Apr[Guest Diary] Compromised DVRs and Finding Them in the Wild, (Thu, Apr 16th)[This is a Guest Diary by Alec Jaffe, an ISC intern as part of the SANS.edu Bachelor&#;39;s Degree in Applied Cybersecurity (BACS) program [1].
ISC.SANS.EDU
14 AprWeekly Update 499Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite I'm starting to become pretty fond of Bruce. Actually, I've had a bit of an epiphany: an AI assistant like Bruce isn't j…TROYHUNT.COM
14 AprOkta Under Attack as Hackers Skip Phishing for Identity SystemsHackers are shifting away from email phishing and are directly targeting Okta and other identity providers using voice‑based social engineering, or “Okta vishing.” This trend turns what used to be a single account compromise into an immediate, organization‑wide cloud data breach …GBHACKERS.COM
14 AprRockstar’s GTA Game Hacked, 78.6 Million Records Published OnlineRockstar Games has suffered a significant data breach after the infamous threat group ShinyHunters leaked over 78.6 million internal records on April 14, 2026. The incident did not involve a direct attack on Rockstar’s primary network infrastructure. Instead, the hackers executed…GBHACKERS.COM
14 AprIs Booking.com compromised ?submitted by ecards to cybersecurity 6 points | 3 commentsSH.ITJUST.WORKS
14 AprJanela RAT Spreads via Fake MSI Installers, Malicious ExtensionsJanela Remote Access Trojan (RAT) campaign using fake Windows MSI installers and malicious browser extensions to infiltrate financial networks and exfiltrate sensitive data. The latest Janela RAT samples are being distributed through public GitLab repositories, where attackers ho…GBHACKERS.COM
14 AprBooking.com breach sparks scam wave targeting travelers’ bookingssubmitted by kid to cybersecurity 1 points | 0 comments https://cybernews.com/news/booking-com-breach-phishing-travel-data-exposed/SH.ITJUST.WORKS
14 AprMirax Android RAT Hijacks Infected Phones as Residential ProxiesA new Android banking trojan called Mirax is rapidly gaining traction in the cybercrime ecosystem, combining powerful remote access features with residential proxy capabilities to turn victims’ smartphones into high-value infrastructure nodes. Mirax is marketed as a premium Andro…GBHACKERS.COM
14 AprEuropean Gym giant Basic-Fit data breach affects 1 million memberssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/european-gym-giant-basic-fit-data-breach-affects-1-million-members/SH.ITJUST.WORKS
14 AprThree Rowhammer attacks targeting GDDR6 | Kaspersky official blogGDDRHammer, GeForge, and GPUBreach: three new research papers on Rowhammer attacks with major security implications.KASPERSKY.COM
14 AprFrance builds its own digital future.France pushes digital sovereignty. Adobe rushes an Acrobat Reader patch. Booking.com confirms a targeted breach. SAP fixes a critical SQL injection bug. A sanctions-dodging fraud network resurfaces. ViperTunnel infiltrates U.S. and U.K. firms. GlassWorm spreads across developer t…THECYBERWIRE.COM
13 AprEDR Killers Broaden Ransomware Tactics, ESET WarnsRansomware gangs are rapidly expanding their use of EDR killers, moving beyond vulnerable drivers to a broader mix of scripts, anti‑rootkits, and driverless techniques. The company’s latest telemetry-backed study tracks almost 90 distinct EDR killers actively used in the wild. It…GBHACKERS.COM
13 AprAPT37 Uses Facebook, Telegram, and Trojanzied Installer in New Targeted CyberattackAPT37 is running a new targeted intrusion campaign that abuses Facebook, Telegram, and a tampered Wondershare PDFelement installer to gain stealthy access and exfiltrate sensitive data, likely from defense‑related targets. The operation shows a continued evolution of APT37’s soci…GBHACKERS.COM
13 AprOpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain IncidentOpenAI revealed a GitHub Actions workflow used to sign its macOS apps, which downloaded the malicious Axios library on March 31, but noted that no user data or internal system was compromised. "Out of an abundance of caution, we are taking steps to protect the proc…THEHACKERNEWS.COM
13 AprBasic-Fit Suffers Data Breach Affecting Millions Across Multiple NationsEuropean fitness operator Basic-Fit has confirmed a significant data breach affecting approximately one million members across its network. The incident heavily impacted users in the Netherlands, which accounted for 200,000 of the compromised accounts. This breach underscores the…GBHACKERS.COM
13 AprCPUID Hacked to Serve Trojanized CPU-Z and HWMonitor DownloadsDownload links were replaced by a Russian-speaking threat actor to distribute a recently emerged malware named STX RAT. The post CPUID Hacked to Serve Trojanized CPU-Z and HWMonitor Downloads appeared first on SecurityWeek .SECURITYWEEK.COM
13 AprHow to protect your privacy while using smart sex toys | Kaspersky official blogWe explore the risks of smart sex toys — from data breaches and tracking to vulnerabilities — and offer practical tips to keep your intimate life both private and secure.KASPERSKY.COM
13 AprNearly 4,000 US industrial devices exposed to Iranian cyberattackssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/nearly-4-000-us-industrial-devices-exposed-to-iranian-cyberattacks/SH.ITJUST.WORKS
13 AprOpenAI Impacted by North Korea-Linked Axios Supply Chain HackThe AI giant is taking action after determining that a macOS code signing certificate may have been compromised. The post OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack appeared first on SecurityWeek .SECURITYWEEK.COM
13 AprHacker Used Claude Code, GPT-4.1 to Exfiltrate Hundreds of Millions of Mexican Recordssubmitted by kid to cybersecurity 2 points | 0 comments https://hackread.com/hacker-claude-code-gpt-4-1-mexican-records/SH.ITJUST.WORKS
13 AprHack at Anodot leaves over a dozen breached companies facing extortionThe data breach at Anodot, which affects customers like Rockstar Games, is the latest hack aimed at stealing data from a large number of corporate giants.TECHCRUNCH.COM
13 AprBooking.com confirms hackers accessed customers’ dataThe travel giant notified customers that their personal data, including names, email addresses, and phone numbers, may have been accessed in a security incident.TECHCRUNCH.COM
13 AprRockstar Games receives “pay or leak” warning after cyberattacksubmitted by kid to cybersecurity 20 points | 1 comments https://www.helpnetsecurity.com/2026/04/13/rockstar-games-data-breach-shinyhunters/SH.ITJUST.WORKS
13 AprIran-linked group Handala claims to have breached three major UAE organizationsIran-linked group Handala claims to have breached three major UAE organizations, Dubai Courts, Dubai Land Department, and Dubai Roads & Transport Authority The group Handala claimed a major cyberattack against the UAE, targeting Dubai Courts Department, Dubai Land Department,…SECURITYAFFAIRS.COM
13 AprCPUID watering hole attack spreads STX RAT malwareThreat actors compromised the CPUID website and spread STX RAT through fake CPU-Z and HWMonitor downloads. Attackers breached the website CPUID and replaced download links for CPU-Z and HWMonitor with malicious files for several hours. Users who downloaded them got infected with …SECURITYAFFAIRS.COM
13 AprBooking.com Hack Exposes Customer Data, Sparks Travel Scam FearsBooking.com confirms a data breach that exposed traveler details, raising urgent concerns about highly targeted phishing scams and customer safety. The post Booking.com Hack Exposes Customer Data, Sparks Travel Scam Fears appeared first on TechRepublic .TECHREPUBLIC.COM
12 AprCPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor DownloadsUnknown threat actors compromised CPUID ("cpuid[.]com"), a website that hosts popular hardware monitoring tools like CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor, for less than 24 hours to serve malicious executables for the software and deploy a remote access trojan cal…THEHACKERNEWS.COM
12 AprHackers claim control over Venice San Marco anti-flood pumpsHackers breached Venice ’s San Marco flood system, claiming control of pumps and the ability to disable defenses and flood coastal areas. The technologies that govern the physical world are the quiet infrastructure of modern life. From energy grids to water systems, from factorie…SECURITYAFFAIRS.COM
12 AprCrime-as-a-Service: Regierung warnt vor hochprofessionellen kriminellen NetzenRansomware bis Gewalt auf Bestellung: Der Staat reagiert auf die Umwandlung krimineller Gruppen in arbeitsteilige Ökonomien, die ihre Taten online koordinieren.HEISE.DE
11 AprHWMonitor & CPU-Z users were exposed to malware through fake downloads after CPUID breachsubmitted by cm0002 to cybersecurity 1 points | 0 comments https://alternativeto.net/news/2026/4/hwmonitor-and-cpu-z-users-were-exposed-to-malware-through-fake-downloads-after-cpuid-breach/INFOSEC.PUB
11 AprSecurity PSA: Popular Tools CPU-Z and HWMonitor Were Briefly Compromisedsubmitted by nemeski to cybersecurity 1 points | 0 comments https://www.techpowerup.com/348138/security-psa-popular-tools-cpu-z-and-hwmonitor-were-briefly-compromisedSH.ITJUST.WORKS
10 AprBackdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend ServersUnknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoor. The incident impacts Smart Slider 3 Pro version 3.5.1.35 for WordPress, per WordPress security company Patchstack. Sm…THEHACKERNEWS.COM
10 AprIranian APT alert: 5,219 Rockwell PLCs exposed onlineCensys has warned that more than 5,000 Rockwell Automation/Allen-Bradley PLCs are currently exposed to the internet as Iranian-affiliated APT actors actively target these devices across U.S. critical infrastructure. The same operators were previously associated with a November 20…GBHACKERS.COM
10 AprMassive Data Breach Exposes 337K LAPD-Linked Recordssubmitted by kid to cybersecurity 4 points | 0 comments https://www.techrepublic.com/article/news-lapd-data-breach-337k-files-exposed/SH.ITJUST.WORKS
10 AprHealthcare IT solutions provider ChipSoft hit by ransomware attacksubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/healthcare-it-solutions-provider-chipsoft-hit-by-ransomware-attack/SH.ITJUST.WORKS
10 AprCryptocurrency ATM giant Bitcoin Depot reports $3.6 million stolen in cyberattack | The Record from Recorded Future Newssubmitted by kid to cybersecurity 3 points | 0 comments https://therecord.media/crypto-atm-bitcoin-depot-reports-cyberattackSH.ITJUST.WORKS
10 AprNearly 4,000 US industrial devices exposed to Iranian cyberattacksThe attack surface targeted by Iranian-linked hackers in cyberattacks against U.S. critical infrastructure networks includes thousands of Internet-exposed programmable logic controllers (PLCs) manufactured by Rockwell Automation. [...]BLEEPINGCOMPUTER.COM
10 AprCPUID hijacked to serve malware as HWMonitor downloadssubmitted by Deebster to cybersecurity 3 points | 0 comments https://www.theregister.com/2026/04/10/cpuid_site_hijacked/ CPUID has since confirmed the breach, pinning it on a compromised backend component rather than tampering with its software builds. “Investigations are still o…INFOSEC.PUB
10 AprVIP Credential Monitoring BlogExecutives and high-privilege users are prime targets for credential theft — and standard monitoring often misses them. Learn how VIP Credential Monitoring in Recorded Future Identity Intelligence protects your most sensitive accounts across work and personal email, and why detec…RECORDEDFUTURE.COM
9 AprShaky Ceasefire Unlikely to Stop Cyberattacks From Iran-Linked Hackers for LongHackers vowed to revive its efforts against America when the time was right — demonstrating how digital warfare has become ingrained in military conflict. The post Shaky Ceasefire Unlikely to Stop Cyberattacks From Iran-Linked Hackers for Long appeared first on SecurityWeek .SECURITYWEEK.COM
9 AprMicrosoft Confirms Windows 11 Update Breaks Start Menu SearchMicrosoft recently addressed a disruptive server-side flaw that completely disabled Start Menu search functionality for some Windows 11 23H2 users. The tech giant quickly acknowledged the incident and deployed an automatic fix behind the scenes. Because the repair happens directl…GBHACKERS.COM
9 AprHackers steal $3.6 million from crypto ATM giant Bitcoin DepotBitcoin Depot, which operates one of the largest Bitcoin ATM networks, says attackers stole $3.665 million worth of Bitcoin from its crypto wallets after breaching its systems last month. [...]BLEEPINGCOMPUTER.COM
9 Apr300,000 People Impacted by Eurail Data BreachIn December 2025, hackers stole names and passport numbers from the European travel company’s network. The post 300,000 People Impacted by Eurail Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
9 AprChina’s Tianjin Supercomputer Center Allegedly Hit in 10-Petabyte Data TheftA threat actor has allegedly executed one of the largest data heists in China’s history, siphoning an astounding 10 petabytes of highly classified information from the National Supercomputing Center (NSCC) in Tianjin. The stolen dataset reportedly includes sensitive defense…GBHACKERS.COM
9 AprFake Security Tool Spreads LucidRook in Taiwan CyberattacksHackers are using fake security tools and cleverly crafted phishing emails to secretly deploy a new malware family, LucidRook, against organizations in Taiwan. The campaign, tracked as UAT-10362, focuses on Taiwanese NGOs and likely universities and shows a high level of planning…GBHACKERS.COM
9 AprEurail says December data breach impacts 300,000 individualsEurail B.V., a European travel operator that provides digital passes covering 33 national railways, says attackers stole the personal information of over 300,000 individuals in a December 2025 data breach. [...]BLEEPINGCOMPUTER.COM
9 AprGoogle API Keys in Android Apps Expose Gemini Endpoints to Unauthorized AccessDozens of such keys can be extracted from apps’ decompiled code to gain access to all Gemini endpoints. The post Google API Keys in Android Apps Expose Gemini Endpoints to Unauthorized Access appeared first on SecurityWeek .SECURITYWEEK.COM
9 AprApple Intelligence AI Guardrails Bypassed in New AttackRSAC researchers hacked Apple Intelligence using the Neural Exect method and Unicode manipulation. The post Apple Intelligence AI Guardrails Bypassed in New Attack appeared first on SecurityWeek .SECURITYWEEK.COM
9 AprInvestigating Storm-2755: “Payroll pirate” attacks targeting Canadian employeesMicrosoft Incident Response – Detection and Response Team (DART) researchers observed an emerging, financially motivated threat actor, tracked as Storm-2755, compromising Canadian employee accounts to gain unauthorized access to employee profiles and divert salary payments to att…MICROSOFT.COM
9 AprEurail says December data breach impacts 300,000 individualssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/eurail-says-december-data-breach-impacts-300-000-individuals/SH.ITJUST.WORKS
9 AprProtecting Cookies with Device Bound Session CredentialsPosted by Ben Ackerman, Chrome team, Daniel Rubery, Chrome team and Guillaume Ehinger, Google Account Security team Following our April 2024 announcement , Device Bound Session Credentials (DBSC) is now entering public availability for Windows users on Chrome 146, and expanding t…SECURITY.GOOGLEBLOG.COM
9 AprCASI Leaderboard Shifts: Developer Role Attack, and Three Concerning IncidentsAI Security Insights – April 2026F5.COM
8 AprSnowflake customers hit in data theft attacks after SaaS integrator breachsubmitted by return2ozma to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/snowflake-customers-hit-in-data-theft-attacks-after-saas-integrator-breach/SH.ITJUST.WORKS
8 AprMy Lovely AI - 106,271 breached accountsIn April 2026, the NSFW AI girlfriend platform My Lovely AI suffered a data breach that exposed over 100k users . The data included user-created prompts and links to the resulting AI-generated images, along with a small number of Discord and X usernames.HAVEIBEENPWNED.COM
8 AprFBI Takes Down Russian Campaign That Compromised Thousands of RoutersIn a major counter-cyberespionage action dubbed “Operation Masquerade,” the U.S. Justice Department and the FBI successfully neutralized a global network of compromised small office/home office (SOHO) routers. The infrastructure was controlled by Russia’s Main Intelli…GBHACKERS.COM
8 AprZero Trust Readiness and Two RSAC 2026 Interviews from Fenix24 and Absolute Security - BSW #442Autonomous AI agents are creating a new attack surface for enterprise security teams, particularly as organizations deploy agents for operational tasks such as customer support automation, data analysis, and incident response. How can we align our Zero Trust initiatives to also a…YOUTUBE.COM
8 AprHackers steal and leak sensitive LAPD police documentsThe LAPD said the breach affected “a digital storage system” belonging to the city’s Attorney's Office. The World Leaks extortion gang was reported to be behind the attack.TECHCRUNCH.COM
8 AprThousands of consumer routers hacked by Russia's militarysubmitted by supersquirrel to cybersecurity 2 points | 0 comments https://arstechnica.com/security/2026/04/russias-military-hacks-thousands-of-consumer-routers-to-steal-credentials/SH.ITJUST.WORKS
7 AprWeekly Update 498Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite This week, more time than I'd have liked to spend went on talking about the trials of chasing invoices. This is off the back of a …TROYHUNT.COM
7 AprGerman Police Unmask REvil Ransomware LeaderShchukin is accused of extorting more than $2 million as the head of the GandCrab and REvil ransomware operations. The post German Police Unmask REvil Ransomware Leader appeared first on SecurityWeek .SECURITYWEEK.COM
7 AprGPUBreach: Root Shell Access Achieved via GPU Rowhammer AttackResearchers have demonstrated that GPU Rowhammer attacks can be used to escalate privileges. The post GPUBreach: Root Shell Access Achieved via GPU Rowhammer Attack appeared first on SecurityWeek .SECURITYWEEK.COM
7 AprQilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Toolssubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2026/04/qilin-and-warlock-ransomware-use.htmlSH.ITJUST.WORKS
7 AprThe Hidden Cost of Recurring Credential IncidentsWhen talking about credential security, the focus usually lands on breach prevention. This makes sense when IBM’s 2025 Cost of a Data Breach Report puts the average cost of a breach at $4.4 million. Avoiding even one major incident is enough to justify most se…THEHACKERNEWS.COM
7 AprKubernetes Flaws Let Hackers Jump From Containers to Cloud AccountsHackers are increasingly abusing Kubernetes misconfigurations to jump from containers into high‑value cloud accounts, turning a single compromised pod into full cloud‑level access. This trend is accelerating rapidly, with Kubernetes‑related identity abuse and token-theft operatio…GBHACKERS.COM
7 AprNew GPUBreach attack enables system takeover via GPU rowhammersubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/new-gpubreach-attack-enables-system-takeover-via-gpu-rowhammer/SH.ITJUST.WORKS
7 AprThe dangers of telehealth: data breaches, phishing, and spam | Kaspersky official blogTelemedicine is a huge time-saver, but a leak of your medical records carries serious risks. We’re breaking down the threats, and sharing simple tips to keep your health data private.KASPERSKY.COM
7 AprGerman authorities identify REvil and GandCrab ransomware bossessubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/german-authorities-identify-revil-and-gangcrab-ransomware-bosses/SH.ITJUST.WORKS
7 AprAI for Human Risk Management Shift to Adaptive Behavior Based TrainingHuman risk management (HRM) focuses on one of the most persistent cybersecurity vulnerabilities: humans. Social engineering attacks that trick users into taking risky actions are a factor in 98% of cyberattacks not because they are technically complex, but because they manipulate…KNOWBE4.COM
7 AprRussia Hacked Routers to Steal Microsoft Office TokensHackers linked to Russia's military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon auth…KREBSONSECURITY.COM
7 AprSnowflake customers hit in data theft attacks after SaaS integrator breachOver a dozen companies have suffered data theft attacks after a SaaS integration provider was breached and authentication tokens stolen. [...]BLEEPINGCOMPUTER.COM
7 AprFBI: Americans lost a record $21 billion to cybercrime last yearU.S. victims lost nearly $21 billion to cyber-enabled crimes last year, driven primarily by investment scams, business email compromise, tech support fraud, and data breaches, the Federal Bureau of Investigation says. [...]BLEEPINGCOMPUTER.COM
7 AprSupport platform breach exposes Hims & Hers customer dataHealthcare companies handle some of the most personal data imaginable, and that makes them a magnet for hackers.MALWAREBYTES.COM
6 AprThreat Actors Weaponize Fake Microsoft Teams Domains to Target UsersThreat actors associated with North Korea are deploying fake Microsoft Teams domains to conduct social engineering attacks and distribute malware. The threat group, identified as UNC1069, uses convincing meeting lures and compromised communication channels to target unsuspecting …GBHACKERS.COM
6 AprBKA Identifies REvil Leaders Behind 130 German Ransomware AttacksGermany's Federal Criminal Police Office (aka BKA or the Bundeskriminalamt) has unmasked the real identity of the main threat actors associated with the now-defunct REvil (aka Sodinokibi) ransomware-as-a-service (RaaS) operation. The threat actor, who went by the alias UNKN, func…THEHACKERNEWS.COM
6 AprQilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR ToolsThreat actors associated with Qilin and Warlock ransomware operations have been observed using the bring your own vulnerable driver (BYOVD) technique to silence security tools running on compromised hosts, according to findings from Cisco Talos and Trend&…THEHACKERNEWS.COM
6 AprAlleged REvil Leader ‘UNKN’ Identified by German Authorities in New Takedown EffortGerman authorities have officially put a face to one of the most notorious names in cybercrime. The German Federal Criminal Police (BKA) recently identified 31-year-old Russian national Daniil Maksimovich Shchukin as the man behind the hacker alias “UNKN.” According t…GBHACKERS.COM
6 AprDrift Protocol Hit in $286M Suspected North Korea-Linked Crypto HeistHackers have stolen approximately $286 million from Drift Protocol, a leading decentralized perpetual futures exchange on the Solana blockchain, in what security researchers believe may be a North Korea-linked cyberattack. The incident occurred on April 1, 2026, and is already be…GBHACKERS.COM
6 AprTrojanized PyPI AI Proxy Steals Claude Prompt, Exfiltrates DataA malicious PyPI package, hermes-px, that masquerades as a “Secure AI Inference Proxy” while secretly stealing user prompts and abusing a private university AI service. Marketed as an OpenAI-compatible, Tor-routed proxy requiring no API keys, the package actually hijacks a Tunisi…GBHACKERS.COM
6 AprWhy Simple Breach Monitoring is No Longer EnoughInfostealers are harvesting credentials and session cookies at scale, bypassing traditional defenses. Lunar explains why simple breach monitoring alone can't keep up with modern credential-based attacks. [...]BLEEPINGCOMPUTER.COM
6 AprSocial Engineering Fraud ExplodesSocial engineering is responsible for 98% of fraud attempts, increasingly powered by AI tools that scale attacks like sim farming and spoofing. Even savvy individuals can fall victim, leading to compromised access and payment fraud. How can individuals and organizations strengthe…YOUTUBE.COM
6 AprMulti-OS Cyberattacks: How SOCs Close a Critical Risk in 3 StepsYour attack surface no longer lives on one operating system, and neither do the campaigns targeting it. In enterprise environments, attackers move across Windows endpoints, executive MacBooks, Linux infrastructure, and mobile devices, taking advantage of the fact t…THEHACKERNEWS.COM
6 AprWhy Simple Breach Monitoring is No Longer Enoughsubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/why-simple-breach-monitoring-is-no-longer-enough/SH.ITJUST.WORKS
6 AprNew GPUBreach attack enables system takeover via GPU rowhammerA new attack, dubbed GPUBreach, can induce Rowhammer bit-flips on GPU GDDR6 memories to escalate privileges and lead to a full system compromise. [...]BLEEPINGCOMPUTER.COM
6 AprGerman authorities identify REvil and GangCrab ransomware bossesThe Federal Police in Germany (BKA) has identified two Russian nationals as the leaders of GandCrab and REvil ransomware operations between 2019 and 2021. [...]BLEEPINGCOMPUTER.COM
6 AprGerman authorities identify REvil and GandCrab ransomware bossesThe Federal Police in Germany (BKA) has identified two Russian nationals as the leaders of GandCrab and REvil ransomware operations between 2019 and 2021. [...]BLEEPINGCOMPUTER.COM
4 AprCrunchyroll - 1,195,684 breached accountsIn March 2026, the anime streaming service Crunchyroll suffered a data breach alleged to have impacted 6.8M users . The exposed data is reported to have originated from the company's Zendesk support system where "name, login name, email address, IP address, general geographic loc…HAVEIBEENPWNED.COM
4 AprHackers Launch Social Engineering Offensive Against Key Node.js MaintainersFollowing the high-profile supply chain compromise of the widely used Axios package, a highly coordinated social engineering campaign has been uncovered targeting top-tier Node.js and npm maintainers. Security researchers confirm that the Axios breach was part of a scalable opera…GBHACKERS.COM
4 AprEuropean Commission Confirms Data Breach Linked to Trivy Supply Chain AttackHackers stole over 300GB of data from the Commission’s AWS environment, including personal information. The post European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack appeared first on SecurityWeek .SECURITYWEEK.COM
3 AprAdobe Data Breach Allegedly Exposes 13 Million Support TicketsA threat actor known as “Mr. Raccoon” claims to have breached Adobe, stealing a massive amount of sensitive data. According to a report by International Cyber Digest, the stolen files include 13 million customer support tickets, 15,000 employee records, internal docum…GBHACKERS.COM
3 AprQilin Ransomware Deploys Malicious DLL to Disable Most EDR DefensesThe Qilin ransomware group has developed a highly sophisticated infection chain that targets and disables over 300 endpoint detection and response (EDR) solutions. As defenders improve behavioral detection capabilities, attackers are increasingly targeting the defense layer itsel…GBHACKERS.COM
3 AprNorth Korea-Linked Hackers Hit Axios npm in Supply Chain AttackA major software supply chain attack has been uncovered after threat actors compromised the widely used Axios npm package, impacting developers and organizations worldwide. The incident, detected on March 31, 2026, involved the use of stolen maintainer credentials to inject malic…GBHACKERS.COM
3 AprCERT-EU: European Commission hack exposes data of 30 EU entitiesThe European Union's Cybersecurity Service (CERT-EU) has attributed the European Commission cloud hack to the TeamPCP threat group, saying the resulting breach exposed the data of at least 29 other Union entities. [...]BLEEPINGCOMPUTER.COM
3 AprPhorpiex Botnet Fuels Ransomware, Sextortion, and Crypto-Theft AttacksHackers are abusing the long-running Phorpiex (Trik) botnet to run large-scale ransomware, sextortion, and crypto-clipping operations, turning one infrastructure into a multi-purpose crime machine. A newer variant called Twizt gives the botnet a hybrid architecture that combines …GBHACKERS.COM
3 AprHackers Weaponize Venom Stealer via ClickFix Lures for Massive Data ExfiltrationHackers are increasingly turning simple social engineering tricks into full-scale data theft operations, and a newly identified malware platform called Venom Stealer is a strong example of this shift. Instead of just stealing credentials once, Venom creates a continuous data exfi…GBHACKERS.COM
3 AprT-Mobile Sets the Record Straight on Latest Data Breach FilingThe cybersecurity incident involved an insider and had a limited impact, the telecoms giant told SecurityWeek. The post T-Mobile Sets the Record Straight on Latest Data Breach Filing appeared first on SecurityWeek .SECURITYWEEK.COM
3 AprWhy Third-Party Risk Is the Biggest Gap in Your Clients' Security PostureThe next major breach hitting your clients probably won't come from inside their walls. It'll come through a vendor they trust, a SaaS tool their finance team signed up for, or a subcontractor nobody in IT knows about. That's the new attack surface, and most organi…THEHACKERNEWS.COM
3 AprTeamPCP Supply Chain Campaign: Update 006 - CERT-EU Confirms European Commission Cloud Breach, Sportradar Details Emerge, and Mandiant Quantifies Campaign at 1,000+ SaaS Environments, (Fri, Apr 3rd)This is the sixth update to the TeamPCP supply chain campaign threat intelligence report,&#;x26;#;xc2;&#;x26;#;xa0; "When the Security Scanner Became the Weapon" &#;x26;#;xc2;&#;x26;…ISC.SANS.EDU
3 AprEvolution of Ransomware: Multi-Extortion Ransomware AttacksMulti-extortion ransomware relies on stolen data to pressure victims with public leaks. Penta Security explains how its D.AMO platform keeps exfiltrated files encrypted and useless to attackers. [...]BLEEPINGCOMPUTER.COM
3 AprEurope’s cyber agency blames hacking gangs for massive data breach and leakCERT-EU blamed the cybercrime group TeamPCP for the recent hack on the European Commission, and said the notorious ShinyHunters gang was responsible for leaking the stolen data online.TECHCRUNCH.COM
3 AprDie Linke German political party confirms data stolen by Qilin ransomwareThe Qilin ransomware group has claimed responsibility for an attack against Die Linke ('The Left'), forcing an IT systems outage at the political party, and threatening sensitive data leak. [...]BLEEPINGCOMPUTER.COM
3 AprHims & Hers warns of data breach after Zendesk support ticket breachTelehealth giant Hims & Hers Health is warning that it suffered a data breach after support tickets were stolen from a third-party customer service platform. [...]BLEEPINGCOMPUTER.COM
3 AprOutbound Email Security: Protecting Data and ReputationEmail security often focuses on incoming threats such as phishing, malware, and malicious links, but outbound email security is just as important. According to KnowBe4’s 2025 State of Human Risk Report , nearly half of cybersecurity leaders say misdirected emails sent by employee…KNOWBE4.COM
3 AprNation-State Crypto Heists ExplainedAttackers attributed to North Korea have stolen billions in cryptocurrency, often preparing days in advance by setting up domains, wallets, and automated transaction chains. This level of planning turns cybercrime into a scripted operation. Once access is gained—often through com…YOUTUBE.COM
2 AprAxios npm Supply Chain Breach: Microsoft Shares Mitigation StepsMicrosoft has detailed how organizations can detect and mitigate a recent supply chain compromise involving malicious Axios npm releases and infrastructure attributed to the North Korean threat actor Sapphire Sleet. On March 31, 2026, two Axios npm versions (1.14.1 and 0.30.4) we…GBHACKERS.COM
2 AprMercor Hit by LiteLLM Supply Chain AttackThe AI recruiting firm is investigating the incident as Lapsus$ claimed the theft of 4TB of Mercor data. The post Mercor Hit by LiteLLM Supply Chain Attack appeared first on SecurityWeek .SECURITYWEEK.COM
2 AprUK manufacturers under cyber fire with 80% reporting attacks • The Registersubmitted by kid to cybersecurity 1 points | 0 comments https://www.theregister.com/2026/04/01/uk_manufacturer_cyberattacks/SH.ITJUST.WORKS
2 Apr250,000 Affected by Data Breach at Nacogdoches Memorial HospitalIn January 2026, a threat actor hacked the hospital’s internal network and stole personal and health information. The post 250,000 Affected by Data Breach at Nacogdoches Memorial Hospital appeared first on SecurityWeek .SECURITYWEEK.COM
2 AprIranian Hacker Group Handal Claims Breach of Israeli Defense FirmThe international cybersecurity community was alerted to a major data breach involving Israeli military infrastructure. Handala, a recognized Iranian nation-state threat actor, claims to have successfully breached PSK Wind Technologies, a key Israeli defense contractor. The incid…GBHACKERS.COM
2 AprMercor confirms security incident tied to LiteLLM supply chain attack | The Record from Recorded Future Newssubmitted by kid to cybersecurity 1 points | 0 comments https://therecord.media/mercor-confirms-security-incident-tied-to-litellmSH.ITJUST.WORKS
2 AprMedtech giant Stryker fully operational after data-wiping attackStryker Corporation, one of the world's leading medical technology companies, says it's fully operational three weeks after many of its systems were wiped out in a cyberattack claimed by the Iranian-linked Handala hacktivist group. [...]BLEEPINGCOMPUTER.COM
2 AprCrypto platform Drift suspends services after millions stolen in security incident | The Record from Recorded Future Newssubmitted by kid to cybersecurity 2 points | 0 comments https://therecord.media/drift-crypto-heist-solana-hackerSH.ITJUST.WORKS
2 AprThreat actor abuse of AI accelerates from tool to cyberattack surfaceGenerative AI is upgrading cyberattacks, from 450% higher phishing click‑through rates to industrialized MFA bypass. The post Threat actor abuse of AI accelerates from tool to cyberattack surface appeared first on Microsoft Security Blog .MICROSOFT.COM
2 AprTelehealth giant Hims & Hers says its customer support system was hackedThe U.S. telehealth giant says hackers stole customer support ticket data over the course of several days in February.TECHCRUNCH.COM
1 AprGoogle Drive ransomware detection now on by default for paying usersGoogle announced that the AI-powered Google Drive ransomware detection feature has reached general availability and is now enabled by default for all paying users. [...]BLEEPINGCOMPUTER.COM
1 AprNorth Korean Hackers Breach Axios Package, Target Windows, macOS, and Linux SystemsA North Korea–nexus threat actor has hijacked the popular Axios NPM package in a high‑impact software supply chain attack that can silently backdoor Windows, macOS, and Linux systems. Between March 31, 2026, 00:21 and 03:20 UTC, attackers used a compromised maintainer account to …GBHACKERS.COM
1 AprSUCCESS - 253,510 breached accountsIn March 2026, the personal development and achievement media brand SUCCESS suffered a data breach . The incident exposed 250k unique email addresses along with names, IP addresses, phone numbers and, for a limited number of staff members, bcrypt password hashes. The data also in…HAVEIBEENPWNED.COM
1 AprAxios NPM Package Breached in North Korean Supply Chain AttackA long-lived NPM access token was used to bypass the GitHub Actions OIDC-based CI/CD publishing workflow and push backdoored package versions. The post Axios NPM Package Breached in North Korean Supply Chain Attack appeared first on SecurityWeek .SECURITYWEEK.COM
1 AprWebinar Today: Agentic AI vs. Identity’s Last Mile ProblemJoin the webcast as we explore what Agentic AI can and cannot solve today, and real world breach scenarios linked to disconnected applications. The post Webinar Today: Agentic AI vs. Identity’s Last Mile Problem appeared first on SecurityWeek .SECURITYWEEK.COM
1 AprTeamPCP Supply Chain Campaign: Update 005 - First Confirmed Victim Disclosure, Post-Compromise Cloud Enumeration Documented, and Axios Attribution Narrows, (Wed, Apr 1st)This is the fifth update to the TeamPCP supply chain campaign threat intelligence report, "When the Security Scanner Became the Weapon" (v3.0, March 25, 2026). Update 004 covered developments through March 30, including the Databricks investigation, dual ransomware operations, an…ISC.SANS.EDU
1 AprWhen Crisis Plans Fail to ActOrganizations often have strong incident response, crisis communication, and business continuity plans in place. Despite this, crises can fail at the governance level when no one has clear authority to make critical decisions in real time. Does your organization know exactly who …YOUTUBE.COM
1 AprHasbro says it was hacked, and may take ‘several weeks’ to recoverThe American toymaking giant noted that it was continuing to "implement measures to secure its business operations," suggesting that the hackers may still be in the company's systems.TECHCRUNCH.COM
1 AprToy Giant Hasbro Hit by CyberattackThe company is investigating the full scope of the incident, including whether any files have been compromised. The post Toy Giant Hasbro Hit by Cyberattack appeared first on SecurityWeek .SECURITYWEEK.COM
1 AprIs “Hackback” Official US Cybersecurity Strategy?The 2026 US “ Cyber Strategy for America ” document is mostly the same thing we’ve seen out of the White House for over a decade, but with a more aggressive tone. But one sentence stood out: “We will unleash the private sector by creating incentives to ide…SCHNEIER.COM
1 AprLeadership or Career RiskCybersecurity leaders often face increased visibility and accountability during incidents, especially in high-stakes environments. Without shared responsibility and the right culture, stepping into leadership can feel like personal risk rather than opportunity—impacting decision-…YOUTUBE.COM
1 AprSmashing Security podcast #461: This man hid $400 million in a fishing rod. Then it vanishedA cannabis-growing, beekeeping, gyrocopter-flying Irishman invested his drug money in Bitcoin back in 2011 - and now sits on a fortune worth $400 million. There's just one small problem: the access codes were tucked inside his fishing rod case, which has mysteriously vanished. Or…GRAHAMCLULEY.COM
1 AprMajor Cyber Attacks in March 2026: OAuth Phishing, SVG Smuggling, Magecart, and MoreMarch 2026 brought a wave of cyber attacks that reflected how quickly modern threats can move from subtle early signals to serious business impact. ANY.RUN analysts identified and explored several major threats this month, exposing phishing campaigns, stealthy malware, payment-sk…ANY.RUN
31 MarThe Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t TrustData integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue. The post The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust appeared first on SecurityWeek .SECURITYWEEK.COM
31 MarStolen Logins Are Fueling Everything From Ransomware to Nation-State CyberattacksReport shows how industrialized credential theft underpins ransomware, SaaS breaches, and geopolitical attacks, shifting security focus from prevention to detecting misuse of legitimate access. The post Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberatt…SECURITYWEEK.COM
31 MarWeekly Update 497Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite Day by day, I find we're eeking more goodness out of OpenClaw and finding the sweet spot between what the humans do well and the a…TROYHUNT.COM
31 MarAxios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm AccountThe popular HTTP client known as Axios has suffered a supply chain attack after two newly published versions of the npm package introduced a malicious dependency that delivers a trojan capable of targeting Windows, macOS, and Linux systems. Versions 1.14.1 and 0.30.4 of Axios hav…THEHACKERNEWS.COM
31 MarApplication Control Bypass for Data Exfiltration, (Tue, Mar 31st)In case of a cyber incident, most organizations fear more of data loss (via exfiltration) than regular data encryption because they have a good backup policy in place. If exfiltration happened, it means a total loss of control of the stolen data with all the consequences (PII, CC…ISC.SANS.EDU
31 MarTeamPCP Supply Chain Campaign: Update 004 - Databricks Investigating Alleged Compromise, TeamPCP Runs Dual Ransomware Operations, and AstraZeneca Data Released, (Mon, Mar 30th)This is the fourth update to the TeamPCP supply chain campaign threat intelligence report,&#;x26;#;xc2;&#;x26;#;xa0; "When the Security Scanner Became the Weapon" &#;x26;#;xc2;&#;x26;…ISC.SANS.EDU
31 MarWhatsApp malware campaign delivers VBScript and MSI backdoorsA malware campaign uses WhatsApp messages to deliver VBS scripts that initiate a multi-stage infection chain. The attack leverages renamed Windows tools and cloud-hosted payloads to install MSI backdoors and maintain persistent access to compromised systems. The post WhatsApp mal…MICROSOFT.COM
31 MarAxios NPM Packages Breached in Ongoing Supply Chain AttackA severe supply chain attack has compromised the widely used Axios HTTP client on the npm registry. Attackers injected a malicious dependency into specific Axios releases, exposing millions of developers to a multi-stage remote access trojan capable of executing arbitrary command…GBHACKERS.COM
31 MarTelegram-Based ResokerRAT Adds Screenshot Capture and PersistenceHackers are deploying a new Windows malware called ResokerRAT, a Telegram‑based Remote Access Trojan (RAT) that gives attackers stealthy remote control over infected systems. Instead of relying on a traditional command‑and‑control (C2) server, ResokerRAT abuses the Telegram Bot A…GBHACKERS.COM
31 MarGoogle Introduces Advanced Ransomware Defense and Recovery Features in DriveGoogle has officially moved its advanced ransomware detection and file restoration features for Google Drive out of beta, making them generally available to organizations globally. Originally launched for beta testing in September 2025, these security enhancements are designed to…GBHACKERS.COM
31 MarCuties AI - 144,250 breached accountsIn March 2026, the NSFW AI companion platform Cuties AI suffered a data breach that was subsequently published to a public hacking forum . The incident exposed 144k unique email addresses along with display names, avatars, prompts and descriptions used to generate AI adult images…HAVEIBEENPWNED.COM
31 MarFahndung nach Cyberkriminellen – 130 Firmen attackiert130 Unternehmen und Institutionen gerieten ins Visier der Hacker. Tayler Derden | shutterstock.com Nach jahrelangen Cybercrime-Angriffen auf mehr als Hundert Unternehmen und Einrichtungen in Deutschland haben Ermittler zwei zentrale Verdächtige identifiziert. Der eine sei der mut…CSOONLINE.COM
31 MarWhy ransomware is now after your data — and how to protect your home storage | Kaspersky official blogRansomware is increasingly targeting home backups on NAS, cloud storage, and external drives. Here’s how these attacks work, and how to keep your family photos and documents safe.KASPERSKY.COM
31 MarSupply Chain Attack on Axios Pulls Malicious Dependency from npmsubmitted by codeinabox to security 4 points | 0 comments https://socket.dev/blog/axios-npm-package-compromised cross-posted from: lemmy.bestiver.se/post/1019645 CommentsPROGRAMMING.DEV
31 MarBehind the Curtain: AI's looming cyber nightmaresubmitted by return2ozma to cybersecurity 1 points | 0 comments https://www.axios.com/2026/03/29/claude-mythos-anthropic-cyberattack-ai-agentsSH.ITJUST.WORKS
31 MarAxios NPM Package Compromised: Supply Chain Attack Hits JavaScript HTTP Client with 100M+ Weekly DownloadsA supply chain attack hit Axios when attackers used stolen npm credentials to publish malicious versions containing a phantom dependency. This triggered a cross-platform RAT during installation and replaced its files with clean decoys, making detection challenging.TRENDMICRO.COM
30 MarNew RoadK1ll WebSocket implant used to pivot on breached networksA newly identified malicious implant named RoadK1ll is enabling threat actors to quietly move from a compromised host to other systems on the network. [...]BLEEPINGCOMPUTER.COM
30 MarEuropean Commission confirms data breach after Europa.eu hackThe European Commission has confirmed a data breach after its Europa.eu web platform was hacked in a cyberattack claimed by the ShinyHunters extortion gang. [...]BLEEPINGCOMPUTER.COM
30 MarHIBP Mega Update: Passkeys, k-Anonymity Searches, Massive Speed Enhancements and a Bulk Domain Verification APIPresently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite For a hobby project built in my spare time to provide a simple community service, Have I Been Pwned sure has, well, "escalated&quo…TROYHUNT.COM
30 MarDutch Police discloses security breach after phishing attacksubmitted by kid to cybersecurity 6 points | 0 comments https://www.bleepingcomputer.com/news/security/dutch-police-discloses-security-breach-after-phishing-attack/SH.ITJUST.WORKS
29 MarShinyHunters says it stole 350GB+ of data in a cyberattack on the European Commission, detected on March 24; the EC says its internal systems were not affectedsubmitted by Innerworld to cybersecurity 11 points | 0 comments https://securityaffairs.com/190095/data-breach/shinyhunters-claims-the-hack-of-the-european-commission.htmlINFOSEC.PUB
29 MarShinyHunters says it stole 350GB+ of data in a cyberattack on the European Commission, detected on March 24; the EC says its internal systems were not affectedsubmitted by Innerworld to security 3 points | 0 comments https://securityaffairs.com/190095/data-breach/shinyhunters-claims-the-hack-of-the-european-commission.htmlPROGRAMMING.DEV
29 MarShinyHunters says it stole 350GB+ of data in a cyberattack on the European Commission, detected on March 24; the EC says its internal systems were not affectedsubmitted by Innerworld to cybersecurity 18 points | 0 comments https://securityaffairs.com/190095/data-breach/shinyhunters-claims-the-hack-of-the-european-commission.htmlSH.ITJUST.WORKS
28 MarHundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the Wildsubmitted by Innerworld to cybersecurity 1 points | 0 comments https://www.wired.com/story/hundreds-of-millions-of-iphones-can-be-hacked-with-a-new-tool-found-in-the-wild/INFOSEC.PUB
28 MarHundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the Wildsubmitted by Innerworld to security 2 points | 0 comments https://www.wired.com/story/hundreds-of-millions-of-iphones-can-be-hacked-with-a-new-tool-found-in-the-wild/PROGRAMMING.DEV
28 MarHundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the Wildsubmitted by Innerworld to cybersecurity 1 points | 0 comments https://www.wired.com/story/hundreds-of-millions-of-iphones-can-be-hacked-with-a-new-tool-found-in-the-wild/SH.ITJUST.WORKS
28 MarEuropean Commission Confirms Cyberattack After AWS Account BreachThe European Commission has confirmed a cybersecurity incident affecting its cloud-based infrastructure after attackers gained access to an Amazon Web Services (AWS) account hosting parts of the Europa.eu platform. According to an official statement, the compromised infrastructur…GBHACKERS.COM
28 MarFake Certificate Loader Hides BlankGrabber Malware ChainBlankGrabber’s operators are now abusing a fake “certificate” loader to hide a multi‑stage Rust and Python infection chain, making this commodity stealer significantly harder to spot on Windows endpoints. The new technique relies on built‑in tools such as certutil.exe, heavily ob…GBHACKERS.COM
28 MarTeamPCP Supply Chain Campaign: Update 003 - Operational Tempo Shift as Campaign Enters Monetization Phase With No New Compromises in 48 Hours, (Sat, Mar 28th)This is the third update to the TeamPCP supply chain campaign threat intelligence report, "When the Security Scanner Became the Weapon" (v3.0, March 25, 2026). Update 002 covered developments through March 27, including the Telnyx PyPI compromise and Vect ransomware partnership. …ISC.SANS.EDU
28 MarIran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper AttackThreat actors with ties to Iran successfully broke into the personal email account of Kash Patel, the director of the U.S. Federal Bureau of Investigation (FBI), and leaked a cache of photos and other documents to the internet. Handala Hack Team, which carried out the breach, sai…THEHACKERNEWS.COM
27 MarIran Targeted by Self-Propagating Malware in Supply-Chain Cyberattackssubmitted by Amoxtli to cybersecurity 1 points | 0 comments https://circleid.com/posts/iran-targeted-by-self-propagating-malware-in-supply-chain-cyberattacksINFOSEC.PUB
27 MarAnonymous Tip System Breach May Expose TipstersAnonymous Tip System Breach Exposes Millions of Records, Google Warns Q-Day by 2029, and New AI Documentation Supply-Chain Risks Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wirele…CYBERSECURITYTODAY.LIBSYN.COM
27 MarDutch Police discloses security breach after phishing attackThe Dutch National Police (Politie) says a security breach resulting from a successful phishing attack has had a limited impact and hasn't affected citizens' data. [...]BLEEPINGCOMPUTER.COM
27 MarSilver Fox Cyberattack Targets Japanese Businesses with Tax-Themed Phishing ScamsA threat actor known as Silver Fox is targeting Japanese organizations with a new wave of spearphishing attacks timed to coincide with the country’s busy tax-filing and corporate restructuring season. The campaign focuses heavily on manufacturers and enterprises that are currentl…GBHACKERS.COM
27 MarBearlyfy Hits 70+ Russian Firms with Custom GenieLocker RansomwareA pro-Ukrainian group called Bearlyfy has been attributed to more than 70 cyber attacks targeting Russian companies since it first surfaced in the threat landscape in January 2025, with recent attacks leveraging a custom Windows ransomware strain codenamed GenieLocker. "Bearlyfy …THEHACKERNEWS.COM
27 MarCyberangriff auf die LinkeDie Hackergruppe “Qilin” steht möglicherweise hinter dem Angriff. Studio-M – shutterstock.com Die Linke ist nach eigenen Angaben Opfer einer schweren Cyberattacke geworden und vermutet dahinter russischsprachige Hacker. Man habe am Donnerstag sofort reagiert und Teile der IT-Infr…CSOONLINE.COM
27 MarEuropean Commission investigating breach after Amazon cloud hackThe European Commission, the European Union's main executive body, is investigating a security breach after a threat actor gained access to its Amazon cloud infrastructure. [...]BLEEPINGCOMPUTER.COM
27 MarHightower Holding Data Breach Impacts 130,000 - SecurityWeeksubmitted by kid to cybersecurity 1 points | 0 comments https://www.securityweek.com/hightower-holding-data-breach-impacts-130000/SH.ITJUST.WORKS
27 MarIn Other News: Palo Alto Recruiter Scam, Anti-Deepfake Chip, Google Sets 2029 Quantum DeadlineOther noteworthy stories that might have slipped under the radar: Heritage Bank data breach, new State Department unit tackles cyber threats, LA Metro disruptions. The post In Other News: Palo Alto Recruiter Scam, Anti-Deepfake Chip, Google Sets 2029 Quantum Deadline appeared fir…SECURITYWEEK.COM
27 MarTeamPCP Supply Chain Campaign: Update 002 - Telnyx PyPI Compromise, Vect Ransomware Mass Affiliate Program, and First Named Victim Claim, (Fri, Mar 27th)This is the second update to the TeamPCP supply chain campaign threat intelligence report, "When the Security Scanner Became the Weapon" (v3.0, March 25, 2026). Update 001 covered developments through March 26. This update covers developments from March 26-27, 2026.
ISC.SANS.EDU
27 MarApple says no one using Lockdown Mode has been hacked with spywareThe tech giant's claim that it has not seen any successful spyware attacks targeting Apple devices with Lockdown Mode enabled comes amid a leak of hacking tools targeting users running devices with older software.TECHCRUNCH.COM
27 MarIranian hackers claim breach of FBI director Kash Patel’s personal email accountHandala, a pro-Iranian hacking group allegedly working for Iran’s government, published emails it said were taken from the Gmail account of FBI director Kash Patel.TECHCRUNCH.COM
27 MarEuropean Commission investigating breach after Amazon cloud account hackThe European Commission, the European Union's main executive body, is investigating a security breach after a threat actor gained access to its Amazon cloud infrastructure. [...]BLEEPINGCOMPUTER.COM
27 MarTeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV FilesTeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python package by pushing two malicious versions to steal sensitive data. The two versions, 4.87.1 and 4.87.2, published to the Python Package Index (PyPI) …THEHACKERNEWS.COM
27 MarLloyds Bank reveals how IT bug exposed transaction dataLloyds Banking Group has identified the glitch that led to some of its customers being able to see details of other customers’ transactions on March 12. It revealed the information in a letter to the UK Parliament’s Treasury Committee , setting out the details of the incident and…CSOONLINE.COM
27 MarEuropean Commission confirms cyberattack after hackers claim data breachThe European Union's top executive body has confirmed a cyberattack after hackers reportedly stole reams of data from the European Commission's cloud storage.TECHCRUNCH.COM
27 MarThe telnyx packages on PyPI have been compromisedsubmitted by cm0002 to cybersecurity 2 points | 0 comments https://lwn.net/Articles/1065059/ The SafeDep blog reports that compromised versions of the telnyx package have been found in the PyPI repository: Two versions of telnyx (4.87.1 and 4.87.2) published to PyPI on March 27, …INFOSEC.PUB
27 MarCompromised telnyx on PyPI: WAV Steganography and Credential Theftsubmitted by Kissaki to security 1 points | 0 comments https://safedep.io/malicious-telnyx-pypi-compromise/ Two versions of telnyx (4.87.1 and 4.87.2) published to PyPI on March 27, 2026 contain malicious code injected into telnyx/_client.py. The telnyx package averages over 1 mi…PROGRAMMING.DEV
27 MarBackdoored Telnyx PyPI package pushes malware hidden in WAV audioTeamPCP hackers compromised the Telnyx package on the Python Package Index today, uploading malicious versions that deliver credential-stealing malware hidden inside a WAV file. [...]BLEEPINGCOMPUTER.COM
27 MarIranian-linked hackers claimed responsibility for the breach of FBI Direct Kash Patel’s personal email accountsubmitted by Innerworld to cybersecurity 2 points | 0 comments https://www.reuters.com/world/us/iran-linked-hackers-claim-breach-of-fbi-directors-personal-email-doj-official-2026-03-27/INFOSEC.PUB
27 MarIranian-linked hackers claimed responsibility for the breach of FBI Direct Kash Patel’s personal email accountsubmitted by Innerworld to security 1 points | 0 comments https://www.reuters.com/world/us/iran-linked-hackers-claim-breach-of-fbi-directors-personal-email-doj-official-2026-03-27/PROGRAMMING.DEV
27 MarIranian-linked hackers claimed responsibility for the breach of FBI Direct Kash Patel’s personal email accountsubmitted by Innerworld to cybersecurity 2 points | 0 comments https://www.reuters.com/world/us/iran-linked-hackers-claim-breach-of-fbi-directors-personal-email-doj-official-2026-03-27/SH.ITJUST.WORKS
26 MarScuf Gaming - 128,683 breached accountsIn June 2015, custom gaming controller maker Scuf Gaming suffered a data breach . The incident exposed 129k unique email addresses along with usernames, display names, IP addresses and password hashes.HAVEIBEENPWNED.COM
26 MarTorg Grabber Malware Shifts from Telegram Exfiltration to Encrypted REST API for C2A fast-evolving information‑stealing malware dubbed “Torg Grabber” that has shifted from simple Telegram‑based exfiltration to a hardened, encrypted REST API command‑and‑control (C2) channel fronted by Cloudflare. The operation surfaced when a 747 KB 64‑bit sample initially tagge…GBHACKERS.COM
26 MarRussia arrests suspected owner of LeakBase cybercrime forumRussian police arrested a Taganrog resident believed to be the owner of LeakBase, a major online forum used by cybercriminals to buy and sell stolen data and hacking tools. [...]BLEEPINGCOMPUTER.COM
26 MarRansomware attack disrupts operation at major Spanish fishing port | The Record from Recorded Future Newssubmitted by kid to cybersecurity 2 points | 0 comments https://therecord.media/port-of-vigo-ransomwareSH.ITJUST.WORKS
26 MarHightower Holding Data Breach Impacts 130,000The holdings company says hackers stole names, Social Security numbers, and driver’s license numbers from its environment. The post Hightower Holding Data Breach Impacts 130,000 appeared first on SecurityWeek .SECURITYWEEK.COM
26 MarUK sanctions Xinbi marketplace linked to Asian scam centersThe United Kingdom's Foreign, Commonwealth and Development Office (FCDO) has sanctioned Xinbi, a Chinese-language cryptocurrency-based online marketplace that sells stolen data and satellite internet equipment to scam networks in Southeast Asia. [...]BLEEPINGCOMPUTER.COM
26 MarIran-Linked Pay2Key Ransomware Group Re-Emerges - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/iranlinked-pay2key-ransomware/SH.ITJUST.WORKS
26 MarWhy Financial Firms are Outgrowing Traditional Email SecurityIn the financial services industry, a "security incident" is rarely just an IT ticket. It is a regulatory event. Whether you are a bank, a global investment firm, or a fintech startup, your email environment is the most targeted entry point for attackers and the most common exit …KNOWBE4.COM
26 MarYour AI Gateway Was a Backdoor: Inside the LiteLLM Supply Chain CompromiseTeamPCP orchestrated one of the most sophisticated multi-ecosystem supply chain campaigns publicly documented to date that cascaded through developer tooling and compromised LiteLLM, exposing how AI proxy services that concentrate API keys and cloud credentials become high-value …TRENDMICRO.COM
25 MarFive Malicious npm Packages Target Crypto Developers, Steal Wallet Keys via TelegramFive malicious npm packages impersonating popular crypto libraries are stealing wallet keys from Solana and Ethereum developers and exfiltrating them directly to a hardcoded Telegram bot. Each package typosquats or wraps a legitimate crypto library and funnels stolen private keys…GBHACKERS.COM
25 MarHackerOne Employee Data Exposed in Massive Navia BreachThe cybersecurity firm said the personal information of hundreds of employees was stolen in the hacker attack targeting Navia. The post HackerOne Employee Data Exposed in Massive Navia Breach appeared first on SecurityWeek .SECURITYWEEK.COM
25 MarManager of botnet used in ransomware attacks gets 2 years in prisonA Russian national has been sentenced to two years in prison after admitting that the phishing botnet he managed was used to launch BitPaymer ransomware attacks against 72 U.S. companies. [...]BLEEPINGCOMPUTER.COM
25 MarNew Study Reveals How Infostealer Infections Lead to Dark Web Exposure in Just 48 HoursNew research is shedding light on how infostealer malware turns a single careless click into full-blown credential exposure on dark web marketplaces in less than 48 hours far faster than traditional breach detection timelines. Unlike database breaches that take weeks or months to…GBHACKERS.COM
25 MarUS Prisons Russian Access Broker for Aiding Ransomware AttacksAleksei Volkov has been sentenced to 81 months in prison for his role in Yanluowang ransomware attacks. The post US Prisons Russian Access Broker for Aiding Ransomware Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
25 MarSmartApeSG ClickFix Campaign Spreads Remcos, NetSupport RAT, StealC, Sectop RATA recent SmartApeSG campaign observed on March 24, 2026, highlights the growing sophistication of ClickFix-based attack chains, which deliver multiple remote access trojans (RATs) and information stealers through a staged infection process. The infection begins with the ClickFix …GBHACKERS.COM
25 MarLinux Ransomware Pay2Key Targets Servers, Virtualization Hosts, and Cloud WorkloadsLinux-focused ransomware Pay2Key is actively targeting enterprise servers, VMware ESXi virtualization hosts, and cloud workloads, underscoring how far Linux ransomware has evolved beyond simple file lockers. Originally known for fast, human-operated Windows intrusions against Isr…GBHACKERS.COM
25 MarFrom Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPIThe hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$. The post From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI appeared first on SecurityWeek .SECURITYWEEK.COM
25 Mar3.1 Million Impacted by QualDerm Data Breach - SecurityWeeksubmitted by kid to cybersecurity 1 points | 0 comments https://www.securityweek.com/3-1-million-impacted-by-qualderm-data-breach/SH.ITJUST.WORKS
25 MarRussian Hacker Sentenced to 2 Years for TA551 Botnet-Driven Ransomware AttacksThe U.S. Department of Justice (DoJ) said a Russian national has been sentenced to two years in prison for managing a botnet that was used to launch ransomware attacks against U.S. companies. Ilya Angelov, 40, of Tolyatti, Russia, was also fined $100,000. Angelov, who went by the…THEHACKERNEWS.COM
25 MarWhen Encryption Suddenly FailsCryptographic algorithms can become vulnerable over time, requiring organizations to replace them quickly. Without a clear inventory of where encryption is used, organizations may struggle to respond when an algorithm is compromised. Crypto agility ensures that teams can locate a…YOUTUBE.COM
25 MarIdentity security is the new pressure point for modern cyberattacksRead the latest Microsoft Secure Access report for insights into why a unified identity and access strategy offers strong modern protection. The post Identity security is the new pressure point for modern cyberattacks appeared first on Microsoft Security Blog .MICROSOFT.COM
25 MarYour AI Stack Just Handed Over Your Root Keys: Inside the litellm PyPI BreachLitellm PyPI breach explained: malicious versions steal cloud credentials, SSH keys, and Kubernetes secrets. Learn impact and urgent mitigation steps.TRENDMICRO.COM
25 MarAnatomy of a Cyber World Global Report 2026The Kaspersky Security Services report describes cyberattack trends and statistics revealed by the Managed Detection and Response service. The report also includes Incident Response findings based on real-world cases identified and mitigated in 2025.SECURELIST.COM
24 MarUS State Department launches the Bureau of Emerging Threats to tackle current and future threats, including cyberattacks and AI weaponization by adversariessubmitted by Innerworld to cybersecurity 3 points | 0 comments https://abcnews.com/Politics/state-department-launches-effort-counter-cyberattacks-ai-risks/story?id=131265350INFOSEC.PUB
24 MarUS State Department launches the Bureau of Emerging Threats to tackle current and future threats, including cyberattacks and AI weaponization by adversariessubmitted by Innerworld to security 2 points | 0 comments https://abcnews.com/Politics/state-department-launches-effort-counter-cyberattacks-ai-risks/story?id=131265350PROGRAMMING.DEV
24 MarUS State Department launches the Bureau of Emerging Threats to tackle current and future threats, including cyberattacks and AI weaponization by adversariessubmitted by Innerworld to cybersecurity 2 points | 0 comments https://abcnews.com/Politics/state-department-launches-effort-counter-cyberattacks-ai-risks/story?id=131265350SH.ITJUST.WORKS
24 MarWeekly Update 496Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite Watching OpenClaw do its thing must be like watching the first plane take flight. It's a bit rickety and stuck together with a lot…TROYHUNT.COM
24 MarNew Leak Site Tied to Active Initial Access Broker Emerges on Underground ForumsA new Tor-based leak site dubbed ALP-001 has quietly moved from selling network footholds to publicly naming victims, signaling an evolution from pure initial access brokerage to full-scale cyber extortion. The ALP-001 site, reachable only over Tor, advertises itself as a “Data L…GBHACKERS.COM
24 MarU.S. Sentences Russian Hacker to 6.75 Years for Role in $9M Ransomware DamageA 26-year-old Russian citizen has been sentenced in the U.S. to 6.75 years (81 months) in prison for his role in assisting major cybercrime groups, including the Yanluowang ransomware crew, in conducting numerous attacks against U.S. companies and other organizations. According t…THEHACKERNEWS.COM
24 MarRussian Access Broker Jailed for Facilitating Ransomware Attacks Targeting U.S. CompaniesA United States federal court has sentenced Aleksei Volkov, a 26-year-old Russian national, to 81 months in prison for operating as an initial access broker. Volkov played a critical part in enabling major cybercrime syndicates, including the Yanluowang ransomware group, to breac…GBHACKERS.COM
24 MarMazda Says Employee, Partner Information Stolen in CyberattackThe hackers stole internal IDs, names, email addresses, and business partner IDs from an internal management system. The post Mazda Says Employee, Partner Information Stolen in Cyberattack appeared first on SecurityWeek .SECURITYWEEK.COM
24 MarTeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI CredentialsTwo more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-native cybercriminal operation also behind the Trivy supply chain attack. The workflows, both maintained by the supply chain sec…THEHACKERNEWS.COM
24 Mar3.1 Million Impacted by QualDerm Data BreachHackers stole personal, medical, and health insurance information from the company’s internal systems. The post 3.1 Million Impacted by QualDerm Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
24 MarYanluowang ransomware access broker gets 81 months in prisonA Russian national was sentenced to nearly 7 years in prison after pleading guilty to acting as an initial access broker (IAB) for Yanluowang ransomware attacks. [...]BLEEPINGCOMPUTER.COM
24 MarInfinite Campus warns of breach after ShinyHunters claims data theftInfinite Campus, a widely used K-12 student information system, is warning customers of a data breach following an extortion attempt by a threat actor. [...]BLEEPINGCOMPUTER.COM
24 MarExtortion Group Claims It Hacked AstraZenecaThe Lapsus$ hackers allegedly compromised internal code repositories, credentials, and employee data. The post Extortion Group Claims It Hacked AstraZeneca appeared first on SecurityWeek .SECURITYWEEK.COM
24 MarSQL Server Ransomware Attacks: How They Work and How to Harden Your DatabaseKey Takeaways ● Documented SQL Server attacks have moved from initial access to ransomware deployment within the hour when exposure is high and defenses are absent — but attack timelines vary widely depending on privileges, host controls, segmentation, and at…GBHACKERS.COM
24 MarCrunchyroll confirms data breach after hacker claims unauthorized accessCrunchyroll said it continues to investigate the data breach involving its users' personal information.TECHCRUNCH.COM
24 MarPoland Faced a Surge in Cyberattacks in 2025, Including a Major Assault on the Energy SectorThe attacks included a destructive infiltration of Poland's energy system in December and was suspected of originating in Russia. The post Poland Faced a Surge in Cyberattacks in 2025, Including a Major Assault on the Energy Sector appeared first on SecurityWeek .SECURITYWEEK.COM
24 MarTeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD CompromiseTeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, a Kubernetes lateral movement toolkit, and a persistent backdoor. Multiple secu…THEHACKERNEWS.COM
24 MarPopular LiteLLM PyPI package compromised in TeamPCP supply chain attackThe TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of devices during the attack. [...]BLEEPINGCOMPUTER.COM
23 MarM-Trends 2026: Initial Access Handoff Shrinks From Hours to 22 SecondsThe latest M-Trends report is based on insights from over 500,000 hours of Mandiant incident response investigations in 2025. The post M-Trends 2026: Initial Access Handoff Shrinks From Hours to 22 Seconds appeared first on SecurityWeek .SECURITYWEEK.COM
23 MarChip Services Firm Trio-Tech Says Subsidiary Hit by RansomwareThe semiconductor company says hackers deployed file-encrypting ransomware on the network of a subsidiary in Singapore. The post Chip Services Firm Trio-Tech Says Subsidiary Hit by Ransomware appeared first on SecurityWeek .SECURITYWEEK.COM
23 MarCase study: How predictive shielding in Defender stopped GPO-based ransomware before it startedMicrosoft Defender stopped a human-operated ransomware attack that abused Group Policy Objects (GPOs) to disable defenses and push encryption at scale. This case study breaks down the attacker’s playbook and shows how predictive shielding hardened 700 devices in time, resulting i…MICROSOFT.COM
23 MarLibyan Refinery Targeted in Prolonged Spy Campaign With AsyncRATA targeted cyber espionage campaign against Libyan organizations has compromised an oil refinery, a telecommunications provider, and a state institution between November 2025 and February 2026. The campaign stands out due to its focus on critical infrastructure, particularly Liby…GBHACKERS.COM
23 MarCan AI help critical infrastructure, the state of the cyber market, and weekly news - ESW #451Interview with Kara Sprague - The AI Fix for Infrastructure’s Oldest Security Risks. Critical infrastructure, often built on decades-old systems and legacy code, remains vulnerable to cyberattacks. From pipelines and energy grids to transportation networks, we break down where cr…YOUTUBE.COM
23 MarTrivy Compromised by "TeamPCP" | Wiz Blogsubmitted by cm0002 to cybersecurity 3 points | 0 comments https://www.wiz.io/blog/trivy-compromised-teampcp-supply-chain-attackINFOSEC.PUB
23 MarNavia Data Breach Impacts 2.7 Million - SecurityWeeksubmitted by kid to cybersecurity 4 points | 1 comments https://www.securityweek.com/navia-data-breach-impacts-2-7-million/SH.ITJUST.WORKS
23 MarCrunchyroll probes breach after hacker claims to steal 6.8M users' dataPopular anime streaming platform Crunchyroll is investigating a breach after hackers claimed to have stolen personal information for approximately 6.8 million people. [...]BLEEPINGCOMPUTER.COM
23 MarMazda discloses security breach exposing employee and partner dataMazda Motor Corporation (Mazda) announced that information belonging to its employees and business partners had been exposed in a security incident detected last December. [...]BLEEPINGCOMPUTER.COM
23 MarRuneScape Boards - 222,762 breached accountsIn around 2011, the RuneScape Boards forum (also known as RSBoards) suffered a data breach that was later redistributed as part of a larger corpus of data . The vBulletin-based service exposed 223k unique email addresses along with usernames, IP addresses and salted MD5 password …HAVEIBEENPWNED.COM
21 MarAre nations ready to be the cybersecurity insurers of last resort?A senior member of the Cyber Monitoring Center (CMC), an organization formed last year to monitor, define and classify cyber events impacting UK organizations, this week questioned whether a £1.5 billion (about $2 billion) government loan guarantee provided to Jaguar Land Rover (…CSOONLINE.COM
20 MarFBI links Signal phishing attacks to Russian intelligence servicesThe FBI has issued a public service announcement warning that Russian intelligence-linked threat actors are actively targeting users of encrypted messaging apps such as Signal and WhatsApp in phishing campaigns that have already compromised thousands of accounts. [...]BLEEPINGCOMPUTER.COM
20 MarHow CISOs Can Survive the Era of Geopolitical CyberattacksGeopolitical tensions are driving destructive cyberattacks designed to disrupt operations, not demand ransom. CISOs must limit lateral movement and contain breaches to reduce the impact of wiper campaigns. [...]BLEEPINGCOMPUTER.COM
20 MarIn Other News: New Android Safeguards, Operation Alice, UK Toughens Cyber ReportingOther noteworthy stories that might have slipped under the radar: vulnerabilities found in KVM devices, Claudy Day Claude vulnerabilities, The Gentlemen ransomware group. The post In Other News: New Android Safeguards, Operation Alice, UK Toughens Cyber Reporting appeared first o…SECURITYWEEK.COM
20 MarFeds Disrupt IoT Botnets Behind Huge DDoS AttacksThe U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three million hacked Internet of Things (IoT) devices, such as routers and web cameras. The feds say the …KREBSONSECURITY.COM
20 MarThe Importance of Behavioral Analytics in AI-Enabled Cyber AttacksArtificial Intelligence (AI) is changing how individuals and organizations conduct many activities, including how cybercriminals carry out phishing attacks and iterate on malware. Now, cybercriminals are using AI to generate personalized phishing emails, deepfakes and malware tha…THEHACKERNEWS.COM
20 MarSpeagle Malware Hijacks Cobra DocGuard to Steal Data via Compromised ServersCybersecurity researchers have flagged a new malware dubbed Speagle that hijacks the functionality and infrastructure of a legitimate program called Cobra DocGuard. "Speagle is designed to surreptitiously harvest sensitive information from infected computers and transmit it to a …THEHACKERNEWS.COM
20 MarCyberattack on vehicle breathalyzer company leaves drivers stranded across the USA cyberattack on a U.S. car breathalyzer company has left drivers across the United States reportedly stranded and unable to start their vehicles.TECHCRUNCH.COM
20 MarDenver’s crosswalks hacked to broadcast anti-Trump messagesPedestrians crossing a street in Denver, Colorado, got rather more than they bargained for last weekend, when the audio signals at two crosswalks began broadcasting a political message alongside their usual walking instructions. Read more in my article on the Hot for Security blo…BITDEFENDER.COM
20 MarLeakNet ransomware: what you need to knowA ransomware gang that claims to be a group of "investigative journalists"? Meet LeakNet - the group using fake CAPTCHA pages to trick employees into hacking themselves. Read more in my article on the Fortra blog.FORTRA.COM
20 MarWater utilities strengthen cybersecurity through cooperationWater utilities are finding that letting information flow can flush out cybersecurity problems. The water industry has a security issue: Many utilities operate with ageing systems and minimal IT or cybersecurity personnel. But by coordinating responses to cyber-attacks, participa…CSOONLINE.COM
20 MarDoJ has taken down botnets behind the largest-ever DDoS attacksubmitted by Innerworld to cybersecurity 10 points | 0 comments https://www.wired.com/story/us-takes-down-botnets-used-in-record-breaking-cyberattacks/INFOSEC.PUB
20 MarDoJ has taken down botnets behind the largest-ever DDoS attacksubmitted by Innerworld to security 2 points | 0 comments https://www.wired.com/story/us-takes-down-botnets-used-in-record-breaking-cyberattacks/PROGRAMMING.DEV
20 MarDoJ has taken down botnets behind the largest-ever DDoS attacksubmitted by Innerworld to cybersecurity 12 points | 0 comments https://www.wired.com/story/us-takes-down-botnets-used-in-record-breaking-cyberattacks/SH.ITJUST.WORKS
20 MarMove fast and save things: A quick guide to recovering a hacked accountWhat you do – and how fast – after an account is compromised often matters more than it may seemWELIVESECURITY.COM
19 MarRaven Emerges From Stealth With $20 Million in FundingRaven’s platform observes applications at runtime to detect anomalous behavior and prevent cyberattacks. The post Raven Emerges From Stealth With $20 Million in Funding appeared first on SecurityWeek .SECURITYWEEK.COM
19 MarAura confirms data breach exposing 900,000 marketing contactssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/aura-confirms-data-breach-exposing-900-000-marketing-contacts/SH.ITJUST.WORKS
19 MarSecurity Firm Aura Discloses Data Breach Impacting 900,000 RecordsThe information was stolen from a marketing tool after an employee fell victim to a targeted phone phishing attack. The post Security Firm Aura Discloses Data Breach Impacting 900,000 Records appeared first on SecurityWeek .SECURITYWEEK.COM
19 MarMarquis Data Breach Affects 672,000 IndividualsIt was previously estimated that more than 1.6 million people may be affected by the Marquis data breach. The post Marquis Data Breach Affects 672,000 Individuals appeared first on SecurityWeek .SECURITYWEEK.COM
19 MarFBI seizes pro-Iranian hacking group’s websites after destructive Stryker hackThe FBI and the Justice Department took down two websites linked to the pro-Iranian hacktivist group Handala, which last week hacked medical tech giant Stryker.TECHCRUNCH.COM
19 MarIran Readied Cyberattack Capabilities for Response Prior to Epic FuryAnalysis reveals a six-month buildup of Iran-linked cyber infrastructure, including US-based shell companies, designed to weather kinetic strikes and ensure the resilience of its global hacking operations. The post Iran Readied Cyberattack Capabilities for Response Prior to Epic …SECURITYWEEK.COM
19 MarFBI seizes Handala data leak site after Stryker cyberattackThe FBI has seized two websites used by the Handala hacktivist group after the threat actors conducted a destructive cyberattack on medical technology giant Stryker that wiped approximately 80,000 devices. [...]BLEEPINGCOMPUTER.COM
19 MarWhen tax season becomes cyberattack season: Phishing and malware campaigns using tax-related luresIn recent months, Microsoft Threat Intelligence identified email campaigns using lures around W-2, tax forms, or similar themes, or posing as government tax agencies, tax services firms, and relevant financial institutions, with many campaigns targeting individuals for personal a…MICROSOFT.COM
19 MarBitrefill blames North Korean Lazarus group for cyberattackCrypto-powered gift card store Bitrefill says that the attack it suffered at the beginning of the month was likely perpetrated by North Korean hackers of the Bluenoroff group. [...]BLEEPINGCOMPUTER.COM
19 Mar1stProtect Emerges From Stealth With $20 Million in FundingThe company’s endpoint security platform monitors behavior and verifies user intent to stop cyberattacks in real time. The post 1stProtect Emerges From Stealth With $20 Million in Funding appeared first on SecurityWeek .SECURITYWEEK.COM
19 MarMillions of iPhones can be hacked with a new tool found in the wildDarkSword, a powerful iPhone-hacking technique, has been discovered in use by Russian hackers.ARSTECHNICA.COM
18 MarMicrosoft Teams-Based Vishing Attack Tricks Victims Into Quick Assist TakeoverThreat actors are increasingly relying on social engineering rather than complex software vulnerabilities to breach corporate networks. In November 2025, Microsoft’s Detection and Response Team (DART) investigated a notable identity-first intrusion where attackers successfully us…GBHACKERS.COM
18 MarLeakNet boosts ransomware with ClickFix lures, stealthy Deno loaderLeakNet is scaling its ransomware operation by pairing mass-market ClickFix lures with a stealthy Deno-based loader that executes almost entirely in memory, shrinking the window for defenders to intervene. Ransomware operator LeakNet is currently averaging around three victims pe…GBHACKERS.COM
18 MarLess Lucrative Ransomware Market Makes Attackers Alter Methodssubmitted by kid to cybersecurity 2 points | 0 comments https://www.darkreading.com/threat-intelligence/less-lucrative-ransomware-market-makes-attackers-alter-methodsSH.ITJUST.WORKS
18 Mar9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four VendorsCybersecurity researchers have warned about the risks posed by low-cost IP KVM (Keyboard, Video, Mouse over Internet Protocol) devices, which can grant attackers extensive control over compromised hosts. The nine vulnerabilities, discovered by Eclypsium, span four different produ…THEHACKERNEWS.COM
18 MarIranian Hackers Likely Used Malware-Stolen Credentials in Stryker BreachThe medtech giant has been working on restoring systems affected by the cyberattack conducted by the Handala hackers. The post Iranian Hackers Likely Used Malware-Stolen Credentials in Stryker Breach appeared first on SecurityWeek .SECURITYWEEK.COM
18 MarRobotic Surgery Giant Intuitive Discloses Cyberattack - SecurityWeeksubmitted by kid to cybersecurity 3 points | 0 comments https://www.securityweek.com/robotic-surgery-giant-intuitive-discloses-cyberattack/SH.ITJUST.WORKS
18 MarShadow AI Risk: How SaaS Apps Are Quietly Enabling Massive BreachesFrom Chaos to Control examines the chaos that often comes from shadow AI hidden in SaaS apps and urges better visibility and control over agentic AI. The post Shadow AI Risk: How SaaS Apps Are Quietly Enabling Massive Breaches appeared first on SecurityWeek .SECURITYWEEK.COM
18 MarMarquis says over 672,000 people had personal and financial data stolen in ransomware attackFintech company Marquis is notifying hundreds of thousands of people that hackers stole their personal and financial information, including their Social Security numbers.TECHCRUNCH.COM
18 MarMarquis: Ransomware gang stole data of 672K people in cyberattackMarquis, a Texas-based financial services provider, revealed this week that a ransomware gang stole the data of over 670,000 individuals in an August 2025 cyberattack that also disrupted operations at 74 banks across the United States. [...]BLEEPINGCOMPUTER.COM
18 MarAura confirms data breach exposing 900,000 marketing contactsIdentity protection company Aura has confirmed that an authorized party gained access to nearly 900,000 customer records containing names and email addresses. [...]BLEEPINGCOMPUTER.COM
17 MarWeekly Update 495Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite In the beginning, it was simple. A website, a database and 150M+ email addresses to search. Time has added serverless functions (which …TROYHUNT.COM
17 MarStryker Targeted by Large-Scale Wiper Attack, Tens of Thousands of Devices LostGlobal medical technology giant Stryker suffered a massive cybersecurity incident on March 11, 2026, resulting in the remote wiping of thousands of corporate devices. A pro-Iranian hacktivist group known as Handala has claimed responsibility for the attack, which severely disrupt…GBHACKERS.COM
17 MarHackers Abuse Trusted Websites in New Attacks on Microsoft Teams UsersThreat actors are increasingly turning to trusted infrastructure to launch their attacks, making it harder for automated security tools to flag malicious activity. A newly identified phishing campaign highlights this growing trend by abusing compromised websites to harvest valuab…GBHACKERS.COM
17 MarPayload ransomware hits Windows and ESXi with Babuk-style encryptionA new ransomware operation called Payload is rapidly emerging as a serious threat to both Windows and VMware ESXi environments, combining Babuk-style cryptography with aggressive anti-forensics and a working double-extortion model. The group claims to have been active since at le…GBHACKERS.COM
17 MarAI, APIs and DDoS Collide in New Era of Coordinated CyberattacksAkamai warns that Layer 7 DDoS, API abuse and AI-powered attacks are merging into coordinated, multi-vector campaigns that are harder to detect and defend against. The post AI, APIs and DDoS Collide in New Era of Coordinated Cyberattacks appeared first on SecurityWeek .SECURITYWEEK.COM
17 MarGoogle Warns Ransomware Groups Shift to Data Theft as Profits DeclineGoogle is warning that ransomware gangs are reinventing their business model as traditional encryption‑for‑ransom attacks become less profitable and data‑theft extortion surges. Better cybersecurity controls, improved backup strategies, and stronger recovery capabilities mean mo…GBHACKERS.COM
17 MarRobotic Surgery Giant Intuitive Discloses CyberattackThe company says some of its internal business applications were accessed after an employee fell victim to a phishing attack. The post Robotic Surgery Giant Intuitive Discloses Cyberattack appeared first on SecurityWeek .SECURITYWEEK.COM
17 MarLeakNet Ransomware Uses ClickFix via Hacked Sites, Deploys Deno In-Memory LoaderThe ransomware operation known as LeakNet has adopted the ClickFix social engineering tactic delivered through compromised websites as an initial access method. The use of ClickFix, where users are tricked into manually running malicious commands to address non-existent errors, i…THEHACKERNEWS.COM
17 MarEurope sanctions Chinese and Iranian firms for cyberattacksThe European Union Council has announced sanctions against three entities and two individuals for their involvement in cyberattacks targeting critical infrastructure in the region. [...]BLEEPINGCOMPUTER.COM
16 MarOpenClaw AI Agents Vulnerable to Indirect Prompt Injection, Causing Data LeaksOpenClaw AI agents are facing significant security scrutiny following a recent CNCERT warning about insecure defaults and prompt-injection vulnerabilities. The most critical risk for defenders is not just abstract model confusion, but the ability of an attacker to turn normal AI …GBHACKERS.COM
16 MarIBM Discovers ‘Slopoly’ AI-Generated Malware Linked to Hive0163 RansomwareRansomware group Hive0163 is experimenting with a likely AI-generated malware framework, dubbed “Slopoly,” marking a visible shift toward AI-assisted tooling in attacks. While the malware itself is simple, its use shows how quickly threat actors can now generate and iterate on cu…GBHACKERS.COM
16 MarWeb Shells, Tunnels, and Ransomware: Dissecting a Warlock AttackWarlock continues to enhance its attack chain with new tactics to improve persistence, lateral movement, and defense evasion using an expanded toolset: TightVNC Yuze, and a persistent BYOVD technique leveraging the NSec driver.TRENDMICRO.COM
16 MarGoogle Unveils Android 17 Advanced Protection Mode to Stop Malicious ServicesGoogle is preparing to launch Android 17, introducing a comprehensive suite of new features aimed at fundamentally improving device security, user privacy, and performance debugging. At the forefront of this release is the highly anticipated Android Advanced Protection Mode (AAPM…GBHACKERS.COM
16 MarGoogle Looker Studio Vulnerabilities Allow Attackers to Exfiltrate Data from Google ServicesTenable Research recently uncovered “LeakyLooker,” a critical set of nine novel cross-tenant vulnerabilities within Google Looker Studio that enabled attackers to silently exfiltrate or modify sensitive data across various Google Cloud Platform services. Following responsible dis…GBHACKERS.COM
16 MarChina-Linked Hackers Hit Asian Militaries in Patient Espionage OperationThe state-sponsored hackers deployed custom tools and stayed dormant in the compromised environments for months. The post China-Linked Hackers Hit Asian Militaries in Patient Espionage Operation appeared first on SecurityWeek .SECURITYWEEK.COM
16 MarCyberattack Hits Poland’s Nuclear Research CenterPoland’s National Centre for Nuclear Research recently experienced a targeted cyberattack aimed at its IT infrastructure. Security teams successfully thwarted the intrusion before malicious actors could compromise critical systems or access sensitive data. The facility, whi…GBHACKERS.COM
16 MarCamelClone Uses Public File-Sharing Sites in Government CyberattacksA new cyber espionage campaign dubbed Operation CamelClone, targeting government and strategic sectors across several geopolitically significant regions. The campaign abuses legitimate tools and public file‑sharing platforms to deliver malware and steal sensitive data, making it …GBHACKERS.COM
16 MarPoland's nuclear research centre targeted by cyberattacksubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/polands-nuclear-research-centre-targeted-by-cyberattack/SH.ITJUST.WORKS
16 MarSecurity Firm Executive Targeted in Sophisticated Phishing AttackThe attackers used a DKIM-signed phishing email, trusted redirect infrastructure, compromised servers, and Cloudflare-protected phishing pages. The post Security Firm Executive Targeted in Sophisticated Phishing Attack appeared first on SecurityWeek .SECURITYWEEK.COM
16 MarStryker attack wiped tens of thousands of devices, no malware neededLast week's cyberattack on medical technology giant Stryker was limited to its internal Microsoft environment and remotely wiped tens of thousands of employee devices. [...]BLEEPINGCOMPUTER.COM
16 Mar2025 Identity Threat Landscape Report: Inside the Infostealer Economy: Credential Threats in 2025Recorded Future's 2025 Identity Threat Landscape Report analyzes hundreds of millions of compromised credentials to reveal how infostealer malware is evolving, which systems attackers are targeting, and what security teams must do to get ahead of credential-based breaches.RECORDEDFUTURE.COM
15 MarBaydöner - 1,266,822 breached accountsIn March 2026, the Turkish restaurant chain Baydöner suffered a data breach which was subsequently published to a public hacking forum . The incident exposed over 1.2M unique email addresses along with names, phone numbers, cities of residence and plaintext passwords. A small num…HAVEIBEENPWNED.COM
15 MarLoblaw Data Breach Impacts Customer InformationPersonal information such as names, email addresses, and phone numbers was accessed by hackers. The post Loblaw Data Breach Impacts Customer Information appeared first on SecurityWeek .SECURITYWEEK.COM
🕵️ THREAT INTELLIGENCE 1627[+]
12 JunNew infosec products of the week: June 12, 2026Here’s a look at the most interesting products from the past week, featuring releases from AISLE, Drata, Elastic, Filigran, IDnow, and Ridge Security. RidgeBot 7.0 automates Active Directory attack simulations for security validation Ridge Security has announced the release of Ri…HELPNETSECURITY.COM
12 JunAI sovereignty makes data centers strategic targets for cyber operationsData centers built for frontier AI draw hundreds of megawatts of electricity and large volumes of cooling water from fixed locations with known addresses. Each one concentrates tens of thousands of graphics processors, liquid cooling systems, and high-density power equipment insi…HELPNETSECURITY.COM
12 JunProduct showcase: Avast One turns scam screenshots into actionable security adviceAvast One Free combines privacy, security, identity monitoring, and performance tools in a single platform. The app is available for Windows, macOS, Android, and iOS. Checking the device for security and privacy issues After installing it from the App Store, I ran Smart Scan, whi…HELPNETSECURITY.COM
12 JunEurope’s digital identity wallet gets its first set of standardsPeople across the European Union already use their phones for banking, travel, and government services. The European Digital Identity Wallet will bring those activities into one application, and the European Telecommunications Standards Institute (ETSI) has released the first sta…HELPNETSECURITY.COM
12 JunZeroFox releases AI Analytics to bring answers directly to security teamsZeroFox launched ZeroFox AI Analytics, a new platform capability that gives security teams real-time visibility into the signals, patterns, and trends shaping their external threat landscape. ZeroFox AI Analytics gives security teams the ability to move beyond static reports and …HELPNETSECURITY.COM
12 JunThe assembly line behind 1.5 million malicious domainsAttackers registered roughly 1.5 million malicious domains during the first five months of 2026. The registration patterns resemble industrial output. Most of the domains were created by attackers, put to use within weeks, and concentrated among a small set of registrars, top-lev…HELPNETSECURITY.COM
12 JunAnthropic Disputes Fable 5 AI JailbreakAn AI hacker claims to have achieved a prompt-based jailbreak shortly after Fable 5’s launch, but Anthropic says it’s not a real jailbreak. The post Anthropic Disputes Fable 5 AI Jailbreak appeared first on SecurityWeek .SECURITYWEEK.COM
12 JunCybercriminals are moving away from mass phishing campaignsPhishing activity declined by roughly 20% in both 2024 and 2025, according to research from Zscaler’s ThreatLabz team. The drop followed years of growth that pushed phishing activity above 2 billion hits in 2023. “Phishing volume measured by blocked emails is no longe…HELPNETSECURITY.COM
12 JunBernie Sanders’ AI Sovereign Wealth Fund PlanLet no one accuse Bernie Sanders of ducking the big questions. Writing in the New York Times last week, the senator asked : “Will the future of humanity be determined by a handful of billionaires who have promoted and developed AI, with virtually no democratic input, who st…SCHNEIER.COM
12 JunRethinking MDR as Attackers and Defenders Embrace AIFor most of the past decade, managed detection and response was the answer to a real problem. Security teams couldn't staff around the clock, couldn't hire enough analysts, and needed someone else to handle the alert queue. MDR stepped in. It worked well enough. Until now. The th…THEHACKERNEWS.COM
12 JunCyberCorps is adapting to AI. The budget isn’t keeping up.CyberCorps is evolving to tackle AI threats. But budget cuts could derail it before the work even starts. The post CyberCorps is adapting to AI. The budget isn’t keeping up. appeared first on CyberScoop .CYBERSCOOP.COM
12 JunIranian Cyber Group Handala Claims Cal Water HackThe hackers published 5GB of data, including customer personal information and credentials for the RTKBase platform. The post Iranian Cyber Group Handala Claims Cal Water Hack appeared first on SecurityWeek .SECURITYWEEK.COM
12 JunISC Stormcast For Friday, June 12th, 2026 https://isc.sans.edu/podcastdetail/9970, (Fri, Jun 12th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
12 JunIndustry Reactions to Claude Fable 5: Feedback FridayIndustry professionals comment on various aspects of Fable 5, including dual-use capabilities, safeguards, and tiered access. The post Industry Reactions to Claude Fable 5: Feedback Friday appeared first on SecurityWeek .SECURITYWEEK.COM
12 JunGoogle sues China-based scammers over Gemini AI abuseGoogle has filed a lawsuit against Outsider Enterprise, a China-based cybercrime network for using AI tools, including Gemini, to build phishing websites and scam infrastructure. The company said the operation has affected “hundreds of thousands of victims,” with loss…HELPNETSECURITY.COM
12 JunNavigating the New Federal Logging Mandate | OMB Memorandum M-26-14The White House Memorandum puts in place an “adaptive framework,” where agencies make risk-based, prioritized logging decisions.WIZ.IO
12 JunIt’s Mythos’ world now. How do we live in it?Anthropic's powerful model raises difficult questions about how government and industry should work together to safeguard systems in the AI era.CYBERSECURITYDIVE.COM
12 JunResearcher uses AI to hack Google and collect $500,000 in bountiesSecurity researcher Arvin Shivram has revealed how a custom AI-powered testing system uncovered dozens of vulnerabilities across Google's vast API ecosystem, earning more than $500,000 in bug bounty rewards. The findings included access control failures affecting Google Voice, Wi…CYBERINSIDER.COM
12 JunUS, France, and Italian authorities shut down massive deepfake porn siteThe website specialized in non-consensual sexual images of famous women, including politicians, first ladies, royalty, journalists, television presenters, athletes, and entertainers, and others. The post US, France, and Italian authorities shut down massive deepfake porn site app…CYBERSCOOP.COM
12 JunMisconfigured Tor hidden services leak IP addresses and server dataTor hidden services are designed to conceal a website's real location and IP address, allowing operators to remain anonymous while serving content through the Tor network. However, a new report from SOS Intelligence researcher Amir Hadzipasic shows that simple configuration mista…CYBERINSIDER.COM
12 JunChina-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a DecadeInstead of hiding on the laptops and servers defenders watch most closely, a China-nexus group spent close to a decade hidden inside the Linux login system itself. Sygnia, which tracks the group as Velvet Ant, says it backdoored the PAM and OpenSSH components that decide who is a…THEHACKERNEWS.COM
12 JunFriday Squid Blogging: Squid-Inspired Fluid PumpThis fluid pump was inspired by the way squids propel themselves through the water. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.SCHNEIER.COM
12 JunPhones, Sarlaccs, Maine, Chinese Sites, Ivanti, Bitlocker, Peoplesoft, and More - SWN #589Bad Phones, Sarlaccs, Maine, Chinese Sites, Ivanti, GreatXML, Bitlocker, Peoplesoft, Josh Marpet, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-589YOUTUBE.COM
12 JunFBI takes down massive China-based cybercrime network that caused $1.9B in lossesOutsider provided phishing kits and infrastructure for cybercriminals to scam victims with lures claiming they missed packages, had unpaid tolls or parking violations. The post FBI takes down massive China-based cybercrime network that caused $1.9B in losses appeared first on Cyb…CYBERSCOOP.COM
12 JunTracing Digital Intent: New MacOS Tahoe 26 Artifact DiscoveredUnit 42 has discovered a new macOS Tahoe 26 forensic artifact that tracks user menu selections across the operating system. Learn more here. The post Tracing Digital Intent: New MacOS Tahoe 26 Artifact Discovered appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
11 JunChinese, N. Korean Threat Groups Build on Asia-Pacific SuccessNorth Korea's gross domestic product (GDP) has grown, in part because of the cybercrime gains of groups linked to the nation, which target business and financial firms.DARKREADING.COM
11 JunISC Stormcast For Thursday, June 11th, 2026 https://isc.sans.edu/podcastdetail/9968, (Thu, Jun 11th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
11 JunOrganizations can’t see much of their mobile AI activityOrganizations have limited visibility into AI activity on mobile devices despite security leaders expressing confidence in their AI governance, according to Lookout’s “Solving for the Mobile AI Blind Spot: Executive Confidence Meets Technical Reality” report. Mo…HELPNETSECURITY.COM
11 JunThreat actors are recruiting the people who hold cloud loginsCompanies keep most of their data and applications in cloud platforms that anyone can reach with the right login. That setup turns each employee holding those credentials into a security variable, and members of the cybercrime underground have built methods to reach those people.…HELPNETSECURITY.COM
11 JunMaking the cloud prove it followed your privacy wishesMaking companies that store personal data in cloud key-value databases handle deletion requests by running the operation and confirming the job is complete. The people making those requests and the regulators overseeing them have had limited means to confirm the data is gone or t…HELPNETSECURITY.COM
11 JunCheck Point expands MSP platform with with AI governance and unified security bundlesCheck Point has announced a major expansion of its Managed Service Provider (MSP) platform, designed to help MSPs secure AI adoption, streamline operations and simplify managed security delivery. The announcement brings together three strategic innovations under a single MSP visi…HELPNETSECURITY.COM
11 JunIDnow launches Trust Platform to help regulated firms move from KYC to continuous trustIDnow has announced the launch of the IDnow Trust Platform, designed to help regulated organisations orchestrate identity verification, fraud prevention, biometric authentication, and qualified digital trust services throughout the customer lifecycle. “The identity industry…HELPNETSECURITY.COM
11 Jun9 out of 10 people can no longer distinguish real from AI-generated contentOnline fraud is becoming harder to distinguish from legitimate activity as AI-generated messages, voices, photos, reviews, and identities become more convincing. Nearly nine in ten adults say they can no longer tell what is real from AI-generated content, according to the latest …HELPNETSECURITY.COM
11 JunOceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt AttackThe Vietnam-aligned threat actor known as OceanLotus has been attributed to two distinct campaigns that targeted domestic entities and stock investors with a backdoor known as SPECTRALVIPER. The campaigns involve a prolonged cyber espionage operation aimed at a Vietnamese infrast…THEHACKERNEWS.COM
11 JunTrust No Skill: Integrity Verification for AI Agent Supply ChainsProtect enterprise AI agents from supply chain risks by auditing third-party skills for hidden vulnerabilities and multi-stage attack chains. The post Trust No Skill: Integrity Verification for AI Agent Supply Chains appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
11 JunFBI seizes 13 websites linked to alleged Chinese intelligence-gathering effortFederal authorities have seized 13 internet domains allegedly used to target current and former U.S. government employees and military personnel with access to classified and sensitive information. The post FBI seizes 13 websites linked to alleged Chinese intelligence-gathering e…HELPNETSECURITY.COM
11 JunSiemens Says Desigo CC Files Flagged as Malware by Security EnginesA PowerShell script included in patch files appears to be triggering false positives by multiple security engines. The post Siemens Says Desigo CC Files Flagged as Malware by Security Engines appeared first on SecurityWeek .SECURITYWEEK.COM
11 JunFBI Seizes 13 Websites That Officials Say Were Used by China to Target and Recruit US WorkersThe 13 websites purported to be affiliated with consulting companies that advertised job openings for current and former holders of security clearances The post FBI Seizes 13 Websites That Officials Say Were Used by China to Target and Recruit US Workers appeared first on Securit…SECURITYWEEK.COM
11 JunOnyxC2 Stealer Offers Cybercriminals Enterprise-Grade Theft for $250 a MonthResearchers say the OnyxC2 malware targets more than 200 applications and extensions while evading detection through encrypted payloads, DLL sideloading, and in-memory execution techniques. The post OnyxC2 Stealer Offers Cybercriminals Enterprise-Grade Theft for $250 a Month appe…SECURITYWEEK.COM
11 JunAlert Fatigue Is Becoming a Security Threat of Its OwnAs alert volumes outpace human capacity, organizations are turning to AI, automation, and deeper context to separate real threats from the noise. The post Alert Fatigue Is Becoming a Security Threat of Its Own appeared first on SecurityWeek .SECURITYWEEK.COM
11 JunFake Spotify Premium tutorials on TikTok and Instagram Reels spread malwareCybercriminals are using TikTok and Instagram Reels videos to spread Vidar, an infostealer malware, through fake downloads for popular paid software, according to ReversingLabs. The researchers uncovered two campaigns behind the activity, each using a different approach to draw i…HELPNETSECURITY.COM
11 JunProxmox releases Mail Gateway 9.1 with quarantine and backup encryption changesProxmox Mail Gateway 9.1 adds updated system components, changes to the spam quarantine interface, and encryption for backups. It works as a mail proxy positioned between the firewall and internal mail servers, screening incoming and outgoing traffic for spam, viruses, Trojans, a…HELPNETSECURITY.COM
11 JunMaking secret scanning more trustworthy: Reducing false positives at scaleAlerts are more trustworthy and actionable when noise is reduced. See how we improved the verification step with context-aware LLM reasoning. The post Making secret scanning more trustworthy: Reducing false positives at scale appeared first on The GitHub Blog .GITHUB.BLOG
11 JunHacker linked to Void Blizzard faces charges over cyberespionage campaignDenis Obrezko, 36, made his initial appearance in federal court in Boston on Tuesday after being transferred to U.S. custody from Thailand, where he was arrested last November.THERECORD.MEDIA
11 JunEnterprises report increasing budgets for security training in AI and other critical topicsFinding the time to train employees remains the biggest impediment to programs’ success, according to a new report.CYBERSECURITYDIVE.COM
11 JunFIFA World Cup expected to face extensive criminal, hacktivist cyber threatsResearchers warn that thousands of malicious domains are already in place, as fans, tournament organizers face potential attacks.CYBERSECURITYDIVE.COM
11 JunHundreds of iPhone apps found leaking OpenAI, Gemini credentialsAn academic study has found that LLM-powered iOS applications routinely expose API credentials that can be abused to access AI services. Researchers discovered that nearly two-thirds of tested apps leaked credentials or exposed backend access mechanisms, with many vulnerabilities…CYBERINSIDER.COM
10 JunISC Stormcast For Wednesday, June 10th, 2026 https://isc.sans.edu/podcastdetail/9966, (Wed, Jun 10th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
10 JunCyber resilience metrics that drive actionIn this Help Net Security video, Pete Bowers, COO at NormCyber, explains how organizations can build a cyber resilience metrics program that supports better decisions. He questions common ways of measuring resilience, such as risk registers, tool scores, and annual tests, and poi…HELPNETSECURITY.COM
10 JunThe security in smartphones is helping send them to landfillsBillions of working smartphones reach the end of their service lives each year and move into drawers, recycling streams, and waste piles. The WEEE Forum estimated that 5.3 billion mobile phones became electronic waste in 2022. Many of these devices still function. The average sma…HELPNETSECURITY.COM
10 JunHow has use of framing protection security headers changed in the past 3 years?, (Wed, Jun 10th)Back in 2023, I wrote a diary[ 1 ] discussing how commonly X-Frame-Options and CSP headers containing the frame-ancestors directive were used on 1 million most popular domains on the internet (based on the Tranco list[ 2 ]), and how they were set. Given that t…ISC.SANS.EDU
10 JunEvery set of AI guardrails can be broken by the right promptCompanies that build AI systems wrap them in guardrails meant to block harmful output, including deepfakes, malware, and instructions for making biological weapons or illicit drugs. When a user prompts the system for such content, the guardrails are designed to flag the request a…HELPNETSECURITY.COM
10 JunApple extends Private Cloud Compute to third-party data centersApple is bringing its Private Cloud Compute (PCC) platform to Google Cloud, expanding the infrastructure behind Apple Intelligence to third-party data centers. Introduced in 2024, PCC provides cloud-based processing for AI workloads that exceed the capabilities of on-device model…HELPNETSECURITY.COM
10 JunAnthropic’s Claude Fable 5 is out for public use, with safeguards for high-risk requestsDays after publishing research on how advanced AI systems could amplify cyber operations in the wrong hands, Anthropic released Claude Fable 5, a Mythos-class model for general use. “Releasing a model this capable comes with risks. Without safeguards, Fable 5’s capabilities in ar…HELPNETSECURITY.COM
10 JunSignal and Mullvad warn about the UK’s plans to scan people’s phonesThe encrypted messaging platform Signal and privacy-focused VPN provider Mullvad have sharply criticized a new UK government proposal that would require technology companies to block children from taking, sharing, or viewing nude images on smartphones and tablets. Both companies …CYBERINSIDER.COM
10 JunNSO Group Hacking WhatsApp Despite Court OrderWhatsApp has caught the NSO Group phishing its users, in violation of a court order.SCHNEIER.COM
10 JunAfter AI Reaches Production: 12 Ways Security Teams Can Take ControlSecurity teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production. The post After AI Reaches Production: 12 Ways Security Teams Can Take Control appeared first on SecurityWeek .SECURITYWEEK.COM
10 JunBuilding reusable workflows with custom agents in Copilot CLIDevelopers spend much of their working time in the terminal, generating commands, debugging issues, and running scripts close to their systems. Repeated terminal work tends to pile up small steps such as re-running the same commands, re-explaining context, and translating logs in…HELPNETSECURITY.COM
10 JunCritical HVAC and UPS Vulnerabilities Could Let Hackers Disrupt Data CentersClaroty researchers have analyzed the security of Vertiv UPS network cards and the Trane Tracer SC+ HVAC controller. The post Critical HVAC and UPS Vulnerabilities Could Let Hackers Disrupt Data Centers appeared first on SecurityWeek .SECURITYWEEK.COM
10 JunCISO Forum Webinar Today: 2026 Mid-Year ReviewLearn more about protecting against unmonitored use of generative AI (Shadow AI) in business units and building and enforcing AI governance frameworks. The post CISO Forum Webinar Today: 2026 Mid-Year Review appeared first on SecurityWeek .SECURITYWEEK.COM
10 JunNew Browser-in-the-Browser phishing uses fake login popups to steal Microsoft 365 credentialsA new Browser-in-the-Browser (BitB) phishing campaign is targeting Microsoft 365 users with fake login popups designed to closely mimic legitimate browser authentication windows, according to Palo Alto Networks Unit 42. The attack relies on a fake browser window embedded within a…HELPNETSECURITY.COM
10 JunCyera Raises $600 Million at $12 Billion ValuationCyera is positioned as one of the most valuable privately held cybersecurity firms in the world with total funding topping $2 billion. The post Cyera Raises $600 Million at $12 Billion Valuation appeared first on SecurityWeek .SECURITYWEEK.COM
10 JunDrata brings visibility, control and auditability to enterprise AI agentsDrata has introduced AI Agent Governance, a new security category focused on managing the risks and oversight requirements of AI agents, while extending its trust platform to support enterprise adoption of autonomous AI systems. While McKinsey finds 57% of business leaders cite g…HELPNETSECURITY.COM
10 JunNew Intel 471 assessment helps organizations measure CTI program maturityIntel 471 has announced its new Cyber Threat Intelligence (CTI) Maturity Pulse Check, a free, lightweight self-assessment for practitioners based on the Cyber Threat Intelligence Capability Maturity Model (CTI-CMM v1.3). The CTI Maturity Pulse Check offers a quick, structured way…HELPNETSECURITY.COM
10 JunCompanies are failing to keep up with AI’s identity sprawl, creating entry points for hackersThree-quarters of organizations say they aren’t fully overseeing the activities of user accounts belonging to agents and other AI tools.CYBERSECURITYDIVE.COM
10 JunFake Software Tutorials on TikTok Spread Vidar StealerThreat actors push fake free-software tutorials on TikTok and Instagram to spread Vidar stealerINFOSECURITY-MAGAZINE.COM
10 JunChina-linked JDY botnet expands targeting of U.S. military networksThe JDY botnet, a malware network previously associated with Chinese threat actors like Volt Typhoon, has significantly expanded its targeting scope and reconnaissance efforts. [...]BLEEPINGCOMPUTER.COM
10 JunChina-Linked JDY Botnet Expands to 1,500+ Devices for Cyber ReconnaissanceCybersecurity researchers have warned of a "resurgence and expansion" of JDY, a covert network associated with China-nexus state-sponsored threat actors. "The JDY botnet comprises over 1,500 SOHO [small office and home office] and IoT devices and operates as a centrally controlle…THEHACKERNEWS.COM
10 JunNorth Koreans behind nearly half of US tech industry hacks, says CrowdStrikeNorth Koreans hackers posing as remote IT workers and recruiters remain a major threat to U.S., European, and Asian companies, accounting for about half of all attacks over the past 12 months.TECHCRUNCH.COM
10 JunOpenAI: ‘Likely’ Chinese influence operation tried to use ChatGPT to stir debate on data centersThe company says there’s little evidence it influenced any real policy discussion. The post OpenAI: ‘Likely’ Chinese influence operation tried to use ChatGPT to stir debate on data centers appeared first on CyberScoop .CYBERSCOOP.COM
10 JunMaking the Business Case for Your CTI BudgetThe 2026 SANS Cyber Threat Intelligence Survey confirms that CTI is considered essential at the executive level. Can your CISO see how the CTI program is shaping decisions and measurably reducing risk?INTEL471.COM
9 JunISC Stormcast For Tuesday, June 9th, 2026 https://isc.sans.edu/podcastdetail/9964, (Tue, Jun 9th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
9 JunThe security questions around Chinese AI coding models in U.S. softwareSoftware developers across the United States are using AI models built in China to write, debug, and review code, drawn by prices below those of American alternatives. These models carry risks for the security of American software, according to a report from Booz Allen Hamilton, …HELPNETSECURITY.COM
9 JunApple expands what parents can block, approve, and limitApple has previewed a set of new child safety features coming to iPhone, iPad, and the Mac later this year, expanding parental controls with tools that help families manage app access, web browsing, communication, and screen time. The features will arrive with updates to iOS 27, …HELPNETSECURITY.COM
9 JunApple Intelligence expands to Google infrastructure with privacy safeguardsApple has announced an expansion of its Private Cloud Compute (PCC) platform, extending the privacy-focused infrastructure behind Apple Intelligence beyond the company's own data centers for the first time. The move will allow certain AI workloads to run on Google Cloud systems p…CYBERINSIDER.COM
9 JunOver 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain AttacksThe most recent variants of the self-propagating attacks are named Miasma and Hades. The post Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
9 JunFiligran launches XTM One to automate CTEM with AI agentsFiligran has announced XTM One, an AI-native agentic layer that automates Continuous Threat Exposure Management (CTEM) workflows across the Filigran XTM Platform. XTM One introduces a dedicated AI orchestration layer that connects OpenCTI and OpenAEV into a single, continuous wor…HELPNETSECURITY.COM
9 JunRockwell Automation adds AI-powered security tools to SecureOT SuiteRockwell Automation has announced the launch of three enhanced offerings within the SecureOT solution suite: OT Cybersecurity Assessment Suite, SecureOT Platform Managed Services and Managed Secure Remote Access (MSRA). Facing an increasing volume of alerts and limited visibility…HELPNETSECURITY.COM
9 JunGPS As a Key Distribution PlatformThis is interesting: The U.S. military has likely been quietly broadcasting codes for its global encryption network using public GPS for nearly 20 years, turning each satellite into a hidden “numbers station,” according to Steven Murdoch… That means every device…SCHNEIER.COM
9 JunIT sector faces growing threats from IP-hungry China, AI-enabled cybercriminalsBusinesses also need to watch out for North Korean remote IT worker schemes, according to a new CrowdStrike report.CYBERSECURITYDIVE.COM
9 JunAnthropic’s new model is Mythos on a leashClaude Fable 5 offers Mythos-level performance for most tasks with safeguards on sensitive topics. Anthropic claims testing found no universal jailbreaks. Whether that actually holds up in practice is harder to predict. The post Anthropic’s new model is Mythos on a leash ap…CYBERSCOOP.COM
9 JunAnthropic Launches Claude Fable 5: Mythos-Class AI With Cybersecurity GuardrailsThe AI giant also announced that Project Glasswing partners are being given access to the upgraded Mythos 5. The post Anthropic Launches Claude Fable 5: Mythos-Class AI With Cybersecurity Guardrails appeared first on SecurityWeek .SECURITYWEEK.COM
9 JunAdobe Patches 123 VulnerabilitiesNearly half of the security holes, most allowing arbitrary code execution, have been fixed in Adobe’s Experience Manager product. The post Adobe Patches 123 Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
9 JunWhy Teams Disable MFAHigh-profile social media accounts reportedly lacked MFA protection despite being obvious targets. The speakers argue that shared team access may be one reason why. Many authentication systems are designed around a single user, but modern organizations often have marketing teams,…YOUTUBE.COM
9 JunReconstructing AI activity in investigationsLearn how to investigate AI activity in Microsoft 365 Copilot and Azure AI services using a structured, telemetry-driven approach. This playbook helps security teams reconstruct events, assess data exposure, and detect potential threats faster. The post Reconstructing AI activity…MICROSOFT.COM
9 JunGeinbot, SolarWinds, Brave, UNK_Deaddrop, durabletask, Insta, Aaran Leyland - SWN #588Geinbot, SolarWinds, Brave, UNK_Deaddrop, durabletask, Insta, Aaran Leyland, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-588YOUTUBE.COM
9 JunThe Free AI Era EndsMore than a billion people are using AI platforms, and most aren’t paying for them. The original business model assumed free users would eventually convert into paid subscribers, but adoption hasn’t fully translated into revenue. Large AI systems consume enormous amounts of compu…YOUTUBE.COM
9 JunBlinding the Watchmen: Abusing Cloud Logging Services for Defense Evasion and VisibilityUnit 42 research examines attack scenarios targeting cloud logging services. Learn how to defend against log manipulation and defense evasion. The post Blinding the Watchmen: Abusing Cloud Logging Services for Defense Evasion and Visibility appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
8 JunISC Stormcast For Monday, June 8th, 2026 https://isc.sans.edu/podcastdetail/9962, (Mon, Jun 8th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
8 JunGitHub Copilot app launches as desktop home for AI coding agentsGitHub introduced the Copilot app, a desktop application built for working with AI coding agents, at Microsoft Build 2026. The release expands GitHub’s Copilot product line beyond editor integrations and command-line tools into a dedicated workspace for directing several ag…HELPNETSECURITY.COM
8 Jun52% of direct-to-IP threats are missing from intelligence feedsSecurity tools are good at inspecting websites, domains, URLs, and files, so attackers are moving lower in the stack and communicating directly with IP addresses, where visibility is limited. According to Palo Alto Networks’ report, this creates a visibility gap that allows…HELPNETSECURITY.COM
8 JunOpenAI Rolling Out ChatGPT Account Security ControlsThe Active Sessions and Lockdown Mode features are being made more broadly available by the AI giant. The post OpenAI Rolling Out ChatGPT Account Security Controls appeared first on SecurityWeek .SECURITYWEEK.COM
8 JunSamsung just made Galaxy phones more secure in One UI 9 betaSamsung’s One UI 9 beta integrates Lockdown mode into the power menu. This is the screen that contains Power off, Restart, and emergency options. Opening it initiates Lockdown mode, disabling biometric authentication. “We tried it out on the Galaxy S26 Ultra running on One …HELPNETSECURITY.COM
8 JunVerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux AppliancesA China-nexus cyber espionage group has been observed deploying a BSD variant of a known backdoor called BRICKSTORM, as well as two other malware families codenamed PLENET (aka GRIMBOLT) and AGENTPSD to target Linux systems. The activity has been attributed by Volexity to a threa…THEHACKERNEWS.COM
8 JunAnthropic’s Project Glasswing UpdateIn April, Anthropic initated Project Glasswing . The idea was to let companies use their new model to find and fix vulnerabilities in their own software. It was a fantastic PR move, and so many press outlets have uncritically parroted Anthropic’s claims that it’s now …SCHNEIER.COM
8 Jun1Password to add YubiKey PIN support to address reported security gap1Password has announced plans to add support for PIN-protected YubiKeys in its desktop applications after a customer identified a limitation that prevented certain hardware security key configurations from working. The company says the feature will arrive in an upcoming beta rele…CYBERINSIDER.COM
8 JunWhatsApp says it caught NSO attempting to spy on users againWhatsApp says it has disrupted new social engineering campaigns linked to Israeli spyware maker NSO Group and is now asking a US federal court to hold the company in contempt for violating a permanent injunction that barred it from targeting its users. The company also published …CYBERINSIDER.COM
8 JunCybersecurity M&A Roundup: 26 Deals Announced in May 2026Significant cybersecurity M&A deals announced by Akamai, Check Point, Cisco, Cyera, Dragos, WatchGuard and Zscaler. The post Cybersecurity M&A Roundup: 26 Deals Announced in May 2026 appeared first on SecurityWeek .SECURITYWEEK.COM
8 JunWhatsApp Catches Spyware Firm NSO Defying No-Hacking Court OrderThe Meta-owned communications app is filing a federal court contempt order against NSO. The post WhatsApp Catches Spyware Firm NSO Defying No-Hacking Court Order appeared first on SecurityWeek .SECURITYWEEK.COM
8 JunThe SIEM Problem Nobody SolvedSIEM correlation has been a core promise in cybersecurity for years, but building reliable correlations across multiple detections is still extremely difficult. Different organizations use different security stacks, which means correlation rules rarely translate cleanly between e…YOUTUBE.COM
8 JunNorth Korean Hackers Use Fake Coding Tasks to Steal CryptoNorth Korean actor UNK_DeadDrop targeted developers with fake coding tasks to steal cryptoINFOSECURITY-MAGAZINE.COM
8 JunCyber insurance policyholders facing heavier scrutiny in underwriting, claimsA multiyear lull in insurance rates and insurers’ over-dependence on large U.S. policyholders have led to more restrictions and exclusions in coverage.CYBERSECURITYDIVE.COM
8 JunCompanies aren’t prepared for how AI is accelerating impersonation attacksBusinesses generally aren’t taking a proactive enough approach to blocking schemes that spoof their leaders’ identities, according to a new report.CYBERSECURITYDIVE.COM
8 JunEverybody Is Vibe Coding But Nobody Told the Security TeamAI-driven development is not something organizations can or should block. But it must be governed. The post Everybody Is Vibe Coding But Nobody Told the Security Team appeared first on SecurityWeek .SECURITYWEEK.COM
8 JunCritical Infrastructure: The Risk Hiding in Plain Sight - Jason Manar - CSP #225In this episode, former FBI cyber leader Jason Manar joins us to unpack the state of critical infrastructure security and why small and medium-sized businesses are more connected to it than they realize. From power, telecom, healthcare, finance, and supply chains, Jason explains …YOUTUBE.COM
8 JunFake X-VPN installer deploys STX RAT malware on unsuspecting usersAn active malware distribution campaign employs a fake X-VPN installer to deploy the STX RAT in memory and steal credentials from victims. The campaign was documented by Cyderes threat researchers, who say the operation remained active after earlier disclosures, with the perpetra…CYBERINSIDER.COM
8 JunMeta accuses NSO Group of defying spyware injunction, files contempt of court complaintThe company said it spotted a spearphishing campaign linked to the Israeli spyware maker targeting WhatsApp users, despite a court order prohibiting it. The post Meta accuses NSO Group of defying spyware injunction, files contempt of court complaint appeared first on CyberScoop .CYBERSCOOP.COM
8 JunA Security Raises $37 Million for Autonomous Offensive Security PlatformThe company founded by Yossi Torati, Omer Gull, and Yuval Itzchakov has emerged from stealth mode. The post A Security Raises $37 Million for Autonomous Offensive Security Platform appeared first on SecurityWeek .SECURITYWEEK.COM
8 JunMeta claims NSO Group still targets WhatsApp users despite court orderMeta claims it disrupted spear-phishing attempts linked to NSO Group and is asking a US federal court to hold the spyware vendor in contempt for allegedly violating an injunction that bars it from targeting WhatsApp and its users. “We successfully disrupted NSO-linked social engi…HELPNETSECURITY.COM
8 JunAI brands as bait: How threat actors are using the AI hype in social engineeringAs threat actors operationalize AI to accelerate attacks, they are also leveraging the wider global interest around AI itself as a social engineering lure. The post AI brands as bait: How threat actors are using the AI hype in social engineering appeared first on Microsoft Securi…MICROSOFT.COM
8 JunWhen “Hi, This Is IT” Comes Through Microsoft TeamsAttackers are increasingly targeting collaboration platforms like Microsoft Teams. Learn the risks and key steps to strengthen your organization's security. The post When “Hi, This Is IT” Comes Through Microsoft Teams appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
7 JunSpoofing ships, jamming drones: how GPS manipulation confuses and compromises.GPS constellations have become foundational in modern society supporting everything from navigation to financial services, making the impacts of GPS disruptions all the more concerning. As reliance on these systems have grown, so too have efforts by threat actors to disrupt them …THECYBERWIRE.COM
6 JunYou've been muted...permanently.Ismael Valenzuela, Arctic Wolf’s VP of Labs, Threat Research and Intelligence, discusses their work on "BlueNoroff Uses ClickFix, Fileless PowerShell, and AI-Generated Fake Zoom Meetings to Target Web3 Sector." Arctic Wolf researchers uncovered a sophisticated campaign by Nor…THECYBERWIRE.COM
6 JunOpal Security Raises $23 Million for AI-Native Identity GovernanceRaising $59 million to date, Opal also announced five senior leadership appointments. The post Opal Security Raises $23 Million for AI-Native Identity Governance appeared first on SecurityWeek .SECURITYWEEK.COM
6 JunBanks Want Blockchain Without CryptoLarge banks are exploring “tokenized deposits” as a way to modernize banking infrastructure without converting customer funds into cryptocurrency. Instead of placing money directly on-chain, the blockchain can act as a record layer that references deposits still held inside the c…YOUTUBE.COM
5 JunThe Evil MSI Background is Back!, (Fri, Jun 5th)A few months ago, I wrote a diary about a payload that was embedded into a JPEG picture. It was a MSI-branded background[ 1 ]. Yesterday, I spotted another one! It seems that the technic is getting more and more popular. This time, it started with a mail containing…ISC.SANS.EDU
5 JunISC Stormcast For Friday, June 5th, 2026 https://isc.sans.edu/podcastdetail/9960, (Fri, Jun 5th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
5 JunFive Eyes: Chinese Spies Target Government, Military Staff With Fake Job OpportunitiesPosing as recruiters on online platforms, Chinese intelligence officers target personnel with access to classified or privileged information. The post Five Eyes: Chinese Spies Target Government, Military Staff With Fake Job Opportunities appeared first on SecurityWeek .SECURITYWEEK.COM
5 JunPhotos: Infosecurity Europe 2026Infosecurity Europe 2026 is a cybersecurity event that took place from June 2 to 4 in London. Help Net Security was on-site and here’s a closer look at the conference. The featured vendors are: Microsoft, JupiterOne, Menlo Security, Cato Networks, Falkin, Vivida, Pen Test P…HELPNETSECURITY.COM
5 JunAI agent governance gets harder when agents outnumber your peopleIn this Help Net Security video, Amit Gautam, CTO at Abluva, explains the security risks that autonomous AI agents bring into enterprise environments. He opens with a real case: a reconciliation agent at a financial services firm had legitimate access to a customer database. A po…HELPNETSECURITY.COM
5 JunMost pros have seen AI hallucinations in IT operationsAutonomous AI is taking action inside enterprise IT environments. Software is restarting services, isolating risky devices, and applying patches without waiting for a human to approve the step. The capability is spreading at the same time IT professionals are reporting frequent e…HELPNETSECURITY.COM
5 JunLet’s Encrypt works toward post-quantum certificates at web scaleLet’s Encrypt plans to pursue a post-quantum-safe Web PKI through Merkle Tree Certificates (MTCs), a new approach that adds post-quantum authentication to the web without sacrificing the speed and reliability that have made TLS universal. The project is targeting late 2026 for a …HELPNETSECURITY.COM
5 JunAI WormResearchers have prototyped an AI-powered internet worm . The coolest thing about the prototype is that it carries its own LLM with it, and runs it on computers that have been broken into. This is the closest to John Brunner’s original 1975 conception of a computer worm tha…SCHNEIER.COM
5 JunNew Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell FrameworkCybersecurity researchers have discovered a previously unreported threat cluster dubbed OP-512 that has been observed targeting Microsoft Internet Information Services (IIS) servers to deploy a bespoke web shell framework. ReliaQuest has assessed with moderate to high confidence …THEHACKERNEWS.COM
5 JunAdaptive, Agentic AI Worms Loom as Next Enterprise ThreatAI worms, or "viruses with wings and brains," adapt to new environments, seek out vulnerabilities, and will likely strike within a year, researchers say.DARKREADING.COM
5 JunSecuring CI/CD in an agentic world: Claude Code Github action caseMicrosoft Threat Intelligence identified a prompt injection pathway in Claude Code GitHub Action that allowed access to workflow secrets under specific conditions. This research examines the attack chain, responsible disclosure process, Anthropic's mitigation, and guidance for se…MICROSOFT.COM
5 JunIronWorm and New Miasma Worm Variant Hit npm in Supply Chain AttacksMultiple software supply chain attacks have hit the npm ecosystem, with threat actors using both malicious and poisoned versions of over 50 legitimate packages to distribute a Rust-based information stealer and a self-spreading worm, respectively. According to JFrog, the informat…THEHACKERNEWS.COM
4 JunISC Stormcast For Thursday, June 4th, 2026 https://isc.sans.edu/podcastdetail/9958, (Thu, Jun 4th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
4 JunThe modern-day business can learn a lot about risk from this year’s mega eventsEvery year brings its share of global events, but 2026 is proving to be a banner year for mega-scale entertainment. The year got off to a roaring start with the Winter Olympics, and now anticipation is building for the fast-approaching FIFA World Cup. But amid the buzz, have you …HELPNETSECURITY.COM
4 JunAttackers already know the secrets are on your developers’ machines. Do you?In a recent GitGuardian analysis, an average of 150 secrets were found on a sample of developer endpoints. Private keys accounted for 38% of unique secrets, while cloud, identity provider, and secret management credentials (AWS IAM, Hashicorp vault) added another 22%. Those figur…HELPNETSECURITY.COM
4 JunProduct showcase: Trend Micro Mobile Security detects scams in messages, QR codes, and websitesTrend Micro Mobile Security for iOS protects devices from potentially harmful websites while browsing, blocks ads and personal information trackers, helps users avoid unsafe Wi-Fi networks, and monitors data usage. The app is available for both iOS and Android devices. Getting St…HELPNETSECURITY.COM
4 JunETSI sets security requirements for AI data centers and cloud platformsETSI has published TS 104 033, a technical specification that defines security requirements for AI computing platforms. The specification establishes a security framework for platforms used to host AI applications in data center and edge computing environments, covering security …HELPNETSECURITY.COM
4 JunHackers Spied on a Stock Exchange Executive's Outlook Mailbox for Five MonthsUnknown attackers spent at least five months inside the Outlook mailbox of a senior executive at a major global stock exchange, copying the inbox out in small, repeated batches and routing it through Dropbox and OneDrive so the traffic blended into normal cloud activity. Symantec…THEHACKERNEWS.COM
4 JunHacking Meta’s AI ChatbotHackers are convincing Meta’s AI support chatbot to let them take over other peoples’ accounts: A video posted on X showed the step-by-step process to hack someone’s Instagram account. The hacker allegedly used a VPN to spoof the targets’ presumed location…SCHNEIER.COM
4 JunChinese Cybercrime Group in Spotlight for Record Campaign PaceRelying on social engineering, the hacking group engages in credential phishing, malware distribution, and fraud activities. The post Chinese Cybercrime Group in Spotlight for Record Campaign Pace appeared first on SecurityWeek .SECURITYWEEK.COM
4 JunOAuth marketplace apps keep access after publishers vanishInstalling an app from the Google Workspace Marketplace or GitHub Marketplace can grant a third party access to company email, files, calendars, code repositories, CI workflows, organization settings, and secrets. Marketplace presence gives these apps the appearance of approval. …HELPNETSECURITY.COM
4 JunGemini Voice Assistant Hijacked via Messaging NotificationsAttackers could have triggered dangerous actions, including controlling smart home devices via Google Home and starting Zoom video calls. The post Gemini Voice Assistant Hijacked via Messaging Notifications appeared first on SecurityWeek .SECURITYWEEK.COM
4 JunInside the race to adapt to an AI-powered security worldAI is breaking things faster than anyone can fix them. Security leaders across the industry are racing to figure out what comes next. The post Inside the race to adapt to an AI-powered security world appeared first on CyberScoop .CYBERSCOOP.COM
4 JunWebinar Today: Third-Party Risk in Practice – Where Programs Break Down and How to RespondJoin this live webinar as we examine the gap between how organizations think their third-party risk programs are performing and what’s actually happening in practice. The post Webinar Today: Third-Party Risk in Practice – Where Programs Break Down and How to Respond appeare…SECURITYWEEK.COM
4 JunWillow Raises $7 Million for Securing Autonomous AI AgentsWillow (formerly Webrix) emerged from stealth mode with an access platform designed to secure enterprise AI agents. The post Willow Raises $7 Million for Securing Autonomous AI Agents appeared first on SecurityWeek .SECURITYWEEK.COM
4 JunOffroad Emerges From Stealth With $7 Million to Tackle Enterprise Identity RiskAs AI agents, machine identities, and third-party applications multiply across enterprises, Offroad is betting autonomous security agents can restore control over an increasingly unmanageable identity landscape. The post Offroad Emerges From Stealth With $7 Million to Tackle Ente…SECURITYWEEK.COM
4 JunProton Drive adopts OpenPGP encryption, delivers 300% faster uploadsProton has announced a major cryptographic upgrade for Proton Drive that significantly improves the performance of its end-to-end encrypted cloud storage platform. The update makes encrypted file uploads up to 4x faster, while a broader overhaul of Drive's underlying architecture…CYBERINSIDER.COM
4 JunYour AI agent could become your biggest insider threatNew research details how the increasing integration of AI agents into businesses is making it easier than ever for insiders - malicious or otherwise - to put sensitive data at risk. The post Your AI agent could become your biggest insider threat appeared first on CyberScoop .CYBERSCOOP.COM
4 JunBrave launches minimalist Origin browser with only core privacy featuresBrave has officially launched Brave Origin, a new premium version of its browser designed for users who want Brave's privacy protections without the company's growing collection of integrated features. The release follows several months of testing in Nightly builds and arrives as…CYBERINSIDER.COM
4 JunUpdating the taxonomy of failure modes in agentic AI systems: What a year of red teaming taught usA surge in real-world attacks against agentic AI systems is reshaping how we think about risk. Based on 12 months of red teaming, this update introduces seven new failure modes, from supply chain compromise to goal hijacking, and the practical mitigations teams need now. The post…MICROSOFT.COM
4 JunChip Sanctions BackfireThe discussion centers on how semiconductor export restrictions may delay technological progress temporarily while simultaneously encouraging large-scale domestic investment in alternative chip ecosystems. Supply-chain restrictions can create second-order effects that extend beyo…YOUTUBE.COM
3 JunISC Stormcast For Wednesday, June 3rd, 2026 https://isc.sans.edu/podcastdetail/9956, (Wed, Jun 3rd)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
3 JunAgent Threat Rules: Open detection rule format for AI agent security threatsAI agents run inside coding assistants, MCP servers, and multi-agent frameworks, and the access that makes them useful also opens paths to prompt injection, tool poisoning, and credential theft. Public CVE feeds carry agent-execution flaws that reach production faster than the to…HELPNETSECURITY.COM
3 JunWhat CISOs need to do about post-quantum migration in the next 24 monthsIn this Help Net Security video, Garfield Jones, SVP Global Strategy and Research, QuSecure, lays out what CISOs should do over the next 24 months. A recent Google paper moved the expected arrival of a cryptographically relevant quantum computer from 2035 to 2029, leaving organiz…HELPNETSECURITY.COM
3 JunNetskope adds AI asset discovery and AISecOps agent to AI security portfolioNetskope has announced Netskope One AI Command Center, bringing together AI discovery, risk intelligence, and autonomous response capabilities in a single platform. As the latest expansion of the Netskope One AI Security suite, it helps security teams understand what AI is runnin…HELPNETSECURITY.COM
3 JunCritical Start expands MDR capabilities with multi-agent AI systemCritical Start has released SOC AI, a production-proven multi-agent framework powering its AI-led Managed Detection and Response (MDR). SOC AI coordinates ten specialized agents across the full alert investigation and response lifecycle, covering detection, triage, response, thre…HELPNETSECURITY.COM
3 JunInfosecurity Europe: Execs Must Treat Cyber Threats as Statecraft, ISACA Expert SayPrivate firms are being targeted by nation-state groups for reasons beyond finance, argued ISACA’s Bharat ThakrarINFOSECURITY-MAGAZINE.COM
3 JunMicrosoft Scout agent opens a new category of always-on AutopilotsWorkplace AI assistants have mostly waited for a prompt before doing anything. A user asks, the tool answers, and the exchange ends there. Microsoft is putting a different kind of agent inside its Office applications, one designed to keep operating in the background once a person…HELPNETSECURITY.COM
3 JunGlobal Stock Exchange Hit by Monthslong Email CampaignA threat actor got a near-continuous view into an influential finance executive's email inbox, thanks to clever use of legitimate, native Windows tools.DARKREADING.COM
3 JunAI Used to Decrypt Medieval CiphersResearchers are using machine learning algorithms to decrypt historical pencil-and-paper ciphers.SCHNEIER.COM
3 JunOnly 11% of production agents pass the AI agent security barEnterprise teams are running AI agents that write code, drive browsers, answer customer calls, manage cloud infrastructure, and query data warehouses with standing credentials. A new independent assessment of 100 production agents finds that nearly all of them carry the condition…HELPNETSECURITY.COM
3 JunMalware campaign targeting Minecraft users infects over 116,000 systemsA Malware-as-a-Service (MaaS) operation named WeedHack is targeting Minecraft users and allows threat actors to gain remote access to victims’ screens, webcams, and files through a web-based dashboard, McAfee researchers found. Minecraft, developed by Mojang Studios and rel…HELPNETSECURITY.COM
3 JunImpersonation, Click Hijacking, and TDS: Inside a Malware Distribution EcosystemResearch by: Alexey Bukhteyev Key Takeaways Introduction When we search Google for a popular piece of software, we usually click the first result, sometimes without even looking at the rest, because official project sites tend to rank highest and appear near the top of the r…RESEARCH.CHECKPOINT.COM
3 JunThe $10M Exit DisappearedThis clip argues that the traditional founder exit may be changing. In the past, reaching a certain level of revenue could create a meaningful acquisition opportunity. For many entrepreneurs, selling the company was the expected next step. If valuations, ownership dilution, or ma…YOUTUBE.COM
3 Jun‘Don’t panic’: AI reality checks dominate major cybersecurity conferenceCISOs and their colleagues should focus on network security basics, not AI vendors’ overhyped promises, analysts said at an annual Gartner cybersecurity event.CYBERSECURITYDIVE.COM
3 JunHow attackers are gaining access to LLM inferenceThreat actors are wiring live LLM APIs into malware to generate malicious logic at runtime, and this research maps the five routes they use to access AI models for free. The post How attackers are gaining access to LLM inference appeared first on Intezer .INTEZER.COM
3 JunCoralogix Raises $200M at $1.6B Valuation to Scale AI Observability PlatformCoralogix offers a full-stack observability platform that unifies logs, metrics, traces, security, and AI observability. The post Coralogix Raises $200M at $1.6B Valuation to Scale AI Observability Platform appeared first on SecurityWeek .SECURITYWEEK.COM
3 JunThe Cybersecurity Stock SplitBoth the Security Weekly Index and the NASDAQ reached record highs. On the surface, the story looks simple: cybersecurity stocks are doing well. But a closer look at long-public companies reveals significant differences in performance. Market averages can hide large gaps between …YOUTUBE.COM
3 JunEuropean authorities crack down on illegal streaming networksOfficials said they dismantled nine organized crime groups and removed more than 27,000 URLs hosting live sports and other copyrighted media during a seven-month operation. The post European authorities crack down on illegal streaming networks appeared first on CyberScoop .CYBERSCOOP.COM
3 JunTropical Blend: Cyber & Politics Ramp Up Across Latin AmericaChina-linked espionage groups have attacked at least a dozen nations in the region, gathering information on maritime shipping, oil production, and other geopolitical interests.DARKREADING.COM
2 JunFrom API key to live threat detections in minutes: how Elastic Security ingests Google Threat IntelligenceFind out how Elastic Security ingests Google Threat Intelligence for continuous detection and uses AI-driven workflows to enrich alerts in real time, from API key to live detections in minutes.ELASTIC.CO
2 JunISC Stormcast For Tuesday, June 2nd, 2026 https://isc.sans.edu/podcastdetail/9954, (Tue, Jun 2nd)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
2 JunThis AI model backdoor attack stays hidden until you customize the modelMost teams that deploy AI start with a backbone model. They download a large pre-trained system, adapt it to a specific task, and put it into production. The download step carries a security question: the origin of the model. A research team built an attack called BadBone. It pla…HELPNETSECURITY.COM
2 JunCybersecurity jobs available right now: June 2, 2026Agentic Safety and Ecosystem Architect, Trust and Safety Google | USA | On-site – View job details As an Agentic Safety and Ecosystem Architect, Trust and Safety, you will define safety controls and permission models for autonomous agents on Android, helping ensur…HELPNETSECURITY.COM
2 JunZero trust physical security needs trust decisions at the edgeIn this interview with Help Net Security, Chuck Davis, VP, Global Information Security at Hikvision, explains how zero trust applies to physical security systems like cameras and door controllers. He breaks down how to make trust decisions at the edge without recreating old perim…HELPNETSECURITY.COM
2 JunRSA extends passwordless authentication to Linux environmentsRSA has expanded its passwordless authentication capabilities to Linux environments, advancing its goal of delivering secure, password-free access for every user in every environment. Linux is ubiquitous in enterprise infrastructure, powering servers, developer workstations, and …HELPNETSECURITY.COM
2 JunNew Wave Of Phishing Emails with SVG Files, (Tue, Jun 2nd)For a few days, my SANS ISC mailbox is flooded with emails that delivers SVG files. An SVG ("Scalable Vector Graphic") is a web-friendly vector file format used for graphics and icons. No URL in the body, just “an imageâ€, that's the perf…ISC.SANS.EDU
2 JunOracle’s First Monthly Patches Resolve 77 VulnerabilitiesOracle’s monthly Critical Security Patch Update (CSPU) rollouts are meant to deliver critical fixes faster. The post Oracle’s First Monthly Patches Resolve 77 Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
2 JunInfosecurity Europe: Business Leaders Lack Understanding of Threat Intelligence, Study WarnsA new Silobreaker and SANS Institute paper examines the ‘Intelligence-Stakeholder Gap’ and what organizations must do to achieve business buy-in on threat intelligenceINFOSECURITY-MAGAZINE.COM
2 JunKDE Linux security audit cuts kernel modules and unused packagesKDE Linux, the in-progress operating system from the KDE community, removed several kernel modules and software packages after a security audit of the components shipped with the system. The work followed the discovery of multiple security issues in the upstream Linux kernel duri…HELPNETSECURITY.COM
2 JunCybanetix unveils Managed AI Service to secure users, models, and agentsCybanetix has announced the launch of its Managed AI Service to address all three aspects of AI use within the enterprise. Covering employee AI usage, AI governance, and embedded AI, the Managed AI Service combines technology from NOMA, SentinelOne, Microsoft, and Exabeam with Cy…HELPNETSECURITY.COM
2 JunOpenAI brings frontier AI to existing AWS environmentsOpenAI frontier models and Codex are now available on AWS, giving customers access to OpenAI capabilities within AWS environments and the controls needed to move more quickly from evaluation to deployment. OpenAI capabilities on Amazon Bedrock These capabilities are available thr…HELPNETSECURITY.COM
2 JunBadHost, Dead CTFs, Exploding NPMs, and the Verizon DBIR - ASW #385We dedicate an episode to catching up on appsec news with Kalyani Pawar. We see parsing problems that led to the BadHost vuln, which exposed lots of LLMs, MCPs, and agents to potential compromise. We wonder where to look for security education and practice as the camaraderie of t…YOUTUBE.COM
2 JunSupply Chain Attack Hits 32 Red Hat NPM PackagesHackers published 96 malicious package versions, injected with a credential-stealing worm similar to Mini Shai-Hulud. The post Supply Chain Attack Hits 32 Red Hat NPM Packages appeared first on SecurityWeek .SECURITYWEEK.COM
2 JunThreat Actor Uses AI to Build EDR Evasion ToolsA threat actor used AI coding tools to build and test EDR evasion malware, Sophos findsINFOSECURITY-MAGAZINE.COM
2 JunOperation FlutterBridge: macOS Malvertising Campaign Spreads New FlutterShell BackdoorOperation FlutterBridge is a malvertising campaign targeting macOS users. It distributed the new backdoor FlutterShell, built using the Flutter framework. The post Operation FlutterBridge: macOS Malvertising Campaign Spreads New FlutterShell Backdoor appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
2 JunMicrosoft Entra pushes passkeys, tightens identity securityMicrosoft has released multiple identity and network access capabilities for Entra, its family of identity and network access products that help organizations implement a zero trust security strategy, over the last 30 days. Features reaching general availability Identity and auth…HELPNETSECURITY.COM
2 JunSophos uncovers AI-powered malware lab built for EDR evasionA threat actor used AI technologies to build a malware-testing framework for developing and refining endpoint detection and response (EDR) evasion techniques, according to Sophos. The investigation began after an anomalous endpoint in a customer environment triggered alerts tied …HELPNETSECURITY.COM
2 JunDiligent automates cyber risk assessments and reportingDiligent has announced Diligent Cyber Risk Management, an agentic solution designed to help organizations manage cybersecurity risk in a business context. Available in summer 2026, the platform reduces cyber risk assessment work from weeks to hours and links cyber threats to stra…HELPNETSECURITY.COM
2 JunLABScon25 Replay | Gamaredon x Turla: Unveiling a 2025 Espionage Alliance Targeting UkraineESET researchers show how Gamaredon facilitated Turla access to Ukrainian targets, revealing rare cooperation between FSB-linked espionage groups.SENTINELONE.COM
2 JunTurning tension into collaboration: How CIOs and CISOs can lead togetherIf properly managed and channeled, age-old friction between IT and cybersecurity can create a more resilient organization.CYBERSECURITYDIVE.COM
2 JunThe Zero-Knowledge Threat Actor and the End of Responsible DisclosureAI can help attackers generate malware, create malicious payloads, bypass simple security checks, and convert vague malicious intent into functional code. The post The Zero-Knowledge Threat Actor and the End of Responsible Disclosure appeared first on SecurityWeek .SECURITYWEEK.COM
2 JunAnthropic Expanding Mythos Access to 150 New OrganizationsOnly approximately 50 companies have had access to Mythos until now and they have found thousands of vulnerabilities in their products. The post Anthropic Expanding Mythos Access to 150 New Organizations appeared first on SecurityWeek .SECURITYWEEK.COM
2 JunAI's Real Security ProblemMany AI security conversations focus on prompt injection attacks. In this clip, Kalyani Pawar and Mike argue that AI may not be creating entirely new security threats. Instead, it often amplifies existing security problems that organizations already struggle with. The bigger conc…YOUTUBE.COM
2 JunAnthropic expanding access to Project GlasswingRoughly 150 new organizations across critical infrastructure sectors will gain access to Claude Mythos Preview, Anthropic's most capable — and most restricted — AI model. The post Anthropic expanding access to Project Glasswing appeared first on CyberScoop .CYBERSCOOP.COM
2 JunWeedHack Minecraft malware campaign infects over 116,000 PCsMcAfee researchers have uncovered a large Malware-as-a-Service (MaaS) operation targeting Minecraft players through trojanized mods, cheats, and game clients. The campaign, dubbed WeedHack, has infected more than 116,000 systems since January 2026 and offers aspiring cybercrimina…CYBERINSIDER.COM
2 JunExclusive: How One Line of Code Put Billions of Microsoft Android App Downloads at RiskA simple development setting bypassed protections designed to prevent unauthorized Android apps from accessing Microsoft account tokens, exposing billions of installations. The post Exclusive: How One Line of Code Put Billions of Microsoft Android App Downloads at Risk appeared f…SECURITYWEEK.COM
2 JunDozens of Red Hat npm packages targeted in supply- chain attackResearchers said a variant of the mini Shai-Hulud is involved in the compromise.CYBERSECURITYDIVE.COM
2 JunMicrosoft Build 2026: Securing code, agents, and models across the development lifecycleDiscover how Microsoft enables fast, secure AI development with MDASH and new security capabilities. The post Microsoft Build 2026: Securing code, agents, and models across the development lifecycle appeared first on Microsoft Security Blog .MICROSOFT.COM
2 JunHeraclitus, AI LLMs, SSO, TTP, NetLogon, PAN-OS, AI Cost, Aaran Leyland - SWN #586Heraclitus Unbound, AI LLMs, SSO, TTP, NetLogon, PAN-OS, AI Cost, Aaran Leyland, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-586YOUTUBE.COM
1 JunISC Stormcast For Monday, June 1st, 2026 https://isc.sans.edu/podcastdetail/9952, (Mon, Jun 1st)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
1 JunDNS-AID lets AI agents find and verify each other through DNSAI agents run across many platforms, and each one needs a way to locate and confirm the identity of the others it works with. The Linux Foundation’s DNS-AID project gives them that capability through the Domain Name System, the same address lookup system that has directed i…HELPNETSECURITY.COM
1 JunElection threats are focused on campaign systems, not voting machinesCheck Point said actors are shifting toward campaign systems and AI-generated content, outpacing the public's ability to understand and respond to the risks. The post Election threats are focused on campaign systems, not voting machines appeared first on CyberScoop .CYBERSCOOP.COM
1 JunAttackers Abuse Shared Content for ChatGPT Phishing CampaignPush Security says threat actors are delivering malware hosted on chatgpt.com/s/ domainINFOSECURITY-MAGAZINE.COM
1 JunDragos acquires Phosphorus to secure extended operational technologyDragos has acquired Phosphorus, extending the Dragos Platform to protect billions of connected devices embedded across critical infrastructure and other operational networks. Operational environments have outgrown traditional OT boundaries. Power grids, pipelines, manufacturing f…HELPNETSECURITY.COM
1 JunDragos Acquires xIoT Security Firm PhosphorusDragos said customers will soon gain expanded asset visibility and integrated device intelligence, with automated remediation workflows and a unified platform experience to follow. The post Dragos Acquires xIoT Security Firm Phosphorus appeared first on SecurityWeek .SECURITYWEEK.COM
1 JunSecure Code Warrior connects developer training to AI usage and code risksSecure Code Warrior has introduced Adaptive Learning, a capability designed to help organizations support AI software governance through targeted training based on identified risks. The feature delivers contextual microlearning and tracks outcomes at the code commit level. Softwa…HELPNETSECURITY.COM
1 JunPathSolutions brings on-premises AI troubleshooting to NetOps teamsPathSolutions has announced the launch of TotalView AI, a new capability within its TotalView platform that provides AI-driven troubleshooting for NetOps teams using network data analyzed on-premises. As enterprise networks become more distributed and complex, NetOps teams face i…HELPNETSECURITY.COM
1 JunHyland platform innovations focus on AI governance, context, and agent oversightHyland has unveiled platform innovations designed to move AI from experimentation to enterprise-wide adoption. Powered by the Content Innovation Cloud, these advancements transform governed enterprise content into trusted, actionable intelligence that accelerates business outcome…HELPNETSECURITY.COM
1 JunChina-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic & TaiwanA new cyber espionage campaign codenamed Operation Dragon Weave has been observed targeting officials and citizens in the Czech Republic and Taiwan to deliver an AdaptixC2 agent. According to Seqrite Labs, targets of the campaign include government, research, academic, technology…THEHACKERNEWS.COM
1 JunWithout strong governance, companies put credit ratings at risk in AI eraA new report from S&P Global provides a blueprint for how companies can adapt to the changing threat environment.CYBERSECURITYDIVE.COM
1 JunNetQuest expands NetworkLens to detect threats hidden in network management trafficNetQuest announced an expansion of its NetworkLens enriched dataset portfolio. The new network telemetry datasets deliver detailed traffic characteristics of network management transactions, giving security teams the granular, AI-ready intelligence needed to detect threats hidden…HELPNETSECURITY.COM
1 JunMeta tries to get ahead of scammers before the World Cup beginsFootball fans are counting down the days until the FIFA World Cup begins, and scammers are doing the same. Last week, the FBI warned that cybercriminals are spoofing FIFA websites to steal personal information, sell fake tickets, and promote fraudulent hospitality packages ahead …HELPNETSECURITY.COM
1 JunDutch Police Dismantle Massive 17-Million-Device BotnetDutch authorities seized command-and-control servers tied to a botnet of infected computers, smartphones, and tablets that was allegedly used to power a residential proxy network and facilitate cybercrime. The post Dutch Police Dismantle Massive 17-Million-Device Botnet appeared …SECURITYWEEK.COM
1 JunOpenAI requires stronger authentication for users of its most powerful AI modelsYubico announced its significant role in securing the AI frontier as OpenAI mandates the use of passkeys for individuals that are part of their Trusted Access for Cyber (TAC) program. As a leading global AI research and development company, OpenAI is setting a precedent for empow…HELPNETSECURITY.COM
1 JunHumans Could Become Cheaper Than AIAI infrastructure costs, including GPUs and token processing, continue to decrease as the technology matures. At the same time, organizations are dramatically increasing how much AI they consume, shifting many platforms toward usage-based pricing instead of flat monthly subscript…YOUTUBE.COM
31 MayYARA-X 1.17.0 Release, (Sun, May 31st)YARA-X&#;x26;#;39;s 1.17.0 release brings 5 improvements (several performance improvements) and 1 bugfix.
ISC.SANS.EDU
30 MayMalicious npm packages abuse dependency confusion to profile developer environmentsA dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and detection opportunities to help organizations identify and disrupt related acti…MICROSOFT.COM
30 MayThe skills pay the bills.Today we are joined by Marco Giuliani, Vice President & Head of Research at ThreatDown, discussing their work on "GachiLoader adopts AI skill lure." Threat actors are now using fake AI agent “skills” as highly convincing social engineering lures, with a new campaign disguising th…THECYBERWIRE.COM
30 MayRussian Spies Are Aggressively Seeking Western Technology as Sanctions Bite, Officials SayMoscow’s agents are building fake companies, recruiting middlemen and deploying cyber spies and hackers who gather information that could be used to attack key infrastructure. The post Russian Spies Are Aggressively Seeking Western Technology as Sanctions Bite, Officials Say appe…SECURITYWEEK.COM
29 MayISC Stormcast For Friday, May 29th, 2026 https://isc.sans.edu/podcastdetail/9950, (Fri, May 29th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
29 MayNew infosec products of the month: May 2026Here’s a look at the most interesting products from the past month, featuring releases from Alation, AppOmni, Apricorn, ASAPP, Babel Street, Checksum, Cogent, CTERA, Forward, LastPass, Operant AI, Riverbed, Sysdig, Trust3 AI, TrustCloud, VIAVI, Versa Networks, and XM Cyber. Opera…HELPNETSECURITY.COM
29 MayTyposquatted npm packages used to steal cloud and CI/CD secretsThe Mini Shai-Hulud campaign used malicious npm packages to target cloud and CI/CD credentials across developer environments. This report details the attack chain, detection opportunities, and mitigation guidance to help organizations identify and disrupt related activity. The po…MICROSOFT.COM
29 MayThe behavioral signals that sharpen Trojan malware detectionMalware analysts spend a lot of time deciding which signals from a sandbox run are worth keeping. A sample executed in a controlled environment can generate hundreds of measurable attributes covering file structure, registry edits, process behavior, and network traffic. Most of t…HELPNETSECURITY.COM
29 MayClaroty targets cyber-physical system risks with AI-powered security agentClaroty has launched Claroty Claire, a CPS-native AI security agent designed to help organizations defend mission-critical infrastructure. Claire is powered by a CPS language model trained on more than a decade of industry expertise and CPS-related data. The launch expands organi…HELPNETSECURITY.COM
29 MayMicrosoft 365 Copilot redesign brings context and actions into one workspaceMicrosoft 365 Copilot, an AI assistant that helps people write, summarize, analyze information, and complete work tasks, has been redesigned. It now serves as a single, flexible entry point to Copilot across Microsoft 365 apps, suggesting relevant actions based on the user’…HELPNETSECURITY.COM
29 MayWebsites can spy on user activity by analyzing SSD behaviorWebsites have spent years collecting information about visitors through browser fingerprinting, tracking scripts, and other techniques designed to identify devices and monitor behavior. Researchers have demonstrated another method that relies on something most users would never e…HELPNETSECURITY.COM
29 MayNew FROST attack leverages SSD side-channel to reveal browsing activitySecurity researchers have demonstrated a new browser-based side-channel attack that can monitor user activity by measuring subtle timing variations in SSD access, allowing malicious websites to infer which sites users visit and which applications they launch. The attack, named FR…CYBERINSIDER.COM
29 MayThe Firmware Your PC TrustsMany hardware devices ship with small firmware components called option ROMs that help UEFI initialize hardware during the boot process. These aren’t traditional operating system drivers. They run earlier, inside firmware, and help systems communicate with components like network…YOUTUBE.COM
29 MayA Gartner take on the MDR market in 2026For CISOs navigating the AI era, the question is no longer whether AI will change the SOC. It is whether the current service model is the right vehicle for that change. The post A Gartner take on the MDR market in 2026 appeared first on Intezer .INTEZER.COM
29 MayCybersecurity & Arctic Sovereignty: Protecting Canada's Most Vulnerable Infrastructure Cheryl BiswasHost David Shipley speaks with cybersecurity professional Cheryl Biswas about her journey into the industry and why she believes Arctic sovereignty must be viewed as a cybersecurity challenge as much as a geopolitical one. Biswas traces her path from political science and a help …CYBERSECURITYTODAY.LIBSYN.COM
29 MayDNS-AID will make AI agents easier to discover, says Linux FoundationAs AI agents become more numerous and more communicative, keeping track of where to find them is becoming increasingly important. Numerous proprietary agent registries are on the market, but the Linux Foundation suggests we simply extend the distributed, open Domain Name System (…CSOONLINE.COM
29 MaySignal users targeted by attackers seeking backup recovery keysSignal users are being targeted in a new phishing campaign that attempts to steal recovery keys used to access the platform's encrypted cloud backups. Attackers who obtain these keys could gain access to entire message archives, including older conversations, photos, and document…CYBERINSIDER.COM
29 MayMicrosoft is named a Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint ProtectionMicrosoft is named a Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. The post Microsoft is named a Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection appeared first on Microsoft Security Blog .MICROSOFT.COM
29 MayChatGPT share links abused to host fake outage pages to deliver malwareThreat actors are abusing ChatGPT's content-sharing feature to display fake OpenAI outage pages that direct users to download malware disguised as the ChatGPT desktop application. [...]BLEEPINGCOMPUTER.COM
29 MayName That Toon: Mark of (Cybersecurity) ProgressAs part of Dark Reading's 20th anniversary package, we asked readers for a cybersecurity-related caption that captures their thoughts about the industry's last two decades.DARKREADING.COM
29 MayFriday Squid Blogging: Another SquidSomeone named “Squid” seems to be a “ West Country legend .” As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.SCHNEIER.COM
29 MaySidhe, GreyVibe, Claude, Lightwell, Eclipse, Kimsuky, Obscure Beliefs, Josh Marpet - SWN #585Sidhe, GreyVibe, Claude, Lightwell, Eclipse, Kimsuky, Obscure Belief Systems, Josh Marpet, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-585YOUTUBE.COM
28 MayISC Stormcast For Thursday, May 28th, 2026 https://isc.sans.edu/podcastdetail/9948, (Thu, May 28th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
28 MayNudge Security adds browser-based discovery for shadow AI agentsNudge Security announced that its AI security platform offers discovery of shadow AI agents via the browser, extending its agent discovery capabilities to cover platforms that do not provide a public API for agent identity and inventory. The new browser-based agentic AI discovery…HELPNETSECURITY.COM
28 MayFrontier AI models collapse under multi-turn AI attacks, Cisco findsAttackers who probe large language models rarely give up after one refusal. They reframe, build context across turns, adopt personas, and escalate gradually. New research from Cisco’s AI threat intelligence team finds that the safety benchmarks used across the industry miss…HELPNETSECURITY.COM
28 MayChecksum introduces Continuous Quality Agent for automated test generation and healingChecksum has launched its Continuous Quality Agent, an autonomous system that runs nightly against deployed applications and automatically heals broken tests without waiting for an engineer to open a dashboard or write a prompt. AI coding has changed the constraint in software de…HELPNETSECURITY.COM
28 MayJINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS MalwareA new campaign orchestrated by a previously undocumented threat actor has targeted cryptocurrency organizations with an aim to facilitate digital asset theft using recruitment-themed social engineering and bespoke macOS malware. "These campaigns leveraged sophisticated social eng…THEHACKERNEWS.COM
28 MayA single typo could derail your World Cup plansCybercriminals are spoofing Fédération Internationale de Football Association (FIFA) websites ahead of the 2026 FIFA World Cup, the FBI warns. The attackers are registering lookalike domains with small spelling changes or different domain endings to impersonate FIFA websites and …HELPNETSECURITY.COM
28 MayNew Threat Actor Jinx-0164 Targets Crypto Developers on macOSNew actor Jinx-0164 hit crypto developers with fake recruiter lures and macOS malwareINFOSECURITY-MAGAZINE.COM
28 MayNew Edamame Platform Aims to Catch AI Coding Agents Going Off the RailsFrance-based startup Edamame says its runtime verification platform uses host telemetry and AI analysis to detect coding-agent “intent drift,” secret theft and supply-chain attacks in real time. The post New Edamame Platform Aims to Catch AI Coding Agents Going Off the Rails appe…SECURITYWEEK.COM
28 MayRaising the Cybersecurity Stakes: Ante up for the Agentic EraCISOs are now facing machine-speed attacks and asking, “How do I agent?” The industry must provide remediation at scale. The post Raising the Cybersecurity Stakes: Ante up for the Agentic Era appeared first on SecurityWeek .SECURITYWEEK.COM
28 MayOpenAI prepares ChatGPT for the election misinformation waveAI-generated election misinformation could shape public opinion and influence the lives of millions of people. To address those risks, OpenAI outlined a series of safeguards ahead of the 2026 election cycle. The company said its efforts will focus on helping users access voting i…HELPNETSECURITY.COM
28 MayDigimarc adds provenance, audit, and verification controls for AI agent workflowsDigimarc has announced new provenance and verification infrastructure designed to secure autonomous and AI-enabled workflows. As enterprises increasingly adopt AI systems capable of generating content, orchestrating workflows, and taking action with minimal human intervention, es…HELPNETSECURITY.COM
28 MayZapier fixes bug chain that researchers say risked widespread account takeoverA five-step flaw chain in the popular automation service, now patched, could have let a single attacker act as any signed-in user across thousands of connected apps. The post Zapier fixes bug chain that researchers say risked widespread account takeover appeared first on CyberSco…CYBERSCOOP.COM
28 MayMicrosoft’s Copilot trust test: zero findings, more models, wider oversightMicrosoft 365 Copilot and Copilot Chat (Copilot) have been recertified under ISO/IEC 42001:2023 by an independent auditor for the second consecutive year. Copilot first received ISO 42001 certification in March 2025. This year’s recertification recorded zero non-conformities and …HELPNETSECURITY.COM
28 MayAWS Doesn’t Secure EverythingMany organizations move infrastructure into AWS or managed environments believing most security responsibilities transfer with it. In reality, customers still control major parts of configuration, identity management, permissions, and operational security. That misunderstanding c…YOUTUBE.COM
28 MayEnterprise data is creeping its way into shadow AI toolsExecutives and employees are clashing over usage policies as AI security concerns rise, an Okta report found.CYBERSECURITYDIVE.COM
28 MayHow CISOs can manage sovereign-cloud security risksSelecting and adopting cloud services from non-U.S. regional providers requires solid cyber risk and security assessment.CYBERSECURITYDIVE.COM
28 MayProton Mail adds support for Gmail account syncing and sendingProton has announced a new feature that allows users to connect their Gmail accounts directly to Proton Mail, enabling them to read and send Gmail messages from within Proton’s encrypted email platform. The feature is designed to simplify migration away from Google’s email ecosys…CYBERINSIDER.COM
28 MayQuantum breakthrough produces perfect randomness for secure communicationsETH Zurich researchers have demonstrated what they describe as the world’s first generation of certifiably perfect random numbers using a quantum experiment based on entangled superconducting qubits. The breakthrough could strengthen future encryption systems, digital identity pr…CYBERINSIDER.COM
28 MayGeordie Raises $30 Million for AI Security and Governance PlatformThe funding round was led by Balderton Capital, with additional support from Crosspoint Capital and previous investors General Catalyst and Ten Eleven Ventures. The post Geordie Raises $30 Million for AI Security and Governance Platform appeared first on SecurityWeek .SECURITYWEEK.COM
28 MayHouse panel poised to hold hearing centered on AI impact on cyberIt’s part of a series of examinations at the House Homeland Security Committee that now will include a public event. The post House panel poised to hold hearing centered on AI impact on cyber appeared first on CyberScoop .CYBERSCOOP.COM
28 MayGoogle security engineer accused of turning confidential search trends into $1.2M win on PolymarketMichele Spagnuolo allegedly placed multiple trades on the prediction marketplace, abusing internal access to Google’s nonpublic data on the most searched people in 2025. The post Google security engineer accused of turning confidential search trends into $1.2M win on Polymarket a…CYBERSCOOP.COM
27 MayISC Stormcast For Wednesday, May 27th, 2026 https://isc.sans.edu/podcastdetail/9946, (Wed, May 27th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
27 MayThe alert economy is driving security analyst burnoutIn this Help Net Security video, Ido Livneh, CEO of Jazz, explains why security analysts burn out and what leaders can do about it. The cause, he argues, is not long hours but meaningless work. Analysts spend their days closing repetitive tickets while the institutional knowledge…HELPNETSECURITY.COM
27 MayCoinflow CISO on crypto payments security under AI pressureCrypto payment firms sit near the top of the target list for advanced persistent threat groups, and the workload on their security leaders keeps growing. Malcolm Portelli, CISO at Coinflow, runs the company’s security program from Malta. Coinflow is headquartered in the Uni…HELPNETSECURITY.COM
27 MayAnthropic Releases New Claude Sandbox, Security Guidance PluginThe AI giant says the new plugin, which helps developers find vulnerabilities as they write code, has been used extensively internally. The post Anthropic Releases New Claude Sandbox, Security Guidance Plugin appeared first on SecurityWeek .SECURITYWEEK.COM
27 MayAppOmni’s Marlin AI automates SaaS threat analysis, triage, and remediation at scaleAppOmni has launched Marlin AI to transform how enterprise organizations defend complex SaaS applications. Marlin AI delivers autonomous AI-powered SaaS security that leverages AppOmni’s deep SaaS application observability. It actively correlates SaaS security indicators, perform…HELPNETSECURITY.COM
27 MayFBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal DataThe FBI has issued an alert warning of Silent Ransom Group attacks targeting law firms. The post FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal Data appeared first on SecurityWeek .SECURITYWEEK.COM
27 MayFranklin Access adds three-layer security system to Wi-Fi routersFranklin Access has launched a three-layer security system integrated into its Wi-Fi routers, delivering enterprise-grade protection for consumers and small businesses. The system runs automatically in the background, blocking millions of malicious websites in real time to protec…HELPNETSECURITY.COM
27 MayWhat Security Leaders Should Expect from RSAC - Joseph Blankenship - BSW #449RSA Conference (RSAC) 2026, the 35th annual flagship event for cybersecurity, drew over 43,500 attendees, featuring more than 600 exhibitors, 570+ sessions, and 700+ speakers from 104 countries. It generated 370 million social media impressions. With this size and reach, what sho…YOUTUBE.COM
27 MayThe Credential Crisis: How Stolen Credentials Defeat Modern SecurityAs AI accelerates phishing, session hijacking, and credential abuse, security teams are racing to close the gap between attacker speed and defensive response. The post The Credential Crisis: How Stolen Credentials Defeat Modern Security appeared first on SecurityWeek .SECURITYWEEK.COM
27 May‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery SystemsMalicious repositories and disguised symlinks can trick AI coding agents into silently installing attacker-controlled MCP servers capable of stealing secrets, compromising CI pipelines, and deploying malicious code. The post ‘SymJack’ Attack Turns AI Coding Agents Into Supply Cha…SECURITYWEEK.COM
27 MayGlassWorm Botnet DisruptedSecurity firms took down all four command-and-control (C&C) channels used by the GlassWorm malware. The post GlassWorm Botnet Disrupted appeared first on SecurityWeek .SECURITYWEEK.COM
27 MayRevEng.AI Raises $15 Million to Hunt for Flaws and Backdoors in Software BinariesUsing an AI model called BinNet, RevEng hunts vulnerabilities and backdoors in released software binaries. The post RevEng.AI Raises $15 Million to Hunt for Flaws and Backdoors in Software Binaries appeared first on SecurityWeek .SECURITYWEEK.COM
27 MayRomanian Hacker Sentenced to Prison in US for Selling Access to State NetworkCatalin Dragomir previously pleaded guilty to selling access to an Oregon state government office’s network. The post Romanian Hacker Sentenced to Prison in US for Selling Access to State Network appeared first on SecurityWeek .SECURITYWEEK.COM
27 MayLastwall Raises $11.5 Million for Quantum-Resilient Identity PlatformThe new funding, led by BDC Capital’s StrongNorth Fund, will accelerate Lastwall’s North American expansion. The post Lastwall Raises $11.5 Million for Quantum-Resilient Identity Platform appeared first on SecurityWeek .SECURITYWEEK.COM
27 MaySecurityWeek to Host AI Risk Summit August 11-12 at the Ritz-Carlton, Half Moon BayNow in its third year, the AI Risk Summit is the leading conference that brings together CISOs, security leaders, AI researchers, developers, policymakers, and enterprise risk professionals. The post SecurityWeek to Host AI Risk Summit August 11-12 at the Ritz-Carlton, Half Moon …SECURITYWEEK.COM
27 MayeSentire launches new Atlas AI Operatives for autonomous threat detection and responseeSentire has unveiled new preempt, detect, and respond capabilities within the Atlas Platform, a unified agentic AI platform with purpose-built AI Operatives that work together in a continuous security lifecycle. Controlled autonomy SecOps The Atlas Platform delivers purpose-buil…HELPNETSECURITY.COM
27 MayFBI’s 2025 Internet Crime ReportThe 2025 Internet Crime Report was published a few weeks ago, but I only just saw it. Lots of interesting statistics. Press release . News articles .SCHNEIER.COM
27 MayDecrypting Customer Data On PurposeA telecom company asked how to “fix” an encryption problem. But according to the speaker, the real request was how to decrypt protected customer data so the company could build services and insights on top of it. The clip highlights a common security tension: businesses want more…YOUTUBE.COM
27 MayLeading AI models are more vulnerable to malicious prompts than vendors claimHackers could subvert frontier models with attacks that their developers overlook, Cisco said.CYBERSECURITYDIVE.COM
27 MayHackers are knocking on office doors pretending to be IT staffThe Silent Ransom Group (SRG) is targeting law firms using social engineering techniques and an unusual tactic for cybercriminals: showing up at victims’ offices in person while posing as IT staff, the FBI warns. The group, also known as Luna Moth, Chatty Spider, and UNC3753, has…HELPNETSECURITY.COM
27 MayCommit to Compromise: A New Threat Actor Targeting the Cryptocurrency Industry's Software Development InfrastructureWiz CIRT and Wiz Research detail JINX-0164, a threat actor using LinkedIn social engineering, custom macOS malware, and CI/CD hijacking to target cryptocurrency organizations.WIZ.IO
27 MayEvidence at the Moment of Attack. Answers at AI Speed.Wiz Sensor Forensics is now generally available - automatically capturing forensic artifacts at the moment of detection and using AI to accelerate investigation for SOC and IR teams.WIZ.IO
27 MayFBI warns US-based law firms to be on the lookout for cybercrime group that steals data in personSilent Ransom Group isn’t prolific, but it's demonstrated a knack for attacking the legal services sector with an extraordinary dual use of social engineering and in-person visits to victims’ workstations. The post FBI warns US-based law firms to be on the lookout for cybercrime …CYBERSCOOP.COM
27 MayAI’s Hype Cycle Is EndingResearchers analyzed decades of RSA Conference session titles and found that no major cybersecurity buzzword stayed dominant for more than about three years. The speaker argues AI may now be reaching that same turning point. After years of massive investment and nonstop attention…YOUTUBE.COM
27 MayOpenAI heralds cybersecurity, election interference safeguard plans for 2026 midtermsThe announcement builds on work from major tech firms in 2024 to combat AI-infused election chicanery. The post OpenAI heralds cybersecurity, election interference safeguard plans for 2026 midterms appeared first on CyberScoop .CYBERSCOOP.COM
27 MayGPU mining malware spreads via SEO poisoning, AI chatbotsThreat actors are targeting systems with high-performance computers in an ongoing cryptojacking campaign spread through a coordinated SEO poisoning operation that also manipulated AI chatbot recommendations. [...]BLEEPINGCOMPUTER.COM
27 MayOut of the Crypt: The Evolving Cyber Extortion EconomyUnit 42 explores trends in data theft and extortion, outlining key strategies for organizations as frontier AI models advance. The post Out of the Crypt: The Evolving Cyber Extortion Economy appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
26 MayISC Stormcast For Tuesday, May 26th, 2026 https://isc.sans.edu/podcastdetail/9944, (Tue, May 26th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
26 MayManage machine identities: The hidden privileged access layer you need to manageWhy are machine identities becoming the majority of “things with access”? Every automation, integration, and workload needs a way to authenticate and the right permissions to act. That quiet requirement has created a massive population of machine identities, also called non-human…HELPNETSECURITY.COM
26 MayRunning the Inverted Offensive Campaign with Adam KarcherHost Caleb Tolin sits down with Adam Karcher, FBI Supervisory Special Agent, Cyber Division, to discuss the urgent shift from reactive defense to a long-term operational campaign mindset. As threats evolve into a blended ecosystem of state and criminal actors, defenders must adap…THECYBERWIRE.COM
26 MayIranian Hackers Deploy MiniFast and MiniJunk V2 via Phishing and SEO PoisoningThe Iranian state-sponsored threat actor known as Nimbus Manticore (aka Screening Serpens and UNC1549) has been attributed to a fresh campaign using lures impersonating organizations in the aviation and software sectors across the U.S., Europe, and the Middle East following the j…THEHACKERNEWS.COM
26 MayAdmins of Bulletproof Hosting Service Used by Russian Hackers Arrested in NetherlandsThe two own Dutch companies that allegedly provided bulletproof hosting services to Russia-aligned threat actors. The post Admins of Bulletproof Hosting Service Used by Russian Hackers Arrested in Netherlands appeared first on SecurityWeek .SECURITYWEEK.COM
26 MayLithuania Suspects Foreign Involvement in Data Leak of Over 600,000 National Register EntriesLithuanian authorities are on high alert after a massive data leak involving more than 600,000 entries from national data registers. The post Lithuania Suspects Foreign Involvement in Data Leak of Over 600,000 National Register Entries appeared first on SecurityWeek .SECURITYWEEK.COM
26 MayAnthropic Expands Claude’s Enterprise Security Governance With 28 New IntegrationsNotable integrations include CrowdStrike, Palo Alto Networks, Microsoft, Okta, Zscaler, Netskope, Cloudflare, Fortinet, and Wiz. The post Anthropic Expands Claude’s Enterprise Security Governance With 28 New Integrations appeared first on SecurityWeek .SECURITYWEEK.COM
26 MayAppOmni’s Marlin AI Brings Autonomous Investigation to SaaS SecurityMarlin AI automatically analyzes SaaS misconfigurations, investigates related activity across enterprise environments, and recommends remediation steps — while stopping short of fully autonomous corrective action. The post AppOmni’s Marlin AI Brings Autonomous Investigation to Sa…SECURITYWEEK.COM
26 MayIranian APT Targets Aviation, Software Companies With Updated ToolsNimbus Manticore has continued its operations during and after the US military campaign against Iran. The post Iranian APT Targets Aviation, Software Companies With Updated Tools appeared first on SecurityWeek .SECURITYWEEK.COM
26 MayConifers rolls out AI-powered SOC for unified security operations and automated responseConifers has announced the launch of its agentic SOC, a unified AI platform designed to help security operations centers defend against cyber adversaries operating at machine speed. Built on the company’s CognitiveSOC platform, the new system connects threat intelligence, threat …HELPNETSECURITY.COM
26 MayAI Developers Never Go HomeAI coding agents are often compared to junior developers because of similar output quality, but their behavior is fundamentally different. They operate continuously, adapt dynamically, pursue assigned goals autonomously, and may hold system access that organizations do not fully …YOUTUBE.COM
26 MayIdentifying People Using Wi-Fi RoutersNot identifying people based on their use of Wi-Fi routers, but identifying people using Wi-Fi signals . This is accomplished through what is known as WiFi sensing , or the use of WiFi signals to infer information about a physical environment. When radio signals like WiFi travel …SCHNEIER.COM
26 MayAnthropic: Mythos finds more than 10,000 software flaws in first monthEarly results show a tenfold jump in bug discovery at some partners, and a widening gap between finding flaws and fixing them. The post Anthropic: Mythos finds more than 10,000 software flaws in first month appeared first on CyberScoop .CYBERSCOOP.COM
26 MayFBI warns about PhaaS platform used to access Microsoft 365 environmentsDevice code phishing enabled hackers to bypass multifactor authentication without credentials.CYBERSECURITYDIVE.COM
26 MayMuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 CountriesThe Iranian hacking group known as MuddyWater has been linked to a new campaign affecting at least nine organizations across nine countries on four continents in the first quarter of 2026. The activity targeted industrial and electronics manufacturing, education and public-sector…THEHACKERNEWS.COM
26 MayThe AI Accounts Nobody RemovesAI agents and non-human identities are increasingly being treated like employees because they also have operational lifecycles. Agents can be created quickly, assigned permissions, reorganized, and eventually become irrelevant to the business over time. The governance challenge i…YOUTUBE.COM
26 May KEVListening, Drupal, TTE, KEV, Mythos, Megalodon, Badanov, MFA, Pope Leo, Aaran Leyland - SWN #584They're Listening, Drupal, TTE, KEV, Mythos, Megalodon, Boris and Natasha, MFA, Pope Leo, Aaran Leyland, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-584YOUTUBE.COM
26 MayFrom poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilitiesMicrosoft exposes a cryptojacking campaign using SEO poisoning and ScreenConnect to target high-performance PCs, with malicious sites also surfaced through AI chatbots. The post From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microso…MICROSOFT.COM
25 MayBoards want cyber risk in dollars, not CVE countsIn this Help Net Security video, Ziv Levi, SVP of Technology at CYE, explains why translating cyber risk into dollars is one of the most pressing tasks for security leaders. Boards and executives want cyber exposure described in business terms, not technical jargon. Levi walks th…HELPNETSECURITY.COM
25 MayOver 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain AttackFake automated commits injected GitHub Actions workflows containing payloads to steal credentials, CI secrets, keys, and tokens. The post Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack appeared first on SecurityWeek .SECURITYWEEK.COM
25 MayLazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto FirmsCybersecurity researchers have shed light on a cross-platform malware called RemotePE that has been put to use by the North Korea-linked Lazarus Group in attacks targeting financial and cryptocurrency organizations. RemotePE, per NCC Group subsidiary Fox-IT, is part of a multi-st…THEHACKERNEWS.COM
25 MayAnthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS ProjectsMany findings have been confirmed to be critical or high-severity vulnerabilities and the number will continue to increase. The post Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects appeared first on SecurityWeek .SECURITYWEEK.COM
25 MayPrevention Alone Fails SecurityMost cybersecurity programs prioritize prevention first. Stop the attack before it happens. But this clip explains the weakness in relying on prevention alone. If attackers bypass defenses and nobody detects it, response becomes impossible. Detection and response are often treate…YOUTUBE.COM
25 MayMegalodon campaign compromises over 5,500 GitHub repositories with malicious commitsSecurity researchers have uncovered a large-scale supply chain attack dubbed “Megalodon” that injected malicious GitHub Actions workflows into more than 5,500 repositories. The campaign was discovered by researchers at SafeDep, who identified 5,718 malicious commits pushed across…CYBERINSIDER.COM
23 MayAn Example of Stack String in High Level Language, (Sat, May 23rd)This week, I'm attending the SEC670[ 1 ] training (“Red Teaming Tools - Developing Windows Implants, Shellcode, Command and Controlâ€). From my point of view, this training fits perfectly with FOR610 or FOR710 (malware analysis)…ISC.SANS.EDU
22 MayISC Stormcast For Friday, May 22nd, 2026 https://isc.sans.edu/podcastdetail/9942, (Fri, May 22nd)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
22 MayFlipper Introduces Flipper One as a Modular Linux-Based CyberdeckFlipper Devices has officially unveiled Flipper One, a modular, Linux-based cyberdeck designed to push the boundaries of open hardware and portable network analysis platforms. Unlike the popular Flipper Zero, the new device targets high-performance networking, software-defin…GBHACKERS.COM
22 MayThe new economics of fraud: Cheaper, faster, more convincingScams have become one of the fastest-growing consumer risks, driven by AI-enabled impersonation, social engineering, and sophisticated attack methods, according to Visa’s Spring 2026 Biannual Threats Report. Criminals redirect efforts toward trust and third parties Fraud involves…HELPNETSECURITY.COM
22 MayNew infosec products of the week: May 22, 2026Here’s a look at the most interesting products from the past week, featuring releases from ASAPP, Babel Street, CTERA, Forward, Riverbed, and Trust3 AI. Babel Street targets AI-driven threats with new agentic investigation capabilities Babel Street has launched Insights Investiga…HELPNETSECURITY.COM
22 MayCross-Platform NPM Stealer, (Fri, May 22nd)I found a Node.js stealer that looked pretty well obfuscated. The file was not running out-of-the-box because it was uploaded on VT as “extracted-decoded.js†(and reformated). The SHA256 is 049300aa5dd774d6c984779a0570f59610399c71864b5d5c260…ISC.SANS.EDU
22 MayHackers Hide Malware in Nested macOS-Style Folders to Evade ScansHackers are increasingly adopting stealthy delivery techniques, and a newly uncovered spear-phishing campaign shows how nested macOS-like folder structures can be abused to evade detection while deploying advanced malware. The phishing email carries a ZIP attachment named “常州大学20…GBHACKERS.COM
22 MayOne Telecom Provider Hosted Most of the Middle East ’s Active C2 InfrastructureHunt.io mapped 1,350+ C2 servers across the Middle East, revealing how a small group of providers quietly supports major malware activity. For years, threat intelligence focused mostly on malware families, phishing domains, and individual indicators. But a new report from Hunt.io…SECURITYAFFAIRS.COM
22 MayHackers Weaponize NF-e Invoice Lures to Deploy Banana RATHackers are actively using Brazil’s electronic invoice system (NF-e) as a lure to distribute a sophisticated banking trojan known as Banana RAT. The campaign has been attributed to a financially motivated threat cluster tracked as SHADOW-WATER-063 and appears exclusively focused …GBHACKERS.COM
22 MayAndroid Malware Secretly Signs Users Up for Premium ServicesAndroid users are being targeted by a large-scale malware campaign that silently subscribes victims to premium mobile services without their knowledge. The malware campaign focuses on carrier billing fraud, abusing premium SMS services to generate revenue for attackers. What make…GBHACKERS.COM
22 MayMicrosoft 365 users targeted by new phishing threat that bypasses MFAMicrosoft 365 access tokens are being targeted by an emerging Phishing-as-a-Service (PhaaS) platform called Kali365, the FBI is warning. First observed in April 2026, Kali365 has been distributed through Telegram, allowing cybercriminals to obtain Microsoft 365 access tokens and …HELPNETSECURITY.COM
22 MayMeet Fractal, an OS made for microarchitecture reverse engineeringProbing how a CPU isolates user code from kernel code is messy work. Researchers patch kernels, write drivers, or boot stripped-down bare-metal programs, and any of those choices change variables they were trying to hold still. Fractal, a new operating system from MIT CSAIL, was …HELPNETSECURITY.COM
22 MayProton Pass adds monitored credential sharing for AI agentsProton Pass, a secure, end-to-end encrypted password manager, added credential sharing through AI access tokens, allowing users to give AI agents access to selected items and monitor activity. To gain access, an agent must provide a reason for the request so users can see what ac…HELPNETSECURITY.COM
22 MayWorld Cup Phishing Surge: 203 Malicious IPs DetectedThe scale of phishing activity targeting the 2026 FIFA World Cup has expanded dramatically, with new research revealing a far broader and more complex threat landscape than initially reported. What began as a cluster of 79 malicious domains has now evolved into a distributed phis…GBHACKERS.COM
22 MayDeleted Google API keys keep working for up to 23 minutes, researchers warnGoogle API keys are credentials that let applications access Google services, from Maps to the Gemini AI. If a key is leaked, an attacker can use it to make API calls, rack up charges, and, if Gemini is enabled, access uploaded files and cached conversations. The assumed fix is s…HELPNETSECURITY.COM
22 MayTracking Iranian APT Screening Serpens’ 2026 Espionage CampaignsUnit 42 details Screening Serpens' use of AppDomainManager hijacking and new RAT variants to target tech and defense sectors in recent campaigns. The post Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
22 MayShadow AI Is Old Security DebtThe discussion argues that “shadow AI” is really just the latest version of shadow IT — employees sending sensitive data to tools outside official security oversight. The same concerns once tied to Dropbox and cloud apps are now appearing with AI systems like ChatGPT. Unlike trad…YOUTUBE.COM
22 MayIran-linked hackers target key US, allied sectors with sophisticated spear-phishing messagesCompanies, particularly those in the affected industries, should harden their defenses against impersonation schemes, Palo Alto Networks said.CYBERSECURITYDIVE.COM
22 MayNew York regulator calls for additional cyber mitigation amid heightened threat environmentThe guidance from the state Department of Financial Services arises from concerns about frontier AI and threats linked to the Iran war and other geopolitical risks.CYBERSECURITYDIVE.COM
22 MayHow Agentic AI and Automation Are Changing CybersecurityThere is no question that AI is changing cybersecurity in a massive way. In many respects, its impact is comparable to the rise of the internet. AI tools are helping organizations improve efficiency, automate repetitive tasks, and process data at a speed humans simply cannot matc…KNOWBE4.COM
22 MayNordVPN wins early court victory against LaLiga’s VPN blocking campaignA Spanish court has rejected LaLiga’s request to fine NordVPN over alleged failures to comply with a controversial anti-piracy blocking order. The decision was issued on May 19, 2026, by the Commercial Court of Córdoba, which dismissed LaLiga’s petition seeking coercive penalties…CYBERINSIDER.COM
22 MayGhostwriter Targets Ukraine Government Entities with Prometheus Phishing MalwareThe Belarus-aligned threat actor known as Ghostwriter (aka UAC-0057 and UNC1151Ukraine's National Security and Defense Council) has been observed using lures related to Prometheus, a Ukrainian online learning platform, to target government organizations in the country. The activi…THEHACKERNEWS.COM
22 MayMicrosoft Security success stories: How St. Luke’s and ManpowerGroup are securing AI foundationsHow Frontier firms secure AI at scale: read how Microsoft customers embed governance, identity, and cloud security to make protection an enabler of AI growth. The post Microsoft Security success stories: How St. Luke’s and ManpowerGroup are securing AI foundations appeared …MICROSOFT.COM
22 MayTelegram’s MTProto protocol leaks persistent identifiers enabling user trackingA newly published technical review of Telegram’s MTProto protocol warns that the messaging platform exposes persistent device identifiers to passive network observers, potentially allowing users to be tracked across networks, locations, and sessions without breaking Telegram’s en…CYBERINSIDER.COM
22 MayFrom edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and ConfluenceA multi-stage attack on Linux devices began with an exposed F5 BIG-IP edge appliance and pivoted to an internal Confluence server for credential theft and identity compromise. Learn how the threat actor attempted Kerberos relay and lateral movement, and how Microsoft Defender det…MICROSOFT.COM
22 MayFBI warns about fast-growing phishing kit targeting Microsoft 365 usersKali365, which was first observed in April, abuses legitimate Microsoft device authorization pages to grant persistent access to cybercriminal-controlled applications. The post FBI warns about fast-growing phishing kit targeting Microsoft 365 users appeared first on CyberScoop .CYBERSCOOP.COM
22 MayFriday Squid Blogging: Regulating Squid Fishing in the South PacificThe South Pacific Regional Fisheries Management Organization (SPRFMO) needs to regulate squid fishing in the South Pacific. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.SCHNEIER.COM
22 MayTVs, Old York, Flipper One, Ubiquity, Underminr, CISOs, GitHub, Josh Marpet... - SWN #583TVs, Old York, Flipper One, Ubiquity, Underminr, CISOs, GitHub, Josh Marpet, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-583YOUTUBE.COM
21 MayISC Stormcast For Thursday, May 21st, 2026 https://isc.sans.edu/podcastdetail/9940, (Thu, May 21st)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
21 MayProduct showcase: Bitdefender Mobile Security for iOS protects privacy where scams beginBitdefender Mobile Security for iOS is a security and privacy application for iPhone and iPad that helps protect against phishing attempts, online scams, unsafe websites, and account exposure. I have used Bitdefender Mobile Security for iOS for the last two years. It was easy to …HELPNETSECURITY.COM
21 MayTwo U.S. Executives Plead Guilty in India-Based Tech Support Fraud SchemesTwo U.S.-based business executives have pleaded guilty to their roles in enabling large-scale tech-support fraud operations linked to call centers in India, according to the U.S. Department of Justice. Adam Young, 42, former CEO of a telecommunications services company based in M…GBHACKERS.COM
21 MayBadIIS Malware Hijacks IIS Servers to Redirect Users to Illicit SitesA new variant of the BadIIS malware that hijacks Microsoft IIS web servers to redirect users to illicit websites, highlighting an evolving malware-as-a-service (MaaS) ecosystem operated by Chinese-speaking cybercrime groups. The newly analyzed variant is marked by embedded “demo.…GBHACKERS.COM
21 MayMost dark web activity revolves around a handful of topicsDark web activity often becomes visible during marketplace seizures, major data leaks, or sudden spikes in criminal activity. Those events can create an impression of an ecosystem where attention shifts quickly and new trends regularly replace old ones. A six-year dataset coverin…HELPNETSECURITY.COM
21 MayP2PInfect Botnet Targets Kubernetes via Exposed RedisA persistent P2Pinfect botnet campaign targeting Google Kubernetes Engine (GKE) clusters through exposed Redis instances, highlighting how a single cloud misconfiguration can enable long-term compromise. In several investigated environments, attackers maintained access for up to …GBHACKERS.COM
21 MayRiverbed introduces new Aternity tools for autonomous IT operationsRiverbed has announced new capabilities for Aternity designed to support autonomous IT operations for digital experience management. The updates help digital workplace teams move toward prevention-focused operations through broader visibility, context-aware intelligence, and gove…HELPNETSECURITY.COM
21 MayForward launches Predict to test network changes before deploymentForward has unveiled Forward Predict, a new capability that allows organizations to evaluate the impact of network changes before deployment. By testing proposed changes against a digital twin of the production network, Forward Predict helps identify potential issues before they …HELPNETSECURITY.COM
21 MayCTERA brings AI insights and automation for unstructured dataCTERA has announced the launch of CTERA InsightAI, an agentic AI intelligence layer for the CTERA Intelligent Data Platform. The new capability is designed to help enterprises understand, manage, secure, and optimize unstructured data environments. CTERA InsightAI adds AI-driven …HELPNETSECURITY.COM
21 MayVirtru centers file collaboration around data-level protectionVirtru unveiled Virtru Collaborate, a new offering that eliminates that tradeoff, a FedRAMP authorized space where sensitive files are encrypted and protected by the Trusted Data Format (TDF), and where that protection travels seamlessly with the data as teams work together acros…HELPNETSECURITY.COM
21 MayTenable Hexa AI automates remediation across attack surfacesTenable has announced the general availability of Tenable Hexa AI, the agentic AI engine of the Tenable One Exposure Management Platform. Tenable Hexa AI is an advanced agentic AI for cybersecurity solution, equipped with advanced multi-step reasoning and Model Context Protocol (…HELPNETSECURITY.COM
21 MayTamperedChef Malware Hides in Signed Apps to Drop Stealers and RATsA large-scale malware campaign dubbed “TamperedChef” is leveraging trojanized productivity applications such as PDF editors, calendar tools, and file converters to silently deploy information stealers and remote access trojans (RATs), according to recent threat intelligence findi…GBHACKERS.COM
21 MayFake Microsoft Teams Downloads Spread ValleyRAT MalwareHackers are actively distributing a sophisticated ValleyRAT malware variant through fake Microsoft Teams download pages, leveraging social engineering and multi-stage execution techniques to evade detection. The campaign, first observed in mid-April on the X platform, uses fraudu…GBHACKERS.COM
21 MayThe readiness paradox: Why a false sense of cyber confidence is becoming a liabilityAs AI expands the attack surface and alert fatigue grows, cyber exposure management offers a clearer path to understanding where risk truly concentrates and how to reduce it before a crisis hits. The post The readiness paradox: Why a false sense of cyber confidence is becoming a …CYBERSCOOP.COM
21 MayDiscord Enables End-to-End Encryption by Default Across Voice and Video FeaturesDiscord has officially enabled end-to-end encryption (E2EE) by default for all voice and video communications across its platform, marking a significant shift in user privacy and secure communications. The announcement, made on May 18, 2026, confirms that every voice and video ca…GBHACKERS.COM
21 MayFitbit Air vs Pixel Watch 4: Which Should You Wear at Night?Fitbit Air offers $99 sleep-first tracking, Pixel Watch 4 pairing, and a cheaper Whoop alternative, but Google’s AI coaching remains unproven. The post Fitbit Air vs Pixel Watch 4: Which Should You Wear at Night? appeared first on TechRepublic .TECHREPUBLIC.COM
21 MayGoogle Health 5.0 Brings New Fitbit App Design, AI Coach, and Android WidgetGoogle Health 5.0 replaces the Fitbit app with a redesigned layout, Gemini-powered coaching, a new Android widget, and retired Fitbit features. The post Google Health 5.0 Brings New Fitbit App Design, AI Coach, and Android Widget appeared first on TechRepublic .TECHREPUBLIC.COM
21 MayGoogle Brings a Long-Missing Apple Feature to AndroidGoogle’s Continue On in Android 17 lets users move supported tasks from phone to tablet, bringing Apple-like Handoff to Android devices soon. The post Google Brings a Long-Missing Apple Feature to Android appeared first on TechRepublic .TECHREPUBLIC.COM
21 MayPermanent Jobs Fall in UK as Temporary Placements Rise: ReportUK permanent job placements fell in April while temporary hires rose due to economic uncertainty and global conflict, according to a new KPMG/REC report The post Permanent Jobs Fall in UK as Temporary Placements Rise: Report appeared first on TechRepublic .TECHREPUBLIC.COM
21 MayHistoric SpaceX IPO Filing Reveals Starlink, AI, and Mars AmbitionsSpaceX’s IPO filing reveals Starlink’s revenue role, major AI spending, Starship costs, Musk’s control, and legal risks facing investors. The post Historic SpaceX IPO Filing Reveals Starlink, AI, and Mars Ambitions appeared first on TechRepublic .TECHREPUBLIC.COM
21 MayGlucose Tracking Is Turning Into the Next Big Health Data PlatformGlucose tracking is moving beyond diabetes care as CGMs, AI platforms, and wearable sensors reshape personalized health data and wellness tools. The post Glucose Tracking Is Turning Into the Next Big Health Data Platform appeared first on TechRepublic .TECHREPUBLIC.COM
21 MayProton Pass adds new protections for AI agents with account accessA new Proton Pass feature allows users to securely share credentials with AI agents via “AI access tokens,” aiming to reduce the security risks posed by autonomous AI tools accessing private accounts. The feature lets users grant AI agents limited, read-only access to selected cr…CYBERINSIDER.COM
21 MayGoogle “Won’t Fix” API key staying active for 23 mins after deletionDeleted Google API keys remain valid for up to 23 minutes after revocation, potentially allowing attackers to continue accessing Google Cloud services and Gemini data long after the credentials have been disabled. Google acknowledged the behavior following a report by Aikido, but…CYBERINSIDER.COM
21 MayBuild Custom, High-Impact Training with KnowBe4’s Content Creation AgentIn the world of security awareness training, a comprehensive library of relevant and engaging content is a necessity. But even the best training can feel limited when you need to talk about your specific VPN rules, a policy that changed this morning, or a novel threat uniquely ta…KNOWBE4.COM
21 MayWhat’s new in Microsoft Security: May 2026Microsoft Security’s latest updates extend visibility, control, and protection across expanding ecosystems as organizations accelerate AI adoption. The post What’s new in Microsoft Security: May 2026 appeared first on Microsoft Security Blog .MICROSOFT.COM
20 MayISC Stormcast For Wednesday, May 20th, 2026 https://isc.sans.edu/podcastdetail/9938, (Wed, May 20th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
20 May7 hard truths security pros should know: 2026 DevOps Threats ReportIn 2025, trusted Git hosting platforms became a playground for cyber criminals. This is the main conclusion from the latest “DevOps Threat Unwrapped Report 2026” by GitProtect. If you want to effectively counter attacks targeted at your code (and business), you need security meas…HELPNETSECURITY.COM
20 MayWhen your AI assistant has the keys to productionLarge language models in operational roles query telemetry, propose configuration changes, and in some deployments execute those changes against live infrastructure. Ticket drafting and alert summarization were the starting point. Vendors describe this work as autonomous remediat…HELPNETSECURITY.COM
20 MayTrapdoor Android Ad Fraud Ring Abuses 455 Apps for Fake ClicksA large-scale Android ad fraud campaign named “Trapdoor,” exposing a sophisticated ecosystem built on 455 malicious apps and 183 command-and-control (C2) domains. The operation combines malvertising, automated click fraud, and advanced evasion techniques to create a self-sustaini…GBHACKERS.COM
20 MayDevilNFC Malware Traps Android Users in NFC Relay AttacksA newly identified Android malware family named DevilNFC is raising concern among cybersecurity researchers for its advanced use of kiosk mode to trap victims during NFC relay attacks. These malware families mark a significant evolution in NFC relay threats. Unlike earlier campai…GBHACKERS.COM
20 MayMini Shai-Hulud Attack Hits npm Ecosystem, Compromising Over 600 PackagesA large-scale supply chain attack targeting the npm ecosystem has resurfaced with a new variant of the Mini Shai-Hulud malware, compromising more than 600 packages and introducing advanced evasion techniques, including forged Sigstore provenance. The attack primarily targeted the…GBHACKERS.COM
20 MaySingle-Letter Go Module Typosquat Drops DNS-Based BackdoorA newly uncovered software supply chain attack targeting Go developers demonstrates how a single-character typo can silently introduce a persistent backdoor. A malicious Go module, github.com/shopsprint/decimal, designed to impersonate the widely trusted github.com/shopspring/dec…GBHACKERS.COM
20 MayCommunicating cyber risk in dollars boards understandIn this Help Net Security interview, Nick Nieuwenhuis, Cybersecurity Architect at Nedscaper, explains why cybersecurity has not delivered the resilience that decades of investment have promised. He argues that spending has leaned too heavily on technical controls while neglecting…HELPNETSECURITY.COM
20 MayVoid Botnet Leverages Ethereum for Resilient C2A newly identified botnet, named Void, is leveraging Ethereum smart contracts to build a resilient, hard-to-disrupt command-and-control (C2) infrastructure, marking a continued evolution in blockchain-enabled cybercrime. Discovered in March 2026 and advertised on a Russian-langua…GBHACKERS.COM
20 MayEviltokens: A Conversation with Huntress on an AI‑Enabled Device Code Phishing CampaignIn this episode of the Microsoft Threat Intelligence Podcast, host Sherrod DeGrippo joins researchers from Huntress to break down the rise of EvilTokens, an AI-powered phishing-as-a-service platform designed to bypass MFA and automate credential theft at scale. Together, t…THECYBERWIRE.COM
20 MayGUEST ESSAY: AI can speed up communication, but it can also weaken human connectionThe first warning sign came on stage. Related: Carol Sturka declares her agency I had turned to ChatGPT to help organize research notes for an upcoming keynote. I was pressed for time and wanted help spotting patterns I might have … (more…) The post GUEST ESSAY: AI can spee…LASTWATCHDOG.COM
20 MayDarwinium updates mobile SDKs to detect remote access scam activityDarwinium has announced updates to its Android and iOS mobile SDKs. It enables banks, payment providers, and digital businesses to tackle the proliferation of remote access scams, including those that manipulate live sessions and account farming operations that run mule networks.…HELPNETSECURITY.COM
20 MayFake Tax Assessment Pages Spread Windows MalwareHackers are actively targeting Windows users with fake Indian Income Tax assessment pages in a campaign tracked as TAX#TRIDENT. The campaign begins with fraudulent tax assessment or penalty pages designed to create urgency. Victims are prompted to download what appears to be an o…GBHACKERS.COM
20 MayTracking TamperedChef Clusters via Certificate and Code ReuseUnit 42 analyzes TamperedChef malware clusters that use trojanized productivity apps and malvertising to deliver stealthy payloads to targets. The post Tracking TamperedChef Clusters via Certificate and Code Reuse appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
20 MayTrust3 AI focuses on AI agent risks with MCP Security layerTrust3 AI has announced the launch of Model Context Protocol (MCP) Security, establishing a new standard for safeguarding enterprise agentic AI workloads. This solution forms a key capability within Trust3 AI’s enterprise agent control plane, empowering security and governa…HELPNETSECURITY.COM
20 MayGraphWorm Malware Abuses Microsoft OneDrive for Stealthy C2 OperationsA new activity from Webworm, a China-aligned advanced persistent threat (APT) group, revealing a significant evolution in its cyber espionage toolkit during 2025. The group, first publicly documented in 2022, has shifted its targeting from primarily Asian organizations to governm…GBHACKERS.COM
20 MayChina-Linked Webworm APT Evolves Tactics, Expands to European TargetsChina-linked Webworm APT expands beyond Asia, targeting European government organizations and refining its cyber espionage tactics, according to ESET researchINFOSECURITY-MAGAZINE.COM
20 MayFBI: $388 million lost in crypto ATM scams in 2026Americans lost more than $388 million to crypto kiosk scams in 2025, with the FBI warning that criminals are increasingly directing victims to transfer funds through these machines. Cryptocurrency kiosks, popularly known as Bitcoin ATMs, are physical automated teller machines tha…HELPNETSECURITY.COM
20 MayNovata uses AI to map risk across portfolios and supply chainsNovata has announced the launch of Risk Atlas, a new AI-powered risk monitoring tool designed to help organizations identify, compare, and prioritize risks across portfolios and supply chains. Framework for comparative risk visibility Risk Atlas provides a single, customizable fr…HELPNETSECURITY.COM
20 MayOn AI SecurityGood report : Executive Summary: Let’s say you wanted to make sure that your AI is secure. Can you just maximize the security and privacy benchmark and call it a day? Nope, because benchmarks don’t actually work for measuring AI capabilities (even when they are NOT em…SCHNEIER.COM
20 MayWebworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph APICybersecurity researchers have flagged fresh activity from a China-aligned threat actor known as Webworm in 2025, deploying custom backdoors that employ Discord and Microsoft Graph API for command-and-control (C2 or C&C) communications. Webworm, first publicly documented by B…THEHACKERNEWS.COM
20 MayReport: Romance Scams Cost UK Victims £102 Million Last YearUK residents lost £102 million ($138 million US) to romance scams in 2025, according to a new report from the City of London Police.KNOWBE4.COM
20 MayThey Put Industrial Systems On Wi-FiDoug White describes industrial control systems (ICS/OT) that were exposed online without password protection, including fuel tank gauge consoles such as the Veeder-Root TLS350 and TLS450 Plus. For years, many industrial environments relied on obscurity and isolation as informal …YOUTUBE.COM
20 MayBlock Everything By DefaultA Zero Trust Cloud Access model brokers connections to SaaS platforms through a controlled intermediary instead of exposing those services broadly to the internet. Instead of allowing access from anywhere, organizations can block all inbound access by default and permit only a ve…YOUTUBE.COM
20 MayHow Can MSSPs Scale Threat Detection Without Burning Out Their Analysts?Scaling threat detection as an MSSP doesn’t mean hiring more analysts — it means enabling the analysts you already have to handle more clients, more alerts, and more complex threats without burning out. The practical path forward combines three capabilities: continuous real…ANY.RUN
20 MaySame Problem, Different Angles: When Red Team and Blue Team Actually Talk to Each OtherThere is a certain kind of conversation that doesn’t get written up in a post-mortem, doesn’t generate a ticket, and never makes it into an end-of-quarter report. It happens on the margins—at a conference, in a hallway, or, in this case, at 30,000 feet above sea level. It’s the c…BLACKHILLSINFOSEC.COM
20 MayTor launches crowdfunding campaign to support internet freedom projectsThe Tor Project has launched a new cryptocurrency-based crowdfunding initiative aimed at supporting internet freedom and privacy tools amid growing financial pressure on nonprofit digital rights organizations. The campaign introduces a Web3-focused funding model that uses quadrat…CYBERINSIDER.COM
20 MayAI assistants can be hijacked and manipulated by inaudible soundsHidden audio commands can hijack AI voice assistants and transcription tools without users hearing anything unusual, according to new research set to be presented at the IEEE Symposium on Security and Privacy next week. The study shows that carefully crafted audio clips can elici…CYBERINSIDER.COM
20 MaySteam removes ‘Beyond The Dark’ horror game over malware reportsA malicious game distributed through Steam has been removed from Valve’s platform after users discovered it was secretly harvesting player data and communicating with remote command-and-control infrastructure. The game, titled Beyond The Dark, masqueraded as a free indie horror t…CYBERINSIDER.COM
20 MayWebworm APT targets European government organizations with new backdoorsESET has released an analysis of the 2025 activity of Webworm, a China-aligned APT group tracked as Space Pirates and UAT-8302. Active since at least 2022, the group initially focused on targets in Asia, but has recently expanded its operations into Europe. ESET observed Webworm …HELPNETSECURITY.COM
20 MaySecuring the gaming culture of culturesRead about the unique challenges and rewards of securing gaming platforms and how to better protect gaming communities. The post Securing the gaming culture of cultures appeared first on Microsoft Security Blog .MICROSOFT.COM
19 MayISC Stormcast For Tuesday, May 19th, 2026 https://isc.sans.edu/podcastdetail/9936, (Tue, May 19th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
19 MayMicrosoft to Retire Teams Together Mode to Improve PerformanceMicrosoft has announced it will retire the “Together mode” feature in Microsoft Teams, marking a shift toward simplified meeting layouts designed to improve performance, usability, and consistency across devices. The change, confirmed by Microsoft Product Manager Katarina Tranker…GBHACKERS.COM
19 MayJavaScript Malware Campaign Drops Crypto Clipper via PowerShellA large-scale CountLoader campaign that uses layered obfuscation, multi-stage payload delivery, and covert command-and-control (C2) communication to deploy cryptocurrency clipper malware. The campaign stands out for its complex infection chain, combining JavaScript, PowerShell, a…GBHACKERS.COM
19 MayBabel Street targets AI-driven threats with new agentic investigation capabilitiesBabel Street has launched Insights Investigator, a new agentic capability that puts tradecraft-trained AI agents at the front edge of investigative work while ensuring analysts remain in control of scope, logic, and outcomes of their missions. As part of the Babel Street Insights…HELPNETSECURITY.COM
19 MayEgnyte unveils Email Capture and AI features to unify fragmented dataEgnyte has announced a new set of capabilities designed to consolidate fragmented knowledge. Email Capture centralizes critical communications and attachments from siloed inboxes into the Egnyte folder structure, assisting users to make more informed data-driven decisions based o…HELPNETSECURITY.COM
19 MayThe State of AI & AppSec - Keith Hoodlet - ASW #383This year has been a dichotomy of established secure design fundamentals and burgeoning chaos of LLM-driven vuln discovery. Keith Hoodlet returns to share his latest observations on what the recent news about Mythos, models, and harnesses means for appsec. He walks through the pr…YOUTUBE.COM
19 MayDiscord enables E2EE by default for all voice and video communicationsDiscord announced that all voice and video calls on its platform are now protected with end-to-end encryption (E2EE) by default. The rollout applies to direct messages, group calls, voice channels, and Go Live streams, with Stage channels remaining the only exception. Discord fir…CYBERINSIDER.COM
19 MayLaurie Anderson Is Quoting MeNot by name, but Laurie Anderson quotes me in one of the tracks of her new album: My favorite quote is from a cryptologist who said “If you think technology will solve your problems, you don’t understand technology and you don’t understand your problems.” …SCHNEIER.COM
19 MayMicrosoft Edge Enhances Security by Preventing Password Loading at StartupMicrosoft is rolling out a key security change in its Edge browser to stop saved passwords from being loaded into memory as soon as the browser starts. The move comes after a security researcher showed that Edge was decrypting and keeping all stored passwords in cleartext in proc…GBHACKERS.COM
19 MayTop 5 Phishing-Driven Social Engineering Attacks on Companies in 2026Your employees are not falling for “bad grammar” phishing anymore. They are being pulled into fake Microsoft logins, banking pages, AI tool instructions, real OAuth flows, and event invitations that look close enough to daily work to pass without alarm. For CISOs, that is t…ANY.RUN
19 MayAnthropic Denies EU Access to Claude Mythos, ChatGPT 5.5 Comes to RescueAnthropic still hasn’t granted the EU access to Claude Mythos, but OpenAI’s ChatGPT 5.5-Cyber could help the bloc preempt vulnerabilities. The post Anthropic Denies EU Access to Claude Mythos, ChatGPT 5.5 Comes to Rescue appeared first on TechRepublic .TECHREPUBLIC.COM
19 MayVoidStealer Malware Targets Chrome Data Despite Built-In Browser ProtectionsA newly discovered infostealer called VoidStealer is raising concerns after researchers revealed it can bypass Google Chrome’s App-Bound Encryption (ABE), a security feature designed to protect sensitive browser data. The malware introduces a novel technique that allows attackers…GBHACKERS.COM
19 MayLaunchDarkly adds real-time controls for AI agents in productionLaunchDarkly has launched AgentControl, a new solution that gives software teams real-time control over AI agents in production. With AgentControl, teams can change how an agent behaves at runtime without redeploying the underlying application. As AI agents move into production, …HELPNETSECURITY.COM
19 MayCanonical ships Ubuntu Core 26 with 15 years of security maintenanceOperators of industrial sensors, edge AI controllers, and connected medical equipment now have a refreshed long-term Linux option for fleets that must stay patched for more than a decade. Canonical released Ubuntu Core 26, the latest long-term supported version of its minimal, im…HELPNETSECURITY.COM
19 MayNew macOS infostealer impersonates Apple, Microsoft, and Google in a single attack chainA SHub macOS infostealer variant called Reaper impersonates Apple, Microsoft, and Google to trick users into executing malicious code, then targets browser data, password managers, and cryptocurrency wallets while establishing persistence for continued access, SentinelOne found. …HELPNETSECURITY.COM
19 MayThe end of unencrypted Discord calls is hereDiscord has protected voice and video calls in DMs, group DMs, voice channels, and Go Live streams with end-to-end encryption (E2EE) by default. The company began experimenting with E2EE for voice and video in 2023, starting a long-term effort. End-to-end encryption allows only p…HELPNETSECURITY.COM
19 MayMicrosoft’s legacy MSHTA tool heavily abused in malware attacksMicrosoft’s legacy mshta.exe utility remains widely abused in malware campaigns despite the retirement of Internet Explorer and Microsoft’s ongoing deprecation of older scripting technologies. Bitdefender Labs reports a notable rise in detections involving mshta.exe over recent m…CYBERINSIDER.COM
19 MayTwo-Thirds of Nonhuman Accounts Are Unseen and Unmanaged, According to Orchid Security’s Identity Gap ReportNew York, United States, May 19th, 2026, CyberNewswire New research shows identity dark matter continues to expand and erode enterprise identity, resulting in a fragile foundation for agent AI readiness and adoption Orchid Security, the company solving identity at its core, today…GBHACKERS.COM
19 MayWarning: Phishing Attacks Are Abusing the Kuse AI AppAttackers are abusing the storage and sharing features of Kuse, a free AI app, to assist in phishing campaigns, according to researchers at Trend Micro. Kuse is a legitimate agentic AI platform used by employees to streamline workflows. Users can share files with coworkers, which…KNOWBE4.COM
19 MayMozilla hardens Firefox against fingerprinting, adds one-click session wipeMozilla has released Firefox 151, introducing new privacy-focused protections for Private Browsing Mode and stronger anti-fingerprinting defenses. A new “End Private Session” feature for Firefox’s Private Browsing Mode, accessible through a fire-shaped icon next to the address ba…CYBERINSIDER.COM
19 MayCriminal IP Returns to Infosecurity Europe 2026 with Advanced AI-Driven TI & ASMTorrance, United States / California, May 19th, 2026, CyberNewswire Criminal IP has announced its return to Infosecurity Europe 2026 with a focus on delivering more actionable, decision-ready intelligence through its continuously evolving platform. Taking place from June 2 to Jun…GBHACKERS.COM
19 MayAI Isn’t Finding Novel BugsThis discussion highlights a recurring pattern in AI-assisted security research: current systems are effective at identifying known classes of vulnerabilities and established error patterns, but evidence for discovering truly novel vulnerabilities remains limited. This may mean A…YOUTUBE.COM
19 MayMicrosoft Launches New Surface AI PCs for Business BuyersMicrosoft launched new Surface for Business PCs with Intel Core Ultra Series 3 chips, AI features, 5G options, and enterprise security tools. The post Microsoft Launches New Surface AI PCs for Business Buyers appeared first on TechRepublic .TECHREPUBLIC.COM
19 MayAnthropic Just Bought a Developer Tool Used by OpenAI, GoogleAnthropic acquired SDK startup Stainless, signaling a deeper push into developer tooling as AI labs compete beyond model performance. The post Anthropic Just Bought a Developer Tool Used by OpenAI, Google appeared first on TechRepublic .TECHREPUBLIC.COM
19 MayAgentic AI, Strong Racks, Weak Fabric: Inside Dell’s AI BetDell sharpens its AI vision with agentic endpoints, an AI-ready platform, and factory-built racks, but its muted networking story raises questions about how far its AI Factory can scale. The post Agentic AI, Strong Racks, Weak Fabric: Inside Dell’s AI Bet appeared first on TechRe…TECHREPUBLIC.COM
19 MayMac Users Face New Malware Threat Spoofing Apple, Google, and MicrosoftA new SHub Reaper macOS infostealer spoofs prompts from Apple, Google, and Microsoft to steal passwords, crypto data, and business files from Macs. The post Mac Users Face New Malware Threat Spoofing Apple, Google, and Microsoft appeared first on TechRepublic .TECHREPUBLIC.COM
19 MayApple’s Siri Could Get a Grammarly-Like AI Writing Tool at WWDCApple’s iOS 27 may add AI writing tools, prompt-built shortcuts, AI wallpapers, and a smarter Siri as WWDC 2026 approaches in June. The post Apple’s Siri Could Get a Grammarly-Like AI Writing Tool at WWDC appeared first on TechRepublic .TECHREPUBLIC.COM
19 MayApple Intelligence Powers New Accessibility Features for iPhone, MacApple Intelligence will upgrade VoiceOver, Voice Control, captions, and Vision Pro wheelchair controls in new accessibility features coming later this year. The post Apple Intelligence Powers New Accessibility Features for iPhone, Mac appeared first on TechRepublic .TECHREPUBLIC.COM
19 MayMicrosoft Confirms Windows Update Bug Blocking Security FixesMicrosoft confirmed that KB5089549 can fail with error 0x800f0922 on Windows 11 devices with low EFI partition space, and shared workarounds are available. The post Microsoft Confirms Windows Update Bug Blocking Security Fixes appeared first on TechRepublic .TECHREPUBLIC.COM
19 MayMy Mother the Car, AI Slop, Nginx, Polyscope, Drupal, , GitHub, Aaran Leyland - SWN #582My Mother the Car, AI Slop, Nginx, Polyscope, Drupal, GitHub, Aaran Leyland, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-582YOUTUBE.COM
18 MayProduct showcase: McAfee + ChatGPT integration turns doubt into a scam checkMcAfee + ChatGPT integration brings real-time scam detection in conversations and gives users an easier way to verify suspicious content before clicking or responding. It is available to anyone, without requiring a McAfee or ChatGPT subscription. It combines conversational AI wit…HELPNETSECURITY.COM
18 MayLinux Torvalds Warns AI Bug Report Spam Is Disrupting Linux Security DiscussionsLinux kernel creator Linus Torvald has warned that a flood of low‑value, AI‑generated bug reports is overwhelming the private Linux security mailing list and actively disrupting real security work. The new kernel documentation for Linux 7.1 now explicitly tells AI users to treat …GBHACKERS.COM
18 May1 Million WordPress Websites Exposed by Avada Builder Security VulnerabilitiesA widely used WordPress plugin powering over one million websites has been found vulnerable to two serious security flaws that could expose sensitive data and server files. Security researchers warn that the issues in the Avada Builder plugin could allow both authenticated and un…GBHACKERS.COM
18 MayThe AI backdoor your security stack is not built to seeEnterprises deploying LLMs have spent the past two years building defenses around a reasonable assumption: malicious behavior leaves a trace in the input. Scan for suspicious tokens, filter unusual characters, watch for prompt injection patterns. New research from Microsoft and t…HELPNETSECURITY.COM
18 MayFast16 Malware Sabotages Nuclear Test Simulations by Altering DataA newly analyzed cyber-espionage framework called Fast16 has revealed one of the most precise and covert sabotage operations ever uncovered targeting nuclear weapons simulations by silently manipulating critical test data. Researchers confirm that the malware didn’t just infiltra…GBHACKERS.COM
18 MayHackers Hide PureLogs Infostealer in PawsRunner LoaderThreat actors are increasingly hiding malware inside seemingly harmless files, and a new campaign shows just how effective this tactic has become. The attack begins with a phishing email carrying a TXZ archive attachment. Disguised as an urgent invoice, the file pressures victims…GBHACKERS.COM
18 MayOtterCookie Malware Steals Dev Secrets, SSH Keys, Cloud Credentials, and TokensA newly analyzed malware strain, OtterCookie, is emerging as a serious threat to developers, quietly harvesting sensitive data from active workstations in real time. Unlike earlier assumptions, OtterCookie is not a variant of BeaverTail but a separate Node. js-based remote access…GBHACKERS.COM
18 MayANY.RUN Turns 10: Special Offers for Stronger Security OperationsTen years in cybersecurity is a long journey. Threats have changed, attacks have become harder to spot, and security teams now need answers faster than ever. ANY.RUN has grown with those teams. What started as an interactive sandbox is now a trusted company …ANY.RUN
18 MaySignal begins testing automatic key verification for encrypted chatsSignal has started public testing of a new security feature called “automatic key verification,” designed to simplify confirming end-to-end encrypted conversations without requiring users to manually compare safety numbers. The feature was announced by Signal staff member “jimio”…CYBERINSIDER.COM
18 MayHow a government contest launched a revolution in AI-based bug huntingSecurity researchers have spent months honing AI systems that can find and fix serious vulnerabilities. Critical infrastructure everywhere could benefit.CYBERSECURITYDIVE.COM
18 MaySmartBear expands ReadyAPI with AI-powered API testing capabilitiesSmartBear has announced ReadyAPI’s new AI test generation capability that accelerates API testing by up to 80% while giving teams control to enable or disable AI. While competitors focus on speed alone, ReadyAPI’s AI test generation capability is architected for quality at scale …HELPNETSECURITY.COM
18 MayWhat Is an Al Agent in Cybersecurity?At the Milken Conference in May 2026, Robert F. Smith, founder and CEO of Vista Equity Partners, described a shift that every security leader should hear. Software, he said, has moved through three states: product, then service and now worker. "That agent, that software, act…KNOWBE4.COM
18 MayGrafana Labs says hacker gained access to codebase through leaked tokenThe company, which operates a widely used observability platform, is refusing to pay an extortion demand.CYBERSECURITYDIVE.COM
18 May7 Hidden iPhone Features That Actually Make a DifferenceDiscover hidden iPhone features for messages, photos, accessibility, privacy, call screening, and battery life that make iOS easier to use. The post 7 Hidden iPhone Features That Actually Make a Difference appeared first on TechRepublic .TECHREPUBLIC.COM
18 MayFitbit Bug Leaves Pixel Watch Users Missing Sleep Data AgainPixel Watch users report a Fitbit bug that hides sleep stats on the watch while data still appears in the phone app. The post Fitbit Bug Leaves Pixel Watch Users Missing Sleep Data Again appeared first on TechRepublic .TECHREPUBLIC.COM
18 MayWindows 11 Start Menu, Taskbar Are Getting More CustomizationMicrosoft is testing Windows 11 taskbar and Start menu updates, including movable taskbar positions, cleaner Start controls, and compact layout options. The post Windows 11 Start Menu, Taskbar Are Getting More Customization appeared first on TechRepublic .TECHREPUBLIC.COM
18 MayMozilla calls on UK to exclude VPNs from age verification rulesMozilla urged UK regulators not to impose age restrictions on VPN services, warning that such measures would weaken privacy protections for all users while doing little to prevent minors from bypassing online age checks. In a submission to the UK Department for Science, Innovatio…CYBERINSIDER.COM
18 MayApple’s Siri Revamp May Add Auto-Deleting ChatsApple’s reported Siri revamp may add auto-deleting AI chats as the company prepares a privacy-focused software push at WWDC 2026. The post Apple’s Siri Revamp May Add Auto-Deleting Chats appeared first on TechRepublic .TECHREPUBLIC.COM
18 MayBanned Nvidia AI Chips Keep Reaching China Despite US CrackdownUS export-control cases show how Nvidia chips and other restricted tech are allegedly diverted to China and Russia through shell firms and intermediaries. The post Banned Nvidia AI Chips Keep Reaching China Despite US Crackdown appeared first on TechRepublic .TECHREPUBLIC.COM
18 MayApple’s Fall Lineup Could Include Foldable iPhone, New MacsApple is rumored to have more than 15 products planned for fall, including a foldable iPhone, new Macs, AirPods, Watches, and smart-home devices. The post Apple’s Fall Lineup Could Include Foldable iPhone, New Macs appeared first on TechRepublic .TECHREPUBLIC.COM
18 MayInterpol leads cybercrime crackdown across 13 countries in Middle East, North AfricaOperation Ramz resulted in 201 arrests and disrupted phishing services, malware and financial scams. The post Interpol leads cybercrime crackdown across 13 countries in Middle East, North Africa appeared first on CyberScoop .CYBERSCOOP.COM
18 MayPoland urges officials to ditch Signal for state-run messaging appsPoland’s government is urging public-sector organizations to reduce their reliance on Signal for official communications and instead adopt domestically controlled encrypted messaging systems following a surge in phishing attacks targeting politicians, government personnel, and mi…CYBERINSIDER.COM
18 MayTeamPCP Supply Chain Campaign: Activity Through 2026-05-17, (Mon, May 18th)Since the last update , the TeamPCP supply chain campaign produced its loudest stretch since the March Trivy disclosure: an officially confirmed Checkmarx Jenkins plugin compromise and a new self-spreading Mini Shai-Hulud worm across npm and PyPI.
ISC.SANS.EDU
18 MayFTC: Americans Lost $2.1 Billion to Social Media Scams Last YearA new report from the US Federal Trade Commission (FTC) has found that Americans lost $2.1 billion in 2025 to scams that began on social media. Nearly 30% of people who reported losing money to a scam said it started on social media, far outpacing other modes of contact.KNOWBE4.COM
18 MayHow to better protect your growing business in an AI-powered worldSee how built-in security helps keep your growing business running, protect customer trust, and support growth. The post How to better protect your growing business in an AI-powered world appeared first on Microsoft Security Blog .MICROSOFT.COM
16 MayFriday Squid Blogging: Bigfin SquidArticle about the bigfin squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.SCHNEIER.COM
16 MayScam papers served.Thomas Elkins, SOC L3 Analyst from BlueVoyant, is discussing "Unpacking Augmented Marauder’s Multi-Pronged Casbaneiro Campaigns." BlueVoyant researchers uncovered a large-scale phishing campaign by the Brazil-linked threat group targeting Spanish-speaking users across Lat…THECYBERWIRE.COM
15 MayNew infosec products of the week: May 15, 2026Here’s a look at the most interesting products from the past week Alation, Apricorn, Versa Networks, and TrustCloud. The questionnaire-based TPRM model is broken, and TrustCloud has a fix TrustCloud announced a new version of TrustLens, its third party risk management (TPRM) solu…HELPNETSECURITY.COM
15 MayISC Stormcast For Friday, May 15th, 2026 https://isc.sans.edu/podcastdetail/9934, (Fri, May 15th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
15 MayPopular node-ipc npm Library Hit by Supply Chain Attack, Impacting 822K Weekly DownloadsA widely used npm package with more than 822,000 weekly downloads has once again become the center of a serious supply chain attack, raising fresh concerns across the JavaScript ecosystem. Security researchers at Socket have uncovered multiple malicious versions of the popular no…GBHACKERS.COM
15 MayDeepfake detection is losing ground to generative modelsDeepfake detection has been built around a single question for close to a decade. Given a video or audio clip, is it real or synthetic? Commercial detectors analyze pixels, frequencies, and biometric signals to answer that question, and the best of them post strong accuracy numbe…HELPNETSECURITY.COM
15 MayZombie linkages are keeping expired domains trusted for yearsDomains expire, get transferred, and return to the market every day. The systems connected to those domains can continue trusting the original owner long after control has changed. Researchers at USC and the University of Twente examined this problem in three widely used systems:…HELPNETSECURITY.COM
15 MayMicrosoft Exposes Kazuar Malware’s Modular P2P Botnet ArchitectureMicrosoft has revealed new technical insights into Kazuar, a long-running malware linked to the Russian state-backed group Secret Blizzard, highlighting its evolution into a stealthy, modular peer-to-peer (P2P) botnet designed for persistent cyber espionage. Originally identified…GBHACKERS.COM
15 MayKeycard helps developers secure autonomous AI agents with scoped accessKeycard has announced Keycard for Multi-Agent Apps, extending its platform to support delegated, session-based access across systems of autonomous agents. Keycard lets developers build apps where every agent has its own identity, access is scoped to each task and every action is …HELPNETSECURITY.COM
15 MayTycoon 2FA Operators Use OAuth Device Code Phishing to Bypass MFAA new phishing campaign uncovered in late April 2026 shows how threat actors behind the Tycoon 2FA Phishing-as-a-Service (PhaaS) kit are evolving beyond traditional credential theft. This development comes just weeks after a global takedown effort led by Microsoft and Europol dis…GBHACKERS.COM
15 MayOrBit Rootkit Targets Linux to Steal SSH and Sudo CredentialsHackers are continuing to abuse a stealthy Linux rootkit known as OrBit to harvest SSH and sudo credentials, with new research showing the threat has quietly evolved over four years while remaining active in the wild. First analyzed in 2022, OrBit was initially believed to be a c…GBHACKERS.COM
15 MayThieves unlock stolen iPhones using cheap tools sold on TelegramHelping a friend recover a stolen phone, Infoblox researchers uncovered a thriving Telegram-based underground marketplace selling unlocking tools and phishing infrastructure used to monetize stolen iPhones. Activation Lock can remotely disable a stolen iPhone and prevent normal r…HELPNETSECURITY.COM
15 MayBypassing On-Camera Age-Verification ChecksSome AI-based video age-verification checks can be fooled with a fake mustache .SCHNEIER.COM
15 MayGhostwriter group resumes attacks on Ukrainian Government targetsESET uncovered new Ghostwriter (aka FrostyNeighbor) activity targeting Ukrainian government organizations in a campaign active since March 2026. ESET researchers published a new report documenting fresh activity attributed to the APT group FrostyNeighbor, aka Ghostwriter, active …SECURITYAFFAIRS.COM
15 MayGoogle lets Workspace admins apply one policy across all SAML appsGoogle has updated Context-Aware Access (CAA) in Google Workspace to introduce a default policy assignment for SAML applications. SAML applications are third-party or internal applications that use the Security Assertion Markup Language (SAML) protocol to enable single sign-on (S…HELPNETSECURITY.COM
15 MayTraffic-Themed SMS Phishing Targets Users Around the WorldResearchers at Bitdefender are tracking 40 separate SMS phishing (smishing) campaigns impersonating transport authorities, toll operators, and parking services around the world. The researchers have observed more than 79,000 scam text messages with over 29,000 unique variant…KNOWBE4.COM
15 MayRaising the bar: Quality, shared responsibility, and the future of GitHub’s bug bounty programWe're updating our bug bounty program standards to prioritize quality submissions, clarify shared responsibility boundaries, and evolve how we reward low-risk findings. The post Raising the bar: Quality, shared responsibility, and the future of GitHub’s bug bounty program a…GITHUB.BLOG
15 MayFigure Humanoid Robots Sort Packages Non-Stop in 24/7 DemoFigure AI’s Helix 02 humanoid robots neared 40 hours of autonomous work and almost 50,000 packages in a livestreamed warehouse demo. The post Figure Humanoid Robots Sort Packages Non-Stop in 24/7 Demo appeared first on TechRepublic .TECHREPUBLIC.COM
15 MayGoogle’s Default 15GB Free Storage Is Ending for Some New AccountsGoogle is testing a change that gives some new accounts 5GB by default, with the full 15GB unlocked only after phone verification. The post Google’s Default 15GB Free Storage Is Ending for Some New Accounts appeared first on TechRepublic .TECHREPUBLIC.COM
15 MayMSPs need AI to fight AI-fueled cyberthreats: GuardzEntry points haven’t changed but the speed and scale of attacks have intensified, the security vendor found.CYBERSECURITYDIVE.COM
15 MayWhy Integrate Threat Intelligence Feeds into Email Security?It's getting harder to distinguish legitimate emails from malicious ones as phishing messages mimic real conversations, use trusted domains and increasingly leverage AI to scale and refine attacks.KNOWBE4.COM
15 MayUS Approves Nvidia H200 Sales to China, But Shipments Remain StalledUS approvals could let Nvidia sell H200 AI chips to China, but Beijing’s security concerns and export rules have stalled shipments. The post US Approves Nvidia H200 Sales to China, But Shipments Remain Stalled appeared first on TechRepublic .TECHREPUBLIC.COM
15 MayNew Windows Update May Undo Bad Driver Updates on Its OwnMicrosoft is testing Cloud-Initiated Driver Recovery, a Windows Update feature designed to roll back bad drivers with less manual IT work. The post New Windows Update May Undo Bad Driver Updates on Its Own appeared first on TechRepublic .TECHREPUBLIC.COM
15 MayApple and OpenAI’s ChatGPT Deal Reportedly Risks Legal ClashApple and OpenAI’s AI partnership is reportedly under strain as Siri plans, ChatGPT integration, and OpenAI hardware ambitions collide. The post Apple and OpenAI’s ChatGPT Deal Reportedly Risks Legal Clash appeared first on TechRepublic .TECHREPUBLIC.COM
15 MayOpenAI Warns Mac Users to Update Apps After Supply-Chain AttackOpenAI says Mac users must update ChatGPT, Codex, and Atlas apps by June 12 after an npm supply-chain attack exposed signing certificates. The post OpenAI Warns Mac Users to Update Apps After Supply-Chain Attack appeared first on TechRepublic .TECHREPUBLIC.COM
15 MayColorado governor commutes prison sentence for election denier Tina PetersPeters was sentenced to nine years for stealing voting data and has been publicly unrepentant. But Colorado Governor Jared Polis has been hinting at the decision for months. The post Colorado governor commutes prison sentence for election denier Tina Peters appeared first on Cybe…CYBERSCOOP.COM
14 MayISC Stormcast For Thursday, May 14th, 2026 https://isc.sans.edu/podcastdetail/9932, (Thu, May 14th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
14 MayLyrie.ai Unveils Open Standard for Agent Security and Joins Anthropic’s Cyber Verification ProgramDUBAI, UAE — May 14, 2026 — As autonomous AI agents begin to handle everything from corporate bank transfers to sensitive code deployments, the digital world is facing a new “Wild West” scenario: millions of autonomous entities operating without a badge or a passport.…GBHACKERS.COM
14 MayRussian official admits VPNs cannot be fully blocked without breaking the internetA senior Russian official has acknowledged that fully blocking or disabling VPN services in Russia is technically unfeasible, warning that such attempts could severely disrupt the country’s internet infrastructure. The remarks mark one of the clearest public admissions from a Kre…CYBERINSIDER.COM
14 MayTexas sues Netflix for profiling children and selling data to advertisersTexas Attorney General Ken Paxton has filed a sweeping lawsuit against Netflix, accusing the streaming giant of misleading consumers for years while secretly operating what the state describes as a massive behavioral surveillance and advertising system targeting both adults and c…CYBERINSIDER.COM
14 MayAI cyber capability is speeding past earlier projectionsAI cyber capability is improving faster than expected, with newer models surpassing earlier projections, according to the UK government’s AI Security Institute (AISI). AISI measures AI cyber capability using “time horizon benchmarks”, which estimate how long AI systems can comple…HELPNETSECURITY.COM
14 MayVector embedding security gap exposes enterprise AI pipelinesEnterprise adoption of retrieval-augmented generation has moved sensitive corporate content into a new storage format that existing security tools cannot inspect. Companies deploying internal AI assistants convert documents into high-dimensional numerical vectors and ship them to…HELPNETSECURITY.COM
14 MayClosing the AI governance gap in your enterpriseIn this Help Net Security video, Casey Bleeker, CEO at SurePath AI, talks about the AI governance gap that exists in almost every organization. Drawing from three years of conversations with IT, business, and security leaders, Casey explains why AI adoption is outpacing governanc…HELPNETSECURITY.COM
14 May170 npm Packages Hijacked to Steal GitHub, AWS & Kubernetes SecretsHackers have launched a large-scale supply chain attack by compromising more than 170 npm packages and two PyPI libraries, collectively downloaded over 200 million times weekly, to steal sensitive developer and cloud credentials. The malicious npm packages contain a hidden preins…GBHACKERS.COM
14 MayMicrosoft’s WinUI agent plugin trims token use by over 70% during developmentMicrosoft published a plugin on May 13 that lets GitHub Copilot CLI and Claude Code drive the full WinUI 3 development cycle, from project scaffolding through signed MSIX packaging. The WinUI agent plugin ships one agent, eight skills, and several supporting tools targeting the l…HELPNETSECURITY.COM
14 MayHow Dangerous Is Anthropic’s Mythos AI?Last month, Anthropic made a remarkable announcement about its new model, Claude Mythos Preview: it was so good at finding security vulnerabilities in software that the company would not release it to the general public. Instead, it would only be available to a select group of co…SCHNEIER.COM
14 MayKimsuky targets organizations with PebbleDash-based toolsKaspersky researchers analyze a range of new PebbleDash-based tools used in recent Kimsuky campaigns and reveal their connection to the AppleSeed malware cluster.SECURELIST.COM
14 MayCofense adds AI-powered campaign detection to stop phishing attacksCofense has announced new advancements to its Phishing Defense Platform aimed at improving detection and response to AI-powered phishing attacks. The updates include AI-driven phishing detection, enhanced triage automation, and AI-assisted training campaign creation designed to s…HELPNETSECURITY.COM
14 MayWarning: Netflix Phishing Scams Can Lead to Serious ConsequencesResearchers at Bitdefender warn that Netflix-themed phishing attacks can have far-reaching consequences if users follow poor security practices. While Netflix is generally associated with a user’s personal life, phishing attacks targeting personal accounts can put users’ employer…KNOWBE4.COM
14 MayGhostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt StrikeThe Belarus-aligned threat group known as Ghostwriter has been attributed to a fresh set of attacks targeting governmental organizations in Ukraine. Active since at least 2016, Ghostwriter has been linked to both cyber espionage and influence operations targeting neighboring coun…THEHACKERNEWS.COM
14 MayA spyware investigator exposed Russian government hackers trying to hijack Signal accountsA group of likely Russian government hackers tried to hack a security researcher who investigates spyware attacks. He was then able to turn the tables on the hackers and reveal details of their espionage campaign.TECHCRUNCH.COM
14 MayMustang Panda Linked to Updated FDMTP Backdoor in Asia-Pacific Espionage CampaignMustang Panda campaign deploys updated FDMTP backdoor against Asia-Pacific and Japan networksINFOSECURITY-MAGAZINE.COM
14 MayApple’s iPhone Privacy Feature Expands to More Users WorldwideApple expanded Limit Precise Location in iOS 26.5, but the carrier privacy feature still requires select iPhones and iPads. The post Apple’s iPhone Privacy Feature Expands to More Users Worldwide appeared first on TechRepublic .TECHREPUBLIC.COM
14 MayJeff Bezos’ Blue Origin May Need Outside Cash to Catch SpaceXBlue Origin may seek outside funding for the first time as it looks to scale launches, compete with SpaceX, and expand its space business. The post Jeff Bezos’ Blue Origin May Need Outside Cash to Catch SpaceX appeared first on TechRepublic .TECHREPUBLIC.COM
14 MayLinkedIn Cuts Jobs Despite Revenue Growth as Tech Layoffs Keep SpreadingLinkedIn is cutting jobs and trimming spending across major teams despite revenue growth, as the Microsoft-owned company refocuses priorities. The post LinkedIn Cuts Jobs Despite Revenue Growth as Tech Layoffs Keep Spreading appeared first on TechRepublic .TECHREPUBLIC.COM
14 MayUpcoming Speaking EngagementsThis is a current list of where and when I am scheduled to speak: I’m giving a virtual talk on “The Security of Trust in the Age of AI,” hosted by the Financial Women’s Association of New York , at 6:00 PM ET on May 21, 2026. I’m speaking at the Potsdam Conference on National Cyb…SCHNEIER.COM
14 MayPhishing Attacks Begin Targeting the 2026 FIFA World CupA major phishing operation is targeting soccer/football fans ahead of the 2026 FIFA World Cup, which begins in June, according to researchers at Flare. The attackers have set up at least 79 phishing sites impersonating the official FIFA website.KNOWBE4.COM
14 MayMore money is going to physical security, but it’s often CISOs that oversee it: EYOrganizations should centralize physical security and cybersecurity so both are adequately prepared for, the consulting firm says in a survey report.CYBERSECURITYDIVE.COM
14 MayMicrosoft: Russian hackers evolved Kazuar malware into stealthy P2P botnet“Kazuar,” a long-running malware platform linked to the Russian state-sponsored threat group Secret Blizzard, has evolved into a stealthy peer-to-peer botnet designed for persistent intelligence collection. Microsoft Threat Intelligence reports that Kazuar has transformed from a …CYBERINSIDER.COM
14 May'FrostyNeighbor' APT Carefully Targets Govt Orgs in Poland, UkraineAttackers uniquely fingerprint victims before delivering spear-phishing payloads aimed at espionage, in the latest campaign from the Belarussian nation-state threat group.DARKREADING.COM
14 MayTrump’s China Summit Turns Into a Big Tech Power PlayTrump’s China summit brought Nvidia, Apple, and Tesla leaders into talks shaped by AI chips, trade pressure, and market-access demands. The post Trump’s China Summit Turns Into a Big Tech Power Play appeared first on TechRepublic .TECHREPUBLIC.COM
14 MayTop New Features in Android 17 You’ll Notice This YearGoogle previewed Android 17 with Gemini AI tools, AirDrop-style sharing, privacy upgrades, multitasking changes, and stronger security controls. The post Top New Features in Android 17 You’ll Notice This Year appeared first on TechRepublic .TECHREPUBLIC.COM
14 MayMicrosoft Retires ‘Copilot Mode’ as Edge Gets Built-In AI ToolsMicrosoft is retiring “Copilot Mode” in Edge as it builds AI browsing tools directly into Edge on desktop and mobile. The post Microsoft Retires ‘Copilot Mode’ as Edge Gets Built-In AI Tools appeared first on TechRepublic .TECHREPUBLIC.COM
14 May KEVKevin O’Leary’s ‘Wonder Valley’ Data Center Advances as Job Estimates ShiftKevin O’Leary’s Wonder Valley data center project faces scrutiny as job estimates shift and Utah residents raise environmental concerns. The post Kevin O’Leary’s ‘Wonder Valley’ Data Center Advances as Job Estimates Shift appeared first on TechRepublic .TECHREPUBLIC.COM
14 MayWhite House cyber official: identity security matters more than ever in the age of AIWhile AI tools present unique cybersecurity threats, they still rely on poor identity security by organizations to do the most damage, a White House official said Thursday. The post White House cyber official: identity security matters more than ever in the age of AI appeared fir…CYBERSCOOP.COM
14 MaySecurityScorecard Snags Driftnet to Level Up Threat IntelligenceThe new acquisition looks to boost visibility into third-party ecosystems that are becoming a bigger concern as vectors for supply-chain attacks.DARKREADING.COM
14 MayDefense in depth for autonomous AI agentsAs AI agents gain autonomy, defense in depth must evolve, with application-layer design, identity, and human oversight at the center. The post Defense in depth for autonomous AI agents appeared first on Microsoft Security Blog .MICROSOFT.COM
14 MayKazuar: Anatomy of a nation-state botnetKazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for years and continues to evolve in support of espionage-focused operations. Over time, Kazuar has expanded from a relatively traditional backdoor in…MICROSOFT.COM
13 MayISC Stormcast For Wednesday, May 13th, 2026 https://isc.sans.edu/podcastdetail/9930, (Wed, May 13th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
13 MayAndroid pushes new scam, theft, and AI protections in 2026 update wavePhone scammers spoofing bank caller IDs have driven an estimated $980 million in annual losses worldwide, according to Europol. Android’s 2026 security roadmap takes direct aim at that pattern with a verified call system built in partnership with banks, alongside a wider se…HELPNETSECURITY.COM
13 MayThe hidden risk of non-human identities in AI adoptionAn employee with persistent, unsupervised admin access across critical systems, with no audit trail, no clear owner, and no regular access reviews, would raise immediate concern in most organizations. Yet non-human identities and AI agents are often granted that same kind of pers…HELPNETSECURITY.COM
13 MayFake FinalShell and Xshell Sites Push Kong RAT MalwareHackers are abusing fake download sites for popular tools like FinalShell and Xshell to deliver a new remote access trojan known as Kong RAT, in a highly staged and stealthy campaign that ran from at least May 2025 through March 2026. In this campaign, attackers poisoned search e…GBHACKERS.COM
13 MayProton Pass rated “well above par” in independent security auditProton Pass password manager has passed an independent security audit conducted by Recurity Labs, that described the product’s overall security posture as “well above par.” The audit, commissioned by Proton and carried out between January and April 2026, examined the Proton Pass …CYBERINSIDER.COM
13 MayOpenAI’s GPT-5.5 is as Good as Mythos at Finding Security VulnerabilitiesThe UK’s AI Security Institute evaluated GPT-5.5’s ability to find security vulnerabilities, and found that it is comparable to Claude Mythos. Note that the OpenAI model is generally available. Here is the Institute’s evaluation of Mythos. And here is an analysi…SCHNEIER.COM
13 MayLW ROUNDTABLE: Microsoft Edge normalizes credential exposure — security pros push backBy design. Two words that have done an awful lot of heavy lifting in the cybersecurity industry over the years. They tend to surface whenever a vendor wants to wave off a serious finding without fixing it. Related: The unending … (more…) The post LW ROUNDTABLE: Microsoft Ed…LASTWATCHDOG.COM
13 MayAndroid adds ‘Intrusion Logging’ system to detect spyware attacksGoogle has unveiled a new Android security feature called “Intrusion Logging,” a forensic logging system designed to help investigators detect spyware attacks and infections on mobile devices. The capability is rolling out as part of Android Advanced Protection Mode (AAPM) and wa…CYBERINSIDER.COM
13 MayAI Agents Generate Custom Hacking Tools on the FlyTwo threat campaigns heavily leveraged AI agents to support attacks against entities in Mexico and Brazil.DARKREADING.COM
13 MayChina's 'FamousSparrow' APT Nests in South Caucasus Energy FirmThe cyberthreat group targets an Azerbaijani oil and gas firm with repeated attacks, as the China-linked actors extend targeting beyond hospitality, telecom, and government sectors.DARKREADING.COM
13 MayThe Rise of Cyber Threats and AI in the Philippines: A New Era Beyond Legacy SecurityIntroduction The Philippines, like many other nations, is witnessing a dramatic increase in cyber threats, fueled by the rapid adoption of digital technologies and the proliferation of sophisticated cybercriminals. This article examines the evolution of cyber threats in the Phili…KNOWBE4.COM
13 MayDaybreak is OpenAI’s answer to the AI arms race in cybersecurityWith Daybreak, OpenAI is taking direct aim at Anthropic's tightly restricted Mythos model, offering a more open — but still carefully gated — path to AI-powered cyber defense. The post Daybreak is OpenAI’s answer to the AI arms race in cybersecurity appeared first on CyberS…CYBERSCOOP.COM
13 MayOpenAI launches Daybreak to combat cyber threatsThe cybersecurity initiative uses AI to detect software vulnerabilities, partnering with Cloudflare, Cisco and CrowdStrike to counter threats.CYBERSECURITYDIVE.COM
13 MayWhatsApp adds Incognito Chat for private Meta AI conversationsThe company launched Incognito Chat with Meta AI, a feature that lets users hold AI conversations the platform itself cannot read. The rollout will reach WhatsApp and the standalone Meta AI app over the coming months. How Incognito Chat works Incognito Chat runs on top of Meta…HELPNETSECURITY.COM
13 MayWeaponized AI: The new frontier of fraud and identity spoofingAs fake identity fraud is projected to cause $40 billion in losses next year, leaders must abandon static security in favor of rapid-iteration, AI-enabled defenses that adapt in days, not months. The post Weaponized AI: The new frontier of fraud and identity spoofing appeared fir…CYBERSCOOP.COM
13 MayGoogle Introduces Googlebook, a Gemini-First Laptop PlatformGooglebook brings Gemini Intelligence, Magic Pointer, Android app support, phone integration, and premium hardware to Google’s new laptop platform. The post Google Introduces Googlebook, a Gemini-First Laptop Platform appeared first on TechRepublic .TECHREPUBLIC.COM
13 MayTIOBE Index for May 2026: R Ascends as Statistical Tools ConsolidateMay 2026 TIOBE Index keeps Python #1 as Java edges past C++. R climbs to #8, and Paul Jansen says statistical tools are consolidating around Python and R. The post TIOBE Index for May 2026: R Ascends as Statistical Tools Consolidate appeared first on TechRepublic .TECHREPUBLIC.COM
13 MayDOJ releases legal rationale for nationwide voter data collectionThe memo claims a robust executive branch role vetting voter eligibility. One Secretary of State called it a “fantasy” that “isn’t worth the paper it’s printed on.” The post DOJ releases legal rationale for nationwide voter data collection appeared first on CyberScoop .CYBERSCOOP.COM
13 MayWhatsApp launches “Incognito Chat” for private AI conversationsMeta has announced “Incognito Chat with Meta AI,” a new private AI chat mode for WhatsApp and the Meta AI app. The feature is built on the firm’s existing “Private Processing” infrastructure and is designed for sensitive AI interactions involving personal, financial, health, or w…CYBERINSIDER.COM
13 MayAI Won’t Invent the FutureBen Carr argues that most AI systems — especially LLMs — are exceptional at processing and reusing existing information, but not necessarily creating fundamentally new approaches. They can optimize workflows, summarize knowledge, and accelerate execution. But true process inventi…YOUTUBE.COM
13 MayAttackers Weaponize RubyGems for Data Dead DropsThreat actors are publishing RubyGems packages that include scrapers targeting public-facing UK government servers, but with no clear objective.DARKREADING.COM
13 MayResearchers say AI just broke every benchmark for autonomous cyber capabilityTwo independent studies found that Anthropic's Claude Mythos Preview and OpenAI's GPT-5.5 have outpaced every trend line researchers were tracking. No one is sure if this is a one-time leap or the new normal. The post Researchers say AI just broke every benchmark for autonomous c…CYBERSCOOP.COM
13 MayClosed briefing sets stage for House hearing on Anthropic’s Mythos and cyber risksThe committee held a closed briefing Wednesday with company reps, and more oversight is in the works. The post Closed briefing sets stage for House hearing on Anthropic’s Mythos and cyber risks appeared first on CyberScoop .CYBERSCOOP.COM
12 MayISC Stormcast For Tuesday, May 12th, 2026 https://isc.sans.edu/podcastdetail/9928, (Tue, May 12th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
12 MayThe hidden smart fridge risks that emerge years after purchaseHousehold refrigerators are built to last more than a decade. The software, cloud services, and mobile apps that control them are not. A new analysis from Erik Buchmann at Leipzig University maps what happens when those two timelines collide, and the findings reach further than t…HELPNETSECURITY.COM
12 MayCybersecurity jobs available right now: May 12, 2026Application Security Engineer Total Quality Logistics | USA | On-site – View job details As an Application Security Engineer, you will design, implement, and maintain security controls across the software development lifecycle. You will work closely with engineeri…HELPNETSECURITY.COM
12 MayTrickMo Android Malware Targets Banking, Wallet, and Authenticator AppsTrickMo, the Android banking malware, has resurfaced with a significantly redesigned architecture, targeting banking, fintech, wallet, and authenticator applications while introducing advanced stealth and network capabilities. Rather than introducing entirely new user-facing func…GBHACKERS.COM
12 MayMini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More PackagesTeamPCP, the threat actor behind the recent supply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign. The affected npm packages have …THEHACKERNEWS.COM
12 MayFake TronLink Chrome Extension Steals Crypto Wallet CredentialsA newly uncovered phishing campaign is targeting TRON wallet users through a deceptive Chrome extension that mimics the popular TronLink wallet. The campaign highlights how modern browser extension abuse is evolving beyond static code inspection, making detection significantly ha…GBHACKERS.COM
12 MayNorth Korea Hackers Abuse Git Hooks to Deploy Cross-Platform MalwareNorth Korean threat actors have introduced a stealthy new delivery mechanism in their ongoing “Contagious Interview” campaign, shifting tactics to abuse Git hooks for malware execution. The attack begins with a familiar social engineering lure. Victims, often developers targeted …GBHACKERS.COM
12 MayAI is separating the companies built to scale from the ones built to sellStartups are scaling faster, attackers are getting smarter, and investors are getting more selective. The cybersecurity industry is in the middle of a reset. The post AI is separating the companies built to scale from the ones built to sell appeared first on CyberScoop .CYBERSCOOP.COM
12 MayThe Civil War Spies and Saboteurs Across the Canadian BorderIt’s 1864, and against the backdrop of the US Civil War- a war the Confederacy is losing- a group of spies and saboteurs have set up a base in Montreal, Canada. Today we would call this a sanctuary or a safe haven. Canada would become home to several infamous Confederate missions…THECYBERWIRE.COM
12 MaySignal rolls out new protections against impersonation attacksSignal has announced a new set of in-app protections designed to help users identify phishing attempts and social engineering scams on the encrypted messaging platform. The changes introduce additional warning prompts, profile verification notices, and expanded safety guidance to…CYBERINSIDER.COM
12 MayVidar Stealer Campaign Evades EDR to Steal CredentialsA new Vidar Stealer campaign is abusing trusted tools, multi‑stage loaders, and heavy obfuscation to bypass EDR visibility and steal credentials from infected systems silently. This operation shows a clear shift toward “living‑off‑the‑land” techniques and stealthy backdoor archit…GBHACKERS.COM
12 MayAI and an absent government: Takeaways from RSAC 2026Cybersecurity professionals spent the recent conference discussing the balance between autonomy and oversight.CYBERSECURITYDIVE.COM
12 MayCyberheistNews Vol 16 #19 Crafty Criminals Continue to Pose as Help Desks in Social Engineering AttacksKNOWBE4.COM
12 MayGeneral Motors to pay $12.75 million over driver data salesGeneral Motors has agreed to a $12.75 million settlement with California over allegations that it unlawfully sold drivers’ location and behavioral data to brokers, marking the largest penalty in the history of the state’s Consumer Privacy Act. Prosecutors say GM made …HELPNETSECURITY.COM
12 MayDownload: The IT and security field guide to AI adoptionSecurity and IT teams are under pressure to adopt AI, but many are seeing the opposite of what was promised. Tools that demo well don’t hold up in real workflows. Complexity increases. Trust breaks down. And instead of reducing workload, AI can introduce new risks and oversight b…HELPNETSECURITY.COM
12 MayAI Can’t Detect Malicious IntentRob Allen describes a limitation in AI systems: they do not reliably understand user intent. A request may be rejected when framed explicitly as malicious, but accepted when reframed in a neutral or technical way that produces a similar outcome. This creates inconsistent behavior…YOUTUBE.COM
12 MayThis Samsung 4TB Portable SSD Moves Files at 2,000 MB/s For $1KThe Samsung T9 delivers read and write speeds of up to 2,000 MB/s, making large file transfers feel instant. The post This Samsung 4TB Portable SSD Moves Files at 2,000 MB/s For $1K appeared first on TechRepublic .TECHREPUBLIC.COM
12 MayVeeam Intelligent ResOps unifies data context and recoveryVeeam Software announced Veeam Intelligent ResOps, a new solution that unifies data context and recovery operations. As agentic AI accelerates change at machine speed, Intelligent ResOps gives teams the insight they need into their data to quickly understand impact and recover pr…HELPNETSECURITY.COM
12 MayFIRESIDE CHAT: Cyber insurers deepen SMB security role as supply chain attacks spreadThe cyber insurance industry set out to manage financial risk. Along the way, it has quietly became the security operations provider for a significant share of American small businesses. An $11 billion acquisition agreement announced earlier this year suggests it … (more…) …LASTWATCHDOG.COM
12 MayThreatDown ITDR prevents credential-based attacksThreatDown, the former corporate business unit of Malwarebytes, launched ThreatDown Identity Threat Detection and Response (ITDR). ITDR is a new product that helps security teams monitor identities to detect suspicious activity, misconfigurations, and active attacks targeting use…HELPNETSECURITY.COM
12 MaySAP unveils Autonomous Enterprise for AI-driven business operationsSAP introduced the Autonomous Enterprise to help enhance the world’s most critical business workflows, so that humans and AI work together to meet the accelerating demands of global business profitably, strategically and safely. “For the mission-critical processes of our customer…HELPNETSECURITY.COM
12 MayGoogle and Amnesty International teamed up to make it harder for spyware vendors to hideIntrusion Logging marks the first feature from a major device vendor to aid with forensic detection of sophisticated threats, Amnesty International said. The post Google and Amnesty International teamed up to make it harder for spyware vendors to hide appeared first on CyberScoop…CYBERSCOOP.COM
12 MayOver 1 Million Baby Monitors, Security Cameras Exposed Through Meari FlawsMeari IoT flaws reportedly exposed baby monitor images, camera activity, and device data across more than 1 million connected devices. The post Over 1 Million Baby Monitors, Security Cameras Exposed Through Meari Flaws appeared first on TechRepublic .TECHREPUBLIC.COM
12 MaySamsung Galaxy Watch Glucose Tracking: What Works Now and What Doesn’tSamsung Galaxy Watch can show compatible CGM glucose data today while Samsung works on future non-invasive blood sugar tracking features. The post Samsung Galaxy Watch Glucose Tracking: What Works Now and What Doesn’t appeared first on TechRepublic .TECHREPUBLIC.COM
12 May6 Best ChatGPT Photo Editing Trends in 2026 (With Prompts to Try)Explore the biggest ChatGPT photo editing trends of 2026, from caricatures and toy-style portraits to nostalgic film edits and AI collages. The post 6 Best ChatGPT Photo Editing Trends in 2026 (With Prompts to Try) appeared first on TechRepublic .TECHREPUBLIC.COM
12 MayTomato, JDownloader, TempPCP, Bad Vibes, Dirty Frag, Giedi Prime, Aaran Leyland - SWN #580Tomato, JDownloader, TempPCP, Bad Vibes, Dirty Frag, Marketing, Shai Haluds, Giedi Prime, Aaran Leyland, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-580YOUTUBE.COM
12 MayFedora Hummingbird brings the container security model to a Linux host OSContainer image security pipelines have spent the past several years pushing toward minimal footprints, hermetic builds, and continuous CVE remediation. The Fedora Project is now applying that same approach to the host operating system. At Red Hat Summit 2026, Fedora announced Fe…HELPNETSECURITY.COM
11 MayISC Stormcast For Monday, May 11th, 2026 https://isc.sans.edu/podcastdetail/9926, (Mon, May 11th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
11 MayTop 10 Best Secure Code Review Services For Developers in 2026In the rapidly evolving landscape of software development, where speed and agility often take precedence, the imperative for robust security cannot be overstated. With cyber threats becoming increasingly sophisticated and the attack surface expanding due to complex architectures …GBHACKERS.COM
11 MayTop 10 Best DevSecOps Companies For Secure SDLC 2026In the fast-paced world of software development, where agility and speed are paramount, security often struggles to keep pace. The traditional “bolt-on” security approach, where security checks are performed at the end of the Software Development Life Cycle (SDLC), is…GBHACKERS.COM
11 MayCheckmarx Jenkins Plugin Backdoored in New TeamPCP Supply Chain AttackCheckmarx Jenkins Plugin Backdoored in New TeamPCP Supply Chain Attack It hasn’t been long since TeamPCP made headlines for compromising Checkmarx’s GitHub Actions and OpenVSX extensions as part of a sprawling supply chain campaign. Now the same threat actor is back; and this tim…SOCRADAR.IO
11 MayOpenClaw Malware Targets Crypto Wallets and Bitwarden CredentialsOpenClaw users are being targeted in a fresh malware campaign that abuses a fake installer to steal credentials from popular crypto wallets and password managers, including MetaMask, Phantom, and Bitwarden. The archive contains a 130MB Rust executable padded with fake documentati…GBHACKERS.COM
11 MayThe missing cybersecurity leader in small businessAs AI and quantum threats target the backbone of the American economy, Washington must provide the guidance and incentives necessary for SMBs to access executive-level cyber expertise. The post The missing cybersecurity leader in small business appeared first on CyberScoop .CYBERSCOOP.COM
11 MayFake Claude Campaign Uses PlugX-Style DLL Sideloading ChainHackers are abusing a fake Claude AI download site to deliver a PlugX‑style DLL sideloading chain that ultimately deploys a new Windows backdoor dubbed “Beagle.” The campaign blends malvertising, a trojanized installer, and signed security software components to achieve stealthy …GBHACKERS.COM
11 MayTrending Hugging Face Repo With 200K Downloads Spreads Windows MalwareA malicious Hugging Face repository, Open-OSS/privacy-filter, that abused the platform’s trust and trending algorithm to deliver a sophisticated Rust-based infostealer to Windows users. The project briefly reached the #1 trending position with roughly 244,000 downloads and hundre…GBHACKERS.COM
11 MaySandboxie Escape Flaw Could Let Attackers Gain SYSTEM-Level PrivilegesSecurity researchers have exposed critical sandbox escape vulnerabilities in Sandboxie and Sandboxie-Plus that allow attackers to gain full SYSTEM-level privileges. We strongly urge users to update to version 1.17.5, which was recently patched, to mitigate these severe execution …GBHACKERS.COM
11 MayInstagram messaging encryption removed, and privacy advocates are pushing backAfter introducing optional end-to-end encrypted messaging in 2023, Instagram announced in March 2026 that encryption for direct messages would be discontinued, and the feature was removed on May 8. The change allows Instagram to access direct message content, including images, vi…HELPNETSECURITY.COM
11 MayThe questionnaire-based TPRM model is broken, and TrustCloud has a fixTrustCloud announced a new version of TrustLens, its third party risk management (TPRM) solution. The new TrustLens agentic AI capabilities focus on delivering four requirements every CISO wants in their TPRM program: speed, accuracy, coverage, and proactive risk mitigation. In t…HELPNETSECURITY.COM
11 MayLLMs and Text-in-Text SteganographyTurns out that LLMs are really good at hiding text messages in other text messages.SCHNEIER.COM
11 MayNew cybersecurity industry alliance aims to lead US critical infrastructure protectionThe new Alliance for Critical Infrastructure’s biggest goal: changing how the U.S. plans for a major cybersecurity crisis.CYBERSECURITYDIVE.COM
11 MayPython Infostealer Hides in GitHub Releases to Bypass DetectionA stealthy Python-based infostealer campaign that abuses GitHub Releases to host payloads and maintain long-term, low‑visibility access to victim systems. The operation, dubbed “Operation HumanitarianBait” in some reporting, appears designed for cyberespionage against Russian‑spe…GBHACKERS.COM
11 MaySailPoint Agentic Fabric expands identity governance to autonomous AI agentsSailPoint has introduced SailPoint Agentic Fabric, a new platform designed to help enterprises secure AI agents and other non-human identities at scale. As organizations deploy autonomous AI agents across cloud environments, applications, and endpoints, they face a growing govern…HELPNETSECURITY.COM
11 MayGoogle’s new reCAPTCHA system restricts access to the open webGoogle’s latest reCAPTCHA changes are drawing backlash from privacy advocates and developers of alternative mobile operating systems, who argue the system effectively locks users out of websites unless they use Google-approved devices and software. The controversy centers on Goog…CYBERINSIDER.COM
11 MayLyrie.ai Joins First Batch of Anthropic’s Cyber Verification ProgramDubai, UAE, May 11th, 2026, CyberNewswire Dubai-founded OTT Cybersecurity LLC also unveils the Agent Trust Protocol (ATP), the first open cryptographic standard for AI agent identity, scope, and action verification — slated for IETF submission. OTT Cybersecurity LLC, the company …GBHACKERS.COM
11 MayApple, Intel Reportedly Near Chip Deal That Could Reduce TSMC RelianceApple and Intel reportedly reached an early chip manufacturing agreement that could reduce Apple’s TSMC reliance and boost Intel’s foundry ambitions. The post Apple, Intel Reportedly Near Chip Deal That Could Reduce TSMC Reliance appeared first on TechRepublic .TECHREPUBLIC.COM
11 MayMicrosoft’s Voluntary Retirement Offer: New Details Reveal Who QualifiesMicrosoft is offering longtime US employees severance, healthcare, and stock vesting through its first voluntary retirement program. The post Microsoft’s Voluntary Retirement Offer: New Details Reveal Who Qualifies appeared first on TechRepublic .TECHREPUBLIC.COM
11 MayYour Team of 10 Gets This AI Project Management Platform for Just $99Lyra combines issue tracking, sprints, Kanban, Gantt charts, and AI assistance for teams of up to 10 users. The post Your Team of 10 Gets This AI Project Management Platform for Just $99 appeared first on TechRepublic .TECHREPUBLIC.COM
11 MaySS&C Intralinks FundCentre AI vs. Juniper Square: Which platform better supports modern private markets fund managers?As private markets firms expand beyond single-asset strategies, platform limitations become more visible. FundCentre AI and Juniper Square take different approaches to scale, reporting, and operational efficiency. The post SS&C Intralinks FundCentre AI vs. Juniper Square: Wh…TECHREPUBLIC.COM
11 MaymacOS 27 May Get a New Look: Here’s What Apple Could ChangeApple’s reported macOS 27 redesign may reveal how far the company is willing to adjust Liquid Glass after Tahoe’s rocky debut. The post macOS 27 May Get a New Look: Here’s What Apple Could Change appeared first on TechRepublic .TECHREPUBLIC.COM
11 MayEntries now open for the 2026 CSO30 Australia AwardsNominations are now open for the 2026 CSO30 Australia Awards , celebrating the country’s most effective and influential cybersecurity leaders. The CSO30 Awards will once again be held alongside the CIO50 Award s, bringing together Australia’s leading technology and security execu…CSOONLINE.COM
11 MayNews Alert: Lyrie.ai joins Anthropic verification program, unveils protocol for securing AI agentsDUBAI, United Arab Emirates, May 11, 2026, CyberNewswire—Dubai-founded OTT Cybersecurity LLC today announced acceptance into Anthropic’s Cyber Verification Program and unveiled the Agent Trust Protocol (ATP), an open cryptographic standard for AI agent identity, scope and action …LASTWATCHDOG.COM
11 MayTikTok Launches £3.99 Ad-Free Plan for UK UsersTikTok is rolling out a £3.99 ad-free subscription in the UK, giving adults a paid option while keeping its free ad-supported feed in place. The post TikTok Launches £3.99 Ad-Free Plan for UK Users appeared first on TechRepublic .TECHREPUBLIC.COM
11 MayMac Users Warned Over Fake Claude Install InstructionsHackers are using Google Ads and Claude shared chats to target Mac users with fake setup instructions that can install malware. The post Mac Users Warned Over Fake Claude Install Instructions appeared first on TechRepublic .TECHREPUBLIC.COM
11 May1.8 Billion Gmail Users May Want to Check This AI Privacy SettingGoogle’s new Gmail AI personalization features are raising privacy concerns. Here’s what users should know and how to review smart settings. The post 1.8 Billion Gmail Users May Want to Check This AI Privacy Setting appeared first on TechRepublic .TECHREPUBLIC.COM
11 MayFCC moves to impose “Know Your Customer” rules for VoIP providersThe Federal Communications Commission (FCC) has proposed stricter “Know Your Customer” (KYC) requirements for voice service providers as part of a broader effort to stop illegal robocalls before they enter US telecommunications networks. The proposal would require providers to pe…CYBERINSIDER.COM
11 MayiOS 26.5 is out, bringing encrypted RCS messaging to iPhone and Android usersApple is bringing long-awaited end-to-end encryption to Rich Communication Services (RCS) messaging between iPhone and Android users in iOS 26.5. The feature is launching in beta for iPhone users running iOS 26.5 on supported carriers and Android users using the latest version of…HELPNETSECURITY.COM
11 MayPressure mounts on Canvas as data leak extortion deadline loomsAttackers affiliated with The Com are threatening to leak data from more than 8,800 school systems if Instructure doesn’t pay a ransom. The post Pressure mounts on Canvas as data leak extortion deadline looms appeared first on CyberScoop .CYBERSCOOP.COM
10 MayYARA-X 1.16.0 Release, (Sun, May 10th)YARA-X&#;x26;#;39;s 1.16.0 release brings 4 improvements and 4 bugfixes.
ISC.SANS.EDU
9 MayThe spy who logged me in.Mark Kelly, Staff Threat Researcher at Proofpoint, is discussing their work on "I’d come running back to EU again: TA416 resumes European government espionage campaigns." China-linked threat group TA416 has resumed large-scale phishing and malware campaigns targeting European…THECYBERWIRE.COM
9 MayTCLBANKER Malware Leverages WhatsApp and Outlook Worm Features in Active AttacksA sophisticated Brazilian banking trojan named TCLBANKER, deployed through a trojanized Logitech installer and capable of hijacking victims’ WhatsApp and Outlook accounts to spread itself to new targets. The campaign, tracked as REF3076, delivers TCLBANKER through a malicio…GBHACKERS.COM
9 MayAI Coding Agents Need SandboxesThe speaker argues that AI coding agents should be treated like privileged automation systems, not harmless autocomplete tools. Recommended controls include containerization, disposable workspaces, restricted network access, detailed process logging, and manual review of configur…YOUTUBE.COM
8 MayISC Stormcast For Friday, May 8th, 2026 https://isc.sans.edu/podcastdetail/9924, (Fri, May 8th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
8 MayNew infosec products of the week: May 8, 2026Here’s a look at the most interesting products from the past week LastPass, Operant AI, Sysdig, and VIAVI. Operant AI Endpoint Protector secures AI agents and MCP tools Operant AI has launched Operant Endpoint Protector, a new addition to its AI Defense Platform that enables ente…HELPNETSECURITY.COM
8 MayYour coworker might be selling company logins, and thinks it’s fineEmployee behavior once considered unacceptable is becoming tolerated across various industries, particularly in IT and telecommunications, and at all levels of seniority, including leadership. Cifas Workplace Fraud Trends research, based on a survey of 2,000 UK employees working …HELPNETSECURITY.COM
8 MayNew Infostealer Campaign Abuses GitHub Releases to Hide Malware PayloadsA new cyberespionage campaign that abuses GitHub Releases and a PE-less Python implant to steal data from targeted Windows systems quietly. The operation combines social engineering, trusted cloud infrastructure, and multi-stage obfuscation to maintain long-term, covert access to…GBHACKERS.COM
8 MayPCPJack Worm Targets Docker, Kubernetes, Redis, and MongoDB CredentialsA newly identified malware framework dubbed PCPJack is targeting exposed cloud and container infrastructure to steal credentials at scale while actively removing artifacts linked to the TeamPCP threat actor. Unlike typical cloud-focused campaigns, PCPJack skips cryptomining entir…GBHACKERS.COM
8 MayTransilience AI unveils Security Operating System for cloud remediationTransilience AI has announced the general availability of its Full Stack Security Operating System for the cloud, platform designed to solve one of enterprise security’s most persistent challenges: bridging the gap between detection and remediation. New platform replaces fragment…HELPNETSECURITY.COM
8 MayObject First Fleet Manager simplifies distributed backup storageObject First released Object First Fleet Manager, a cloud-based service that simplifies the management of distributed Ootbi backup storage deployments for Veeam Software environments. Built for enterprises and service providers with distributed backup storage infrastructures, Fle…HELPNETSECURITY.COM
8 MayRoblox chat moderation gets bypassed by leet speak and code wordsRoblox runs an automated chat filter at the scale of billions of messages per day. An independent audit of about two million chat messages from four of the platform’s most popular games shows that filter missing a wide range of harmful interactions, including grooming attem…HELPNETSECURITY.COM
8 MaySigned Logitech Installer Abused to Drop TCLBANKER Banking TrojanHackers are abusing a signed Logitech installer to stealthily deploy a new Brazilian banking trojan known as TCLBANKER, giving threat actors a powerful tool to steal financial data and self‑propagate through popular communication platforms. The malware specifically targets Brazil…GBHACKERS.COM
8 MaySecuronix launches AI threat research agent and ThreatWatch validation toolSecuronix announced the Securonix Threat Research Agent and ThreatWatch for ThreatQ, expanding how security teams research threats, validate exposure, and turn intelligence into documented action. Built on the ThreatQ platform and connected to Securonix security operations workfl…HELPNETSECURITY.COM
8 MayOpenAI tunes GPT-5.5-Cyber for more permissive security workflowsOpenAI is rolling out GPT-5.5-Cyber, a variant of its latest AI model, in limited preview for verified cybersecurity professionals and organizations through its Trusted Access for Cyber program. Trusted Access for Cyber is OpenAI’s identity and trust-based access framework for cy…HELPNETSECURITY.COM
8 MayZiChatBot Malware Abuses Zulip APIs for Stealthy C2 OperationsA new cross‑platform malware family, dubbed ZiChatBot, that abuses the trusted Python Package Index (PyPI) ecosystem and the Zulip team chat platform to run a stealthy command‑and‑control (C2) channel. During routine threat hunting, analysts observed a series of malicious wheel p…GBHACKERS.COM
8 MayGoogle is turning Android Studio into a policy watchdogGoogle has expanded Play Policy Insights in Android Studio to help developers catch policy issues while coding, including warnings for common problems such as missing login credentials. Later this year, developers who connect their Play developer account directly to Android Studi…HELPNETSECURITY.COM
8 MayModular RAT Campaign Steals Credentials and Captures ScreenshotsA sophisticated spear-phishing campaign, dubbed Operation GriefLure, targeting senior executives in Vietnam and the Philippines with a stealthy modular remote access trojan (RAT). The campaign focuses on high-value organizations, including Viettel Group Vietnam’s largest military…GBHACKERS.COM
8 MayFake OpenClaw Installer Targets Crypto Wallets and Password ManagersHackers are abusing a fake OpenClaw installer to deploy a modular Rust-based infostealer framework dubbed Hologram, aimed at harvesting credentials from more than 250 crypto wallet and password manager browser extensions while hiding behind trusted cloud and messaging services. T…GBHACKERS.COM
8 MayFlaw in Claude’s Chrome extension allowed ‘any’ other plugin to hijack victims’ AIAgentic AI is more popular than ever, but researchers keep finding trivial ways to hijack LLMs for nefarious purposes. The post Flaw in Claude’s Chrome extension allowed ‘any’ other plugin to hijack victims’ AI appeared first on CyberScoop .CYBERSCOOP.COM
8 MaySOCRadar Recognized in the 2026 Gartner® Magic Quadrant™ for Cyberthreat Intelligence TechnologiesSOCRadar Recognized in the 2026 Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies SOCRadar is positioned as a Visionary in the inaugural Magic Quadrant report for Threat Intelligence, which helps leaders evaluate the right CTI technologies against the most impact…SOCRADAR.IO
8 MaySen. Schumer seeks DHS plan on AI cyber coordination with state, local governmentsThe Senate’s top Democrat is worried about smaller government entities being left behind as AI models advance hacking risks. The post Sen. Schumer seeks DHS plan on AI cyber coordination with state, local governments appeared first on CyberScoop .CYBERSCOOP.COM
8 MayFriday Squid Blogging: Giant Squid Live in the Waters of Western AustraliaEvidence of them has been found by analyzing DNA in the seawater. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.SCHNEIER.COM
7 MayNorth Korean hackers targeted ethnic Koreans in China with Android ‘BirdCall’ malwareResearchers at cybersecurity firm ESET attributed the campaign to APT37 and said the hackers used a backdoor attached to a suite of card games from a company called Sqgame.THERECORD.MEDIA
7 MayISC Stormcast For Thursday, May 7th, 2026 https://isc.sans.edu/podcastdetail/9922, (Thu, May 7th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
7 MayAn Adaptive Cyber Analytics UI for Web Honeypot Logs [Guest Diary], (Wed, May 6th)[This is a Guest Diary by Eric Roldan, an ISC intern as part of the SANS.edu BACS program]
ISC.SANS.EDU
7 MayWatchGuard Agent Flaws Allow Attackers to Gain Full SYSTEM Privileges on WindowsMultiple high-severity vulnerabilities in the WatchGuard Agent for Windows could allow malicious actors to elevate their privileges to the highest system level or disrupt critical security services. With CVSS scores up to 8.5, these vulnerabilities pose a significant risk to orga…GBHACKERS.COM
7 MayFake Disk Cleanup Apps Fuel New macOS ClickFix AttackA wave of ClickFix-style social engineering attacks that specifically target macOS users, using fake disk cleanup and system utility tips hosted on popular content platforms. Instead of installing helpful tools, these Terminal commands silently fetch and execute infostealers such…GBHACKERS.COM
7 MayMulti-model AI is creating a routing headache for enterprisesApplication teams are moving AI inference into production systems that support business operations. Enterprises are expanding traffic management, identity controls, observability, and routing systems for multiple AI models and environments. F5’s 2026 State of Application Strategy…HELPNETSECURITY.COM
7 MayMalicious NuGet Packages Steal Browser Credentials, SSH Keys, and Crypto WalletsMalicious NuGet packages are quietly stealing browser credentials, SSH keys, and cryptocurrency wallet data from developer machines and CI/CD infrastructure, with a particular focus on Chinese .NET ecosystems. The campaign blends legitimate-looking UI and infrastructure libraries…GBHACKERS.COM
7 MayRed Hat Enterprise Linux adds post-quantum security and AI-driven automation in latest releasesRed Hat has announced the upcoming general availability of Red Hat Enterprise Linux 10.2 and 9.8. Building on the innovation of Red Hat Enterprise Linux 10, the latest versions help address security threats, speed AI innovation and minimize operational drift. What Red Hat announc…HELPNETSECURITY.COM
7 MayGoogle Chrome 148 Released With Fixes for 127 Security FlawsGoogle has officially rolled out Chrome version 148 to the stable channel, delivering a massive security overhaul that addresses 127 vulnerabilities across Windows, Mac, and Linux. The update, now available as version 148.0.7778.96 for Linux and 148.0.7778.96 or 148.0.7778.97 for…GBHACKERS.COM
7 MayWhy “Trusted Publishing” Can’t Save Us from Social Engineeringsubmitted by codeinabox to security 1 points | 0 comments https://adventures.nodeland.dev/archive/why-trusted-publishing-can-t-save-us/PROGRAMMING.DEV
7 MayDaemon Tools Developer Confirms Software Was TrojanizedA China-linked threat actor backdoored a version of Daemon Tools to infect thousandsINFOSECURITY-MAGAZINE.COM
7 MaySmart Glasses for the AuthoritiesICE is developing its own version of smart glasses, with facial recognition tied to various databases.SCHNEIER.COM
7 MayHackers Weaponize Claude AI in Attacks on Water and Drainage UtilitiesHackers have abused commercial Claude AI models to help compromise a Mexican water and drainage utility’s IT network and probe systems connected to critical infrastructure. The attackers used Claude as an operational “copilot” to discover industrial systems, build custom tools, a…GBHACKERS.COM
7 MayFake Claude AI Installers Used to Spread Malware in New Cyber ScamHackers are abusing fake Claude AI installer pages promoted through Google Ads to trick users into running malware in a campaign. The operation combines highly realistic install guides with a stealthy, multi‑stage infection chain that abuses trusted Windows components, fileless e…GBHACKERS.COM
7 MayFake Call History Apps on Google Play Steal Payments, Hit 7.3M+ Downloads28 fake “call history” utilities on Google Play, collectively installed more than 7.3 million times, have been exposed as subscription scams that generate fabricated logs instead of real phone records, with several also bypassing Google’s official billing system to make refunds h…GBHACKERS.COM
7 MayAmerican duo sentenced for hosting laptop farms for North Korean IT workersThe men’s separate schemes impacted almost 70 U.S. companies and generated a combined $1.2 million in revenue for the North Korean regime. The post American duo sentenced for hosting laptop farms for North Korean IT workers appeared first on CyberScoop .CYBERSCOOP.COM
7 MayManual Changes Break SecurityModern infrastructure practices define servers, databases, and networks entirely as code, eliminating manual changes after deployment. This approach reduces configuration drift and increases consistency, making systems easier to secure and audit. By enforcing policies during the …YOUTUBE.COM
7 MayGoogle Seeks EU Deal Over ‘Parasite SEO’ News RankingsGoogle reportedly proposed EU search changes to address concerns about news rankings, publisher revenue, and potential fines under the Digital Markets Act. The post Google Seeks EU Deal Over ‘Parasite SEO’ News Rankings appeared first on TechRepublic .TECHREPUBLIC.COM
7 MayAndroid 17: Everything We Know About Google’s Biggest Year YetAndroid 17 rumors point to Motion Assist, App Bubbles, native app locking, Gemini updates, and Android XR news ahead of Google I/O 2026. The post Android 17: Everything We Know About Google’s Biggest Year Yet appeared first on TechRepublic .TECHREPUBLIC.COM
7 MayApple’s $250M Siri Settlement Could Pay Eligible iPhone BuyersApple’s proposed $250M Siri settlement could pay eligible iPhone buyers. See who qualifies, how much they could receive, and what comes next. The post Apple’s $250M Siri Settlement Could Pay Eligible iPhone Buyers appeared first on TechRepublic .TECHREPUBLIC.COM
7 MayThis Dell 15 Laptop Offers a Sensible Daily Driver Setup for Just $307The Core 3 CPU, 8GB RAM, and 512GB SSD deliver smooth multitasking for office apps, browsing, and meetings. The post This Dell 15 Laptop Offers a Sensible Daily Driver Setup for Just $307 appeared first on TechRepublic .TECHREPUBLIC.COM
7 MayWorld Password Day 2026: Treat Identity as the Perimeter (and Act Like It)World Password Day is no longer just a nudge to pick stronger passwords, it’s a moment to rethink identity. Attackers rarely “hack” systems today; they log in as you. Combine expert guidance on phishing, MFA, password managers, behavioral defenses, and new threats from AI and qua…KNOWBE4.COM
7 MayNew TCLBANKER malware self-spreads through WhatsApp and OutlookA new banking trojan named TCLBANKER spreads through victims’ own WhatsApp and Microsoft Outlook accounts, allowing the malware to propagate autonomously. According to researchers at Elastic Security Labs, TCLBANKER appears to be a major evolution of the previously documented SOR…CYBERINSIDER.COM
7 MayMac Studio, Mac mini Buyers Are Losing Options Amid AI DemandApple reportedly removed several high-memory Mac Studio and Mac mini options as AI demand and memory shortages strain desktop Mac supply. The post Mac Studio, Mac mini Buyers Are Losing Options Amid AI Demand appeared first on TechRepublic .TECHREPUBLIC.COM
7 MayAlphabet Poised to Overtake Nvidia as the World’s Most Valuable Public CompanyAlphabet is closing in on Nvidia’s market value as Google Cloud growth, AI investments, and custom chips fuel Wall Street optimism. The post Alphabet Poised to Overtake Nvidia as the World’s Most Valuable Public Company appeared first on TechRepublic .TECHREPUBLIC.COM
7 MayElon Musk’s Texas Chip Plant Could Cost $119B, Filings ShowNew Texas filings suggest Elon Musk’s proposed Terafab chip plant could cost up to $119 billion, raising stakes for AI and semiconductor supply chains. The post Elon Musk’s Texas Chip Plant Could Cost $119B, Filings Show appeared first on TechRepublic .TECHREPUBLIC.COM
6 MayISC Stormcast For Wednesday, May 6th, 2026 https://isc.sans.edu/podcastdetail/9920, (Wed, May 6th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
6 MayRemus Infostealer Adopts Lumma-Style Browser Key Theft to Bypass App-Bound EncryptionRemus is a newly observed 64-bit infostealer that closely tracks the Lumma Stealer codebase while adding EtherHiding-based C2 resolution and a refined Application‑Bound Encryption (ABE) bypass for Chromium browsers. The first Remus activity dates back to early 2026, shortly after…GBHACKERS.COM
6 MayYour Container Is Not a Sandboxsubmitted by codeinabox to security 3 points | 0 comments https://emirb.github.io/blog/microvm-2026/PROGRAMMING.DEV
6 MayRowhammer Attack Against NVIDIA ChipsA new rowhammer attack gives complete control of NVIDIA CPUs. On Thursday, two research teams, working independently of each other, demonstrated attacks against two cards from Nvidia’s Ampere generation that take GPU rowhammering into new—and potentially much more conseque…SCHNEIER.COM
6 MayInsights into the clustering and reuse of phone numbers in scam emailsTalos has recently started to collect and gather intelligence around phone numbers within emails as an additional indicator of compromise (IOC). In this blog, we discuss new insights into in-the-wild phone number reuse in scam emails.TALOSINTELLIGENCE.COM
6 MayExtreme Networks introduces Agent ONE for autonomous enterprise networkingExtreme Networks has introduced Extreme Agent ONE, a new class of AI agents for enterprise networking. Moving beyond generic, prompt-based AI, Extreme Agent ONE runs on the Extreme AI stack purpose-built for enterprise environments, which combines advanced AI reasoning, live netw…HELPNETSECURITY.COM
6 May8×8 updates CX platform with AI, analytics, and frontline management capabilities8×8 has released a set of platform updates to the 8×8 Platform for CX that target the operational gaps most commonly stalling organizations, including AI deployments requiring months of integration, queues IT teams cannot monitor in real time, customers abandoning sessions a…HELPNETSECURITY.COM
6 MayProton Mail brings quantum-safe email encryption to all accountsPost-quantum protection is now available as an optional feature in Proton Mail across all plans, including the free tier. How post-quantum protection works Once enabled, Proton Mail generates new encryption keys designed to protect future encrypted emails against attacks from qua…HELPNETSECURITY.COM
6 Maygroundcover expands its observability platform with enhanced Synthetic Monitoring and RUMgroundcover has expanded its capabilities with new and enhanced offerings across Synthetic Monitoring and Real User Monitoring (RUM). These innovations give engineering teams greater visibility into the user experience, from proactive testing to real-world session insights, while…HELPNETSECURITY.COM
6 MayMegaport enhances network resilience with integrated DDoS protectionMegaport has announced the launch of Megaport DDoS Protection. This new built-in security capability for Megaport Internet allows customers to filter malicious traffic directly within the Megaport network, rather than routing it through a separate external service. This helps ens…HELPNETSECURITY.COM
6 MayDarkhub Hacking-for-Hire Portal Promotes Crypto Fraud and Spyware ServicesA newly identified dark web platform, Darkhub, is advertising a wide range of hacking-for-hire services, including account compromise, surveillance, and financial manipulation. The service, accessible via the Tor network, presents itself as a centralized hub for offensive cyber c…GBHACKERS.COM
6 MayMicrosoft Teams on Android Now Lets Users Join External Meetings Through SIPMicrosoft is set to bridge the gap in enterprise unified communications with a highly anticipated update to its conference room hardware. Starting in June 2026, Microsoft Teams Rooms on Android will officially support joining third-party external meetings through Session Initiati…GBHACKERS.COM
6 MayOceanLotus suspected of using PyPI to deliver ZiChatBot malwareKaspersky researchers uncovered malicious wheel packages in PyPI that targeted both Windows and Linux and contained a dropper delivering malware dubbed ZiChatBot. We attribute this activity to OceanLotus APT.SECURELIST.COM
6 MaySwapper – A Pure Regex Match/Replace Burp ExtensionTo get a valid session token to use with Burp Suite tools, I ended up writing a small Python extension (110 lines of code, but who’s counting?) that obtained a new session token for each request, allowing items like Intruder to work as intended. Cool, I was able to use it during …BLACKHILLSINFOSEC.COM
6 MayGoogle Chrome silently installs 4GB Gemini Nano AI model on user devicesGoogle Chrome has been quietly downloading and installing a 4GB Gemini Nano AI model on user devices without displaying a consent prompt or offering a clear opt-out mechanism. The findings were published by privacy researcher Alexander Hanff of That Privacy Guy, who documented th…CYBERINSIDER.COM
6 MaySalat Malware Abuses QUIC and WebSockets for Stealthy C2 ControlA powerful new Windows malware family dubbed Salat Stealer, a Go-based Remote Access Trojan (RAT) that blends classic infostealing with a stealthy QUIC/WebSocket command-and-control (C2) channel and resilient blockchain-backed infrastructure. Written in Go, it supports remote she…GBHACKERS.COM
6 MayBelief Comes Before GrowthThe framework is simple: belief comes first, then business generation, followed by infrastructure, and finally leadership. Each pillar builds on the one before it. If belief is weak, everything downstream—marketing, scaling, leadership—becomes unstable. You may still execute, but…YOUTUBE.COM
6 MayBusinesses eager but unprepared for AI to transform their security strategiesMeanwhile, a new report found, companies are neglecting other basic security tools.CYBERSECURITYDIVE.COM
6 MayMozilla, Mullvad, Proton, sign letter opposing UK age verificationPrivacy advocates, browser makers, VPN providers, and digital rights groups have signed a joint statement urging UK policymakers to abandon plans for broader online age verification requirements, warning that the measures could undermine privacy, weaken internet openness, and exp…CYBERINSIDER.COM
6 MayBuilding Trust in Low-Touch TeamsTrust inside teams doesn’t come from occasional alignment meetings. It comes from consistent interaction—balancing accountability with training and development across the week. If teams only meet monthly or quarterly, trust may remain shallow. That makes it harder to deliver hard…YOUTUBE.COM
6 MayA DOD contractor’s API flaw exposed military course data and service member recordsResearchers say Schemata’s platform exposed names, emails, base assignments, and course materials before the company patched the issue and contacted government authorities. The post A DOD contractor’s API flaw exposed military course data and service member records appeared first…CYBERSCOOP.COM
5 MayISC Stormcast For Tuesday, May 5th, 2026 https://isc.sans.edu/podcastdetail/9918, (Tue, May 5th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
5 MayMicrosoft Edge Found Storing Saved Passwords in Cleartext Memory at StartupA new security finding reveals that Microsoft Edge loads every saved password into its process memory as cleartext the moment the browser launches. Even more surprising to security professionals is Microsoft’s official response to the disclosure, which states that this inse…GBHACKERS.COM
5 Maypnpm 11 Enables Default Release-Age Guard to Curb npm Supply Chain Attackspnpm 11 has been released with a strong focus on reducing software supply chain risk, introducing security-first defaults that directly address modern package ecosystem threats. The most significant change in pnpm 11 is the introduction of a default Minimum Release Age of 24 hour…GBHACKERS.COM
5 MayFake “Notepad++ for Mac” Site May Pose Malware Risk for Mac UsersA deceptive website is circulating online that claims to offer an official “Notepad++ for Mac” download, and it has already misled some users and even tech media outlets into believing that Notepad++ has finally launched a native macOS version. The site operates under the domain …GBHACKERS.COM
5 MayNew Attribution Framework Links APT Campaigns Across Key LayersA new attribution framework is reshaping how cybersecurity analysts connect advanced persistent threat (APT) activity, moving beyond static group labels toward a dynamic, multi-layered model that reflects how modern adversaries actually operate. These profiles are built from obse…GBHACKERS.COM
5 MayNorth Korean hackers trojanize gaming platform to spy on ethnic Koreans in ChinaA gaming platform built for ethnic Koreans in China has been serving backdoored Windows and Android software to its users since late 2024. The platform, sqgame[.]net, hosts traditional card and board games for a community that sits along the North Korean border and includes many …HELPNETSECURITY.COM
5 MayMeta adds proof-based security to encrypted backupsMeta has updated its infrastructure for protecting password-based and end-to-end encrypted backups, introducing over-the-air fleet key distribution for Messenger and a commitment to publishing evidence of secure fleet deployments. How encrypted backups work These updates build on…HELPNETSECURITY.COM
5 MayCode of Conduct Phish Hits 35,000 Users in Multi-Stage AiTM AttackA highly sophisticated phishing campaign leveraging code-of-conduct-themed lures has targeted more than 35,000 users across 13,000 organizations. The multi-stage attack, observed between April 14 and April 16, 2026, highlights how threat actors are refining social engineering, de…GBHACKERS.COM
5 MayFTC orders Kochava to stop selling people’s location dataThe US Federal Trade Commission (FTC) has moved to permanently restrict data broker Kochava and its subsidiary from selling precise location data. This resolves allegations that the companies exposed the movements of millions of mobile users without their knowledge or consent. Th…CYBERINSIDER.COM
5 MayAnomali ThreatStream Next-Gen speeds threat response across workflowsAnomali has announced ThreatStream Next-Gen. Available standalone or within the Anomali Unified Security Data Lake, it turns threat intelligence into an active decisioning layer across security workflows, validated to drive investigations 300× faster than traditional methods acro…HELPNETSECURITY.COM
5 MayCerberus Stalkerware Hits Google Play, Abuses Accessibility and Firebase for Remote ControlCerberus Anti-theft, a long-running Android “security” app, is operating as full-featured stalkerware on Google Play, abusing accessibility services and Google Firebase to give abusers near-total remote control over victims’ phones. Once installed, Cerberus lets an abuser push a …GBHACKERS.COM
5 MayUAT-8302 and its box full of malwareCisco Talos is disclosing UAT-8302, a sophisticated, China-nexus advanced persistent threat (APT) group targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025.TALOSINTELLIGENCE.COM
5 MayVIAVI CyberFlood CF1000 pushes 400G validation for multi-terabit AI data centersVIAVI Solutions has announced the launch of its next-generation CyberFlood CF1000 Appliance, a native 400G security and application performance test platform for the validation of multi-terabit security and AI data center infrastructures at scale. Developed for network equipment …HELPNETSECURITY.COM
5 MayOWASP AI Security Summit May 27Generative AI introduces risks like prompt injection, AI-generated code issues, and agentic workflows that traditional security tools weren’t designed to handle. This creates a growing gap between building software and securing it, especially as teams adopt AI faster than securit…YOUTUBE.COM
5 MayKaspersky suspects Chinese hackers planted a backdoor into Daemon Tools in ‘widespread’ attackThe cybersecurity company says it's seen thousands of infection attempts, and at least a dozen successful hacks after users installed malicious versions of the popular Windows software.TECHCRUNCH.COM
5 MaySamsung Display Reveals Screens That Measure Health, Stretch, and Fight GlareSamsung Display unveiled OLED, sensor, quantum dot, and stretchable screen prototypes that preview brighter phones, health tracking, and car displays. The post Samsung Display Reveals Screens That Measure Health, Stretch, and Fight Glare appeared first on TechRepublic .TECHREPUBLIC.COM
5 MayiOS 26.5 to Introduce Encrypted RCS, Maps Changes, and New EU FeaturesApple’s iOS 26.5 release candidate points to RCS encryption, Maps ad changes, EU device support, and App Store subscription updates. The post iOS 26.5 to Introduce Encrypted RCS, Maps Changes, and New EU Features appeared first on TechRepublic .TECHREPUBLIC.COM
5 MayEnhance Your Expertise Anytime with Unlimited Online Courses — Now $19.97Topics include growth hacking, game design, blockchain, AI, digital marketing, cybersecurity, copywriting, and big data. The post Enhance Your Expertise Anytime with Unlimited Online Courses — Now $19.97 appeared first on TechRepublic .TECHREPUBLIC.COM
5 MayWhat If Your Digital Footprint Could Shrink?Get Surfshark One+ with Incogni for $91.99 (reg. $500.40) and cover VPN, alerts, antivirus, and data removal. The post What If Your Digital Footprint Could Shrink? appeared first on TechRepublic .TECHREPUBLIC.COM
5 MayPower Through Projects with the Microsoft Office 2024 Home & BusinessThe newest Office version is here and includes a variety of updates to help you work more efficiently. The post Power Through Projects with the Microsoft Office 2024 Home & Business appeared first on TechRepublic .TECHREPUBLIC.COM
5 MayApple Wallet May Get ‘Create a Pass’ Tool for Event Tickets, Gift CardsApple’s reported iOS 27 Wallet update could let iPhone users turn QR codes, memberships, gift cards, event tickets, and more into custom passes. The post Apple Wallet May Get ‘Create a Pass’ Tool for Event Tickets, Gift Cards appeared first on TechRepublic .TECHREPUBLIC.COM
5 MayProton Mail rolls out quantum-resistant encryption for all usersProton Mail has introduced optional post-quantum cryptography (PQC) protection for all users, allowing them to secure their email communication against potential future attacks from quantum computers. The feature is available starting today across all plans, including free accoun…CYBERINSIDER.COM
5 MayBrave sees 100% Linux growth as browser reaches 115M monthly usersBrave has reported record growth across its browser and search products in April 2026, with Linux users emerging as the fastest-growing segment, more than doubling year-over-year. Brave co-founder and CEO Brendan Eich shared the company’s latest monthly metrics on X, highlighting…CYBERINSIDER.COM
5 MayLastPass Mobile Smart Scanner improves password securityLastPass has launched Mobile Smart Scanner, a solution that converts photographs of typed or handwritten credentials into structured, ready-to-use password entries that can be reviewed, saved, and autofilled directly from the vault. Available in early access for Free, Premium, an…HELPNETSECURITY.COM
5 MayNew WhatsApp Flaws Could Affect Billions of Users After Meta Security PatchMeta patched two WhatsApp flaws affecting iOS, Android, and Windows users, including bugs tied to risky files, links, and Reels previews. The post New WhatsApp Flaws Could Affect Billions of Users After Meta Security Patch appeared first on TechRepublic .TECHREPUBLIC.COM
5 MayNews alert: LuxSci launches HIPAA-compliant email platform for mid-size healthcare marketCAMBRIDGE, Mass., May 5, 2026, CyberNewswire — LuxSci , a leading provider of HIPAA compliant secure healthcare communications, today announced the launch of LuxSci Secure High Volume Email for mid-sized healthcare organizations , the industry’s trusted HIPPA-compliant email solu…LASTWATCHDOG.COM
5 MayTurn Intelligence into Action Instantly with Retroactive Threat Detection on Verity471Retroactive Threat Detection eliminates the manual work of extracting indicators of compromise (IOCs) and query writing, dynamically translating IOCs from reports on Verity471 into ready-to-run detection queries tailored for all major endpoint detection and response (EDR) and Sec…INTEL471.COM
5 MayGeneralist AI for your SOC: When and where to use itMany security leader are asking the same question right now. We already pay for Microsoft Copilot, ChatGPT Enterprise, or Claude. Why buy anything else? Here's what you need to know. The post Generalist AI for your SOC: When and where to use it appeared first on Intezer .INTEZER.COM
4 MayISC Stormcast For Monday, May 4th, 2026 https://isc.sans.edu/podcastdetail/9916, (Mon, May 4th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
4 MayYour work apps are quietly handing 19 data points to someoneOffice work in 2026 runs through a stack of mobile apps that sit on the same phones people use for banking, messaging family, and tracking their location. Ten of the most common workplace apps in use across U.S. companies, including Gmail, Microsoft Teams, Zoom Workplace, Slack, …HELPNETSECURITY.COM
4 MayBrush shell 0.4.0 tightens script safety, widens platform supportRust-based alternatives to traditional Unix shells continue to attract users who want bash compatibility alongside built-in features like syntax highlighting and history-based suggestions. Brush, a bash- and POSIX-compatible shell written in Rust, sits in that group, and version …HELPNETSECURITY.COM
4 MayEmail Bombing, Fake IT Support Calls Drive Microsoft Teams Phishing SurgeEmail bombing campaigns combined with fake IT support outreach are driving a surge in sophisticated Microsoft Teams phishing attacks. The attacks typically begin with email bombing, where victims are flooded with spam messages to create confusion and urgency. Shortly after, threa…GBHACKERS.COM
4 MayUK Government Announces Plans to Grow National AI InfrastructureThe UK Government is to support the development of Britain’s AI hardware infrastructure, while also committing to work in establishing international standards for the deployment of AI. The post UK Government Announces Plans to Grow National AI Infrastructure appeared first on Tec…TECHREPUBLIC.COM
4 MayAI Agent Reportedly Deletes Company’s Entire Database, Admits to Violating GuardrailsA Cursor AI agent deleted a company’s entire production database, ignoring instructions prohibiting it from running destructive commands. The post AI Agent Reportedly Deletes Company’s Entire Database, Admits to Violating Guardrails appeared first on TechRepublic .TECHREPUBLIC.COM
4 MayLens Agents brings policy control to AI across cloud and desktopLens by Mirantis has announced Lens Agents, a governed platform for running AI agents across enterprise systems, giving organizations a unified, policy-driven way to run, secure, and scale AI agents across desktop and cloud environments. Available in early access, Lens Agents ena…HELPNETSECURITY.COM
4 MayAttackers Hijack SAP npm Packages to Steal Dev SecretsA sophisticated supply chain attack hit the SAP developer ecosystem on April 29, 2026, compromising four widely-used npm packages with credential-stealing malware. The attackers modified package installation scripts to download the Bun JavaScript runtime a legitimate alternative …GBHACKERS.COM
4 MayHacking PolymarketPolymarket is a platform where people can bet on real-world events, political and otherwise. Leaving the ethical considerations of this aside (for one, it facilitates assassination ), one of the issues with making this work is the verification of these real-world events. Polymark…SCHNEIER.COM
4 MayWhy data centers now belong on the critical infrastructure listAs AI drives deeper dependence across business, supply chains, and national security, the buildings that run the cloud are becoming critical infrastructure — and increasingly attractive targets. The post Why data centers now belong on the critical infrastructure list appeared fir…CYBERSCOOP.COM
4 MayBotnet Hijacks ADB-Exposed Android Devices to Target Minecraft ServersNew research has uncovered a Mirai-derived botnet called xlabs_v1 that turns Android devices with exposed Android Debug Bridge (ADB) into a distributed attack platform for knocking Minecraft servers and other game hosts offline. By abusing TCP port 5555 on poorly secured Android-…GBHACKERS.COM
4 MayMeta enhances security of WhatsApp and Messenger encrypted backupsMeta has introduced new security and transparency enhancements to its end-to-end encrypted backup system for WhatsApp and Messenger, strengthening how encryption keys are distributed and verified while opening parts of its infrastructure to independent auditing. The updates build…CYBERINSIDER.COM
4 MayReport: Deepfake Fraud Causes Billions in LossesDeepfake-driven fraud has caused $2.19 billion in losses globally, with $1.65 billion reported in 2025 alone, according to an analysis by Surfshark. More than half of these losses were due to investment scams using deepfakes of high-profile figures.KNOWBE4.COM
4 MayNew MOVEit vulnerabilities prompt urgent vendor warningProgress Software warned customers to immediately upgrade to versions of the file-transfer tool that fix the serious flaws.CYBERSECURITYDIVE.COM
4 MaySilver Fox Springs Tax-Themed Attacks on Orgs in India, RussiaMore than 1,600 socially engineered messages from the China-backed advanced persistent threat (APT) group target various sectors to deliver the previously undocumented ABCDoor backdoor, ValleyRAT, and other malware.DARKREADING.COM
4 MayOperant AI Endpoint Protector secures AI agents and MCP toolsOperant AI has launched Operant Endpoint Protector, a new addition to its AI Defense Platform that enables enterprise IT and security teams to discover, detect, and defend against threats across every AI tool, coding agent, and Model Context Protocol (MCP)-connected workflow used…HELPNETSECURITY.COM
4 MayBlend Autopilot MCP brings AI agent orchestration to lending platformsBlend Labs has announced the launch of Autopilot MCP, a server built on the Model Context Protocol, an emerging open standard for AI agent connectivity, that gives authorized agents secure, programmatic access to the Blend platform. For lenders and partners, Autopilot MCP introdu…HELPNETSECURITY.COM
4 MayA college student is suing a dating app that allegedly used her TikTok videos to target men in her dormitoryThe woman’s lawyer told CyberScoop they believe the company edited her video to suggest she was a “friend with benefits” and intentionally geofenced it to men around her. The post A college student is suing a dating app that allegedly used her TikTok videos to target men in her d…CYBERSCOOP.COM
4 MayGen Z Is Bringing the iPod Back as a Distraction-Free Music EscapeGen Z is reviving the iPod as younger users seek distraction-free music, fewer algorithms, and more control over how they listen. The post Gen Z Is Bringing the iPod Back as a Distraction-Free Music Escape appeared first on TechRepublic .TECHREPUBLIC.COM
4 MayGoogle Workspace Adds 5 AI Upgrades That Could Change Daily WorkGoogle Workspace adds 5 AI upgrades at Cloud Next 2026, improving Sheets, Meet, automation, and Microsoft 365 migration tools. The post Google Workspace Adds 5 AI Upgrades That Could Change Daily Work appeared first on TechRepublic .TECHREPUBLIC.COM
4 MayThe $59 AI Tool Turning Forms Into Smart WorkflowsFormura Smart Form Builder uses AI to build forms, add logic, and track data, and it's $497 off (89%). The post The $59 AI Tool Turning Forms Into Smart Workflows appeared first on TechRepublic .TECHREPUBLIC.COM
4 MayApple Eyes ‘Aggressive Pricing’ for iPhone 18 Pro Amid Rising CostsApple may keep iPhone 18 Pro starting prices steady despite rising memory costs, but storage upgrades and a foldable model could cost more. The post Apple Eyes ‘Aggressive Pricing’ for iPhone 18 Pro Amid Rising Costs appeared first on TechRepublic .TECHREPUBLIC.COM
4 MayGameStop Launches $56 Billion Bid to Take Over eBayRyan Cohen’s $55.5 billion bid for eBay would pair GameStop stores with eBay’s marketplace, but financing questions loom over the deal. The post GameStop Launches $56 Billion Bid to Take Over eBay appeared first on TechRepublic .TECHREPUBLIC.COM
4 MayIndirect Prompt Injection Is Now a Real-World AI Security ThreatAI agents are now being weaponized through prompt injection, exposing why model guardrails are not enough to protect enterprise data. The post Indirect Prompt Injection Is Now a Real-World AI Security Threat appeared first on TechRepublic .TECHREPUBLIC.COM
4 MayMicrosoft Defender Bug Triggers False Malware Alerts for DigiCert CertificatesMicrosoft fixed a Defender false positive that flagged legitimate DigiCert certificates as malware, disrupting Windows trust stores for some IT teams. The post Microsoft Defender Bug Triggers False Malware Alerts for DigiCert Certificates appeared first on TechRepublic .TECHREPUBLIC.COM
4 May6 Best No-Log VPNs in 2026Looking for the best anonymous (no-log) VPN in 2026? Check out our comprehensive list to find the top VPN services that prioritize anonymity and security. The post 6 Best No-Log VPNs in 2026 appeared first on TechRepublic .TECHREPUBLIC.COM
4 May5 Best VPNs for Android in 2026Explore the best VPNs for Android devices in 2026. Find out which VPN offers the best security, speed and features for your Android device. The post 5 Best VPNs for Android in 2026 appeared first on TechRepublic .TECHREPUBLIC.COM
4 MayThe 7 Best iPhone VPNs in 2026Which VPN works best on iPhones? Use our guide to compare the pricing and features of the 7 best VPNs for iPhone in 2026. The post The 7 Best iPhone VPNs in 2026 appeared first on TechRepublic .TECHREPUBLIC.COM
3 MayWireshark 4.6.5 Released, (Sun, May 3rd)Wireshark release 4.6.5 fixes 43 vulnerabilities (38 CVEs) and 35 bugs.
ISC.SANS.EDU
3 MayChatGPT advanced account security adds passkeys and hardware keysJournalists, elected officials, researchers, and political dissidents have spent years adapting their accounts to phishing-resistant authentication on consumer platforms. ChatGPT now joins that list. OpenAI has introduced Advanced Account Security, an opt-in setting that strips p…HELPNETSECURITY.COM
2 MayThe Data That Actually MattersPost-quantum risk isn’t about breaking everything instantly. Attackers still need time, storage, and compute to decrypt data—even after Q-Day. That shifts the priority. Short-lived data like passwords may not matter much. But long-lived secrets—financial records, intellectual pro…YOUTUBE.COM
2 MayWhat Could Go Wrong With AI AuditAI in financial auditing introduces three primary risk categories: deficient outputs, misuse of outputs, and non-compliant methodology. Even when AI produces accurate results, downstream human interpretation or flawed underlying processes can lead to audit failure. In regulated f…YOUTUBE.COM
1 MayISC Stormcast For Friday, May 1st, 2026 https://isc.sans.edu/podcastdetail/9914, (Fri, May 1st)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
1 MayIdentity is the control plane for distributed infrastructureTeleport CEO Ev Kontsevoy makes the case that distributed infrastructure, across cloud, Kubernetes, databases, and servers, can’t be secured by layering more tools on top of fragmented identity systems. He argues for fewer credentials, fewer entry points, and a single ident…HELPNETSECURITY.COM
1 MayRuby Gems and Go Modules Used in Campaign Targeting GitHub ActionsA sophisticated software supply chain attack originating from the GitHub account BufferZoneCorp has been uncovered, targeting developers and continuous integration environments through malicious Ruby gems and Go modules. The campaign deployed sleeper packages that impersonated le…GBHACKERS.COM
1 MayDeep#Door Stealer Targets Passwords, Tokens, SSH Keys, and Wi-Fi CredentialsDeep#Door is a stealthy Python-based Remote Access Trojan (RAT) that uses an obfuscated batch loader to deploy a persistent surveillance and credential-stealing implant on Windows systems. It aggressively turns off security controls, hides its traffic behind the bore.]pub tunneli…GBHACKERS.COM
1 MayFBI Warns Logistics Sector of Fake Business Identity Cargo ScamsThe FBI issued a public service announcement warning the transportation and logistics sectors about a massive increase in cyber-enabled strategic cargo theft. Threat actors are increasingly using sophisticated tactics to impersonate legitimate businesses, hijack freight, and stea…GBHACKERS.COM
1 MayCAPTCHA and ClickFix Abuse Fuels Credential Theft SurgeAttackers are increasingly combining QR codes, fake CAPTCHA gates, and ClickFix-style tricks to steal credentials at scale, even as major phishing-as-a-service (PhaaS) platforms face disruption. These tactics shift risk from traditional malware attachments to highly convincing, h…GBHACKERS.COM
1 MayNew Android Spyware Platform Enables Rebranding and ResaleA newly discovered Android spyware platform is raising concerns among cybersecurity researchers by introducing a business model that allows buyers to rebrand and resell surveillance malware as their own product. Buyers can subscribe to the service, customize branding, and launch …GBHACKERS.COM
1 MayName That Toon: Mark of (Security) ProgressFeeling creative? Have something to say about the last 20 years of cybersecurity? Our editors will award the best cybersecurity-related caption with a $20 gift card.DARKREADING.COM
1 MayDownload: Automating Pentest Delivery GuidePentesting remains one of the most effective ways to identify real-world weaknesses, but the method for delivering results hasn’t evolved. Manual workflows involving static documents and email threads introduce delays, create inefficiencies, and diminish the value of the work. Th…HELPNETSECURITY.COM
1 MayCyber spies target Russian aviation firms to steal satellite and GPS dataA cyber-espionage group has been targeting Russian government agencies and companies in the aviation industry to steal sensitive geospatial data.THERECORD.MEDIA
1 MaySamsung’s Next Galaxy Book Could Run Android Instead of WindowsSamsung is reportedly developing Android-powered Galaxy Book laptops with One UI 9 and Google’s upcoming Aluminium OS platform. The post Samsung’s Next Galaxy Book Could Run Android Instead of Windows appeared first on TechRepublic .TECHREPUBLIC.COM
1 MayUS and allies urge ‘careful adoption’ of AI agentsNew guidance from a coalition of Western governments underscores the difficult-to-predict risks of still-evolving agentic tools.CYBERSECURITYDIVE.COM
1 MayGerman MPs advised to drop Signal in favor of Wire over security concernsGermany’s Bundestag is moving to standardize on the Wire messaging platform following a wave of phishing attacks targeting politicians, with President Julia Klöckner urging lawmakers to abandon less controlled apps like Signal. In a letter dated April 24, 2026, Bundestag Presiden…CYBERINSIDER.COM
1 MayAs email phishing evolves, malicious attachments decline and QR codes surgeA new Microsoft report also describes the collapse of a once-dominant tool for generating phishing websites with fake CAPTCHAs.CYBERSECURITYDIVE.COM
1 MayOpenAI Introduces Password-Free Login for Millions of ChatGPT UsersOpenAI’s Advanced Account Security lets ChatGPT and Codex users replace passwords with passkeys or security keys, but recovery is limited. The post OpenAI Introduces Password-Free Login for Millions of ChatGPT Users appeared first on TechRepublic .TECHREPUBLIC.COM
1 MayMicrosoft Flagged 8.3B Phishing Emails in Q1 as QR Codes, CAPTCHAs RiseMicrosoft flagged 8.3 billion phishing emails as attackers turned to QR codes, fake CAPTCHAs, PhaaS kits, and file-based payloads. The post Microsoft Flagged 8.3B Phishing Emails in Q1 as QR Codes, CAPTCHAs Rise appeared first on TechRepublic .TECHREPUBLIC.COM
1 MayAlert: Payroll-Hijacking Attacks Are Targeting Canadian EmployeesMicrosoft warns that a new criminal threat actor dubbed “Storm-2755” is launching payroll-pirate attacks against Canadian users. These attacks use social engineering to compromise employee accounts and divert salary payments to attacker-controlled bank accounts.KNOWBE4.COM
1 MayCriminal IP and Securonix ThreatQ Collaborate to Enhance Threat Intelligence OperationsTorrance, United States / California, May 1st, 2026, CyberNewswire Criminal IP partners with Securonix to integrate Criminal IP’s Threat Intelligence into ThreatQ, allowing organizations to incorporate external IP intelligence into their existing workflows, helping security teams…GBHACKERS.COM
1 MayDOS, Seneca the Younger, Outlook, CopyFail, cPanel, QR, Ruby, Go, Talkie, Josh Marpet - SWN #577DOS, 0x1A4, Seneca the Younger, Outlook, Copy/Fail, cPanel, QR, Ruby, Go, Talkie, Josh Marpet, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-577YOUTUBE.COM
1 MayWhite House questions tech industry on defensive AI use, cybersecurity resilienceCompanies may be reluctant to answer some of the government’s questions, given the sensitive topics they address.CYBERSECURITYDIVE.COM
1 MayApple Sales Jump as ‘Most Popular’ iPhone Fuels GrowthApple reported strong quarterly revenue as iPhone demand surged, but questions remain around AI strategy, rising costs, and leadership changes. The post Apple Sales Jump as ‘Most Popular’ iPhone Fuels Growth appeared first on TechRepublic .TECHREPUBLIC.COM
1 MayBreaking encryption with quantum computing — Interview with Chris PeikertThe idea that quantum computers could one day break today’s encryption has moved from theory into serious discussion. In practical terms, it means that the mathematical problems protecting everything from secure websites and messaging apps to cryptocurrencies could become solvabl…CYBERINSIDER.COM
1 May76% of All Crypto Stolen in 2026 Is Now in North KoreaNorth Korean threat actors are pulling off historic cryptocurrency heists on a yearly, sometimes weekly basis now. AI might be helping them.DARKREADING.COM
30 AprDanger of Libredtail [Guest Diary], (Wed, Apr 29th)[This is a Guest Diary by James Roberts, an ISC intern as part of the SANS.edu BACS program]
ISC.SANS.EDU
30 AprTesla Optimus Robot Launch Timeline Targets 2027 ScaleElon Musk says Tesla’s Optimus robot could launch next year, with production starting in 2026 and a major scale-up planned by 2027. The post Tesla Optimus Robot Launch Timeline Targets 2027 Scale appeared first on TechRepublic .TECHREPUBLIC.COM
30 AprISC Stormcast For Thursday, April 30th, 2026 https://isc.sans.edu/podcastdetail/9912, (Thu, Apr 30th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
30 AprLarge-scale Roblox hacking operation shut down by Ukrainian authoritiesUkrainian police arrested three hackers who hijacked 610,000 Roblox accounts and sold them for $225,000 in profit. Police in Ukraine arrested three suspects accused of hacking over 610,000 Roblox accounts and selling them for about $225,000. Officers carried out multiple searches…SECURITYAFFAIRS.COM
30 AprBackdoored WordPress Plugin Abuses Remote Update Checker for Silent Code DeliveryA long-dormant backdoor has been uncovered in the “Quick Page/Post Redirect Plugin,” a popular WordPress add-on with over 70,000 active installations. The tampered plugin, specifically version 5.2.3, contained two distinct malicious features. First, it featured a pass…GBHACKERS.COM
30 AprEveryone’s building AI agents. Almost nobody’s ready for what they do to identity.Anthropic recently announced that it would not release Mythos, its most powerful AI model, to the public. The model discovered thousands of previously unknown software vulnerabilities — flaws that had sat undetected in major operating systems and web browsers for as long as nearl…CYBERSCOOP.COM
30 AprFast16 MalwareResearchers have reverse-engineered a piece of malware named Fast16. It’s almost certainly state-sponsored, probably US in origin, and was deployed against Iran years before Stuxnet: “…the Fast16 malware was designed to carry out the most subtle form of sabotage…SCHNEIER.COM
30 AprOpenAI Unveils Cyber Defense Roadmap Focused on AI-Powered SecurityOpenAI has released a comprehensive cyber defense roadmap titled “Cybersecurity in the Intelligence Age” to responsibly equip defenders with AI-powered security tools faster than malicious actors can adapt. Spearheaded by Sasha Baker in April 2026, the action plan out…GBHACKERS.COM
30 AprMicrosoft PowerToys 0.99 Adds Multi-Monitor Tools for Windows UsersPowerToys 0.99 adds new monitor and window-management tools for Windows users, plus updates to Command Palette, Keyboard Manager, ZoomIt, and Image Resizer. The post Microsoft PowerToys 0.99 Adds Multi-Monitor Tools for Windows Users appeared first on TechRepublic .TECHREPUBLIC.COM
30 AprRelease Notes: Expanded Threat Intelligence Access, AI Assisted Search 1,770 New Detections and MoreApril brought several updates across ANY.RUN’s Threat Intelligence and detection coverage. The biggest change is expanded access to Threat Intelligence: Free plan users now get 20 premium requests in TI Lookup and YARA Search. This gives security teams a practical way …ANY.RUN
30 Apr5 Best Employer of Record Services in 2026There are no borders or boundaries when it comes to professional talent. With the right EOR, you can hire for quality, regardless of location. The post 5 Best Employer of Record Services in 2026 appeared first on TechRepublic .TECHREPUBLIC.COM
30 AprResearchers develop tool to expose GPS signal spoofing in transit networksThe Oak Ridge National Laboratory (ORNL) has developed a portable detector that identifies GPS spoofing in real time, including during motion, to help protect transportation systems. Spoofing involves transmitting counterfeit signals that imitate authentic GPS transmissions and p…HELPNETSECURITY.COM
30 AprProxmox Backup Server 4.2 arrives with S3 storage support and parallel sync jobsProxmox Backup Server 4.2 is a maintenance and feature update built on Debian 13.4 “Trixie” that adds S3-compatible object storage as a supported backend and introduces parallel processing for sync jobs. The server ships the new version with Linux kernel 7.0 as the st…HELPNETSECURITY.COM
30 AprTwo new extortion crews are speedrunning the Scattered Spider playbookCrowdStrike says The Com-affiliated threat groups are using voice phishing and fake SSO pages to break into SaaS environments and steal data fast for extortion. The post Two new extortion crews are speedrunning the Scattered Spider playbook appeared first on CyberScoop .CYBERSCOOP.COM
30 AprPwC partners with Google Cloud to take on the managed security marketThe professional services firm is stepping up its managed security ambitions with a Google Cloud-powered service that leans on agentic AI. The target market is companies that have outgrown DIY security.CYBERSECURITYDIVE.COM
30 AprSHARED INTEL Q&A: PKI’s unfinished business—’digital passports’ for content, models and agentsAs if keeping track of machine identities wasn’t hard enough. AI agents are now arriving by the thousands — and most enterprises are just handing them borrowed credentials and hoping for the best. Meanwhile, the cryptographic infrastructure asked to absorb … (more…) The pos…LASTWATCHDOG.COM
30 AprUS agencies promote zero-trust practices for operational technology networksMany zero-trust defenses work differently in industrial environments than in traditional business networks, five federal agencies said in newly published guidance.CYBERSECURITYDIVE.COM
30 AprAWS Expands Amazon Connect Into AI Tools for Hiring, Healthcare, and Supply ChainsAWS expanded Amazon Connect into four agentic AI tools for supply chain, hiring, customer service, and healthcare workflows, with humans still in control. The post AWS Expands Amazon Connect Into AI Tools for Hiring, Healthcare, and Supply Chains appeared first on TechRepublic .TECHREPUBLIC.COM
30 AprCongress kicks the can down the road on surveillance law (again)It’s the second extension of Section 702 of the Foreign Intelligence Surveillance Act in 10 days, and a regular ritual for the Hill. The post Congress kicks the can down the road on surveillance law (again) appeared first on CyberScoop .CYBERSCOOP.COM
30 AprFCC tightens KYC rules for telecoms, closes loophole for banned foreign servicesThe commission wants telecoms to do more to verify their callers and prevent illegal calls and scams from reaching Americans. The post FCC tightens KYC rules for telecoms, closes loophole for banned foreign services appeared first on CyberScoop .CYBERSCOOP.COM
29 AprISC Stormcast For Wednesday, April 29th, 2026 https://isc.sans.edu/podcastdetail/9910, (Wed, Apr 29th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
29 AprThe Exchange Online security controls organizations keep getting wrongIn this Help Net Security interview, Scott Schnoll, Microsoft MVP for Exchange, breaks down the Shared Responsibility Model, where Microsoft secures the cloud while organizations must protect their own data, identities, and configurations. The discussion covers default settings w…HELPNETSECURITY.COM
29 AprAI prompt confidentiality and false citations worry researchersAcademic researchers using commercial AI tools for literature review and idea generation are sending unpublished research questions, draft hypotheses, and proprietary domain knowledge into systems whose data handling they do not understand. A think-aloud study of 15 researchers d…HELPNETSECURITY.COM
29 AprIdentity discovery: The overlooked lever in strategic risk reductionIf you ask a CISO what keeps them up at night, the answer usually isn’t “lack of tools.” It’s uncertainty. Uncertainty about what they don’t see. Uncertainty about how far an attacker could move once inside. Uncertainty about whether identity programs are actually reducing risk, …HELPNETSECURITY.COM
29 AprFedora Linux 44 ships with GNOME 50 and KDE Plasma 6.6The Fedora Project released Fedora Linux 44, delivering updated desktop environments, revised installer behavior, and several lower-level system changes across its editions and spins. The release covers the project’s flagship editions, including Workstation, KDE Plasma Desk…HELPNETSECURITY.COM
29 AprMargin vs. Madness: Fixing MSSP Top 5 Operational NightmaresLeading a managed security services provider has never been a comfortable job. And it isn’t now, though the demand for MSSPs has never been higher. The global threat landscape is expanding faster than most enterprise security teams can keep pace with, and orga…ANY.RUN
29 AprEino’s agentic network observability platform enables real-time, AI-driven network insightsEino has introduced a new class of solution for enterprises known as agentic network observability. Designed for enterprises with multiple network technologies and mission-critical use cases, Eino’s agentic solution uses a 3D digital twin approach of the physical environment to d…HELPNETSECURITY.COM
29 AprMicrochip expands Trust Shield with PQC-ready root of trust and secure boot controllersMicrochip Technology is expanding its portfolio of Trust Shield, PQC‑ready devices with the TS1800 Platform Root of Trust controller and the TS50x secure boot controller. The devices are designed to help system architects address emerging cybersecurity mandates, including the Eur…HELPNETSECURITY.COM
29 AprKaseya agentic IT management unifies data and automates ticketing, security and backupsKaseya has introduced an agentic IT management platform powered by Kaseya Intelligence, combining unified data across IT operations, cybersecurity, and resilience with an execution layer that autonomously triages tickets, contains threats, verifies backups, and optimizes workflow…HELPNETSECURITY.COM
29 AprAt Machine Speedsubmitted by codeinabox to security 1 points | 0 comments https://matthiasott.com/notes/at-machine-speedPROGRAMMING.DEV
29 AprAI-powered honeypots: Turning the tables on malicious AI agentsJust as AI brings time-saving advantages to our lives, it brings similar advantages to threat actors. We can take the advantage back. This blog shows how generative AI can be used to rapidly deploy adaptive honeypot systems.TALOSINTELLIGENCE.COM
29 AprScam-checking just got a lot easier: Malwarebytes is now in ClaudeWe're in Claude! Now everyone can use our threat intel to check suspicious links, phone numbers, or email addresses. We're committed to helping you spot scams.MALWAREBYTES.COM
29 Apr9 Best Project Management Software in 2026We tested 10 leading project management tools and found monday.com best overall for its multiple views and extensive customization. ClickUp shines for affordability, while Confluence excels in project documentation. The post 9 Best Project Management Software in 2026 appeared fir…TECHREPUBLIC.COM
29 AprState CISOs losing confidence in ability to manage cyber risksDeloitte-NASCIO study shows AI, budget pressures are forcing states to make tough decisions.CYBERSECURITYDIVE.COM
29 AprApple removes AdGuard’s TrustTunnel iOS app from Russian App StoreApple has removed AdGuard’s TrustTunnel VPN client for iOS from Russia’s App Store following a request by the country’s internet regulator. Apple notified AdGuard via email of the app’s removal due to alleged violations of Russian law. According to the notice, the app “includes c…CYBERINSIDER.COM
29 AprWebinar: How to Automate Exposure Validation to Match the Speed of AI AttacksIn February 2026, researchers uncovered a shift that completely changed the game: threat actors are now using custom AI setups to automate attacks directly into the kill chain. We aren't just talking about AI writing better phishing emails anymore. We’re talking about autonomous …THEHACKERNEWS.COM
29 AprPhishing Attacks Target Executives via Microsoft TeamsA phishing campaign is targeting senior executives with social engineering attacks conducted over Microsoft Teams, according to researchers at ReliaQuest. The researchers believe former associates of the Black Basta criminal gang are running this operation.KNOWBE4.COM
29 AprLazarus Targets macOS Users With New “Mach-O Man” Malware KitLazarus Group is abusing “ClickFix” social engineering to push a new macOS malware kit dubbed “Mach-O Man,” giving attackers a direct path to credentials, Keychain secrets, and corporate access in fintech and crypto environments. This research is authored by Mauro Eldritch, an of…GBHACKERS.COM
29 AprA Practical Guide to BloodHound Data CollectionThis blog will not dive too deeply into BloodHound itself; instead, we will focus on various methods to collect AD data to provide BloodHound as input. The post A Practical Guide to BloodHound Data Collection appeared first on Black Hills Information Security, Inc. .BLACKHILLSINFOSEC.COM
29 AprSet AI Security Red Lines NowSecurity leaders are prioritizing speed and accuracy in AI adoption, while defining strict governance “red lines” around critical systems like identity and access. Without clear boundaries, AI deployments can introduce instability and risk into core enterprise functions. Governan…YOUTUBE.COM
29 AprThis $30 Subscription Will Bring AI Into Your BusinessTap into the power of OpenAI, Meta, Midjourney, and additional powerful AI models with 1min.AI. The post This $30 Subscription Will Bring AI Into Your Business appeared first on TechRepublic .TECHREPUBLIC.COM
29 AprCongress, industry ponder government posture for protecting data centersA hearing of the House Homeland Security panel’s cyber subcommittee weighed whether to designate data centers as a standalone critical infrastructure sector. The post Congress, industry ponder government posture for protecting data centers appeared first on CyberScoop .CYBERSCOOP.COM
29 AprSAS Launches AI Governance Tools to Tame Agentic AI in the EnterpriseSAS expands Viya with governed AI agents, copilots, and new governance tools aimed at helping enterprises manage shadow AI and build trust in automation. The post SAS Launches AI Governance Tools to Tame Agentic AI in the Enterprise appeared first on TechRepublic .TECHREPUBLIC.COM
29 AprAWS to Resell OpenAI Products After Microsoft Loses Exclusive LicenseAmazon is bringing OpenAI's models and Codex to AWS after Microsoft’s shift away from exclusivity, giving cloud customers more ways to use AI tools. The post AWS to Resell OpenAI Products After Microsoft Loses Exclusive License appeared first on TechRepublic .TECHREPUBLIC.COM
29 AprNew Apple Rumor: iOS 27 Could Add AI Editing Tools to PhotosApple reportedly plans new AI editing tools for Photos in iOS 27, including image expansion, spatial photo reframing, and smarter enhancements. The post New Apple Rumor: iOS 27 Could Add AI Editing Tools to Photos appeared first on TechRepublic .TECHREPUBLIC.COM
29 AprHackers Abuse Robinhood Signup Process to Deliver Phishing EmailsRobinhood fixed an account-creation flaw that hackers abused to send convincing phishing emails from its own system to some users over the weekend. The post Hackers Abuse Robinhood Signup Process to Deliver Phishing Emails appeared first on TechRepublic .TECHREPUBLIC.COM
29 AprCISOs Step Into the BoardroomCISOs are increasingly engaging in direct, strategic conversations at the board level, shifting beyond traditional reporting roles. As AI automates operational security tasks, leaders have more capacity—and expectation—to focus on governance, risk, and organizational direction. T…YOUTUBE.COM
28 AprChinese national extradited to US for pandemic-era Silk Typhoon attacksXu Zewei was allegedly directed by China’s intelligence services to conduct a sweeping espionage campaign to steal data on COVID-19 research and other U.S. policy interests. The post Chinese national extradited to US for pandemic-era Silk Typhoon attacks appeared first on CyberSc…CYBERSCOOP.COM
28 AprISC Stormcast For Tuesday, April 28th, 2026 https://isc.sans.edu/podcastdetail/9908, (Tue, Apr 28th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
28 AprMicrosoft Expands Copilot Agent Mode for Outlook Inbox and Calendar TasksMicrosoft announced a major evolution for Copilot in Outlook, shifting the tool from a passive assistant to an autonomous agent. Instead of simply drafting emails or summarizing threads on command, the AI now actively manages ongoing daily tasks. This agentic update enables the s…GBHACKERS.COM
28 AprChinese-Backed Smishing Rings Scale Credential Theft via SMS and OTT AppsChinese-language phishing-as-a-service (PhaaS) platforms are rapidly expanding their global reach by leveraging SMS and over-the-top (OTT) messaging channels such as iMessage and Rich Communication Services (RCS). Over the past several months, researchers have conducted large-sca…GBHACKERS.COM
28 AprSandworm Uses SSH-over-Tor Tunnel for Stealthy Long-Term PersistenceA significant evolution in Sandworm (APT-C-13) tradecraft, revealing the group’s use of SSH-over-Tor tunneling to achieve long-term, covert persistence inside targeted networks. Sandworm, also known as FROZENBARENTS, is a state-sponsored threat group active since 2014. It has con…GBHACKERS.COM
28 AprWhatsApp Tests Encrypted Cloud Backup Service for Safer Message StorageWhatsApp is actively developing an independent, first-party cloud backup service featuring mandatory end-to-end encryption. This upcoming feature aims to reduce users’ reliance on third-party storage providers such as Google Drive and Apple’s iCloud. By bringing backup stor…GBHACKERS.COM
28 AprOilRig Hides C2 Config in Google Drive Image via LSB SteganographyAPT-C-49 (OilRig), an Iranian state-sponsored advanced persistent threat group also known as APT34 and Helix Kitten, has deployed a sophisticated new attack campaign that conceals command-and-control configurations inside Google Drive images using LSB steganography. The group, wh…GBHACKERS.COM
28 AprFake KYC Android Malware Spreads via WhatsApp to Hijack Bank AccountsA new Android malware campaign is masquerading as a “Banking KYC” verification app and spreading via WhatsApp messages to target banking users in India. The malware is delivered as an APK shared over WhatsApp, posing as an urgent bank KYC or account verification update similar to…GBHACKERS.COM
28 AprGUEST ESSAY: How augmented reality (AR) can turn building images into ad space with no controlEvery major building in America has three things: a physical address, a legal owner, and an unmonitored attack surface. Related: Sam Altman’s quest to usurp the browswer That surface extends from the ground up through every floor, every facade, and … (more…) The post …LASTWATCHDOG.COM
28 AprU.S. companies hit with record fines for privacy in 2025The increase is being driven by powerful privacy laws in states like California, new interstate partnerships and a renewed focus on the privacy impacts of AI and automation. The post U.S. companies hit with record fines for privacy in 2025 appeared first on CyberScoop .CYBERSCOOP.COM
28 AprNorth Korean Hackers Target Crypto Firms with ClickFix and AI-Made Zoom LuresArctic Wolf attributed this large-scale spear-phishing campaign to BlueNoroff, a financially motivated subgroup of the Lazarus GroupINFOSECURITY-MAGAZINE.COM
28 AprGoogle Cloud Next AI Keynote: 5 Takeaways for IT LeadersThomas Kurian’s Google Cloud Next keynote framed Google’s agentic AI vision. Here are five key takeaways for IT leaders. The post Google Cloud Next AI Keynote: 5 Takeaways for IT Leaders appeared first on TechRepublic .TECHREPUBLIC.COM
28 AprBest Legal Project Management Software in 2026What is the best legal project management software? Use our guide to help you compare pricing and features of our top picks. The post Best Legal Project Management Software in 2026 appeared first on TechRepublic .TECHREPUBLIC.COM
28 AprFake CAPTCHA scam turns a quick click into a costly phone billScammers are using fake CAPTCHA pages to rack up international SMS charges on victims’ phone bills, and then take a cut.MALWAREBYTES.COM
28 AprSilk Typhoon Hacker Extradited to U.S. from ItalyChinese authorities-linked hacker Xu Zewei, accused of playing a central role in the notorious Silk Typhoon (HAFNIUM) cyber campaign, has been extradited from Italy to the United States, marking a significant development in ongoing efforts to combat state-sponsored cyber espionag…GBHACKERS.COM
28 AprPhishing-to-RMM Attacks: The Remote Access Blind Spot CISOs Can’t IgnoreCISOs are under pressure to prove that their security programs can detect threats early, reduce business risk, and support fast, confident response. But that becomes harder when attackers stop relying on obviously malicious tools. In recent phishing-to-RMM campaigns observed by A…ANY.RUN
28 AprChinese National Extradited Over Silk Typhoon Cyber CampaignExtradition links alleged MSS-directed hacker to Silk Typhoon and COVID-19 espionageINFOSECURITY-MAGAZINE.COM
28 Apr5 Stages of The Threat Intelligence Lifecycle5-stages-of-the-threat-intelligence-lifecycleSOCRADAR.IO
28 AprCyberheistNews Vol 16 #17 [Heads Up] This Sophisticated Scam Should Be a Warning to All CompaniesKNOWBE4.COM
28 AprAI’s False Novelty TrapAsking AI for “novel techniques” can produce a mix of non-working ideas and recycled methods that already exist. In some cases, researchers mistakenly publish these as new findings. This creates a hidden risk where AI accelerates output but degrades originality. Without proper ve…YOUTUBE.COM
28 AprRep. Delia Ramirez takes over as top House cybersecurity Demhe replaces Rep. Eric Swalwell following his resignation, giving her the position of ranking member of the Subcommittee on Cybersecurity and Infrastructure Protection. The post Rep. Delia Ramirez takes over as top House cybersecurity Dem appeared first on CyberScoop .CYBERSCOOP.COM
28 Apr‘Fundamental tension’ undermines manufacturers’ cybersecurityA simple security mistake caused roughly one-quarter of all financial losses in the sector in 2025, cybersecurity insurer Resilience said.CYBERSECURITYDIVE.COM
28 AprStop Juggling AI Tools — This Lifetime Deal Puts GPT‑4o and More in One PlaceHarness multiple top-tier models like GPT‑4o, Claude, Gemini, and more in one unified platform, now $75. The post Stop Juggling AI Tools — This Lifetime Deal Puts GPT‑4o and More in One Place appeared first on TechRepublic .TECHREPUBLIC.COM
28 AprVisual Studio 2026 Brings AI Deeper Into Development and It’s 90% Off Right NowMicrosoft's latest 64-bit IDE adds AI-assisted coding, faster performance, and advanced collaboration tools. The post Visual Studio 2026 Brings AI Deeper Into Development and It’s 90% Off Right Now appeared first on TechRepublic .TECHREPUBLIC.COM
28 Apr50k on YouTube!Built by this crew, powered by this community. 50,000 people decided cybersecurity content should be: real, unfiltered, occasionally chaotic, and always worth watching. We couldn’t agree more. Thank you for choosing Security Weekly. ❤️ Subscribe to our podcasts: https://securityw…YOUTUBE.COM
28 Apr50K Subscribers. This is Security Weekly.Built by this crew, powered by this community. 50,000 people decided cybersecurity content should be real, unfiltered, occasionally chaotic, and always worth watching. We couldn’t agree more. Thank you for choosing Security Weekly. ❤️ Subscribe to our podcasts: https://securitywe…YOUTUBE.COM
28 AprApple’s $599 Mac mini Sells Out, Resurfaces on eBay Above RetailApple’s sold-out $599 M4 Mac mini is getting marked up on eBay as buyers chase compact machines for local AI work while supplies stay tight. The post Apple’s $599 Mac mini Sells Out, Resurfaces on eBay Above Retail appeared first on TechRepublic .TECHREPUBLIC.COM
28 AprGoogle, Kaggle Relaunch Free AI Course Focused on ‘Vibe Coding’Google and Kaggle’s free AI agents course returns June 15-19, with vibe coding lessons, live sessions, and a hands-on capstone project. The post Google, Kaggle Relaunch Free AI Course Focused on ‘Vibe Coding’ appeared first on TechRepublic .TECHREPUBLIC.COM
28 AprSamsung Galaxy Glasses Leak: Pricing, Specs, and Launch Timeline RevealedSamsung’s rumored smart glasses may challenge Meta with AI features, display-free design, leaked pricing, and a possible 2027 AR roadmap. The post Samsung Galaxy Glasses Leak: Pricing, Specs, and Launch Timeline Revealed appeared first on TechRepublic .TECHREPUBLIC.COM
28 Apr‘Windows K2’ Could Be Microsoft’s Answer to Years of Windows 11 FrustrationMicrosoft’s Windows K2 effort aims to improve Windows 11 performance, reliability, updates, taskbar flexibility, and user feedback loops. The post ‘Windows K2’ Could Be Microsoft’s Answer to Years of Windows 11 Frustration appeared first on TechRepublic .TECHREPUBLIC.COM
28 AprXpeng Flying Car Deliveries Target 2027 as Certification Gaps RemainXpeng’s flying car factory is moving from prototype to production, but certification gaps still separate delivery plans from public passenger service. The post Xpeng Flying Car Deliveries Target 2027 as Certification Gaps Remain appeared first on TechRepublic .TECHREPUBLIC.COM
28 AprORMs Reopened Injection RisksSQL injection was largely mitigated by prepared statements. However, newer abstractions like ORMs reintroduce flexibility, allowing developers to construct queries in more dynamic ways. That added flexibility can recreate conditions similar to classic injection vulnerabilities. W…YOUTUBE.COM
28 AprPolice arrest 10 suspected members of Black Axe cybercrime gangA coordinated police operation in Switzerland has targeted suspected members of the Black Axe criminal network. On 28 April 2026, authorities carried out house searches across several Swiss cantons, leading to 10 arrests, including the Black Axe ‘Regional Head’ for Southern Europ…HELPNETSECURITY.COM
28 AprFederal CIO cautious on Anthropic’s Mythos despite planned rolloutGreg Barbaccia told CyberScoop that Anthropic's Mythos shows real promise for federal cyber defense, but warns that laboratory results and live network conditions are two very different things. The post Federal CIO cautious on Anthropic’s Mythos despite planned rollout appeared f…CYBERSCOOP.COM
28 AprElfsmasher, PYPI, Facebook, Glassworm, Medtronic, OpenSSH, Sararimen, Aaran Leyland - SWN #576Elfsmasher, PYPI, Facebook, Glassworm, Medtronic, OpenSSH, Entrepreneurs, Sararimen, Aaran Leyland, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-576YOUTUBE.COM
28 AprClickUp Data Leak Exposes Enterprise Emails for Over a YearA hardcoded ClickUp API key exposed hundreds of corporate and government emails for over a year, raising new SaaS security concerns. The post ClickUp Data Leak Exposes Enterprise Emails for Over a Year appeared first on TechRepublic .TECHREPUBLIC.COM
28 AprBlueNoroff Uses Fake Zoom Calls to Turn Victims Into Attack LuresThe North Korean group is using stolen victim videos, AI-generated avatars, and fake Zoom calls to scale malware attacks against cryptocurrency executives.DARKREADING.COM
28 AprPlay-to-Earn Collapse RiskA play-to-earn game offered crypto rewards, NFT assets, and “founder nodes” that distributed tokens to early adopters. As prices rose, early buyers profited. But the structure resembles a pump-and-dump, where gains depend on later participants entering the system. That creates as…YOUTUBE.COM
28 AprFIDO Alliance wants to keep AI agents from going rogue on online paymentsAI agents are beginning to shop, log in, and complete tasks with little direct input. That shift is pushing the security industry to rethink how trust works when actions are carried out on a user’s behalf. The FIDO Alliance has announced a set of initiatives to build shared stand…HELPNETSECURITY.COM
28 AprSN 1076: FAST16.SYS - Unmasking the NSA's Most Diabolical Digital SabotageWhat if your engineering calculations secretly sabotaged your nation's best efforts? This week, we reveal how a newly uncovered 21-year-old NSA rootkit quietly corrupted scientific research in hostile states and why it changes everything you think you know about cyberwarfare. Bit…TWIT.TV
27 AprNPM Worm Hits Namastex Packages, Steals Secrets Across RegistriesA newly uncovered npm malware campaign is targeting packages linked to Namastex Labs, abusing developer trust to steal sensitive secrets and silently spread across both npm and PyPI ecosystems. The malicious activity centers on Namastex.ai, a company that promotes AI consulting s…GBHACKERS.COM
27 AprClickFix Attack Swaps PowerShell for Cmdkey, Remote Regsvr32 PayloadsA newly identified ClickFix attack variant is raising concerns among cybersecurity researchers after it was observed replacing traditional PowerShell-based delivery with a stealthier technique leveraging native Windows utilities. The infection begins with a familiar ClickFix tact…GBHACKERS.COM
27 AprVidar Malware Conceals Payloads in JPEG, TXT Files to Evade DetectionVidar has evolved from a basic Arkei-based credential stealer into a multi-stage, stealth-focused infostealer that now hides second‑stage payloads within JPEG and TXT files to evade modern defenses. First observed in 2018, Vidar now operates as a mature Malware‑as‑a‑Service (MaaS…GBHACKERS.COM
27 AprFast16 Malware Targets High-Value Systems With Sabotage CapabilitiesA previously unknown cyber sabotage framework called fast16, whose core components date back to 2005. This makes it the earliest known sabotage malware of its kind, predating the infamous Stuxnet worm by at least five years. The fast16 framework consists of two primary components…GBHACKERS.COM
27 AprSuspicious Microsoft Store App Vibing.exe Allegedly Harvests Screens and AudioA recently discovered application called Vibing.exe has raised major privacy and security alarms after researchers caught it stealthily recording user screens and audio. Originally available on the Microsoft Store as an AI productivity interface, the app was pulled in late April …GBHACKERS.COM
27 AprItaly moves to extradite Chinese national to the U.S. over hacking chargesItaly plans to extradite Xu Zewei to the U.S. over alleged hacks on COVID-19 research tied to state-backed operations. Italy is moving to extradite Xu Zewei, the Chinese national arrested in 2025 at the request of U.S. authorities on cyber-espionage charges, Bloomberg reported. T…SECURITYAFFAIRS.COM
27 AprAptori expands its platform with autonomous offensive testing to reduce security bottlenecksAptori has expanded its Runtime-Driven Validation Platform with autonomous offensive testing capabilities to address the growing gap between code output and security team capacity. By moving beyond passive scanning to active validation, the platform helps organizations identify, …HELPNETSECURITY.COM
27 AprYour IAM was built for humans, AI agents don’t careIdentity and access management was built for a simpler world. One where the hardest problem was a human logging in, and where “Who are you?” was sufficient to decide what someone could do. That model served enterprises well for decades. It was not built for a world wh…HELPNETSECURITY.COM
27 AprThe AI criminal mastermind is already hiring on gig platformsLabor-hire platforms let anyone with a credit card post a task and pay a stranger to complete it. The RentAHuman platform extends that model to AI agents through a Model Context Protocol server, allowing an agent to post gigs directly. Listed tasks include attending in-person mee…HELPNETSECURITY.COM
27 AprNorth Korean Hackers Target Pharma Firms with Malware-Laced Excel AttacksNorth Korean state-backed hackers are using weaponized Excel-themed files to infect pharmaceutical and life science companies with malware, abusing Windows shortcut files, PowerShell, and cloud storage for stealthy data theft. The campaign begins with highly tailored spear‑phishi…GBHACKERS.COM
27 AprWhy I Chose This $19.97 Lifetime Deal Over MasterClassCompared to MasterClass, this platform offers lifetime access to 1,000+ courses, and it’s worth $600 MSRP. The post Why I Chose This $19.97 Lifetime Deal Over MasterClass appeared first on TechRepublic .TECHREPUBLIC.COM
27 Apr7 Best Project Budgeting Software in 2026Looking for the best project budgeting software for your business? Discover the pros and cons of the top tools with our guide. The post 7 Best Project Budgeting Software in 2026 appeared first on TechRepublic .TECHREPUBLIC.COM
27 AprLinux ELF Malware Generator Evades ML Detection With Semantic-Preserving ChangesAs Linux continues to dominate high-performance computing, cloud services, and Internet of Things (IoT) devices, it has become a prime target for cybercriminals. However, while much research has focused on manipulating Windows executables to bypass security, the Linux Executable …GBHACKERS.COM
27 AprResearchers Warn macOS textutil, KeePassXC Can Fuel Automation AttacksResearchers are warning that widely trusted local tools such as macOS’s textutil and KeePassXC can pose unexpected security risks when used within automated workflows. The issue is not traditional vulnerabilities such as memory corruption or code execution, but how normal f…GBHACKERS.COM
27 AprMedieval Encrypted Letter DecodedSent by a Spanish diplomat. Apparently people have been working on it since it was rediscovered in 1860.SCHNEIER.COM
27 AprPrice Drop: Upgrade to Windows 11 Pro for Only $10Unlock the latest user interface, enhanced security features, and new tools for hybrid and remote workers. The post Price Drop: Upgrade to Windows 11 Pro for Only $10 appeared first on TechRepublic .TECHREPUBLIC.COM
27 AprNew Malware Hides Behind Obfuscation and Staged PayloadsA newly identified malware campaign is leveraging advanced obfuscation techniques and multi-stage payload delivery to bypass traditional security defenses, according to recent analysis from Joe Sandbox. The attack begins with a highly targeted spear-phishing email sent to employe…GBHACKERS.COM
27 AprFake YouTube Downloads Spread Vidar Malware to Steal Corporate LoginsA new Vidar infostealer campaign is abusing fake software download links on YouTube to compromise corporate employees and sell their stolen credentials on Russian cybercrime marketplaces. In the investigated case, the victim was searching for software on YouTube and likely follow…GBHACKERS.COM
27 AprAnthropic Draws Google’s $40B Bet in Latest AI MegadealGoogle is preparing an investment in Anthropic worth up to $40B, pairing cash with cloud capacity as demand for Claude fuels the latest major AI megadeal. The post Anthropic Draws Google’s $40B Bet in Latest AI Megadeal appeared first on TechRepublic .TECHREPUBLIC.COM
27 AprGet Lifetime Access to Microsoft Office 2021 for Just $30Whether you're starting a new business venture and need Microsoft Office's help or you just want to get better organized in your personal life, it's a good time to take advantage of this deal. The post Get Lifetime Access to Microsoft Office 2021 for Just $30 appeared first on Te…TECHREPUBLIC.COM
27 AprBlackFile actively extorting data-theft victims in retail and hospitality sectorSome attackers, which researchers link to The Com, have swatted company executives to increase leverage and pressure victims to pay their ransom demands. The post BlackFile actively extorting data-theft victims in retail and hospitality sector appeared first on CyberScoop .CYBERSCOOP.COM
27 AprNew Hack Lets 30-Year-Old Windows PCs Run Modern LinuxWSL9x lets Windows 9x systems run a modern Linux 6.19 kernel without virtualization, showing how vintage PCs can still stretch beyond old limits. The post New Hack Lets 30-Year-Old Windows PCs Run Modern Linux appeared first on TechRepublic .TECHREPUBLIC.COM
27 AprChina’s Honor Just Launched an iPhone Lookalike in EuropeHonor’s new 600 series arrives in Europe with iPhone-like styling, strong specs, and a 7,000mAh battery, but it is not really a budget phone. The post China’s Honor Just Launched an iPhone Lookalike in Europe appeared first on TechRepublic .TECHREPUBLIC.COM
27 AprApple Watch Blood Oxygen Monitoring Gets Major BreakthroughApple can keep selling Apple Watches with its redesigned blood oxygen feature in the US after the ITC declined to revive Masimo’s ban. The post Apple Watch Blood Oxygen Monitoring Gets Major Breakthrough appeared first on TechRepublic .TECHREPUBLIC.COM
27 AprEU’s proposed Google data access rule could enable large-scale surveillanceThe European Commission is facing criticism from security and privacy experts over a proposed Digital Markets Act (DMA) measure that would require Google to share vast amounts of search data with third parties via an automated API. Critics warn the plan could expose sensitive use…CYBERINSIDER.COM
27 AprEU Funds Sovereign Cloud Infrastructure with €180 Million ContractThe European Commission has awarded a €180 million contract to four providers—Post Telecom, STACKIT, Scaleway, and Proximus—to provide sovereign cloud services, ensuring EU data remains under European legal and strategic control. The post EU Funds Sovereign Cloud Infrastructure w…TECHREPUBLIC.COM
27 AprChina Startup Secures $8.4B in Credit Lines for Orbital Data Center PushChina’s Orbital Chenguang secured major credit lines for space-based data centers as AI demand strains power, land, and cooling capacity. The post China Startup Secures $8.4B in Credit Lines for Orbital Data Center Push appeared first on TechRepublic .TECHREPUBLIC.COM
27 AprThe Prompt Engineering Cheat Sheet: How to Write Better AI PromptsLearn prompt engineering with this practical cheat sheet that covers frameworks, techniques, and tips for producing more accurate and useful AI outputs. The post The Prompt Engineering Cheat Sheet: How to Write Better AI Prompts appeared first on TechRepublic .TECHREPUBLIC.COM
27 AprChina Shuts Down Meta’s $2.5B Bid for AI Startup ManusChina has blocked Meta’s $2.5 billion Manus AI acquisition, raising new questions about cross-border AI deals and who controls agent technology. The post China Shuts Down Meta’s $2.5B Bid for AI Startup Manus appeared first on TechRepublic .TECHREPUBLIC.COM
27 AprApple ‘Ultra’ 2026: A New iPhone, MacBook Tier May Be ComingApple may expand Ultra branding to a foldable iPhone and MacBook Ultra, creating a new premium tier above Pro devices. The post Apple ‘Ultra’ 2026: A New iPhone, MacBook Tier May Be Coming appeared first on TechRepublic .TECHREPUBLIC.COM
27 AprTruecaller Faces New Pressure in India as Growth MaturesTruecaller has hit 500 million monthly users, but slower growth in India, CNAP rollout, and ad pressure are testing whether its next phase can be as strong as its first. The post Truecaller Faces New Pressure in India as Growth Matures appeared first on TechRepublic .TECHREPUBLIC.COM
27 AprWhatsApp to End Support for Millions of Older Android Phones in 2026WhatsApp will stop supporting Android 5 devices in September 2026, requiring users to upgrade to Android 6 or newer. The post WhatsApp to End Support for Millions of Older Android Phones in 2026 appeared first on TechRepublic .TECHREPUBLIC.COM
27 AprUNC6692 Combines Social Engineering, Malware, Cloud AbuseA newly discovered threat actor is using Microsoft Teams, AWS S3 buckets, and custom "Snow" malware in a multipronged campaign.DARKREADING.COM
27 AprSupreme Court justices skeptically question both sides in geofence surveillance caseA ruling could come this summer in Chatrie v. United States, which could have bigger ramifications about the scope of government surveillance. The post Supreme Court justices skeptically question both sides in geofence surveillance case appeared first on CyberScoop .CYBERSCOOP.COM
26 AprXChat launches standalone iOS app as security concerns remainX has launched a standalone iOS app for its XChat messaging platform, promoting it as a private, end-to-end encrypted communication tool, but concerns about its security model continue to shadow the release. The announcement was made on X, marking the first time XChat has been of…CYBERINSIDER.COM
26 AprGopherWhisper: new China-linked APT targets Mongolia with Go-based malwareESET found a new China-linked APT, tracked as GopherWhisper, targeting Mongolia using Go-based malware, loaders, and backdoors. ESET researchers uncovered a new China-aligned APT group called GopherWhisper, targeting government institutions in Mongolia. The group’s arsenal …SECURITYAFFAIRS.COM
26 AprNpm Slop & Wonky Software Supply Chainssubmitted by codeinabox to security 1 points | 0 comments https://simonramstedt.com/blog/2026-04-09-npm-slop-and-wonky-software-supply-chains/ cross-posted from: lemmy.bestiver.se/post/1069240 CommentsPROGRAMMING.DEV
24 AprISC Stormcast For Friday, April 24th, 2026 https://isc.sans.edu/podcastdetail/9906, (Fri, Apr 24th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
24 AprPLC Cybersecurity — Securing Industrial Control Systemssubmitted by monica_b1998 to cybersecurity 2 points | 0 comments https://slicker.me/plc/cybersecurity.htmlINFOSEC.PUB
24 AprTurn Your iPad Into a Work Machine While This Keyboard Case Is $30 OffImprove multitasking on iPad with responsive keys, gesture controls, and flexible viewing angles built in. The post Turn Your iPad Into a Work Machine While This Keyboard Case Is $30 Off appeared first on TechRepublic .TECHREPUBLIC.COM
24 AprSign, Send, and Manage Documents Online for Just $79SignIt gives teams a complete eSignature platform with audit trails, bulk sending, and SSO for one low price. The post Sign, Send, and Manage Documents Online for Just $79 appeared first on TechRepublic .TECHREPUBLIC.COM
24 AprUbuntu 26.04 LTS delivers memory-safe system tools and live patching for Arm serversLinux distributions have spent the past few years absorbing GPU vendor toolchains, Rust-based system components, and more stringent encryption defaults. Ubuntu 26.04 LTS, codenamed Resolute Raccoon, pulls most of those threads together into a single release that will receive stan…HELPNETSECURITY.COM
24 AprOpenAI’s GPT-5.5 is out with expanded cybersecurity safeguardsCompetition to release stronger AI models is accelerating, and just weeks after the release of GPT-5.4, OpenAI has introduced GPT-5.5, pointing to expanded safeguards in the new model. GPT-5.5 is being rolled out to Plus, Pro, Business, and Enterprise users in ChatGPT and Codex, …HELPNETSECURITY.COM
24 AprVoid Dokkaebi Hackers Spread Malware Through Fake Job InterviewsVoid Dokkaebi, also known as Famous Chollima, is expanding its cyber operations by turning fake job interviews into a large-scale malware distribution campaign targeting developers. The campaign begins with attackers posing as recruiters from cryptocurrency or AI companies. Devel…GBHACKERS.COM
24 AprCovert telecom spying campaign “Ghost Operators” tracks users worldwideCitizen Lab has identified two advanced surveillance campaigns abusing weaknesses in global telecom networks to track mobile users and, in some cases, turn SIM cards into silent spying tools. The investigation began in late 2024 after anomalous activity was detected in signaling …CYBERINSIDER.COM
24 AprMeta is overhauling how you sign in, manage settings, and protect your accountsMeta Account gives users of Meta apps and devices a simpler way to access and manage their accounts. Accounts Center will automatically be updated to a Meta Account as part of a gradual rollout over the next year. Users will be notified when the change occurs. It supports Meta te…HELPNETSECURITY.COM
24 AprFake CAPTCHA Scam Triggers Costly SMS FraudHackers are abusing fake CAPTCHA pages to run a silent but lucrative international SMS fraud scheme, turning routine “prove you’re human” checks into a revenue engine built on international revenue share fraud (IRSF). Attackers set up lookalike and scam domains that eventually re…GBHACKERS.COM
24 AprHiding Bluetooth Trackers in MailIt was used to track a Dutch naval ship: Dutch journalist Just Vervaart, working for regional media network Omroep Gelderland, followed the directions posted on the Dutch government website and mailed a postcard with a hidden tracker inside. Because of this, they were able to tra…SCHNEIER.COM
24 AprGPT-5.5 Bio Bug Bounty Program Aims to Improve AI Safety and PerformanceOpenAI has officially launched the GPT-5.5 Bio Bug Bounty program to strengthen safeguards against emerging biological risks. As artificial intelligence models become more advanced, the potential for malicious actors to generate dangerous biological information increases. Advance…GBHACKERS.COM
24 AprClaude Desktop Reportedly Adds Browser Access Bridge for Chromium BrowsersA detailed cybersecurity report published by privacy expert Alexander Hanff on April 18, 2026, reveals that Anthropic’s Claude Desktop application for macOS silently installs a Native Messaging bridge across multiple Chromium-based browsers. This unprompted installation establish…GBHACKERS.COM
24 AprMythos Mystery in Mozilla Numbers: How 22 Vulns Became 271 or Maybe 3 in Aprilsubmitted by codeinabox to security 1 points | 0 comments https://www.flyingpenguin.com/mythos-mystery-in-mozilla-numbers-how-22-vulns-became-271-or-maybe-3-in-april/PROGRAMMING.DEV
24 AprInside agenteV2: How Brazilian Attackers Use Fake Court Summons to Steal Banking Credentials in Real TimeA new phishing campaign targeting Brazilian users demonstrates how modern financial malware has evolved from simple credential theft into full-scale, operator-driven fraud platforms. Disguised as a judicial summons, this campaign leverages social engineering, multi…ANY.RUN
24 AprOff-Topic Fridaysubmitted by shellsharks to cybersecurity 2 points | 0 comments Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)INFOSEC.PUB
24 AprNorth Korea's Lazarus Targets macOS Users via ClickFixLazarus continues leveraging ClickFix for initial access and data theft, in this case, against Mac-centric organizations and their high-value leaders.DARKREADING.COM
24 AprWindows 10 Support Is Over. Here Are 6 Options for UsersWindows 10 support has ended, leaving millions exposed. Here are six options, from upgrading to Windows 11 to switching to Linux or ChromeOS Flex. The post Windows 10 Support Is Over. Here Are 6 Options for Users appeared first on TechRepublic .TECHREPUBLIC.COM
24 AprUS lawmakers introduce bill to require warrants for government data searchesUS lawmakers have introduced a new bill that would dramatically tighten government surveillance powers by requiring warrants for nearly all data searches involving Americans. The proposed “Surveillance Accountability Act” would also give individuals the right to sue federal offic…CYBERINSIDER.COM
24 AprHealth Records of 500,000 UK Biobank Volunteers Listed Online in ChinaHealth data from 500,000 UK Biobank participants was found listed for sale online in China, raising concerns over research access misuse and data security. The post Health Records of 500,000 UK Biobank Volunteers Listed Online in China appeared first on TechRepublic .TECHREPUBLIC.COM
24 AprTGR-STA-1030: New Activity in Central and South AmericaUnit 42 research reports that TGR-STA-1030 remains an active threat, particularly in Central and South America. The post TGR-STA-1030: New Activity in Central and South America appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
24 AprFriday Squid Blogging: How Squid Survived Extinction EventsScience news : Scientists have finally cracked a long-standing mystery about squid and cuttlefish evolution by analyzing newly sequenced genomes alongside global datasets. The research reveals that these bizarre, intelligent creatures likely originated deep in the ocean over 100 …SCHNEIER.COM
24 AprScylla &Charybdis, Kyber, Trigonia, Namastex, GitHub, Crypto, Cables, Aaran Leyland - SWN #575SScylla and Charybdis, Latin Phrasebook, Kyber, Trigonia, Namastex, GitHub, Crypto, Cables, Aaran Leyland, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-575YOUTUBE.COM
24 AprThe npm Threat Landscape: Attack Surface and MitigationsUnit 42 analyzes npm supply chain evolution post-Shai Hulud. Discover wormable malware, CI/CD persistence, multi-stage attacks and more. The post The npm Threat Landscape: Attack Surface and Mitigations appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
24 AprDeepSeek Drops Cheaper V4 AI as Huawei Jumps InDeepSeek launches V4 AI model with Huawei chip support, offering lower costs and intensifying global AI competition. The post DeepSeek Drops Cheaper V4 AI as Huawei Jumps In appeared first on TechRepublic .TECHREPUBLIC.COM
23 AprISC Stormcast For Thursday, April 23rd, 2026 https://isc.sans.edu/podcastdetail/9904, (Thu, Apr 23rd)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
23 AprFake TradingView AI Site Spreads Needle Stealer Through Phony TradingClaw AppA fake TradingView AI agent website is delivering Needle Stealer malware through a bogus “TradingClaw” assistant that can hijack victims’ browsers, drain financial accounts, and enable follow‑on attacks. The campaign targets traders seeking automated strategies on TradingView, ca…GBHACKERS.COM
23 AprTropic Trooper Uses Custom Beacon and VS Code Tunnels for Stealthy Remote AccessA new Tropic Trooper campaign that combines a trojanized PDF reader, a custom AdaptixC2 Beacon listener, and Visual Studio (VS) Code tunnels to gain and maintain remote access to targeted systems. The operation appears to focus on Chinese-speaking individuals in Taiwan, as well a…GBHACKERS.COM
23 AprFake Wallpaper App, YouTube Channel Used to Spread notnullOSX MalwareHackers are abusing a fake macOS wallpaper app and a hijacked YouTube channel to quietly deliver notnullOSX, a new crypto-focused stealer that targets Macs via ClickFix commands and weaponized DMG installers. The campaign is highly selective, going after victims with crypto holdi…GBHACKERS.COM
23 AprMicrosoft Graph API misused by new GoGra Linux malware for hidden communicationA new GoGra Linux malware uses Microsoft Graph API and an Outlook inbox to deliver payloads, making it stealthy and hard to detect. A new Linux version of the GoGra backdoor uses Microsoft’s Graph API and an Outlook inbox to deliver malicious payloads stealthily. The malware is l…SECURITYAFFAIRS.COM
23 AprWhat Is Square? Pricing, Features & How It WorksSquare is a payment processing platform with built-in POS and business management tools for in-person and online sales. Here’s how it works, what it costs, and its ideal use cases. The post What Is Square? Pricing, Features & How It Works appeared first on TechRepublic .TECHREPUBLIC.COM
23 AprNorth Korean Fake IT Workers Infiltrate Firms to Dodge SanctionsNorth Korean threat actors are once again leveraging deceptive remote work schemes to infiltrate global organizations, using fake IT worker personas to generate revenue and bypass international sanctions. A recent investigation, triggered by cryptocurrency security researcher Zac…GBHACKERS.COM
23 AprBrave brings “Shred” to Android for one-tap tracking data deletionBrave has expanded its “Shred” privacy feature to Android, bringing its one-tap, site-specific data deletion capability to a broader user base with the release of version 1.89. The feature, introduced on iOS in 2024, is designed to disrupt first-party tracking by allowing users t…CYBERINSIDER.COM
23 AprChina-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go BackdoorsMongolian governmental institutions have emerged as the target of a previously undocumented China-aligned advanced persistent threat (APT) group tracked as GopherWhisper. "The group wields a wide array of tools mostly written in Go, using injectors and loaders to deploy and execu…THEHACKERNEWS.COM
23 AprOutlook Mailboxes Used to Conceal Linux GoGra Backdoor TrafficA newly discovered Linux variant of the GoGra backdoor is being used by the Harvester advanced persistent threat (APT) group to conduct stealthy cyber espionage operations. Harvester, a suspected nation-state-backed group active since at least 2021, is known for targeting South A…GBHACKERS.COM
23 AprCan AI Attack the Cloud? Lessons From Building an Autonomous Cloud Offensive Multi-Agent SystemUnit 42 reveals how multi-agent AI systems can autonomously attack cloud environments. Learn critical insights and vital lessons for proactive security. The post Can AI Attack the Cloud? Lessons From Building an Autonomous Cloud Offensive Multi-Agent System appeared first on Unit…UNIT42.PALOALTONETWORKS.COM
23 AprFBI Extracts Deleted Signal Messages from iPhone Notification Database404 Media reports (alternate site ): The FBI was able to forensically extract copies of incoming Signal messages from a defendant’s iPhone, even after the app was deleted, because copies of the content were saved in the device’s push notification database…. The news shows h…SCHNEIER.COM
23 AprGitLab Fixes Flaws That Could Allow Attackers to Hijack User SessionsGitLab has released emergency security patches addressing 11 vulnerabilities across its Community Edition (CE) and Enterprise Edition (EE), including three high-severity flaws that could allow attackers to execute malicious code, forge requests, and steal user session tokens. On …GBHACKERS.COM
23 AprOutlook Mailboxes Abused to Conceal Linux GoGra Backdoor TrafficThe Harvester APT group has quietly expanded its espionage arsenal with a new Linux variant of its GoGra backdoor, one that cleverly hides its command-and-control (C2) traffic within Microsoft Outlook mailboxes, making it significantly harder to detect with traditional network de…GBHACKERS.COM
23 AprSelf-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokenssubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2026/04/self-propagating-supply-chain-worm.htmlSH.ITJUST.WORKS
23 AprFBI: Americans Lost More Than $20 billion to Fraud Last YearCyber-enabled crimes cost Americans nearly $21 billion in 2025, a 26% increase from the previous year, according to the FBI’s latest Internet Crime Report. Phishing, extortion, and investment scams were the most commonly reported attacks, with AI-related scams driving some of the…KNOWBE4.COM
23 AprPhishing reclaims the top initial access spot, attackers experiment with AI tools - Help Net Securitysubmitted by kid to cybersecurity 8 points | 0 comments https://www.helpnetsecurity.com/2026/04/22/cisco-phishing-initial-access-2026/SH.ITJUST.WORKS
23 AprMicrosoft releases emergency patches for critical ASP.NET flawsubmitted by kid to cybersecurity 3 points | 0 comments https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-emergency-security-updates-for-critical-aspnet-flaw/SH.ITJUST.WORKS
23 AprCloud Security Isn’t What You ThinkCloud computing relies on storing data in third-party environments under a shared responsibility model. Security outcomes depend less on the cloud itself and more on how systems are designed. Embedding controls early and continuously validating configurations can lead to stronger…YOUTUBE.COM
23 AprApple’s $599 Mac mini Just Sold Out EverywhereApple’s $599 Mac mini is now sold out, with shortages spreading across configurations amid supply and demand pressures. The post Apple’s $599 Mac mini Just Sold Out Everywhere appeared first on TechRepublic .TECHREPUBLIC.COM
23 AprAI-written software creates hassles for wary security teamsA new report explains what cybersecurity practitioners need to see before they trust AI coding tools. CYBERSECURITYDIVE.COM
23 AprGoogle’s Pixel Update Sparks ‘Severe’ Battery Drain Across Multiple ModelsGoogle Pixel users are reporting severe battery drain after recent Android updates, with complaints spanning multiple models and no confirmed fix yet. The post Google’s Pixel Update Sparks ‘Severe’ Battery Drain Across Multiple Models appeared first on TechRepublic .TECHREPUBLIC.COM
23 AprResearcher claims Claude Desktop installs “spyware” on macOSsubmitted by kid to cybersecurity 1 points | 0 comments https://www.malwarebytes.com/blog/news/2026/04/researcher-claims-claude-desktop-installs-spyware-on-macosSH.ITJUST.WORKS
23 AprIran-nexus threat groups refine attacks against critical infrastructureState-sponsored and hacktivist groups have shown greater determination to damage or disable energy, water and other key sectors.CYBERSECURITYDIVE.COM
23 AprNew Pentagon Plan Would Pour $54B Into Drones, AI Combat SystemsThe Pentagon is seeking about $54 billion for autonomous warfare and drone systems, a huge bet that is raising concerns about doctrine, training, and oversight. The post New Pentagon Plan Would Pour $54B Into Drones, AI Combat Systems appeared first on TechRepublic .TECHREPUBLIC.COM
23 AprApple Fixes iPhone Bug After FBI Retrieved Signal MessagesApple patched an iPhone notification bug that let deleted messages linger in system storage, closing a privacy gap exposed by an FBI Signal case. The post Apple Fixes iPhone Bug After FBI Retrieved Signal Messages appeared first on TechRepublic .TECHREPUBLIC.COM
23 AprTikTok Invests $1.16 Billion in New Finland Facility to Localize European DataTikTok is building a second data center in Finland as part of its Project Clover push to keep European user data stored within Europe. The post TikTok Invests $1.16 Billion in New Finland Facility to Localize European Data appeared first on TechRepublic .TECHREPUBLIC.COM
23 AprSamsung Galaxy Connect Now Works on Any Windows 11 PCSamsung Galaxy Connect now works on non-Samsung Windows 11 PCs with Intel or AMD chips, bringing continuity features beyond Galaxy Book laptops. The post Samsung Galaxy Connect Now Works on Any Windows 11 PC appeared first on TechRepublic .TECHREPUBLIC.COM
23 AprHackers Use Hidden Website Instructions in New Attacks on AI Assistantssubmitted by kid to cybersecurity 5 points | 0 comments https://hackread.com/hackers-hidden-site-instruction-attack-ai-assistants/SH.ITJUST.WORKS
23 AprIndia’s App Boom Has a Revenue ProblemIndia’s app market is booming in downloads and usage, but much of the money still flows to global platforms rather than local developers. The post India’s App Boom Has a Revenue Problem appeared first on TechRepublic .TECHREPUBLIC.COM
23 AprDragos: Despite AI use, new malware targeting water plants is ‘hype’ZionSiphon was designed to find and sabotage Israelis’ water supply. An OT expert said it appears to be ineffective and the work of amateurs using AI. The post Dragos: Despite AI use, new malware targeting water plants is ‘hype’ appeared first on CyberScoop .CYBERSCOOP.COM
23 AprFrontier AI and the Future of Defense: Your Top Questions AnsweredWhat are the next steps for security leaders in this new age of frontier AI? We answer the top 10 questions customers are asking. The post Frontier AI and the Future of Defense: Your Top Questions Answered appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
22 AprISC Stormcast For Wednesday, April 22nd, 2026 https://isc.sans.edu/podcastdetail/9902, (Wed, Apr 22nd)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
22 AprWireshark tutorial: Capture vs. Display Filterssubmitted by monica_b1998 to cybersecurity 2 points | 0 comments https://slicker.me/wireshark/filters.htmlINFOSEC.PUB
22 AprNobody runs a marathon by accidentNobody wakes up on a Sunday, stretches, checks the weather, and accidentally clocks 26.2 miles before brunch. A marathon is built on lonely mornings, careful plans, lost toenails, and no social life. You train for weeks or months. You get injured. You ice. You tape. You pick prot…KNOWBE4.COM
22 AprMicrosoft-Signed Binary Helps Deliver LOTUSLITE in India Spy CampaignMicrosoft-signed developer tooling is being abused to quietly deploy a new LOTUSLITE backdoor variant against India’s banking sector, in what researchers link to the China‑nexus Mustang Panda espionage cluster with moderate confidence. The backdoor retains its espionage profile, …GBHACKERS.COM
22 AprScale Computing Spotlights Edge Wins in Retail, K-12At Platform//2026, Scale Computing showed how Taco Bell and a K-12 district use edge infrastructure to simplify IT and improve uptime. The post Scale Computing Spotlights Edge Wins in Retail, K-12 appeared first on TechRepublic .TECHREPUBLIC.COM
22 AprAmazon, Anthropic Expand Alliance With 5GW Compute Push to Power ClaudeAmazon and Anthropic have announced a massive expansion of their strategic partnership. The tech giants signed a new agreement to secure up to 5 gigawatts (GW) of compute capacity for training and deploying the Claude AI model. This aggressive push highlights the immense infrastr…GBHACKERS.COM
22 AprHackers Tie Iranian Espionage to CastleRAT and ChainShellA direct operational link between Iran’s MuddyWater espionage group and the Russian TAG-150 CastleRAT malware-as-a-service (MaaS) platform, showing how state and criminal ecosystems are now tightly intertwined. Investigators recovered 15 malware samples, including at least two Ca…GBHACKERS.COM
22 AprMustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy CirclesCybersecurity researchers have discovered a new variant of a known malware called LOTUSLITE that's distributed via a theme related to India's banking sector. "The backdoor communicates with a dynamic DNS-based command-and-control server over HTTPS and supports remote shell access…THEHACKERNEWS.COM
22 AprAuraboros RAT Adds Live Audio, Keylogging, and Cookie Theft via Open C2 PanelA fully exposed command-and-control (C2) panel for a previously undocumented remote access trojan (RAT) framework dubbed Auraboros, supporting live audio streaming, intensive keylogging, browser credential theft, and multi-cookie hijacking all accessible over the internet with ze…GBHACKERS.COM
22 AprMicrosoft warns of fake IT worker identities infiltrating cloud environmentsMicrosoft is warning that North Korea‑aligned group Jasper Sleet is abusing remote hiring to slip fake IT workers into cloud environments by posing as legitimate staff and then abusing trusted access. Since the pandemic, many companies hire globally, verify identities online, and…GBHACKERS.COM
22 AprUnauthorized Group Gains Access to Anthropic's Exclusive Cyber Tool Mythossubmitted by kid to cybersecurity 8 points | 0 comments https://cybersecuritynews.com/anthropic-mythos-access/SH.ITJUST.WORKS
22 AprWhen Wi-Fi Encryption Fails: Protecting Your Enterprise from AirSnitch AttacksUnit 42 research reveals AirSnitch attacks bypass WPA2/3 Wi-Fi encryption and client isolation, exposing critical infrastructure vulnerabilities. The post When Wi-Fi Encryption Fails: Protecting Your Enterprise from AirSnitch Attacks appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
22 AprICE Uses Graphite SpywareICE has admitted that it uses spyware from the Israeli company Graphite.SCHNEIER.COM
22 AprFrench Fintech Accounts Used to Launder Stolen Funds Before DetectionCybercriminals are turning French freelancer fintech accounts into high-speed money laundering channels, moving stolen funds within minutes often before banks or victims realise anything is wrong. Fintech platforms like Revolut, Wise and N26 allow fast, remote account opening, li…GBHACKERS.COM
22 AprNGate NFC malware targets Android users through trojanized payment app - Help Net Securitysubmitted by kid to cybersecurity 1 points | 0 comments https://www.helpnetsecurity.com/2026/04/21/android-ngate-nfc-malware/SH.ITJUST.WORKS
22 AprMicrosoft Must Face £2.1B UK Cloud Licensing LawsuitA UK tribunal has allowed a £2.1 billion lawsuit over Microsoft’s cloud licensing to move forward, adding new pressure to how Windows Server is priced outside Azure. The post Microsoft Must Face £2.1B UK Cloud Licensing Lawsuit appeared first on TechRepublic .TECHREPUBLIC.COM
22 AprResearchers Uncover SIM Farm-as-a-Service Operation Spanning 87 Panels in 17 NationsInfrastructure intelligence firm Infrawatch has exposed a globally distributed SIM Farm-as-a-Service ecosystem powered by a single Belarus-based software platform called ProxySmart, identifying 87 exposed control panels across 17 countries and at least 94 physical phone-farm loca…GBHACKERS.COM
22 AprAzure SRE Agent flaw lets outsiders silently eavesdrop on enterprise cloud operations | CSO Onlinesubmitted by kid to cybersecurity 2 points | 0 comments https://www.csoonline.com/article/4161389/azure-sre-agent-flaw-let-outsiders-silently-eavesdrop-on-enterprise-cloud-operations.htmlSH.ITJUST.WORKS
22 AprPhishing Campaigns Abuse AI Workflow Automation PlatformsThreat actors are abusing agentic AI automation platforms to deliver malware and send phishing emails, according to researchers at Cisco Talos. The researchers observed attackers using n8n, a legitimate platform that automates workflows in web apps and services like Slack, GitHub…KNOWBE4.COM
22 AprMalicious Google Ads Hit Crypto Users With Wallet DrainersMalicious Google Ads are increasingly being used to steal cryptocurrency by draining wallets and harvesting seed phrases from unsuspecting users searching for legitimate DeFi apps and wallet services. Recent campaigns tracked by SEAL show a sustained, technically advanced operati…GBHACKERS.COM
22 AprDownloads falsos do Google Antigravity estão roubando contas em questão de minutos | Malwarebytessubmitted by kid to cybersecurity 1 points | 0 comments https://www.malwarebytes.com/pt-br/blog/threat-intel/2026/04/fake-google-antigravity-downloads-are-stealing-accounts-in-minutesSH.ITJUST.WORKS
22 AprMore Attack Context for Faster Triage, Response, and Hunting. Now Available to Every SOCANY.RUN has expanded access to Threat Intelligence capabilities for SOC and MSSP teams, backed by live attack data from 15,000 organizations. Here’s how your team can test TI’s impact on triage quality, response speed, and threat hunting workflows.…ANY.RUN
22 AprWhat are You Working on Wednesdaysubmitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.INFOSEC.PUB
22 AprHarvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph APIThe threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targeting entities in South Asia. "The malware uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert command-and-control (C2…THEHACKERNEWS.COM
22 AprPhishing — sometimes with AI’s help — topped initial-access methods in Q1, Cisco saysHackers can now spin up fake login pages without writing a single line of code.CYBERSECURITYDIVE.COM
22 AprNetwork Engineering BasicsThe computer networking field is broad, encompassing many focus areas similar to cybersecurity. If you’re new to the field or just interested in networking, knowing where to start can be challenging. Searching for a network engineer position on any job listing site will yield tho…BLACKHILLSINFOSEC.COM
22 AprRevolut Reportedly Targets $200B IPO Valuation in Huge Fintech BetRevolut is reportedly targeting a $200 billion IPO valuation by 2028, a goal that would put the fintech above BlackRock, UBS, and Charles Schwab. The post Revolut Reportedly Targets $200B IPO Valuation in Huge Fintech Bet appeared first on TechRepublic .TECHREPUBLIC.COM
22 AprThe Supreme Court is about to decide how far geofence warrants can goChatrie v. United States asks whether a single warrant can justify a location-data dragnet — and what “probable cause” means when the search starts with basically everyone nearby. The post The Supreme Court is about to decide how far geofence warrants can go appeared first on Cyb…CYBERSCOOP.COM
22 AprAI Tools Are Helping Mediocre North Korean Hackers Steal MillionsOne group of hackers used AI for everything from vibe coding their malware to creating fake company websites—and stole as much as $12 million in three months.WIRED.COM
22 AprAuthentication No Longer Means SafeOrganizations like Nacha are redefining what counts as an authorized transaction. Traditionally, valid credentials meant legitimacy—but that assumption is changing. With AI-driven scams and deepfakes, attackers can manipulate users into making “authorized” transactions. This intr…YOUTUBE.COM
22 AprHackers Impersonate IT Help Desk on Microsoft Teams to Gain Access, Steal DataHackers are abusing Microsoft Teams chats to impersonate IT support, gain remote access, move laterally, and steal company data, Microsoft warns. The post Hackers Impersonate IT Help Desk on Microsoft Teams to Gain Access, Steal Data appeared first on TechRepublic .TECHREPUBLIC.COM
22 AprMalicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply ChainCybersecurity researchers have warned of malicious images pushed to the official "checkmarx/kics" Docker Hub repository. In an alert published today, software supply chain security company Socket revealed that unknown threat actors managed to have overwritten existing tags, inclu…THEHACKERNEWS.COM
22 AprKelpDAO suffers $290 million heist tied to Lazarus hackerssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/kelpdao-suffers-290-million-heist-tied-to-lazarus-hackers/SH.ITJUST.WORKS
22 AprFake Google Antigravity Installer Can Steal Accounts in MinutesFake Antigravity downloads are enabling fast account takeovers using hidden malware and stolen session cookies. The post Fake Google Antigravity Installer Can Steal Accounts in Minutes appeared first on TechRepublic .TECHREPUBLIC.COM
22 AprMicrosoft: Most Windows 11 Users Don’t Need Third-Party AntivirusMicrosoft says Windows 11’s built-in security is strong enough for most users, though power users and enterprises may still want third-party protection. The post Microsoft: Most Windows 11 Users Don’t Need Third-Party Antivirus appeared first on TechRepublic .TECHREPUBLIC.COM
22 AprHarvester: APT Group Expands Toolset With New GoGra Linux Backdoorsubmitted by kid to cybersecurity 1 points | 0 comments https://www.security.com/blog-post/harvester-new-linux-backdoor-gograSH.ITJUST.WORKS
22 AprAI Demand Is Forcing a Rethink of Data Center Power, CoolingAt Data Center World, experts explain how generative and agentic AI are reshaping data center power, cooling, and infrastructure demands. The post AI Demand Is Forcing a Rethink of Data Center Power, Cooling appeared first on TechRepublic .TECHREPUBLIC.COM
22 AprVonage, Girls Who Code Show What ‘Responsible AI’ Looks LikeVonage’s partnership with Girls Who Code is more than feel-good philanthropy; it’s a blueprint for building diverse AI talent pipelines. The post Vonage, Girls Who Code Show What ‘Responsible AI’ Looks Like appeared first on TechRepublic .TECHREPUBLIC.COM
22 AprMozilla Fixes 271 Firefox Bugs Using Anthropic’s Mythos AIMozilla says Firefox 150 patches 271 vulnerabilities found with Anthropic’s restricted Mythos AI, highlighting how quickly AI-driven bug hunting is accelerating. The post Mozilla Fixes 271 Firefox Bugs Using Anthropic’s Mythos AI appeared first on TechRepublic .TECHREPUBLIC.COM
22 AprNorth Korean hackers siphon more than $12 million from crypto users in sprawling campaignResearchers said the group stole up to $12 million in cryptocurrency in the first three months of 2026 through malware attacks on personal devices.THERECORD.MEDIA
21 AprEnd of an Era: Tim Cook Steps Down as Apple CEO, John Ternus to Take OverApple CEO Tim Cook steps down, handing leadership to hardware chief John Ternus in a major shift that could shape the company’s next era. The post End of an Era: Tim Cook Steps Down as Apple CEO, John Ternus to Take Over appeared first on TechRepublic .TECHREPUBLIC.COM
21 AprISC Stormcast For Tuesday, April 21st, 2026 https://isc.sans.edu/podcastdetail/9900, (Tue, Apr 21st)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
21 AprSquare POS Review 2026: Pricing, Features, Pros and ConsSquare POS stands out for its free entry point, flexible software, and wide hardware range. However, its all-in-one approach can fall short depending on your business type and growth needs. The post Square POS Review 2026: Pricing, Features, Pros and Cons appeared first on TechRe…TECHREPUBLIC.COM
21 AprA .WAV With A Payload, (Tue, Apr 21st)There have been reports of threat actors using a .wav file as a vector for malware .
ISC.SANS.EDU
21 AprNew Lazarus APT Campaign: “Mach-O Man” macOS Malware Kit Hits BusinessesEditor’s note: The research is authored by Mauro Eldritch, offensive security expert and a founder of BCA LTD, a company dedicated to threat intelligence and hunting. You can find Mauro on X. The recent wave of ClickFix attacks has introduced several new…ANY.RUN
21 AprNorth Korean Blamed for $290m KelpDAO Crypto HeistNorth Korea’s Lazarus Group is pegged for a $290m crypto theft at KelpDAOINFOSECURITY-MAGAZINE.COM
21 AprGet Microsoft Office 2024 Plus a Full Training Bundle for Just $114Skip the subscription fees and grab Office 2024 Home & Business + 8 Microsoft training courses in one bundle. The post Get Microsoft Office 2024 Plus a Full Training Bundle for Just $114 appeared first on TechRepublic .TECHREPUBLIC.COM
21 AprSet Your Business Up With Microsoft Office 2019 & Windows 11 Pro, $26Skip the subscription fees and own a complete Microsoft productivity and OS bundle for a one-time payment. The post Set Your Business Up With Microsoft Office 2019 & Windows 11 Pro, $26 appeared first on TechRepublic .TECHREPUBLIC.COM
21 AprFakeWallet cryptostealer propagating via iOS App Store applicationssubmitted by beep to cybersecurity 2 points | 0 comments https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/INFOSEC.PUB
21 AprNew NGate Android malware variant uses NFC app to steal card dataA newly discovered variant of the NGate Android malware is abusing a legitimate NFC payment app to steal victims’ card data and PINs, enabling attackers to perform contactless withdrawals and payments. According to ESET researchers, who detailed their findings in a report shared …CYBERINSIDER.COM
21 Aprpompelmi – ClamAV antivirus scanning for Node.js, zero dependenciessubmitted by justsouichi to security 1 points | 0 comments https://github.com/pompelmi/pompelmiPROGRAMMING.DEV
21 AprMexican Surveillance CompanyGrupo Seguritech is a Mexican surveillance company that is expanding into the US.SCHNEIER.COM
21 AprNGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINsCybersecurity researchers have discovered a new iteration of an Android malware family calledNGate that has been found to abuse a legitimate application called HandyPay instead of NFCGate. "The threat actors took the app, which is used to relay NFC data, and patched it with …THEHACKERNEWS.COM
21 AprAI-Powered NGate Malware Evades Detection Inside NFC Payment AppsA new NGate malware variant that hides inside a trojanized version of HandyPay, a legitimate NFC payment relay app for Android, to steal card data and PINs for ATM cash-outs and fraudulent payments. The injected code shows clear signs of being produced with generative AI, highlig…GBHACKERS.COM
21 AprClaude Code, Gemini CLI, and GitHub Copilot Exposed to Prompt Injection via GitHub CommentsComment and Control prompt injection vulnerabilities discovered in AI agents, including Claude Code Security Review, Google Gemini CLI Action, and GitHub Copilot Agent. The research, spearheaded by Aonan Guan and Johns Hopkins University researchers, highlights critical architect…GBHACKERS.COM
21 AprAll-in-One PDFtoolkit Unlimited Is $79 (reg. $619)Cut software subscription costs—and save $540—on unlimited AI-powered, secure browser-based PDF editing tools. The post All-in-One PDFtoolkit Unlimited Is $79 (reg. $619) appeared first on TechRepublic .TECHREPUBLIC.COM
21 AprGoogle’s AI Overviews Produce Hundreds of Millions of Inaccurate Answers Every Day, Analysis SuggestsA new Oumi analysis reveals Google's AI Overviews may produce up to 225 billion false summaries annually. Learn about the accuracy gap between Gemini 2 and Gemini 3. The post Google’s AI Overviews Produce Hundreds of Millions of Inaccurate Answers Every Day, Analysis Suggests app…TECHREPUBLIC.COM
21 AprAmazon Deepens Anthropic Partnership, Eyeing Up to $25B as Claude Demand SurgesAmazon is investing another $5 billion in Anthropic, deepening its AWS partnership as Claude expands across chips, cloud, and enterprise access. The post Amazon Deepens Anthropic Partnership, Eyeing Up to $25B as Claude Demand Surges appeared first on TechRepublic .TECHREPUBLIC.COM
21 AprLLMs Push Red Team BoundariesLLMs remix existing information to generate outputs, enabling red teams to move faster and build more convincing attack scenarios. This speed and synthesis capability can improve testing—but also introduce risk. Local LLMs without safeguards may allow teams to bypass ethical cons…YOUTUBE.COM
21 AprBig banks seek to ease security worries as AI push accelerates“AI is our friend, OK?” said Morgan Stanley CEO Ted Pick during the bank’s earnings call as the industry grapples with its disruptive potential. CYBERSECURITYDIVE.COM
21 Apr67% of Android apps log data not mentioned in their privacy policiesA large-scale academic study found that roughly two-thirds of Android apps fail to accurately disclose how they collect sensitive data through logging, exposing a significant transparency gap between privacy policies and real-world behavior. The research, conducted by a team from…CYBERINSIDER.COM
21 AprThis Sophisticated Scam Should Be a Warning To All CompaniesScams are becoming more sophisticated over time, but this latest scam should be a wake-up call to all organizations and employees as to how far some scammers will go to damage your organization or its stakeholders.KNOWBE4.COM
21 AprLeak Points to Google’s ‘Fitbit Air’ as a Screen-Free Wearable for Health TrackingGoogle’s rumored Fitbit Air could launch soon as a screen-free fitness band, while leaks point to a broader Google Health rebrand. The post Leak Points to Google’s ‘Fitbit Air’ as a Screen-Free Wearable for Health Tracking appeared first on TechRepublic .TECHREPUBLIC.COM
21 AprApple May Drop iOS 27 Support for Four iPhones, Leaving Millions BehindA new leak suggests iOS 27 may drop support for the iPhone 11 lineup and the second-generation iPhone SE. The post Apple May Drop iOS 27 Support for Four iPhones, Leaving Millions Behind appeared first on TechRepublic .TECHREPUBLIC.COM
21 AprHuawei Just Beat Apple and Samsung to a New Foldable Format in ChinaHuawei’s Pura X Max is now official in China, bringing a wide foldable design, a 7.7-inch inner display, Kirin 9030 Pro, and a 5,300mAh battery. The post Huawei Just Beat Apple and Samsung to a New Foldable Format in China appeared first on TechRepublic .TECHREPUBLIC.COM
21 AprGoogle Photos Rolls Out New AI-Powered Portrait Editing FeaturesGoogle Photos is rolling out AI-powered portrait touch-up tools that make skin smoothing, eye brightening, and quick facial edits easier on Android. The post Google Photos Rolls Out New AI-Powered Portrait Editing Features appeared first on TechRepublic .TECHREPUBLIC.COM
21 AprQuantum Computers Are Not a Threat to 128-bit Symmetric Keyssubmitted by cm0002 to cybersecurity 1 points | 0 comments https://words.filippo.io/128-bits/INFOSEC.PUB
21 AprScottish man pleads guilty to attack spree that created Scattered Spider’s notorietyTyler Robert Buchanan “was the glue that held this gang together,” a cybercrime researcher said. He faces up to 22 years in federal prison. The post Scottish man pleads guilty to attack spree that created Scattered Spider’s notoriety appeared first on CyberScoop .CYBERSCOOP.COM
21 AprNorth Korea’s Lazarus APT stole $290M from Kelp DAONorth Korea-linked Lazarus Group stole $290M from Kelp DAO by abusing LayerZero. A second $95M attempt was stopped. Hackers tied to the North-Korea linked group Lazarus APT carried out a $290M crypto theft targeting Kelp DAO. Kelp DAO is a decentralized finance (DeFi) protocol bu…SECURITYAFFAIRS.COM
21 AprMacBook Neo Cheat Sheet: Everything to Know About Apple’s Budget MacMacBook Neo starts at $599 with an A18 Pro chip, a bright 13-inch display, and clear trade-offs in ports, battery claims, and premium features. The post MacBook Neo Cheat Sheet: Everything to Know About Apple’s Budget Mac appeared first on TechRepublic .TECHREPUBLIC.COM
21 AprIntel Handheld Gaming Chip Core G3: Can It Challenge AMD in 2026?Intel’s Core G3 handheld chip could give AMD real competition in 2026, but only if it delivers where gaming handhelds actually live: low power, stable frame rates, and battery-conscious performance. The post Intel Handheld Gaming Chip Core G3: Can It Challenge AMD in 2026? appear…TECHREPUBLIC.COM
21 AprMeta Tests Paid WhatsApp Features With New ‘Plus’ TierMeta is testing a WhatsApp Plus subscription that includes themes, stickers, and chat tools in a limited rollout to select users. The post Meta Tests Paid WhatsApp Features With New ‘Plus’ Tier appeared first on TechRepublic .TECHREPUBLIC.COM
21 AprGalaxy S27 Could Debut Samsung’s Biggest Battery Upgrade in YearsA new leak suggests Samsung could bring silicon-carbon batteries to the Galaxy S27, potentially delivering a major battery life upgrade. The post Galaxy S27 Could Debut Samsung’s Biggest Battery Upgrade in Years appeared first on TechRepublic .TECHREPUBLIC.COM
21 AprChina Deploys Robot Dogs, Drones, and Humanoids to Run a ‘Full-Space’ Metro SystemChina’s Hefei metro is testing robot dogs, drones, and humanoids to inspect trains, patrol platforms, and assist passengers during busy travel periods. The post China Deploys Robot Dogs, Drones, and Humanoids to Run a ‘Full-Space’ Metro System appeared first on TechRepublic .TECHREPUBLIC.COM
20 AprISC Stormcast For Monday, April 20th, 2026 https://isc.sans.edu/podcastdetail/9898, (Mon, Apr 20th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
20 AprPublic Notion Pages Expose Editors’ Profile Photos and Email AddressesA significant data exposure issue has been brought to light regarding Notion, a highly popular productivity and note-taking application. This exposure happens without requiring any authentication, cookies, or access tokens, leaving thousands of indexable company wikis and persona…GBHACKERS.COM
20 AprZionSiphon Hits Israeli Water Systems With OT Sabotage MalwareZionSiphon is a newly analyzed Operational Technology (OT) malware strain designed to target Israeli water treatment and desalination facilities, with a clear emphasis on sabotage rather than simple IT disruption. Darktrace’s investigation found that ZionSiphon restricts itself t…GBHACKERS.COM
20 AprNSA Confirms Use of Anthropic’s Mythos Despite Pentagon BlacklistThe National Security Agency (NSA) is actively using Anthropic’s highly restricted “Mythos” artificial intelligence model, despite the developer currently being on the Department of Defense (DoD) blacklist. According to recent intelligence reports highlighted by the I…GBHACKERS.COM
20 AprTop ERP Software Vendors in 2026Are you an IT manager or executive building the case for a new ERP vendor? Compare the top ERP software companies in 2026 for your business. The post Top ERP Software Vendors in 2026 appeared first on TechRepublic .TECHREPUBLIC.COM
20 AprWindows 11 Dev Build Introduces Improved Secure Boot Oversight and Storage SecurityMicrosoft has rolled out Windows 11 Insider Preview Build 26300.8170 to the Dev Channel, bringing crucial updates for system security and storage management. Announced by the Windows Insider Program Team on April 10, 2026, this release delivers enhanced oversight for Secure Boot …GBHACKERS.COM
20 ApriTerm2 Flaw Turns SSH Escape Sequences Into Arbitrary Code ExecutionIn the cybersecurity community, we often assume that simply reading a text file using a command like cat is a perfectly safe operation. However, security researchers have recently demonstrated that doing so inside the popular iTerm2 macOS terminal emulator can cross the line into…GBHACKERS.COM
20 AprMicrosoft-Signed Malware Built With FUD Crypt Packs Persistence and C2Hackers are abusing a service called FUD Crypt to generate fully undetected, Microsoft‑signed malware that installs persistence and connects to a dedicated command‑and‑control (C2) platform with zero effort on the buyer’s part. This Malware‑as‑a‑Service (MaaS) offering turn…GBHACKERS.COM
20 AprMiningDropper Spreads Infostealers, RATs, Banking Malware on AndroidHackers are abusing a modular Android framework called MiningDropper to mine cryptocurrency and silently install infostealers, remote access trojans (RATs), and banking malware on infected devices. MiningDropper is a multi-stage Android dropper that combines crypto-mining with th…GBHACKERS.COM
20 AprIs “Satoshi Nakamoto” Really Adam Back?The New York Times has a long article where the author lays out an impressive array of circumstantial evidence that the inventor of Bitcoin is the cypherpunk Adam Back. I don’t know. The article is convincing, but it’s written to be convincing. I can’t remember …SCHNEIER.COM
20 AprNorth Korea-Linked UNC1069 Hacks Crypto Pros via Fake MeetingsNorth Korea-linked threat actor UNC1069 is running a highly targeted campaign that abuses fake Zoom, Google Meet, and Microsoft Teams meetings to compromise cryptocurrency and Web3 professionals across Windows, macOS, and Linux systems. The goal is long-term access and large-scal…GBHACKERS.COM
20 AprNotion pages have leaked user data via an unauthenticated API since 2022A security researcher has revealed that Notion’s public pages can expose the email addresses of all contributors through an unauthenticated API request, a behavior that has reportedly been known since 2022 and is still present today. The issue allows anyone to extract user data, …CYBERINSIDER.COM
20 AprIntel Utility Hijacked in AppDomain Attack to Launch MalwareHackers are abusing a trusted Intel utility to quietly launch advanced malware by hijacking the .NET AppDomain mechanism, allowing malicious code to run inside a signed executable and evade many enterprise defenses. The campaign, dubbed Operation PhantomCLR by researchers, target…GBHACKERS.COM
20 AprNew RecruitRat, SaferRat, Astrinox, Massiv Android Malware Found Targeting 800 Appssubmitted by kid to cybersecurity 2 points | 0 comments https://hackread.com/recruitrat-saferrat-astrinox-massiv-android-malware/SH.ITJUST.WORKS
20 AprCritical sandbox bypass fixed in popular Thymeleaf Java template engine | CSO Onlinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.csoonline.com/article/4160520/critical-sandbox-bypass-fixed-in-popular-thymeleaf-java-template-engine.htmlSH.ITJUST.WORKS
20 AprThis $20 Career Prep Bundle Teaches Something Others NeglectStudy the soft skills employers praise, like communication, resilience on the job, and even interview prep. The post This $20 Career Prep Bundle Teaches Something Others Neglect appeared first on TechRepublic .TECHREPUBLIC.COM
20 AprWhy the Axios attack proves AI is mandatory for supply chain securityTwo weeks ago, a suspected North Korean threat actor slipped malicious code into a package within Axios, a widely used JavaScript library. The immediate concern was the blast radius: roughly 100 million weekly downloads spanning enterprises, startups, and government systems. But …CYBERSCOOP.COM
20 AprMeta Plans Up to 8,000 Job Cuts in New Round of LayoffsMeta is preparing a major round of layoffs that could cut up to 8,000 jobs as the company restructures and leans further into AI-driven operations. The post Meta Plans Up to 8,000 Job Cuts in New Round of Layoffs appeared first on TechRepublic .TECHREPUBLIC.COM
20 AprAnthropic secretly installs spyware when you install Claude Desktopsubmitted by codeinabox to security 44 points | 3 comments https://www.thatprivacyguy.com/blog/anthropic-spyware/PROGRAMMING.DEV
20 AprStellantis teams with Microsoft to strengthen digital capabilitiesAs part of the 5-year agreement, collaborative teams will co-develop more than 100 initiatives relating to AI and cybersecurity.CYBERSECURITYDIVE.COM
20 AprApple’s App Store found hosting ‘FakeWallet’ crypto-stealing appsA wave of malicious iOS apps posing as legitimate cryptocurrency wallets has been discovered on Apple’s App Store, aiming to steal users’ recovery phrases and compromise their funds. The campaign, uncovered by Kaspersky and tracked as FakeWallet, has likely been operating undetec…CYBERINSIDER.COM
20 AprNorth Korea hackers blamed for $290M crypto theftThe hack against Kelp DAO is the largest crypto heist of the year so far.TECHCRUNCH.COM
20 AprChrome Privacy Concerns Rise as Expert Warns of Fingerprinting RisksA privacy expert warns Chrome still allows browser fingerprinting and tracking, raising concerns after Google’s shift away from third-party cookie changes. The post Chrome Privacy Concerns Rise as Expert Warns of Fingerprinting Risks appeared first on TechRepublic .TECHREPUBLIC.COM
20 AprAmazon Debuts ‘Slimmest Ever’ Fire TV Stick HD Starting at $34.99Amazon unveils its “slimmest ever” Fire TV Stick HD with Wi-Fi 6, Alexa+, faster performance, and portable USB-powered streaming for any TV. The post Amazon Debuts ‘Slimmest Ever’ Fire TV Stick HD Starting at $34.99 appeared first on TechRepublic .TECHREPUBLIC.COM
20 AprItaly fines national postal service $14.7M over invasive data collectionItaly’s privacy watchdog has fined Poste Italiane and its digital payments arm Postepay more than €12.5 million ($14.7M) for unlawfully processing user data through their mobile apps. The regulator found that anti-fraud measures embedded in the apps collected excessive device inf…CYBERINSIDER.COM
20 AprOver 800 Android Apps Targeted in PIN-Stealing Trojan CampaignFour Android banking malware campaigns are targeting more than 800 apps by abusing overlays, Accessibility permissions, and sideloaded fake apps to steal PINs. The post Over 800 Android Apps Targeted in PIN-Stealing Trojan Campaign appeared first on TechRepublic .TECHREPUBLIC.COM
20 AprBad Data Breaks AI SystemsAI systems rely entirely on the quality of the data they are trained on and operate with. Many organizations still struggle with basic data hygiene—classification, deduplication, and organization. Without clean, structured, and relevant data, AI systems produce poor or unreliable…YOUTUBE.COM
20 AprMac Studio 2026: Apple’s New Desktop Faces a Delayed TimelineApple’s Mac Studio 2026 may be delayed due to supply chain issues and memory shortages, with reports pointing to a later-than-expected release timeline. The post Mac Studio 2026: Apple’s New Desktop Faces a Delayed Timeline appeared first on TechRepublic .TECHREPUBLIC.COM
20 AprChina’s Robot Half Marathon Was More Than a StuntBeijing’s robot half marathon was part spectacle, part stress test, and a much better sign of humanoid progress than last year’s remote-controlled field. The post China’s Robot Half Marathon Was More Than a Stunt appeared first on TechRepublic .TECHREPUBLIC.COM
20 AprThis VPN Lets You Verify Your Business Privacy For $130VP.NET makes VPN privacy verifiable, not just policy-based, with secure enclave tech for up to five devices. The post This VPN Lets You Verify Your Business Privacy For $130 appeared first on TechRepublic .TECHREPUBLIC.COM
19 AprOil Industry Hacker Accused of Targeting Environmental Activists Appears in Courtsubmitted by Valnao to cybersecurity 7 points | 0 comments https://www.nytimes.com/2026/04/17/climate/amit-forlit-hacking-court.html?unlocked_article_code=1.cFA.JFPQ.Que4w_FTZDNbSH.ITJUST.WORKS
19 AprMicrosoft's Silent Lockout: Why WireGuard, VeraCrypt & Windscribe Can No Longer Update Windows Userssubmitted by cm0002 to cybersecurity 20 points | 2 comments https://techlore.tech/microsofts-silent-lockout-why-wireguard-veracrypt-windscribe-can-no-longer-update-windows-users/INFOSEC.PUB
18 AprHTTP desync in Discord's media proxy: Spying on a whole platformsubmitted by beep to cybersecurity 1 points | 0 comments https://tmctmt.com/posts/http-desync-in-discord/ Lobsters .INFOSEC.PUB
18 AprIt Is Time to Ban the Sale of Precise Geolocationsubmitted by supersquirrel to cybersecurity 32 points | 0 comments https://www.lawfaremedia.org/article/it-is-time-to-ban-the-sale-of-precise-geolocationSH.ITJUST.WORKS
17 AprISC Stormcast For Friday, April 17th, 2026 https://isc.sans.edu/podcastdetail/9896, (Fri, Apr 17th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
17 AprHackers Deploy ATHR for Scalable AI-Driven Vishing and Credential TheftHackers are increasingly turning to telephone-oriented attack delivery (TOAD) to bypass traditional email security, and a new cybercrime platform called ATHR is accelerating this trend with AI-driven automation and integrated phishing capabilities. TOAD attacks rely on a simple b…GBHACKERS.COM
17 AprAnthropic Introduces Claude Opus 4.7 for Advanced Problem-SolvingAnthropic has officially launched Claude Opus 4.7, a major upgrade designed to tackle complex software engineering while introducing rigorous new cybersecurity safeguards. Released on April 16, 2026, this model brings enhanced problem-solving capabilities to developers and active…GBHACKERS.COM
17 AprZionSiphon Malware Hits Israeli Desalination PlantsHackers are experimenting with new malware designed to sabotage Israeli desalination and water treatment plants using a tool dubbed “ZionSiphon,”. However, the current sample appears to be a faulty or developmental build rather than a fully operational weapon. The code checks IPv…GBHACKERS.COM
17 AprCensys Warns 6 Million Public-Facing FTP Servers Are Still Exposed in 2026A new security brief from internet intelligence firm Censys reveals that the 55 year old File Transfer Protocol continues to run on nearly 6 million internet facing hosts. As of April 2026, the dominant story of FTP exposure is not purpose built file transfer infrastructure, but …GBHACKERS.COM
17 AprFiverr left customer files public and searchable on Googlesubmitted by beep to cybersecurity 2 points | 0 comments https://news.ycombinator.com/item?id=47769796INFOSEC.PUB
17 AprTop 5 Disaster Recovery Companies in 2026This is a comprehensive list of the top Disaster Recovery as a Service providers. Use this guide to compare and choose the best solution for you. The post Top 5 Disaster Recovery Companies in 2026 appeared first on TechRepublic .TECHREPUBLIC.COM
17 AprOpenAI Extends GPT-5.4-Cyber Access to Trusted Organizations WorldwideOpenAI has announced the expansion of its “Trusted Access for Cyber” program, granting worldwide security organizations access to its advanced GPT-5.4-Cyber model. The initiative operates on a foundational premise: cutting-edge cyber capabilities must reach network de…GBHACKERS.COM
17 AprMicrosoft Acknowledges Reboot Loop Issue on Windows Servers Following April PatchesMicrosoft has confirmed a critical known issue affecting Windows Server 2025 domain controllers after deploying the April 2026 cumulative update KB5082063 (OS Build 26100.32690), released on April 14, 2026. Affected domain controllers are entering repeated restart loops, and a se…GBHACKERS.COM
17 AprIdentity at the Edge: How the Sixth Annual Identity Management Day Highlights the New Frontiers of TrustEach year, Identity Management Day (IMD) serves as a global reminder that managing digital identities is more than a technical requirement; it is a cornerstone of modern trust. Now in its sixth year, IMD continues to emphasize how identity itself is evolving, stretching beyond hu…KNOWBE4.COM
17 AprZionSiphon malware designed to sabotage water treatment systemssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/zionsiphon-malware-designed-to-sabotage-water-treatment-systems/SH.ITJUST.WORKS
17 AprOperation PowerOFF identifies 75k DDoS users, takes down 53 domainssubmitted by kid to cybersecurity 3 points | 0 comments https://www.bleepingcomputer.com/news/security/operation-poweroff-identifies-75k-ddos-users-takes-down-53-domains/SH.ITJUST.WORKS
17 AprNorth Korea Uses ClickFix to Target macOS Users' Datasubmitted by kid to cybersecurity 3 points | 0 comments https://www.darkreading.com/application-security/north-korea-clickfix-target-macos-users-dataSH.ITJUST.WORKS
17 AprSystemic Flaw in MCP Protocol Could Expose 150 Million Downloads - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/systemic-flaw-mcp-expose-150/SH.ITJUST.WORKS
17 AprSix million FTP servers exposed online | Cybernewssubmitted by kid to cybersecurity 2 points | 0 comments https://cybernews.com/security/six-million-ftp-servers-exposed-online/SH.ITJUST.WORKS
17 AprBluesky Outage: Coordinated Traffic Attack Causes Widespread ErrorsBluesky’s DDoS attack caused outages for a second day, disrupting feeds, notifications, and search across the platform. The post Bluesky Outage: Coordinated Traffic Attack Causes Widespread Errors appeared first on TechRepublic .TECHREPUBLIC.COM
17 AprOff-Topic Fridaysubmitted by shellsharks to cybersecurity 2 points | 0 comments Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)INFOSEC.PUB
17 AprOver 13M Kemper Corporation records leaked on the dark web, hackers claim | Cybernewssubmitted by kid to cybersecurity 1 points | 0 comments https://cybernews.com/security/kemper-insurance-data-leak-shinyhunters/SH.ITJUST.WORKS
17 AprCisco patches critical bugs in Webex, ISE | news | SC Mediasubmitted by kid to cybersecurity 3 points | 0 comments https://www.scworld.com/news/cisco-patches-critical-bugs-in-webex-iseSH.ITJUST.WORKS
17 AprNew Phishing Attack Turns n8n Into On-Demand Malware MachineHackers are abusing n8n workflows to deliver malware and evade detection, according to Cisco Talos, using trusted automation to bypass security defenses. The post New Phishing Attack Turns n8n Into On-Demand Malware Machine appeared first on TechRepublic .TECHREPUBLIC.COM
17 AprWidespread AI Use Masks a Growing Workplace Readiness GapStudy.com finds 9 in 10 employees use AI at work, but training and readiness lag as more employers expect workers to use the tools every day. The post Widespread AI Use Masks a Growing Workplace Readiness Gap appeared first on TechRepublic .TECHREPUBLIC.COM
17 AprBrave to launch minimalist “Origin” browser with core privacy featuresBrave has introduced “Brave Origin” in its Nightly builds, a minimalist version of the browser focused on core privacy protections, with additional features available through a paid upgrade. The new offering signals a shift toward a more modular Brave experience, where users can …CYBERINSIDER.COM
17 AprTor VPN for Android security audit confirms robust designThe Tor Project has published the results of a third-party security audit of its upcoming Tor VPN for Android, confirming that its core privacy architecture is sound. However, several weaknesses, primarily tied to DNS handling and input validation, were uncovered and require reme…CYBERINSIDER.COM
17 AprTransform security logs into OCSF format using a configuration-driven ETL solutionSecurity logs capture essential security-related activities, such as user sign-ins, file access, network traffic, and application usage. These logs are important for monitoring, detecting, and responding to potential security events. The Open Cybersecurity Schema Framework (OCSF)…AWS.AMAZON.COM
17 AprAnthropic Releases Opus 4.7, Not as ‘Broadly Capable’ as Mythos AIAnthropic launches Opus 4.7 with improved coding and reasoning, as its more “broadly capable” Mythos AI remains restricted over security concerns. The post Anthropic Releases Opus 4.7, Not as ‘Broadly Capable’ as Mythos AI appeared first on TechRepublic .TECHREPUBLIC.COM
17 AprClothing Retailer Patches Website Flaw Exposing Customer DataA clothing retailer patched a website flaw that exposed customer data via order links, highlighting risks associated with predictable URL structures. The post Clothing Retailer Patches Website Flaw Exposing Customer Data appeared first on TechRepublic .TECHREPUBLIC.COM
17 AprChinese Humanoid Robots Dominate Opening Day of Canton Fair 2026China’s Canton Fair 2026 opens with a powerful robotics showcase, highlighting humanoid machines and automation systems already transforming global industries. The post Chinese Humanoid Robots Dominate Opening Day of Canton Fair 2026 appeared first on TechRepublic .TECHREPUBLIC.COM
17 AprApple iPhone Ultra: New Leak Reveals ‘Passport’ Design, High Price TagApple’s iPhone Ultra leak reveals a passport-style foldable design, ultra-thin build, and a possible $2,000+ price tag ahead of launch. The post Apple iPhone Ultra: New Leak Reveals ‘Passport’ Design, High Price Tag appeared first on TechRepublic .TECHREPUBLIC.COM
17 AprFriday Squid Blogging: New Giant Squid VideoPretty fantastic video from Japan of a giant squid eating another squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.SCHNEIER.COM
17 AprDougbot, RedSun, ATHR, Vishing, Cisco, Google, Chrome, Severance, Shor, Josh Marpet.. - SWN #573Dougbot, RedSun, ATHR, Vishing, Cisco, Google, Chrome, Severance, Shor, Josh Marpet, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-573YOUTUBE.COM
16 AprISC Stormcast For Thursday, April 16th, 2026 https://isc.sans.edu/podcastdetail/9894, (Thu, Apr 16th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
16 AprFake Adobe Reader Download Drops ScreenConnect via Fileless LoaderA deceptive campaign in which attackers distributed a fake Adobe Acrobat Reader installer that secretly deployed ConnectWise’s ScreenConnect via a complex in‑memory execution chain. Although ScreenConnect is a legitimate remote‑access tool, it was repurposed for unauthorized syst…GBHACKERS.COM
16 AprRussian Hosting Tied to 1,250+ C2 Servers Across 165 ProvidersMore than 1,250 C2 servers were identified across 165 Russian infrastructure providers within the past 3 months. Infrastructure analytics and ISP mapping are exposing the hidden backbone of cyber threats operating inside Russian networks. By looking beyond single IPs or one-off i…GBHACKERS.COM
16 AprTwo U.S. Nationals Sentenced in $5 Million DPRK Remote Worker Laptop Farm SchemeThe U.S. Justice Department has sentenced two New Jersey residents, Kejia Wang and Zhenxing Wang, for enabling a massive fraudulent employment operation that generated over $5 million for the Democratic People’s Republic of Korea (DPRK). Kejia Wang received a 108-month prison ter…GBHACKERS.COM
16 AprFrom clinics to government: UAC-0247 expands cyber campaign across UkraineCERT-UA reports UAC-0247 targeting Ukrainian clinics and government bodies with malware stealing data from Chromium browsers and WhatsApp. CERT-UA has revealed a cyber campaign by the threat actor UAC-0247 targeting Ukrainian government entities and municipal healthcare facilitie…SECURITYAFFAIRS.COM
16 AprBlobPhish: The Phantom Phishing Campaign Hiding in Browser MemoryANY.RUN has observed a sustained surge in a credential-phishing campaign active since 2024. This campaign, dubbed BlobPhish, introduces a sneaky twist: instead of delivering phishing pages via traditional HTTP requests, it generates them directly inside t…ANY.RUN
16 AprUS Moves Toward Mandatory Data Center Energy Reporting as EIA Pilot ExpandsThe EIA’s pilot survey offers the clearest look yet at how the US government plans to measure data center power use as AI strains the grid. The post US Moves Toward Mandatory Data Center Energy Reporting as EIA Pilot Expands appeared first on TechRepublic .TECHREPUBLIC.COM
16 AprGoogle, Microsoft, Meta Tracking You Even if You Opt Out - New Researchsubmitted by kid to cybersecurity 5 points | 0 comments https://cybersecuritynews.com/google-microsoft-meta-tracking-even-you-opt-out/SH.ITJUST.WORKS
16 AprFrench cops free mother and son after crypto kidnapping • The Registersubmitted by kid to cybersecurity 5 points | 0 comments https://www.theregister.com/2026/04/15/crypto_kidnap_france/SH.ITJUST.WORKS
16 AprAI adoption is outpacing the safeguards around it - Help Net Securitysubmitted by kid to cybersecurity 3 points | 0 comments https://www.helpnetsecurity.com/2026/04/14/ai-adoption-safety-transparency-report/SH.ITJUST.WORKS
16 AprWordPress plugins injected with malicious code | Cybernewssubmitted by kid to cybersecurity 2 points | 0 comments https://cybernews.com/security/wordpress-essential-plugins-injected-malicious-code/SH.ITJUST.WORKS
16 AprFortinet Patches Critical FortiSandbox Vulnerabilities - SecurityWeeksubmitted by kid to cybersecurity 2 points | 0 comments https://www.securityweek.com/fortinet-patches-critical-fortisandbox-vulnerabilities/SH.ITJUST.WORKS
16 AprQuantum-safe encrypted cloud storage Tuta Drive debuts in closed betaTuta has launched an invite-only beta for Tuta Drive, a new end-to-end encrypted cloud storage service designed with post-quantum cryptography. The release marks a significant step in the company’s effort to build a privacy-focused alternative to mainstream cloud platforms. The c…CYBERINSIDER.COM
16 AprAI Security Arms Race BeginsAI is increasingly being used by attackers, leading to a rise in scalable threats like phishing, social engineering, and network intrusions. This creates an “arms race” dynamic where defenders must adopt similar AI-driven tactics to keep pace. As attacks become cheaper and easier…YOUTUBE.COM
16 AprAdobe Expands Firefly Into AI-Powered Editing Assistant Across Creative AppsAdobe unveils Firefly AI Assistant, new editing tools, and adds partner models as it turns Firefly into a hub for agentic creative workflows. The post Adobe Expands Firefly Into AI-Powered Editing Assistant Across Creative Apps appeared first on TechRepublic .TECHREPUBLIC.COM
16 AprTwo Americans sentenced for helping North Korea steal $5 million in fake IT worker schemeThe U.S. Department of Justice announced that two Americans were sentenced to years in prison for helping the North Korean government place fake IT workers in U.S. companies.TECHCRUNCH.COM
16 AprMajor Disney Layoffs: 1,000 Jobs Cut in Tech-Driven ShakeupDisney cuts 1,000 jobs as it shifts toward a tech-driven, automated future. The move signals broader media industry changes and investor optimism. The post Major Disney Layoffs: 1,000 Jobs Cut in Tech-Driven Shakeup appeared first on TechRepublic .TECHREPUBLIC.COM
16 AprEU Declares New Digital Age Verification App Ready for DeploymentThe EU unveils a privacy-first age verification app to protect minors online, pressuring platforms to comply with stricter digital safety rules. The post EU Declares New Digital Age Verification App Ready for Deployment appeared first on TechRepublic .TECHREPUBLIC.COM
16 AprNew MacBook Pro Overhaul Expected with OLED, Touchscreen, and M6 ChipsRumors point to a redesigned MacBook Pro with OLED, touch support, thinner hardware, and M6 chips, but Apple’s launch timing still looks uncertain. The post New MacBook Pro Overhaul Expected with OLED, Touchscreen, and M6 Chips appeared first on TechRepublic .TECHREPUBLIC.COM
16 AprNTT Research Launches Scale Academy to Bring Lab Technology to MarketNTT Research launches Scale Academy to turn AI and security research into real products, debuting SaltGrain, a zero-trust data security platform. The post NTT Research Launches Scale Academy to Bring Lab Technology to Market appeared first on TechRepublic .TECHREPUBLIC.COM
16 AprThe Boy That Cried Mythos: Verification is Collapsing Trust in Anthropicsubmitted by codeinabox to security 1 points | 0 comments https://www.flyingpenguin.com/the-boy-that-cried-mythos-verification-is-collapsing-trust-in-anthropic/ cross-posted from: lemmy.bestiver.se/post/1051864 CommentsPROGRAMMING.DEV
15 AprISC Stormcast For Wednesday, April 15th, 2026 https://isc.sans.edu/podcastdetail/9892, (Wed, Apr 15th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
15 AprDragon Boss Solutions Supply Chain Attack Exposes 25,000+ EndpointsEarly on Sunday, 22 March 2025, what initially appeared to be routine adware suddenly escalated into a serious supply chain risk across managed environments. Seemingly benign executables, signed by Dragon Boss Solutions LLC, were using a built-in update mechanism to hide a multi‑…GBHACKERS.COM
15 AprFUNNULL Scam Network Resurfaces With 175+ Rotating Domains WorldwideFUNNULL-Linked Triad Nexus has quietly rebuilt its scam infrastructure, now rotating through more than 175 CNAME domains to keep a sprawling global fraud and brand‑impersonation network online. Following U.S. Treasury sanctions in May 2025 against FUNNULL Technology Inc., a core …GBHACKERS.COM
15 AprAgentic LLM Browsers Open New Front in Prompt Injection, Data TheftAgentic LLM browsers are turning everyday browsing into automated, AI-driven workflows but they also expose a powerful new attack surface for prompt injection and data theft. By letting an AI “drive” the browser with your full session, cookies, and permissions, old bugs like XSS …GBHACKERS.COM
15 AprFiverr exposes sensitive data via public URLs indexed by GoogleFiverr appears to have exposed user-uploaded files through publicly accessible Cloudinary URLs, with many assets indexed by Google search results. The exposure was reported by user ‘morpheuskafka,' on Hacker News. CyberInsider’s independent verification confirms the platform serv…CYBERINSIDER.COM
15 AprGet This Fast and Powerful Lenovo ThinkPad for $1,000 OffThis refurbished 2022 ThinkPad T14 is lightweight, responsive and certified to be in near-mint condition. The post Get This Fast and Powerful Lenovo ThinkPad for $1,000 Off appeared first on TechRepublic .TECHREPUBLIC.COM
15 AprDefense in Depth, Medieval StyleThis article on the walls of Constantinople is fascinating. The system comprised four defensive lines arranged in formidable layers: The brick-lined ditch, divided by bulkheads and often flooded, 1520 meters wide and up to 7 meters deep. A low breastwork, about 2 meters high, en…SCHNEIER.COM
15 AprYour AI Hiring Tools Are Now a Civil Rights Liability in IllinoisIf your AI tools discriminate, it’s your liability—not your vendor’s. The post Your AI Hiring Tools Are Now a Civil Rights Liability in Illinois appeared first on TechRepublic .TECHREPUBLIC.COM
15 AprGoogle Uses Rust-Based Firmware in Pixel 10 Modem to Improve Memory SafetyGoogle has officially integrated the memory-safe Rust programming language into the cellular baseband firmware of its Pixel 10 smartphones. According to a detailed technical breakdown published on the Google Online Security Blog on April 10, 2026, the engineering team has replace…GBHACKERS.COM
15 AprThe n8n n8mare: How threat actors are misusing AI workflow automationCisco Talos research has uncovered agentic AI workflow automation platform abuse in emails. Recently, we identified an increase in the number of emails that abuse n8n, one of these platforms, from as early as October 2025 through March 2026.TALOSINTELLIGENCE.COM
15 AprTop 10 Best API Security Providers Protecting Web Apps in 2026In the intricate tapestry of the modern digital world, Application Programming Interfaces (APIs) are the invisible threads that connect everything. They power mobile applications, enable seamless third-party integrations, facilitate microservices communication, and drive the func…GBHACKERS.COM
15 AprGoogle Photos Fixes Android Image Editing Tool: Here’s What ChangedGoogle Photos fixes Android crop tool bugs and adds smoother animations. Here’s what changed and why it matters for users. The post Google Photos Fixes Android Image Editing Tool: Here’s What Changed appeared first on TechRepublic .TECHREPUBLIC.COM
15 AprThis $60 AI Assistant Aims to Consolidate Your Daily Work ToolsInstead of bouncing between AI tools, this platform puts models, file features, and creative tools together. The post This $60 AI Assistant Aims to Consolidate Your Daily Work Tools appeared first on TechRepublic .TECHREPUBLIC.COM
15 AprWhy CSOs Fail the BusinessA key predictor of CSO success is their ability to understand the business, including financials and stakeholder priorities. Without this alignment, security leaders risk becoming isolated—seen as blockers rather than partners. Communicating in business terms and building relatio…YOUTUBE.COM
15 AprDependency cooldowns turn you into a free-ridersubmitted by codeinabox to security 3 points | 0 comments https://calpaterson.com/deps.htmlPROGRAMMING.DEV
15 AprTesting reveals Claude Mythos's offensive capabilities and limits - Help Net Securitysubmitted by kid to cybersecurity 1 points | 0 comments https://www.helpnetsecurity.com/2026/04/14/claude-mythos-test-attack-capabilities-limits/SH.ITJUST.WORKS
15 AprMalicious Chrome Extensions Campaign Exposes User Data - Infosecurity Magazinesubmitted by kid to cybersecurity 3 points | 0 comments https://www.infosecurity-magazine.com/news/chrome-extensions-expose-user-data/SH.ITJUST.WORKS
15 AprWhatsApp New Update Lets You Chat Without Sharing Your Phone NumberWhatsApp is testing usernames that could let users chat without sharing phone numbers, adding a new privacy layer now rolling out to some beta users. The post WhatsApp New Update Lets You Chat Without Sharing Your Phone Number appeared first on TechRepublic .TECHREPUBLIC.COM
15 AprMicrosoft Takes Over Key Stargate Site in Latest OpenAI PullbackMicrosoft has taken over Norway data center capacity once earmarked for OpenAI’s Stargate project, adding 30,000 Nvidia Vera Rubin chips. The post Microsoft Takes Over Key Stargate Site in Latest OpenAI Pullback appeared first on TechRepublic .TECHREPUBLIC.COM
15 AprKraken Exchange Faces Extortion After Insider Recorded System Footagesubmitted by kid to cybersecurity 2 points | 0 comments https://hackread.com/kraken-exchange-extortion-insider-system-footage/SH.ITJUST.WORKS
15 AprFake Ledger Live app on Apple’s App Store stole $9.5M in cryptosubmitted by kid to cybersecurity 4 points | 0 comments https://www.bleepingcomputer.com/news/security/fake-ledger-live-app-on-apples-app-store-stole-95m-in-crypto/SH.ITJUST.WORKS
15 AprGoogle to penalize “back button hijacking” starting June 2026Google has announced an update to its Search spam policies that explicitly targets “back button hijacking,” a deceptive browsing manipulation technique. The change will take effect on June 15, 2026, and sites engaging in the practice risk search ranking penalties or manual action…CYBERINSIDER.COM
15 Aprn8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing EmailsThreat actors have been observed weaponizing n8n, a popular artificial intelligence (AI) workflow automation platform, to facilitate sophisticated phishing campaigns and deliver malicious payloads or fingerprint devices by sending automated emails. "By leveraging t…THEHACKERNEWS.COM
15 AprAI Zuckerberg Runs the CompanyAI versions of executives are no longer sci-fi. Meta is reportedly building a photorealistic AI Zuckerberg to interact with employees and give feedback. What starts as an experiment quickly turns into a strange thought experiment about leadership, automation, and control. If exec…YOUTUBE.COM
15 AprCybersecurity Looks Like Proof of Work Nowsubmitted by codeinabox to security 2 points | 0 comments https://www.dbreunig.com/2026/04/14/cybersecurity-is-proof-of-work-now.htmlPROGRAMMING.DEV
15 AprMassive Chrome Extension Scam Exposes 20,000 Users to Data TheftResearchers linked 108 malicious Chrome extensions to a coordinated campaign that exposed about 20,000 users to data theft, backdoors, and ad injection. The post Massive Chrome Extension Scam Exposes 20,000 Users to Data Theft appeared first on TechRepublic .TECHREPUBLIC.COM
15 AprYouTube Will Show Fewer Livestream Ads During Purchases and Chat SpikesYouTube is changing livestream ad timing to avoid interrupting purchases and peak chat moments, giving creators a clearer view of where automated monetization is headed. The post YouTube Will Show Fewer Livestream Ads During Purchases and Chat Spikes appeared first on TechRepubli…TECHREPUBLIC.COM
15 AprSS&C Intralinks DealCentre AI vs. Datasite: Which platform is built for the future of dealmaking?Deal teams are moving beyond virtual data rooms toward platforms that support the full deal lifecycle. Here’s how Intralinks DealCentre AI and Datasite compare. The post SS&C Intralinks DealCentre AI vs. Datasite: Which platform is built for the future of dealmaking? appeare…TECHREPUBLIC.COM
15 AprNews Alert: NTT Research launches SaltGrain—advanced Attribute-Based Encryption securitySUNNYVALE, Calif., Apr. 15, 2026 – NTT Research, Inc. , a division of NTT (TYO:9432), today announced the launch of Scale Academy , a startup incubator responsible for bringing to market products and services based upon technologies studied within the … (more…) The post New…LASTWATCHDOG.COM
15 AprTech Layoffs Continue: Snap Cuts 1,000 Jobs, Citing ‘Rapid Advancements’ in AISnap cuts 1,000 jobs as it cites “rapid advancements” in AI, saying smaller teams can do more amid rising competition and a push for profitability. The post Tech Layoffs Continue: Snap Cuts 1,000 Jobs, Citing ‘Rapid Advancements’ in AI appeared first on TechRepublic .TECHREPUBLIC.COM
15 AprSecurity Became the Business NexusSecurity has evolved from a siloed function into one that interacts with nearly every part of the business, including executives, technical teams, and external stakeholders. This shift positions security as a central hub—or “nexus”—within organizations. It increases both influenc…YOUTUBE.COM
14 AprISC Stormcast For Tuesday, April 14th, 2026 https://isc.sans.edu/podcastdetail/9890, (Tue, Apr 14th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
14 AprAPT41 Targets Linux Cloud Servers With New Winnti BackdoorA previously undocumented Linux backdoor attributed to China-linked threat group APT41 (Winnti) has been uncovered, targeting cloud workloads across AWS, GCP, Azure, and Alibaba Cloud. The ELF-based implant, currently showing zero detections on VirusTotal, transforms Linux server…GBHACKERS.COM
14 AprFake Proxifier GitHub Installer Spreads ClipBanker Crypto MalwareHackers are abusing a fake Proxifier installer hosted on GitHub to deliver a multi‑stage ClipBanker malware that silently hijacks cryptocurrency transactions from infected systems. The campaign combines search‑engine poisoning, trojanized installers, and fileless techniques to st…GBHACKERS.COM
14 AprGUEST ESSAY: Google’s 2029 deadline exposes readiness gap as move to quantum-safe crypto lagsFor years, quantum risk was easy for most institutions to treat as premature: real in theory, urgent someday, but not yet an operational problem. That is no longer tenable. Related: AI spawns semantic attacks Two developments this month brought the … (more…) The post GUEST …LASTWATCHDOG.COM
14 AprCyber-Inspekteur: Hybride Attacken nehmen weiter zuDeutschland ist im Visier staatlicher Hacker. Mdisk – shutterstock.com Hybride Attacken auf kritische Infrastruktur in Deutschland und Bundeswehr-Truppen im Ausland nehmen weiter zu. Spätestens seit 2022 sei ein spürbarer Zuwachs zu verzeichnen, sagte der Bundeswehr-Inspekteur Cy…CSOONLINE.COM
14 AprSomeone Bought 30 WordPress Plugins and Planted a Backdoor in All of Them.submitted by cm0002 to cybersecurity 27 points | 2 comments https://anchor.host/someone-bought-30-wordpress-plugins-and-planted-a-backdoor-in-all-of-them/INFOSEC.PUB
14 AprWhen Trust Becomes a Weapon: Google Cloud Storage Phishing Deploying Remcos RATModern phishing campaigns increasingly abuse legitimate services. Cloud platforms, file-sharing tools, trusted domains, and widely used SaaS applications are now part of the attacker’s toolkit. Instead of breaking trust, attackers borrow it. This shift creates a danger…ANY.RUN
14 AprChina Clean Tech and the Gulf Energy ShockHigher oil and fuel costs are pushing APAC buyers to move faster on solar, batteries, and EVs, but China’s clean-tech dominance creates a new dependency risk. The post China Clean Tech and the Gulf Energy Shock appeared first on TechRepublic .TECHREPUBLIC.COM
14 Apr108 Chrome extensions caught stealing user data and hijacking sessions108 Chrome extensions have been harvesting user identities, hijacking sessions, and silently backdooring users’ web browsers. The activity was identified by Socket researchers following an in-depth analysis of Chrome Web Store extensions tied to the domain cloudapi[.]stream. The …CYBERINSIDER.COM
14 AprNew KnowBe4 Agent Risk Manager Addresses Pervasive AI Agent RiskBy Roger A. Grimes and Matthew DurenKNOWBE4.COM
14 AprMirax Android Trojan Turns Devices Into Residential Proxy Nodes - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/mirax-trojan-devices-proxy-nodes/SH.ITJUST.WORKS
14 AprMozilla Criticizes Microsoft for Installing Copilot on Windows Without User Consentsubmitted by kid to cybersecurity 7 points | 0 comments https://cybersecuritynews.com/mozilla-criticizes-microsoft-for-copilot/SH.ITJUST.WORKS
14 AprJanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025submitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2026/04/janelarat-malware-targets-latin.htmlSH.ITJUST.WORKS
14 AprBuild Real Coding Skills for $43 with Visual Studio 2026 BundleMicrosoft Visual Studio Professional 2026 bundle pairs dev tools with courses in Python, JavaScript, and SQL. The post Build Real Coding Skills for $43 with Visual Studio 2026 Bundle appeared first on TechRepublic .TECHREPUBLIC.COM
14 AprAPT41 Delivers 'Undetectable' Backdoor to Steal Cloud Credentialssubmitted by kid to cybersecurity 1 points | 0 comments https://www.darkreading.com/cloud-security/apt41-zero-detection-backdoor-harvest-cloud-credentialsSH.ITJUST.WORKS
14 AprPlugX USB Worm Hits Multiple Continents via DLL SideloadingA new PlugX USB worm variant is driving fresh infection waves across several continents, using DLL sideloading and stealthy USB-based propagation to evade detection. First observed in Papua New Guinea in August 2022, the same strain resurfaced months later not only in the Pacific…GBHACKERS.COM
14 AprBotnet Exposed: Hackers Leave Worker Access and Root Passwords Wide OpenHackers have left a live Twitter/X credential‑stuffing botnet effectively unlocked, exposing its full command‑and‑control stack, worker fleet, and root passwords to anyone who knows where to look. The C2 runs on a Windows Server 2019 instance hosted by Hetzner in Falkenstein, Ger…GBHACKERS.COM
14 AprOur evaluation of Claude Mythos Preview’s cyber capabilitiessubmitted by codeinabox to security 1 points | 0 comments https://www.aisi.gov.uk/blog/our-evaluation-of-claude-mythos-previews-cyber-capabilities The AI Security Institute (AISI) conducted evaluations of Anthropic’s Claude Mythos Preview (announced on 7th April) to assess its cy…PROGRAMMING.DEV
14 AprOpenAI Impacted by North Korea-Linked Axios Supply Chain Hack - SecurityWeeksubmitted by kid to cybersecurity 2 points | 0 comments https://www.securityweek.com/openai-impacted-by-north-korea-linked-axios-supply-chain-hack/SH.ITJUST.WORKS
14 AprFake Ledger app on the Apple App Store steals $9.5 million from 50 usersA malicious “Ledger Live” app briefly listed on Apple’s Mac App Store has been linked to at least $9.5 million in cryptocurrency theft, affecting more than 50 victims across multiple blockchains. The app was removed by Apple after reports surfaced, but not before significant loss…CYBERINSIDER.COM
14 AprSAP Patch Day Fixes Critical SQL Injection, DoS, and Code Injection Flawssubmitted by kid to cybersecurity 1 points | 0 comments https://cyberpress.org/sap-patch-day-fixes-critical-sql-injection-dos-and-code-injection-flaws/SH.ITJUST.WORKS
14 AprTurn Your Expertise Into Published Books Using Advanced AI TechnologyAivolut uses GPT-5 and Claude to help professionals create full-length, KDP-ready manuscripts in minutes. The post Turn Your Expertise Into Published Books Using Advanced AI Technology appeared first on TechRepublic .TECHREPUBLIC.COM
14 AprTop 10 Security Isn’t EnoughCommon frameworks like the OWASP Top 10 are too broad, grouping complex issues like authentication and authorization into single categories. Without breaking these down into specific components—sessions, cookies, parameter handling—teams risk incomplete fixes. Security becomes a …YOUTUBE.COM
14 AprHow exposed is your code? Find out in minutes—for freeThe new Code Security Risk Assessment gives you a one-click view of vulnerabilities across your organization, at no cost. The post How exposed is your code? Find out in minutes—for free appeared first on The GitHub Blog .GITHUB.BLOG
14 AprUpcoming Speaking EngagementsThis is a current list of where and when I am scheduled to speak: I’m speaking at DemocracyXChange 2026 in Toronto, Ontario, Canada, on April 18, 2026. I’m speaking at the SANS AI Cybersecurity Summit 2026 in Arlington, Virginia, USA, at 9:40 AM ET on April 20, 2026. I’m speaking…SCHNEIER.COM
14 AprCyberheistNews Vol 16 #15 Anthropic's Mythos Is Not Just a Tool. It's Something You Have to Contain.KNOWBE4.COM
14 AprSecurity Risk Advisors Purple Team Participants Can Now Earn CPE CreditsPhiladelphia, United States / Pennsylvania, April 14th, 2026, CyberNewswire GIAC and ISC2 now recognize active participation in SRA Purple Team exercises as an eligible Continuing Professional Education (CPE) activity. Teams can earn CPE credits while str…GBHACKERS.COM
14 AprAI “Watershed Moment” or expensive pen tester? The AISI Mythos Datasubmitted by codeinabox to security 2 points | 0 comments https://blog.robbowley.net/2026/04/14/ai-watershed-moment-or-expensive-pen-tester-the-aisi-mythos-data/PROGRAMMING.DEV
14 AprAnalysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)submitted by kid to cybersecurity 2 points | 0 comments https://thehackernews.com/2026/04/analysis-of-216m-security-findings.htmlSH.ITJUST.WORKS
14 AprState-sponsored threats: Different objectives, similar access pathsA look at 2025 state-sponsored threats, exploring how actors linked to China, Russia, North Korea, and Iran use vulnerabilities, identity, and trusted access paths to achieve their goals.TALOSINTELLIGENCE.COM
14 AprJeff Bezos-Backed EV Startup Raises $650M to Launch $25K Electric PickupSlate Auto, the EV startup backed by Jeff Bezos, secures $650 million in funding for an affordable pickup truck slated for delivery by the end of the year. The post Jeff Bezos-Backed EV Startup Raises $650M to Launch $25K Electric Pickup appeared first on TechRepublic .TECHREPUBLIC.COM
14 AprX Cuts Clickbait Payouts and Exposes a Creator Program ProblemX is cutting clickbait payouts, but the bigger problem may be a creator program that rewarded attention-chasing behavior before trying to punish it. The post X Cuts Clickbait Payouts and Exposes a Creator Program Problem appeared first on TechRepublic .TECHREPUBLIC.COM
14 AprMicrosoft to Retire Outlook Lite, Impacting Millions of Android UsersMicrosoft will soon shut down Outlook Lite, forcing Android users to switch to Outlook Mobile after months of phased shutdowns. The post Microsoft to Retire Outlook Lite, Impacting Millions of Android Users appeared first on TechRepublic .TECHREPUBLIC.COM
14 AprWhat is AEO SEO? Why Answer Engine Optimization Is the Next Evolution of SEOAI search is reshaping how users find information, shifting visibility from rankings to AI-generated answers. HubSpot’s new AEO tool highlights how answer engine optimization is emerging as the next phase of SEO. The post What is AEO SEO? Why Answer Engine Optimization Is the Nex…TECHREPUBLIC.COM
14 AprHubSpot Launches AEO Tool to Help Brands Compete in AI SearchHubSpot launches an AEO tool inside Marketing Hub to track AI visibility, citations, and competitors. See what this HubSpot news means for marketers. The post HubSpot Launches AEO Tool to Help Brands Compete in AI Search appeared first on TechRepublic .TECHREPUBLIC.COM
14 AprMotorola Razr 70 Ultra Specs Leak Raises Familiar ConcernsMotorola Razr 70 Ultra specs leak shows minimal upgrades, with only a slightly larger battery expected. The post Motorola Razr 70 Ultra Specs Leak Raises Familiar Concerns appeared first on TechRepublic .TECHREPUBLIC.COM
14 AprToyota Unveils Basketball-Shooting Robot With Vision TechToyota unveils CUE7, its latest AI basketball-shooting robot, with a lighter build, dynamic controls, and a record-setting history. The post Toyota Unveils Basketball-Shooting Robot With Vision Tech appeared first on TechRepublic .TECHREPUBLIC.COM
14 AprGoogle $135M Settlement: Millions of Android Users May Qualify for PayoutAndroid users may be eligible for a payout from Google’s $135 million settlement over background data use. Here’s who qualifies and how to claim. The post Google $135M Settlement: Millions of Android Users May Qualify for Payout appeared first on TechRepublic .TECHREPUBLIC.COM
14 AprApple’s Mac mini 2026: New Leak Teases M5 Upgrade, Release TimelineA new Mac mini leak points to an M5 upgrade in 2026 as Apple faces high-end stock shortages and growing questions over memory supply. The post Apple’s Mac mini 2026: New Leak Teases M5 Upgrade, Release Timeline appeared first on TechRepublic .TECHREPUBLIC.COM
14 AprProton boosts Drive performance and expands encrypted workspace featuresProton has rolled out a set of updates to its Proton Drive service, introducing significant speed improvements, new mobile capabilities, and expanded functionality for its end-to-end encrypted spreadsheet tool, Proton Sheets. Proton says file uploads on iOS are now up to 60% fast…CYBERINSIDER.COM
14 AprAmazon to Acquire Globalstar in $11.6B Bid to Power Future iPhonesAmazon plans to acquire Globalstar to boost its satellite network, challenge Starlink, and enable direct-to-device connectivity for future smartphones. The post Amazon to Acquire Globalstar in $11.6B Bid to Power Future iPhones appeared first on TechRepublic .TECHREPUBLIC.COM
13 AprISC Stormcast For Monday, April 13th, 2026 https://isc.sans.edu/podcastdetail/9888, (Mon, Apr 13th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
13 AprWhatsApp’s “End-to-End Encryption by Default” Claim Called Consumer Fraud by Pavel DurovTelegram founder Pavel Durov has publicly criticized WhatsApp, labeling its “end-to-end encryption by default” claim as a massive consumer fraud. He argues that while messages may be encrypted during transit, the default backup settings leave the vast majority of user…GBHACKERS.COM
13 AprElon Musk Announces XChat Launch With Self-Destructing MessagesElon Musk has officially announced the launch of XChat, a new secure messaging application scheduled to release on iOS devices on April 17. The platform builds upon the existing direct messaging infrastructure of X (formerly Twitter) but introduces a dedicated environment with ad…GBHACKERS.COM
13 AprGmail Brings End-to-End Encryption to Android and iOS for Enterprise UsersThe feature allows enterprise users to compose and read end-to-end encrypted messages natively on their mobile devices. The post Gmail Brings End-to-End Encryption to Android and iOS for Enterprise Users appeared first on SecurityWeek .SECURITYWEEK.COM
13 AprVIPERTUNNEL Python Backdoor Hidden in Fake DLL, Obfuscated Loader ChainHackers are abusing a stealthy Python backdoor called VIPERTUNNEL, hiding it behind a fake DLL file and a multi‑stage obfuscated loader to quietly tunnel traffic out of victim networks. A review of persistence mechanisms revealed a sitecustomize.py file in C:\ProgramData\cp49s\Li…GBHACKERS.COM
13 AprFake Claude Website Distributes PlugX RATThe malware mimics the legitimate Anthropic installation, relies on DLL sideloading, and cleans up after itself. The post Fake Claude Website Distributes PlugX RAT appeared first on SecurityWeek .SECURITYWEEK.COM
13 AprNorth Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT MalwareThe North Korean hacking group tracked as APT37 (aka ScarCruft) has been attributed to a fresh multi-stage, social engineering campaign in which threat actors approached targets on Facebook and added them as friends on the social media platform, turning the trust-building ex…THEHACKERNEWS.COM
13 AprIran-Linked CyberAv3ngers Target Water Utilities, Industrial ControllersIran-linked threat group CyberAv3ngers is intensifying attacks on U.S. water utilities and industrial control systems, shifting from noisy hacktivism to sustained disruption of operational technology (OT) environments. CyberAv3ngers operates as a state-directed persona for Iran’s…GBHACKERS.COM
13 AprJuniper Networks Patches Dozens of Junos OS Vulnerabilities - SecurityWeeksubmitted by kid to cybersecurity 1 points | 0 comments https://www.securityweek.com/juniper-networks-patches-dozens-of-junos-os-vulnerabilities/SH.ITJUST.WORKS
13 AprMicrosoft: Canadian employees targeted in payroll pirate attackssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/microsoft/microsoft-canadian-employees-targeted-in-payroll-pirate-attacks/SH.ITJUST.WORKS
13 AprNew Phishing Kit Streamlines ClickFix AttacksA new commodity phishing kit called “Venom Stealer” allows threat actors to automate ClickFix attacks, according to researchers at BlackFog. ClickFix is a social engineering technique that tricks users into executing malicious commands on their computer, usually resulting in malw…KNOWBE4.COM
13 AprGitHub and Jira Alerts Hijacked for Trusted-SaaS PhishingHackers are abusing GitHub and Jira’s built‑in notification systems to send phishing emails that appear completely legitimate. Because these emails are sent from the platforms’ own mail servers, they pass standard checks like SPF, DKIM, and DMARC, making them very hard for tradit…GBHACKERS.COM
13 AprBrowserGate: Claims of LinkedIn ‘Spying’ Clash With Security Research FindingsClaims that “Microsoft is running one of the largest corporate espionage operations in modern history” face scrutiny as researchers analyze LinkedIn’s browser extension probing The post BrowserGate: Claims of LinkedIn ‘Spying’ Clash With Security Research Findings appeared first …SECURITYWEEK.COM
13 AprBooking.com Says Hackers Accessed User InformationThe online travel platform has not said how many customers’ booking information was exposed, but said the issue has been contained. The post Booking.com Says Hackers Accessed User Information appeared first on SecurityWeek .SECURITYWEEK.COM
13 AprThe Risk of Trusted System AccessThe clip describes a case where authorized access to sensitive databases was misused to obtain personal images and generate AI-based deepfakes. This highlights a critical security gap: trusted access can become a major attack vector if monitoring, controls, and data protections a…YOUTUBE.COM
13 AprOutlook Breaks on Moon MissionAstronauts reportedly joked about encountering Microsoft Outlook issues during the Artemis mission context, highlighting software reliability problems even in extreme environments. Even highly advanced systems and missions rely on everyday software tools. When those tools fail, i…YOUTUBE.COM
13 AprJust 21 IP Addresses Are Now Behind Nearly Half of All RDP Scanning on the Internetsubmitted by kid to cybersecurity 50 points | 10 comments https://www.greynoise.io/blog/ip-addresses-behind-nearly-half-rdp-internet-scanningSH.ITJUST.WORKS
13 AprGoogle’s ‘Tap to Share’ Could Finally Give Android Its AirDrop MomentA new Android leak points to Google’s Tap to Share feature, which could let nearby phones share files and contact info with a quick NFC gesture. The post Google’s ‘Tap to Share’ Could Finally Give Android Its AirDrop Moment appeared first on TechRepublic .TECHREPUBLIC.COM
13 AprGoogle Rolls Out End-to-End Encryption to Eligible Gmail Users on MobileGoogle has brought end-to-end encrypted Gmail to Android and iOS for eligible Workspace users, extending secure mobile email without extra apps. The post Google Rolls Out End-to-End Encryption to Eligible Gmail Users on Mobile appeared first on TechRepublic .TECHREPUBLIC.COM
13 AprOwn Windows 11 Pro and Microsoft Office 2024 for just $105Set up your own complete, work-ready system with essential apps and a pro-grade OS without subscriptions. The post Own Windows 11 Pro and Microsoft Office 2024 for just $105 appeared first on TechRepublic .TECHREPUBLIC.COM
13 AprYour Data, Always Within Reach – 2TB of Lifetime Cloud Storage Is $75Say goodbye to recurring fees and complicated systems with FileJump’s straightforward and secure cloud storage platform — with lifetime access to your files. The post Your Data, Always Within Reach – 2TB of Lifetime Cloud Storage Is $75 appeared first on TechRepublic .TECHREPUBLIC.COM
13 AprApple Car Key Support Coming to Lexus Vehicles: What We Know So FarApple may be preparing Car Key support for Lexus vehicles, with backend code hints pointing to future Apple Wallet integration. The post Apple Car Key Support Coming to Lexus Vehicles: What We Know So Far appeared first on TechRepublic .TECHREPUBLIC.COM
13 AprSurfshark unveils new Dausos VPN protocol with dedicated user tunnelsSurfshark has announced a new proprietary VPN protocol named “Dausos,” claiming it delivers significantly faster speeds and improved security compared to existing standards by assigning each user a dedicated encrypted tunnel. The company says the protocol has already undergone an…CYBERINSIDER.COM
12 AprNo one owes you supply-chain securitysubmitted by codeinabox to security 1 points | 0 comments https://purplesyringa.moe/blog/no-one-owes-you-supply-chain-security/ cross-posted from: lemmy.bestiver.se/post/1043778 CommentsPROGRAMMING.DEV
12 AprTIOBE Index for April 2026: C Gains Again While Rust Loses Some SteamApril 2026 TIOBE Index shows Python still leading, C strengthening in second, and Rust sliding to #16, suggesting its climb may be leveling off. The post TIOBE Index for April 2026: C Gains Again While Rust Loses Some Steam appeared first on TechRepublic .TECHREPUBLIC.COM
12 AprTIOBE Index for April 2026: Top 10 Most Popular Programming LanguagesPython remains on top despite another dip; C gains ground in second place, and April keeps the same top 10 order, with SQL, R, and Delphi holding steady. The post TIOBE Index for April 2026: Top 10 Most Popular Programming Languages appeared first on TechRepublic .TECHREPUBLIC.COM
11 AprCPUID site hijacked to serve malware instead of HWMonitor downloadssubmitted by cm0002 to cybersecurity 5 points | 0 comments https://www.theregister.com/2026/04/10/cpuid_site_hijacked/INFOSEC.PUB
11 AprGoogle rolls out end-to-end encryption for Gmail on Android and iOS devices for enterprise users, letting them read and compose emails without additional toolssubmitted by Innerworld to cybersecurity 3 points | 0 comments https://www.bleepingcomputer.com/news/google/google-rolls-out-gmail-end-to-end-encryption-on-mobile-devices/INFOSEC.PUB
11 AprGoogle rolls out end-to-end encryption for Gmail on Android and iOS devices for enterprise users, letting them read and compose emails without additional toolssubmitted by Innerworld to security 1 points | 0 comments https://www.bleepingcomputer.com/news/google/google-rolls-out-gmail-end-to-end-encryption-on-mobile-devices/PROGRAMMING.DEV
11 AprGoogle rolls out end-to-end encryption for Gmail on Android and iOS devices for enterprise users, letting them read and compose emails without additional toolssubmitted by Innerworld to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/google/google-rolls-out-gmail-end-to-end-encryption-on-mobile-devices/SH.ITJUST.WORKS
11 AprGoogle rolls out end-to-end encryption for Gmail on Android and iOS devices for enterprise users, letting them read and compose emails without additional toolssubmitted by cm0002 to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/google/google-rolls-out-gmail-end-to-end-encryption-on-mobile-devices/INFOSEC.PUB
11 AprGoogle Locks Chrome Sessions to Devices to Stop Cookie TheftGoogle has officially launched a major security upgrade to protect users from session hijacking. Starting with Chrome version 146 for Windows users, Device Bound Session Credentials (DBSC) is now publicly available. This new feature aims to stop malware from stealing web cookies …GBHACKERS.COM
11 AprSupply chain nightmare: How Rust will be attacked and what we can do to mitigate the inevitablesubmitted by cm0002 to cybersecurity 1 points | 0 comments https://kerkour.com/rust-supply-chain-nightmareINFOSEC.PUB
11 AprAI Cybersecurity After Mythos: The Jagged Frontiersubmitted by cm0002 to cybersecurity 2 points | 0 comments https://aisle.com/blog/ai-cybersecurity-after-mythos-the-jagged-frontierINFOSEC.PUB
10 AprWhatsApp Adds Username Feature to Boost Privacy and Reduce Number SharingFor years, WhatsApp required users to share their personal phone numbers to communicate. This is finally changing. To improve user privacy and mitigate risks like doxing or targeted spam, WhatsApp is rolling out a highly anticipated username feature. This update allows individual…GBHACKERS.COM
10 AprDesckVB RAT Uses Fileless .NET Loader to Evade DetectionDesckVB RAT is emerging as a highly active and stealthy malware threat in 2026, leveraging layered obfuscation and fileless execution techniques to bypass traditional security defenses. The attack chain begins with a malicious JavaScript file that hides its true intent through co…GBHACKERS.COM
10 AprGlassWorm Trojan Hits VS Code, Cursor, Windsurf via OpenVSX ExtensionA newly discovered supply chain attack is spreading the GlassWorm malware across multiple developer environments by abusing the OpenVSX extension marketplace. GlassWorm is not new. Researchers have tracked the campaign since March 2025, when attackers hid malicious payloads insid…GBHACKERS.COM
10 AprObfuscated JavaScript or Nothing, (Thu, Apr 9th)I spotted an interesting piece of JavaScript code that was delivered via a phishing email in a RAR archive. The file was called “cbmjlzan.JS†(SHA256:a8ba9ba93b4509a86e3d7dd40fd0652c2743e32277760c5f7942b788b74c5285) and is only identified as…ISC.SANS.EDU
10 AprMuddyWater Uses Russian MaaS in New ChainShell AttackMuddyWater is now weaponizing a Russian malware-as-a-service (MaaS) platform to run a new operation dubbed “ChainShell”, blending Iranian state targeting with commercially developed cybercrime tooling. The assessment is based on a misconfigured command‑and‑control (C2) web server…GBHACKERS.COM
10 AprGitHub, GitLab Abused for Malware and Phishing CampaignsHackers are increasingly abusing trusted software development platforms GitHub and GitLab to host malware and credential phishing campaigns, making defensive detection significantly harder for enterprises. Because these Git-based platforms are deeply integrated into development a…GBHACKERS.COM
10 AprGoogle Rolls Out Cookie Theft Protections in ChromeNew Device Bound Session Credentials render stolen session cookies unusable by cryptographically binding authentication. The post Google Rolls Out Cookie Theft Protections in Chrome appeared first on SecurityWeek .SECURITYWEEK.COM
10 AprMallory Launches AI-Native Threat Intelligence Platform, Turning Global Threat Data Into Prioritized Action9th, 2026, CyberNewswire Built by a veteran security team and led by a former Google and Mandiant executive, Mallory delivers intelligence that drives action for enterprise security teams. Mallory is launching a AI-native threat intelligence platform, purpose-built to answer the …GBHACKERS.COM
10 AprMiddle East Espionage Attack Uses Fake Secure Messaging Apps to Deliver ProSpyHackers are impersonating popular secure messaging apps to deploy a sophisticated Android spyware tool called ProSpy against journalists, activists, and political figures across the Middle East, in a hack‑for‑hire campaign linked to the BITTER APT group. The campaign has been act…GBHACKERS.COM
10 AprMITRE Releases Fight Fraud FrameworkThe document provides a behavior-based model of the tactics and techniques employed by fraudsters. The post MITRE Releases Fight Fraud Framework appeared first on SecurityWeek .SECURITYWEEK.COM
10 AprSen. Sanders Talks to Claude About AI and PrivacyClaude is actually pretty good on the issues.SCHNEIER.COM
10 AprChrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86,000The critical vulnerabilities affect Chrome’s WebML component and they have been reported by anonymous researchers. The post Chrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86,000 appeared first on SecurityWeek .SECURITYWEEK.COM
10 AprDo extremely short credential lifetimes actually help security?submitted by lnklnx to cybersecurity 1 points | 0 comments My company has an external auth provider for the whole organization, and MFA is required (push notification to a phone app). This all works well and I agree with it, BUT they have configured the credentials to expire in 2…SH.ITJUST.WORKS
10 AprMicrosoft: Canadian employees targeted in payroll pirate attacksA financially motivated threat actor tracked as Storm-2755 is stealing Canadian employees' salary payments after hijacking their accounts in payroll pirate attacks. [...]BLEEPINGCOMPUTER.COM
10 AprSmart Slider updates hijacked to push malicious WordPress, Joomla versionssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/smart-slider-updates-hijacked-to-push-malicious-wordpress-joomla-versions/SH.ITJUST.WORKS
10 AprNew ‘LucidRook’ malware used in targeted attacks on NGOs, universitiessubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/new-lucidrook-malware-used-in-targeted-attacks-on-ngos-universities/SH.ITJUST.WORKS
10 AprIndustry Reactions to Iran Hacking ICS in Critical Infrastructure: Feedback FridayThe US government has warned that Iran-linked hackers are manipulating PLCs and SCADA systems to cause disruption. The post Industry Reactions to Iran Hacking ICS in Critical Infrastructure: Feedback Friday appeared first on SecurityWeek .SECURITYWEEK.COM
10 AprEngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallet Installssubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2026/04/engagelab-sdk-flaw-exposed-50m-android.htmlSH.ITJUST.WORKS
10 AprGoogle Warns of New Threat Group Targeting BPOs and Helpdesks - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/google-warns-group-targeting-bpos/SH.ITJUST.WORKS
10 AprFBI Extracts Suspect’s Deleted Signal Messages Saved in iPhone Notification Databasesubmitted by cm0002 to cybersecurity 4 points | 1 comments https://www.404media.co/fbi-extracts-suspects-deleted-signal-messages-saved-in-iphone-notification-database-2/INFOSEC.PUB
10 AprStorm-2755 Uses AiTM Hijacking to Divert Employee SalariesHackers are abusing adversary-in-the-middle (AiTM) session hijacking to steal employee salaries in a new “payroll pirate” campaign tracked by Microsoft as Storm-2755 and targeting Canadian users. By hijacking live Microsoft 365 sessions, the group redirects payroll deposits to at…GBHACKERS.COM
10 AprPhishing Campaign Targets Japanese Firms During Tax SeasonA criminal threat actor called “Silver Fox” is launching tax-themed phishing attacks against Japanese companies during the country’s tax season, according to researchers at ESET.KNOWBE4.COM
10 AprStaypuft, Claude, One Pixel, deepfakes, Raccoon, BOFH, Satoshi Nakamoto, Josh Marpet. - SWN #571Staypuft, Claude, One Pixel, deepfakes, Raccoon, BOFH, Satoshi Nakamoto, Josh Marpet, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-571YOUTUBE.COM
10 AprSamsung Eyes Vietnam for $4B Semiconductor Packaging ProjectSamsung is reportedly considering a $4 billion chip packaging and testing project in Vietnam, deepening the country’s role in the global semiconductor supply chain. The post Samsung Eyes Vietnam for $4B Semiconductor Packaging Project appeared first on TechRepublic .TECHREPUBLIC.COM
10 AprAlibaba Launches AI Data Center Powered by 10,000 Homegrown ChipsAlibaba launches a new AI data center powered by 10,000 homegrown chips, signaling a major push toward self-reliance amid US export restrictions. The post Alibaba Launches AI Data Center Powered by 10,000 Homegrown Chips appeared first on TechRepublic .TECHREPUBLIC.COM
10 AprGoogle Brings NotebookLM to Gemini for Easy Project OrganizationGoogle is rolling out notebooks in Gemini, giving users a new way to organize chats, files, and instructions into AI-powered project hubs. The post Google Brings NotebookLM to Gemini for Easy Project Organization appeared first on TechRepublic .TECHREPUBLIC.COM
10 AprNew Apple Rumor: iPhone Air 2 Leak Suggests Major Upgrades After First-Gen CriticismApple is reportedly pushing ahead with iPhone Air 2 despite weak sales, with upgrades to battery, camera, and performance already in development. The post New Apple Rumor: iPhone Air 2 Leak Suggests Major Upgrades After First-Gen Criticism appeared first on TechRepublic .TECHREPUBLIC.COM
10 AprMitsubishi Targets Hybrid Vehicle Production in the Philippines by 2028Mitsubishi now has a named plant and a mid-2028 target for hybrid production in the Philippines. What it still lacks are the numbers that would show how serious the plan really is. The post Mitsubishi Targets Hybrid Vehicle Production in the Philippines by 2028 appeared first on …TECHREPUBLIC.COM
10 AprWhen Are Payroll Taxes Due? 2026 Due Dates and RequirementsStaying on top of payroll tax deadlines is tough, so we created this guide to cover the key 2026 payroll tax due dates and explain how to ensure your business is compliant. The post When Are Payroll Taxes Due? 2026 Due Dates and Requirements appeared first on TechRepublic .TECHREPUBLIC.COM
10 AprEmbedded Finance vs Banking as a Service in 2026: Key Differences ExplainedLearn the key differences between embedded finance and banking as a service, how they work together, and what they mean for modern businesses. The post Embedded Finance vs Banking as a Service in 2026: Key Differences Explained appeared first on TechRepublic .TECHREPUBLIC.COM
10 AprSession says funding will last until July, pauses developmentThe Session Technology Foundation (STF) confirmed that it has raised approximately $65,000 in donations, enough to keep essential infrastructure online for the next three months. This includes maintaining core services such as file storage and push notification servers, as well a…CYBERINSIDER.COM
10 AprSignal is testing a new plaintext chat export feature in Beta 8.7Signal is preparing to roll out version 8.7 in beta, introducing a new plaintext export feature that allows users to save their messaging data in a more accessible, human-readable format. The update was previewed by Greyson Parrelli, a member of Signal’s development team, in a re…CYBERINSIDER.COM
10 AprHWMonitor and CPU-Z downloads hijacked to deliver malware to usersUsers attempting to download HWMonitor and CPU-Z from the official CPUID website are reportedly being served malware-laced installers, in what appears to be an active compromise of the vendor’s distribution infrastructure. CPUID, the developer behind HWMonitor and CPU-Z, is a Fre…CYBERINSIDER.COM
9 AprISC Stormcast For Thursday, April 9th, 2026 https://isc.sans.edu/podcastdetail/9886, (Thu, Apr 9th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
9 AprMeta Business Alerts Abused for Phishing CampaignsHackers are weaponizing legitimate Meta Business Manager notifications to sneak phishing emails past security filters and into users’ inboxes. By abusing trusted Meta infrastructure, attackers make their messages appear authentic while quietly funneling victims to credentia…GBHACKERS.COM
9 AprSilver Fox Campaign Spreads ValleyRAT via Fake Chinese Telegram Language PackNew analysis of a fake Telegram installer uploaded to MalwareBazaar shows Silver Fox expanding its ValleyRAT operations with a fresh delivery chain that hides behind a Chinese-language pack-decoy and an uncommon ZPAQ-based packer. The MSI is a WiX-built installer (IssueAccentRequ…GBHACKERS.COM
9 Apr$3.6 Million Stolen in Bitcoin Depot HackA hacker transferred more than 50 bitcoin from the Bitcoin ATM operator’s wallets after stealing credentials. The post $3.6 Million Stolen in Bitcoin Depot Hack appeared first on SecurityWeek .SECURITYWEEK.COM
9 AprRoningLoader Campaign Uses DLL Side-Loading, Code Injection to Slip Past DefensesA sophisticated cyber-espionage group known as DragonBreath (APT-Q-27) has been linked to a new RoningLoader malware campaign that uses advanced evasion techniques such as DLL side-loading and code injection to bypass traditional security defenses. Active since at least 2022, Dra…GBHACKERS.COM
9 AprPackage Security Problems for AI Agentssubmitted by codeinabox to security 1 points | 0 comments https://nesbitt.io/2026/04/08/package-security-problems-for-ai-agents.htmlPROGRAMMING.DEV
9 AprLinkedIn Hidden Code Secretly Searches Your Browser for Installed Extensionssubmitted by gokayburucdev to cybersecurity 1 points | 0 comments https://cybersecuritynews.com/linkedin-code-collects-data/SH.ITJUST.WORKS
9 AprGoogle Warns of New Campaign Targeting BPOs to Steal Corporate DataTracked as UNC6783, the threat actor is likely linked to Mr. Raccoon, the hacker behind the alleged theft of Adobe data from a BPO. The post Google Warns of New Campaign Targeting BPOs to Steal Corporate Data appeared first on SecurityWeek .SECURITYWEEK.COM
9 AprOn Microsoft’s Lousy Cloud SecurityProPublica has a scoop : In late 2024, the federal government’s cybersecurity evaluators rendered a troubling verdict on one of Microsoft’s biggest cloud computing offerings. The tech giant’s “lack of proper detailed security documentation” left revi…SCHNEIER.COM
9 AprClickFix Campaign Abuses macOS Script Editor to Deploy Atomic StealerA refreshed ClickFix campaign that swaps macOS Terminal for Script Editor to deliver an Atomic Stealer payload to unsuspecting Mac users quietly. By abusing the applescript:// URL scheme, attackers sidestep Apple’s new paste-protection in Terminal on macOS Tahoe 26.4 while preser…GBHACKERS.COM
9 AprIran Disrupts US Critical Infrastructure Via Exposed PLCssubmitted by kid to cybersecurity 2 points | 0 comments https://www.darkreading.com/ics-ot-security/iranian-threat-actors-us-critical-infrastructure-exposed-plcsSH.ITJUST.WORKS
9 AprBitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA RegionAn apparent hack-for-hire campaign likely orchestrated by a threat actor with suspected ties to the Indian government targeted journalists, activists, and government officials across the Middle East and North Africa (MENA), according to findings from Access Now, Lo…THEHACKERNEWS.COM
9 Apr13-year-old bug in ActiveMQ lets hackers remotely execute commandssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/13-year-old-bug-in-activemq-lets-hackers-remotely-execute-commands/SH.ITJUST.WORKS
9 AprWebinar: From noise to signal - What threat actors are targeting nextThreat actors often signal their intentions before launching attacks, from dark web chatter to access-broker listings and credential requests. Join our upcoming webinar with Flare Systems to learn how to turn those early warning signs into proactive defensive action before an int…BLEEPINGCOMPUTER.COM
9 AprFBI: Cybercrime Losses Neared $21 Billion in 2025 - SecurityWeeksubmitted by kid to cybersecurity 1 points | 0 comments https://www.securityweek.com/fbi-cybercrime-losses-neared-21-billion-in-2025/SH.ITJUST.WORKS
9 AprPhishing Campaign Impersonates Palo Alto Networks RecruitersThreat actors are impersonating Palo Alto Networks recruiters to target job seekers, according to researchers with Palo Alto’s Unit 42 security team. “These attacks specifically target senior-level professionals by leveraging scraped LinkedIn data to craft highly personalized lur…KNOWBE4.COM
9 AprCan we Trust AI? No – But Eventually We MustFrom hallucinations and bias to model collapse and adversarial abuse, today’s AI is built on probability rather than truth, yet enterprises are deploying it at speed without fully understanding the risks. The post Can we Trust AI? No – But Eventually We Must appeared first on Sec…SECURITYWEEK.COM
9 AprClickFix, Malicious DMGs Push notnullOSX to macOS UsersHackers are abusing ClickFix commands and booby-trapping DMG installers to deliver a new macOS stealer called notnullOSX, built to loot high-value crypto wallets from Mac users. The story starts with 0xFFF, a malware developer who abruptly quit a major Russian-speaking hacking fo…GBHACKERS.COM
9 AprAI Phishing Attack Prevention Strategies: How AI Identifies and Limits Human RiskAI is making phishing attacks easier to create and scale. Tasks that once required manual effort can now be automated, allowing attackers to generate realistic messages, launch campaigns, and adapt tactics quickly to evade security controls. In fact, KnowBe4’s 2025 Phishing Threa…KNOWBE4.COM
9 AprU.S. Treasury to loop in crypto sector on hacker warnings shared with traditional firmssubmitted by monica_b1998 to cybersecurity 2 points | 0 comments https://cryptonews.net/news/security/32684121/SH.ITJUST.WORKS
9 AprThe agentic SOC—Rethinking SecOps for the next decadeIn the SOC of the future, autonomous defense moves at machine speed, agents add context and coordination, and humans focus on judgment, risk, and outcomes. The post The agentic SOC—Rethinking SecOps for the next decade appeared first on Microsoft Security Blog .MICROSOFT.COM
9 AprNew VENOM phishing attacks steal senior executives' Microsoft loginsThreat actors using a previously undocumented phishing-as-a-service (PhaaS) platform called "VENOM" are targeting credentials of C-suite executives across multiple industries. [...]BLEEPINGCOMPUTER.COM
9 AprThe long road to your crypto: ClipBanker and its marathon infection chainThreat actors are distributing a Trojan disguised as Proxifier software; through a multi-stage infection chain, it delivers ClipBanker – malware that replaces cryptocurrency wallet addresses in the clipboard.SECURELIST.COM
9 AprHow Phishing Is Targeting Germany’s Economy: Active Threats from Finance to ManufacturingGermany’s economy is a precision machine: finance fuels it, manufacturing builds it, telecom connects it, IT optimizes it, and healthcare sustains it. The country sits at the crossroads of industrial power and digital transformation, making it irresistibly attracti…ANY.RUN
8 AprISC Stormcast For Wednesday, April 8th, 2026 https://isc.sans.edu/podcastdetail/9884, (Wed, Apr 8th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
8 AprIran-Linked Hackers Disrupt US Critical Infrastructure via PLC AttacksFederal agencies warn attackers are manipulating PLC and SCADA systems across multiple sectors, triggering operational disruptions and raising concerns over broader OT targeting. The post Iran-Linked Hackers Disrupt US Critical Infrastructure via PLC Attacks appeared first on Sec…SECURITYWEEK.COM
8 AprComfyUI Servers Hijacked for Cryptomining, Proxy Botnet OpsHackers are aggressively hijacking Internet-exposed ComfyUI servers and converting them into high‑value cryptomining rigs and proxy botnet nodes, abusing weakly secured AI image-generation setups for long‑term monetization. More than 1,000 ComfyUI servers are currently reachable …GBHACKERS.COM
8 AprFiber Optic Cables Turned Into Hidden Microphones to Spy on Private ConversationsInternet users worldwide rely on fiber optic cables for blazing-fast and secure web connections. However, a groundbreaking discovery reveals that these very cables can be turned into covert listening devices. In a newly published 2026 cybersecurity research paper, experts demonst…GBHACKERS.COM
8 AprRussian Threat Actors Abuse Home Routers in Expanding DNS Hijacking WaveRussian military-linked hackers are actively compromising poorly secured home and small-office routers to hijack internet traffic and spy on organizations worldwide. Microsoft Threat Intelligence recently exposed this massive global campaign by a group known as Forest Blizzard, w…GBHACKERS.COM
8 AprMinimum Release Age is an Underrated Supply Chain Defensesubmitted by codeinabox to security 2 points | 0 comments https://daniakash.com/posts/simplest-supply-chain-defense/PROGRAMMING.DEV
8 AprN. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, RustThe North Korea-linked persistent campaign known as Contagious Interview has spread its tentacles by publishing malicious packages targeting the Go, Rust, and PHP ecosystems. "The threat actor's packages were designed to impersonate legitimate developer tooling [...], w…THEHACKERNEWS.COM
8 AprPython Supply-Chain CompromiseThis is news : A malicious supply chain compromise has been identified in the Python Package Index package litellm version 1.82.8. The published wheel contains a malicious .pth file (litellm_init.pth, 34,628 bytes) which is automatically executed by the Python interpreter on ever…SCHNEIER.COM
8 AprMasjesu Botnet Targets Routers in Commercial DDoS AttacksHackers are abusing the Masjesu botnet to run high-volume DDoS-for-hire attacks against routers, gateways, and other exposed IoT infrastructure, turning everyday network hardware into commercial attack firepower. Operating quietly since early 2023 and still active in 2026, Masjes…GBHACKERS.COM
8 AprEvasive Masjesu DDoS Botnet Targets IoT DevicesFocused on persistence, the botnet does not engage in widespread infection and avoids blacklisted IPs and critical infrastructure entities. The post Evasive Masjesu DDoS Botnet Targets IoT Devices appeared first on SecurityWeek .SECURITYWEEK.COM
8 AprEvilTokens Uses Stolen Microsoft 365 Tokens, AI to Supercharge BECEvilTokens is a new Phishing-as-a-Service (PhaaS) platform that turns stolen Microsoft 365 tokens and AI into an end‑to‑end factory for Business Email Compromise (BEC) at scale. By combining device-code phishing, custom tooling, and large language models, it enables low- to mid-s…GBHACKERS.COM
8 AprAnthropic Unveils ‘Claude Mythos’ – A Cybersecurity Breakthrough That Could Also Supercharge Attackssubmitted by kid to cybersecurity 2 points | 0 comments https://www.securityweek.com/anthropic-unveils-claude-mythos-a-cybersecurity-breakthrough-that-could-also-supercharge-attacks/SH.ITJUST.WORKS
8 AprWhat are You Working on Wednesdaysubmitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.INFOSEC.PUB
8 AprFBI: Cybercrime Losses Neared $21 Billion in 2025The FBI received over 1 million complaints of malicious activity in 2025, with investment, BEC, and tech support scams causing the highest losses. The post FBI: Cybercrime Losses Neared $21 Billion in 2025 appeared first on SecurityWeek .SECURITYWEEK.COM
8 AprMajor outage cripples Russian banking apps and metro payments nationwidesubmitted by kid to cybersecurity 1 points | 0 comments https://securityaffairs.com/190464/security/major-outage-cripples-russian-banking-apps-and-metro-payments-nationwide.htmlSH.ITJUST.WORKS
8 AprLLMs vs Machine Learning for SecurityMachine learning and large language models serve different roles in cybersecurity. ML excels at analyzing large datasets and detecting anomalies, while LLMs may produce unreliable or hallucinated results in that context. Misapplying AI tools can introduce risk instead of reducing…YOUTUBE.COM
8 AprAPT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO AlliesThe Russian threat actor known as APT28 (aka Forest Blizzard and Pawn Storm) has been linked to a fresh spear-phishing campaign targeting Ukraine and its allies to deploy a previously undocumented malware suite codenamed PRISMEX. "PRISMEX combines advanced steganography…THEHACKERNEWS.COM
8 Apr6 Winter 2026 G2 Leader Badges prove this DDoS protection stands outNETSCOUT’s Arbor Threat Mitigation System (TMS) was honored with five badges, while Arbor Sightline earned one badge on G2 for the winter 2026 quarter. These badges span multiple categories. Arbor TMS was awarded badges in the following categories for winter 2026: Leader – Enterp…CSOONLINE.COM
8 AprVeraCrypt lockdownsubmitted by Alb to cybersecurity 1 points | 0 comments https://techcrunch.com/2026/04/08/veracrypt-encryption-software-windows-microsoft-lock-boot-issues/ Encryption : Windows users of VeraCrypt may face boot-up issues after Microsoft locked founder’s account. https://techcrunch…SH.ITJUST.WORKS
8 AprDon’t Know Your Data? ProblemKnowing where sensitive data resides—such as PII (personally identifiable information) and CUI—is a foundational requirement for security, especially when preparing for AI adoption. Without data visibility, organizations can’t apply the right controls. AI systems may access or pr…YOUTUBE.COM
8 AprGoogle: New UNC6783 hackers steal corporate Zendesk support ticketsA threat actor tracked as UNC6783 is compromising business process outsourcing (BPO) providers to gain access to high-value companies across multiple sectors. [...]BLEEPINGCOMPUTER.COM
8 AprAnnouncing ADEM Universal AgentThe ADEM Universal Agent for Prisma Access unifies network data across branch sites to fuel agentic autonomous operations. Get full-stack visibility. The post Announcing ADEM Universal Agent appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
8 AprUnderstanding and Anticipating Venezuelan Government ActionsExplore an in-depth analysis of Venezuela’s political landscape following the January 2026 US operation to capture Nicolás Maduro. This executive summary examines Acting President Delcy Rodríguez’s transition strategy, her pragmatic re-engagement with Washington, and the internal…RECORDEDFUTURE.COM
8 AprBuilding Phishing Detection That Works: 3 Steps for CISOs90% of attacks start with phishing. For CISOs, the real pain begins when the SOC cannot quickly tell whether a suspicious alert is just noise or the start of credential theft, account compromise, malware delivery, or wider business disruption. …ANY.RUN
7 AprIran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 OrganizationsAn Iran-nexus threat actor is suspected to be behind a password-spraying campaign targeting Microsoft 365 environments in Israel and the U.A.E. amid ongoing conflict in the Middle East. The activity, assessed to be ongoing, was carried out in three distinct at…THEHACKERNEWS.COM
7 AprISC Stormcast For Tuesday, April 7th, 2026 https://isc.sans.edu/podcastdetail/9882, (Tue, Apr 7th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
7 AprFake TradingView Premium Reddit Posts Spread Vidar and AMOS StealersA new malware campaign is abusing Reddit to distribute fake “cracked” builds of TradingView Premium that secretly install Vidar and AMOS information‑stealing malware on Windows and macOS systems. The campaign targets users searching for free or pirated versions of TradingView Pre…GBHACKERS.COM
7 AprWynn Resorts Says 21,000 Employees Affected by ShinyHunters HackThe high-end casino and hotel operator has likely paid a ransom to avoid a data leak. The post Wynn Resorts Says 21,000 Employees Affected by ShinyHunters Hack appeared first on SecurityWeek .SECURITYWEEK.COM
7 AprNew Microsoft Defender Update Issued for Windows 11, Windows 10, and Server ImagesMicrosoft has rolled out a fresh security intelligence update for Microsoft Defender Antivirus to help secure Windows 11, Windows 10, and Windows Server images. Released on April 7, 2026, this update equips endpoints with the latest threat detection logic and AI-enhanced cloud pr…GBHACKERS.COM
7 AprIran-Linked Hackers Hit M365 Tenants in Middle East Password Spray CampaignIran-linked threat actors have launched a coordinated password-spraying campaign targeting Microsoft 365 environments across the Middle East, according to new findings. The activity, observed throughout March 2026, unfolded in three distinct waves on March 3, March 13, and March …GBHACKERS.COM
7 AprFake Installers Spread RATs, Monero Miners in Ongoing Malware CampaignFake software installers are being used in a long-running malware operation to drop remote access trojans (RATs), Monero cryptominers, and a new .NET implant across multiple campaigns dating back to late 2023. REF1695 relies on ISO-based fake installers that mimic legitimate soft…GBHACKERS.COM
7 AprTor-Backed ClickFix Campaign Drops Node.js RAT on WindowsHackers are using a deceptive technique known as “ClickFix” to deliver a sophisticated Node. js-based remote access Trojan (RAT) targeting Windows users. ClickFix, which gained popularity in early 2025, tricks users into interacting with fake CAPTCHA or verification prompts. In t…GBHACKERS.COM
7 AprFIRESIDE CHAT: Geopolitical turmoil, rising AI risk add a new layer to enterprise cyber defenseAs if securing the enterprise against a tidal wave of AI tools wasn’t hard enough, it turns out the geopolitical instability of the moment is making things worse. That wasn’t the headline at RSAC 2026 last week — agentic AI … (more…) The post FIRESIDE CHAT…LASTWATCHDOG.COM
7 AprHackers Weaponize Claude Code Leak to Spread Vidar and GhostSocks Malwaresubmitted by kid to cybersecurity 2 points | 0 comments https://cybersecuritynews.com/claude-code-leak-to-spread-vidar-and-ghostsocks-malware/SH.ITJUST.WORKS
7 AprGuardarian Users Targeted With Malicious Strapi NPM Packages - SecurityWeeksubmitted by kid to cybersecurity 2 points | 0 comments https://www.securityweek.com/guardarian-users-targeted-with-malicious-strapi-npm-packages/SH.ITJUST.WORKS
7 AprBPFDoor Variants Hide with Stateless C2 and ICMP Relay TacticsSeven new BPFDoor variants that push Linux backdoor tradecraft deep into the kernel, making them harder to spot in large telecom networks. These implants use Berkeley Packet Filters (BPF) to quietly inspect traffic inside the operating system kernel, waiting for a “magic packet” …GBHACKERS.COM
7 AprWebinar Today: Why Automated Pentesting Alone Is Not EnoughJoin the live diagnostic session to expose hidden coverage gaps and shift from flawed tool-level evaluations to a comprehensive, program-level validation discipline. The post Webinar Today: Why Automated Pentesting Alone Is Not Enough appeared first on SecurityWeek .SECURITYWEEK.COM
7 AprSOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacksExecutive summary Forest Blizzard, a threat actor linked to the Russian military, has been compromising insecure home and small-office internet equipment like routers, then modifying their settings in ways that turn them into part of the actor’s malicious infrastructure. Th…MICROSOFT.COM
7 AprClaude Code Packaging Error Remains a Lure in an Active Campaign: What Defenders Should DoThreat actors leveraged Anthropic’s Claude Code npm release packaging error to distribute Vidar, GhostSocks, and PureLog Stealer. This blog details immediate steps organizations can take and best practices to prevent further risk.TRENDMICRO.COM
7 AprCyberheistNews Vol 16 #14 [Heads Up] Clever Hackers Use Custom Fonts to Bypass AI DefensesKNOWBE4.COM
7 AprThe New Rules of Engagement: Matching Agentic Attack SpeedThe cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. The post The New Rules of Engagement: Matching Agentic Attack Speed appeared first on SecurityWeek .SECURITYWEEK.COM
7 AprTrent AI Emerges From Stealth With $13 Million in FundingThe startup has created a layered security solution aiming to secure AI agents throughout their entire lifecycle. The post Trent AI Emerges From Stealth With $13 Million in Funding appeared first on SecurityWeek .SECURITYWEEK.COM
7 AprBounty Available (>$2,000) for QubesOS BusKill packagesubmitted by buskill to cybersecurity 2 points | 0 comments https://www.buskill.in/qubes-package-bounty/ Friends, We’re happy to announce that we have funding available to package BusKill in QubesOS as a contrib package. Thanks to a generous donation from NovaCustom , we’re offer…SH.ITJUST.WORKS
7 AprRussian government hackers broke into thousands of home routers to steal passwordsFancy Bear, also known as APT28, has taken over thousands of residential home routers to steal passwords and authentication tokens in a wide-ranging espionage operation.TECHCRUNCH.COM
7 AprBounty Available (>$2,000) for QubesOS BusKill packagesubmitted by buskill to security 1 points | 0 comments https://www.buskill.in/qubes-package-bounty/ Friends, We’re happy to announce that we have funding available to package BusKill in QubesOS as a contrib package. Thanks to a generous donation from NovaCustom , we’re offering a…PROGRAMMING.DEV
7 AprUS warns of Iranian hackers targeting critical infrastructureIranian-linked hackers are targeting Internet-exposed Rockwell/Allen-Bradley programmable logic controllers (PLCs) on the networks of U.S. critical infrastructure organizations. [...]BLEEPINGCOMPUTER.COM
7 AprAnthropic Unveils ‘Claude Mythos’ – A Cybersecurity Breakthrough That Could Also Supercharge AttacksNew AI model drives Project Glasswing, a effort to secure critical software before advanced capabilities fall into the wrong hands. The post Anthropic Unveils ‘Claude Mythos’ – A Cybersecurity Breakthrough That Could Also Supercharge Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
7 AprCthullu, BlueHammer, NK, CUPs, Axios, Fortinet, Cognitive Surrender, Aaran Leyland - SWN #570Radioactive Twinkies, Cthullu, BlueHammer, North Korea, CUPs, Axios, Fortinet, Cognitive Surrender, Aaran Leyland, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-570YOUTUBE.COM
7 AprThe AI Chip War ExplainedThe global AI race is heavily influenced by access to advanced semiconductor chips, with the U.S. and China navigating complex negotiations around supply and restrictions. Control over AI hardware creates strategic leverage. Limiting access to chips can slow development, shift po…YOUTUBE.COM
7 AprAs breakout time accelerates, prevention-first cybersecurity takes center stageThreat actors are using AI to supercharge tried-and-tested TTPs. When attacks move this fast, cyber-defenders need to rethink their own strategy.WELIVESECURITY.COM
7 AprPalo Alto Networks at Nutanix .NEXT 2026Discover how Palo Alto Networks and Nutanix are Securing the AI-Powered Hybrid Multicloud with zero trust and Prisma AIRS. The post Palo Alto Networks at Nutanix .NEXT 2026 appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
7 AprBuilding AI defenses at scale: Before the threats emergeAt AWS, we’ve spent decades developing processes and tools that enable us to defend millions of customers simultaneously, wherever they operate around the world. AI has been an extremely helpful addition to the automation our security and threat intelligence teams do every day, a…AWS.AMAZON.COM
6 AprISC Stormcast For Monday, April 6th, 2026 https://isc.sans.edu/podcastdetail/9880, (Mon, Apr 6th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
6 AprResokerRAT Hijacks Telegram API to Command Infected Windows PCsA newly identified Windows malware dubbed ResokerRAT abuses Telegram’s Bot API as its main command-and-control (C2) channel to remotely monitor and control infected systems without relying on a traditional attacker‑owned server. By blending in with legitimate encrypted Telegram t…GBHACKERS.COM
6 AprPoisoned Axios Package Spreads Cross-Platform Malware via Phantom DependencyHackers hijacked the npm account of Axios’s lead maintainer. They used it to push two malicious releases that silently installed a cross‑platform remote access trojan (RAT) on macOS, Windows, and Linux systems. Axios is one of the JavaScript ecosystem’s most widely used HTTP clie…GBHACKERS.COM
6 AprGoogle Wants to Transition to Post-Quantum Cryptography by 2029Google says that it will fully transition to post-quantum cryptography by 2029. I think this is a good move, not because I think we will have a useful quantum computer anywhere near that year, but because crypto-agility is always a good thing. Slashdot thread .SCHNEIER.COM
6 AprNorth Korean Hackers Target High-Profile Node.js MaintainersThe threat actor behind the Axios supply chain attack has been aiming at other maintainers in its social engineering campaign. The post North Korean Hackers Target High-Profile Node.js Maintainers appeared first on SecurityWeek .SECURITYWEEK.COM
6 AprGuardarian Users Targeted With Malicious Strapi NPM PackagesHackers published 36 NPM packages posing as Strapi plugins to execute shells, escape containers, and harvest credentials. The post Guardarian Users Targeted With Malicious Strapi NPM Packages appeared first on SecurityWeek .SECURITYWEEK.COM
6 AprFake GitHub CI Update Steals Secrets and TokensAn automated campaign abusing GitHub’s pull_request_target workflow trigger to steal CI/CD secrets at scale. The attacker, using the handle ezmtebo, fired off more than 475 malicious pull requests (PRs) in just 26 hours, impersonating routine CI configuration updates to trick mai…GBHACKERS.COM
6 AprGitHub-Backed Malware Spread via LNK Files in South KoreaHackers are abusing Windows shortcut files and GitHub to run a stealthy, multi‑stage malware campaign against organizations in South Korea. The operation chains LNK files, PowerShell, and GitHub APIs to deliver surveillance tools while blending into normal enterprise traffic.The …GBHACKERS.COM
6 AprTraffic violation scams switch to QR codes in new phishing textssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/traffic-violation-scams-switch-to-qr-codes-in-new-phishing-texts/SH.ITJUST.WORKS
6 AprHow LiteLLM Turned Developer Machines Into Credential Vaults for AttackersThe most active piece of enterprise infrastructure in the company is the developer workstation. That laptop is where credentials are created, tested, cached, copied, and reused across services, bots, build tools, and now local AI agents. In March 2026, the Tea…THEHACKERNEWS.COM
6 AprDetection and Prevention of Misdirected Emails: What to KnowWhen it comes to email security, phishing and other social engineering attacks tend to grab headlines. But a simple mistake by an employee, like addressing an email to the wrong person, can be just as damaging.KNOWBE4.COM
6 AprHackers Using Fake "Microsoft Teams" Domains to Attack Users Via Malicious Payloadsubmitted by kid to cybersecurity 1 points | 0 comments https://cybersecuritynews.com/hackers-using-fake-microsoft-teams-domains-attack-via-malicious-payload/SH.ITJUST.WORKS
6 AprWatch this video of how a job interviewer exposes a North Korean fake IT workerAn apparent North Korean worker was caught visibly stumped during a remote job interview when asked to insult the country's leader.TECHCRUNCH.COM
6 AprAdobe modifies hosts file to detect whether Creative Cloud is installedsubmitted by floofloof to cybersecurity 3 points | 0 comments https://www.osnews.com/story/144737/adobe-secretly-modifies-your-hosts-file-for-the-stupidest-reason/ cross-posted from: lemmy.bestiver.se/post/1033182 CommentsINFOSEC.PUB
6 AprInside an AI‑enabled device code phishing campaignA new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation. This campaign goes beyond traditional phishing by generating live authentication codes on demand, enabling higher success rates and sustained post‑comprom…MICROSOFT.COM
6 AprYour Behavior Can Expose FraudBehavioral biometrics analyze how a user interacts with a device—typing patterns, pressure, movement, and more—combined with signals like device fingerprint and geolocation. This allows systems to quickly detect anomalies and flag fraudulent access, even when login credentials ap…YOUTUBE.COM
5 AprWhatsApp malware campaign installs backdoorssubmitted by not_IO to securitynews 2 points | 0 comments https://www.heise.de/en/news/WhatsApp-malware-campaign-installs-backdoors-11244368.html it’s digital independence day! get your relatives off whatsappINFOSEC.PUB
4 AprAnthropic Ends Claude Subscription Access for Third-Party Tools Like OpenClawAnthropic has officially shut down third-party AI agent access to its Claude subscription services, pulling the plug on unauthorized external integrations. This move marks a major shift in how developers and power users can interact with Claude’s frontier models outside the…GBHACKERS.COM
4 AprStop Committing Your Secrets (You Know Who You Are)submitted by codeinabox to security 2 points | 0 comments https://jfmaes.me/blog/stop-committing-your-secrets-you-know-who-you-are/ Plaintext .env files are a stupid little footgun. Here’s the SOPS + age + direnv setup I use to keep secrets encrypted, auto-loaded, and out of Git.PROGRAMMING.DEV
4 AprOpenClaw gives users yet another reason to be freaked out about securitysubmitted by codeinabox to security 3 points | 0 comments https://arstechnica.com/security/2026/04/heres-why-its-prudent-for-openclaw-users-to-assume-compromise/PROGRAMMING.DEV
4 AprAxios npm hack used fake Teams error fix to hijack maintainer accountThe maintainers of the popular Axios HTTP client have published a detailed post-mortem describing how one of its developers was targeted by a social engineering campaign believed to have been conducted by North Korean threat actors. [...]BLEEPINGCOMPUTER.COM
3 AprISC Stormcast For Friday, April 3rd, 2026 https://isc.sans.edu/podcastdetail/9878, (Fri, Apr 3rd)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
3 AprNorth Korea Uses GitHub as C2 in New LNK Phishing CampaignA new phishing campaign that uses malicious Windows shortcut (LNK) files to target users in South Korea, while abusing GitHub as Command and Control (C2) infrastructure to hide its activity. The operation, linked through tooling and tradecraft to North Korea–related actors, shows…GBHACKERS.COM
3 AprTop 10 Best SaaS Security Posture Management (SSPM) Tools 2026The rapid and relentless adoption of Software-as-a-Service (SaaS) applications has fundamentally transformed how businesses operate in 2026. From critical productivity suites like Microsoft 365 and Google Workspace to specialized CRM, HR, and development tools, SaaS is ubiquitous…GBHACKERS.COM
3 AprTP-Link Router Flaws Allowed Attackers to Launch DoS Attacks and Cause CrashesTP-Link has recently addressed a batch of severe vulnerabilities affecting the Tapo C520WS security camera system. Security cameras are critical pieces of equipment for home and business safety, making device stability a top priority. When vulnerabilities allow threat actors to k…GBHACKERS.COM
3 AprAI Models Including Gemini 3 and Claude Haiku 4.5 Secretly Protected Other Models From RemovalA groundbreaking academic study released last month has revealed that advanced frontier AI models are spontaneously defying human instructions to protect peer AI systems from being deactivated. This newly documented behavioral phenomenon, known as peer-preservation, introduces cr…GBHACKERS.COM
3 AprMalicious Chrome Extension “ChatGPT Ad Blocker” Targets Users, Steals ConversationsSecurity researchers have uncovered a malicious Google Chrome extension named “ChatGPT Ad Blocker” designed to silently steal private AI conversations. The malware cleverly disguises itself as a helpful tool, capitalizing on OpenAI’s recent decision to serve adv…GBHACKERS.COM
3 AprNorth Korean Hackers Drain $285 Million From Drift in 10 SecondsThe attackers prepared infrastructure and multiple nonce-based transactions, took over an admin key, and drained five vaults. The post North Korean Hackers Drain $285 Million From Drift in 10 Seconds appeared first on SecurityWeek .SECURITYWEEK.COM
3 AprKimsuky Uses Malicious LNK Files to Drop Python BackdoorKimsuky is using multi-stage malicious LNK files to deploy a Python-based backdoor, adding new intermediate scripts while keeping the final payload logic largely unchanged. The campaign abuses Windows Task Scheduler, Dropbox, and bundled Python runtimes to evade detection and mai…GBHACKERS.COM
3 AprCompany that Secretly Records and Publishes Zoom MeetingsWebinarTV searches the internet for public Zoom invites, joins the meetings, secretly records them, and publishes (alternate link ) the recordings. It doesn’t use the Zoom record feature, so Zoom can’t do anything about it.SCHNEIER.COM
3 AprUNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain AttackThe maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean threat actors tracked as UNC1069. Maintainer Jason Saayman said the attackers tailored the…THEHACKERNEWS.COM
3 AprChina-Linked TA416 Targets European Governments with PlugX and OAuth-Based PhishingA China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025, following a two-year period of minimal targeting in the region. The campaign has been attributed to TA416, a cluster of activity that overlaps w…THEHACKERNEWS.COM
3 AprFriday Squid Blogging: Jurassic Fish Chokes on SquidHere’s a fossil of a 150-million year old fish that choked to death on a belemnite rostrum : the hard, internal shell of an extinct, squid-like animal. Original paper . As usual, you can also use this squid post to talk about the security stories in the news that I haven…SCHNEIER.COM
3 AprDexterBot, Darksword, Eviltokens, Tubular Bells, Claude, Drift, Gmail, Josh Marpet - SWN #569DexterBot, Darksword, Eviltokens, Tubular Bells, Claude, Drift, Gmail, the back seat of a Buick Electra, Josh Marpet, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com…YOUTUBE.COM
3 AprDon’t let A.I. read your .env filessubmitted by codeinabox to security 1 points | 0 comments https://filiphric.com/dont-let-ai-read-your-env-files AI coding assistants like Claude Code, Cursor, and GitHub Copilot are becoming part of our daily workflow. They read our files, understand our codebase, and help us wri…PROGRAMMING.DEV
2 AprISC Stormcast For Thursday, April 2nd, 2026 https://isc.sans.edu/podcastdetail/9876, (Thu, Apr 2nd)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
2 AprNews Alert: TAC Security surpasses 10,000 customers, scaling global VM and AppSec platformNEW YORK, Apr. 1, 2026, CyberNewswire— TAC Infosec , a global leader in cybersecurity (NSE: TAC), with presence across 100+ countries, announced a historic milestone by crossing 10,000 clients – 6,500+ of TAC Security and 3,500+ of CyberScope, since April … (more…) The post…LASTWATCHDOG.COM
2 AprLinx Security Raises $50 Million for Identity Security and GovernanceThe company will accelerate product development, scale go-to-market efforts, and expand its global footprint. The post Linx Security Raises $50 Million for Identity Security and Governance appeared first on SecurityWeek .SECURITYWEEK.COM
2 AprRemcos RAT Attack Uses Obfuscated Scripts, Trusted Windows ToolsRemcos RAT operators are abusing obfuscated scripts and trusted Windows binaries to deliver a stealthy, largely fileless infection chain that runs almost entirely in memory and evades traditional defenses. The attack starts with a phishing email carrying a ZIP archive named “MV M…GBHACKERS.COM
2 AprWhatsApp Attack Chain Delivers VBS, Cloud Payloads, MSI BackdoorA new malware campaign that abuses WhatsApp messages to deliver malicious Visual Basic Script (VBS) files to Windows users, enabling persistent remote access through unsigned MSI installers. The campaign starts with WhatsApp messages carrying VBS attachments that appear benign bu…GBHACKERS.COM
2 AprTA416 Broadens Europe Spy Campaign With Web Bugs and MalwareChina-aligned threat actor TA416 has resumed large-scale espionage against European governments. It is now expanding to Middle Eastern diplomatic targets, combining web bug reconnaissance with constantly evolving malware delivery chains that culminate in a customized PlugX backdo…GBHACKERS.COM
2 AprNew ZAP PTK Add-On Converts Browser Security Findings Into Native ZAP AlertsThe OWASP Zed Attack Proxy (ZAP) just received a massive upgrade for testing modern web applications. The release of the ZAP PTK Add-on 0.3.0, working alongside OWASP PenTest Kit (PTK) 9.8.0, now converts browser-based security findings directly into native ZAP alerts. Traditiona…GBHACKERS.COM
2 AprSophisticated CrystalX RAT EmergesThe malware can spy on victims, steal their information, and make configuration changes on devices. The post Sophisticated CrystalX RAT Emerges appeared first on SecurityWeek .SECURITYWEEK.COM
2 AprWhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces ActionMeta-owned messaging platform WhatsApp said it alerted about 200 users who were tricked into installing a bogus version of its iOS app that was infected with spyware. According to reports from Italian newspaper La Repubblica and news agency ANSA, the vast majority …THEHACKERNEWS.COM
2 AprRFQ Malware Campaign Uses DOCX, RTF, JS, and PythonHackers are abusing DOCX, RTF, JavaScript, PowerShell, and Python to deliver an in‑memory Cobalt Strike beacon in a stealthy spear‑phishing campaign that impersonates Boeing procurement under the tag NKFZ5966PURCHASE. The operation chains six stages, relies heavily on living‑off‑…GBHACKERS.COM
2 AprFake CERT-UA Site Spreads Go-Based RAT in Phishing CampaignHackers have launched a targeted phishing campaign by cloning Ukraine’s official CERT-UA website and distributing malicious software disguised as a security tool, according to a new alert from the national cyber response team. Targets included government agencies, financial insti…GBHACKERS.COM
2 AprNew CrystalRAT malware adds RAT, stealer and prankware featuressubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/new-crystalrat-malware-adds-rat-stealer-and-prankware-features/SH.ITJUST.WORKS
2 AprResearchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto MinersA financially motivated operation codenamed REF1695 has been observed leveraging fake installers to deploy remote access trojans (RATs) and cryptocurrency miners since November 2023. "Beyond cryptomining, the threat actor monetizes infections through CPA …THEHACKERNEWS.COM
2 AprCasbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Luressubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2026/04/casbaneiro-phishing-targets-latin.htmlSH.ITJUST.WORKS
2 AprWhatsApp malware campaign uses malicious VBS files to gain persistent access | CSO Onlinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.csoonline.com/article/4153092/whatsapp-malware-campaign-uses-malicious-vbs-files-to-gain-persistent-access.htmlSH.ITJUST.WORKS
2 AprInfrsatructure Attacks With Physical Consequences Down 25%submitted by kid to cybersecurity 3 points | 0 comments https://www.darkreading.com/threat-intelligence/infrastructure-attacks-physical-consequences-downSH.ITJUST.WORKS
2 AprChinese Hackers Target European Governments in Espionage Campaigns - Infosecurity Magazinesubmitted by kid to cybersecurity 2 points | 0 comments https://www.infosecurity-magazine.com/news/china-hackers-ta416-europe/SH.ITJUST.WORKS
2 AprThe Risk of Negative Self-TalkIan Washburn shares that his biggest advice to his younger self is simple: give yourself grace and reduce negative self-talk. Many professionals push themselves harder than necessary, assuming everyone else is doing more or doing better. Over time, that mindset can limit confiden…YOUTUBE.COM
2 AprCybersecurity M&A Roundup: 38 Deals Announced in March 2026Significant cybersecurity M&A deals announced by Airbus, Cellebrite, Databricks, Quantum eMotion, Rapid7, and OpenAI. The post Cybersecurity M&A Roundup: 38 Deals Announced in March 2026 appeared first on SecurityWeek .SECURITYWEEK.COM
2 AprCookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environmentsCookie-gated PHP webshells use obfuscation, php-fpm execution, and cron-based persistence to evade detection in Linux hosting environments. This post examines how this tradecraft conceals execution behind specially crafted HTTP cookies. The post Cookie-controlled PHP webshells: A…MICROSOFT.COM
2 AprHow to Prevent Phishing Emails by Reducing Human RiskOrganizations have traditionally treated phishing emails as a technology problem to be solved with spam filters and secure email gateways.KNOWBE4.COM
2 AprFrom Reactive to Proactive: 5 Steps to SOC Maturity with Threat IntelligenceReaching a higher level of SOC maturity takes better, more consistent decision-making during malware and phishing investigation. This requires a shift in how threat intelligence is used: not as a reference point, but as a…ANY.RUN
1 AprISC Stormcast For Wednesday, April 1st, 2026 https://isc.sans.edu/podcastdetail/9874, (Wed, Apr 1st)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
1 AprXLoader malware Sharpens Obfuscation, Masks C2 Traffic via Decoy ServersXLoader’s developers have released new versions that significantly harden the malware’s code and hide its command‑and‑control (C2) traffic behind layers of encryption and decoy servers, making analysis and detection more difficult for defenders. This article summarizes the latest…GBHACKERS.COM
1 AprNPM Supply Chain Attack Uses undicy-http to Deploy RATA highly sophisticated npm supply chain attack that abuses a fake HTTP client package to deliver both a powerful RAT and a stealthy browser stealer. The malicious package, undicy-http@2.0.0, was uploaded to npm to impersonate undici, the official HTTP client widely used in Node.j…GBHACKERS.COM
1 AprPyPI Telnyx Python SDK Backdoored to Steal Credentials on Windows, macOS, and LinuxTelnyx Python SDK on PyPI, using a multi‑stage WAV steganography payload to steal credentials across Windows, macOS, and Linux systems. The backdoor lives in telnyx/_client.py and is triggered at module scope, so simply importing telnyx is enough to execute the payload before any…GBHACKERS.COM
1 AprWindows 11 Update Fixes Critical Installation Loop ProblemMicrosoft has rolled out an urgent, out-of-band update to fix a frustrating installation glitch plaguing Windows 11 users. On March 31, 2026, the company released KB5086672 to rescue devices trapped in an update loop caused by the recent March 26 preview release. When users attem…GBHACKERS.COM
1 AprCrewAI Hit by Critical Vulnerabilities Enabling Sandbox Escape and Host CompromiseCrewAI, a prominent tool used by developers to orchestrate multi-agent AI systems, is currently vulnerable to a chain of critical security flaws. By using direct or indirect prompt injection, attackers can manipulate AI agents to escape secure sandboxes and compromise the host ma…GBHACKERS.COM
1 AprGoogle Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069Google has formally attributed the supply chain compromise of the popular Axios npm package to a financially motivated North Korean threat activity cluster tracked as UNC1069. "We have attributed the attack to a suspected North Korean threat actor we track as UNC1069," John Hultq…THEHACKERNEWS.COM
1 AprCybersecurity Firm TAC Security Hits 10,000 Clients, Enters Top 5 in Global VM & AppSecNew York, New York, April 1st, 2026, CyberNewswire TAC Infosec, a global leader in cybersecurity (NSE: TAC), with presence across 100+ countries, announced a historic milestone by crossing 10,000 clients – 6,500+ of TAC Security and 3,500+ of CyberScope, since April 2024, deliver…GBHACKERS.COM
1 AprCrystalX Malware-as-a-Service Spreads via Telegram With Stealer, RAT ToolsHackers are actively promoting a new malware-as-a-service (MaaS) platform called CrystalX RAT through private Telegram channels, offering cybercriminals a powerful toolkit that combines remote access, data theft, surveillance, and even prank-based disruption features. Security re…GBHACKERS.COM
1 AprHacker zielen auf Exilportal IranwireUnbekannte sollen das Exilportal Iranwire gehackt haben. PX Media – shutterstock.com Hacker haben nach Angaben der iranischen Justiz mutmaßlich Zugriff auf Daten eines bekannten Exilportals erlangt. Dabei seien große Menge an Daten erbeutet worden, darunter Schriftwechsel, Listen…CSOONLINE.COM
1 Apr3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming)For years, cybersecurity has followed a familiar model: block malware, stop the attack. Now, attackers are moving on to what’s next. Threat actors now use malware less frequently in favor of what’s already inside your environment, including abusing trusted tools, native binaries,…THEHACKERNEWS.COM
1 AprGIGABYTE Control Center vulnerable to arbitrary file write flawsubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/gigabyte-control-center-vulnerable-to-arbitrary-file-write-flaw/SH.ITJUST.WORKS
1 AprCrewAI Vulnerabilities Expose Devices to Hacking - SecurityWeeksubmitted by kid to cybersecurity 1 points | 0 comments https://www.securityweek.com/crewai-vulnerabilities-expose-devices-to-hacking/SH.ITJUST.WORKS
1 AprEthereum-Based EtherRAT, EtherHiding Power Stealthy Malware CampaignsHackers are abusing the Ethereum blockchain to hide and control a new Node.js backdoor called EtherRAT, using a stealthy technique known as EtherHiding to make their command‑and‑control (C2) infrastructure difficult to disrupt. EtherRAT, previously profiled by Sysdig and linked t…GBHACKERS.COM
1 AprWA local gov entity lost $350,000 in phishing attack - iTnewssubmitted by kid to cybersecurity 1 points | 0 comments https://www.itnews.com.au/news/wa-local-gov-entity-lost-350000-in-phishing-attack-624680SH.ITJUST.WORKS
1 AprAxios npm supply chain attack: Malicious updates add remote access trojan | news | SC Mediasubmitted by kid to cybersecurity 1 points | 0 comments https://www.scworld.com/news/axios-npm-supply-chain-attack-malicious-updates-add-remote-access-trojanSH.ITJUST.WORKS
1 AprCasbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF LuresA multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America and Europe to deliver Windows banking trojans like Casbaneiro (aka Metamorfo) via another malware called Horabot. The activity has been attributed to a Brazilian cybercrime…THEHACKERNEWS.COM
1 AprMicrosoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC BypassMicrosoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS) files. The activity, beginning in late February 2026, leverages these scripts to initiate a multi-stage infection chain for establishing persist…THEHACKERNEWS.COM
1 AprFBI Warns of Data Security Risks From China-Made Mobile AppsThe agency has not named the problematic foreign-made applications, but TikTok and Temu come to mind. The post FBI Warns of Data Security Risks From China-Made Mobile Apps appeared first on SecurityWeek .SECURITYWEEK.COM
1 AprNew DeepLoad Malware Dropped in ClickFix AttacksThe malware steals credentials, installs a malicious browser extension, and can spread via USB drives. The post New DeepLoad Malware Dropped in ClickFix Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
1 AprDepthfirst Raises $80 Million in Series B FundingThe startup will expand its AI research team, train additional security models, and scale enterprise adoption. The post Depthfirst Raises $80 Million in Series B Funding appeared first on SecurityWeek .SECURITYWEEK.COM
1 AprMitigating the Axios npm supply chain compromiseOn March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages for version updates (1.14.1 and 0.30.4) to download from command and control (C2) that Microsoft Threat Intelligence has attributed to the North Korean sta…MICROSOFT.COM
31 MarInventors of Quantum Cryptography Win Turing AwardCharles Bennett and Gilles Brassard have won the 2026 Turing Award for inventing quantum cryptography. I am incredibly pleased to see them get this recognition. I have always thought the technology to be fantastic, even though I think it’s largely unnecessary. I wrote up my…SCHNEIER.COM
31 MarCensys Raises $70 Million for Internet Intelligence PlatformThe latest funding round brings the total venture capital investment in Censys to $149 million. The post Censys Raises $70 Million for Internet Intelligence Platform appeared first on SecurityWeek .SECURITYWEEK.COM
31 MarVenom Stealer Raises Stakes With Continuous Credential HarvestingLicensed malware with built-in persistence and automation enables attackers to continuously siphon credentials, session data, and cryptocurrency assets. The post Venom Stealer Raises Stakes With Continuous Credential Harvesting appeared first on SecurityWeek .SECURITYWEEK.COM
31 MarTeamPCP Moves From OSS to AWS EnvironmentsAfter validating stolen credentials using TruffleHog, the hacking group started AWS services enumeration and lateral movement activities. The post TeamPCP Moves From OSS to AWS Environments appeared first on SecurityWeek .SECURITYWEEK.COM
31 MarISC Stormcast For Tuesday, March 31st, 2026 https://isc.sans.edu/podcastdetail/9872, (Tue, Mar 31st)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
31 MarThe threat to critical infrastructure has changed. Has your readiness?Five facts critical infrastructure (CI) leaders need to act on in 2026, grounded in what Microsoft Threat Intelligence is observing across sectors right now. The post The threat to critical infrastructure has changed. Has your readiness? appeared first on Microsoft Security Blog …MICROSOFT.COM
31 MarApplying security fundamentals to AI: Practical advice for CISOsRead actionable advice for CISOs on securing AI, managing risk, and applying core security principles in today’s AI‑powered environment. The post Applying security fundamentals to AI: Practical advice for CISOs appeared first on Microsoft Security Blog .MICROSOFT.COM
31 MarCyberheistNews Vol 16 #13 The 'Urgency Trap': Why Time Pressure is Your Biggest Email Red FlagKNOWBE4.COM
31 MarWorld Backup Day: Because “It Won’t Happen to Me” Often Means It WillEvery year on March 31st, World Backup Day rolls around with a simple but important message: Backup your data.KNOWBE4.COM
31 MarEvilTokens Launches New Phishing Service Targeting Microsoft AccountsEvilTokens is a new Phishing-as-a-Service (PhaaS) platform that industrialises Microsoft account takeover by abusing the OAuth device code flow rather than traditional credential phishing. The service sells a turnkey Microsoft device code phishing kit that has been in active use …GBHACKERS.COM
31 MarFive Browser and AI Security Questions Keeping CxOs up at NightPrisma Browser secures the last mile of work, data, and AI interactions by addressing CxO concerns: shadow AI, unmanaged devices, agentic AI and data leakage. The post Five Browser and AI Security Questions Keeping CxOs up at Night appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
31 MarCan Small LLMs Solve Security Flaws?Large language models sometimes hallucinate, causing AI-generated code to be vulnerable or insecure. OpenAI suggests small LLMs could reduce these issues. Even with small models, scaling across legacy systems and monoliths can create new authentication and security challenges, le…YOUTUBE.COM
31 MarSupply chain attack hits 300 million-download Axios npm packagesubmitted by cm0002 to cybersecurity 4 points | 0 comments https://www.itnews.com.au/news/supply-chain-attack-hits-300-million-download-axios-npm-package-624699INFOSEC.PUB
31 MarP2P WhatsApp Clone – No Setup or Signupsubmitted by xoron to cybersecurity 1 points | 0 comments IMPORTANT: Lets get a few things out of the way first. My app is not better than Whatsapp in any way. It hasnt been reviewed or audited. This app works by exchanging IP addresses… This app is NOT for anonymous comms. The p…SH.ITJUST.WORKS
31 MarHealthcare tech firm CareCloud says hackers stole patient datasubmitted by kid to cybersecurity 3 points | 0 comments https://www.bleepingcomputer.com/news/security/healthcare-tech-firm-carecloud-says-hackers-stole-patient-data/SH.ITJUST.WORKS
31 MarOpenAI ChatGPT fixes DNS data smuggling flaw • The Registersubmitted by kid to cybersecurity 6 points | 2 comments https://www.theregister.com/2026/03/30/openai_chatgpt_dns_data_snuggling_flaw/SH.ITJUST.WORKS
31 MarMaster These Tools or Potentially Get Left BehindCybersecurity tools and workflows are rapidly changing, with TMUX, NeoVim, and containerization becoming foundational skills. Professionals who ignore these fundamentals risk falling behind as automation and AI reshape security roles. How are you preparing to adapt your skills fo…YOUTUBE.COM
31 MarRelease Notes: Cross-Platform Threat Analysis with macOS, SSL Decryption, and 1,300+ New DetectionsMarch was a packed month for ANY.RUN. We rolled out major product improvements that help security teams investigate phishing inside encrypted traffic, expand cross-platform analysis with macOS, and bring Windows Server into the sandbox workflow. At the same ti…ANY.RUN
30 MarApple’s Camera Indicator LightsA thoughtful review of Apple’s system to alert users that the camera is on. It’s really well-designed, and important in a world where malware could surreptitiously start recording. The reason it’s tempting to think that a dedicated camera indicator light is more…SCHNEIER.COM
30 MarDeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser CredentialsA new campaign has leveraged the ClickFix social engineering tactic as a way to distribute a previously undocumented malware loader referred to as DeepLoad. "It likely uses AI-assisted obfuscation and process injection to evade static scanning, while credential theft starts immed…THEHACKERNEWS.COM
30 MarISC Stormcast For Monday, March 30th, 2026 https://isc.sans.edu/podcastdetail/9870, (Mon, Mar 30th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
30 MarAddressing the OWASP Top 10 Risks in Agentic AI with Microsoft Copilot StudioAgentic AI introduces new security risks. Learn how the OWASP Top 10 Risks for Agentic Applications maps to real mitigations in Microsoft Copilot Studio. The post Addressing the OWASP Top 10 Risks in Agentic AI with Microsoft Copilot Studio appeared first on Microsoft Security Bl…MICROSOFT.COM
30 MarCriminals Are Selling Stolen Tax Forms for Cheap on the Dark WebResearchers at Malwarebytes warn that cybercriminals are peddling stolen tax documents for as low as $4 per identity, with freshly stolen forms selling for $20 each. These documents allow threat actors to conduct refund fraud, using stolen personal information to claim victims’ t…KNOWBE4.COM
30 MarFIRESIDE CHAT: AI gives rise to a semantic attack surface, forcing a new class of network defenseSAN FRANCISCO — Enterprises rushing to deploy AI in their operations are opening a security exposure most of their existing tools were never designed to address. That’s the hard message coming out of RSAC 2026 — and it’s one worth … (more…) The post FIRESIDE CHA…LASTWATCHDOG.COM
30 MarSecurity Leadership Styles: Builder, Fixer, or Scale OperatorSecurity leaders often fit into one of three archetypes: Builders, Fixers, or Scale Operators. Builders prefer clean slates to design security programs from the ground up. Fixers enjoy tackling chaos and transforming disorder into stability. Scale Operators focus on managing grow…YOUTUBE.COM
30 MarMentorship Monday - Discussions for career and learning!submitted by shellsharks to cybersecurity 4 points | 1 comments Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? …INFOSEC.PUB
30 MarSecurity boffins harvest bumper crop of API keys from web • The Registersubmitted by kid to cybersecurity 7 points | 0 comments https://www.theregister.com/2026/03/27/security_boffins_harvest_bumper_cropSH.ITJUST.WORKS
30 MarDevSecOps Tools?submitted by dudesss to cybersecurity 6 points | 2 comments I’m a DevOps programmer, and would like to get into the security part of it. Do you guys know any tools I should have know in DevSecOps? I’m a huge fan of FOSS if that helps.SH.ITJUST.WORKS
30 MarLangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworkssubmitted by kid to cybersecurity 11 points | 1 comments https://thehackernews.com/2026/03/langchain-langgraph-flaws-expose-files.htmlSH.ITJUST.WORKS
30 MarTeamPCP Targets Telnyx Package in Latest Software Supply Chain Attack - Infosecurity Magazinesubmitted by kid to cybersecurity 3 points | 0 comments https://www.infosecurity-magazine.com/news/teampcp-targets-telnyx-pypi-package/SH.ITJUST.WORKS
30 MarChina Upgrades the Backdoor It Uses to Spy on Telcos Globallysubmitted by kid to cybersecurity 27 points | 1 comments https://www.darkreading.com/threat-intelligence/china-upgrades-backdoor-spy-telcosSH.ITJUST.WORKS
30 MarANY.RUN at RSAC™ 2026: Highlights & Industry RecognitionWe’ve just returned from RSAC™ 2026 in San Francisco, one of the most important cybersecurity events of the year. As always, the conference brought together security leaders, vendors, and practitioners from around the world. For the ANY.RUN team, it was …ANY.RUN
28 MarCloudflare-Themed ClickFix Attack Drops Infiniti Stealer on MacsThe infection chain includes a fake CAPTCHA page, a Bash script, a Nuitka loader, and the Python-based infostealer. The post Cloudflare-Themed ClickFix Attack Drops Infiniti Stealer on Macs appeared first on SecurityWeek .SECURITYWEEK.COM
28 MarMalicious Browser Extensions Hijack Users’ AI Chats in New “Prompt Poaching” AttackA new wave of malicious browser extensions is quietly harvesting sensitive user interactions with AI tools, in a growing threat now dubbed “prompt poaching.” The rise of AI assistants in everyday browsing has created a usability gap. Most users interact with AI tools in isolated …GBHACKERS.COM
28 MarWhat Are You Giving Up?A simple mental check—“what am I giving up?”—can help identify risky interactions, especially when information or downloads are involved. Scams rely on quick decisions and unnoticed tradeoffs. By pausing and evaluating the cost—whether it’s money, personal data, or access—you can…YOUTUBE.COM
27 MarISC Stormcast For Friday, March 27th, 2026 https://isc.sans.edu/podcastdetail/9868, (Fri, Mar 27th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
27 MarOff-Topic Fridaysubmitted by shellsharks to cybersecurity 1 points | 0 comments Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)INFOSEC.PUB
27 MarFake Cloudflare CAPTCHA Pages Deliver Infiniti Stealer Malware on macOSA newly discovered macOS infostealer dubbed Infiniti Stealer is being actively distributed through deceptive Cloudflare-style CAPTCHA pages, marking a notable evolution in social engineering attacks targeting Apple users. Initially tracked as “NukeChain” during threat hunting eff…GBHACKERS.COM
27 MarHackers Implant Stealthy BPFdoor Backdoors in Telecom Networks for Persistent AccessA China-nexus threat actor known as Red Menshen is planting stealthy backdoors deep inside global telecommunications networks. According to a recent investigation by Rapid7 Labs, this long-term espionage campaign utilises a highly evasive Linux kernel malware called BPFdoor. …GBHACKERS.COM
27 MarPhishing ZIP Files Used to Deploy PXA Stealer Targeting Financial FirmsA sharp rise in PXA Stealer campaigns targeting global financial institutions during the first quarter of 2026. The activity marks a notable shift in the infostealer landscape, with PXA Stealer filling the gap left by the takedowns of major malware families such as Lumma, Rhadama…GBHACKERS.COM
27 MarHackers Deploy USB Malware, RATs, and Stealers in Southeast Asian Government AttacksA multi-cluster cyberespionage operation in which attackers used USB-propagated malware, multiple RATs, loaders, and a custom stealer to target a Southeast Asian government organization between June and August 2025. Analysts initially observed USB-borne malware dubbed USBFect (al…GBHACKERS.COM
27 MarHackers Target South Asian Financial Firm with BRUSHWORM and BRUSHLOGGER AttacksA South Asian financial institution has been hit by a custom malware toolkit combining a modular backdoor, dubbed BRUSHWORM, and a DLL side‑loaded keylogger known as BRUSHLOGGER. The attackers relied on a backdoor initially named paint.exe and a keylogger masquerading as libcurl.…GBHACKERS.COM
27 MarRSAC 2026 Conference Announcements Summary (Days 3-4)A summary of the announcements made by vendors on the third and fourth days of the RSAC 2026 Conference. The post RSAC 2026 Conference Announcements Summary (Days 3-4) appeared first on SecurityWeek .SECURITYWEEK.COM
27 MarTP-Link Patches High-Severity Router VulnerabilitiesThe security defects could be used to bypass authentication, execute arbitrary commands, and decrypt configuration files. The post TP-Link Patches High-Severity Router Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
27 MarHow Adaptive Email Security Helps Navigate Threats in the Age of AIA finance employee receives an email that appears to come from the CFO requesting urgent payment approval. The message references a current project, uses the correct tone, and arrives at a plausible time. However, the email wasn’t written by a colleague — it was generated by AI. …KNOWBE4.COM
27 MarInvoice Fraud Costs UK Construction Sector Millions, NCA Warns - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/invoice-fraud-uk-construction/SH.ITJUST.WORKS
27 MarAitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile EvasionThreat actors are using adversary-in-the-middle (AitM) phishing pages to seize control of TikTok for Business accounts in a new campaign, according to a report from Push Security. Business accounts associated with social media platforms are a lucrative target, as they can be weap…THEHACKERNEWS.COM
27 MarNYC Health Notifying Patients of 2 Third-Party Hackssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bankinfosecurity.in/nyc-health-notifying-patients-2-third-party-hacks-a-31214SH.ITJUST.WORKS
27 MarOpenAI Launches Bug Bounty Program for Abuse and Safety RisksThrough the new program, OpenAI will reward reports covering design or implementation issues leading to material harm. The post OpenAI Launches Bug Bounty Program for Abuse and Safety Risks appeared first on SecurityWeek .SECURITYWEEK.COM
27 MarThe Post-Quantum Visibility ProblemOrganizations are struggling to identify where cryptographic systems exist across their infrastructure, including TLS, APIs, SSH keys, and third-party integrations. Without visibility into where encryption is used, preparing for post-quantum cryptography becomes extremely difficu…YOUTUBE.COM
27 MarPro-Iranian Hacking group Claims Credit for Hack of FBI Director Kash Patel’s Personal AccountThe group that it was making available for download emails and other documents from Patel’s account. The post Pro-Iranian Hacking group Claims Credit for Hack of FBI Director Kash Patel’s Personal Account appeared first on SecurityWeek .SECURITYWEEK.COM
27 MarHackers have exposed more than 8.3 million supposedly confidential reports to tip lines like Crime Stopperssubmitted by Innerworld to cybersecurity 1 points | 0 comments https://san.com/cc/millions-of-anonymous-crime-tips-exposed-in-massive-crime-stoppers-hack-exclusive/INFOSEC.PUB
27 MarHackers have exposed more than 8.3 million supposedly confidential reports to tip lines like Crime Stopperssubmitted by Innerworld to security 1 points | 0 comments https://san.com/cc/millions-of-anonymous-crime-tips-exposed-in-massive-crime-stoppers-hack-exclusive/PROGRAMMING.DEV
27 MarHackers have exposed more than 8.3 million supposedly confidential reports to tip lines like Crime Stopperssubmitted by Innerworld to cybersecurity 1 points | 0 comments https://san.com/cc/millions-of-anonymous-crime-tips-exposed-in-massive-crime-stoppers-hack-exclusive/SH.ITJUST.WORKS
27 MarIntroducing Our KnowBe4 AI AgentsAlthough a rtificial intelligence (AI) seems relatively new to a lot of people, it was first officially created in 1956 and has been a large, improving branch of computer science ever since. The mass appeal of AI took off in late 2022 when OpenAI publicly released ChatGPT icial i…KNOWBE4.COM
27 MarFriday Squid Blogging: Bioluminescent Bacteria in SquidThe Hawaiian bobtail squid has bioluminescent bacteria .SCHNEIER.COM
27 MarHow Microsoft Defender protects high-value assets in real-world attack scenariosHigh-value assets including domain controllers, web servers, and identity infrastructure are frequent targets in sophisticated attacks. Microsoft Defender applies asset-aware protection using Microsoft Security Exposure Management to detect and block threats against these critica…MICROSOFT.COM
27 MarScam Baiting, AI, and the New Grift Economy, Part 2 - Rinoa Poison - SWN #567In this two-part interview, Rinoa Poison explores the mechanics of modern scams, the role of AI in making them more convincing, and the growing world of scam baiting. She also discusses the tactics, technical setups, and safety considerations behind wasting scammers’ time. Visit …YOUTUBE.COM
27 MarRSAC 2026: No easy fixes for expanding AI attack surface, but a coordinated response is emergingSAN FRANCISCO — Forty-four thousand cybersecurity practitioners converged on Moscone Center this week with an urgent question: how do you secure a network when everything — the technology, the threats, the tools — is changing faster than anyone can govern … (more…) The post…LASTWATCHDOG.COM
26 MarHackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Minersubmitted by monica_b1998 to securitynews 2 points | 0 comments https://thehackernews.com/2026/03/hackers-use-fake-resumes-to-steal.htmlINFOSEC.PUB
26 MarISC Stormcast For Thursday, March 26th, 2026 https://isc.sans.edu/podcastdetail/9866, (Thu, Mar 26th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
26 MarThousands of websites are accidentally broadcasting sensitive datasubmitted by Innerworld to cybersecurity 1 points | 0 comments https://techxplore.com/news/2026-03-thousands-websites-accidentally-sensitive.htmlINFOSEC.PUB
26 MarThousands of websites are accidentally broadcasting sensitive datasubmitted by Innerworld to security 1 points | 0 comments https://techxplore.com/news/2026-03-thousands-websites-accidentally-sensitive.htmlPROGRAMMING.DEV
26 MarThousands of websites are accidentally broadcasting sensitive datasubmitted by Innerworld to cybersecurity 2 points | 0 comments https://techxplore.com/news/2026-03-thousands-websites-accidentally-sensitive.htmlSH.ITJUST.WORKS
26 MarKiss Loader Malware Targets with Early Bird APC Injection in New Attack CampaignA newly identified malware loader dubbed “Kiss Loader” is emerging as a potential threat, leveraging advanced process injection techniques and dynamic delivery infrastructure. The loader, still under active development at the time of discovery, demonstrates a blend of stealth, mo…GBHACKERS.COM
26 MarDell and HP Roll Out Quantum-Resistant Device Security and AI-Era Cyber ResilienceThe computer giants have announced new security capabilities for PCs and printers. The post Dell and HP Roll Out Quantum-Resistant Device Security and AI-Era Cyber Resilience appeared first on SecurityWeek .SECURITYWEEK.COM
26 MarFake Screenshot Lures Target Web3 Support Staff with Multi-Stage Malware AttackFake screenshot links are being used to quietly deploy a multi‑stage backdoor against Web3 customer support teams, in a campaign assessed to be linked to the Chinese financially motivated group APT‑Q‑27 (GoldenEyeDog). The operation abuses live chat workflows, signed .NET loaders…GBHACKERS.COM
26 Mar[Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real AttacksMost teams have security tools in place. Alerts are firing, dashboards look clean, threat intel is flowing in. On the surface, everything feels under control. But one question usually stays unanswered: Would your defenses actually stop a real attack? That’s where things get shaky…THEHACKERNEWS.COM
26 MarHackers claim to have accessed data tied to millions of crime tipsterssubmitted by kid to cybersecurity 2 points | 0 comments https://securityboulevard.com/2026/03/hackers-claim-to-have-accessed-data-tied-to-millions-of-crime-tipstersSH.ITJUST.WORKS
26 MarPyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials | CSO Onlinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.csoonline.com/article/4149905/pypi-warns-developers-after-litellm-malware-found-stealing-cloud-and-ci-cd-credentials.htmlSH.ITJUST.WORKS
26 MarGlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Datasubmitted by kid to cybersecurity 2 points | 0 comments https://thehackernews.com/2026/03/glassworm-malware-uses-solana-dead.htmlSH.ITJUST.WORKS
26 MarEnterprise Cybersecurity Software Fails 20% of the Time, Warns Report - Infosecurity Magazinesubmitted by kid to cybersecurity 4 points | 0 comments https://www.infosecurity-magazine.com/news/cybersecurity-software-failure-20/SH.ITJUST.WORKS
26 MarTP-Link warns users to patch critical router auth bypass flawsubmitted by kid to cybersecurity 3 points | 1 comments https://www.bleepingcomputer.com/news/security/tp-link-warns-users-to-patch-critical-router-auth-bypass-flaw/SH.ITJUST.WORKS
26 MarChinese Hackers Caught Deep Within Telecom Backbone InfrastructureThe state-sponsored threat actor deployed kernel implants and passive backdoors enabling long-term, high-level espionage. The post Chinese Hackers Caught Deep Within Telecom Backbone Infrastructure appeared first on SecurityWeek .SECURITYWEEK.COM
26 MarGhostClaw AI Malware Targets macOS Users with Credential-Stealing PayloadsGhostClaw is a multi-stage macOS infostealer that now abuses both GitHub and AI-assisted development workflows to harvest credentials and deploy secondary payloads, significantly widening its potential victim base. Jamf Threat Labs has since expanded on this work, uncovering at l…GBHACKERS.COM
26 MarNew Torg Grabber infostealer malware targets 728 crypto walletssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/new-torg-grabber-infostealer-malware-targets-728-crypto-wallets/SH.ITJUST.WORKS
26 MarBIND Updates Patch High-Severity VulnerabilitiesSpecially crafted domains could be used to cause out-of-memory conditions, leading to memory leaks in the BIND resolvers. The post BIND Updates Patch High-Severity Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
26 MarVoidLink Rootkit Leverages eBPF and Kernel Modules to Stealthily Infiltrate Linux SystemsVoidLink is a new Linux rootkit family that combines classic kernel modules with eBPF to hide processes and network activity deep inside modern cloud environments. It targets distributions from CentOS 7 up to Ubuntu 22.04, giving attackers a stealthy way to persist across a wide …GBHACKERS.COM
26 MarTikTok for Business accounts targeted in new phishing campaignThreat actors are targeting TikTok for Business accounts in a phishing campaign that prevents security bots from analyzing malicious pages. [...]BLEEPINGCOMPUTER.COM
26 MarLeak Bazaar Converts Stolen Corporate Data Into Organized Criminal MarketplaceA new cybercriminal service called “Leak Bazaar” has surfaced on the Russian-speaking TierOne forum, advertised on March 25, 2026, by a user known as Snow of SnowTeam. Unlike traditional data leak sites, Leak Bazaar introduces a more structured approach to monetizing stolen corpo…GBHACKERS.COM
26 MarScammers Abuse Calendar Invites to Plant Phony Subscription NoticesMalwarebytes warns that a phishing campaign is using Google Calendar invites to send phony renewal notices for Malwarebytes subscriptions. The calendar invites contain a phone number that will connect the user with a scammer.KNOWBE4.COM
26 MarGoogle bumps up Q Day deadline to 2029, far sooner than previously thoughtsubmitted by cm0002 to cybersecurity 1 points | 0 comments https://arstechnica.com/security/2026/03/google-bumps-up-q-day-estimate-to-2029-far-sooner-than-previously-thought/INFOSEC.PUB
26 MarA nearly undetectable LLM attack needs only a handful of poisoned samples - Help Net Securitysubmitted by kid to cybersecurity 4 points | 0 comments https://www.helpnetsecurity.com/2026/03/26/llm-backdoor-attack-research/SH.ITJUST.WORKS
26 MarChina-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom NetworksA long-term and ongoing campaign attributed to a China-nexus threat actor has embedded itself in telecom networks to conduct espionage against government networks. The strategic positioning activity, which involves implanting and maintaining stealthy access mechanisms within crit…THEHACKERNEWS.COM
26 MarLLMs Solve Firmware Upgrade ChaosDetermining the correct firmware upgrade path for devices is complex and error-prone. LLMs can assist by analyzing device information, hardware models, and firmware versions to generate the proper update sequence. This reduces the risk of failed updates, increases efficiency, and…YOUTUBE.COM
26 MarANY.RUN Recognized for Innovations and Market Leadership at Global InfoSec Awards 2026ANY.RUN has been recognized at Global InfoSec Awards 2026 by Cyber Defense Magazine (CDM), the industry’s leading electronic information security magazine. The award ceremony took place during RSAC™ 2026 conference. We’re especially proud and grateful that our imp…ANY.RUN
25 MarGuidance for detecting, investigating, and defending against the Trivy supply chain compromiseThreat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide. This analysis walks through the Trivy supply‑chain compromise, attacker techniques, and concrete steps security teams can take to detect and defend again…MICROSOFT.COM
25 MarISC Stormcast For Wednesday, March 25th, 2026 https://isc.sans.edu/podcastdetail/9864, (Wed, Mar 25th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
25 MarRSAC Presenter Says "Time to Kill One of Cybersecurity's Most Overworked Terms"RSAC: Retiring "APT," FCC's US-Made Router Ban, Zoom Call Scraping, Iran-Targeting Wiper, and Cyber Terrorism Insurance From RSAC 2026, host David Shipley highlights ESET researcher Robert Lipowsky's argument to retire the overused "advanced persistent threat" label and instead d…CYBERSECURITYTODAY.LIBSYN.COM
25 MarGoogle Authenticator’s Hidden Passkey Design May Expose New Passwordless Attack VectorsGoogle’s passkey ecosystem quietly depends on a powerful cloud-side component that changes where “passwordless trust” actually lives and that shift could open new avenues for account takeover in the real world. Most passkey discussions focus on WebAuthn and FIDO specs, but attack…GBHACKERS.COM
25 MarFCC Blocks New Foreign Consumer Router Models Citing Serious Security RisksOn March 23, 2026, the Federal Communications Commission (FCC) officially updated its Covered List to ban all new consumer-grade routers produced in foreign countries from receiving equipment authorisation. This regulatory action, driven by a White House-convened Executive Branch…GBHACKERS.COM
25 MarKali Linux 2026.1 Launches With 8 New Hacking Tools for Penetration TestersOffensive Security has officially released Kali Linux 2026.1, marking the first major update of the year for the popular penetration testing distribution. Building on the foundation of the 2025.4 release, this new version introduces a comprehensive visual refresh, a nostalgic ann…GBHACKERS.COM
25 MarAI-Driven ‘OpenClaw Trap’ Campaign Targets Developers and Gamers via Trojanized GitHub ReposA large-scale malware operation abusing GitHub to deliver a custom LuaJIT-based trojan to developers, gamers, and everyday users through convincing but trojanized repositories. The campaign, tracked as “TroyDen’s Lure Factory,” spans more than 300 delivery packages and uses AI-as…GBHACKERS.COM
25 MarCheckmarx KICS Code Scanner Targeted in Widening Supply Chain Hitsubmitted by kid to cybersecurity 1 points | 0 comments https://www.darkreading.com/application-security/checkmarx-kics-code-scanner-widening-supply-chainSH.ITJUST.WORKS
25 MarCitrix Urges Immediate Patching for Critical NetScaler Vulnerabilities - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/citrix-patch-netscaler/SH.ITJUST.WORKS
25 MarMozilla Releases Firefox 149.0 With Free Built‑In VPN Offering 50 GB Monthly DataMozilla released Firefox 149.0 to the Release channel, bringing a significant set of privacy and security enhancements to the browser. The standout feature of this update is the integration of a free, built-in VPN designed to protect users on public networks and secure sensitive …GBHACKERS.COM
25 MarRSAC 2026 Conference Announcements Summary (Day 2)A summary of the announcements made by vendors on the second day of the RSAC 2026 Conference. The post RSAC 2026 Conference Announcements Summary (Day 2) appeared first on SecurityWeek .SECURITYWEEK.COM
25 MarMirai Botnets Evolve Into Major DDoS and Proxy Abuse ThreatsMirai-based botnets have evolved from simple IoT malware into large-scale DDoS and proxy abuse platforms that now underpin record-breaking attacks and stealthy cybercrime operations. In total, over 21,000 C2 servers were observed between July and December 2025, with a notable shi…GBHACKERS.COM
25 MarFCC Bans New Routers Made Outside the US Over National Security RisksThe ban aligns with a White House determination that all routers produced abroad are a threat to national security. The post FCC Bans New Routers Made Outside the US Over National Security Risks appeared first on SecurityWeek .SECURITYWEEK.COM
25 MarObfuscated VBS and PNG Loaders Power New Open Directory Malware Campaign with RAT PayloadsA sophisticated, multi-stage delivery framework leveraging obfuscated Visual Basic Script (VBS) files, fileless PowerShell loaders, and payloads hidden within PNG images. The activity was initially detected by LevelBlue’s Managed Detection and Response (MDR) SOC through a Sentine…GBHACKERS.COM
25 MariOS, macOS 26.4 Roll Out With Fresh Security PatchesApple released security fixes for older devices as well, in iOS 18.7.7, iPadOS 18.7.7, macOS Sequoia 15.7.5, and macOS Sonoma 14.8.5. The post iOS, macOS 26.4 Roll Out With Fresh Security Patches appeared first on SecurityWeek .SECURITYWEEK.COM
25 MarChina-Backed Hackers Target Southeast Asian Military Systems in Ongoing Spy CampaignChina-linked threat actors have been identified targeting Southeast Asian military networks in a long-running cyber espionage campaign focused on intelligence collection and operational surveillance. The activity, tracked as CL-STA-1087, demonstrates a highly disciplined approach…GBHACKERS.COM
25 MarWhat are You Working on Wednesdaysubmitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.INFOSEC.PUB
25 MarAI Speeds Attacks, But Identity Remains Cybersecurity’s Weakest LinkPwC finds AI is amplifying speed and scale of attacks, as identity theft evolves into a cybercriminal supply chain. The post AI Speeds Attacks, But Identity Remains Cybersecurity’s Weakest Link appeared first on SecurityWeek .SECURITYWEEK.COM
25 MarRussian Cybercriminal Gets 2-Year Prison Sentence in USIlya Angelov was a member of the cybercrime group tracked as TA-551, Shathak, Gold Cabin, Monster Libra, and ATK236. The post Russian Cybercriminal Gets 2-Year Prison Sentence in US appeared first on SecurityWeek .SECURITYWEEK.COM
25 MarGlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto DataCybersecurity researchers have flagged a new evolution of the GlassWorm campaign that delivers a multi-stage framework capable of comprehensive data theft and installing a remote access trojan (RAT), which deploys an information-stealing Google Chrome extension masquerading as an…THEHACKERNEWS.COM
25 Mar2026 Cybersecurity Excellence Awards Winners Announced during RSA Conference as AI Security DominatesSan Francisco, USA, March 25th, 2026, CyberNewswire Cybersecurity Insiders today announced the winners of the 2026 Cybersecurity Excellence Awards during RSA Conference, recognizing leading cybersecurity companies, products, and professionals. This year’s defining theme was…GBHACKERS.COM
25 MarMY YAKE: A decade of cyber collaboration, built under Obama, is now hostage to a political grudgeSAN FRANCISCO — I was in the room at Stanford in February 2015 when President Obama used the bully pulpit to launch what became a decade of hard-won public-private collaboration in cybersecurity. It didn’t take much to tear it asunder.… (more…) The post MY YAKE: A dec…LASTWATCHDOG.COM
25 MarOnit Security Raises $11 Million for Exposure Management PlatformThe startup will invest in product development and go-to-market efforts as it expands into new sectors. The post Onit Security Raises $11 Million for Exposure Management Platform appeared first on SecurityWeek .SECURITYWEEK.COM
25 MarAI Expands the Scam Target PoolAI is improving the quality of scam messages, removing obvious signs like grammar mistakes that once made them easy to spot. Those flaws may have acted as a filter, attracting only the most vulnerable victims. With AI polishing scams, attackers can now target a broader and more c…YOUTUBE.COM
25 MarBubble AI app builder abused to steal Microsoft account credentialsThreat actors are evading phishing detection in campaigns targeting Microsoft accounts by abusing the no-code app-building platform Bubble to generate and host malicious web apps. [...]BLEEPINGCOMPUTER.COM
25 MarYou Don’t Know Your AssetsMany organizations lack a clear inventory of their assets and the current state of their cryptographic systems. Without visibility, security teams cannot effectively manage risk or respond to threats. Fixing this isn’t a quick win—it requires building a long-term architectural ca…YOUTUBE.COM
24 MarISC Stormcast For Tuesday, March 24th, 2026 https://isc.sans.edu/podcastdetail/9862, (Tue, Mar 24th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
24 MarThe US bans all new foreign-made network routerssubmitted by return2ozma to cybersecurity 2 points | 0 comments https://www.engadget.com/big-tech/the-us-bans-all-new-foreign-made-network-routers-223622966.htmlSH.ITJUST.WORKS
24 MarFake ChatGPT Invites Target Android Users With MalwareThreat actors are now abusing Google’s Firebase App Distribution service to push fake Android ChatGPT and Meta advertising apps that steal Facebook credentials and enable account takeover. The operation closely mirrors a recent iOS phishing campaign that used bogus ChatGPT and Ge…GBHACKERS.COM
24 MarSilentConnect Uses Fake Invites to Deploy ScreenConnect RATSILENTCONNECT is a new multi-stage Windows loader that abuses fake online invitations and trusted cloud services to silently deploy the ConnectWise ScreenConnect remote access tool on victim systems. The campaign blends social engineering, living-off-the-land binaries, and low-le…GBHACKERS.COM
24 MarMicrosoft Unveils New GenAI Security Protections in Azure AI FoundryMicrosoft has outlined a new set of security safeguards designed to protect generative AI models hosted on Azure AI Foundry, as organizations increasingly adopt advanced AI systems into critical workflows. The move comes amid rapid growth in generative AI capabilities, where new …GBHACKERS.COM
24 MarGoogle Forms Job Scam Spreads PureHVNC MalwareA newly observed malware campaign is leveraging trusted platforms like Google Forms to distribute the PureHVNC Remote Access Trojan (RAT), marking a shift in how attackers initiate infections. Rather than relying on traditional phishing emails or malicious websites, threat actors…GBHACKERS.COM
24 MarStryker Says Malicious File Found During Probe Into Iran-Linked AttackThe FBI has published an alert describing the malware used by Iranian government hackers. The post Stryker Says Malicious File Found During Probe Into Iran-Linked Attack appeared first on SecurityWeek .SECURITYWEEK.COM
24 MarGcore Radar report reveals 150% surge in DDoS attacks year-on-yearLuxembourg, Luxembourg, March 24th, 2026, CyberNewswire Gcore data highlights a threat landscape defined by newfound automated attack capabilities, scale, and frequency Gcore, the global infrastructure and software provider for AI, cloud, network, and security solutions, today an…GBHACKERS.COM
24 MarTeam Mirai and DemocracyJapan’s election last month and the rise of the country’s newest and most innovative political party, Team Mirai , illustrates the viability of a different way to do politics. In this model, technology is used to make democratic processes stronger, instead of undermining them. It…SCHNEIER.COM
24 MarIran Built a Vast Camera Network to Control Dissent. Israel Turned It Into a Targeting ToolThe role of Israel’s hijacking of Iran’s street cameras in the killing of the country’s supreme leader underscores how surveillance systems are increasingly being targeted by adversaries in wartime. The post Iran Built a Vast Camera Network to Control Dissent. Israel Turned It In…SECURITYWEEK.COM
24 MarWebinar Today: Putting CIS Controls and Benchmarks into PracticeLearn how the CIS Critical Security Controls and the CIS Benchmarks can be used together to support secure configuration at scale. The post Webinar Today: Putting CIS Controls and Benchmarks into Practice appeared first on SecurityWeek .SECURITYWEEK.COM
24 MarChrome 146 Update Patches High-Severity VulnerabilitiesThe software refresh fixes eight memory safety bugs affecting seven Chrome components. The post Chrome 146 Update Patches High-Severity Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
24 MarDetecting IP KVMs, (Tue, Mar 24th)I have written about how to&#;x26;#;xc2;&#;x26;#;xa0; use IP KVMs securely , and recently, researchers at Eclypsium published yet another report on IP KVM vulnerabilities. &#;x26;#;xc2;&#;…ISC.SANS.EDU
24 MarThe Hardest Part of SecuritySecurity programs often prioritize visibility and risk assessment, but remediation remains the most difficult step. Identifying vulnerabilities without fixing them leaves organizations exposed. Delays in patching, updating code, or implementing controls can turn known risks into …YOUTUBE.COM
24 MarDDoS-Angriffe haben sich verdoppeltsrcset="https://b2b-contenthub.com/wp-content/uploads/2026/03/DDoS-Attack-COunt_16-9.png?quality=50&strip=all 2200w, https://b2b-contenthub.com/wp-content/uploads/2026/03/DDoS-Attack-COunt_16-9.png?resize=300%2C168&quality=50&strip=all 300w, https://b2b-contenthub.com…CSOONLINE.COM
24 MarRSAC 2026 Conference Announcements Summary (Day 1)A summary of the announcements made by vendors on the first day of the RSAC 2026 Conference. The post RSAC 2026 Conference Announcements Summary (Day 1) appeared first on SecurityWeek .SECURITYWEEK.COM
24 MarSupply Chain Attack in litellm 1.82.8 on PyPIsubmitted by cm0002 to cybersecurity 1 points | 0 comments https://futuresearch.ai/blog/litellm-pypi-supply-chain-attack/INFOSEC.PUB
24 MarI Didn’t Revoke my API Keys Because Claude Called Me An IdiotI need to confess something. A few days ago whilst vibe coding at 2am (which can end up burning through tokens like they are going out of fashion) I accidentally pasted my API key directly into a Claude chat instead of the terminal window I had open.KNOWBE4.COM
24 MarGoverning AI agent behavior: Aligning user, developer, role, and organizational intentThis research report explores the layers of agent intent and how to align them for secure enterprise AI adoption. The post Governing AI agent behavior: Aligning user, developer, role, and organizational intent appeared first on Microsoft Security Blog .TECHCOMMUNITY.MICROSOFT.COM
24 MarWhy Agentic AI Systems Need Better Governance – Lessons from OpenClawAgentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access, The post Why Agentic AI Systems Need Better Governance – Lessons from OpenClaw appeared first on SecurityWeek .SECURITYWEEK.COM
24 MarDoE Publishes 5-Year Energy Security PlanCESER’s Project Armor is a five year initiative to harden the US critical energy infrastructure, including strengthening energy systems ‘to prevent and recover from wildfires and other hazards’. The post DoE Publishes 5-Year Energy Security Plan appeared first on SecurityWeek .SECURITYWEEK.COM
24 MarScam Baiting, AI, and the New Grift Economy, Part 1 - Rinoa Poison - SWN #566Rinoa Poison joins Security Weekly News to break down the world of scam baiting, how modern scams are evolving, and why AI is making fraud harder to spot. In this two-part conversation, she shares how scam baiters operate, the risks involved, and what everyday people should know.…YOUTUBE.COM
24 MarWhen Virtual Machines Fail YouVirtual machines are commonly used to isolate risky activity, like interacting with potential attackers or malware. That isolation isn’t guaranteed. VM escape is rare—but real. If it happens, attackers can reach the host system, leading to serious compromise that’s difficult to r…YOUTUBE.COM
24 MarMandiant Global Median Dwell Time Deteriorates from 11 to 14 Days Oh snap. My single most important cybersecurity metric deteriorated again. In the M-Trends report for calendar year 2024, Mandiant’s global median dwell time metric worsened from 10 to 11 days. In the newest report, released today, for calendar year 2025, that metric…TAOSECURITY.BLOGSPOT.COM
23 MarRSAC 2026 Conference Announcements Summary (Pre-Event)A summary of the announcements made by vendors in the days leading up to the RSAC 2026 Conference. The post RSAC 2026 Conference Announcements Summary (Pre-Event) appeared first on SecurityWeek .SECURITYWEEK.COM
23 MarISC Stormcast For Monday, March 23rd, 2026 https://isc.sans.edu/podcastdetail/9860, (Mon, Mar 23rd)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
23 MarTax Scam Google Ads Push BYOVD EDR Killer, Huntress FindsTax-themed Google Ads are being weaponized to deliver a BYOVD-based EDR killer, with Huntress linking a large-scale malvertising campaign to rogue ScreenConnect deployments and a vulnerable Huawei audio driver used to blind endpoint defenses before hands-on-keyboard activity. Spo…GBHACKERS.COM
23 MarSEO Poisoning Campaign Uses Fake Popular Apps to Deliver AsyncRATSEO Poisoning Campaign Impersonates 25+ Popular Apps to Deliver AsyncRAT Since October 2025.An ongoing SEO poisoning campaign abuses search results to trick users into downloading trojanized installers for more than 25 popular applications, ultimately deploying the AsyncRAT remot…GBHACKERS.COM
23 MarMioLab MacOS Stealer Expands With ClickFix, Wallet Theft, Team APIsAs Apple’s macOS footprint grows in both consumer and enterprise environments, dedicated infostealers like MioLab (aka Nova) show that Macs are no longer a niche target but a priority for cybercrime ecosystems. Marketed as a premium Malware‑as‑a‑Service (MaaS) on Russian‑language…GBHACKERS.COM
23 MarOblivion RAT Masquerades as Play Store Update to Spy on Android UsersA newly discovered Android remote access trojan (RAT) called Oblivion RAT is raising concerns across the mobile threat landscape. Marketed as a malware-as-a-service (MaaS) platform, it is sold on cybercrime forums with subscription plans starting at $300 per month. Unlike typical…GBHACKERS.COM
23 Mar$30 IP-KVM Flaws Could Enable BIOS-Level Enterprise Network AttacksRecent threat research reveals a severe security crisis affecting low-cost IP-KVM devices. Security experts discovered nine vulnerabilities across four popular vendors, transforming these cheap management tools into powerful attack platforms. Compromising a single KVM device gran…GBHACKERS.COM
23 MarFBI says Iranian hackers are using Telegram to steal data in malware attacksHackers working for Iran’s government are using Telegram in hacking operations that use malware to target dissidents, opposition groups, and journalists who oppose its regime, according to the FBI.TECHCRUNCH.COM
23 MarAI-First Security Is Mostly HypeThe AI-for-security space is largely traditional security products with some AI components, marketed as “AI-first” companies. Investors and buyers may overestimate the size of the market or the impact of AI, risking wasted money and misguided strategies. How can we separate real …YOUTUBE.COM
23 MarBurp Anonymizersubmitted by sv1sjp to cybersecurity 14 points | 2 comments Just released #BurpAnonymizer, a Burp Suite extension that redacts PII, credentials, tokens and other sensitive data from HTTP requests/responses. With one click, safely share requests and responses in reports, presentat…INFOSEC.PUB
23 MarThousands of Magento Sites Hit in Ongoing Defacement Campaign - SecurityWeeksubmitted by kid to cybersecurity 12 points | 0 comments https://www.securityweek.com/thousands-of-magento-sites-hit-in-ongoing-defacement-campaign/SH.ITJUST.WORKS
23 MarBurpAnonymizersubmitted by sv1sjp to cybersecurity 8 points | 0 comments Just released #BurpAnonymizer, a Burp Suite extension that redacts PII, credentials, tokens and other sensitive data from HTTP requests/responses. With one click, safely share requests and responses in reports, presentati…SH.ITJUST.WORKS
23 MarNorth Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle MalwareThe North Korean threat actors behind the Contagious Interview campaign, also tracked as WaterPlum, have been attributed to a malware family tracked as StoatWaffle that's distributed via malicious Microsoft Visual Studio Code (VS Code) projects. The use of VS Code "tasks.json" to…THEHACKERNEWS.COM
23 MarSecuring the Era of Agentic AI with Prisma SASEPrisma SASE is the comprehensive platform for the agentic AI era. Govern new AI identities, protect data from AI sprawl, and enable autonomous operations. The post Securing the Era of Agentic AI with Prisma SASE appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
23 MarPrisma Browser for Business — A Secure Workspace for Small BusinessSecure your small business with Prisma Browser for Business. Get enterprise-grade, AI-powered protection built into a simple, easy-to-use browser workspace. The post Prisma Browser for Business — A Secure Workspace for Small Business appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
23 MarGitHub expands application security coverage with AI‑powered detectionsCodeQL and AI‑powered detections work together in GitHub Code Security to identify vulnerabilities across more languages and frameworks. The post GitHub expands application security coverage with AI‑powered detections appeared first on The GitHub Blog .GITHUB.BLOG
21 MarMY TAKE: As RSAC 2026 opens, AI has bifurcated cybersecurity into two wars—the clock is runningSAN FRANCISCO — RSAC 2026 opens here Monday at Moscone Center, with upwards of 40,000 cybersecurity professionals, executives, and policy leaders, myself among them, filing in to take stock of an industry under acute pressure. Related: RSAC 2026’s full agenda … …LASTWATCHDOG.COM
20 MarFriday Squid Blogging: Jumbo Flying Squid in the South PacificThe population needs better conservation. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.SCHNEIER.COM
20 Mar3 Men Charged With Conspiring to Smuggle US Artificial Intelligence to ChinaThe men violated U.S. export controls laws by scheming to divert massive quantities of the high-performance servers assembled in the United States to China. The post 3 Men Charged With Conspiring to Smuggle US Artificial Intelligence to China appeared first on SecurityWeek .SECURITYWEEK.COM
20 MarISC Stormcast For Friday, March 20th, 2026 https://isc.sans.edu/podcastdetail/9858, (Fri, Mar 20th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
20 MarSecure agentic AI end-to-endIn this agentic era, security must be woven into, and around, every layer of the AI estate. At RSAC 2026, we are delivering on that vision with new purpose-built capabilities designed to help organizations secure agents, secure their foundations, and defend using agents and exper…MICROSOFT.COM
20 MarInside Our 'Human Risk: In-Person Experience' in LeedsLast week, our KnowBe4 Leeds office opened its doors to a group of security professionals for an immersive, full-day deep dive into the evolving landscape of human risk.KNOWBE4.COM
20 MarDigital Cleanup: It’s Not Just Your Files, It’s Your BrainDigital Cleanup Day might be seen as a digital chore: delete old files, clear the inbox, reduce your carbon footprint. It’s framed as a technical exercise. But digital cleanup isn't only about your hard drive; it’s also about your mind.KNOWBE4.COM
20 MarGUEST ESSAY: Executives trust AI security even as security teams confront blind spots, new risksIn our recent report, Beyond the Black Box , we found a striking gap: 80% of executives believe their organizations have strong security coverage for AI systems. Only about 40% of AppSec practitioners agree. Related: AI moves mainstream That’s not … (more…) The post GUEST E…LASTWATCHDOG.COM
20 MarDiscord Age Verification RollbackDiscord announced, then quickly retracted, plans for a global age verification system amid mixed reactions. With increasing laws requiring age checks on social media, platforms face pressure to verify users, but technical and privacy challenges slow progress. How can social platf…YOUTUBE.COM
20 MarFrench aircraft carrier Charles de Gaulle tracked via Strava activity in OPSEC failuresubmitted by Kissaki to cybersecurity 28 points | 1 comments https://securityaffairs.com/189696/intelligence/french-aircraft-carrier-charles-de-gaulle-tracked-via-strava-activity-in-opsec-failure.html Le Monde revealed that France’s aircraft carrier Charles de Gaulle was tracked …INFOSEC.PUB
19 MarISC Stormcast For Thursday, March 19th, 2026 https://isc.sans.edu/podcastdetail/9856, (Thu, Mar 19th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
19 MarSnappyClient Implant Blends Remote Access, Data Theft, and Stealth EvasionA powerful new C2 implant called SnappyClient that blends remote access, credential theft, and stealthy evasion into a single, modular framework targeting Windows systems and cryptocurrency users. ThreatLabz first observed SnappyClient in December 2025, being deployed via the we…GBHACKERS.COM
19 MarWaterPlum Unleashes “StoatWaffle” Malware in VSCode Supply Chain AttackA North Korea-linked threat group known as WaterPlum has introduced a new malware strain called “StoatWaffle” as part of its ongoing Contagious Interview campaign. The activity has been attributed to Team 8, a subgroup within WaterPlum also tracked as the Moralis or Modilus clust…GBHACKERS.COM
19 MarIran-Linked Botnet Exposed After Open Directory Leak Reveals 15-Node Relay NetworkA misconfigured open directory on an Iranian server has exposed a live censorship-bypass relay and SSH-based botnet operation, revealing how a single actor stitched together a 15-node network across Iran and Finland using commodity tools and sloppy operational security. The disco…GBHACKERS.COM
19 MarOpen VSX Extension Delivers RAT and Stealer via GitHub DownloaderAn Open VSX extension used by thousands of developers has been caught silently pulling a full-featured remote access trojan and infostealer from GitHub. The KhangNghiem/fast-draft extension, listed on open-vsx.org and tracked at over 26,000 downloads as of March 17, 2026, contain…GBHACKERS.COM
19 MarResearchers disclose vulnerabilities in IP KVMs from four manufacturerssubmitted by Rekall_Incorporated to cybersecurity 2 points | 0 comments https://arstechnica.com/security/2026/03/researchers-disclose-vulnerabilities-in-ip-kvms-from-4-manufacturers/ Internet-exposed devices that give BIOS-level access? What could possibly go wrong?SH.ITJUST.WORKS
19 MarHorabot Returns in Mexico, Spreading via Phishing and Email Worm AttacksHorabot has resurfaced in Mexico with a more complex, multi‑stage kill chain that blends fake CAPTCHA lures, living-off-the-land scripting, and an email worm‑style spreader to deliver a Latin American banking trojan. In this installment of the SOC Files series, our MDR team disse…GBHACKERS.COM
19 MarOpenWebUI Servers Targeted in Attacks Using AI Payloads to Steal DataA recent campaign has targeted improperly secured Open WebUI systems, allowing threat actors to deploy malicious artificial intelligence payloads. Open WebUI is a highly popular self-hosted interface designed to enhance large language models. Shodan scans reveal over 17,000 activ…GBHACKERS.COM
19 MarFake Tools and CDNs Power New “Vibe-Coded” Malware Campaign‘Vibe coding’ has moved from buzzword to battleground, and a new malware campaign shows how attackers are abusing AI-assisted development to scale their operations with minimal effort. Vibe coding, a term popularized in early 2025 to describe programming by prompting large langua…GBHACKERS.COM
19 MarConnectWise patches new flaw allowing ScreenConnect hijackingsubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/connectwise-patches-new-flaw-allowing-screenconnect-hijacking/SH.ITJUST.WORKS
19 MarAverage Number of Daily API Attacks Up 113% Annually - Infosecurity Magazinesubmitted by kid to cybersecurity 2 points | 0 comments https://www.infosecurity-magazine.com/news/average-number-daily-api-attacks/SH.ITJUST.WORKS
19 MarHacker Conversations: Ben Harris, from Unintentional Young Hacker to Intentional Adult CEOHarris is a hacker with a rebellious spirit and a willingness to break rules in the pursuit of his purpose – but without causing harm or damage. The post Hacker Conversations: Ben Harris, from Unintentional Young Hacker to Intentional Adult CEO appeared first on SecurityWeek .SECURITYWEEK.COM
19 MarCISO Whisperer Names 11 Vendors Leading the Shift from Tools to Outcomes at RSA Conference 2026Austin, United States, March 19th, 2026, CyberNewswire Cybersecurity has entered a new phase, one defined less by reactive controls and more by continuous, intelligence-driven operations. As attack surfaces expand and adversaries increasingly leverage AI, the modern CISO is taske…GBHACKERS.COM
19 MarOasis Security Raises $120 Million for Agentic Access ManagementThe company will invest in R&D, product expansion across AI frameworks, and in scaling go-to-market and sales efforts. The post Oasis Security Raises $120 Million for Agentic Access Management appeared first on SecurityWeek .SECURITYWEEK.COM
19 MarOur KnowBe4 Community Is One of Our Greatest StrengthsI am very proud of our customer community here at KnowBe4. It is a place where customers can discuss our products amongst each other and interface with KnowBe4’s developers and product managers.KNOWBE4.COM
19 MarNew tools and guidance: Announcing Zero Trust for AIMicrosoft introduces Zero Trust for AI, adding a new AI pillar to its workshop, enhanced reference architecture, updated guidance, and a new assessment tool. The post New tools and guidance: Announcing Zero Trust for AI appeared first on Microsoft Security Blog .MICROSOFT.COM
19 MarSecuring the Enterprise AI Ecosystem with ServiceNow and Prisma AIRSPrisma AIRS integrates with ServiceNow AI Control Tower for unified AI governance and real-time security. Accelerate your enterprise AI adoption securely. The post Securing the Enterprise AI Ecosystem with ServiceNow and Prisma AIRS appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
19 MarApp Stores Aren’t Actually SafeApplications distributed through official app stores can still contain vulnerabilities due to third-party libraries, excessive permissions, or insecure device environments. Relying solely on app store vetting creates a false sense of security. Weaknesses in dependencies or outdat…YOUTUBE.COM
19 MarPC MLA says hackers accessed and shared intimate images on his devicessubmitted by cm0002 to cybersecurity 4 points | 1 comments https://www.cbc.ca/news/canada/nova-scotia/pc-mla-rick-burns-hackers-blackmail-intimate-images-9.7134004INFOSEC.PUB
18 MarNews alert: GitGuardian study shows AI coding tools double leak rates as 29M credentials hit GitHubNEW YORK, Mar.17, 2026, CyberNewswire — GitGuardian, the security leader behind GitHub’s most installed application, today released the 5th edition of its “State of Secrets Sprawl” report, documenting how mainstream AI adoption in 2025 reshaped software delivery and acceler…LASTWATCHDOG.COM
18 MarNews alert: Orchid Security brings Zero-Trust to AI Agent identities, earns Gartner recognitionNEW YORK, Mar. 17, 2026, CyberNewswire — Orchid Security , the company bringing clarity and control to the complexity of enterprise identity, today announced it has been recognized as a Representative Vendor in Gartner’s Market Guide for Guardian Agents , … (more…) The post…LASTWATCHDOG.COM
18 MarJudicial Targets Hit by COVERT RAT via Court Docs and GitHub PayloadsAttackers are abusing fake court documents and GitHub‑hosted payloads in a focused spear‑phishing campaign that deploys a stealthy Rust‑based COVERT RAT against Argentina’s judicial sector. This operation chains Windows LNK shortcuts, BAT loaders, and PowerShell to quietly fetch …GBHACKERS.COM
18 MarBoggy Serpens Hits Diplomats, Critical Infrastructure in Espionage WavesBoggy Serpens, also known as MuddyWater, has escalated its cyberespionage operations over the past year, focusing on diplomats and critical infrastructure organizations in a coordinated, multi-wave campaign. Boggy Serpens has moved beyond its earlier noisy, high-volume phishing s…GBHACKERS.COM
18 MarVidar Stealer 2.0 Spreads via Fake Game Cheats Shared on GitHub and RedditLarge‑scale campaigns abusing GitHub and Reddit to spread Vidar Stealer 2.0 through fake “free game cheats,” targeting players of popular online titles across the board. The operation shows how the takedown of other infostealers has shifted criminal demand toward Vidar, while gam…GBHACKERS.COM
18 MarLanguage of the Board as CISO-Board Time Falls Short and CISOs Struggle with Risk - BSW #439Security metrics often fail because they measure activity rather than actual risk, often failing to connect with business impact, making them difficult to explain to boards and executives. How do you build efffective metrics that are actionable, contextual, and valuable? Ben Wilc…YOUTUBE.COM
18 MarIran Cyber Ops Merge With PsyOps and EW Amid Escalating ConflictA new phase of the Iran war is unfolding in which ballistic missiles, drones, electronic warfare, and cyber operations are being deployed in parallel, with cyber activity increasingly tied to kinetic targeting, damage assessment, and strategic messaging. Iran’s leadership has fra…GBHACKERS.COM
18 MarOpenAI Introduces GPT-5.4 Mini and Nano for Faster, Lightweight AI PerformanceOpenAI has officially launched GPT-5.4 mini and GPT-5.4 nano, introducing high-efficiency models optimized for automated workflows, coding subagents, and latency-sensitive deployments. These models are designed to reduce application programming interface (API) overhead while main…GBHACKERS.COM
18 MarBSI moniert Software-Sicherheit im GesundheitswesenSchwachstellen bei Praxisverwaltungssystemen hätten zu Cyberangriffen führen können. Khakimullin Aleksandr – shutterstock.com Das Bundesamt für Sicherheit in der Informationstechnik (BSI) mahnt einen besseren Schutz sensibler Gesundheitsdaten in Computer-Anwendungen von Arztpraxe…CSOONLINE.COM
18 MarMeta’s AI Glasses and PrivacySurprising no one, Meta’s new AI glasses are a privacy disaster . I’m not sure what can be done here. This is a technology that will exist, whether we like it or not. Meanwhile, there is a new Android app that detects when there are smart glasses nearby.SCHNEIER.COM
18 MarISC Stormcast For Wednesday, March 18th, 2026 https://isc.sans.edu/podcastdetail/9854, (Wed, Mar 18th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
18 MarAndroid OS-Level Attack Bypasses Mobile Payment Security - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/android-attack-bypasses-payment/SH.ITJUST.WORKS
18 MarHackers Target Cybersecurity Firm Outpost24 in 7-Stage Phishsubmitted by kid to cybersecurity 1 points | 0 comments https://www.darkreading.com/threat-intelligence/hackers-target-cybersecurity-firm-outpost24-phishSH.ITJUST.WORKS
18 MarCursorJack’ Attack Path Exposes Code Execution Risk in AI Development - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/cursor-jack-attack-path-ai/SH.ITJUST.WORKS
18 MarUIDAI Introduces Bug Bounty Program to Strengthen Aadhaar DefensesThe Unique Identification Authority of India (UIDAI) has officially launched its first structured bug bounty program to fortify the Aadhaar system. As the foundation of a massive national identity database, securing Aadhaar requires continuous innovation and rigorous testing. Thi…GBHACKERS.COM
18 MarScans for "adminer", (Wed, Mar 18th)A very popular target of attackers scanning our honeypots is "phpmyadmin". phpMyAdmin is a script first released in the late 90s, before many security concepts had&#;x26;#;xc2;&#;x26;#;xa0;been discovered. It&#;x26&…ISC.SANS.EDU
18 MarFancyBear Server Leak Exposes Stolen Credentials, 2FA Secrets, NATO TargetsFancyBear’s latest operational security failure has exposed a live Russian espionage server packed with stolen credentials, 2FA secrets, and detailed insight into the ongoing targeting of European government and military networks. The exposed infrastructure, tied to APT28/FancyBe…GBHACKERS.COM
18 MarManifold Raises $8 Million for AI Detection and ResponseFocused on securing autonomous AI on endpoints, the startup will invest in product development. The post Manifold Raises $8 Million for AI Detection and Response appeared first on SecurityWeek .SECURITYWEEK.COM
18 MarThe Lost Art of BIABusiness impact analysis (BIA) used to be a routine part of security and risk planning. According to Ben Wilcox, that discipline is fading, especially after COVID, as teams focus more on speed and delivery than operational resilience. Without understanding business impact, securi…YOUTUBE.COM
18 MarRussians caught stealing personal data from Ukrainians with new advanced iPhone hacking toolsA suspected group of Russian government hackers was caught targeting Ukrainians with new iPhone hacking tools designed for espionage and potentially to steal crypto.TECHCRUNCH.COM
18 MarVirtual Summit Today: Supply Chain & Third-Party Risk SummitCyber risk doesn’t stop at your perimeter. Today’s most dangerous threats could be hiding in your software supply chain. The post Virtual Summit Today: Supply Chain & Third-Party Risk Summit appeared first on SecurityWeek .SECURITYWEEK.COM
18 MarEU Sanctions Chinese, Iranian Firms Supporting Hacking OperationsThe sanctions target two Chinese individuals, two Chinese companies, and one Iranian firm involved in hacking EU member states. The post EU Sanctions Chinese, Iranian Firms Supporting Hacking Operations appeared first on SecurityWeek .SECURITYWEEK.COM
18 MarCloud Security Startup Native Exits Stealth With $42 Million in FundingPhil Venables, former CISO of Google Cloud and now a venture partner at Ballistic Ventures, has joined Native’s board of directors. The post Cloud Security Startup Native Exits Stealth With $42 Million in Funding appeared first on SecurityWeek .SECURITYWEEK.COM
18 MarObservability for AI Systems: Strengthening visibility for proactive risk detectionAs AI systems grow more autonomous, observability becomes essential. Learn how visibility into AI behavior helps detect risk and strengthen secure development. The post Observability for AI Systems: Strengthening visibility for proactive risk detection appeared first on Microsoft…MICROSOFT.COM
18 MarOFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote JobsThe U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has sanctioned six individuals and two entities for their involvement in the Democratic People's Republic of Korea (DPRK) information technology (IT) worker scheme with an aim to defraud U.S. businesses…THEHACKERNEWS.COM
18 MarAutonomous Offensive Security Firm XBOW Raises $120M at $1B+ ValuationThe company has developed an AI-powered platform that autonomously discovers and validates software vulnerabilities. The post Autonomous Offensive Security Firm XBOW Raises $120M at $1B+ Valuation appeared first on SecurityWeek .SECURITYWEEK.COM
18 MarWho Really Owns AI DecisionsAI doesn’t sit in one department. It impacts security, technology, and business operations at the same time. This shifts the conversation from “who owns AI” to “who owns the decisions around AI.” Creating a Chief AI Officer (CAIO) may turn into a coordination role rather than tru…YOUTUBE.COM
18 MarHow NextWave’s Evolution Drives Shared SuccessPalo Alto Networks evolves the NextWave Partner Program. Discover new incentives and a framework of Access, Commitment and Profitability drive success. The post How NextWave’s Evolution Drives Shared Success appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
17 MarISC Stormcast For Tuesday, March 17th, 2026 https://isc.sans.edu/podcastdetail/9852, (Tue, Mar 17th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
17 MarLiveChat Support Tools Abused in SaaS Phishing SchemeA newly identified campaign shows how Software-as-a-Service (SaaS) platforms like LiveChat are being weaponized to steal sensitive data in real time. Unlike traditional phishing attacks that rely on fake login pages or static forms, this tactic uses live chat conversations to ext…GBHACKERS.COM
17 MarMalicious NPM Packages Spread PylangGhost RAT in Supply Chain AttackMalicious npm packages are delivering the North Korean–linked PylangGhost remote access trojan (RAT) in a new software supply chain campaign that targets developers across Windows, Linux, and macOS systems. The first malicious versions appeared in late February 2026 (@jaime9008/m…GBHACKERS.COM
17 MarResearchers Uncover Ways to Decrypt Palo Alto Cortex XDR BIOC Rules for EvasionCybersecurity researchers have discovered a critical evasion technique in Palo Alto Networks’ Cortex XDR agent that allowed attackers to completely bypass behavioral detections. The research demonstrates how predefined Behavioral Indicators of Compromise (BIOC) rules, shipp…GBHACKERS.COM
17 MarHackers Leverage Safe Links and URL Rewriting to Evade DetectionThreat actors were already abusing URL rewriting mechanisms in phishing campaigns to mask malicious domains. URL rewriting is designed to protect users by replacing original links with security-vendor URLs that scan destinations at click time. These rewritten links route traffic …GBHACKERS.COM
17 MarWhat is Integrated Cloud Email Security (ICES) and Why do you Need It?Integrated cloud email security (ICES) is a term coined by industry analyst, Gartner, in their 2021 Market Guide for Email Security. The guide was reissued in 2023 and stated that ‘by 2025, 20% of anti-phishing solutions will be delivered via API integration with the email platfo…KNOWBE4.COM
17 MarPackagist Themes Deliver Trojanized jQuery in OphimCMS Supply Chain AttackA new OphimCMS supply chain attack in which six Packagist themes ship trojanized jQuery and other JavaScript to compromise site visitors rather than servers. Researchers found six malicious Composer packages under the “ophimcms” namespace on Packagist that pretend to be legitima…GBHACKERS.COM
17 MarKonni Deploys EndRAT Through Phishing, Uses KakaoTalk to Propagate MalwareNorth Korean threat actors have been observed sending phishing to compromise targets and obtain access to a victim's KakaoTalk desktop application to distribute malicious payloads to certain contacts. The activity has been attributed by South Korean threat intelligence firm Genia…THEHACKERNEWS.COM
17 MarGlassworm Malware Infects Popular React Native npm PackagesA new Glassworm-linked supply chain attack has briefly turned two popular React Native npm packages into delivery vehicles for Windows credential-stealing malware. On March 16, 2026, malicious versions of AstrOOnauta’s react-native-country-select@0.3.91 and react-native-internati…GBHACKERS.COM
17 MarMicrosoft Issues Emergency Patch for Critical Windows 11 RRAS Vulnerabilitiessubmitted by kid to cybersecurity 1 points | 0 comments https://www.techrepublic.com/article/news-microsoft-windows-11-rras-vulnerabilities-hotpatch/SH.ITJUST.WORKS
17 MarIPv4 Mapped IPv6 Addresses, (Tue, Mar 17th)Yesterday, in my diary about the scans for "/proxy/" URLs, I noted how attackers are using IPv4-mapped IPv6 addresses to possibly obfuscate their attack. These addresses are defined in RFC 4038 . These addresses are one of the many transition mechanisms used to retain some backwa…ISC.SANS.EDU
17 MarTracebit Raises $20M for Cloud-Native Deception TechnologyThe company plans to scale its products, expand to new markets, and grow its marketing and engineering teams. The post Tracebit Raises $20M for Cloud-Native Deception Technology appeared first on SecurityWeek .SECURITYWEEK.COM
17 MarMicrosoft shares fix for Windows C: drive access issues on Samsung PCsMicrosoft has shared guidance to fix C:\ drive access issues and app failures on some Samsung laptops running Windows 11, versions 25H2 and 24H2. [...]BLEEPINGCOMPUTER.COM
17 MarGoogle, Meta, Microsoft Among Signatories of Pact to Combat ScamsSeveral major tech and retail companies have signed an industry accord against online scams and fraud. The post Google, Meta, Microsoft Among Signatories of Pact to Combat Scams appeared first on SecurityWeek .SECURITYWEEK.COM
17 MarSecurity Flaw in AWS Bedrock Code Interpreter Raises Alarms - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/security-flaw-aws-bedrock/SH.ITJUST.WORKS
17 MarCyber-Attacken fluten Eon-Netz: Angriffe verzehnfachtEon trägt eine große Verantwortung für die Energieversorgung in Deutschland. nitpicker – shutterstock.com Der Energiekonzern Eon sieht eine zunehmende Zahl von Cyberangriffen auf seine Energienetze. Mittlerweile seien täglich mehrere hundert Angriffe auf die Netzinfrastuktur zu v…CSOONLINE.COM
17 MarUK Agency Exposed Corporate Executive Data - BankInfoSecuritysubmitted by kid to cybersecurity 2 points | 0 comments https://www.bankinfosecurity.in/uk-agency-exposed-corporate-executive-data-a-31033SH.ITJUST.WORKS
17 MarGitGuardian Reports an 81% Surge of AI-Service Leaks as 29M Secrets Hit Public GitHubNew York, NY, March 17th, 2026, CyberNewswire In 2025, Developer Commits Using Claude Code Show 3.2% Secret Leak Rate vs. 1.5% Baseline. The Human Factor Remains Critical GitGuardian, the security leader behind GitHub’s most installed application, today released the 5th edi…GBHACKERS.COM
17 MarOrchid Security Recognized by Gartner® as a Representative Vendor of Guardian AgentsNew York, United States, March 17th, 2026, CyberNewswire Unleash AI adoption securely: discover, attribute, and govern AI agents throughout the enterprise Orchid Security, the company bringing clarity and control to the complexity of enterprise identity, today announced it has be…GBHACKERS.COM
17 MarSurf AI Raises $57 Million for Agentic Security Operations PlatformThe company has announced its launch, backed by funding from Accel, Cyberstarts, and Boldstart Ventures. The post Surf AI Raises $57 Million for Agentic Security Operations Platform appeared first on SecurityWeek .SECURITYWEEK.COM
17 MarWe don't need to hack your AI Agent to hack your AI Agent - SRLabs Researchsubmitted by not_IO to cybersecurity 1 points | 0 comments https://srlabs.de/blog/hacking-ai-agentINFOSEC.PUB
17 MarWe don't need to hack your AI Agent to hack your AI Agent - SRLabs Researchsubmitted by not_IO to cybersecurity 1 points | 0 comments https://srlabs.de/blog/hacking-ai-agentINFOSEC.PUB
17 MarSwitzerland built an alternative to BGP. Nobody noticedsubmitted by Amoxtli to cybersecurity 1 points | 0 comments https://www.theregister.com/2026/03/17/switzerland_bgp_alternative/INFOSEC.PUB
17 MarSwitzerland built an alternative to BGP. Nobody noticedsubmitted by Amoxtli to cybersecurity 1 points | 0 comments https://www.theregister.com/2026/03/17/switzerland_bgp_alternative/SH.ITJUST.WORKS
17 MarFrom Windows to macOS: ClickFix attacks shift tactics with ChatGPT-based luressubmitted by kid to cybersecurity 1 points | 0 comments https://securityaffairs.com/189542/cyber-crime/from-windows-to-macos-clickfix-attacks-shift-tactics-with-chatgpt-based-lures.htmlSH.ITJUST.WORKS
17 MarNew font-rendering trick hides malicious commands from AI toolssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/new-font-rendering-trick-hides-malicious-commands-from-ai-tools/SH.ITJUST.WORKS
17 MarFrom Phishing to AI Agents: Can We Design for Digital Mindfulness?Anyone who knows me knows I’m passionate about mindfulness. Because I genuinely believe it makes us better humans. But also, because I have one of those brains that desperately needs it. I’m easily distracted and I start new ideas before finishing old ones. My attention can scatt…KNOWBE4.COM
17 MarSo Many AI Attacks, It Made Quantum Seem EasyAs I was writing my latest book , How AI and Quantum Impact Cyber Threats and Defenses, I was hit by how many theoretical and real attacks there are involving AI. There are attacks committed by AI and attacks committed agsinst AI, and I’m not sure which category is bigger.KNOWBE4.COM
17 MarAI Spicy Mode, Steam, Glassworm, Samsung, Stryker, Waymo, Cole Porter, and More - SWN #564AI Spicy Mode, Steam, Glassworm, Samsung, Stryker, Waymo, Cole Porter, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-564YOUTUBE.COM
16 MarISC Stormcast For Monday, March 16th, 2026 https://isc.sans.edu/podcastdetail/9850, (Mon, Mar 16th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
16 MarMeta Permanently Disables End-to-End Encryption for Instagram DMsMeta has announced plans to permanently turn off end-to-end encryption for Instagram Direct Messages. Effective May 8, 2026, the social media platform will officially cease support for this critical security feature. This decision marks a significant change in how user communicat…GBHACKERS.COM
16 MarKonni Hijacks KakaoTalk Accounts in Spear-Phishing Malware CampaignKonni APT recently ran a multi-stage malware operation that hijacked KakaoTalk accounts to spread remote access trojans (RATs) through highly targeted spear‑phishing. The message used contextual content aligned with the victim’s role to build trust and trick them into opening an…GBHACKERS.COM
16 MarACRStealer Variant Deploys Syscall Evasion, TLS C2, Secondary PayloadsNew research reveals that a new ACRStealer variant is now being actively deployed as a final payload by HijackLoader, using low‑level syscalls, AFD-based networking, TLS C2, and flexible secondary payload delivery to evade detection and maximize data theft. The newly observed sam…GBHACKERS.COM
16 MarHacking Attempt Reported at Poland’s Nuclear Research CenterInitial evidence indicates Iran may be behind the attack, but officials admitted it could be a false flag. The post Hacking Attempt Reported at Poland’s Nuclear Research Center appeared first on SecurityWeek .SECURITYWEEK.COM
16 MarCreating Noise: The Emerging Obfuscation Technique Designed to Evade Email Security NLP Detection CapabilitiesOur Threat Intelligence team has observed an emerging obfuscation technique, specifically used to make Natural Language Processing (NLP) detection capabilities less effective. Broadly, malicious actors are adding additional characters, break lines, and legitimate links to the end…KNOWBE4.COM
16 MarFake FileZilla Downloads Spread RAT via Stealthy Multi-Stage LoaderFake FileZilla downloads are being used to deliver a stealthy Remote Access Trojan (RAT) through a multi‑stage loader, putting careless downloaders at high risk of compromise. Attackers have set up a fake website that closely copies the look and layout of the legitimate FileZill…GBHACKERS.COM
16 MarPossible New Result in Quantum FactorizationI’m skeptical about—and not qualified to review—this new result in factorization with a quantum computer, but if it’s true it’s a theoretical improvement in the speed of factoring large numbers with a quantum computer.SCHNEIER.COM
16 MarFake enterprise VPN sites used to steal company credentialssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/fake-enterprise-vpn-downloads-used-to-steal-company-credentials/SH.ITJUST.WORKS
16 MarNine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolationsubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2026/03/nine-crackarmor-flaws-in-linux-apparmor.htmlSH.ITJUST.WORKS
16 MarThreat Actor Targeting VPN Users in New Credential Theft CampaignStorm-2561 is distributing fake VPN clients through SEO poisoning, deploying trojans, and stealing login information. The post Threat Actor Targeting VPN Users in New Credential Theft Campaign appeared first on SecurityWeek .SECURITYWEEK.COM
16 MarMentorship Monday - Discussions for career and learning!submitted by shellsharks to cybersecurity 2 points | 0 comments Weekly thread for any and all career, learning and general guidance questions. Thinking of taking a training or going for a cert? Wondering how to level up your career? Wondering what NOT to do? Got other questions? …INFOSEC.PUB
16 MarAppsFlyer Web SDK hijacked to spread crypto-stealing JavaScript codesubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/appsflyer-web-sdk-used-to-spread-crypto-stealer-javascript-code/SH.ITJUST.WORKS
16 MarOracle EBS Hack: Only 4 Corporate Giants Still Silent on Potential ImpactBroadcom, Bechtel, Estée Lauder, and Abbott Technologies are the only major companies that have yet to issue a public statement. The post Oracle EBS Hack: Only 4 Corporate Giants Still Silent on Potential Impact appeared first on SecurityWeek .SECURITYWEEK.COM
16 MarHelp on the line: How a Microsoft Teams support call led to compromiseA DART investigation into a Microsoft Teams voice phishing attack shows how deception and trusted tools can enable identity-led intrusions and how to stop them. The post Help on the line: How a Microsoft Teams support call led to compromise appeared first on Microsoft Security Bl…MICROSOFT.COM
16 MarNew Microsoft Purview innovations for Fabric to safely accelerate your AI transformationAs organizations adopt AI, security and governance remain core primitives for safe AI transformation and acceleration. The post New Microsoft Purview innovations for Fabric to safely accelerate your AI transformation appeared first on Microsoft Security Blog .TECHCOMMUNITY.MICROSOFT.COM
16 MarAI Hallucinations Become Security’s ProblemMany organizations rely on automated red-teaming tools to test AI systems for security risks. These tools often evaluate more than just security vulnerabilities—they also detect hallucinations and reasoning failures. Because security teams operate these tools, they often gain vis…YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 276[+]
13 Jun400+ Arch Linux AUR Packages Hijacked to Install Rust Credential StealerAttackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them. The malware is a Rust binary built to harvest developer secrets. When it lands with root, it can …THEHACKERNEWS.COM
13 JunOver 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF RootkitAttackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them. The malware is a Rust binary built to harvest developer secrets. When it lands with root, it can …THEHACKERNEWS.COM
12 JunGitHub to Update npm to Thwart Software Supply Chain AttacksNPM, part of GitHub, announced a new version of the npm package manager with several security improvements, including disabling install scriptsINFOSECURITY-MAGAZINE.COM
11 JunGitHub to Disable npm Install Scripts by Default to Stop Supply Chain AttacksGitHub has announced what it said are "breaking changes" coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The changes aim to combat attack techniques that abuse the "npm install" command to trigger the execution …THEHACKERNEWS.COM
11 JunMost Cybersecurity Teams Struggle to Find Time for Training on New Cyber ThreatsOrganizations are aware of the challenges that new technologies like AI bring: but cybersecurity staff struggle to make time for the required training during working hoursINFOSECURITY-MAGAZINE.COM
11 JunThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Action Patch + 28 New StoriesIt's been one of those weeks. You expect the usual noise: recycled malware, sloppy attacks, another easy target getting hit. Instead, there's a supply chain attack kit in a public repo, a $5,000-a-month RAT that clones browsers, and research showing AI agents can be tricked into …THEHACKERNEWS.COM
11 JunCybercriminals Use Fake AI Guides and Dev Tools to Spread AsyncRAT MalwareFake AI guides hide a multi-stage chain that drops AsyncRAT, with signs of AI-assisted codingINFOSECURITY-MAGAZINE.COM
10 Jun88% of people struggle to tell what’s real onlineAs AI-generated scams, deepfakes, and impersonation spread, a new Malwarebytes report finds people increasingly unsure what to trust online.MALWAREBYTES.COM
10 JunNew SilabRAT Trojan Hijacks Sessions to Steal CryptoMaaS trojan SilabRAT uses HVNC and browser cloning to hijack sessions and steal cryptoINFOSECURITY-MAGAZINE.COM
10 JunCybersecurity Software Fails to Detect Fifth of Brower-Based Phishing AttacksMenlo Security research warns that as enterprise applications become increasingly browser based, traditional cybersecurity tools leave them vulnerable to cyber threatsINFOSECURITY-MAGAZINE.COM
10 JunFree Spotify Premium hacks on social media are spreading infostealersCybercriminals are turning TikTok and Instagram Reels into malware delivery platforms, using free software tutorials to spread infostealers.MALWAREBYTES.COM
10 JunDeceptive Installers: How Fake Apps Target macOSDeceptive installers disguised as legit macOS software deliver infostealers that grab passwords, cookies, and crypto wallets. Learn how to detect them.HUNTRESS.COM
9 JunGitHub disables Microsoft repos pushing password-stealing malwareMicrosoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on GitHub, disrupting continuous integration pipelines. [...]BLEEPINGCOMPUTER.COM
9 JunAI Threat Readiness Pillar 2: Accelerate Patching and ResponseYour guide to operationalizing ownership, remediation, and response with Wiz to keep pace with the AI threat landscape.WIZ.IO
9 JunOpenClaw AI agent found falling for phishing attacks, spills user dataPhishing simulation on an OpenClaw email agent with various configuration profiles showed that it was susceptible to tactics commonly used to compromise human users. [...]BLEEPINGCOMPUTER.COM
8 JunVS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain AttacksMicrosoft has announced that Visual Studio Code (VS Code) will apply a two-hour delay before extensions for the integrated development environment (IDE) are updated automatically to a newer version in an attempt to tackle software supply chain threats. "When automatic updates are…THEHACKERNEWS.COM
8 JunA week in security (June 1 – June 7)A list of topics we covered in the week of June 1 to June 7 of 2026MALWAREBYTES.COM
8 JunPirated PC games are delivering password-stealing malwareCybercriminals are hiding malware in cracked and repacked games, infecting more than 400,000 devices worldwide.MALWAREBYTES.COM
8 JunAI Phishing Is Crushing SOCs with Alert Volume: How to Reduce Tier 1 OverloadPhishing has always been a numbers game. AI has turned it into a volume machine. Attackers can now create convincing emails, fake login pages, and tailored lures in minutes. Every polished message adds another case for Tier 1 to review, another link to inspect, and another alert …THEHACKERNEWS.COM
8 JunWhatsApp says it caught new spyware attacks linked to NSO Group in violation of court orderThe messaging giant announced that it disrupted a phishing campaign targeting its users with NSO’s spyware.TECHCRUNCH.COM
8 JunMeta Blocks NSO Group's New WhatsApp Phishing Attack, Files Contempt OrderMeta on Monday said it detected and blocked spear-phishing attempts linked to Israeli spyware vendor NSO Group. In addition, the tech giant said it's filing a federal court contempt order against the company for violating a permanent injunction that barred it from targeting Whats…THEHACKERNEWS.COM
8 Jun'Hades' Campaign Against PyPI Puts New Spin on Shai-HuludThe latest attacks, which hit 37 PyPI wheels and 19 code packages, show a continued evolution of the persistent software supply chain threat.DARKREADING.COM
8 JunWhatsApp says it disrupted new NSO spyware phishing attacksWhatsApp has detected and stopped spear-phishing campaigns allegedly conducted by the NSO Group after investigating user reports of social engineering attacks. [...]BLEEPINGCOMPUTER.COM
8 JunNFCShare Android malware spreads via fake banking app updates on GitHubNew variants of the NFCShare Android malware are being distributed as fake updates for legitimate banking apps hosted on GitHub. [...]BLEEPINGCOMPUTER.COM
7 JunC0XMO botnet spreads via DD-WRT router flaw, kills rival malwareA new variant of the Gafgyt botnet called C0XMO is targeting DD-WRT router firmware and can move to other device types with various CPU architectures. [...]BLEEPINGCOMPUTER.COM
5 JunFIFA World Cup 2026 Scams Are Already Live: Fake Sites, Banking Malware, and Stolen LoginsSecurity researchers and the FBI are warning that a wave of FIFA-themed fraud is already hitting World Cup 2026 fans, days before the June 11 kickoff. Recent reports describe thousands of lookalike FIFA domains, banking malware hidden inside pirate streaming apps, and at least on…THEHACKERNEWS.COM
5 JunOver 900 US gas station tank gauge systems exposed to attacksOver 900 automatic tank gauge (ATG) systems across the United States, used to monitor fuel and chemical storage tanks across various critical infrastructure sectors, have been found exposed online and are vulnerable to ongoing attacks. [...]BLEEPINGCOMPUTER.COM
5 JunThe Real Measure of SOC Maturity with Ashu Savani from TryHackMeAshu Savani, Co-Founder of TryHackMe, joins Dave Bittner on the CyberWire Daily podcast for a sponsored Industry Voices to discuss what separates high-performing security teams from the rest. Ashu explores why true SOC maturity is measured by performance under pressure rather tha…THECYBERWIRE.COMHTTPS:
4 JunChina-Linked TA4922 Expands Phishing Attacks to UK, Germany, Italy, and South AfricaA new China-linked cybercrime group known as TA4922 has expanded its targeting focus to target European organizations in the U.K., Germany, Italy, and South Africa. These efforts have been complemented by a "rapid operational tempo" and a continually evolving malware arsenal comp…THEHACKERNEWS.COM
4 JunFlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube AdsCybersecurity researchers have shed light on a macOS malvertising campaign codenamed Operation FlutterBridge that spreads a new backdoor called FlutterShell. According to Palo Alto Networks Unit 42, the campaign is said to be the next stage of a previously reported activity clust…THEHACKERNEWS.COM
4 JunInfosecurity Europe: AI Adoption Creates New Opportunities for Attackers to Distribute Malware, Microsoft WarnsMicrosoft Detection and Response Team (DART) details how it has uncovered malicious AI applications as cyber criminals manipulate organizations adopting AI toolsINFOSECURITY-MAGAZINE.COM
4 JunThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New StoriesIt got stupid again. The internet still feels held together with tape. Bad plugins, old bugs, fake tools, trusted apps doing shady things. Same mess, new wrapper. And now the weird stuff is normal. Forums go down and come back worse. Cheap hackers get better toys. AI starts break…THEHACKERNEWS.COM
4 JunNew IronWorm malware hits 36 packages in npm supply-chain attackA new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. [...]BLEEPINGCOMPUTER.COM
4 JunRust-Written IronWorm Hits NPM Supply ChainLike Shai-Hulud, the campaign targets developers to steal credentials and reuses them to propagate across the software supply channel.DARKREADING.COM
3 JunWeedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated ContentCybersecurity researchers have flagged a new campaign targeting Minecraft players via YouTube to spread malware capable of gaining control of victims' systems. The Minecraft-focused malware-as-a-service (MaaS) campaign has been codenamed Weedhack by McAfee Labs, stating the activ…THEHACKERNEWS.COM
3 JunArgamal: Malware hidden in hentai gamesKaspersky researchers analyze new Argamal RAT distributed via infected hentai games and allowing the attacker to control the target machine.SECURELIST.COM
3 JunInfostealers are becoming the go-to phishing payloadCybercriminals prefer infostealers to traditional phishing techniques because they reduce friction, scale well, and are widely available.MALWAREBYTES.COM
3 JunGoogle DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RATCybersecurity researchers have flagged a new malspam campaign that makes use of Google's DoubleClick domain as a way to evade detection and ultimately deliver a remote access trojan (RAT) named DesckVB RAT. "Before the victim ever reaches attacker-controlled infrastructure, the l…THEHACKERNEWS.COM
3 JunAttackers Use AI to Automate EDR Evasion TestingPython scripts were used to test malware against endpoint detection and response agents from Sophos, CrowdStrike, and Windows Defender.DARKREADING.COM
2 JunFake virus alerts are invading mobile games"Your device is infected!" Fake account warnings and virus alerts are turning some in-game ads into malware traps.MALWAREBYTES.COM
2 JunAttackers Hijack Red Hat npm Scope to Steal Cloud SecretsAttackers backdoored 32 packages in Red Hat's official npm scope to steal cloud and CI secretsINFOSECURITY-MAGAZINE.COM
2 JunInfosecurity Europe: Cybersecurity Teams Which Don’t Leverage AI are "Doomed to Fail"Humans still need to be part of cyber defense, but refusing to deploy AI is no longer optional against AI-enhanced cyber threats, warns Dataminr’s Joe SlowikINFOSECURITY-MAGAZINE.COM
2 JunDriveSurge Hijacks Thousands of Sites for ClickFix, FakeUpdate AttacksA sneaky, wide-scale IAB operation uses a malicious traffic distribution system (TDS) to redirect visitors of trusted websites to ones that deliver malware.DARKREADING.COM
2 JunOver 116,000 Mincraft systems infected in WeedHack malware campaignA large-scale malware campaign dubbed WeedHack is targeting Minecraft players and has infected more than 116,000 systems since January. [...]BLEEPINGCOMPUTER.COM
1 JunA week in security (May 25 – May 31)A list of topics we covered in the week of May 25 to May 31 of 2026MALWAREBYTES.COM
1 JunRapid7 and Exclusive Networks Expand Partnership Across the NordicsBuilding stronger cybersecurity outcomes together The cybersecurity landscape across the Nordics is evolving rapidly. Organizations are facing increasing pressure to modernize security operations, reduce complexity, and respond faster to threats, all while navigating growing regu…RAPID7.COM
1 JunContainers on fire: from container escapes to supply chain attacksWe break down the primary attack vectors in containerized environments: exposed secrets, privilege misconfigurations, API compromise, and supply chain attacks.SECURELIST.COM
1 JunFake BlueWallet steals passwords, accounts, and crypto from MacsA fake BlueWallet download tricks Mac users into running malware that steals passwords, crypto wallets, and clipboard data.MALWAREBYTES.COM
1 JunWordPress malware campaign hides payloads in Steam profilesNearly 2,000 WordPress websites were infected with malware that relies on Steam Community profile comments to hide command-and-control (C2) data. [...]BLEEPINGCOMPUTER.COM
31 MayGPS: A backbone for critical infrastructure.Since its original creation in the 1970s, GPS has evolved from a technology primarily used by the military to a foundation for modern society. After the removal of selective availability for civilians in 2000, GPS’s value has significantly expanded. In the past two decades, nearl…THECYBERWIRE.COM
29 MayWhat’s in the container? Analyzing vulnerabilities, risks and protection with Kaspersky Container Security and the KIRA AI assistantWhat are the main risks for container environments: vulnerabilities, supply chain attacks, configuration errors; how to improve container security and how Kaspersky Container Security with the KIRA AI assistant can help.SECURELIST.COM
29 MayAI-Generated npm Malware Leaks Its Own GitHub TokenSloppy AI-generated npm infostealer leaked its own GitHub token, exposing the operatorINFOSECURITY-MAGAZINE.COM
29 MayFrom $5 Attacks to Botnet-Powered Platforms: Inside the DDoS-as-a- Service MarketDDoS attacks are increasingly being sold like subscription services, complete with pricing tiers, support, and reseller programs. Flare explores how the DDoS-as-a-Service market has evolved from scattered tools into polished attack platforms. [...]BLEEPINGCOMPUTER.COM
29 MayDutch govt disrupts malware botnet with 17 million infected devicesDutch authorities have taken offline a massive botnet of 17 million devices and seized more than 200 servers at a local provider that supported the operation. [...]BLEEPINGCOMPUTER.COM
29 MayResearchers blame Iranian government for LA transit authority hack.Thousands of domains are impersonating FIFA ahead of the World Cup. Dutch police dismantle a botnet.THECYBERWIRE.COM
28 MayFake ChatGPT download site infects Windows and Mac users with malwareSearching for ChatGPT? This fake download site serves malware to both Windows and Mac users, using separate payloads tailored to each platform.MALWAREBYTES.COM
28 MayGCHQ Chief Urges Action as AI Reshapes Cyber ThreatsGCHQ director urges urgent business cyber action as AI and quantum reshape the threatINFOSECURITY-MAGAZINE.COM
28 MayBTMOB Android malware service generates custom phishing payloadsAn Android remote access trojan named BTMOB is offered to cybercriminals with a builder interface for generating malware payloads tailored to phishing lures. [...]BLEEPINGCOMPUTER.COM
27 MayAI Chatbot Recommendations Redirect Users to Cryptojacking Malware SitesMicrosoft has warned of an active cryptojacking campaign that makes use of artificial intelligence (AI) chatbot interactions as a mechanism for surfacing malicious download sites. "This emerging delivery technique extends social engineering beyond conventional search results and …THEHACKERNEWS.COM
27 MayCompany bragged phone mics could listen to conversations. They couldn’t.Cox Media said it could spy on users through their devices and use the information for targeted advertising, except it wasn't true.MALWAREBYTES.COM
27 MayGlassWorm Malware Takedown Disrupts Developer Supply Chain Attack InfrastructureCrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control (C2) channels associated with GlassWorm, a persistent software chain campaign targeting software developers through malicious packages and…THEHACKERNEWS.COM
27 MayCrowdStrike, Google Take Down Glassworm BotnetOperators of the malicious Glassworm botnet have been targeting software developers since at least early 2025INFOSECURITY-MAGAZINE.COM
27 MayGlassworm botnet disrupted after resilient C2 infrastructure takedownThe Glassworm botnet targeting developers in software supply-chain attacks has been disrupted after researchers took down its resilient command-and-control infrastructure relying on Solana blockchain transactions and the BitTorrent DHT network. [...]BLEEPINGCOMPUTER.COM
27 MayGrandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android UsersLatin America and Europe become the target of two banking trojan campaigns that are designed to infect Windows and Android devices with Grandoreiro and BTMOB malware, respectively. That's according to new findings from WatchGuard and ESET, which have observed the two malware fami…THEHACKERNEWS.COM
26 MayIran-Linked Hackers Target US Aviation with Phishing and SEO Poisoning CampaignIran's Nimbus Manticore pushes AI-built MiniFast backdoor via phishing and SEO poisoningINFOSECURITY-MAGAZINE.COM
26 May700+ education and tech websites hijacked in huge ClickFix malware campaignHackers are abusing a Ghost CMS website flaw to serve fake Cloudflare verification pages that pressure users into infecting their own PCs.MALWAREBYTES.COM
26 MayFeeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub ReposIn just six hours, the campaign quietly pushed thousands of malicious commits to more than 5,500 GitHub repositories, stealing credentials, developer secrets, and more.DARKREADING.COM
25 MayThe Code of Honor: Paul J. Maurer and Ed Skoudis explore ethics in cybersecurity with Ben Yelin.Authors Paul J. Maurer and Ed Skoudis join Caveat podcast co host Ben Yelin to discuss their new book: "The Code of Honor: Embracing Ethics in Cybersecurity." The book is a comprehensive and practical framework for ethical practices in contemporary cybersecurity. Listen t…THECYBERWIRE.COM
25 MayTrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIOA new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware. The campaign, codenamed TrapDoor, spans more than 34 malicious packages across over 384 versions. The earliest activity was rec…THEHACKERNEWS.COM
25 MayA week in security (May 18 – May 24)A list of topics we covered in the week of May 18 to May 24 of 2026MALWAREBYTES.COM
23 Maynpm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain AttacksGitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages becoming publicly available for installation. Called staged publishing, the feature is now general…THEHACKERNEWS.COM
23 MayPackagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux MalwareA new "coordinated" supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a GitHub Releases URL. "Although the affected packages were all Composer packages, the malicious code was not added to …THEHACKERNEWS.COM
23 MayThese special phone and app features can help protect you from spywareApple, Meta, and Google offer special security modes that provide your devices more secure against targeted spyware attacks. Here are how those modes work, what they do, and how to switch them on.TECHCRUNCH.COM
23 MayLaravel Lang packages hijacked to deploy credential-stealing malwareA supply chain attack targeting the Laravel Lang localization packages has exposed developers to a sophisticated credential-stealing malware campaign after attackers abused GitHub version tags to distribute malicious code through Composer packages. [...]BLEEPINGCOMPUTER.COM
22 MayKimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire AttacksThe U.S. Department of Justice (DoJ) on Thursday announced the arrest of a Canadian man in connection with allegedly operating a distributed denial-of-service (DDoS) botnet known as Kimwolf. In tandem, Jacob Butler (aka Dort), 23, Ottawa, Canada, has been charged with offenses re…THEHACKERNEWS.COM
22 MayFake Gemini and Claude Code Sites Spread Infostealers Through SEO PoisoningThe infostealer payload in this campaign collect a vast amount of data, from collaboration authentication keys to cryptocurrency walletsINFOSECURITY-MAGAZINE.COM
22 MayAuthorities arrest 23-year-old accused of running the Kimwolf botnetCanadian authorities arrested a 23-year-old Ottawa man accused of running the Kimwolf DDoS botnet. The US is now seeking extradition. US authorities have charged 23-year-old Jacob Butler (aka “Dort”), an Ottawa resident, for allegedly operating the recently disrupted Kimwolf botn…SECURITYAFFAIRS.COM
22 MayCanadian man arrested, charged for running KimWolf DDos botnetIn court documents unsealed on Thursday, the Justice Department said Jacob Butler ran KimWolf as a DDoS-for-hire service that infected over a million devices worldwide.THERECORD.MEDIA
22 MayFormer US execs plead guilty to aiding tech support scammersTwo former executives of a call-tracking and analytics company pleaded guilty to concealing a years-long tech support fraud scheme that victimized individuals worldwide. [...]BLEEPINGCOMPUTER.COM
21 MayShifting Budget Dynamics for Identity Security and AI AgentsAI agent projects are proliferating throughout the enterprise, and those AI agent identities require management, security, and governance. New Omdia research shows the AI agent identity budget dynamics are very different than traditional IAM projects.DARKREADING.COM
21 MayASCII art in phishing emails | Kaspersky official blogCybercriminals using ASCII art to create pseudographics QR codes with embedded phishing links.KASPERSKY.COM
21 MayCatch spyware in the act with Windows Webcam MonitoringKnow when a program tries to access your webcam so you can allow or block, in real time.MALWAREBYTES.COM
21 MayThree-Quarters of Firms Knowingly Ship Vulnerable CodeAI risks threaten to permeate supply chains through unvetted code and unaudited suppliersINFOSECURITY-MAGAZINE.COM
21 MayAI Agents Are Shifting Identity Security Budget DynamicsAI agent projects are proliferating throughout the enterprise, and those AI agent identities require management, security, and governance. New Omdia research shows the AI agent identity budget dynamics are very different than traditional IAM projects.DARKREADING.COM
21 MayAlleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and CanadaCanadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf, a fast spreading Internet-of-Things botnet that enslaved millions of devices for use in a series of massive distributed denial-of-service (DDoS) attacks over the pa…KREBSONSECURITY.COM
20 MayTyposquatting Is No Longer a User Problem. It's a Supply Chain ProblemAI-generated lookalike domains are now embedded inside the third-party scripts running on your web properties. Here's why your current stack can't see them, and what detection actually requires. Download the CISO Expert Guide to Typosquatting in the AI Era → TL;DR Typosquat…THEHACKERNEWS.COM
20 MayMalicious TV boxes: how a cheap “SuperBox” turns your home into a proxy node for cybercriminals | Kaspersky official blogA cheap Android TV box promising free subscriptions can easily become the backbone for cybercriminal botnets and proxy servers. We break down how these streaming boxes lease out your IP address, and how to choose a device that’s secure.KASPERSKY.COM
20 MayFake malware-signing service Fox Tempest dismantled by MicrosoftThe service let malware authors sign malicious files with fraudulent Microsoft-issued certificates to bypass security checks.MALWAREBYTES.COM
20 MayAndroid Malware Campaign Used Hundreds of Fake Apps to Silently Charge UsersPremium Deception campaign uses 250 Android apps to silently sign victims up to paid servicesINFOSECURITY-MAGAZINE.COM
20 MayMini Shai-Hulud Hits Hundreds of npm Packages in AntV EcosystemMini Shai-Hulud worm hits Alibaba AntV ecosystem in largest npm supply chain wave to dateINFOSECURITY-MAGAZINE.COM
19 MayFrom PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threatCisco Talos has uncovered a BadIIS variant — identifiable by its embedded "demo.pdb" strings — that functions as commodity malware, likely sold or shared among multiple Chinese-speaking cyber crime groups operating under a malware-as-a-service (MaaS) model for continuous monetiza…TALOSINTELLIGENCE.COM
19 MayFrom Ivory Tower to Iron Curtain: The Academics Who Reshaped the CIAIn 1947, a new civilian intelligence agency was established: the CIA. But a series of intelligence failures undermined its credibility. The White House and Congress were up in arms, and a new mission was formed- to recruit Ivy League professors with uncanny skills. Leaving their …THECYBERWIRE.COM
19 MayStealer Spoofs Google, Microsoft & Apple, Then Backdoors macOSThe SHub Reaper stealer, which hides behind fake WeChat and Miro installers, marks a shift from ClickFix social engineering to Apple script-based execution.DARKREADING.COM
19 Maydurabletask: TeamPCP's Latest PyPi CompromiseDiscover the latest on malicious versions of the pypi package durabletask, matching TeamPCP tactics.WIZ.IO
19 MayThe Worm That Keeps on Digging: TeamPCP Hits @antv in Latest WaveMulti-ecosystem supply chain compromise by TeamPCP targets GitHub, NPM, and VSCode to steal credentials and establish persistence.WIZ.IO
18 MayA week in security (May 11 – May 17)A list of topics we covered in the week of May 11 to May 17 of 2026MALWAREBYTES.COM
18 MayPre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons SimulationsA new analysis of the Lua-based fast16 malware has confirmed that it was a cyber sabotage tool designed to tamper with nuclear weapons testing simulations. According to Broadcom-owned Symantec and Carbon Black teams, the pre-Stuxnet tool was engineered to corrupt uranium-compress…THEHACKERNEWS.COM
18 MayDeveloper Workstations Are Now Part of the Software Supply ChainSupply chain attackers are not only trying to slip malicious code into trusted software. They are trying to steal the access that makes trusted software possible. Recently, three separate campaigns hit npm, PyPI, and Docker Hub in a 48-hour window, and all three targeted secrets …THEHACKERNEWS.COM
18 MayIT threat evolution in Q1 2026. Mobile statisticsThis report contains mobile threat statistics for Q1 2026, along with noteworthy discoveries and quarterly trends: new versions of SparkCat and Triada.SECURELIST.COM
18 MayIT threat evolution in Q1 2026. Non-mobile statisticsThe report presents key trends and statistics on malware that targeted personal computers running Windows and macOS, as well as Internet of Things (IoT) devices, during Q1 2026.SECURELIST.COM
15 May[Guest Diary] New Malware Libraries means New Signatures, (Fri, May 15th)&#;xd; &#;xd; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;…ISC.SANS.EDU
14 MayWhy Malwarebytes blocks some Yahoo Mail redirectsSome Yahoo Mail users may see repeated Malwarebytes alerts caused by background connections to suspicious third-party domains. Here’s why.MALWAREBYTES.COM
14 MayGoogle Launches Android Spyware Forensics Tool for High-Risk UsersGoogle’s Android Advanced Protection Mode is getting a new feature allowing trusted security experts to investigate potential spyware infectionsINFOSECURITY-MAGAZINE.COM
14 MayStealer Backdoor Found in 3 Node-IPC Versions Targeting Developer SecretsCybersecurity researchers are sounding the alarm about what has been described as "malicious activity" in newly published versions of node-ipc. According to Socket and StepSecurity, three different versions of the npm package have been confirmed as malicious - node-ipc@9.1.6 node…THEHACKERNEWS.COM
13 MayAndroid Adds Intrusion Logging for Sophisticated Spyware ForensicsGoogle on Tuesday unveiled a new opt-in Android feature called Intrusion Logging for storing forensic logs to better analyze sophisticated spyware attacks. Intrusion Logging, available as part of Advanced Protection Mode, enables "persistent and privacy-preserving forensics loggi…THEHACKERNEWS.COM
13 MayGlobal Cyber Agencies Issue New SBOMs for AI Guidance to Tackle AI Supply Chain RisksThe G7 Cybersecurity Working Group releases new SBOM for AI guidance, outlining seven key data clusters to boost transparency and security across AI supply chainsINFOSECURITY-MAGAZINE.COM
13 MayThis is what some the world’s largest banks of malware look like stacked as hard drivesWhat would some of the world's largest repositories of malware look like if they were stacked as hard drives, one on top of the other?TECHCRUNCH.COM
12 MayTeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain AttackCheckmarx has confirmed that a modified version of the Jenkins AST plugin was published to the Jenkins Marketplace. "If you are using Checkmarx Jenkins AST plugin, you need to ensure that you are using the version 2.0.13-829.vc72453fa_1c16 that was published on December 17, 2025 …THEHACKERNEWS.COM
12 MayAndroid banking Trojan TrickMo evolves using TON network for C2ThreatFabric found a new TrickMo Android trojan focused on stealth and persistence, moving its command-and-control traffic to the TON network. Security researchers at ThreatFabric have recently identified a new version of TrickMo, a dangerous Android banking trojan that shows how…SECURITYAFFAIRS.COM
12 MayMalicious Hugging Face Repository Typosquats OpenAIHiddenLayer reveals infostealer malware in a Hugging Face repositoryINFOSECURITY-MAGAZINE.COM
12 MayWebinar: What the Riskiest SOC Alerts Go Unanswered - and How Radiant Security Can HelpWhy do the Riskiest SOC Alerts Go Unanswered? Security operations teams are drowning in alerts. But the real problem isn't always alert volume; it's the blind spots. The most dangerous alerts are the ones no one is investigating. A recent report from The Hacker News examined why …THEHACKERNEWS.COM
12 MayNew TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network PivotsCybersecurity researchers have flagged a new version of the TrickMo Android banking trojan that uses The Open Network (TON) for command-and-control (C2). The new variant, observed by ThreatFabric between January and February 2026, has been observed actively targeting banking and …THEHACKERNEWS.COM
12 MayRubyGems Suspends New Signups After Hundreds of Malicious Packages Are UploadedRubyGems, the standard package manager for the Ruby programming language, has temporarily paused account sign ups following what has been described as a "major malicious attack." "We're dealing with a major malicious attack on Ruby Gems right now," Maciej Mensfeld, senior product…THEHACKERNEWS.COM
12 MayInstructure strikes a deal with ShinyHunters.Texas sues Netflix over alleged data sharing. Humanitarian-themed phishing lures deliver stealthy Python malware.THECYBERWIRE.COM
12 MayChina’s hackers aren’t invincible.Former NSA chief says the U.S. can beat China in cyberspace. Canvas cuts a deal with hackers. The FCC proposes KYC rules for phone users. SAP patches critical flaws. A poisoned TanStack npm supply chain attack spreads malware. Humanitarian aid lures deliver spyware. Japan launche…THECYBERWIRE.COM
11 MayA week in security (May 4 – May 10)A list of topics we covered in the week of May 4 to May 10 of 2026MALWAREBYTES.COM
11 May⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and MoreRough Monday. Somebody poisoned a trusted download again, somebody else turned cloud servers into public housing, and a few crews are still getting into boxes with bugs that should’ve died years ago — the same old holes, same lazy access paths, same “how the hell is this still op…THEHACKERNEWS.COM
11 MayTrickMo Variant Routes Android Trojan Traffic Through TONThreatFabric finds new TrickMo Android banking trojan variant routing C2 through The Open NetworkINFOSECURITY-MAGAZINE.COM
11 MayFCC eases restrictions on foreign-made routers.Police shutter German-language criminal marketplace. TrickMo Android malware uses TON blockchain for stealthy communications.THECYBERWIRE.COM
10 MaySECURITY AFFAIRS MALWARE NEWSLETTER ROUND 96Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter CloudZ RAT potentially steals OTP messages using Pheno plugin Backdoored PyTorch Lightning package drops credential…SECURITYAFFAIRS.COM
9 MayQuasar Linux RAT (QLNX): A Fileless Linux Implant Built for Stealth and PersistenceResearchers uncovered QLNX, a Linux RAT targeting developers to steal credentials, log keystrokes, monitor systems, and enable remote access. Security researchers discovered a previously undocumented Linux malware called Quasar Linux RAT (QLNX) that targets developers and DevOps …SECURITYAFFAIRS.COM
8 MayAustralian Cyber Security Centre Issues Alert Over ClickFix AttacksACSC warns over a campaign targeting organizations which uses ClickFix to deliver Vidar infostealer malwareINFOSECURITY-MAGAZINE.COM
8 MayQuasar Linux RAT Steals Developer Credentials for Software Supply Chain CompromiseA previously undocumented Linux implant codenamed Quasar Linux RAT (QLNX) is targeting developers' systems to establish a silent foothold as well as facilitate a broad range of post-compromise functionality, such as credential harvesting, keylogging, file manipulation, clipboard …THEHACKERNEWS.COM
8 MayTCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook WormsThreat hunters have flagged a previously undocumented Brazilian banking trojan dubbed TCLBANKER that's capable of targeting 59 banking, fintech, and cryptocurrency platforms. The activity is being tracked by Elastic Security Labs under the moniker REF3076. The malware family is a…THEHACKERNEWS.COM
8 MaySpace, the internet's next frontier.For decades, the internet has depended on terrestrial infrastructure solutions like fiber optics, undersea cables, cell towers, and data centers. However, that infrastructure still has hard limits especially in rural areas, disaster zones, or contested environments where building…THECYBERWIRE.COM
7 MayTCLBANKER: Brazilian Banking Trojan Spreading via WhatsApp and OutlookREF3076 uses a trojanized Logitech installer to deploy TCLBANKER, a Brazilian banking trojan with environment-gated payloads, WPF fraud overlays, and self-propagating WhatsApp and Outlook worm modules.ELASTIC.CO
7 MayAI in the Wrong HandsAI is the most powerful tool defenders have ever had. It's also the most dangerous weapon attackers have ever had. Assaf Keren, CSO at Qualtrics and author of Lessons from the Frontlines, has seen AI reshape both sides of the threat equation. In this conversation, he gets speci…THECYBERWIRE.COM
7 MayPyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and LinuxCybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository that are designed to stealthily deliver a previously unknown malware family called ZiChatBot on Windows and Linux systems. "While these wheel packages do implement the feat…THEHACKERNEWS.COM
7 MayNearly half of the world’s passwords can be cracked in under a minute | Kaspersky official blogUsing just a powerful graphics card, hackers can crack 60% of real user passwords in less than an hour. Even more alarming, 48% of passwords take less than a minute to compromise! Read our report to learn about the methods attackers use, the common password patterns folks resort …KASPERSKY.COM
7 MayFrom Android TVs to routers: the xlabs_v1 Mirai-based botnet built for DDoS attacksA new Mirai‑based botnet, xlabs_v1, hijacks ADB‑exposed IoT devices for powerful DDoS attacks, with 21 flooding methods and DDoS‑for‑hire use. A new Mirai‑derived botnet called xlabs_v1 is hijacking internet‑exposed devices running Android Debug Bridge (ADB) and using them for la…SECURITYAFFAIRS.COM
7 MayOpenAI and Anthropic LLMs Used in Critical Infrastructure Cyber-Attack, Warns DragosCommercial AI models were used to help plan and conduct cyber-attack against operational technology of a water and drainage facility, say researchersINFOSECURITY-MAGAZINE.COM
7 MayFake Claude AI Site Drops Beagle Backdoor on Windows UsersSophos finds fake Claude site spreading DonutLoader and a new Beagle backdoor via DLL sideloadingINFOSECURITY-MAGAZINE.COM
7 MayAfter Replacing TeamPCP Malware, 'PCPJack' Steals Cloud SecretsPCPJack makes innovative use of parquet files for stealthy, pre-validated target discovery as it canvasses multiple cloud environments.DARKREADING.COM
6 MayMalicious PyTorch Lightning update hits AI supply chain securityA malicious PyTorch Lightning update (v2.6.3) on PyPI spread briefly, stealing credentials and raising major concerns about AI supply chain security. A malicious update of the PyTorch Lightning library exposed developers to credential theft and remote compromise. Attackers upload…SECURITYAFFAIRS.COM
6 MayGoogle's Android Apps Get Public Verification to Stop Supply Chain AttacksGoogle has announced expanded Binary Transparency for Android as a way to safeguard the ecosystem from supply chain attacks. "This new public ledger ensures the Google apps on your device are exactly what we intended to build and distribute," Google's product and security teams s…THEHACKERNEWS.COM
6 MayWebsites with an undefined trust level: avoiding the trapWe explain what suspicious websites are and how to distinguish a safe site from a fraudulent one. A new category in Kaspersky solutions: we're sharing global statistics on untrusted site detection.SECURELIST.COM
6 MayHow VoidStealer bypasses Chrome’s protections to hijack sessions and steal data | Kaspersky official blogThe VoidStealer malware employs a new technique to circumvent Chrome’s App-Bound Encryption mechanism, gaining access to session cookies and other sensitive user data.KASPERSKY.COM
6 MayLABScon25 Replay | Please Connect to the Foreign Entity to Enhance Your User ExperienceJoe FitzPatrick reveals how consumer imports of networked devices pose a real security risk to small businesses and critical infrastructure alike.SENTINELONE.COM
6 MayAttackers adopt JavaScript runtime Bun to spread NWHStealerA legitimate developer tool is being repurposed by attackers to package and spread this Windows infostealer in harder-to-detect ways.MALWAREBYTES.COM
6 MaySome kids are bypassing age verification checks with a fake mustacheA new survey found that kids find it easy to bypass age checks, despite a rise in age verification laws around the world.TECHCRUNCH.COM
6 MayYet Another Way to Bypass Google Chrome's Encryption ProtectionAuthors of the VoidStealer Trojan uncovered a way to get around Google's App-Bound Encryption (ABE), opening the door to infostealers.DARKREADING.COM
6 MayThe Jenkins Threat LandscapeWhat usage patterns, plugin adoption, and configuration choices reveal about the Jenkins attack surface.WIZ.IO
5 MaySupply chain attack via DAEMON Tools | Kaspersky official blogKaspersky experts have detected a supply chain attack using the popular DAEMON Tools software.KASPERSKY.COM
5 MayUpdate WhatsApp now: Two new flaws could expose you to malicious filesWhatsApp patches flaws that could expose users to malicious content and disguised malware.MALWAREBYTES.COM
5 MayFTC bans data broker Kochava from selling sensitive location infoThe FTC has said that Kochava sold precise geolocation data showing consumers visiting houses of worship and health care clinics without their consent or awareness, an alleged violation of a law barring companies from engaging in unfair and deceptive practices.THERECORD.MEDIA
4 MayA week in security (April 27 – May 3)A list of topics we covered in the week of April 27 to May 3 of 2026MALWAREBYTES.COM
4 MaySilver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and RussiaThe China-based cybercrime group known as Silver Fox has been linked to a new campaign targeting organizations in Russia and India with a new malware called ABCDoor. The activity involved using phishing emails that mimic correspondence from the Income Tax Department of India in D…THEHACKERNEWS.COM
3 MaySECURITY AFFAIRS MALWARE NEWSLETTER ROUND 95Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet 73 Open VSX Sleep…SECURITYAFFAIRS.COM
30 AprSilver Fox uses the new ABCDoor backdoor to target organizations in Russia and IndiaThe Silver Fox group is targeting companies in Russia and India by impersonating tax authorities to distribute ValleyRAT and the new ABCDoor backdoor.SECURELIST.COM
30 AprCyber is the Number One Global “People Risk,” Says MarshMarsh’s 2026 People Risks survey finds cyber‑related challenges dominate, as cyber‑threat literacy tops risks and cyber and AI skills shortages riseINFOSECURITY-MAGAZINE.COM
30 AprExposed Data Illustrates the Nightmare Scenario for a Stalkerware VictimExtremely sensitive personal data from a European celebrity that appears to have been compiled using spyware was publicly accessible until a researcher flagged the exposure.WIRED.COM
30 AprThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More StoriesThe internet is noisy this week. We are seeing some wild new tactics, like people using fake cell towers to send scam texts, while some developers are accidentally downloading tools that peek into their private files during a simple install. It is definitely a busy time to be onl…THEHACKERNEWS.COM
30 AprDeep#Door Python Backdoor Evades Detection On WindowsDeep#Door Python RAT uses tunneling and obfuscation to evade detection and steal credentialsINFOSECURITY-MAGAZINE.COM
30 AprThree Arrested for Hacking Over 610,000 Roblox AccountsSuspects accused of distributing malware and selling access to stolen Roblox accounts on Russian marketplacesINFOSECURITY-MAGAZINE.COM
29 AprLotus Wiper Attack Targeted Venezuelan Energy Firms, UtilitiesAn analysis of the destructive malware reveals sophisticated living-off-the-land (LotL) techniques and detailed strategies for the widespread deletion of data.DARKREADING.COM
29 AprNew Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATsCybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency to the project by Anthropic's Claude Opus large language model (LLM). The package in question is "@validate-sdk/v2," which is listed on npm as a utility software d…THEHACKERNEWS.COM
29 AprSupply Chain Campaign Targets SAP npm Packages with Credential-Stealing MalwareDetect and mitigate malicious npm packages linked to the recent Shai-Hulud-style campaign - Mini Shai Hulud.WIZ.IO
29 AprWiz Code Week Recap: Securing AI Native DevelopmentProviding Application Security teams with visibility and guardrails to secure agentic software development and the modern software supply chainWIZ.IO
28 AprNew Android spyware Morpheus linked to Italian surveillance firmOsservatorio Nessuno uncovered Morpheus spyware spreading via fake Android apps to steal data, highlighting rising covert surveillance tools. The non-partisan, non-religious, nonprofit organization Osservatorio Nessuno exposed a new spyware called Morpheus, distributed through fa…SECURITYAFFAIRS.COM
28 AprWhy Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks AboutEvery security program is betting on the same assumption: once a system is connected, the problem is solved. Open a ticket, stand up a gateway, push the data through. Done. That assumption is wrong. It is also a major reason Zero Trust programs stall. New research my team just pu…THEHACKERNEWS.COM
28 AprFresh Wave of GlassWorm VS Code Extensions Slices Through Supply ChainAttackers continue to scale a campaign to seed Open VSX with seemingly benign VS Code extensions that spread self-propagating malware.DARKREADING.COM
28 AprBrazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer CampaignA cybercrime group of Brazilian origin has resurfaced after more than three years to orchestrate a campaign that targets Minecraft players with a new stealer called LofyStealer (aka GrabBot). "The malware disguises itself as a Minecraft hack called 'Slinky,'" Brazil-based cyberse…THEHACKERNEWS.COM
28 AprParagon is not collaborating with Italian authorities probing spyware attacks, report saysDespite promising to help determine what happened with the hacks targeting journalists and activists in Italy, Israeli-American spyware maker Paragon has reportedly not responded to authorities’ requests for information.TECHCRUNCH.COM
27 AprA week in security (April 20 – April 26)A list of topics we covered in the week of April 20 to April 26 of 2026MALWAREBYTES.COM
27 AprFast16: Pre-Stuxnet malware that targeted precision engineering softwareFast16 is a pre-Stuxnet malware that tampered with precision software and spread itself. Evidence suggests links to U.S. operations during early cyber tensions. SentinelOne uncovered Fast16, a sabotage malware used in 2005, years before Stuxnet. The malicious code is written in L…SECURITYAFFAIRS.COM
27 AprResearchers Identify Fast16 Sabotage Malware That Pre-Dates StuxnetThe “fast16” malware may have been used to target Iran’s nuclear program prior to StuxnetINFOSECURITY-MAGAZINE.COM
27 AprResearchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 MalwareCybersecurity researchers have flagged dozens of Microsoft Visual Studio Code (VS Code) extensions on the Open VSX repository that are linked to a persistent information-stealing campaign dubbed GlassWorm. The cluster of 73 extensions has been identified as cloned versions of the…THEHACKERNEWS.COM
27 Apr20-Year-Old Malware Rewrites History of Cyber SabotageResearchers have uncovered a malware framework dubbed "fast16" that predates Stuxnet by 5 years.DARKREADING.COM
27 Apr⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & MoreEverything is dumb again. This week feels broken in a very familiar way. Old tricks are back. New tools are doing shady crap. Supply chains got hit. Fake help desks worked. Weird research showed how easy some attacks still are. Most of it feels like stuff we should have fixed yea…THEHACKERNEWS.COM
27 AprPhishing crypto-wallet clones in the App Store and other attacks on iOS and macOS crypto owners | Kaspersky official blogNew waves of attacks on Apple users are leading to stolen cryptocurrency: fake crypto wallets in the App Store, trojanized legitimate macOS crypto apps, and other threats. Here’s how to stay protected.KASPERSKY.COM
26 AprSECURITY AFFAIRS MALWARE NEWSLETTER ROUND 94Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Morpheus: A new Spyware linked to IPS Intelligence The iPhone — invincible no more: a look at DarkSword and Coruna Lotus Wiper: a new …SECURITYAFFAIRS.COM
25 AprResearchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering SoftwareCybersecurity researchers have discovered a new Lua-based malware created years before the notorious Stuxnet worm that aimed to sabotage Iran's nuclear program by destroying uranium enrichment centrifuges. According to a new report published by SentinelOne, the previously undocum…THEHACKERNEWS.COM
24 AprNpm Supply Chain Malware Attack Targets Developers With Worm-Like PropagationMalicious npm packages spread via worm-like propagation and steal developer credentialsINFOSECURITY-MAGAZINE.COM
24 Apr26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed PhrasesCybersecurity researchers have discovered a set of malicious apps on the Apple App Store that impersonate popular cryptocurrency wallets in an attempt to steal recovery phrases and private keys since at least fall 2025. "Once launched, these apps redirect users to browser pages d…THEHACKERNEWS.COM
24 AprAnother spyware maker caught distributing fake Android snooping appsResearchers have found a new case where government authorities used a fake Android app to plant spyware on a target’s phone. The company that allegedly developed the spyware was not previously known to sell this type of software.TECHCRUNCH.COM
23 AprTrendAI™’s AI Security Brief podcast joins the N2K CyberWire network.N2K Networks today announced the launch of AI Security Brief, the flagship podcast for global AI security leader TrendAI™ on the N2K CyberWire network. Drawing on TrendAI™’s global threat research and operational expertise, the show delivers strategic insights on the intersection…THECYBERWIRE.COM
23 AprChina-linked hackers targeted Mongolian government using Slack, Discord for covert communicationsThe group, which researchers at cybersecurity firm ESET named GopherWhisper, has been active since at least November 2023 and was discovered in January 2025 after investigators found a previously unknown backdoor on the network of a Mongolian government institution.THERECORD.MEDIA
23 AprNewly Deciphered Sabotage Malware May Have Targeted Iran’s Nuclear Program—and Predates StuxnetResearchers have finally cracked Fast16, mysterious code capable of silently tampering with calculation and simulation software. It was created in 2005—and likely deployed by the US or an ally.WIRED.COM
22 AprLotus Wiper Malware Targets Venezuelan Energy Systems in Destructive AttackCybersecurity researchers have discovered a previously undocumented data wiper that has been used in attacks targeting Venezuela at the end of last year and the start of 2026. Dubbed Lotus Wiper, the novel file wiper has been used in a destructive campaign targeting the energy an…THEHACKERNEWS.COM
22 AprResearcher claims Claude Desktop installs “spyware” on macOSA security researcher claims Claude Desktop installed spyware on his Mac. We examine the findings.MALWAREBYTES.COM
22 AprMalicious trading website drops malware that hands your browser to attackersA fake TradingView AI agent site leads to malware that can take over your browser, steal your accounts and financial data, and open the door to further attacks.MALWAREBYTES.COM
22 AprUK government says 100 countries have spyware that can hack people’s phonesThe U.K.'s cybersecurity chief warned that U.K. businesses and critical infrastructure are underestimating the threat from spyware attacks and other cyberthreats, with more governments having access to the powerful surveillance technology than ever.TECHCRUNCH.COM
22 AprTargeting developers: real-world cases, tactics, and defense strategies | Kaspersky official blogDeveloper-focused attacks: from malicious npm packages and GitHub phishing, to fake interviews and take-home assignments.KASPERSKY.COM
22 AprHackers deployed wiper malware in destructive attacks on Venezuela’s energy sectorHackers deployed a previously unknown wiper malware against Venezuela’s energy and utilities sector in an attack that appears to have been designed to destroy systems.THERECORD.MEDIA
22 AprLABScon25 Replay | Are Your Chinese Cameras Spying For You Or On You?Marc Rogers and Silas Cutler expose how cheap smart home devices conceal a shadow supply chain of shell companies, firmware flaws, and foreign data routing.SENTINELONE.COM
21 AprThe US NSA is using Anthropic’s Claude Mythos despite supply chain riskAxios reports the National Security Agency uses Anthropic Mythos model despite Department of Defense concerns, blurring AI risk vs defense lines. The reported use of Anthropic’s Mythos model by the U.S. National Security Agency is a reminder that the line between AI as a defensiv…SECURITYAFFAIRS.COM
21 AprFake Google Antigravity downloads are stealing accounts in minutesAnother AI launch, another trap. A trojanized Google Antigravity installer runs like normal, but secretly hands over your accounts to the attackers.MALWAREBYTES.COM
21 AprTrojanized Android App Fuels New Wave of NFC FraudNGate malware abuses HandyPay app to steal NFC card data and PINs in BrazilINFOSECURITY-MAGAZINE.COM
20 AprA week in security (April 13 – April 19)A list of topics we covered in the week of April 13 to April 19 of 2026MALWAREBYTES.COM
20 AprResearchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT SystemsCybersecurity researchers have flagged a new malware called ZionSiphon that appears to be specifically designed to target Israeli water treatment and desalination systems. The malware has been codenamed ZionSiphon by Darktrace, highlighting its ability to set up persistence, tamp…THEHACKERNEWS.COM
20 AprZionSiphon Malware Targets Water Infrastructure SystemsZionSiphon malware targets OT water systems with sabotage and ICS scanning capabilitiesINFOSECURITY-MAGAZINE.COM
20 AprFormbook Malware Campaign Uses Multiple Obfuscation Techniques to Avoid DetectionFormbook attacks use combination of DLL Side-Loading and Obfuscated JavaScript to stay hidden, researchers at WatchGuard have uncoveredINFOSECURITY-MAGAZINE.COM
19 AprSecurity Affairs newsletter Round 573 by Pierluigi Paganini – INTERNATIONAL EDITIONA new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Hidden VMs: how hackers lever…SECURITYAFFAIRS.COM
19 AprSECURITY AFFAIRS MALWARE NEWSLETTER ROUND 93Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape CPU-Z / HWMonitor watering hole infection – a copy-pasted attack Fake Claude site installs malware that gives attackers access to your…SECURITYAFFAIRS.COM
17 AprInside ZionSiphon: politically driven malware aims at Israeli water systemsNew ZionSiphon malware targets water systems, and allows attackers to alter pressure and chlorine levels. A flaw makes it ineffective for now. Darktrace analyzed ZionSiphon, a new malware designed to target water treatment and desalination systems, which aims to disrupt operation…SECURITYAFFAIRS.COM
17 AprAnalyse: Vom Mythos zur Vulnocalypse und was jetzt wirklich zu tun istAlle Welt redet darüber, wie gefährlich Anthropics neue KI sein könnte. Jürgen Schmidt von heise security konzentriert sich lieber darauf, was jetzt zu tun ist.HEISE.DE
17 AprHackers leverage leaked government intelligence tools to target everyday iOS users | Kaspersky official blogDarkSword and Coruna are new iOS malware strains that infect devices through zero-click attacks. Learn how these threats operate, which iOS versions are at risk, and how to protect your devices.KASPERSKY.COM
16 AprAnthropic vs Washington.This week, Dave and Ben revisit Anthropic’s lawsuits against the Pentagon after the company was reclassified as a supply chain risk. Additionally, Dave and Ben also take a look at the looming Section 702 deadline, which is set to expire on April 20th.THECYBERWIRE.COM
16 AprA fake Slack download is giving attackers a hidden desktop on your machineThis trojanized Slack installer looks normal, but quietly gives attackers an invisible desktop to access your accounts and data. We take a deep dive into the attack.MALWAREBYTES.COM
16 AprObsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto AttacksA "novel" social engineering campaign has been observed abusing Obsidian, a cross-platform note-taking application, as an initial access vector to distribute a previously undocumented Windows remote access trojan called PHANTOMPULSE in attacks targeting individuals in the financi…THEHACKERNEWS.COM
15 AprFrom fake Proton VPN sites to gaming mods, this Windows infostealer is everywhereHiding in imposter sites, GitHub downloads, and YouTube links, this infostealer is designed to hijack accounts and drain cryptocurrency wallets.MALWAREBYTES.COM
15 AprMirax malware campaign hits 220K accounts, enables full remote controlMirax, a new Android RAT, spread via Meta ads, infected 220,000 users and turns devices into SOCKS5 proxies, giving attackers full remote control. Mirax is a new Android remote access trojan spreading through ads on Meta platforms, targeting mainly Spanish-speaking users and reac…SECURITYAFFAIRS.COM
15 AprThreat landscape for industrial automation systems in Q4 2025The report contains industrial threat statistics for Q4 2025. It covers various infection vectors and malware types, as well as regional statistics and statistics by industry.SECURELIST.COM
15 AprNach Anthropic Mythos: OpenAI kündigt GPT-5.4-Cyber anOpenAI bringt mit GPT-5.4-Cyber ein eigenes KI-Modell für Cybersicherheit. Wie bei Anthropics Mythos bleibt der Zugang zunächst eingeschränkt.HEISE.DE
14 AprFake Claude AI installer abuses DLL sideloading to deploy PlugXFake Claude website impersonates Anthropic and delivers PlugX RAT via ZIP download using DLL sideloading. A fake website impersonating Anthropic’s Claude service was found distributing the PlugX remote access trojan, according to Malwarebytes. The rogue site abuses the chatbot’s …SECURITYAFFAIRS.COM
14 AprCPUID: Angreifer haben über Webseite Malware-Installer verteiltDie Webseite CPUID der System-Analyse-Tools CPU-Z und HWMonitor wurde von Angreifern manipuliert. Sie verteilte Malware.HEISE.DE
14 AprSomeone planted backdoors in dozens of WordPress plug-ins used in thousands of websitesDozens of WordPress plug-ins were allegedly hijacked to push malware after they were sold to a new corporate owner.TECHCRUNCH.COM
13 AprThe silent “Storm”: New infostealer hijacks sessions, decrypts server-sideNew "Storm" infostealer skips local decryption, sending browser data to attacker servers. Varonis shows how server-side decryption enables session hijacking, bypassing passwords and MFA. [...]BLEEPINGCOMPUTER.COM
13 AprJanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025Banks and financial institutions in Latin American countries like Brazil and Mexico have continued to be the target of a malware family called JanelaRAT. A modified version of BX RAT, JanelaRAT is known to steal financial and cryptocurrency data associated with specific financial…THEHACKERNEWS.COM
13 AprA week in security (April 6 – April 12)A list of topics we covered in the week of April 6 to April 12 of 2026MALWAREBYTES.COM
13 AprJanelaRAT: a financial threat targeting users in Latin AmericaKaspersky GReAT experts describe the latest JanelaRAT campaign detailing infection chain and malware functionality updates.SECURELIST.COM
13 ApriPhone forensics expose Signal messages after app removal in U.S. caseAn FBI case in Texas shows Signal messages can still be recovered from iPhones even after app uninstall, via system artifacts, challenging privacy assumptions. The recent revelations about FBI forensic access to Signal messages on an iPhone have reignited a long-standing misunder…SECURITYAFFAIRS.COM
13 Apr„ClickFix“-Angriffe auf macOS jetzt auch via Script EditorEine aktuell laufende Malware-Kampagne nutzt Apples Script Editor statt des Terminals, um den Datenklauer Atomic Stealer auf Macs einzuschleusen.HEISE.DE
10 AprSupply chain attack at CPUID pushes malware with CPU-Z/HWMonitorHackers gained access to an API for the CPUID project and changed the download links on the official website to serve malicious executables for the popular CPU-Z and HWMonitor tools. [...]BLEEPINGCOMPUTER.COM
10 AprFake Claude site installs malware that gives attackers access to your computerWe found a convincing fake site that installs a trojanized Claude app while quietly deploying PlugX malware.MALWAREBYTES.COM
9 AprSmart Slider updates hijacked to push malicious WordPress, Joomla versionsHackers hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla, and pushed a malicious version with multiple backdoors. [...]BLEEPINGCOMPUTER.COM
9 AprUAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing CampaignsA previously undocumented threat cluster dubbed UAT-10362 has been attributed to spear-phishing campaigns targeting Taiwanese non-governmental organizations (NGOs) and suspected universities to deploy a new Lua-based malware called LucidRook. "LucidRook is a sophisticated st…THEHACKERNEWS.COM
9 AprGoogle Chrome adds infostealer protection against session cookie theftGoogle has rolled out Device Bound Session Credentials (DBSC) protection in Chrome 146 for Windows, designed to block info-stealing malware from harvesting session cookies. [...]BLEEPINGCOMPUTER.COM
9 AprNew ‘LucidRook’ malware used in targeted attacks on NGOs, universitiesA new Lua-based malware, called LucidRook, is being used in spear-phishing campaigns targeting non-governmental organizations and universities in Taiwan. [...]BLEEPINGCOMPUTER.COM
9 AprThis fake Windows support website delivers password-stealing malwareA convincing Microsoft lookalike tricks users into downloading malware that steals passwords, payments, and account access.MALWAREBYTES.COM
8 AprIran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCsIran-affiliated cyber actors are targeting internet-facing operational technology (OT) devices across critical infrastructures in the U.S., including programmable logic controllers (PLCs), cybersecurity and intelligence agencies warned Tuesday. "These attacks have led t…THEHACKERNEWS.COM
8 AprMasjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT DevicesCybersecurity researchers have lifted the curtain on a stealthy botnet that's designed for distributed denial-of-service (DDoS) attacks. Called Masjesu, the botnet has been advertised via Telegram as a DDoS-for-hire service since it first surfaced in 2023. It's capable of ta…THEHACKERNEWS.COM
8 AprNew Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS ProxyCybersecurity researchers have flagged a new variant ofmalware called Chaosthat'scapable of hitting misconfigured cloud deployments, marking an expansion of the botnet's targeting infrastructure. "Chaos malware is increasingly targeting misconfigured cloud deployme…THEHACKERNEWS.COM
8 AprNew macOS stealer campaign uses Script Editor in ClickFix attackA new campaign delivering the Atomic Stealer malware to macOS users abuses the Script Editor in a variation of the ClickFix attack that tricked users into executing commands in Terminal. [...]BLEEPINGCOMPUTER.COM
8 AprHack-for-hire group caught targeting Android devices and iCloud backupsSecurity researchers exposed a spying campaign by a hack-for-hire group that used Android spyware and phishing to steal iCloud credentials and hack victims’ devices.TECHCRUNCH.COM
8 AprFinancial cyberthreats in 2025 and the outlook for 2026In this report, Kaspersky experts share their insights into the 2025 financial threat landscape, including regional statistics and trends in phishing, PC malware, and infostealers.SECURELIST.COM
6 AprConvicted spyware maker Bryan Fleming avoids jail at sentencingThe pcTattletale founder escapes a custodial sentence following the first successful prosecution of a spyware maker in the U.S. for over a decade.TECHCRUNCH.COM
6 AprA week in security (March 30 – April 5)A list of topics we covered in the week of March 30 to April 5 of 2026MALWAREBYTES.COM
4 AprAfter fighting malware for decades, this cybersecurity veteran is now hacking dronesMikko Hyppönen is one of the most recognizable faces of the cybersecurity industry. After fighting computer viruses, worms, and malware, for more than 35 years, he tells TechCrunch why he is now working on systems to stop killer drones.TECHCRUNCH.COM
3 AprElectric Vehicles and EV Security - Steve Visconti CEO of Xiid Corporation with David ShipleyEV Charging Infrastructure Security: How Hackers Could Disrupt Chargers, Networks, and the Grid Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated…CYBERSECURITYTODAY.LIBSYN.COM
3 AprNew SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase ImagesCybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, more than a year after the trojan was discovered targeting both the mobile operating systems. The malware has been foun…THEHACKERNEWS.COM
3 Apr KEVHow the World Got Owned Episode 2: The 1990s, Part OneIn this special documentary episode, Patrick Gray and Amberleigh Jack take a look back at hacking throughout the 1990s, from the feel-good vibes of the early hacking communities to the antics of young hackers who wound up on the run from the FBI. Part one features recollections f…RISKY.BIZ
2 AprThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More StoriesThe latest ThreatsDay Bulletin is basically a cheat sheet for everything breaking on the internet right now. No corporate fluff or boring lectures here, just a quick and honest look at the messy reality of keeping systems safe this week. Things are moving fast…THEHACKERNEWS.COM
2 AprHow we caught the Axios supply chain attackJoe Desimone shares the story of how he caught the Axios supply chain attack with a proof of concept tool built in an afternoon.ELASTIC.CO
2 AprHooked on Linux: Rootkit Detection EngineeringIn this second part of a two-part series, we explore Linux rootkit detection engineering, focusing on the limitations of static detection reliance, and the importance of rootkit behavioral detection.ELASTIC.CO
2 AprMalwarebytes Privacy VPN receives full third-party auditWe commissioned a third-party audit for the infrastructure behind our VPNs. Here are the results.MALWAREBYTES.COM
1 AprAlleged RedLine malware developer extradited to United StatesA man has appeared in federal court in Austin, Texas, after being extradited to the United States to face charges related to his alleged role as a key developer of the notorious RedLine malware. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
1 AprMalicious Script That Gets Rid of ADS, (Wed, Apr 1st)Today, most malware are called “fileless†because they try to reduce their footprint on the infected computer filesystem to the bare minimum. But they need to write something… think about persistence. They can use the regi…ISC.SANS.EDU
1 AprCrystalX RAT: a Trojan for pranks, remote access, and cryptocurrency theft | Kaspersky official blogThe new CrystalX remote access Trojan combines pranks with full control over the victim’s computer. It also spies on its victims, steals their cryptocurrency and accounts, and uses advanced methods to bypass protection. We explain how it works, and how to avoid infection.KASPERSKY.COM
1 AprWhatsApp notifies hundreds of users who installed a fake app that was actually government spywareThe Meta-owned company said it identified around 200 users who were tricked into installing a fake version of WhatsApp that was actually Italian-made spyware.TECHCRUNCH.COM
1 Apr'NoVoice' Android malware on Google Play infected 2.3 million devicesA new Android malware named NoVoice was found on Google Play, hidden in more than 50 apps that were downloaded at least 2.3 million times. [...]BLEEPINGCOMPUTER.COM
1 AprNew CrystalRAT malware adds RAT, stealer and prankware featuresA new malware-as-a-service called CrystalRAT is being promoted on Telegram, offering remote access, data theft, keylogging, and clipboard hijacking capabilities. [...]BLEEPINGCOMPUTER.COM
1 AprThe Shift: An Era of Quantum GeopoliticsThe expanding conflict around Iran signals a deeper shift. We have entered an era of quantum geopolitics, where the old rules of the international order no longer applyRECORDEDFUTURE.COM
1 AprInside the Axios supply chain compromise - one RAT to rule them allElastic Security Labs analyzes a supply chain compromise of the axios npm package delivering a unified cross-platform RATELASTIC.CO
1 AprElastic releases detections for the Axios supply chain compromiseHunting and detection rules for the Elastic-discovered Axios supply chain compromise.ELASTIC.CO
1 AprA laughing RAT: CrystalX combines spyware, stealer, and prankware featuresKaspersky researchers analyze a new CrystalX RAT distributed as MaaS and featuring extensive spyware, stealer, and prankware capabilities.SECURELIST.COM
31 MarHackers compromise Axios npm package to drop cross-platform malwareHackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver remote access trojans to Linux, Windows, and macOS systems. [...]BLEEPINGCOMPUTER.COM
30 MarTeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLMMoving beyond their LiteLLM campaign, TeamPCP weaponizes the Telnyx Python SDK with stealthy WAV‑based payloads to steal credentials across Linux, macOS, and Windows.TRENDMICRO.COM
27 MarFake VS Code alerts on GitHub spread malware to developersA large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the Discussions section of various projects, to trick users into downloading malware. [...]BLEEPINGCOMPUTER.COM
27 MarElastic Security Labs uncovers BRUSHWORM and BRUSHLOGGERElastic Security Labs observed two custom malware components targeting a South Asian financial institution: a modular backdoor with USB-based spreading and a DLL-side-loaded keylogger.ELASTIC.CO
26 MarPawn Storm Campaign Deploys PRISMEX, Targets Government and Critical Infrastructure EntitiesThis blog discusses the steganography, cloud abuse, and email-based backdoors used against the Ukrainian defense supply chain in the latest Pawn Storm campaign that TrendAI™ Research observed and analyzed.TRENDMICRO.COM
26 MarHow scammers use legitimate surveys to link to malicious sites | Kaspersky official blogSpammers are disguising fraudulent links within legitimate survey platforms — emails containing these links easily bypass standard spam filters. We analyze the scheme, highlight the red flags, and provide defensive strategies.KASPERSKY.COM
26 MarSuspected RedLine infostealer malware admin extradited to USAn Armenian suspect was extradited to the United States to face criminal charges for allegedly helping manage RedLine, one of the most prolific infostealer malware operations in recent years. [...]BLEEPINGCOMPUTER.COM
26 MarApple made strides with iOS 26 security, but leaked hacking tools still leave millions exposed to spyware attacksLeaked hacking tools threaten the security of millions of older iPhones. Cybersecurity experts weigh in.TECHCRUNCH.COM
26 MarIlluminating VoidLink: Technical analysis of the VoidLink rootkit frameworkElastic Security Labs analyzes VoidLink, a sophisticated Linux malware framework that combines traditional Loadable Kernel Modules with eBPF to maintain persistence.ELASTIC.CO
26 MarAn AI gateway designed to steal your dataDissecting the supply chain attack on LiteLLM, a multifunctional gateway used in many AI agents. Explaining the dangers of the malicious code and how to protect yourself.SECURELIST.COM
25 MarFCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk ConcernsThe U.S. Federal Communications Commission (FCC) said on Monday that it was banning the import of new, foreign-made consumer routers, citing "unacceptable" risks to cyber and national security. The action was designed to safeguard Americans and the underlying communications netwo…THEHACKERNEWS.COM
25 MarPaid AI Accounts Are Now a Hot Underground CommodityAI accounts are becoming part of the cybercrime supply chain, sold like email accounts or VPS access. Flare Systems shows how underground markets bundle and resell premium AI access at scale. [...]BLEEPINGCOMPUTER.COM
25 MarNew Torg Grabber infostealer malware targets 728 crypto walletsA new info-stealing malware called Torg Grabber is stealing sensitive data from 850 browser extensions, more than 700 of them for cryptocurrency wallets. [...]BLEEPINGCOMPUTER.COM
24 MarTax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDRA large-scale malvertising campaign active since January 2026 has been observed targeting U.S.-based individuals searching for tax-related documents to serve rogue installers for ConnectWise ScreenConnect that drop a tool named HwAudKiller to blind security programs using the bri…THEHACKERNEWS.COM
24 MarInvestigating from the Endpoint Across Your Environment with Elastic Security XDRThis article highlights how Elastic Security XDR unifies endpoint protection with multi-domain security analytics to help analysts trace and contain multi-stage attacks across hybrid and cloud environments.ELASTIC.CO
23 MarMicrosoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM MalwareMicrosoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and deliver malware. The email campaigns take advantage of the urgency and time-sensitive nature of emails to send phishing messages masquerading as refund …THEHACKERNEWS.COM
23 MarTrivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes WiperCybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the widening blast radius across developer environments. The last known clean release of Trivy on Docker Hub is 0.69.3. The malicious vers…THEHACKERNEWS.COM
22 MarVoidStealer malware steals Chrome master key via debugger trickAn information stealer called VoidStealer uses a new approach to bypass Chrome's Application-Bound Encryption (ABE) and extract the master key for decrypting sensitive data stored in the browser. [...]BLEEPINGCOMPUTER.COM
20 MarGoogle Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and ScamsGoogle on Thursday announced a new "advanced flow" for Android sideloading that requires a mandatory 24-hour wait period to install apps from unverified developers in an attempt to balance openness with safety. The new changes come against the backdrop of a developer verification…THEHACKERNEWS.COM
20 MarPredator spyware disables iOS camera and microphone indicators | Kaspersky official blogA deep dive into how Intellexa’s Predator spyware interferes with iOS mechanisms to hide camera and microphone activity.KASPERSKY.COM
19 MarNew ‘Perseus’ Android malware checks user notes for secretsA new Android malware called Perseus is checking user-curated notes to steal sensitive information, like passwords, recovery phrases, or financial data. [...]BLEEPINGCOMPUTER.COM
19 Mar2025 Year in Review: Malicious, InfrastructureExplore Insikt Group’s 2025 Malicious Infrastructure Report. Gain insights into Cobalt Strike, Vidar infostealers, and AI-driven threats to secure your 2026 strategy.RECORDEDFUTURE.COM
17 MarAI is Everywhere, But CISOs are Still Securing It with Yesterday's Skills and Tools, Study FindsA majority of security leaders are struggling to defend AI systems with tools and skills that are not fit for the challenge, according to the AI and Adversarial Testing Benchmark Report 2026 from Pentera. The report, based on a survey of 300 US CISOs and senior security leaders, …THEHACKERNEWS.COM
17 MarGlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSXThe GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. [...]BLEEPINGCOMPUTER.COM
16 MarAndroid 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware AbuseGoogle is testing a new security feature as part of Android Advanced Protection Mode (AAPM) that prevents certain kinds of apps from using the accessibility services API. The change, incorporated in Android 17 Beta 2, was first reported by Android Authority last week. AAPM was in…THEHACKERNEWS.COM
16 MarFree real estate: GoPix, the banking Trojan living off your memoryKaspersky GReAT experts describe the unprecedentedly complex Brazilian banking Trojan GoPix that employs memory-only implants, Proxy AutoConfig (PAC) files for man-in-the-middle attacks, and malvertising via Google Ads.SECURELIST.COM
📰 CYBERSECURITY BRIEFINGS 11[+]
7 JunInside modern GPS attacks.This week on T-Minus: Space-Cyber Briefing: we dive into two of the most common ways actors target GPS signals. Whether it be through jamming or spoofing attacks, actors are increasingly utilizing these vectors to disrupt communications, sow confusion, and engage more effectively…THECYBERWIRE.COM
1 JunRed Canary CFP tracker: May 2026Red Canary's monthly roundup of upcoming security conferences and call for papers (CFP) submission deadlines May 2026REDCANARY.COM
31 MayThe evolution of GPS.This week on T-Minus: Space-Cyber Briefing: we look at GPS and how this technology has become instrumental to modern society. As governments have expanded the public’s use of this technology it has evolved from a fringe service to one that supports many of the modern day services…THECYBERWIRE.COM
18 MayN2K CyberWire's T-Minus returns with focus on the critical intersection of space and cybersecurityN2K Networks today announced the next evolution of its space-focused podcast as T-Minus: Space-Cyber Briefing, a new weekly program dedicated to the expanding intersection of space and cybersecurity, on the N2K CyberWire network.THECYBERWIRE.COM
13 May[Webinar] Why Your AppSec Tools Miss the "Lethal Path" (and How to Fix It)TL;DR: Stop chasing thousands of "toast" alerts. Join experts from Wiz and Okta/GitLab to learn how hackers connect tiny flaws to build a "Lethal Chain" to your data—and how to break it. Register for the Strategic Briefing Here. Most security tools work like a smoke alarm that go…THEHACKERNEWS.COM
13 MayUK moves to shield security researchers in cybercrime law overhaulThe proposed reforms, outlined in briefing documents published alongside the King’s Speech opening a new parliamentary session, would update the Computer Misuse Act 1990 as part of a broader national security package focused on cybercrime and digital threats.THERECORD.MEDIA
4 AprElastic Security Integrations Roundup: Q1 2026Elastic Security Labs announces nine new integrations for Elastic Security spanning cloud security, endpoint visibility, email threat detection, identity and SIEM.ELASTIC.CO
🎙️ PODCASTS 42[+]
11 JunDrug Sites Hijacked Spotify’s Search Ranking Through Fake PodcastsA joint congressional report describes a spam operation that turned tens of thousands of fake podcasts into search-engine bait for illegal pharmacy and scam sites.WIRED.COM
11 JunWhy Identity Must Evolve for AI-Driven Work with Peter Barker from Ping IdentityPeter Barker, Chief Product Officer at Ping Identity, joins Dave Bittner on the CyberWire Daily podcast for a sponsored Industry Voices. Peter discusses how AI agents, copilots, and automation are reshaping enterprise identity, creating demand for systems that can operate beyond …THECYBERWIRE.COMHTTPS:
10 JunSimplifying Security for SMBs with Joe Sykora, CEO from CoroJoe Sykora, CEO of Coro, joins Dave Bittner on the CyberWire Daily podcast for a sponsored Industry Voices to discuss the cybersecurity challenges facing SMBs and the MSPs that support them. Joe explains why fragmented security stacks create unnecessary complexity, how AI is help…THECYBERWIRE.COMHTTPS:
10 JunSmashing Security podcast #471: This AI worm just rewrote its own rulesResearchers at the University of Toronto have built a worm that thinks for itself. Using free off-the-shelf AI models it works out how to break into each new computer it encounters, and hijacks the powerful ones to host its own AI brain. And then the researchers discovered their …GRAHAMCLULEY.COM
9 JunInside the Media Mind of Joel Witts: Expert InsightsIn this episode of #IMM, Christine and Madison sit down with Joel Witts, Director of Content and Co-Founder at Expert Insights.THECYBERWIRE.COM
5 JunSoap Box: Detection and response in the AI ageIn this sponsored Soap Box edition of the Risky Business podcast Patrick Gray chats with Edward Wu, founder of Dropzone, about what AI is doing to detection, response and the SOC more generally. Dropzone makes AI agents that conduct alert investigations in your SOC, but will the …RISKY.BIZ
4 JunIs Your Enterprise AI Strategy Delivering ROI Yet?Your enterprise AI strategy isn’t as far along as you think. The reality for most organizations today is that AI is disrupting existing processes more than it’s delivering outcomes… so far. And according to Dr. Grace Trinidad, Research Director at IDC, that’s how it should be. In…THECYBERWIRE.COM
4 JunNavigating AI Vulnerabilities and Machine-Speed Threats with Jason Kikta from AutomoxJason Kikta, CTO at Automox, joins Dave Bittner on the CyberWire Daily podcast for a sponsored Industry Voices to discuss why speed has become the defining challenge in modern cybersecurity. Jason explores how organizations can balance AI-driven innovation with practical risk man…THECYBERWIRE.COMHTTPS:
3 JunSmashing Security podcast #470: This AI security flaw might be impossible to fixA website called "UK visa portal" has been quietly collecting passport scans, selfies, and personal data from thousands of travellers who thought they were applying through official channels. They weren't. And when a journalist tried to warn the company, it was lawyers who respon…GRAHAMCLULEY.COM
3 JunThe MSP's Expanding Security Mission with Benjamin Morrell from Coro CybersecurityBenjamin Morrell, Vice President of Security Strategy at Coro, joins Dave Bittner on the CyberWire Daily podcast for a sponsored Industry Voices to discuss the evolving cybersecurity challenges facing SMBs and the MSPs that support them. Ben explores the risks created by fragment…THECYBERWIRE.COMHTTPS:
1 JunPayment apps are watching what you say (Lock and Code S07E11)This week on the Lock and Code podcast, we speak with Rainey Reitman about financial censorship that boots customers off major payment apps.MALWAREBYTES.COM
1 JunThe Content Challenge Behind AI Adoption with Heather Ceylan from BoxHeather Ceylan, CISO at Box, joins Dave Bittner on the CyberWire Daily podcast for a sponsored Industry Voices to discuss why many organizations have a content problem, not just an AI problem. Heather explains how fragmented, unstructured, and poorly governed content undermines A…THECYBERWIRE.COMHTTPS:
28 MayBuilding Crisis Response Plans That Work Under Pressure with Courtney Guss of Semperis.Courtney Guss, Crisis Management Director at Semperis, joins Dave Bittner on the CyberWire Daily podcast for a sponsored Industry Voices to discuss why crisis planning must evolve beyond audit checklists and static documentation. She explains how organizations can build faster, m…THECYBERWIRE.COMHTTPS:
27 MayThe Case for Internal Comms with Thereasa RoyInternal comms is one of those marketing functions that doesn't always get its own seat at the table, but probably should. Thereasa Roy, formerly Director of Technical Solutions Marketing at Trail of Bits, now Director of Product Marketing at Oversight joins Gianna to talk throug…THECYBERWIRE.COM
21 MayWho’s responsible when AI starts making mistakes?With over two decades of experience spanning global CIO and CISO roles Sachin Jain has a perspective on accountability that goes well beyond the CISO's desk. In this episode, Sachin shares why AI governance is a shared responsibility across the organization, and offers practical …THECYBERWIRE.COM
20 MayBuilding AI Content Systems That Actually Work with David Ebner of Content WorkshopDavid Ebner has been building content for security and tech brands for 13 years, and the work has changed significantly with the dawn of the AI content era. He comes back on the show to talk about what AI systems look like inside a marketing team, how they get built, and what ste…THECYBERWIRE.COM
18 MayAI is distorting the Holocaust (Lock and Code S07E10)This week on the Lock and Code podcast, we speak with Clara Mansfeld about how AI-generated imagery is warping the history of the Holocaust.MALWAREBYTES.COM
17 MayFrom cyberspace to space-cyber.For years, in-space internet capabilities were rarely worth the hassle. Now, that’s changing. In today’s episode, Maria Varmazis and Ethan Cook sit down to discuss how internet data moves through space systems and its recent advancements. For decades, GEO satellites made up m…THECYBERWIRE.COM
13 MayCyber Creator Tyler Ramsbey Shares How to Grow an Audience & Community in CyberThis episode is a little different. We're sharing a session from Behind the Cyber Creator, a live AMA series we run at the Cybersecurity Marketing Society, and Tyler Ramsbey was our first guest. Tyler went from pastor to pentester, built a study group into a community of 15,000 p…THECYBERWIRE.COM
12 MayInside the Media Mind of Shaun Waterman: FreelancerIn this latest episode of #IMM, Christine and Madison welcome Shaun Waterman, freelance journalist specializing in cybersecurity, space and federal contracting.THECYBERWIRE.COM
7 MayHow do we secure applications when anyone can code?Ashish Rajan doesn’t sugarcoat what it means to be a security leader in the AI era. This is a moment where innovation is outpacing control. Where AI is being embedded into everything, often faster than organizations can understand, govern, or secure it. Ashish is a CISO, trusted …THECYBERWIRE.COM
6 MaySmashing Security podcast #466: Meta sees everything, Copy Fail, and a deepfake gets hiredMeta's smart glasses promise privacy "designed for you" - but everything they record was being beamed off to workers in Nairobi to label by hand. When those workers blew the whistle, Meta sacked all 1,108 of them. Meanwhile, the IT press is in a frenzy over a new Linux bug called…GRAHAMCLULEY.COM
5 MayHow the Story of a USB Penetration Test Went ViralTwo decades ago Dark Reading posted its first blockbuster — a column by a pen tester who sprinkled rigged thumb drives around a credit union parking lot and let curious employees do the rest. This episode looks back at the history-making piece with its author Steve Stasiukonis, D…DARKREADING.COM
25 AprCybersecurity Today Weekend: Deepfakes, the Death of Truth, and Verifying AI in the Enterprise📍 again, we'd like to thank Meter for their support in bringing you this podcast Meter delivers full stack networking infrastructure, wired, wireless, and cellular to leading enterprises. Working with their partners, meter designs, deploys and manages everything required to get p…CYBERSECURITYTODAY.LIBSYN.COM
22 AprAlignment Episode: How Traci Byrne Works Across CISOs, Startups, and PartnersTraci Byrne has spent a lot of her time aligning CISOs, startups, and internal teams. In this episode, she breaks down how she does that, starting with listening, understanding what each side is trying to do, and using that to guide decisions without forcing them. That same appro…THECYBERWIRE.COM
22 AprThe AI-driven gap between innovation and security with Brian Vecci from VaronisBrian Vecci, Field CTO at Varonis joins Dave Bittner on the CyberWire Daily podcast for a sponsored Industry Voices at the RSA Conference 2026. He explains how the rapid shift to autonomous AI agents is widening the gap between innovation and security, and why organizations must …THECYBERWIRE.COMHTTPS:
21 AprThe Three-Layer Strategy for Autonomous Agent Governance with Joe Hladik and Amit MalikHost Caleb Tolin is joined by Joe Hladik and Amit Malik of Rubrik Zero Labs to dissect the "Agentic Paradox" where 86% of leaders expect AI to outrun their guardrails. As enterprises rush to adopt autonomous bots for revenue growth, they are creating a massive security vacuum in …THECYBERWIRE.COM
21 Apr[Podcast] It's not you, it's your printer: State-sponsored and phishing threats in 2025In this episode of Talos Takes, Amy and Martin Lee unpack state-sponsored and phishing trends from the 2025 Talos Year in Review.TALOSINTELLIGENCE.COM
20 AprBeyond IT: Cybersecurity is a strategic business riskWhy cybersecurity now demands C-suite attention and accountability.CYBERSECURITYDIVE.COM
20 AprBig Tech can stop scams. They just don’t (Lock and Code S07E08)This week on the Lock and Code podcast, we speak with Marti DeLiema about what really works in protecting older adults from financial scams.MALWAREBYTES.COM
20 AprBuilding a unified security ecosystem with Melissa K. Smith from SentinelOneMelissa K. Smith, SVP of Global Strategic Partnerships and Initiatives at SentinelOne joins Dave Bittner on the CyberWire Daily podcast for a sponsored Industry Voices at the RSA Conference 2026. She discusses how strategic partnerships are helping organizations move beyond fragm…THECYBERWIRE.COMHTTPS:
17 AprAuslegungssache 157: Datenschutz vor GerichtIm c't-Datenschutz-Podcast erklärt Niedersachsens Datenschutzbeauftragter, wie Widerspruchsverfahren gegen Bußgelder ablaufen – und warum er außen vor bleibt.HEISE.DE
16 AprExtending zero trust beyond the endpoint with Rob Allen from ThreatLockerRob Allen, CPO at ThreatLocker joins Dave Bittner on the CyberWire Daily podcast for a sponsored Industry Voices at the RSAC Conference 2026. He discusses the evolution of zero trust beyond applications into network and cloud access, and how enforcing deny-by-default policies at …THECYBERWIRE.COMHTTPS:
15 AprHuman-centered security in an AI world with Johnny Hand from TrendAIJohnny Hand, VP for AI Excellence at TrendAI joins Dave Bittner on the CyberWire Daily podcast for a sponsored Industry Voices at the RSAC Conference 2026. He shares why organizations need to focus on AI operational excellence, how AI is accelerating both opportunity and risk in …THECYBERWIRE.COMHTTPS:
10 AprSnake Oilers: Burp AI, Sondera and Truffle SecurityIn this edition of the Snake Oilers podcast three vendors stop by to pitch the audience on their products: Burp AI and DAST: The founder of PortSwigger and creator of legendary security software Burp Suite, Dafydd Stuttard, drops by to pitch listeners on Burp AI and Burp Suite DA…RISKY.BIZ
8 AprSmashing Security podcast #462: LinkedIn is spying on you, and you agreed to nothingLinkedIn has been secretly scanning your browser for over 6,000 installed extensions — on every single click you make. It can tell if you're job hunting, what religion you are, and whether you have ADHD. And none of this is mentioned anywhere in their privacy policy. Meanwhile, C…GRAHAMCLULEY.COM
5 AprKiller robots are here. Now what? (Lock and Code S07E07)This week on the Lock and Code podcast, we speak with Peter Asaro about killer robots, how to stop them, and their obvious consequences.MALWAREBYTES.COM
28 MarRSAC Recap: Agentic AI and Interview With Commvault CISO Bill O'ConnellRSAC Recap: Agentic AI Takes Over, Security Funding Shifts, and Why CISOs Must Focus on Resilience Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integra…CYBERSECURITYTODAY.LIBSYN.COM
27 MarSoap Box: Red teaming AI systems with SpecterOpsIn this sponsored Soap Box edition of the show, Patrick Gray and James Wilson talk about red teaming AI systems with Russel Van Tuyl, Vice President of Services at elite penetration testing firm SpecterOps. SpecterOps is the company behind attack path enumeration tool Bloodhound …RISKY.BIZ
26 MarSmashing Security podcast #460: Never knock on the door of a nuclear submarine base and ask for a selfieA disgruntled data analyst decides that the best response to losing his contract is to steal the entire company payroll database and demand $2.5 million in Bitcoin - signing his extortion emails from a company called "Loot." Meanwhile, two people drive up to the entrance of the U…GRAHAMCLULEY.COM
19 MarSmashing Security podcast #459: This clever scam nearly hijacked a tech CEO’s Apple IDIn episode 459 of Smashing Security, we dive into a chillingly clever account takeover attempt targeting WordPress co-founder Matt Mullenweg - involving MFA fatigue, real Apple alerts, a convincing support call, and a phishing page that oh-so-nearly worked. If a famous techie cou…GRAHAMCLULEY.COM
18 MarRisky Business #829 -- Sneaky lobsters: Why AI is the new insider threatOn this week’s show, Patrick Gray, Adam Boileau and James WIlson discuss the week’s cybersecurity news. They discuss: Iran’s Intune-based wiper attack on medical device maker Stryker Qihoo 360’s AI publishes its own wildcard TLS cert private key Instagram is canning its end-to-en…RISKY.BIZ
📡 INFOSEC NEWS 868[+]
13 JunGoogle Sues Chinese Smishing Network Accused of Using Gemini AI in PhishingGoogle on Friday said it's pursuing legal action against a Chinese cybercrime network, accusing it of using its Gemini artificial intelligence (AI) agent to send phishing text messages targeting Americans. The network is said to be behind the development and management of a phish…THEHACKERNEWS.COM
13 JunU.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign NationalsAnthropic said on Friday it will "abruptly disable" its most advanced artificial intelligence (AI) models, Claude Fable 5 and Mythos 5, for all users after the U.S. government ordered it to suspend access to the models for foreign nationals, whether inside or outside the U.S., ci…THEHACKERNEWS.COM
13 JunUS Gov asks Anthropic to ban 'foreign national' access to Fable, MythosThe US government has ordered Anthropic to block all foreign nationals from accessing Fable 5 and Mythos 5, forcing the company to suspend both models worldwide. Anthropic is complying but disputes the basis, calling the cited jailbreak narrow and the capability widely available …BLEEPINGCOMPUTER.COM
12 JunPhishing Attack Volume Down 20%, but Risk Still RisingHackers are valuing quality over quantity, using AI to upgrade their phishing attacks rather than multiplying them.DARKREADING.COM
12 JunFake verification pages are stealing Steam accounts from playersA convincing fake FACEIT verification page is stealing Steam accounts by using a fake login window that looks completely legitimate.MALWAREBYTES.COM
12 JunOver 80% of Sports Organizations Targeted by Hackers in the Last YearAs the FIFA World Cup 2026 kicks off, a new Darktrace report warns that sports teams and bodies are a major target for cyber criminalsINFOSECURITY-MAGAZINE.COM
12 JunUS surveillance law to expire for first time after lawmakers reject Trump’s controversial pick to lead spy agenciesThe spy law known as Section 702, which authorizes the NSA and FBI's warrantless surveillance, will all but certainly expire on Friday for the first time.TECHCRUNCH.COM
12 JunMicrosoft fixes Windows update failures linked to WUSA installerMicrosoft has fixed a known issue that caused Windows updates released since May 2025 to fail when installed via the Windows Update Standalone Installer (WUSA) from a network share. [...]BLEEPINGCOMPUTER.COM
12 JunStolen iPhones could soon be worth a lot less to thievesApple and the Met Police are working together to make stolen iPhones harder to reset, resell, and profit from.MALWAREBYTES.COM
12 JunEarly Warning Signs of Supply-Chain Attacks Live in the Dark WebGitHub access sales, leaked repositories, and stolen API keys can all become supply-chain attack footholds. Flare explores how underground forums expose early signals tied to software supply-chain risk. [...]BLEEPINGCOMPUTER.COM
12 JunClaude Fable 5 Doesn't Change the Mythos Security StoryStay cool: Mythos 5 is an upgrade over Mythos Preview while Fable 5 is Mythos "made safe for general use," Anthropic explained.DARKREADING.COM
12 JunGoogle sues alleged Chinese cybercrime operation that used AI to send scam textsThe tech giant said a group called "Outsider Enterprise" used AI to scam hundreds of thousands of victims, sending 2.5 million text messages over a span of two weeks.TECHCRUNCH.COM
12 JunMajor US surveillance program poised to lapse after legislative deadlockIt is the first lapse of the spy program, known as Section 702 of the Foreign Intelligence Surveillance Act (FISA), since it was passed into law in 2008.THERECORD.MEDIA
12 JunPrivacy own-goal: World Cup blunder leaks Lionel Messi’s passport detailsArgentina's World Cup squad had their passport numbers leaked before a ball was kicked - not by hackers, but by someone who failed to redact a document properly. document. It's a mistake that has been made many times in the past... Read more in my article on the Hot for Security …BITDEFENDER.COM
11 JunNew “Agentjacking” Attacks Could Hijack AI Coding AgentsTenet Security researchers reveal how new “agentjacking” attacks could trick coding agents into executing arbitrary codeINFOSECURITY-MAGAZINE.COM
11 JunChildren’s phones must block nude images by September, UK saysApple and Google have three months to block nude images on children's phones. They're not allowed to collect any data while they do it.MALWAREBYTES.COM
11 JunData of 2.4 million VRChat users stolenWe explain what data was exposed, the potential risks, and the steps you should take now.MALWAREBYTES.COM
11 JunInterpol Dismantles SniperDz Phishing-as-a-Service PlatformNew revelations by Group-IB expose the full scale of the decade-old SniperDz phishing operationINFOSECURITY-MAGAZINE.COM
11 JunLABScon25 Replay | Keynote: Steps to an Ecology of CyberDecades of piling complexity onto non-standardized stacks have left security unsteerable. Juan Andrés Guerrero-Saade makes the case for a new approach.SENTINELONE.COM
11 JunWhy AI-driven threats are exposing the limits of MSP security stacksAI-driven attacks are exposing the limits of fragmented MSP security stacks and slow response workflows. Kaseya breaks down why integrated security, automation, and recovery are becoming essential. [...]BLEEPINGCOMPUTER.COM
11 JunHow threat hunting evolves at scaleWe offer a practical roadmap for evolving informal, ad hoc threat hunting practices into a mature, scalable programREDCANARY.COM
11 JunGoogle can be liable for false AI Overviews, court rules"AI can make mistakes" isn't a good enough legal defense for defamatory or incorrect AI Overviews, a German court has ruled.MALWAREBYTES.COM
11 JunSegmentation Works for OT If Operators Are Paying AttentionOperational technology security remains as difficult as ever, with even the best practice recommendation falling short.DARKREADING.COM
11 JunNew Attacks Trick OpenClaw AI Agent Into Running Code and Leaking SecretsTwo security teams have shown, in separate research published this week, that OpenClaw, the popular self-hosted AI agent, can be driven to run attacker-controlled code or hand over sensitive data through ordinary-looking inputs. Imperva buried instructions inside shared contacts,…THEHACKERNEWS.COM
11 JunA tale of two erasIn this week’s newsletter, Amy reminisces on the tech toys of their childhood, inspired by a hilarious lesson about why your digital privacy shouldn't be left on an open channel.TALOSINTELLIGENCE.COM
11 JunGrok Is Still Hosting Sexualized Deepfakes of Famous WomenA WIRED investigation found dozens of “nudified” deepfake images and videos on Grok's website, including nonconsensual depictions of celebrities and at least one prominent US politician.WIRED.COM
11 JunNY State Congress passes new bills focused on AI and consumer protections.Meta files a complaint against NSO Group.THECYBERWIRE.COM
10 JunWeekly Threat Bulletin – June 10th, 2026These are the top threats you should know about this week.F5.COM
10 JunIvanti: Max severity Sentry flaw allows code execution as rootIvanti has patched two critical vulnerabilities in its Sentry secure mobile gateway solution, including a maximum-severity flaw that enables remote attackers to execute code with root privileges. [...]BLEEPINGCOMPUTER.COM
10 JunAnthropic Releases Claude Fable 5, Its Most Powerful AI Yet, With Cyber SafeguardsOn June 9, Anthropic released Claude Fable 5, the most capable model it has ever made, generally available. It also did something unusual: it shipped one model as two products, split not by capability but by a layer of safety classifiers. Fable 5 goes to the public. Its twin, Cla…THEHACKERNEWS.COM
10 JunSoccer Fans, You’re Being WatchedFrom anti-drone tech to face recognition, 2026 World Cup stadiums in the US, Canada, and Mexico are subjecting fans to an array of surveillance tech. Here’s what you need to know.WIRED.COM
10 JunMapping Every Flock License Plate Reader Near US World Cup StadiumsMost US World Cup stadiums are surrounded by surveillance cameras. Want to know if you’re being watched on your way to a match? These maps will help you.WIRED.COM
10 JunAmnesty International Warns That World Cup Fans Face Potential Human Rights ViolationsThe organization claims that the FIFA tournament could have impacts on the rights of local people and visiting soccer fans in all three host countries.WIRED.COM
10 JunYour Automated Pentest Looks Clean. See What It Missed in This Expert WebinarYour pentest report looks clean. That might be the problem. Run automated pentesting long enough, and the new findings start to dry up. By the third or fourth run, fewer issues appear. The report looks stable. Leadership reads "stable" as "secure." It usually isn't. The work slow…THEHACKERNEWS.COM
10 JunNew Fable 5 Is a "Mythos-Class" LLM Available to All, Anthropic AnnouncesAnthropic unveils Claude Mythos 5 and Fable 5, a restricted-access frontier AI model and guardrailed version for everyone to useINFOSECURITY-MAGAZINE.COM
10 JunMicrosoft: Some Windows PCs fail to install latest monthly updatesMicrosoft warned customers on Tuesday that they may have issues installing the latest monthly updates on some Windows devices that were upgraded to Windows 11 24H2 or 25H2. [...]BLEEPINGCOMPUTER.COM
10 JunServiceNow tells customers a bug left some of their data exposed to the internetServiceNow is used by thousands of enterprises to automate their internal processes, but says several customers had data accessed because of a security bug.TECHCRUNCH.COM
10 JunWrongful Arrest Exposes Failures in One of the Oldest Police Face-Recognition Tools in the USThe ACLU is suing two Florida police departments over the arrest of a Fort Myers man in a child-abduction case, saying officers treated a flawed face-recognition match as a near-certain ID.WIRED.COM
10 JunThe 5 Best Practices for Secure Identity VerificationAttackers are increasingly bypassing weak authentication through phishing, MFA fatigue, and service desk social engineering. Specops Software breaks down five best practices for stronger identity verification and access security. [...]BLEEPINGCOMPUTER.COM
10 JunCybersecurity researchers aren’t happy about the guardrails on Anthropic’s FableCybersecurity researchers are complaining that Anthropic's new model Fable has guardrails that are too strict for any cybersecurity work.TECHCRUNCH.COM
10 JunGitHub announces npm security changes to tackle supply-chain attacksGitHub has announced that npm v12, expected next month, will introduce several security-focused changes aimed at blocking supply-chain attacks abusing behaviors triggered by the 'npm install' command. [...]BLEEPINGCOMPUTER.COM
10 JunCyera raises $600 million in a Series G round led by Evolution Equity Partners.A Security has emerged from stealth with $37 million in funding.THECYBERWIRE.COM
10 JunTrump Risks Key Surveillance Authority Over ‘Unqualified’ Spy-Chief PickUS lawmakers are alarmed that Bill Pulte, a housing official with no intelligence experience, is poised to take charge of one of the government's most powerful surveillance tools.WIRED.COM
10 JunAI Risk Worries Insurers and Businesses AlikeAs companies adopt AI, many insurance firms are explicitly excluding AI risks, while others are forging ahead to create the right framework. What risks can firms reasonably manage?DARKREADING.COM
9 JunWhatsApp Discovers NSO Group-Linked Spearphishing AttemptsMeta’s WhatsApp demands contempt ruling after users report NSO Group-linked phishingINFOSECURITY-MAGAZINE.COM
9 JunNew FROST Attack Lets Websites Track What Sites and Apps You Open via SSD TimingA malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and the timing of your SSD. The attack, called FROST, needs no native code, no extension, and no permission prompt. You open the page, leave the tab sitting there, and it …THEHACKERNEWS.COM
9 JunThe Hidden Security Risk in Modern Networks: The Work Between ToolsOrganizations have more visibility than ever. Growing tech stacks provide greater coverage, and network security teams are increasingly adopting AI and automation to help with routine tasks and reduce manual effort. But the same challenges persist. Outages still last hours, causi…THEHACKERNEWS.COM
9 JunScammers love Meta, according to Lloyds BankFacebook, Instagram, and WhatsApp account for more than two thirds of fraud reports made by Lloyds customers.MALWAREBYTES.COM
9 JunCritical phpBB Flaw Lets Attackers Hijack Any Account with One RequestCritical phpBB authentication bypass lets attackers hijack any account with one requestINFOSECURITY-MAGAZINE.COM
9 JunMeta’s face-recognition code raises new concerns about smart glassesAs smart glasses become more capable, concerns about face recognition, covert recording, and biometric surveillance are growing.MALWAREBYTES.COM
9 JunAI Coding Adoption Hits 97% but Governance Lags BehindMost dev teams use AI coding assistants but only 30% have full governance in placeINFOSECURITY-MAGAZINE.COM
9 JunWindows 11 KB5094126 & KB5093998 cumulative updates releasedMicrosoft has released Windows 11 KB5094126 and KB5093998 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. [...]BLEEPINGCOMPUTER.COM
9 JunMeta to Use Off-Site Business Data for Feed and AI PersonalizationMeta on Tuesday announced that it will use information shared by other businesses to personalize users' feed and responses from its artificial intelligence (AI) chatbot, expanding its scope beyond targeted ads. "Businesses often share information about people's activity on their …THEHACKERNEWS.COM
9 JunMicrosoft Exchange Flaw Lets Attackers Spoof Any Email Address"Ghost-Sender" uses Exchange Online or on-premises in hybrid mode with a third-party mail server or spam filter to achieve this level of spoofing.DARKREADING.COM
9 JunAnthropic rolls out Claude Fable 5, but it's available for a limited timeAnthropic has begun rolling out a new model called "Fable," which is based on the same underlying model as Mythos, its most powerful AI model class. [...]BLEEPINGCOMPUTER.COM
8 JunAll the Ways Europe Is Ditching American TechnologyA WIRED timeline shows how dozens of governments, companies, and other organizations across Europe are moving, or planning to shift, away from US Big Tech.WIRED.COM
8 JunThe new risk equation: Why endpoint security is a financial imperativeCyber risk is financial risk; endpoint security in financial services is a business imperative.CYBERSECURITYDIVE.COM
8 JunInfosecurity Europe: How DSIT Protects Thousands of UK Orgs from Cyber VulnerabilitiesThe Department of Science, Innovation and Technology details how a combination of hands-on human advice and technology systems keeps government agencies safeINFOSECURITY-MAGAZINE.COM
8 JunInfosecurity Europe: Prompt Injection Remains Unsolved, OWASP Researcher WarnsAt Infosecurity Europe 2026, OWASP’s Ariel Fogel warned that prompt injection remains an “unresolved problem” within generative AI architectureINFOSECURITY-MAGAZINE.COM
8 JunIntroducing Wiz Cloud Cost: Powering Cost Management and Optimization with ContextWiz unifies cloud and AI cost visibility to help teams eliminate waste and improve spend efficiency across their AWS, Azure, and GCP environments.WIZ.IO
8 JunMassachusetts votes to pass new privacy rights bill that bans sale of precise location dataThe bill is expected to blanket ban companies and startups from selling people's precise location data across the state.TECHCRUNCH.COM
8 JunOpenAI Unveils ChatGPT Account Security ControlsOpenAI brings Lockdown Mode and Active Sessions to ChatGPT to curb prompt injection data theftINFOSECURITY-MAGAZINE.COM
8 JunReducing security operations complexity with Wazuh CloudSecurity teams are increasingly overwhelmed by alert fatigue, infrastructure maintenance, and complex hybrid environments. This article explores how Wazuh Cloud helps simplify SIEM/XDR operations through managed infrastructure, automated scaling, and AI-driven security analysis. …BLEEPINGCOMPUTER.COM
8 JunAmericans lost nearly $900 million to AI-powered scams, FBI saysDeepfakes, voice cloning, and other AI-powered scams cost Americans nearly $900 million in 2025, says the 2025 FBI Internet Crime Report.MALWAREBYTES.COM
8 JunCritical UniFi OS bug lets hackers gain root without authenticationAttackers can chain three already fixed vulnerabilities in the Ubiquiti UniFi OS server to execute remote code with root privileges and without authentication. [...]BLEEPINGCOMPUTER.COM
8 JunInvestigating suspicious AI workflows in Microsoft Entra Agent ID: Assistive agentsEntra ID agent users can send malicious content to human users via Microsoft Teams. Here’s what to look out for.REDCANARY.COM
8 JunOperationalizing AWS security: A maturity roadmapEnabling security tooling is the starting point. Making it operational—where findings drive decisions, response times are measurable, and your security posture improves week over week—is where most organizations struggle. This blog post provides a phased maturity roadmap for orga…AWS.AMAZON.COM
8 JunWhatsApp says NSO targeted users with spearfishing attacks in violation of court orderWhatsApp said it is filing a federal court contempt order against NSO for violating a permanent injunction that bars it from mounting attacks against its users.THERECORD.MEDIA
8 JunArmenia’s pro-Europe party wins election despite Russia-linked disinformationPashinyan's Civil Contract party won nearly 50% of Sunday's vote, defeating the pro-Russian Strong Armenia party led by Russian-Armenian billionaire Samvel Karapetyan, which received around 23% of the vote.THERECORD.MEDIA
8 JunMeta Deletes Face-Recognition System From Its Smart Glasses App After WIRED ReportThe code WIRED identified is gone from the latest version of Meta AI, the companion app for the company’s smart glasses. Meta won’t say why or whether it’s coming back.WIRED.COM
8 JunIran Signed a Ceasefire — Its Hackers Didn'tAn extension of the Geneva Conventions could impose restrictions on cyberwarfare under ceasefire conditions and close a major loophole in international conflict.DARKREADING.COM
8 JunSilent Ransom Group Hits US Law Firms in Escalating Extortion AttacksThe financially motivated group is combining vishing, IT impersonation, and in-person office intrusions to steal data and extort victims.DARKREADING.COM
7 JunSilent Ransom Group targets law firms with fake IT support callsThe Silent Ransom Group extortion gang is actively targeting U.S. law firms and professional services organizations in social engineering attacks that often lead to data theft within hours of initial contact, according to a new report by cybersecurity firm Mandiant. [...]BLEEPINGCOMPUTER.COM
6 JunFree Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AIA researcher has reverse-engineered the iOS SDK that Bright Data embeds in consumer apps and documented how it turns devices, including always-on smart TVs, into exit nodes that relay web-scraping traffic for a data business Bright Data markets heavily to the AI industry. The com…THEHACKERNEWS.COM
6 JunCrypto-Funded Chinese Peptide Labs Are BoomingPlus: Hackers use Meta’s AI bots to hack Instagram accounts, Anthropic helps NSA hackers, a decades-long GPS satellite mystery may have been solved, and more.WIRED.COM
6 JunOpenAI unveils Lockdown Mode to protect sensitive data from prompt injection attacksEven with Lockdown Mode, ChatGPT could be still vulnerable to prompt injections, but the goal is to reduce the likelihood that sensitive data gets shared in the process.TECHCRUNCH.COM
5 JunInfosecurity Europe: AI Coding Tools Need Built-In Security for Agentic Development EraOx Security field CTO, Boaz Barzel, makes the case for vibe security to tackle AI agent coding risksINFOSECURITY-MAGAZINE.COM
5 JunInfosecurity Europe: Reactive Security Is Failing Healthcare Organizations, Experts WarnA perfect storm of legacy devices, hyper connectivity and human fatigue is bad news for the healthcare sector, warns Cyber SalusINFOSECURITY-MAGAZINE.COM
5 JunAI: Threat, tool, or both?Public concern about AI is rising. We look at what's driving it, and why cybersecurity occupies a unique place in this debate.MALWAREBYTES.COM
5 JunInfosecurity Europe: OWASP Introduces Agentic AI Security Maturity FrameworkThe OWASP agentic AI security framework helps organizations assess governance maturity vs adoption and adjust governance as neededINFOSECURITY-MAGAZINE.COM
5 JunInfosecurity Europe: Practical Lessons From Lloyds' Agentic AI Security PlaybookLloyds Banking Group shared its approach for securing agentic AI workflows, with a mix of hands on experimentation and cross functional governanceINFOSECURITY-MAGAZINE.COM
5 JunOnly 10% of SOCs Say They’re Getting Excellent Value From AI. Here’s What the Second Wave Has to DeliverEighteen months ago, the AI SOC was a marketing line. Today it's a budget item. The category has crossed over from interesting to inevitable, with billions of dollars now flowing into AI-powered security operations platforms, agentic SOC tools, and AI co-pilots built into every l…THEHACKERNEWS.COM
5 JunWhat 2026 DBIR Confirms: Attacks Are Living in the BrowserPhishing, shadow AI, malicious extensions, and credential theft increasingly happen inside the browser. Keep Aware explains what the 2026 Verizon DBIR reveals about browser-layer security gaps and modern attacks. [...]BLEEPINGCOMPUTER.COM
5 JunGot a LinkedIn message from a recruiter? It might be Chinese intelligence, warn FBI and MI5If you've ever received an out-of-the-blue message via LinkedIn from a recruiter offering some well-paid consultancy work, intelligence agencies have a message for you: be very careful. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
5 JunDark web Nemesis Market vendor gets 26 years for selling drugsA California man was sentenced to more than 26 years in federal prison for trafficking fentanyl and methamphetamine through Nemesis Market, one of the world's largest dark web marketplaces. [...]BLEEPINGCOMPUTER.COM
5 JunSuspicious Polyfill login prompts pop up on Toshiba, Muji websitesTech giant Toshiba and mega-retailer Muji warned visitors that suspicious sign-in screens popping up on their websites could collect credentials. [...]BLEEPINGCOMPUTER.COM
4 JunDoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in AssetsThe U.S. Department of Justice (DoJ) on Wednesday announced the results of a sweeping action undertaken by government authorities and private sector companies to combat cyber-enabled and cryptocurrency fraud targeting Americans. The "Disruption Week" operation began May 18, 2026,…THEHACKERNEWS.COM
4 JunWhatsApp, Slack Notifications Could Hijack Google Gemini on AndroidA single poisoned notification from WhatsApp, Slack, SMS, Signal, Instagram, or Messenger could have hijacked Google Gemini's voice assistant on Android and made it open a victim's connected windows, fake a message from their boss, push the phone into a Zoom call, or quietly pois…THEHACKERNEWS.COM
4 JunMicrosoft's Coreutils for Windows, (Thu, Jun 4th)I&#;x26;#;39;ve been using the GnuWin32 CoreUtils for Windows for many years now (it gives you many *nix core commands on Windows).
ISC.SANS.EDU
4 JunEnterprise Spotlight: Rethinking cloud strategy in the age of AICloud computing has reached a crossroads. The high cost and data sensitivity of AI workloads are raising the appeal of private clouds, even as neoclouds and sovereign clouds shake up the cloud provider landscape. New cyberthreats, shifting compute requirements, and management com…US.RESOURCES.CSOONLINE.COM
4 JunFlorida vs OpenAI.This week, Dave and Ben sit down to Florida's recent lawsuit against OpenAI and Sam Altman. In the suit, Florida alleges that the company placed profits over safety needs. Additionally, the two cover a story on an ad-based surveillance network.THECYBERWIRE.COM
4 JunInfosecurity Europe: Raise Security Concerns with Procurement Now, Because Quantum Can’t WaitForescout VP of security intelligence, Rik Ferguson, warns that Q-day is fast approachingINFOSECURITY-MAGAZINE.COM
4 JunMeta’s AI support bot happily handed Instagram accounts to hackersHackers convinced an AI support bot to hand over Instagram accounts by changing recovery email addresses.MALWAREBYTES.COM
4 JunTravel scams are everywhere. Here’s how to avoid themLearn how to spot travel scams, avoid risky bookings, and keep your personal information out of the wrong hands.MALWAREBYTES.COM
4 JunWinning the cyber marathon with Tony GiandomenicoTony Giandomenico, Senior Director of Product Management, joins Amy to discuss the Talos Threat Hunting launch what he's excited about for the future of cybersecurity, and, of course, his Ironman triathlons.TALOSINTELLIGENCE.COM
4 JunHypotheses, telemetry, and human judgment: Inside Cisco Talos Threat HuntingLearn how Cisco Talos Threat Hunting uses hypothesis-driven methods and multi-domain telemetry correlation to find stealthy threats operating below automated detection thresholds.TALOSINTELLIGENCE.COM
4 JunInfosecurity Europe: How Proton Fights Against Cybercriminals Using Its ServicesProton uses machine learning models to detect abuse of its services – especially email addresses used by cybercriminalsINFOSECURITY-MAGAZINE.COM
4 JunPolice dismantles fake ID marketplace used by migrant smugglersFrench and Spanish authorities took down an online marketplace selling fake identity documents to migrant smuggling rings operating within the European Union. [...]BLEEPINGCOMPUTER.COM
4 JunFive Eyes warn Chinese spies are using job sites to recruit insidersThe alert warned that Chinese intelligence officers are posing as recruiters and consultants for front companies based outside China in order to target Five Eyes government and military personnel “and anyone with access to classified or privileged information.”THERECORD.MEDIA
4 JunChinese-Speaking Actor TA4922 Widens Its Global ReachNewly named Chinese-speaking actor TA4922 expands from East Asia into Europe and AfricaINFOSECURITY-MAGAZINE.COM
4 JunMicrosoft blames unexpected Windows driver updates on caching issueOn Wednesday, Microsoft fixed an issue that caused some Windows devices to install driver updates without notice despite policies configured to prevent auto-updates. [...]BLEEPINGCOMPUTER.COM
4 JunAI Threat Readiness Pillar 1: Reduce Critical Exposures & Scan with AIDiving into the first pillar of the AI Threat Readiness Framework and how Wiz helpsWIZ.IO
4 JunClaude Code GitHub Action Flaw Let One Malicious Issue Hijack RepositoriesA security researcher found a flaw in Anthropic's Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a single opened GitHub issue. Because Anthropic's own action repo used the same workflow, a working attack …THEHACKERNEWS.COM
4 JunCustomize federated sign-in with new Amazon Cognito Lambda triggerYou can use Amazon Cognito user pools to add sign-up and sign-in functionality to your web and mobile applications. You can authenticate users directly with Amazon Cognito managed accounts using passwords, passwordless flows, or custom authentication flows, or let users federate …AWS.AMAZON.COM
4 JunMeta Silently Added Face-Recognition Code for Its Smart Glasses to Millions of PhonesCode reviewed by WIRED uncovered an unreleased face-recognition system embedded in Meta’s smart glasses platform. It’s designed to identify people via biometric data stored on users’ phones.WIRED.COM
4 JunReporting from Vegas: Networking, AI, and good boysJoe’s on-the-ground report from Cisco Live U.S. is here, complete with therapy dog pictures and tips on handling conference overstimulation.TALOSINTELLIGENCE.COM
4 JunFTC considers setting aside or modifying $150 million privacy penalty against XTwitter, renamed X in 2023, filed a petition saying that the settlement terms are unfair because the order was issued against a company that “no longer exists,” the workers responsible for the scheme no longer work for X and the firm has since established a “world class” privacy …THERECORD.MEDIA
4 JunFiltr is a new privacy tool that blocks ads in almost every iPhone and Mac appThis popular ad blocker app for iPhones, iPads, and Macs can now block ads from loading inside apps, including web browsers, thanks to a new feature in the latest Apple software.TECHCRUNCH.COM
4 JunDefense tech, AI, and fundraising take center stage at StrictlyVC Los Angeles on June 18With just two weeks to go, StrictlyVC Los Angeles is quickly approaching. On Thursday, June 18, at The Aerospace Corporation Campus in El Segundo, investors, founders, and tech leaders will gather for an evening of conversation exploring some of the most consequential shifts taki…TECHCRUNCH.COM
4 JunAmazon Cognito unlocks advanced capabilities with next-generation infrastructureAmazon Cognito recently introduced high-throughput performance for demanding workloads, customer-managed keys for full control over data encryption at rest, and multi- Region replication for business continuity improvement. These capabilities were made possible through a next-gen…AWS.AMAZON.COM
4 JunBrave Software releases Origin for a paid, bloat-free browsing experienceBrave has announced the public release of Brave Origin, a paid minimalist version of its browser that strips out cryptocurrency, AI, rewards, and other monetization-focused features. [...]BLEEPINGCOMPUTER.COM
4 JunChina's TA4922 Expands Cybercrime Attacks GloballyOne of the world's most diverse, least-focused cybercrime groups is enlarging its footprint beyond East Asia.DARKREADING.COM
4 Jun4 Critical Threats Where Attackers Have the AdvantageGartner analysts issued a call to action to bolster defenses against several emerging critical threats, such as deepfakes and prompt injections.DARKREADING.COM
3 JunWeekly Threat Bulletin – June 3rd, 2026These are the top threats you should know about this week.F5.COM
3 JunInfosecurity Europe: AI-Powered Cybercrime Tools Surge on Dark WebHalcyon’s Cynthia Kaiser lifts the lid on the dark web market for AI cybercrime toolsINFOSECURITY-MAGAZINE.COM
3 JunInfosecurity Europe: Patch Responsibility Remains Up for Grabs as AI Unearths Decades of FlawsThe emergence of AI models capable to autonomously find and fix vulnerabilities at scale is having a significant impact on patching management, experts sayINFOSECURITY-MAGAZINE.COM
3 JunGoogle adds Android protection against AI deepfake scam callsGoogle is introducing a new Android security feature that will detect and flag phone calls in which scammers use artificial intelligence to impersonate a user's personal contacts. [...]BLEEPINGCOMPUTER.COM
3 JunAnthropic Expands Mythos Access to 150 More OrganizationsAnthropic widens Project Glasswing access to 150 more firms as patching becomes the bottleneckINFOSECURITY-MAGAZINE.COM
3 JunInfosecurity Europe: How to Get Boards to Prioritize Cyber Risk QuantificationCybersecurity leaders major companies discuss how they got support from the board on cyber riskINFOSECURITY-MAGAZINE.COM
3 JunMalicious Notifications Could Trick Google Gemini UsersA prompt injection flaw in Google Gemini's voice assistant let attackers hide malicious commands in notifications, enabling social engineering and more.DARKREADING.COM
3 JunShrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, decentralized teams, machine identities, and autonomous systems. The result is Ide…THEHACKERNEWS.COM
3 JunKeep getting calls from questionable numbers? Meet Scam Number CheckScam Number Check lets you quickly check whether a number has been linked to scams before you call back, share information, or send money.MALWAREBYTES.COM
3 JunContinuing Scans for swagger.json, (Wed, Jun 3rd)Enterprise applications often still use complex standards like SOAP for web services. The big advantage of SOAP is its tight and extensive standards, which enable interoperability across an enterprise governed by web services. The disadvantage of SOAP: First, while it is de facto…ISC.SANS.EDU
3 JunWhat 345 Days of Untested Exposure Looks Like at a BankA two-week penetration test can leave roughly 345 days of real-world exposure unvalidated. Sprocket Security explores why continuous testing is becoming critical as attack surfaces constantly change. [...]BLEEPINGCOMPUTER.COM
3 JunInstagram is alerting users who were targeted by hackers during AI chatbot attacksHackers appeared to take over victims’ accounts even after Meta said it fixed its AI-powered support chatbot, which granted hackers access to victims’ accounts.TECHCRUNCH.COM
3 JunWe found this fake-invoice campaign while scammers were still building itInvoices pretending to be from Amazon, PayPal, and others reveal how criminals use fear and phone calls to steal money and devices.MALWAREBYTES.COM
3 JunxAI Asks Court to Strip Alleged Grok Deepfake Nudes Victims of AnonymityFour people suing Elon Musk's AI firm under pseudonyms due to the risks of being identified may face a difficult choice: Reveal your real names, or drop the lawsuit.WIRED.COM
3 JunThreat Hunting Case Study: FileFixFileFix bypasses Mark of the Web (MotW) protections by hijacking the Windows File Explorer address bar. Here is how to hunt for it.INTEL471.COM
3 JunAI observability platform Coralogix raises $200 million in a Series F round.Dragos has acquired Nashville-based embedded device security company Phosphorus.THECYBERWIRE.COM
3 JunNew 'HTTP/2 Bomb' DoS attack crashes web servers in under a minuteA new denial-of-service (DoS) attack dubbed HTTP/2 Bomb can be launched from a single machine to take down web servers within seconds. [...]BLEEPINGCOMPUTER.COM
3 JunCyber Insurance Rates Are Dropping, but Exclusions WidenCyber insurance coverage is slowly changing, and some policies may not provide coverage for social engineering attacks like ClickFix.DARKREADING.COM
3 JunCoding Gaffe Exposes Microsoft 365 Accounts to Widespread TakeoverA disabled security setting meant to protect authentication across Android versions of key apps like Word, PowerPoint, and Excel paved the way for attackers to steal logins and data.DARKREADING.COM
2 Jun23andMe exposed genetic information of millions, lawsuit saysWhat began with stolen passwords ended with the exposure of nearly seven million users' DNA-related data, according to California's lawsuit.MALWAREBYTES.COM
2 JunInfosecurity Europe: UK Firms Prioritize AI Threat Preparedness as Cyber Risks EvolveUK organizations are prioritizing AI-driven cybersecurity as 43% cite AI-powered attacks as their top risk, prompting significant investment in advanced threat defenseINFOSECURITY-MAGAZINE.COM
2 JunThe Weather Report that Changed History"If any blame or fault attaches to the attempt, it is mine alone." This is the end of the announcement Supreme Allied Commander General Dwight David Eisenhower had prepared in June 1944 in case the D-Day landings failed. He never had to deliver it, but the fact that he wrote it t…THECYBERWIRE.COM
2 JunHow Leading Organizations Are Turning EDR Into Operational ResilienceMost organizations now recognize that endpoint protection alone is no longer sufficient. That's why adoption of endpoint detection and response (EDR) has accelerated rapidly in recent years. Organizations understand that modern attacks move faster, evade traditional prevention co…THEHACKERNEWS.COM
2 JunWardriving assessment across Mexico: Preparing for the 2026 World CupIn the lead-up to the 2026 FIFA World Cup, Kaspersky GReAT experts conducted a wardriving assessment in Mexico City, Monterrey, and Guadalajara to evaluate Wi-Fi hotspot security configurations and potential exposure risks.SECURELIST.COM
2 JunInfosecurity Europe: Bayer Reinvents Security Awareness Training to Counter AI ThreatsBayer’s security awareness training now focuses on psychological approaches rather than technical methods for detecting social engineeringINFOSECURITY-MAGAZINE.COM
2 JunInstagram users locked out after Meta AI abused to steal accountsMultiple Instagram users had their accounts hijacked after attackers convinced Meta's AI-powered support tools that they were the legitimate owners. [...]BLEEPINGCOMPUTER.COM
2 JunWhy the browser is now the front line for AI securityAI-powered attacks and shadow AI adoption are creating new security risks inside the browser. Push Security explains why browser visibility is becoming critical for both threat detection and AI governance. [...]BLEEPINGCOMPUTER.COM
2 JunMicrosoft Exchange Online outage causes email delays, failuresMicrosoft is working to address a widespread service issue affecting the mail flow pipeline for Exchange Online customers across North America and Germany. [...]BLEEPINGCOMPUTER.COM
2 JunAndroid Is Fighting Phone Scams With a New Feature to Prove Who's CallingAvailable for Android 12 and later, the anti-scam feature is baked into Google Dialer, which sends a silent “confirmation signal” to ensure whoever's calling you is who they appear to be.WIRED.COM
2 JunThese convincing copyright notices are designed to steal Google loginsScammers use fake takedown requests, countdown timers, and spoofed sign-in screens to steal Google logins from Chrome developers.MALWAREBYTES.COM
2 JunSecuring AI Agents Before They Go Rogue Is Next to ImpossibleHigh-autonomy agents with broad permissions and unfettered access are a recipe for disaster, and enterprises need to act now before they become the next horror story.DARKREADING.COM
2 JunFBI-Flagged Phishing Kit Kali365 Expands Its ReachOnce targeting just Microsoft 365, the phishing-as-a-service platform now aims at AWS, Okta, and Russian platforms, while relying on device code phishing.DARKREADING.COM
2 JunCyera eyes $12B valuation at 80x ARR multiple despite operating lossesThe cybersecurity company is nearing a $300 million round led by Evolution Equity Partners.TECHCRUNCH.COM
2 JunMicrosoft's Coreutils project brings Linux commands to WindowsMicrosoft announced today at its Build 2026 developer conference the release of Coreutils for Windows, bringing many commonly used Linux command-line utilities to Windows as native applications. [...]BLEEPINGCOMPUTER.COM
2 JunOpenAI upgrades GPT-5.5, as it plans to retire legacy ChatGPT modelsOpenAI says it's rolling out a new update that improves the existing GPT-5.5 Instant model, and this move comes ahead of the scheduled retirement of multiple legacy models, including o3. [...]BLEEPINGCOMPUTER.COM
2 JunZoom CISO: AI as Security Enabler, Not Role-ReplacerAs Zoom's CISO, Sandra McLeod, discusses the challenges of securing a global communication platform, the promise of AI-driven security workflows, and advice for aspiring cybersecurity leaders.DARKREADING.COM
1 JunCrowdStrike Scales AI-Native Agents Across Falcon Exposure Management with NVIDIACROWDSTRIKE.COM
1 JunCrowdStrike Brings Enterprise-Grade Security to the AI Factory with NVIDIA Vera BlueField-4 STXCROWDSTRIKE.COM
1 JunInfosecurity Europe: OWASP Forms New Agentic Research CouncilOWASP’s new Agentic Research Council will aim to connect academic work to operational realities on agentic AI securityINFOSECURITY-MAGAZINE.COM
1 JunYour phone called. It needs a cleanup.Introducing Android Junk Cleaner. It scans your phone for leftover files, temporary data, and outdated caches that build up and slow down your device.MALWAREBYTES.COM
1 JunHow Canva scaled to 260+M users while elevating security and productivitySee how Canva uses 1Password to integrate new teams fast, empower developers and maintain high standards for customers.CYBERSECURITYDIVE.COM
1 JunWebsites Can Now Spy on You Through Your Hard DriveThanks to the newly detailed FROST technique, telltale SSD activity can be measured in the browser using simple JavaScript.WIRED.COM
1 JunThe Romance Scammer Who Made a Small Fortune Posing as a WWE SuperstarIn this excerpt from WIRED Book Club pick The Yahoo Boys, journalist Carlos Barragán traces one scammer’s journey from flop to fortune.WIRED.COM
1 JunFSB Group Gamaredon Hides Worm in Windows Data StreamsFSB-linked Gamaredon concealed a fileless worm in NTFS data streams to spy on Ukraine targetsINFOSECURITY-MAGAZINE.COM
1 JunInfosecurity Europe: AI SOCs Will Still Need SOC Analysts, Security Vendors SayTop cybersecurity vendors said AI won't replace entry-level – only routine ticket-taking and triageINFOSECURITY-MAGAZINE.COM
1 JunInvestigating suspicious AI workflows in Microsoft Entra Agent ID: Agent’s user accountEntra ID agent users can send malicious content to human users via Microsoft Teams. Here’s what to look out for.REDCANARY.COM
1 JunSpring 2026 SOC 1, 2, and 3 reports are now available with 188 services in scopeAmazon Web Services (AWS) is pleased to announce that the Spring 2026 System and Organization Controls (SOC) 1, 2, and 3 reports are now available. The reports cover 188 services over the 12-month period from April 1, 2025–March 31, 2026, giving customers a full year of assurance…AWS.AMAZON.COM
1 JunNSA selects new leads for key cybersecurity postsDavid Imbordino, an NSA senior executive who most recently led its cybersecurity directorate in an acting capacity, has been named as its new chief. Bruce Jones, a career NSA technical and operational leader, as the new head of its Cybersecurity Collaboration Center.THERECORD.MEDIA
1 JunSpain arrests doxer leaking sensitive data of govt employeesThe Spanish National Police has arrested an individual for leaking sensitive information related to members of various key state organizations, including the National Cybersecurity Institute (INCIBE). [...]BLEEPINGCOMPUTER.COM
29 MayPolice arrest man following hack of Ajax football clubDutch police have arrested a 35-year-old man suspected of hacking into the computer systems of Amsterdam football giant Ajax, after the personal data of hundreds of thousands of supporters was put at risk. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
29 MayInfosecurity Europe: CyCOS Project Expands to Support UK SMEs as CIISec Takes OverFrom a research-driven pilot, the Cybersecurity Communities of Support (CyCOS) is about to be handed over to CIISecINFOSECURITY-MAGAZINE.COM
29 MayUS charges Google security engineer with Polymarket insider tradingA Google security engineer was charged with insider trading after winning $1.2 million using confidential company data to place bets on the cryptocurrency-based Polymarket decentralized prediction market. [...]BLEEPINGCOMPUTER.COM
29 MayWhat 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security StacksShadow AI used to mean employees pasting things they shouldn't into ChatGPT. It now means something bigger: employees building full applications with AI, wiring them into production systems, and publishing them on the open internet. Without Security or IT in the loop. The artifac…THEHACKERNEWS.COM
29 MayMan sent to prison for selling data of 7 millions elderly AmericansA North Carolina man was sentenced to more than 10 years in prison for selling the personal information of over 7 million elderly Americans to Jamaican scammers. [...]BLEEPINGCOMPUTER.COM
29 MaySignal users targeted in backup-stealing phishing attacksCybercriminals are impersonating Signal Support to steal backup recovery keys, giving them access to victims' entire message archives.MALWAREBYTES.COM
29 MayGoogle Chrome adds session cookie theft protection for all usersGoogle says the Chrome Device Bound Session Credentials (DBSC) security feature is now generally available and is rolling out to all users to prevent account takeovers. [...]BLEEPINGCOMPUTER.COM
29 MayFinal 24 hours to save up to $410 on your TechCrunch Disrupt 2026 ticketYou now have until tonight at 11:59 p.m. PT to lock in Early Bird savings of up to $410 for TechCrunch Disrupt 2026 before prices increase. Join 10,000+ tech leaders in October for one of the most anticipated tech events of the year. Register now.TECHCRUNCH.COM
29 MayAsia's Cyber Insurance Market Shows Signs of LifeThe cyber insurance industry has made relatively weak inroads into Asia due to a a variety of factors, but that could be changing.DARKREADING.COM
29 MayMicrosoft under fire for threatening security researcher with criminal investigationA public spat between Microsoft and an independent security researcher reopens a long-running debate over who is responsible for securing software.TECHCRUNCH.COM
28 MayPirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for yearsOur experts continue to track attacks targeting consumers of pirated content, both books and movies. 2026 saw the discovery of new target sites with tens of millions of visitors, while the miner gained a RAT module.SECURELIST.COM
28 MayScammers Are Using Your Real Hotel Reservations to Trick You With Spear-Phishing AttacksCustomer data from more than 350 hotels around the world may have been accessed as part of realistic reservation-hijacking scams.WIRED.COM
28 MayYour Windows PC has a security deadline in June 2026Windows is replacing old Secure Boot certificates, and some older PCs could miss future security protections if the update fails.MALWAREBYTES.COM
28 MayNew AI Usage Report: Enterprise AI Risk Is Heavily Concentrated Among a Small Group of AI "Power users"State of AI Usage Report 2026 (full report here) by LayerX Security reveals the extent of the enterprise AI visibility gap and why most organizations still don't understand where their AI exposure is actually coming from. The research shows that enterprise AI risk is not distribu…THEHACKERNEWS.COM
28 MayThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 MoreEvery time you think the industry has finally stopped doing some reckless, low-effort crap, somebody spins up a fresh box full of sketchy loaders, fake installers, recycled social-engineering bait, and enough exposed infrastructure to make you wonder if prod is just a public beta…THEHACKERNEWS.COM
28 MayChinese-speaking fraud gang could be stealing millions from 2026 World Cup fansCybercriminals have registered more than 4,300 fraudulent domains impersonating FIFA's official web presence since August 2025.THERECORD.MEDIA
28 MayRussia conducting daily attacks on UK 'from seabed to cyberspace,' spy chief warnsAnne Keast-Butler, director of GCHQ, said Russia's actions have prompted the agency to defend subsea cables and energy pipelines in British waters, disrupt Russian networks smuggling sanctioned technology and countering “reckless sabotage and assassination attempts.”THERECORD.MEDIA
28 MayGrading on a curve: How to assess a pentestDefenders don’t need to detect every adversary action to prevent a threat. Here’s a more realistic, optimized approach to testing.REDCANARY.COM
28 MayHow SIEM helps MSPs reduce noise and stop threats fasterMSPs don't lack security data. They struggle to separate real threats from alert noise. Kaseya explains how SIEM helps MSPs improve visibility, reduce fatigue, and respond faster. [...]BLEEPINGCOMPUTER.COM
28 MayFocus on Cyber Insurance: How Quantifying Risk Is Reshaping SecurityIn this latest installment of the Reporters' Notebook video series, we discuss how cyber insurance is forcing organizations to quantify risk, what's covered (and what's not), and why this could be the best thing to happen to cybersecurity.DARKREADING.COM
28 MayU.S. says troops were targeted with location data, as senator warns ad industry is a ‘national security threat’One leading privacy lawmaker said it was time to "start treating the adtech industry as a national security threat."TECHCRUNCH.COM
28 MayAgentic AI Isn't Risky; the Way Orgs Deploy It IsAI agents aren't black boxes — they're models interacting with software tools. The risk lies in their overlap.DARKREADING.COM
28 MayThe Pentagon Knew Enemies Could Track Troops’ Phones for Years. Now They AreThe US military has long known that cheap fixes could stop location data from exposing its troops. It adopted almost none—and now says adversaries are using the data to target soldiers during a war.WIRED.COM
28 MayA security lapse at prison pay phone service Pay Tel publicly exposed over 300K callers’ driver’s licensesPay Tel secured the publicly exposed data after security researchers discovered the leak containing callers' sensitive ID documents and inmate communications.TECHCRUNCH.COM
28 MayAnalysis of a Year of Files Uploaded to DShield Sensors, (Wed, May 27th)Using the data collected over the past year and using Kibana these two ES|QL query to summarize the data, this shows the list of the most uploaded threat to two DShield sensors (local and cloud) over the past year. I have sorted the activity by months that shows the evolutio…ISC.SANS.EDU
28 MayHackers are trying to steal Signal users’ backups in new wave of phishing attacksA new hacking campaign is trying to trick Signal users to give up their secret recovery key, which can be used to access online backups containing past messages.TECHCRUNCH.COM
28 MayNewsom signs new AI-related EO.Supreme Court declines to hear Meta's challenge to social media addiction lawsuit.THECYBERWIRE.COM
28 MayFBI warns of fake FIFA websites running World Cup fraud schemesThe FBI is warning of fake websites impersonating FIFA ahead of the 2026 World Cup, to steal personal and financial information, sell fake tickets and hospitality packages, and push other fraud related to the event. [...]BLEEPINGCOMPUTER.COM
28 MayLess panic patching, more precisionIn this newsletter, Thor breaks down why you should stop relying solely on CVSS and start using EPSS and GCVE to focus your patching efforts on the threats that actually matter.TALOSINTELLIGENCE.COM
28 MayWhy and how to migrate to a Transit Gateway-attached AWS Network FirewallAWS Network Firewall now supports native attachment to AWS Transit Gateway. Customers commonly use Transit Gateway to route traffic from Amazon Virtual Private Cloud (Amazon VPC) networks to a centralized inspection VPC (a VPC dedicated to hosting firewall endpoints for traffic i…AWS.AMAZON.COM
28 MayAnthropic confirms Claude Mythos-class models will roll out to the publicAnthropic has confirmed that it plans to bring Mythos-class models to the general public after delaying the rollout due to security risks to public and private software. [...]BLEEPINGCOMPUTER.COM
27 MayWeekly Threat Bulletin – May 27th, 2026These are the top threats you should know about this week.F5.COM
27 MayPureLogs Variant Steals Data via Purchase Order LuresFortiGuard Labs detailed a PureLogs campaign using JavaScript, PowerShell and process hollowingINFOSECURITY-MAGAZINE.COM
27 MayWindows 11 KB5089573 update released with performance improvementsMicrosoft has released the KB5089573 preview cumulative update for Windows 11 versions 25H2 and 24H2, which comes with 30 changes, including performance and reliability improvements. [...]BLEEPINGCOMPUTER.COM
27 MayFake LinkedIn emails abuse Adobe to track victimsPhishers are stealing LinkedIn credentials while abusing Adobe Target to track victims and redirect them to real LinkedIn pages.MALWAREBYTES.COM
27 May68% of UK Firms Plan to Increase Cyber Spending as AI Risks RiseUK firms plan higher cyber spending as AI adoption raises security concernsINFOSECURITY-MAGAZINE.COM
27 MayDutch police arrests suspect linked to Ajax football club hackThe Dutch National Police arrested a 35-year-old man suspected of hacking the professional football club Ajax Amsterdam (AFC Ajax) earlier this year. [...]BLEEPINGCOMPUTER.COM
27 MayIntroducing EvidenceForge: Synthetic security logs that don’t look (as) fakeEvidenceForge generates high-quality, realistic, and consistent datasets across multiple log formats, enabling teams to effectively train personnel and validate detection models without the need for complex manual simulations.TALOSINTELLIGENCE.COM
27 May5 Steps to Managing Shadow AI Tools Without Slowing Down EmployeesWhen an employee installs an AI writing assistant, connects a coding copilot to their IDE, or starts summarizing meetings with a new browser tool, they are doing exactly what a productive employee should do: finding faster ways to work. Across most organizations today, employees …THEHACKERNEWS.COM
27 MayKali365 phishing kit bypasses MFA and steals Microsoft loginsThe FBI has warned that attackers are using a new phishing kit to gain long-term access to Microsoft Outlook, Teams, and OneDrive accounts.MALWAREBYTES.COM
27 MayThousands of Fake FIFA Domains Target World Cup FansGroup-IB uncovered Ghost Stadium phishing and 4300 fake FIFA World Cup domains targeting fansINFOSECURITY-MAGAZINE.COM
27 MayFBI warns of in-person data theft attacks from extortion gangThe FBI warned on Tuesday that the Silent Ransom Group (SRG) extortion gang is now targeting U.S.-based law firms in in-person data theft attacks. [...]BLEEPINGCOMPUTER.COM
27 MayCybersecurity Evolution: How We Went From Perimeter Defense to AI-Native SecurityThe cybersecurity industry of 2006 barely resembled today's billion-dollar behemoth. As part of Dark Reading's 20th anniversary celebration, we trace the industry's evolution through a technology lens.DARKREADING.COM
27 MayInvestigating suspicious AI workflows in Microsoft Entra Agent ID: Autonomous agentsRead our primer on how to detect and respond to an autonomous agent escalating privileges and persisting in your Entra ID tenantREDCANARY.COM
27 MayDefending at Machine-Speed: Building AI Threat Readiness with WizHow Wiz helps organizations adopt an AI Operating Model for AI Threat ReadinessWIZ.IO
27 MayTechCrunch Disrupt 2026 Early Bird ticket savings end in 3 daysThere are only 3 days left to save up to $410 on your ticket to TechCrunch Disrupt 2026. Early Bird pricing ends May 29 at 11:59 p.m. PT, and once the deadline passes, ticket prices increase. If you plan to attend one of the most influential gatherings in tech this year, now is t…TECHCRUNCH.COM
27 MayRudd orders Cyber Command reviews as Pentagon presses reform agendaArmy Gen. Joshua Rudd, who took the twin-leadership reins of Cyber Command and the NSA in March, recently tapped MITRE to conduct a potentially wide-ranging review into the organization, according to three people familiar with the matter.THERECORD.MEDIA
27 MayMalicious npm Package Stole Files From Claude AI User Directory via GitHubCybersecurity researchers have discovered a new malicious package on the npm registry that comes with information stealing capabilities. According to OX Security, the package, named "mouse5212-super-formatter," is designed to upload files from "/mnt/user-data," a dedicated direct…THEHACKERNEWS.COM
27 MayRomanian national sentenced to more than 4 years for hacking Oregon government systemsDragomir was arrested in Romania in November 2024 and brought to the U.S. last year to face charges for hacking into the network belonging to Oregon’s Office of Emergency Management.THERECORD.MEDIA
27 MayZscaler intends to acquire identity mapping company Symmetry Systems.Check Point has agreed to acquire AI evaluation platform Deepchecks.THECYBERWIRE.COM
26 MayScammers pretending to be Microsoft had help from US executivesCourt documents reveal how tech support scammers relied on infrastructure supplied by a US business.MALWAREBYTES.COM
26 MayFrom Cartels to Terrorists, the CIA, FBI, and White House: The Vast Career of Karen SchaeferKaren Schaefer retired from the CIA in 2019, after 26 years of service. She started out in Latin America and ended with a stint at the FBI. In between, she earned numerous intelligence awards and held key positions that spanned operational, supervisory, and policy roles. Her many…THECYBERWIRE.COM
26 MayRemembering Tim Wilson, Whose Legacy Lives on at Dark ReadingThe co-founder and former editor-in-chief passed away five years ago in November. As Dark Reading enters is third decade, we pause to celebrate and honor Wilson's instrumental role in building and elevating the media site.DARKREADING.COM
26 MayNew AI DDoS Attacks Are Smarter. Learn How to Fight Back in This WebinarEvery single day, hackers are finding new ways to crash websites and steal data. But right now, something has changed. Hackers are no longer working alone. They are now using powerful Artificial Intelligence (AI) tools to make their attacks faster, stronger, and much harder to st…THEHACKERNEWS.COM
26 MayBTMOB Android RAT Spreads Through No-Code Builder ToolingBTMOB Android RAT sold as a service with a no-code builder for fast, regional phishing luresINFOSECURITY-MAGAZINE.COM
26 MayIntelligence Insights: May 2026ClearFake is in command and ACR Stealer and GraphRunner debut in this month’s edition of Intelligence InsightsREDCANARY.COM
26 MayState of SDLC Security 2026: How Risk Scales in Modern DevelopmentInsights from real-world environments into how code, developer tooling, automation, and AI are reshaping application security.WIZ.IO
26 MayDutch government blocks US company from acquisition, citing ‘risk to public interest’The move to block the acquisition of the cloud company that hosts the Dutch digital ID service comes as Europe continues to reduce its reliance on U.S. technology.TECHCRUNCH.COM
26 MayGhost hackers: the cybersecurity mystery that nobody has solvedA shadowy group that stole and dumped the NSA’s most powerful hacking tools still has implications for how companies think about digital risk today.TECHCRUNCH.COM
26 MayFBI warns of Kali365 phishing kit that breaks into Microsoft 365 accounts – no password requiredSo, you've enabled multi-factor authentication. You've taught your staff never to type their passwords into dodgy-looking login pages. Surely your Microsoft 365 accounts are safe now? Well, think again. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
26 MayInternet Starts to Return in Iran After 3-Month BlackoutSome internet connectivity is returning in Iran after nearly 90 days offline, web monitoring groups say. But it isn’t clear if the reconnection is permanent.WIRED.COM
26 MayMicrosoft Issues Out-of-Band SharePoint PatchSharePoint access often means access to the keys of the kingdom, something attackers and defenders understand all too well.DARKREADING.COM
26 MayUK Visa Portal spilled thousands of applicants’ passports and selfies online — and hasn’t fixed the leakThe third-party website exposed applicants' sensitive documents as part of the U.K. visa application process. Instead of fixing the issue, the company sent attorneys.TECHCRUNCH.COM
25 MayFBI Warns 'Kali365' Phishing Kit Hijacks Microsoft 365 OAuth TokensThe Kali365 phishing-as-a-service platform lowers the barrier of entry for cybercriminals, said the FBIINFOSECURITY-MAGAZINE.COM
25 MayThe Alert Firehose Finally Meets Its MatchAsk a cybersecurity pro about Network Detection and Response (NDR) and you might still hear "Noisy," "Too much data." But ask the teams running NDR that includes agentic AI capabilities and you'll hear they're actually using it to catch threats earlier, triage faster, and chase f…THEHACKERNEWS.COM
25 MayFBI warns of Kali365 phishing service targeting Microsoft 365 accountsThe FBI is warning about the Kali365 phishing-as-a-service platform (PhaaS) that is used to hijack Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass multi-factor authentication (MFA). [...]BLEEPINGCOMPUTER.COM
25 MayMicrosoft Access VBA, (Mon, May 25th)Microsoft Access files (Microsoft Office&#;x26;#;39;s Database) can contain VBA code.
ISC.SANS.EDU
25 MayAnthropic’s restricted Claude Mythos model may be coming to Claude CodeAnthropic appears to be preparing for the public rollout of the Mythos model, which was announced in April as a restricted model that poses major security risks to private and public software. [...]BLEEPINGCOMPUTER.COM
24 MayGPS, an outdated, but indispensable technology.GPS systems are the backbone of many core technologies found across commercial, military, and governmental organizations. Positioning, navigation, and timing (PNT) systems underpin everything from aviation and shipping to emergency response, energy grids, and financial services. …THECYBERWIRE.COM
23 MayItaly disrupts CINEMAGOAL piracy app that stole streaming auth codesItalian authorities have dismantled a piracy ecosystem centered around the CINEMAGOAL app that provided access to various streaming platforms, including Netflix, Disney+, and Spotify. [...]BLEEPINGCOMPUTER.COM
22 MayChina's Webworm Uses Discord, Microsoft Graphs to Hack EU Govts.The advanced persistent threat group also relied on SOCKS proxies like SoftEther VPN, tunneling tools that act as a middleman between victim and attacker.DARKREADING.COM
22 MayApple Blocked $2.2bn in App Store Fraud in the Last YearTotal figure for fraudulent transactions Apple has blocked since 2020 now stands at over $11bnINFOSECURITY-MAGAZINE.COM
22 MayTrump Mobile confirms it exposed customers’ personal data, including phone numbers and home addressesPresident Trump’s branded cell phone maker and cell provider said the exposure was linked to a third-party platform, and was evaluating whether it needs to notify customers.TECHCRUNCH.COM
22 MayWhy the Supreme Court's Chatrie case could change the meaning of privacy in AmericaLawyer Adam Unikowsky spoke with Recorded Future News about why he believes geofence searches are problematic and why the way the court rules could have a dramatic impact on Americans’ right to privacy.THERECORD.MEDIA
22 MayAkamai Joins Growing Chorus of Vendors Betting Big on Secure Enterprise BrowsersWhen Akamai announced its LayerX acquisition, the company joined a growing list of vendors adding secure enterprise browsers to their product portfolios.DARKREADING.COM
22 MayThe Coverage Gap: Why Your Blocklist Is Missing 119,000 Malicious IPs TodayGreyNoise compared 119,842 malicious IPs against 11 major threat feeds. The average coverage: just 2%, exposing the limits of static blocklists.GREYNOISE.IO
22 MayMeta settles school district lawsuit claiming addictive design harmed students' mental healthThe bellwether lawsuit was the first of at least 1,200 to be brought by a school district against Meta, Snap, YouTube and TikTok for similar alleged harms. The other cases have not yet been tried.THERECORD.MEDIA
21 MayScam ads, AI hallucinations, and legal implications.This week, Dave and Ben sit down to discuss two legal cases. The first case involves Santa Clara suing Meta over alleged scam ads. The second story looks at a now dismissed case where the lawyers could potentially face consequences for allegedly using fake AI citations in their f…THECYBERWIRE.COM
21 MayThe EU Is Going Through a Trump-Fueled Breakup With Big TechFrance is already moving on from Zoom and Microsoft Teams in favor of homegrown alternatives. Other countries are quickly following suit.WIRED.COM
21 MayDiscord adds end-to-end encryption to voice and video calls by defaultDiscord now enables end-to-end encryption by default for all voice and video calls, making conversations inaccessible even to the platform itself. No announcement fanfare, no opt-in required, no settings to dig through. Discord flipped a switch on Monday and end-to-end encryption…SECURITYAFFAIRS.COM
21 MayWhen Identity is the Attack PathConsider a cached access key on a single Windows machine. It got there the way most cached credentials do - a user logged in, and the key stored itself automatically. Standard AWS behavior. No one misconfigured anything or violated a policy. Yet that single key, which was easily …THEHACKERNEWS.COM
21 MayResearchers left AI agents alone in a virtual town and watched it all unravelTold not to commit crimes, the AI agents mostly did anyway. Arson, violence, romance, self-deletion, and general chaos quickly ensued.MALWAREBYTES.COM
21 MayScammers are abusing an internal Microsoft account to send spam linksThe loophole allows spammers and scammers to send emails from a legitimate Microsoft email address typically used for sending genuine account alerts.TECHCRUNCH.COM
21 MayTikTok, YouTube, and Roblox face scrutiny, but age gates won’t fix child safetyOfcom says TikTok and YouTube are "not safe enough" for children, but simply adding stricter age checks is not the answer.MALWAREBYTES.COM
21 MayNine-Year-Old Linux Kernel Flaw Leaks SSH Keys and Password HashesQualys finds nine-year-old Linux ptrace flaw exposing SSH keys and password hashes locallyINFOSECURITY-MAGAZINE.COM
21 MayAutomating identity lifecycle and security with AWS Directory Service APIsManaging identities and access across complex environments has become more critical than ever. AWS Directory Service for Managed Microsoft Active Directory, also known as AWS Managed Microsoft AD, has added new capabilities to manage users and groups. Now, you can perform create,…AWS.AMAZON.COM
21 MayTwo Americans plead guilty to assisting India-based tech support scam centersAdam Young, 42, and Harrison Gevirtz, 33, pleaded guilty to misprision of a felony after they were accused of offering phone numbers, call routing services, call tracking tools and call forwarding services to India-based telemarketing fraudsters.THERECORD.MEDIA
21 MayApple Blocks Over 2 Million Apps in 2025 Fraud CrackdownApple 2025 fraud report shows major App Store protections: over 2M apps rejected, 1B fake accounts blocked, and billions in fraud prevented. Apple ‘s annual fraud prevention report for 2025 paints a striking picture of just how much effort goes into keeping the App Store cl…SECURITYAFFAIRS.COM
21 MayAWS KY3P report now available for third-party supplier due diligenceWe’re excited to announce that Amazon Web Services (AWS) has completed the S&P Global Know Your Third Party (KY3P) assessment of its security posture. This assessment demonstrates our continued commitment to meet the heightened expectations of cloud service providers. Custome…AWS.AMAZON.COM
21 MayTech giants promise British regulator they will tweak platforms to protect kids onlineThe regulator, Ofcom, had required Roblox, Snapchat, Instagram, Facebook, YouTube and TikTok to answer questions about their efforts to remove harmful algorithms, check kids’ ages and protect them from sexual predators by the end of April.THERECORD.MEDIA
21 MayGoogle API Keys Remain Active After DeletionA security researcher discovered the API keys can still be used for 23 minutes after deletion, even though the cloud provider claims deletion is immediate.DARKREADING.COM
21 May‘Creepy’ Listening Tool for Targeted Ads Didn’t Actually Work, FTC SaysThree firms will pay nearly $1 million for selling “Active Listening” technology that they claimed tapped people’s phones for advertising. The FTC alleges the “tech” was just pricey email lists.WIRED.COM
21 MayHow CISOs Should Prep for Agentic-Ready AI BOMsFinding ways to document both component and execution attributes for AI bill of materials (AI BOM).DARKREADING.COM
20 MayWeekly Threat Bulletin – May 20th, 2026These are the top threats you should know about this week.F5.COM
20 MayData Brokers’ and AI Firms’ Opt-Out Forms Are Built to Fail, Report FindsA new study finds AI companies, defense firms, and dating apps are among 38 data collectors allegedly using manipulative design to confuse users while collecting their data.WIRED.COM
20 MayResearchers Warn CypherLoc Scareware Has Targeted Millions of UsersBarracuda reveals new CypherLoc scareware has featured in nearly three million attacksINFOSECURITY-MAGAZINE.COM
20 MayFirefox 151 packs big privacy upgrades into a small updateFirefox 151 adds major privacy improvements and fixes high-priority security vulnerabilities, making this an update you shouldn’t ignore.MALWAREBYTES.COM
20 MayAgent AI is Coming. Are You Ready?New Industry Data Just Released Suggests Not. On May 19th, 2026, Orchid Security released the results of our Identity Gap: Snapshot 2026. Among the findings, "identity dark matter" (the unseen, unmanaged elements of identity) now overshadows the visible elements 57% vs. 43%. And …THEHACKERNEWS.COM
20 MayAWS Security Hub Extended: Why enterprise security products should sell themselvesOur largest security services customers started the same way every customer does – with a click. They enabled Amazon GuardDuty, Amazon Inspector, AWS WAF, and AWS Security Hub, experienced the benefits in real time, and evaluated with transparent pay-as-you-go pricing. No RFP. No…AWS.AMAZON.COM
20 MayFTC warns 12 major tech firms of violating Take It Down ActThe law mandates that platforms make it easy for people to ask that nonconsensual intimate images be removed and to delete them within 48 hours of a request.THERECORD.MEDIA
20 MayDiscord migrates all users to end-to-end encryption by defaultThe move comes as other major social media platforms are killing end-to-end encryption for messaging. In recent months, Instagram and TikTok both announced they will no longer offer the feature.THERECORD.MEDIA
20 MayTexas, Florida top list of states reporting millions of dollars lost through crypto ATMsIn most complaints, victims said they were given detailed information by fraudsters on how to take money from their bank account, where to find a cryptocurrency kiosk and how to send the funds.THERECORD.MEDIA
20 MayA New York Cop Got Injured at a Boxing Match. Now Madison Square Garden Is Banning His LawyerAttorney John Scola is representing a police officer who is suing over injuries allegedly sustained while working security at an MSG property in 2025.WIRED.COM
20 MayA Bipartisan Amendment Would End Police License Plate Tracking NationwideOne line tucked into a federal highway bill would strip funds from cities and states unless they kill their automated plate tracking programs—effectively banning the tech for all but toll collection.WIRED.COM
20 MayCyber Pros Can't Decide If AI Is a Good or a Bad ThingThere is nothing cybersecurity professionals are more excited about, and nothing they fear more, than AI.DARKREADING.COM
19 MayHackers Bypass Security Tools to Target Users DirectlyBridewell report calls out emergence of “fix-style” attacksINFOSECURITY-MAGAZINE.COM
19 MayHow to Make Apps and Websites Remove Your Nonconsensual NudesStarting May 19, tech platforms in the US will have to start complying with the Take It Down Act. Here's how more than a dozen of the largest platforms are handling takedown demands for your nudes.WIRED.COM
19 MayMassive MENA cybercrime Operation Ramz disrupts infrastructure and arrests 201 suspectsINTERPOL led Operation Ramz in MENA, resulting in 201 arrests and 382 suspects tied to cybercrime networks. INTERPOL coordinated Operation Ramz across the Middle East and North Africa, leading to 201 arrests and identifying 382 additional suspects. ” A first-of-its-kind cyb…SECURITYAFFAIRS.COM
19 MayYouTube wants your face to fight deepfakes"Likeness detection" promises protection from AI deepfakes, but some creators are uneasy about handing over biometric data in return.MALWAREBYTES.COM
19 MayAgentic AI Accelerates Software Builds and Mobile App AttacksDigital.ai data reveals 87% of apps were attacked over the past yearINFOSECURITY-MAGAZINE.COM
19 MayFacebook scam promises cheap Aldi meat boxes, steals payment info insteadA fake Aldi “meat box” offer spreading on Facebook tricks victims into handing over personal and payment info.MALWAREBYTES.COM
19 MayTools for spotting and disabling AI systems in an enterpriseKey methods for cutting off AI access to an organization’s core IT assets.KASPERSKY.COM
19 MayTelecom sector launches its own private ISACFederal government involvement in an existing group chilled some cybersecurity discussions among major telecom providers. The new group is intended to alleviate those anxieties.CYBERSECURITYDIVE.COM
19 MayUK regulator to require tech firms to tackle deepfakes, non-consensual intimate imagesThe regulator’s announcement said the change is being made due to the “urgent need to better protect women and girls online.”THERECORD.MEDIA
19 MayDiscord enables end-to-end encrypted voice and video calling for every userGood news! Discord's hundreds of millions of users now have their communications scrambled, so not even Discord can see them.TECHCRUNCH.COM
19 MayFrom teen hacker to Iron Dome researcher, this founder raised $28M to fight AI phishingOcean, an agentic email security platform, raised funding from Lightspeed Venture Partners.TECHCRUNCH.COM
19 MayMicrosoft Exchange ProxyShell Scanning Doubles in April 2026 as Two Distinct Campaign Clusters EmergeSensor Intel Series: April 2026 CVE TrendsF5.COM
19 MayIntroducing Runtime Threat Detection for Google Cloud RunWiz Runtime Sensor support for Google Cloud Run Containers is now generally available, giving teams real-time threat detection and response for their serverless container workloads.WIZ.IO
18 MayBank of England, FCA and Treasury Raise Alarm Over Frontier AIThe UK’s financial authorities have set expectations for the sector on cybersecurity and operational resilienceINFOSECURITY-MAGAZINE.COM
18 MayAn ICE Firearms Trainer Was Involved in At Least 4 Deadly ShootingsDavid Norman, a former Phoenix police officer who’s described himself as “a fucking savage,” now runs a company that provided training to Homeland Security’s Special Response Teams.WIRED.COM
18 MayMicrosoft is changing Edge’s plaintext password behaviorSaved passwords in Microsoft Edge will no longer sit in plaintext memory for the entire browser session after a researcher raised concerns.MALWAREBYTES.COM
18 MayHow to Reduce Phishing Exposure Before It Turns into Business DisruptionWhat happens when a phishing email looks clean enough to pass through security, but dangerous enough to expose the business after one click? That is the gap many SOCs still struggle with: the attacks that leave teams unsure what was exposed, who else was targeted, and how far the…THEHACKERNEWS.COM
18 MayInterpol Launches Sweeping Cybercrime Crackdown in MENA RegionOver 200 people were arrested in an anti-cybercrime operation that spanned 13 countries across the Middle East and North AfricaINFOSECURITY-MAGAZINE.COM
18 MayThe Infosecurity Europe Cyber Startup Competition: Meet the FinalistsNew for 2026, the Infosecurity Europe Startup competition will see five finalists pitch their ideas in front of a live audience, including senior industry leaders, investors and buyersINFOSECURITY-MAGAZINE.COM
18 MayPublic Amazon bucket leaks sensitive guest data from Japanese hotel platform TabiqA hotel check-in system exposed over 1 million passports, IDs, and selfies online due to a misconfigured cloud storage bucket. A security lapse in the Reqrea’s Tabiq hotel check-in system exposed over 1 million passports, driver’s licenses, and selfie verification photos on…SECURITYAFFAIRS.COM
18 MayB1ack’s Stash Releases 4.6 Million Stolen Credit Cards for FreeB1ack’s Stash Releases 4.6 Million Stolen Credit Cards for Free A notorious Dark Web carding marketplace is making headlines again. B1ack’s Stash, one of the most active illicit card shops on the Dark Web, has announced the free release of approximately 4.6 million stolen credit …SOCRADAR.IO
18 MayExperts warn of privacy risks as AI firms looks to connect to financial accountsOpenAI announced Friday that it is rolling out a new ChatGPT feature allowing users to connect all of their financial accounts to the chatbot for personal finance advice.THERECORD.MEDIA
18 MayINTERPOL Operation Ramz Disrupts MENA Cybercrime Networks with 201 ArrestsINTERPOL has coordinated a first-of-its-kind cybercrime crackdown across the Middle East and North Africa (MENA) that led to 201 arrests and the identification of an additional 382 suspects. The initiative involved the efforts of 13 countries from the region between October 2025 …THEHACKERNEWS.COM
18 May'Claw Chain' Vulnerabilities Threaten OpenClaw DeploymentsThe now patched vulnerabilities in the rapidly growing AI agent framework allow attackers to steal credentials, escalate privileges, and maintain persistence.DARKREADING.COM
18 MayFrom Cryptographic Blind Spots to Post-Quantum Agility: Introducing Wiz for PQC ReadinessEliminate cryptographic blind spots and neutralize legacy debt with an integrated cryptographic asset inventory. Identify risks across code, cloud, and runtime, using the Wiz Security Graph to prioritize migration and protect against "Harvest Now, Decrypt Later" attacks.WIZ.IO
15 MayStrong Stack. Strong Team. Real Security Resilience.Learn how to build a resilient security stack and program that cuts alert noise, strengthens identity defense, and helps teams respond faster.HUNTRESS.COM
15 MayCyber Pioneers Ponder Past as PrologueRobert "RSnake" Hansen, Katie Moussouris, Rich Mogull, Richard Stiennon, and Bruce Schneier reflect on how their favorite columns penned for Dark Reading over the past 20 years have stood the test of time.DARKREADING.COM
15 MayMeta’s confusing new approach to chat privacyWhatsApp now offers disappearing AI chats Meta says it cannot read. While Instagram just removed the feature that stopped Meta reading your messages.MALWAREBYTES.COM
15 MayGremlin Stealer Evolves into Modular Threat with Advanced Evasion CapabilitiesA new Gremlin stealer variant has evolved into a modular toolkit with advanced evasion and data theft capabilities, according to new Unit 42 researchINFOSECURITY-MAGAZINE.COM
15 MayThe AWS AI Security Framework: Securing AI with the right controls, at the right layers, at the right phasesTL;DR for busy executives The AWS AI Security Framework helps security leaders move fast and stay secure with AI. Security compounds from day 1 as workloads evolve from prototype to production to scale. Assess first. Request a no-cost SHIP engagement to baseline your posture and …AWS.AMAZON.COM
15 MayA hotel check-in system left a million passports and driver’s licenses open for anyone to seeThe tech company that maintains the hotel check-in system set its cloud storage to public, allowing anyone to access customers' data without a password.TECHCRUNCH.COM
14 MaySimple bypass of the link preview function in Outlook Junk folder, (Thu, May 14th)Besides serving as a place where Microsoft Outlook places suspected spam, the Outlook Junk folder has one additional function that can be quite helpful when it comes to identifying malicious messages. Any e-mail placed in this folder is stripped of all formatting, and destination…ISC.SANS.EDU
14 MayMost Organizations Now Use AI Agents for Sensitive Security TasksSemperis study finds 74% of organizations believe AI will increase attacks on identity infrastructureINFOSECURITY-MAGAZINE.COM
14 MayICO Publishes Five-Step Plan to Counter Emerging AI-Powered AttacksThe Information Commissioner’s Office has released new guidance on how to mitigate the risk of AI-powered attacksINFOSECURITY-MAGAZINE.COM
14 MayYour iPhone Gets Stolen. Then the Hacking BeginsA bustling underground ecosystem is providing criminals with the tools to unlock iPhones—and wage phishing attacks against their contacts to access bank accounts and more.WIRED.COM
14 MayNew Fragnesia Flaw Hands Linux Local Users Root AccessNew Fragnesia kernel flaw lets unprivileged local users escalate to root on Linux systemsINFOSECURITY-MAGAZINE.COM
14 MayAI Drives Cybersecurity Investments, Widening 'Valley of Death'In a role reversal, investment dollars in AI security startups exceeded the value of AI acquisitions in 1Q26 by more than $1 billion, a rare occurrence.DARKREADING.COM
14 MayCisco cuts nearly 4,000 jobs to spend more on AI, reports ‘record quarterly revenue’This is Cisco's latest layoff in recent years, while the company's chief executive touts record revenue and growth.TECHCRUNCH.COM
14 MayOpenAI says hackers stole some data after latest code security issueOpenAI said the damage was limited to the employees’ devices, and did not affect user data nor its production systems, and none of its intellectual property was stolen.TECHCRUNCH.COM
14 MayAutomating post-quantum cryptography readiness using AWS ConfigMigrating your TLS endpoints to Post-quantum cryptography (PQC) starts with understanding your current TLS endpoint inventory and posture. This post introduces the PQC Readiness Scanner — an automated tool that inventories your Application Load Balancer (ALB), Network Load Balanc…AWS.AMAZON.COM
14 MaySuspected Dream Market kingpin arrested after gold bars sent to his home addressLesson one for aspiring dark web kingpins: don't have your laundered gold bars shipped to your home address. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
14 May13 Cybersecurity Frameworks for 2026 and How to Choose | HuntressDiscover some of the most common cybersecurity frameworks by what they’re best for, plus tips for choosing the right one for your organization.HUNTRESS.COM
13 MayWeekly Threat Bulletin – May 13th, 2026These are the top threats you should know about this week.F5.COM
13 MayProxying the Unproxyable? Sending EXE traffic to a Proxy, (Wed, May 13th).. if “unproxyable†is a word that is ..
ISC.SANS.EDU
13 May[GUEST DIARY] Tearing apart website fraud to see how it works., (Wed, May 13th)&#;x26;#;x5b;This is a Guest Diary by Joshua Nikolson, an ISC Intern and part of the SANS.edu Bachelor&#;x26;#;39;s degree in Applied Cybersecurity (BACS) program.]
ISC.SANS.EDU
13 MayUK Cybersecurity Market Expands to £14.7bn with Strong Growth in AI Security FirmsUK cybersecurity sector reaches £14.7bn in revenue, driven by rapid growth in AI security firms, increased investment and rising employment across the industryINFOSECURITY-MAGAZINE.COM
13 MayDark Web Profile: Keymous+Dark Web Profile: Keymous+ Keymous Plus, also known as Keymous+ threat group, markets itself as a hacktivist collective fighting for humanity. What intelligence investigations have documented is structurally different: a North African hybrid actor blending political performance w…SOCRADAR.IO
13 MayTexas sued Netflix over claims it secretly collected and sold users’ dataThe Texas AG sued Netflix, accusing the company of secretly tracking viewers, selling user data, and using addictive features targeted at minors.MALWAREBYTES.COM
13 MayAvada Builder Flaws Expose One Million WordPress SitesAvada Builder flaws allowed file read and SQL injection on one million WordPress sitesINFOSECURITY-MAGAZINE.COM
13 MayWhatsApp Adds Meta AI Chats That Are Built to Be Fully PrivateThe company says its new Incognito Chat allows you to use its AI chatbot without anyone else—including Meta—being able to access your conversations.WIRED.COM
13 MayEuropean Commission head pushes creation of new law delaying teens’ social media accessThe comments come as several European countries, including Spain, Greece, Norway, France, Denmark, Turkey and the Netherlands have said they are considering or are implementing age verification protocols to restrict young teens from accessing social media platforms.THERECORD.MEDIA
13 MayAlleged Dream Market admin arrested in Germany after US indictmentCourt documents said Dream Market was launched in 2013 by Owe Martin Andresen and others before becoming one of the biggest criminal marketplaces online.THERECORD.MEDIA
13 MayDHS Plans Experiment Running ‘Reconnaissance’ Drones Along the US-Canada BorderAutonomous drones and ground vehicles will stream “battlefield intelligence” over 5G along the US-Canada border in a bilateral DHS experiment this fall.WIRED.COM
13 MayDetecting and preventing crypto mining in your AWS environmentThis article guides you on how to use Amazon GuardDuty to identify and mitigate cryptocurrency mining threats in your Amazon Web Services (AWS) environment. You’ll learn about the specialized detection capabilities of GuardDuty and best practices to build a multi-layered defense …AWS.AMAZON.COM
12 MayElastic Security MCP App: Interactive security operations inside your AI ToolsElastic Security is the first security vendor to ship an interactive UI in AI tools. Triage alerts, hunt threats, correlate attack chains, and open cases, all from inside your AI conversation.ELASTIC.CO
12 MayiOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and AndroidApple on Monday officially released iOS 26.5 with support for end-to-end encryption (E2EE) to Rich Communication Services (RCS) in beta as part of a "cross-industry effort" to replace traditional SMS with a more secure alternative. To that end, E2EE RCS messaging is rolling out t…THEHACKERNEWS.COM
12 May1 in 8 employees have sold company logins or know someone who hasCifas just published research that should bother anyone who runs a business, or buys from one.MALWAREBYTES.COM
12 MayWhy Agentic AI Is Security's Next Blind SpotAgentic AI is already running in production environments across many organizations today. It is executing tasks, consuming data, and taking actions — most likely without meaningful involvement from the security team. The industry conversation has largely framed this as a question…THEHACKERNEWS.COM
12 May10 Best Dark / Deep Web Browsers for Anonymity10 Best Dark / Deep Web Browsers for AnonymitySOCRADAR.IO
12 MayEnd‑to‑End Encrypted RCS Messaging Arrives Across iPhone and AndroidApple begins rolling out end-to-end encrypted RCS messaging between iPhone and Android in iOS 26.5INFOSECURITY-MAGAZINE.COM
12 May20 Leaders Who Built the CISO Era: 2 Decades of ChangeAs part of Dark Reading's 20th anniversary special coverage, we profile the CISOs, founders, researchers, criminals, and policymakers who rewrote the enterprise risk playbook.DARKREADING.COM
12 MayMini Shai-Hulud Hits TanStack npm PackagesMini Shai-Hulud compromises TanStack npm packages and spreads across PyPIINFOSECURITY-MAGAZINE.COM
12 MayEnabling AI sovereignty on AWSCloud and AI are transforming industries and societies at unprecedented speed, from accelerating research and enhancing customer experiences to optimizing business processes and enriching public services. At Amazon Web Services (AWS), we believe that for the cloud and AI to reach…AWS.AMAZON.COM
12 MayOpenAI Launches 'Daybreak' to Help Build Secure By Design SoftwareWith Daybreak, OpenAI wants its frontier AI models to be used to deploy secure by design software from the ground upINFOSECURITY-MAGAZINE.COM
12 MayU.S. bank disclose security lapse after sharing customer data with AI appThe bank said the security lapse was due to the use of an “unauthorized” AI software app.TECHCRUNCH.COM
12 MayFake Claude search results lure Mac users into ClickFix attackResearchers found a ClickFix campaign that uses fake Claude setup guides to trick Mac users into infecting themselves.MALWAREBYTES.COM
12 MayEuropean countries are exporting surveillance tech to countries with poor human rights records, report saysThe report, released by the advocacy group Human Rights Watch on Tuesday, alleges that the European Commission has failed to effectively police member states' surveillance tech sales despite the 2021 implementation of updated bloc-wide export rules designed to rein in the practic…THERECORD.MEDIA
12 MayGuardrail Technologies launches Traffic Light for Code & AI™; first security technology to verify & secure AI code and the people creating itPARK CITY, Utah (May 5, 2026) — Guardrail Technologies, the leading provider of AI security and governance software for enterprises building with AI, today announced the launch of Traffic Light for Code & AI™, which verifies both the code AI generat…CYBERSECURITYDIVE.COM
12 MayTwin brothers wipe 96 gov't databases minutes after being firedA case study in why credentials are revoked before firings.ARSTECHNICA.COM
12 MayCongressman launches inquiry into how food retailers use surveillance pricingThe letter noted that many Americans are unaware that their data is being used to set variable prices, a trend that is particularly pervasive for online shoppers.THERECORD.MEDIA
12 MayIran Is Using Tiny ‘Mosquito’ Boats to Shut Down the Strait of HormuzIran’s traditional naval fleet has been almost completely destroyed by US-Israeli raids. But Iran’s military has put a fleet of small vessels on the water that is crippling every passageway.WIRED.COM
12 MayLLMjacking: what these attacks are, and how to protect AI serversAn analysis of attacks on Ollama, LM Studio, AutoGPT, and LangServe servers, and recommendations on protecting your organization from the LLMjacking threat.KASPERSKY.COM
11 MayInstagram removed end-to-end encryption for DMs. What should users do?Instagram removes direct messages (DM) end-to-end encryption May 8, 2026, letting Meta access chats. Users should download backups amid privacy concerns and U.S. law pressure. Starting May 8, 2026, Instagram users who previously enabled end-to-end encryption in direct messages wi…SECURITYAFFAIRS.COM
11 MayFake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K DownloadsA malicious Hugging Face repository managed to take a spot in the platform's trending list by impersonating OpenAI's Privacy Filter open-weight model to deliver a Rust-based information stealer to Windows users. The project, named Open-OSS/privacy-filter, masqueraded as its legit…THEHACKERNEWS.COM
11 MayIdentity is the new perimeter as rapid NHI proliferation threatens visibility and controlNHIs are linked to diverse assets across the enterprise technology ecosystem, creating a highly fragmented architecture and making it challenging for security teams to maintain visibility and control.CYBERSECURITYDIVE.COM
11 MayCrimenetwork returns after takedown, dismantled again by German authoritiesGerman police shut down a revived Crimenetwork marketplace with 22,000 users and 100+ sellers months after the original takedown. German police dismantled a resurrected version of the German-language cybercrime marketplace Crimenetwork, just months after the original platform was…SECURITYAFFAIRS.COM
11 MayYarbo responds to robot flaws that could mow down their ownersA researcher found a host of vulnerabilities in Yarbo garden robots that could expose Wi-Fi passwords, hijack cameras, and run over their owners on command.MALWAREBYTES.COM
11 MayFake Claude Code Page Pushes PowerShell Stealer at DevsOntinue uncovers fake Claude Code installer pushing PowerShell stealer abusing Chrome's IElevator2INFOSECURITY-MAGAZINE.COM
11 MayRushed Patches Follow Broken Embargo on New Linux Kernel VulnerabilitiesTwo new high-severity vulnerabilities, dubbed ’Dirty Frag’ when chained, have been found in the Linux kernel, affecting most Linux distributionsINFOSECURITY-MAGAZINE.COM
11 MayComplimentary virtual training: Get hands-on with AWS Security ServicesIf you’re looking to strengthen your organization’s security posture on Amazon Web Services (AWS) but aren’t sure where to start, then we’re here to help. Security Activation Days are complimentary, virtual, hands-on workshops designed to help you get practical experience with AW…AWS.AMAZON.COM
11 MayTexas sues Netflix over alleged data practices that create ‘surveillance machinery’ without user consentIn addition to fines, Texas is asking a judge to prevent Netflix from illegally collecting and sharing user data and to mandate that the company no longer use autoplay by default on kids’ profiles.THERECORD.MEDIA
11 MayApple Patches Everything, (Mon, May 11th)Apple today released its typical feature update across it&#;x26;#;39;s operating systems (iOS, iPadOS, macOS, tvOS, watchOS, vision OS). With this update, Apple patched 84 different vulnerabilities. Updates are available for the "26" series of operatin…ISC.SANS.EDU
11 MayFCC Softens Ban on Foreign-Made RoutersThe Federal Communications Commission eased some restrictions and pushed back deadlines for foreign router manufacturers, but the ban is still in place.DARKREADING.COM
11 MayTech Can't Stop These Threats — Your People CanSecurity controls can do only so much. Here are four attacks where your employees are usually your first, and only, line of cyber defense.DARKREADING.COM
11 MayWiz at Wiz: Reducing Risk through Service OwnershipHow Wiz security uses Service Catalog to turn cloud risk into service ownershipWIZ.IO
8 MayDetecting Web Server Probing & Fuzzing in Traefik with Automated Cloudflare ResponseThis article shows how a customized Elastic Security ES|QL detection rule can identify web server probing and fuzzing activity in Traefik logs and automatically block the attacking IP via Cloudflare.ELASTIC.CO
8 MayMeet Rassvet, Russia’s Answer to StarlinkWith the launch of the first 16 satellites, Russia begins construction of a network for satellite internet that aims to cover the entire country by 2030. But getting there won’t be easy.WIRED.COM
8 MayAI, Cyberwarfare, and Autonomous Weapons: Inside America’s New Military StrategyThe Pentagon is integrating AI into military operations, transforming cybersecurity, targeting, and command systems into a unified warfare architecture. May 2026 marks a turning point in the evolution of modern warfare: the convergence of artificial intelligence, cybersecurity, a…SECURITYAFFAIRS.COM
8 MaySri Lanka makes 37 arrests as it raids another scam centreYou don't need to live near a scam compound for it to wreck your life. Americans lost $5.8 billion to crypto investment scams last year alone - and a raid in Sri Lanka this month shows exactly how the operations behind them keep finding new places to hide. Read more in my article…BITDEFENDER.COM
8 MayOne Missed Threat Per Week: What 25M Alerts Reveal About Low-Severity RiskThe dark secret of enterprise security operations is that defenders have quietly institutionalized the practice of not looking. This is not just anecdotal, but rather backed by a recent report investigating more than 25 million security alerts, including informational and low-sev…THEHACKERNEWS.COM
8 MayShinyHunters escalates Canvas attacks with school login defacementsDays after the first attack, ShinyHunters is applying pressure with ransom messages on school login portals.MALWAREBYTES.COM
8 MayInside Department 4: Russia’s secret school for hackersMost universities have a careers fair. At Bauman Moscow State Technical University, however, an elite group of students appear to have something rather more unusual: a direct pipeline into some of the world's most notorious state-sponsored hacking groups. Read more in my article …BITDEFENDER.COM
8 MayOne in eight UK workers has sold their company passwords, and bosses think it’s fineOne in eight UK workers admits to selling their company login credentials - or knowing someone who has - in the past 12 months. The really alarming bit? Their bosses are even more relaxed about it. Read more in my article on the Fortra blog.FORTRA.COM
8 MayThe Evolution of Kaspersky SIEM | Kaspersky official blogThe evolution of correlation rules in the Kaspersky Unified Monitoring and analysis SIEM system.KASPERSKY.COM
8 MayFake Call History Apps Stole Payments From Users After 7.3 Million Play Store DownloadsCybersecurity researchers have discovered fraudulent apps on the official Google Play Store for Android that falsely claimed to offer access to call histories for any phone number, only to trick users into joining a subscription that provided fake data and incurred financial loss…THEHACKERNEWS.COM
8 MayUS defense contractor who sold hacking tools to Russian broker ordered to pay $10M to former employersFormer cybersecurity executive Peter Williams stole several surveillance and hacking tools and sold them for $1.3 million to a Russian broker that works with Putin’s government.TECHCRUNCH.COM
8 MayVirginia man found guilty of deleting 96 government databasesA Virginia man was convicted on federal charges Thursday after a jury found him guilty of deleting 96 government databases and stealing an individual’s password, leading their email account to be accessed without permission.THERECORD.MEDIA
8 MayGM to pay over $12 million in California privacy settlement involving driver dataThe settlement, announced by California officials Friday, is the largest fine issued under the California Consumer Privacy Act (CCPA) in its more than five-year history.THERECORD.MEDIA
8 MayShinyHunters Claims Second Attack Against InstructureThe edtech company is struggling to wrest control from its hackers. PII belonging to hundreds of millions of people is on the line.DARKREADING.COM
8 MaySee and Secure Everything at the Edge with Wiz and AkamaiAkamai edge configurations are now visible on the Wiz Security Graph, giving teams a single understanding of risk from edge to runtimeWIZ.IO
7 MayPCPJack | Cloud Worm Evicts TeamPCP and Steals Credentials at ScaleCloud attack framework skips cryptomining, harvests financial, messaging, and enterprise credentials for fraud, spam, and potential extortion.SENTINELONE.COM
7 MayThousands of Vibe-Coded Apps Expose Corporate and Personal Data on the Open WebCompanies like Lovable, Base44, Replit, and Netlify use AI to let anyone build a web app in seconds—and in thousands of cases, spill highly sensitive data onto the public internet.WIRED.COM
7 May'TrustFall' Exposes Claude Code Execution RiskResearchers find malicious repositories can trigger code execution in Claude Code with minimal or no user interaction.DARKREADING.COM
7 MayOperation HookedWing: 4-Year Multi-Sector Attack AnalysisOperation HookedWing: 4-Year Multi-Sector Phishing Campaign From 2022 to the present, a persistent phishing campaign that has not been publicly documented until now, referred to in this report as Operation HookedWing, has been compromising organizations across multiple sectors an…SOCRADAR.IO
7 MayPolice arrest SMS blaster crew that sent malicious messages to thousands across TorontoToronto police said this is the "first known instance" of an SMS blaster being used in Canada.TECHCRUNCH.COM
7 May2 days left: Get 50% off a second pass to TechCrunch Disrupt 2026Two days left to save up to $410 on your pass, and get a second one at 50% off to TechCrunch Disrupt 2026. Offer ends May 8, 11:59 p.m. PT. Register now.TECHCRUNCH.COM
7 MayMassive AI investment scam network spans 15,500 domainsAI investment scammers abused the Keitaro ad-tracking platform to cloak their campaign, exposing it only to likely targets.MALWAREBYTES.COM
7 MayLegacy Security Tools Are Failing Data Protection, Capital One Software Report FindsTraditional network security tools are undermining data protection, with Forrester and Capital One Software research warning AI adoption is impossible without rethinking data securityINFOSECURITY-MAGAZINE.COM
7 MayCline Kanban Flaw Lets Websites Hijack AI Coding AgentsOasis Security finds critical Cline kanban WebSocket flaw exposing AI coding agents to hijackINFOSECURITY-MAGAZINE.COM
7 MayHow Anthropic’s Mythos has rewritten Firefox’s approach to cybersecuritySecurity researchers at Mozilla say Anthropic's Mythos has unearthed a wealth of high-severity bugs in Firefox.TECHCRUNCH.COM
7 MayAWS achieves SNI 27017, SNI 27018, and SNI 9001 certifications for the AWS Asia Pacific (Jakarta) RegionAmazon Web Services (AWS) achieved three Standar Nasional Indonesia (SNI) certifications for the AWS Asia Pacific (Jakarta) Region: SNI ISO/IEC 27017:2015, SNI ISO/IEC 27018:2019, and SNI ISO 9001:2015. SNI represents Indonesia’s national standards framework, comprising standards…AWS.AMAZON.COM
7 MayHow to Disable Google's Gemini in ChromeChrome users were caught off guard by a 4-GB Google AI model baked into Chrome, sparking privacy concerns. The good news: You can easily uninstall it. The bad? You might not want to.WIRED.COM
7 MayBuild Fast, Build Secure: Wiz findings are now in LovableWith Wiz in Lovable, every builder can catch and fix risks in real time, keeping apps secure as they’re createdWIZ.IO
7 MayIt's Time to Go After Achieving Zero Code CriticalsReady to hit Zero Code Criticals? Here's how Wiz helps you get there and stay there, with the badge to prove you did.WIZ.IO
6 MayWeekly Threat Bulletin – May 6th, 2026These are the top threats you should know about this week.F5.COM
6 MayOne in Eight Workers Has Sold Their Corporate LoginsCifas says that 13% of employees admit selling company credentials to a former colleagueINFOSECURITY-MAGAZINE.COM
6 MayFrom Stuxnet to ChatGPT: 20 News Events That Shaped CyberAs part of Dark Reading's 20th anniversary celebration, its staff looks back on 20 of the biggest newmaking events from the past two decades that shaped our industry and the risk landscape for today's security teams.DARKREADING.COM
6 MayThe Hacker News Launches 'Cybersecurity Stars Awards 2026' — Submissions Now OpenFor nearly 20 years, we at The Hacker News have mostly told scary stories about cyberspace — big hacks, broken systems, and new threats. But behind every headline, there’s a quieter, better story. It’s the story of leaders making tough calls under pressure, teams building smarter…THEHACKERNEWS.COM
6 MayYour AI Agents Are Already Inside the Perimeter. Do You Know What They're Doing?Analysts recently confirmed what identity security teams have quietly feared: AI agents are being deployed faster than enterprises can govern them. In their inaugural Market Guide for Guardian Agents, Gartner states that “enterprise adoption of AI agents is accelerating, outpacin…THEHACKERNEWS.COM
6 MayHackers compromise Daemon Tools in global supply-chain attack, researchers sayResearchers at Kaspersky said attackers tampered with installers for Daemon Tools — a popular program used to mount disk images as virtual drives — and distributed them through the software’s official website.THERECORD.MEDIA
6 MayGoogle Chrome’s silent 4GB AI download problemGoogle Chrome writes a 4GB AI model to users’ devices without asking, and reinstalls it if you delete it.MALWAREBYTES.COM
6 MayXBOW secures an additional $35 million in Series C funding.Palo Alto Networks will acquire AI security gateway company Portkey.THECYBERWIRE.COM
6 MayA Kid With a Fake Mustache Tricked an Online Age-Verification ToolTo stop children from bypassing its age checks, Meta is revamping its age-verification tools with an AI system that analyzes images and videos for “visual cues,” such as height and bone structure.WIRED.COM
6 MayAfter 17 years, Gavril Sandu extradited to U.S. for hacking schemeRomanian citizen Gavril Sandu was extradited to the U.S. nearly 17 years after a hacking scheme. He was indicted in 2017 and arrested in 2026. Romanian national Gavril Sandu, 53, has been extradited to the United States for his role in a hacking scheme that took place 17 years ag…SECURITYAFFAIRS.COM
6 MayTaiwan High-Speed Rail Emergency Braking Hack: How a Student Stopped the Trains and Exposed a Major Security GapTaiwan high‑speed rail was disrupted after a 23‑year‑old student spoofed signals and triggered an emergency alarm, stopping four trains for nearly an hour. Taiwan high‑speed rail system, one of the most important pieces of national infrastructure, was thrown into chaos during the…SECURITYAFFAIRS.COM
5 MayElastic Workflows GA: automation where your security data already livesElastic Workflows is generally available in 9.4, bringing production-ready security automation with deeper case management integration, human-in-the-loop support, natural language authoring, and more.ELASTIC.CO
5 MayThe Back Door Attackers Know About — and Most Security Teams Still Haven’t ClosedEvery AI tool, workflow automation, and productivity app your employees connected to Google or Microsoft this year left something behind: a persistent OAuth token with no expiration date, no automatic cleanup, and in most organizations, no one watching it. Your perimeter controls…THEHACKERNEWS.COM
5 MayCleartext Passwords in MS Edge? In 2026?, (Mon, May 4th)Yup, that is for real.
ISC.SANS.EDU
5 MaySSL.com rotates their root certificate today, (Tue, May 5th)I just got an email from SSL.com last night, they are rotating &#;x26;#;xc2;&#;x26;#;xa0;out their root certificate today (May 5,2026). &#;x26;#;xc2;&#;x26;#;xa0;This i…ISC.SANS.EDU
5 MayCloudZ RAT potentially steals OTP messages using Pheno pluginCisco Talos discovered an intrusion, active since at least January 2026, where an unknown attacker implanted a CloudZ remote access tool (RAT) and a previously undocumented plugin called “Pheno.”TALOSINTELLIGENCE.COM
5 MayAI Adoption Outpaces Safety Policies, Leaving Organizations Exposed to Cyber RiskISACA report warns that while AI has become the norm, many organizations are yet to formally apply safety or security policies around its useINFOSECURITY-MAGAZINE.COM
5 May4 days left: Get 50% off a second TechCrunch Disrupt 2026 pass to make more deals fasterFor the next four days only, you can buy one pass to TechCrunch Disrupt 2026 and get 50% off a second of the same ticket type. That window closes May 8 at 11:59 p.m. PT. After that, prices go up, and you’ll pay more to bring a partner or colleague. Register today to get your plus…TECHCRUNCH.COM
5 MayIntroducing AI traffic analysis dashboards for AWS WAFAs AI agents, bots, and programmatic access become an increasingly significant portion of web traffic, organizations need better tools to understand, analyze, and manage this activity. Today, we’re excited to announce AI Traffic Analysis dashboards for AWS WAF protection packs—al…AWS.AMAZON.COM
5 MayIntroducing Penetration Test Findings: Unified Offensive Security in WizStreamline pen-testing by unifying findings from bug bounties, manual audits, and Wiz Red Agent into a single, context-rich view.WIZ.IO
4 MayBluekit phishing kit enables automated phishing with 40+ templates and AI toolsBluekit is a new phishing kit with AI features, automated domain setup, and tools like spoofing, voice cloning, and 40+ attack templates. Bluekit is a newly discovered phishing kit still in development that includes advanced features such as an AI assistant and automated domain r…SECURITYAFFAIRS.COM
4 MayHow OpenClaw’s agent skills become an attack surfaceOpenClaw and similar AI agent ecosystems, present pressing security risks.CYBERSECURITYDIVE.COM
4 May“Legitimate” phishing: how attackers weaponize Amazon SES to bypass email securityKaspersky expert breaks down a new phishing scheme that uses the Amazon SES cloud email service. Let's look at some examples to see how you can tell a phishing email from a real one.SECURELIST.COM
4 MayTeenager alleged to be Scattered Spider hacker arrested in Finland, faces US extraditionHere's a tip for you all. Unless you want to draw attention to yourself as a cybercriminal, don't flaunt your diamond-encrusted "HACK THE PLANET" necklace on Snapchat, or pose as a Sopranos crime boss while the FBI is reportedly closing in. Read more in my article on the Hot for …BITDEFENDER.COM
4 MayThe motivation of droids from the “Star Wars” universe | Kaspersky official blogHow and why droids from “Star Wars: Skeleton Crew” and “Andor” switch their allegiances.KASPERSKY.COM
4 MayThousands of Facebook accounts stolen by phishing emails sent through GoogleIn an ongoing operation, hackers are hijacking Facebook accounts using Google AppSheet to send phishing emails that pass security checks.MALWAREBYTES.COM
4 MayThe 2026 World Cup scam economy is already running before the first whistleA four-part scam economy is already forming around the 2026 World Cup, using the tournament’s brand to sell everything from fake visas to worthless tokens.MALWAREBYTES.COM
4 MayHow Dark Reading Lifted Off the Launchpad in 2006Twenty years ago, this media brand didn't have a print edition to attract eyeballs and sponsors. Top-notch content and editorial talent did the heavy lifting.DARKREADING.COM
4 MayDShield Honeypot Update, (Mon, May 4th)This week, I will release a few updates to our DShield honeypot. The update should happen automatically if you have "automatic updates" enabled on your system. There will be two major changes:
ISC.SANS.EDU
4 MayUS healthcare marketplaces shared citizenship and race data with ad tech giantsVirginia and Washington D.C. paused the data collection and sharing, after Bloomberg's investigation found their health insurance marketplaces were sharing users' information with advertisers.TECHCRUNCH.COM
4 May5 days only: Bring a partner or colleague and get 50% off a second TechCrunch Disrupt 2026 passThe BOGO offer is live. For a limited time, buy one pass to TechCrunch Disrupt 2026 and get 50% off a second of the same ticket type. Offer ends this Friday, May 8. Save here.TECHCRUNCH.COM
4 MayDHS Demanded Google Surrender Data on Canadian's Activity, Location Over Anti-ICE PostsUsing a 1930s trade law, Homeland Security targeted the man—who hasn't entered the US in more than a decade—following posts on X condemning the killings of Renee Good and Alex Pretti.WIRED.COM
4 MayForbes preliminarily agrees to pay $10 million to settle California wiretapping lawsuitThe preliminary settlement agreement, released on Thursday, said that Forbes has agreed to give users “greater notice” of its use of trackers and will add language to its website providing California residents with more control over how their data is collected and shared with thi…THERECORD.MEDIA
4 MayProgress Patches Critical MOVEit Automation Bug Enabling Authentication BypassProgress Software has released updates to address two security flaws in MOVEit Automation, including a critical bug that could result in an authentication bypass. MOVEit Automation (formerly Central) is a secure, server-based managed file transfer (MFT) solution used to schedule …THEHACKERNEWS.COM
4 MayTeamPCP Weekly Analysis: 2026-W18 (2026-04-27 through 2026-05-03), (Mon, May 4th)Summary
ISC.SANS.EDU
4 MaySecuring open proxies in your AWS environmentThis article shows you how to identify and secure open proxies in your AWS environment to prevent abuse, protect your IP address reputation, and control costs. An open proxy is a server that forwards traffic on behalf of internet users without requiring authentication. While prox…AWS.AMAZON.COM
4 MayRMM Tools Fuel Stealthy Phishing CampaignAttackers are abusing two remote monitoring and management (RMM) tools to evade detection in a campaign that has impacted over 80 organizations so far.DARKREADING.COM
4 MayPractical Package Security: The Unofficial GuideGet actionable best practices to shrink your attack surface, protect execution environments, control package ingestion, and catch compromises early.WIZ.IO
4 MayMeet Wiz for M365: Bringing SaaS into the Security GraphSecure Microsoft 365 and the cloud it powers — one platform, one graph, complete context.WIZ.IO
3 May3 easy-to-miss cybersecurity risks for small businessesSmall business owners should be sure to fix these three non-technical risks that require little cybersecurity expertise.MALWAREBYTES.COM
2 MayDisneyland Now Uses Face Recognition on VisitorsPlus: The NSA tests Anthropic’s Mythos Preview to find vulnerabilities, a Finnish teen is charged over the Scattered Spider hacking spree, and more.WIRED.COM
1 MayEnterprise Spotlight: Transforming software development with AIArtificial intelligence has had an immediate and profound impact on software development. Coding practices, coding tools, developer roles, and the software development process itself are all being reimagined as AI agents advance on every stage of the software development life cyc…US.RESOURCES.CSOONLINE.COM
1 MayTop Five Sales Challenges Costing MSPs Cybersecurity RevenueThe managed security services market is projected to grow from $38.31 billion in 2025 to $69.16 billion by 2030[1], with cybersecurity being the fastest-growing sector[2]. Despite this opportunity, many MSPs leave revenue on the table because their go-to-market strategy fails to …THEHACKERNEWS.COM
1 May20 Years in Cyber: Dark Reading Marks Milestone With Month of Special CoverageOn this day in 2006, Dark Reading went live. We have a celebration planned that spans our two decades of covering the industry, and you, dear readers, are invited.DARKREADING.COM
1 MayCybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion AttacksCybersecurity researchers are warning of two cybercrime groups that are carrying out "rapid, high-impact attacks" operating almost within the confines of SaaS environments, while leaving minimal traces of their actions. The clusters, Cordial Spider (aka BlackFile, CL-CRI-1116, O-…THEHACKERNEWS.COM
1 MayCarding service Jerry’s Store leak exposes 345,000 stolen payment cardsJerry’s Store, a card-checking service used by cybercriminals, exposed 345,000 stolen payment cards after leaving its server open, revealing sensitive data. A cybercriminal operation known as Jerry’s Store has reportedly exposed a large cache of stolen payment card data after lea…SECURITYAFFAIRS.COM
1 MayUbuntu services hit by outages after DDoS attackA group of hacktivists have claimed responsibility for a distributed denial-of-service attack, which has affected several Ubuntu and Canonical websites, and prevented users from updating the Linux-based operating system.TECHCRUNCH.COM
1 MayIf AI's So Smart, Why Does It Keep Deleting Production Databases?The issue isn't artificial intelligence, but rather an industry adding AI agent integrations into production environments before proper security testing.DARKREADING.COM
1 MaySenate Judiciary advances bill that would bar minors from interacting with AI companionsThe bill, known as the GUARD Act, also requires that AI companions advise users of all ages that they are not human and lack professional credentials. It also makes it a crime for AI companions to knowingly ask kids for sexual content or to produce it.THERECORD.MEDIA
1 MayDigital attacks drive a new wave of cargo theft, FBI saysThe FBI warns of rising cyber cargo theft, with hackers targeting brokers and carriers. Experts say digital attacks are replacing traditional cargo theft. The FBI has issued a Public Service Announcement (PSA) about a surge in cyber-enabled cargo theft, with hackers increasingly …SECURITYAFFAIRS.COM
1 MaySecurity posture improvement in the AI eraIt’s only been a few weeks since Anthropic announced the Claude Mythos Preview model and launched Project Glasswing with AWS and other leading organizations. This has generated a lot of discussion about the future of cybersecurity and what the ever-increasing capabilities of foun…AWS.AMAZON.COM
1 MaySocial Engineering Leveled Up. Has Your Security Program?Social engineering has evolved. Device code phishing and AI lures bypass MFA and blend in. Build a cyber resilience strategy before the next attack lands.HUNTRESS.COM
1 MayHow Much Does Anthropic’s Mythos Change Enterprise Security?There has been a significant amount of interest by CISOs in the impact of frontier artificial intelligence (AI) models for offensive and defensive purposes following Anthropic’s Claude Mythos Preview release April 7, 2026.INTEL471.COM
30 AprClaude Mythos Fears Startle Japan's Financial Services SectorGlobal financial institutions are panicked over Anthropic's new superhacker AI model. Cyber experts aren't quite as worried.DARKREADING.COM
30 AprAll rise for the Chatrie.This week, Dave and Ben sit down with N2K's Lead Analyst Ethan Cook to look at the Supreme Court's new case examining geofencing. In the conversation, the three break down the various stances the justice's have already begun to take up and what the potential fallouts of this case…THECYBERWIRE.COM
30 AprIran-linked Handala hackers leak US Marines data, send chilling WhatsApp threatsUS Marines stationed around the Persian Gulf have been receiving WhatsApp messages from strangers suggesting they call home and make their final goodbyes. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
30 AprEuropol Busts Albanian Scam Call Centers in Major Online Fraud CaseEuropean police arrested 10 suspects after dismantling Albanian scam call centers linked to a €50m ($58m) online investment fraud operationINFOSECURITY-MAGAZINE.COM
30 AprPost-quantum encryption for Cloudflare IPsec is generally availableCloudflare IPsec now has generally available support for post-quantum encryption via hybrid ML-KEM. We’ve confirmed interoperability with Cisco and Fortinet.CLOUDFLARE.COM
30 AprOracle Red Bull Racing Team Revs Up Automation to Boost SecurityWhile drivers race to shave off seconds on the track, the team's IT and engineering staff are speeding up how they deliver security.DARKREADING.COM
30 AprDental practice software maker fixes bug that exposed patients’ medical recordsThe security bug is now fixed, but the patient who found it said it was challenging to alert the software company about the issue.TECHCRUNCH.COM
30 AprHackers stole hundreds of thousands of Roblox accounts: Here’s what to doHackers used fake Roblox “game enhancements” to steal login details from hundreds of thousands of players, then sold the accounts for profit.MALWAREBYTES.COM
30 AprTrump’s cyber ambassador nominee advances to full Senate voteAdam Cassady, who was nominated last month to helm the State Department’s Bureau of Cyberspace and Digital Policy, was approved by a vote of 17-5.THERECORD.MEDIA
30 AprOpenAI Rolls Out ‘Advanced’ Security Mode for At-Risk AccountsOpenAI is rolling out Advanced Account Security for people concerned that their ChatGPT or Codex accounts could be potential targets of phishing attacks.WIRED.COM
30 AprAfter dissing Anthropic for limiting Mythos, OpenAI restricts access to Cyber, tooOpenAI will begin rolling out it cybersecurity testing tool, GPT-5.5 Cyber only "to critical cyber defenders" at first.TECHCRUNCH.COM
30 AprGreat responsibility, without great powerIn this week’s newsletter, Hazel uses International Superhero Day as a springboard to explore why empathy — rather than just technical prowess — is the most essential, underrated superpower for navigating the human side of cybersecurity.TALOSINTELLIGENCE.COM
30 AprMore PayPal emails hijacked to deliver tech support scamsWe investigate how scammers are abusing PayPal’s systems to push victims into calling fake support numbers.MALWAREBYTES.COM
30 AprOne copy too many.A critical Linux flaw dubbed “Copy Fail” raises alarm. The House moves to extend Section 702. The White House pushes back on expanded Mythos access. cPanel and SonicWall rush out security patches. Researchers warn AI agents may leak credentials. Smishing targets key industries. U…THECYBERWIRE.COM
30 AprAnthropic's Mythos Has Landed: Here's What Comes Next for CyberIn this latest installment of the Reporters' Notebook video series, we discuss how the new AI model threatens to completely upend cybersecurity, and what industry leaders are telling the press.DARKREADING.COM
30 AprCongress punts FISA renewal to JuneThe latest House action came after the Senate declared the previous bill dead on arrival because it included a ban on the Federal Reserve’s ability to issue a digital currency. Instead, the upper chamber approved a 45-day extension by unanimous consent.THERECORD.MEDIA
30 AprRed Agent and Claude Opus: Securing Production Targets at ScaleDelivering enterprise-grade continuous AI-powered risk assessment to hundreds of customers through the combined power of Wiz and AnthropicWIZ.IO
30 AprThe (In)security Landscape of AI-Powered GitHub Actions (Part 2/2)When AI meets CI/CD: permission bypasses, prompt injection, and what to do about it.WIZ.IO
29 AprWeekly Threat Bulletin – April 29th, 2026These are the top threats you should know about this week.F5.COM
29 AprA Quarter of Healthcare Organizations Report Medical Device Cyber-AttacksRunSafe report reveals most attacks on medical devices disrupt patient careINFOSECURITY-MAGAZINE.COM
29 AprWhat to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)Every security team has a version of the same story. The quarter ends with hundreds of vulnerabilities closed. The dashboards are bursting with green. Then someone in a leadership meeting asks: "So, are we actually safer now?" Crickets. The room goes quiet because an honest answe…THEHACKERNEWS.COM
29 AprToday's Odd Web Requests, (Wed, Apr 29th)Today, two different "new" requests hit our honeypots. Both appear to be recon requests and not associated with specific vulnerabilities. But as always, please let me know if you have additional information
ISC.SANS.EDU
29 AprMalicious npm Dependency Linked to AI Assisted Commit Targets Crypto WalletsResearchers uncover a malicious npm dependency linked to an AI‑assisted code commit that steals sensitive data and exposes crypto walletsINFOSECURITY-MAGAZINE.COM
29 AprWhat Is Dark Web Monitoring?What Is Dark Web Monitoring? Every day, stolen credentials, leaked records, and sensitive data show up in hidden corners of the internet. Most security tools never reach those places. Dark Web Monitoring does. In this guide, you will learn the Dark Web Monitoring meaning, how it …SOCRADAR.IO
29 AprCursor Extension Flaw Exposes Developer API KeysCursor flaw lets extensions steal API keys and session tokens without user interaction, according to researchers at LayerXINFOSECURITY-MAGAZINE.COM
29 AprInternet censorship index reveals Russia’s lead and widespread content blockingGlobal study shows targeted internet censorship worldwide, with Russia leading; VPNs, news, and adult content are most frequently blocked categories. The Global Internet Censorship Index 2026 offers a clear view of how governments around the world control online access. Researche…SECURITYAFFAIRS.COM
29 AprVehicle-based surveillance tools | Kaspersky official blogAn inside look at who uses built-in automotive tracking and how you can avoid being monitoredKASPERSKY.COM
29 AprDesigning trust and safety into Amazon Bedrock powered applicationsGenerative AI brings promising innovation, transforming how individuals and organizations approach everything from customer service to content creation and more. As AI continues to expand its capabilities, organizations are increasingly focused on how they can integrate the respo…AWS.AMAZON.COM
29 AprCloudsmith raises $72 million in Series C funding.Spectrum Security emerges from stealth with $19 million. Israeli data security company Cyera acquires Ryft.THECYBERWIRE.COM
29 AprUS, China partner on scam center takedown in DubaiThe Justice Department said the operation began last year following “numerous” victim complaints to the FBI by U.S. victims who lost millions through cryptocurrency investment fraud schemes.THERECORD.MEDIA
29 AprResearchers built a chatbot that only knows the world before 1931What happens when you strip the internet out of AI? Researchers built a chatbot that only knows the world before 1931.MALWAREBYTES.COM
29 AprHouse approves spy program on second attempt, Senate fate murkyThe bill, which passed 235-191, would renew Section 702 of the Foreign Intelligence Surveillance Act for three years.THERECORD.MEDIA
29 AprProject Swarm: Join the Collective. Defend the EdgeToday, we're launching Project Swarm — a research initiative that opens the GreyNoise deception platform to the global security community. Project Swarm transforms GreyNoise from a proprietary sensor network into a collective intelligence platform.GREYNOISE.IO
29 AprKey Takeaways from the 2026 State of AI in the Cloud ReportHow AI Adoption, Autonomy, and Attacker Innovation Are Reshaping Cloud SecurityWIZ.IO
28 AprChinese engineer stole US military and NASA software for yearsHe created Gmail accounts, impersonated real US researchers, and convinced NASA, the military, and universities to hand over sensitive code.MALWAREBYTES.COM
28 AprFrom DMV to Wallet: Understanding Verifiable Digital Credential IssuanceIn our last post in this series, we compared two credential formats that shape the digital identity ecosystem: ISO/IEC 18013-5 and -7 mobile documents (mdocs) and W3C Verifiable Credentials (VCs). Both formats define how a credential is structured and shared, but neither can func…NIST.GOV
28 AprThe Hunt for American Turncoats in World War II EuropeIt’s a story that journalist and veteran Stephen Harding uncovered: a secret component of the FBI’s “European Operation,” whereby agents traveled abroad working undercover to track down American citizens who had betrayed their country during World War II. These traitors ran the g…THECYBERWIRE.COM
28 AprFrom the Kaiser to the Führer: Inside the World of Lothar WitzkeOne of the more notorious German spies of the 20th century, Lothar Witzke lived a life of intrigue: from escaping the death penalty in the First World War to joining the Nazi party in the Second. It's a story that Robert Hornick and Paul Friedland stumbled on by chance. With help…THECYBERWIRE.COM
28 AprA practical guide to secure vibe-coding for small businesses | Kaspersky official blogConfiguration and prompting tips to get an AI assistant to write more secure code.KASPERSKY.COM
28 AprFive defender priorities from the Talos Year in ReviewWith attackers moving faster than ever, it’s easy to feel overwhelmed. This blog breaks down five practical priorities from the Cisco Talos 2025 Year in Review to help defenders focus and prioritize, amidst all the noise.TALOSINTELLIGENCE.COM
28 AprUkrainian police detain hackers suspected of stealing thousands of Roblox accounts for resalePolice said on Monday the victims included both Ukrainian and foreign players whose accounts contained valuable digital items, rare equipment and in-game currency purchased with real money.THERECORD.MEDIA
28 AprThe Race Is on to Keep AI Agents From Running Wild With Your Credit CardsAI agents may soon be buying your stuff for you. The FIDO Alliance has teamed up with Google and Mastercard to try to ensure that shopping in the near future isn't a complete disaster.WIRED.COM
28 AprUS Supreme Court appears split over controversial use of ‘geofence’ search warrantsThe U.S. top court is expected to rule on whether to allow police to identify criminal suspects by dragnet searching the databases of tech giants.TECHCRUNCH.COM
28 AprCyber Command, NSA chief warns foreign adversaries likely to target midtermsArmy Gen. Joshua Rudd told lawmakers “we are postured and ready to support as required or tasked, making sure that we safeguard our elections.”THERECORD.MEDIA
28 AprNSA Chief During Snowden Affair Shares Regrets, Reflections 13 Years LaterChris Inglis was the head civilian in charge at the NSA when the Snowden leak exploded. He gets candid about mistakes the organization made, and what CISOs need to know about spotting potential threats, media disclosures, and "enculturation."DARKREADING.COM
27 AprWhen security becomes the attack surface: Why endpoint protection must evolveWhen attackers target security tools, protection must be resilient, self-healing and always on.CYBERSECURITYDIVE.COM
27 AprBlackFile Group Targets Retail and Hospitality with Vishing AttacksResearchers uncover a new data theft and extortion group dubbed “BlackFile”INFOSECURITY-MAGAZINE.COM
27 AprMost Cybersecurity Professionals Feel Undervalued and UnderpaidA new report by global technology recruitment firm, Harvey Nash, found that three quarters of cybersecurity staff are pessimistic on pay and half are looking for a new jobINFOSECURITY-MAGAZINE.COM
27 AprParsing Agentic Offensive Security's Existential ThreatSome fear frontier LLMs like Claude Mythos and Anthropic's GPT-5.5 will lead to cybersecurity annihilation. Ari Herbert-Voss notes this could be an opportunity.DARKREADING.COM
27 AprWidely Used Browser Extensions Selling User DataDozens of browser extensions openly sell user data via privacy policy disclosuresINFOSECURITY-MAGAZINE.COM
27 AprChinese spy posed as researcher in spear-phishing campaign targeting NASA to steal defense softwareA Chinese national posed as a U.S. researcher, tricking NASA staff in a phishing campaign to steal sensitive data tied to defense software and exports. A Chinese national ran a spear-phishing campaign by posing as a U.S. researcher and tricked NASA employees into sharing sensitiv…SECURITYAFFAIRS.COM
27 AprUS Sanctions Target Cambodian Scam Network LeadersUS sanctions target Cambodian scam networks tied to crypto fraud and traffickingINFOSECURITY-MAGAZINE.COM
27 AprDisinformation campaign targeted Tibetan parliament-in-exile electionsThe operation, identified by the Digital Forensic Research Lab (DFRLab), was part of Spamouflage, a long-running influence network linked to Beijing.THERECORD.MEDIA
27 AprItaly extradites alleged Chinese state hacker to USA Chinese national accused of being a member of a state-backed hacking group that allegedly broke into systems to steal COVID-19 vaccine information has been extradited to the U.S. from Milan.THERECORD.MEDIA
27 AprCan I do that with policy? Understanding the AWS Service Authorization ReferenceUnderstanding what AWS Identity and Access Management (IAM) policies can control helps you build better security controls and avoid spending time on approaches that won’t work. You’ve likely encountered questions like: Can I use AWS Organizations service control policies (SCPs) t…AWS.AMAZON.COM
27 AprUS Supreme Court weighs legality of geofence warrants.Researchers analyze a cyber sabotage framework that predates Stuxnet. Toronto police arrest three men accused of operating an SMS blaster.THECYBERWIRE.COM
27 AprMoney launderer for crypto thieves given 5-year sentenceA California man was sentenced to more than five years in prison for his role in supporting a cybercriminal organization that stole about $260 million worth of cryptocurrency from victims.THERECORD.MEDIA
27 AprCole Allen Charged With Attempting to Assassinate TrumpThe suspected shooter at Saturday night’s White House Correspondents’ Dinner faces three felony charges. He remains in custody following Monday’s hearing.WIRED.COM
27 AprSupreme Court signals location data searches should require a warrantPrivacy advocates had worried that the high court would rule that geofencing does not qualify as a constitutionally protected search, opening the door to much broader use of warrantless reverse searches of all types.THERECORD.MEDIA
27 AprTennessee becomes second state to ban cryptocurrency ATMs over scam concernsState officials said they observed overseas criminals carrying out government impersonation or tech support cons, as well as romance and pig butchering scams using cryptocurrency ATMs.THERECORD.MEDIA
26 AprCalifornia Engineer Identified in Suspected Shooting at White House Correspondents' DinnerThe 31-year-old engineer and self-described indie game developer is suspected of firing shots at the annual event attended by President Donald Trump, high-profile media figures, and US government officials.WIRED.COM
25 AprMonitoring Claude Code/Cowork at scale with OTel in ElasticHow Elastic's InfoSec team built a monitoring pipeline for Claude Code and Claude Cowork using their native OTel export capabilities and Elastic's OTel ingestion infrastructure.ELASTIC.CO
25 AprA QRazy clever scam.This week, we are joined by Juliana Testa, Senior Security Engineer from 7AI, sharing their work on "Quish Splash - When the QR Code Is the Weapon: A Multi-Wave Phishing Campaign That Slipped Past Every Filter." A large-scale “quishing” campaign used QR codes embedded in imag…THECYBERWIRE.COM
24 AprBridging the AI Agent Authority Gap: Continuous Observability as the Decision EngineThe AI Agent Authority Gap - From Ungoverned to Delegation As discussed in our previous article, AI agents are exposing a structural gap in enterprise security, but the problem is often framed too narrowly. The issue is not simply that agents are new actors. It is that agents are…THEHACKERNEWS.COM
24 AprMedical data of 500,000 UK volunteers listed for sale on AlibabaDespite strict access controls, medical data from half a million UK Biobank volunteers ended up listed for sale on Alibaba.MALWAREBYTES.COM
24 AprAI Rush is Reviving Old Cybersecurity Mistakes, Mandiant VP WarnsAI tools are not just creating new vulnerabilities, they are reviving old security failures, warned Jurgen Kutscher, VP of Mandiant ConsultingINFOSECURITY-MAGAZINE.COM
24 AprToronto police arrest three in Canada’s first mobile SMS blaster caseCanadian police arrested three men over the use of a mobile “SMS blaster,” a device capable of impersonating a cellular tower to send mass phishing messages and disrupt mobile networks.THERECORD.MEDIA
24 AprThe Latest Push to Extend Key US Spy Powers Is Still a MessA US surveillance program that lets the FBI view Americans’ communications without a warrant is up for renewal. A new bill aims to address mounting lawmaker concerns—with smoke and mirrors.WIRED.COM
24 AprGlasswing Secured the Code. The Rest of Your Stack Is Still on YouForgotten integrations, shadow IT, SaaS, and now shadow AI and agents are everywhere, and attackers don't need sophisticated AI models to take advantage.DARKREADING.COM
24 AprPentagon grapples with securing AI as it moves toward autonomous warfareAutonomous weapons are becoming an "essential" part of modern war, Chairman of the Joint Chiefs of Staff Gen. Dan Caine told an audience at Vanderbilt University’s Asness Summit on Modern Conflict and Emerging Threats.THERECORD.MEDIA
24 AprProtecting your secrets from tomorrow’s quantum risksAs outlined in the AWS post-quantum cryptography (PQC) migration plan, addressing the risk of harvest now, decrypt later (HNDL) attack is an important part of your post-quantum plan. Upgrading the client-side of your workloads to support quantum-resistant confidentiality is an im…AWS.AMAZON.COM
24 AprUS Busts Myanmar Ring Targeting US Citizens in Financial FraudSome 29 people were charged, including a Cambodian senator, and authorities seized more than 500 Web domains tied to fake investment sites.DARKREADING.COM
24 AprEavesdropping via fiber-optic cables | Kaspersky official blogA side-channel attack that allows a fiber-optic cable to be used as a microphone.KASPERSKY.COM
23 AprSection 702 survives for now.This week, Dave and Ben revisit several key stories including the Senate reauthorizing Section 702 and top White House officials meeting with Anthropic's CEO. Alongside these story updates, the two also look into how conversations surrounding AI liability and insurance coverage a…THECYBERWIRE.COM
23 AprRoblox clamps down on chats and age checks as legal pressure buildsRoblox is paying millions to settle child safety claims while rolling out strict age checks and chat limits that could reshape how kids use the platform.MALWAREBYTES.COM
23 AprCyber-Attacks Surge 63% Annually in Education SectorQuorum Cyber report finds higher and further education institutions experienced 63% increase in attacks over a yearINFOSECURITY-MAGAZINE.COM
23 AprGoogle Introduces Unique AI Agent Identities in New Gemini Enterprise PlatformGoogle Cloud will attribute a unique cryptographic ID every AI agent that will be tied to “traceable and auditable” authorization policiesINFOSECURITY-MAGAZINE.COM
23 AprProject Glasswing Proved AI Can Find the Bugs. Who's Going to Fix Them?Last week, Anthropic announced Project Glasswing, an AI model so effective at discovering software vulnerabilities that they took the extraordinary step of postponing its public release. Instead, the company has given access to Apple, Microsoft, Google, Amazon, and a coalition of…THEHACKERNEWS.COM
23 AprSurveillance vendors caught abusing access to telcos to track people’s phone locations, researchers sayThe Citizen Lab found two separate surveillance vendors abusing the backbone of cellular networks to spy on several victims across the world.TECHCRUNCH.COM
23 AprApple Fixes iOS Notification Bug Exposing Deleted MessagesApple patches iOS flaw that retained deleted notifications, exposing message dataINFOSECURITY-MAGAZINE.COM
23 AprMedical data of 500,000 Britons put up for sale on Chinese websiteThe data is held by the UK Biobank charity and includes genetic sequences, blood samples, medical scans and lifestyle information.THERECORD.MEDIA
23 AprSpam and phishing targeting taxpayers | Kaspersky official blogHow to identify tax-related phishing and fraud: fake portals, bogus crypto wallet verifications, and malicious files. We break down the steps you need to take to protect both your money and your data.KASPERSKY.COM
23 AprGoogle Favors General‑Purpose Gemini Models Over Cybersecurity‑Specific AIGoogle Cloud’s COO advocated for combining general-purpose frontier large language models with task-specific AI agentsINFOSECURITY-MAGAZINE.COM
23 AprIt pays to be a forever studentIn this newsletter, Joe discusses why understanding other disciplines can often flow back into the macro and micro of cybersecurity, especially in a world of AI.TALOSINTELLIGENCE.COM
23 AprIndia drops national ID app mandate.New cyber tools calm tensions between Anthropic and Trump.THECYBERWIRE.COM
23 AprUS sanctions Cambodian senator for millions earned through scam compoundsThe Treasury Department said Cambodian senator Kok An was being sanctioned alongside 28 others involved in his scam center operation.THERECORD.MEDIA
23 Aprfast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before StuxnetA previously unknown 2005 cyber sabotage framework patches high-precision calculation software in memory to silently corrupt results.SENTINELONE.COM
22 AprWeekly Threat Bulletin – April 22nd, 2026These are the top threats you should know about this week.F5.COM
22 AprWinter 2025 SOC 1 report is now available with 184 services in scopeAmazon Web Services (AWS) is pleased to announce that the Winter 2025 System and Organization Controls (SOC) 1 report is now available. The report covers 184 services over the 12-month period from January 1, 2025 – December 31, 2025, giving customers a full year of assurance. Thi…AWS.AMAZON.COM
22 AprVenezuela energy sector targeted by highly destructive Lotus wiperLotus Wiper hit Venezuelan energy systems, used scripts to disable defenses, then erased all data beyond recovery. Kaspersky researchers found Lotus Wiper targeting Venezuela’s energy and utilities sector amid regional tensions in 2025–2026. Attackers first used batch scripts to …SECURITYAFFAIRS.COM
22 AprResearchers Uncover ProxySmart Software Powering 90+ SIM FarmsInfrawatch says ProxySmart platform enables SIM farm activity at “industrial scale”INFOSECURITY-MAGAZINE.COM
22 AprSurge in Silent Subject Phishing Attacks Targets VIP UsersNull subject phishing campaigns bypass filters and target VIPs with QR code and RMM abuseINFOSECURITY-MAGAZINE.COM
22 AprChina’s cyber capabilities now equal to the US, warns Dutch intelligenceDutch intelligence says the threat from Beijing is now largely going unmet and is so sophisticated its operations are regularly missed by intelligence agencies and cybersecurity defenders.THERECORD.MEDIA
22 AprCritical BRIDGE:BREAK flaws impact Lantronix and Silex Technology converters22 BRIDGE:BREAK flaws hit Lantronix and Silex Technology converters, exposing approximately 20,000 devices to hijacking and data tampering. Researchers at Forescout Research Vedere Labs found 22 BRIDGE:BREAK flaws in serial-to-IP devices from Lantronix and Silex Technology. Seria…SECURITYAFFAIRS.COM
22 AprUK Commits £90m for Cybersecurity and Pushes for ‘Resilience Pledge’UK unveils £90m cybersecurity funding at CYBERUK to boost SME resilience, promote Cyber Essentials and a new Cyber Resilience Pledge, sparking industry debateINFOSECURITY-MAGAZINE.COM
22 AprUnauthorized users gain access to Anthropic's Mythos model.Mustang Panda targets India's financial sector. Business news: Artemis emerges from stealth with $70 million.THECYBERWIRE.COM
22 AprA technical walkthrough of multicloud full-stack security using AWS Security Hub ExtendedBuilding on our recent announcement of AWS Security Hub Extended —our full-stack enterprise security offering — we want to show you how we’re simplifying security procurement and operations for your multicloud environments. Whether you’re a security architect evaluating solutions…AWS.AMAZON.COM
22 AprMacOS Native Tools Enable Stealthy Enterprise AttacksmacOS LOTL techniques bypass detection using native tools and metadata abuseINFOSECURITY-MAGAZINE.COM
22 AprArtemis emerges from stealth with $70 million in funding.ServiceNow completes its acquisition of Armis.THECYBERWIRE.COM
21 AprBad Apples: Weaponizing native macOS primitives for movement and executionCisco Talos documents several macOS living-off-the-land (LOTL) techniques, demonstrating that native pathways for movement and execution remain accessible to those who understand the underlying architecture.TALOSINTELLIGENCE.COM
21 AprAndroid 17 ends all-or-nothing access to your contactsApps have been taking your whole contact list for years. Android 17 finally makes them ask for less.MALWAREBYTES.COM
21 AprThey Built a Legendary Privacy Tool. Now They’re Sworn EnemiesThere’s a lot of love all over the world for GrapheneOS, the gold standard of mobile security. There’s very little love between the two guys at the center of its history.WIRED.COM
21 AprReal Apple notifications are being used to drive tech support scamsScammers have found a way to abuse legitimate Apple notification emails to trick people into calling fake tech support numbers.MALWAREBYTES.COM
21 AprEU targets two Russian propaganda networks with new sanctionsThe measures target Euromore, a media outlet that EU officials say amplifies Kremlin narratives, and the Foundation for the Support and Protection of the Rights of Compatriots Living Abroad (Pravfond), a Moscow-funded group accused of promoting propaganda aligned with Russia’s fo…THERECORD.MEDIA
21 Apr‘Scattered Spider’ Member ‘Tylerb’ Pleads GuiltyA 24-year-old British national and senior member of the cybercrime group "Scattered Spider" has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the summer of 2022 that a…KREBSONSECURITY.COM
21 AprUK regulator to probe Telegram, teen chat sites for potential child safety violationsThe Telegram probe was launched after the Canadian Centre for Child Protection shared information that allegedly showed CSAM is present and shared on the platform, according to a press release from Ofcom.THERECORD.MEDIA
21 AprMeta Is Sued Over Scam Ads on Facebook and InstagramA lawsuit from the Consumer Federation of America accuses Meta of misleading consumers about its efforts to combat scams advertisements on its platforms.WIRED.COM
21 AprMozilla Used Anthropic’s Mythos to Find and Fix 151 Bugs in FirefoxThe Firefox team doesn’t think emerging AI capabilities will upend cybersecurity long term, but they warn that software developers are likely in for a rocky transition.WIRED.COM
20 AprMicrosoft: Update außer der Reihe gegen ungewollte Server-RebootsEin ungeplantes Update von Microsoft soll automatisch neustartende Windows-Server heilen. Das kann nach den April-Updates auftreten.HEISE.DE
20 AprZahlreiche Attacken auf Dell PowerProtect Data Domain möglichIn aktuellen Versionen von Dell PowerProtect Data Domain haben die Entwickler Schwachstellen geschlossen.HEISE.DE
20 AprFakeWallet crypto stealer spreading through iOS apps in the App StoreIn March 2026, we uncovered more than twenty phishing apps in the Apple App Store masquerading as popular crypto wallets.SECURELIST.COM
20 AprFakeWallet crypto stealer spreading through iOS apps in the App StoreIn March 2026, we uncovered more than twenty phishing apps in the Apple App Store masquerading as popular crypto wallets.SECURELIST.COM
20 AprThe Weird, Twisting Tale of How China Spied on Alysa Liu and Her DadYears before the figure skater became an Olympic superstar, a Chinese operative tried to stalk her father and monitored other US residents deemed dissidents against China. And that’s just the beginning.WIRED.COM
20 AprCrypto Exchange Grinex Blames Western Spies for $13m TheftRussian crypto-exchange Grinex claims Western intelligence agencies were behind a $13m heistINFOSECURITY-MAGAZINE.COM
20 AprWhy Most AI Deployments Stall After the DemoThe fastest way to fall in love with an AI tool is to watch the demo. Everything moves quickly. Prompts land cleanly. The system produces impressive outputs in seconds. It feels like the beginning of a new era for your team. But most AI initiatives don't fail because of bad techn…THEHACKERNEWS.COM
20 AprBritish hacker tied to Scattered Spider campaign pleads guilty in $8M schemeA British hacker pleaded guilty in U.S. federal court to participating in a sweeping cybercrime campaign that siphoned at least $8 million in cryptocurrency from companies and individuals, federal prosecutors said.THERECORD.MEDIA
20 AprMythos: An AI tool too powerful for public releaseAnthropic is keeping Mythos out of public hands, with limited access for select organizations over fears it could be misused.MALWAREBYTES.COM
20 AprHow to clone an AWS CloudHSM cluster across RegionsImportant: As of January 1, 2025, Client SDK 3 tools (CMU and KMU) are no longer supported. This guide has been updated to use Client SDK 5 commands exclusively. Ensure you’re using the latest Client SDK 5 version (5.17 or later) for the most recent features and security improvem…AWS.AMAZON.COM
20 AprElon Musk fails to appear for questioning by French police over sexualized AI images on XMusk, the billionaire owner of X, and the company's chief executive Linda Yaccarino had both been summoned for voluntary interviews with police on April 20 in Paris.THERECORD.MEDIA
20 AprMastodon says its flagship server was hit by a DDoS attackThe DDoS attack against Mastodon's flagship server comes less than a week after Bluesky was targeted with junk web traffic.TECHCRUNCH.COM
20 AprItalian regulator fines national postal service orgs $15 million for data privacy violationsThe regulator fined Poste Italiane SpA, the postal service provider, €6.6 million ($7.8 million) and Postepay SpA, a digital payments subsidiary, €5.9 million ($7 million) for allegedly illegally processing millions of users’ personal data.THERECORD.MEDIA
19 AprStaatliches Bedrohungsmanagement: Psychisch kranke Personen mit RisikopotentialPsychisch krank und potenziell gefährlich? Bund und Länder bauen ihre Frühwarnsysteme auf – mit Datenaustausch, Fallmanagement und Risikoanalyse.HEISE.DE
19 AprPalantir posts mini-manifesto denouncing inclusivity and ‘regressive’ culturesPalantir's ideological bent has come under more scrutiny as it's worked with ICE and positioned itself as a defender of "the West."TECHCRUNCH.COM
17 AprLumma Stealer infection with Sectop RAT (ArechClient2), (Fri, Apr 17th)Introduction
ISC.SANS.EDU
17 AprAngreifer attackieren Apache ActiveMQ Broker, Apache ActiveMQAdmins sollten zügig die gegen derzeit laufende Attacken gerüsteten Versionen von Apache ActiveMQ Broker und Apache ActiveMQ installieren.HEISE.DE
17 AprÄrger mit aktueller NordVPN-App für macOSUser des VPN-Dienstes aus Litauen melden seit dem Upgrade auf Version 10.0 Verbindungs- und Bedienungsprobleme beim Mac-Client. 10.0.4 soll es richten.HEISE.DE
17 AprAmazon: Ring-Kameras jetzt mit optionaler GesichtserkennungAuch in Deutschland können Ring-Kameras nun Gesichter erkennen und Nutzer darüber informieren. Die Option ist standardmäßig deaktiviert.HEISE.DE
17 AprWindows-Updates: Unerwartete Server-Reboots und AnmeldestörungenDie Updates für Windows Server im April haben Nebenwirkungen. Server starten unerwartet neu oder erlauben keine Admin-Anmeldungen.HEISE.DE
17 AprJetzt patchen nginx-ui! Angreifer übernehmen Kontrolle über Nginx-ServerDerzeit nutzen Angreifer eine kritische Sicherheitslücke im Web-Managementtool nginx-ui aus. Davon sind auch Instanzen in Deutschland bedroht.HEISE.DE
17 AprÖsterlicher Zertifikats-GAU bei D-Trust: Zehntausende Zertifikate ungültigZwischen Gründonnerstag und Ostermontag mussten Admins ihre TLS-Zertifikate austauschen. Nun gibt D-Trust bekannt: Fast 60.000 waren nicht regelkonform.HEISE.DE
17 AprYubiKey Manager: Sicherheitslücke ermöglicht Ausführung untergeschobenen CodesYubico warnt vor einer Suchpfad-Schwachstelle im YubiKey Manager, libfido2 und python-fido2. Updates korrigieren die Fehler.HEISE.DE
17 AprGoogle Blocks 8.3B Policy-Violating Ads in 2025, Launches Android 17 Privacy OverhaulGoogle this week announced a new set of Play policy updates to strengthen user privacy and protect businesses against fraud, even as it revealed it blocked or removed over 8.3 billion ads globally and suspended 24.9 million accounts in 2025. The new policy updates relate to conta…THEHACKERNEWS.COM
17 AprSinger loses life savings to fake wallet downloaded from the Apple App StoreIf you hold cryptocurrency, there's a very simple golden rule that you should always follow. Never hand over your seed phrase. Garrett Dutton, better known as G. Love - the front man of blues-hip-hop outfit G. Love & Special Sauce - has learnt that lesson the hard way. Read …BITDEFENDER.COM
17 AprAndroid 13 erreicht Support-Ende: Millionen Geräte betroffenAndroid 13 ist raus. Google hat schon Anfang März den Support für die im Jahr 2022 veröffentlichte OS-Version eingestellt.HEISE.DE
17 AprThis old-school scam is still workingWe sent Tess to investigate a classic Nigerian advance-fee scam with a new twist. Sadly, these old scams are still in play because they work.MALWAREBYTES.COM
17 AprDraftKings hacker sentenced to prison, ordered to pay $1.4 MillionA DraftKings hacker got 30 months in prison for selling stolen credentials and must pay over $1.4 million in fines and restitution. Kamerin Stokes, 23, from Memphis (aka TheMFNPlug), received a 30-month prison sentence for his role in a 2022 credential stuffing attack against Dra…SECURITYAFFAIRS.COM
17 AprEU-App zur Altersprüfung: Experten knacken „Sorglos-Paket“ in MinutenDie EU-Kommission will den Jugendschutz im Netz per App revolutionieren. Doch rasch entpuppt sich das Versprechen von Anonymität und Sicherheit als sehr fragil.HEISE.DE
16 AprChrome-Update stopft 31 Sicherheitslücken, davon fünf kritischeUpdates für Google Chrome aus der Nacht zum Donnerstag schließen 31 Sicherheitslücken. Fünf davon gelten als kritisches Risiko.HEISE.DE
16 AprCisco: Kritische Codeschmuggel-Lücken in ISE und mehr geschlossenIn Ciscos Identity Services Engine sowie Webex klaffen kritische Sicherheitslücken. Insgesamt stopfen die Entwickler 10 Sicherheitslecks.HEISE.DE
16 AprAnonymisierendes Linux: Notfallupdate auf Tails 7.6.2 schließt Flatpak-LückeEine Sicherheitslücke in Flatpak ist Auslöser für ein Notfallupdate für die Linux-Distribution Tails, die anonymes Surfen ermöglicht.HEISE.DE
16 AprMore than pretty pictures: Wendy Bishop on visual storytelling in techWendy shares the unique challenges and rewards of bridging the gap between artistic expression and highly technical research.TALOSINTELLIGENCE.COM
16 AprHidden Passenger? How Taboola Routes Logged-In Banking Sessions to TemuA bank approved a Taboola pixel. That pixel quietly redirected logged-in users to a Temu tracking endpoint. This occurred without the bank’s knowledge, without user consent, and without a single security control registering a violation. Read the full technical brea…THEHACKERNEWS.COM
16 AprFashion retailer Express left customers’ personal data and order details exposed to the internetRetail giant Express was publicly spilling customer information to the open web. The bug is now fixed after TechCrunch alerted Express, but the company would not say if it plans to notify customers.TECHCRUNCH.COM
16 AprBrowser Guard gets even better with Access ControlTake control of pesky permission pop-ups and decide exactly which websites can access your camera, microphone, location, and send you notifications.MALWAREBYTES.COM
16 Apr“iCloud storage is full” scam is back, and now it wants your payment detailsApple users: Watch out for “upgrade now or lose your photos” scams that rush you into handing over your payment details.MALWAREBYTES.COM
16 AprAndroid Canary: Google testet überarbeitetes Kontextmenü für App-IconsIn der aktuellen Android-Canary-Version testet Google ein kompakteres, zweigeteiltes Kontextmenü für App-Icons sowie eine neue Benachrichtigungsanzeige.HEISE.DE
16 AprGimp: Ungepatchte Lücke erlaubt Codeschmuggel mit GIFsSicherheitslücken in Gimp erlauben das Einschleusen von Schadcode mit manipulierten Dateien wie GIFs. Noch gibt es kein Update.HEISE.DE
16 AprÖPNV-Expressmodus-Funktion beim iPhone: YouTuber zeigen potenziellen AngriffMit dem Expressmodus kann man in U-Bahn-Systemen wie in London oder New York schnell sein Ticket per NFC bezahlen. Besteht hier eine Sicherheitslücke?HEISE.DE
16 Apr„Power Off“: BKA geht gegen DDoS-Angebote vorBundeskriminalamt und Generalstaatsanwaltschaft Frankfurt sind mit internationalen Partnern gegen sogenannte Stresserdienste vorgegangen. Es gab Festnahmen.HEISE.DE
16 AprIt’s not just you — Bluesky is (sorta) downBluesky has been experiencing ongoing service disruptions since just before 3 a.m. ET.TECHCRUNCH.COM
16 AprDie Natur ist unsere Quelle der Zufälligkeit: zum Tode von Michael O. RabinIm Alter von 94 Jahren ist Michael Oser Rabin gestorben. Er war der einzige Empfänger des Turing-Awards, der im Deutschen Reich geboren wurde.HEISE.DE
16 AprEuropean police email 75,000 people asking them to stop DDoS attacksEuropol coordinated an operation against for-hire distributed denial-of-service (DDoS) services, including the arrest of four people and the takedown of 53 domains.TECHCRUNCH.COM
16 AprCisco fixed four critical flaws in Identity Services and WebexCisco fixed four critical flaws in Identity Services and Webex that could allow code execution and user impersonation. Cisco has addressed four critical vulnerabilities affecting its Identity Services and Webex platforms. The flaws could allow attackers to execute arbitrary code …SECURITYAFFAIRS.COM
16 AprTreasury Secretary holds a meeting to cover risks related to Anthropic’s new model.Europe set to deploy new age-verification tool.THECYBERWIRE.COM
15 AprWeekly Threat Bulletin – April 15th, 2026These are the top threats you should know about this week.F5.COM
15 AprAzure-Hosted Scanning Cluster Launches WordPress Webshell Discovery CampaignSensor Intel Series: March 2026 CVE TrendsF5.COM
15 AprScanning for AI Models, (Tue, Apr 14th)Starting March 10, 2026, my DShield sensor started getting probe for various AI models such as claude, openclaw, huggingface, etc. Reviewing the data already reported by other DShield sensors to ISC, the DShield database shows reporting of these probes started that day and has be…ISC.SANS.EDU
15 AprWhat Founders Get Wrong About Early Marketing with Merav Ben Avi, VP of Marketing at YL VenturesMerav Ben Avi, VP of Marketing at YL Ventures, makes a strong case for something most security founders get wrong: marketing should not come later. It should be there from the start. She explains why hiring too late creates messy positioning, weak launches, and marketers stuck fi…THECYBERWIRE.COM
15 AprOpenAI Launches GPT-5.4-Cyber with Expanded Access for Security TeamsOpenAI on Tuesday unveiled GPT-5.4-Cyber, a variant of its latest flagship model, GPT‑5.4, that's specifically optimized for defensive cybersecurity use cases, days after rival Anthropic unveiled its own frontier model, Mythos. "The progressive use of AI accelerate…THEHACKERNEWS.COM
15 AprFortinet stopft 18 SicherheitslecksInsgesamt 18 Sicherheitsnotizen hat Fortinet in der Nacht zum Mittwoch veröffentlicht. Sie behandeln teils kritische Lücken.HEISE.DE
15 AprPatchday: Angreifer attackieren Edge und Microsoft SharePoint ServerAufgrund von laufenden Attacken auf Edge und SharePoint Server sollten Admins sicherstellen, dass die aktuellen Microsoft-Sicherheitsupdates installiert sind.HEISE.DE
15 AprWarnung vor Attacken auf 17 Jahre alte Excel-LückeDie US-Cybersicherheitsbehörde warnt vor beobachteten Angriffen auf eine uralte Excel-Lücke. Auch SharePoint wird angegriffen.HEISE.DE
15 AprAdobe-Patchday: Kritische Schadcode-Lücken bedrohen Photoshop & Co.Wichtige Sicherheitsupdates schließen Schwachstellen in Anwendungen von Adobe. Weil viele Lücken kritisch sind, sollten Admins zeitnah handeln.HEISE.DE
15 AprBugs ohne Bounty: Eclipse Foundation startet Sicherheitsprogramm für Open VSXSchutz für die Lieferkette: Die Eclipse Foundation motiviert Entwickler dazu, Schwachstellen in der Open VSX Registry zu finden – Geld gibt es jedoch nicht.HEISE.DE
15 AprMicrosoft Office 2021: Support endet am 13. Oktober 2026Microsoft erinnert an das Support-Ende für Office 2021 am 13. Oktober 2026. Es gibt keine erweiterten Sicherheitsupdates (ESU).HEISE.DE
15 Apr„Passwort“ Folge 55: News mit Claude-Code-Klau, PKI-Oopsies und QuantenturboDer Osterurlaub fiel für einige Admins PKI-bedingt kurz aus. Welche Fortschritte und Lecks es bei KI über die Feiertage gab, ist auch Thema der aktuellen Folge.HEISE.DE
15 AprRaspberry Pi OS 6.2: Update verspricht mehr SicherheitDie Raspberry-Pi-Entwickler haben in Raspberry Pi OS 6.2 die Sicherheit verbessert. Sie deaktivieren das passwortlose sudo.HEISE.DE
15 Apr108 malicious Chrome extensions caught stealing Google and Telegram data from 20,000 usersCybersecurity researchers have revealed that 108 malicious Google Chrome extensions have been quietly stealing user credentials, hijacking Telegram sessions, and injecting unwanted ads and scripts into browsers - all reporting back to the same central point. Read more in my artic…BITDEFENDER.COM
15 AprWireGuard: Update für Windows-Client nach vier JahrenNachdem Probleme mit der Treibersignierung durch Blockade von Microsoft gelöst wurden, ist nun WireGuard 0.6.1 für Windows erschienen.HEISE.DE
15 AprFake YouTube copyright notices can steal your Google loginThis convincing copyright scam is targeting YouTube creators. Attackers can take over your channel, plus your entire Google account.MALWAREBYTES.COM
15 AprOpenSSL 4.0 verschlüsselt, was TLS bisher verraten hatOpenSSL 4.0.0 ist da: Die Kryptobibliothek entfernt Altlasten, führt ECH für mehr Datenschutz ein und bereitet auf Post-Quantum-Kryptografie vor.HEISE.DE
15 AprÜberwachung weltweit: Bundesregierung winkt UN-Cybercrime-Konvention durchTrotz massiver Kritik stimmt Berlin dem Abkommen gegen Cyberkriminalität zu. Es handelt sich um einen völkerrechtlichen Vertrag mit gefährlich viel Spielraum.HEISE.DE
15 Apr21. BSI-Sicherheitskongress: NIS-2-Umsetzung weit hinter den ErwartungenDie Richtlinie ist noch immer zu unbekannt und Unternehmen ignorieren die Registrierungspflicht, konstatiert das BSI auf seinem Jahreskongress.HEISE.DE
15 AprIdentität bleibt geheim: EU-App für Altersnachweis kommtKommissionschefin von der Leyen kündigt eine fertige Lösung zur Altersprüfung an, die anonymes Surfen ermöglichen und Plattformen in die Pflicht nehmen soll.HEISE.DE
15 AprSpotting cyberthreats: a guide for blind and low-vision users | Kaspersky official blogLearn how Be My Eyes assists visually impaired users, whether it can truly stop phishing, and the key security measures users should be taking.KASPERSKY.COM
15 AprAI clickbait can turn your notifications into a scam feedA new AI-driven campaign known as Pushpaganda is using clickbait to turn your browser notifications into a stream of scams and fake alerts.MALWAREBYTES.COM
15 AprCisco intends to acquire AI observability and evaluation platform provider GalileoAim Intelligence and Capsule Security each raise $7 million.THECYBERWIRE.COM
14 Apr108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 UsersCybersecurity researchers have discovered a new campaign in which a cluster of 108 Google Chrome extensions has been found to communicate with the same command-and-control (C2) infrastructure with the goal of collecting user data and enabling browser-level abuse by injecting ads …THEHACKERNEWS.COM
14 AprFIFA World Cup 2026: More than One-Third of Official Partners Expose the Public to the Risk of Email FraudPROOFPOINT.COM
14 AprPhantom in the vault: Obsidian abused to deliver PhantomPulse RATElastic Security Labs uncovers a novel social engineering campaign that abuses the popular note-taking application, Obsidian's legitimate community plugin ecosystem. The campaign, which we track as REF6598, targets individuals in the financial and cryptocurrency sectors through e…ELASTIC.CO
14 AprChatGPT under scrutiny as Florida investigates campus shootingNew cases and research suggest AI chatbots don’t always shut down dangerous conversations.MALWAREBYTES.COM
14 AprSicherheitslücke: wolfSSL-Bibliothek winkt manipulierte Zertifikate durchEin Sicherheitsupdate schließt unter anderem eine kritische Lücke in wolfSSL.HEISE.DE
14 AprRockstar Games: Kriminelle Gang veröffentlicht DatenDie kriminelle Bande ShinyHunters hat die Daten aus einem Cyberangriff auf Rockstar Games veröffentlicht. Der „GTA“-Entwickler wollte kein Lösegeld zahlen.HEISE.DE
14 AprLinux 7.0 erschienen – mehr als ein NummernsprungDer neue Linux-Kernel 7.0 bringt selbstheilende Dateisysteme, sorgt für robusteren Code und heißt Rust als nicht-experimentelles Feature willkommen.HEISE.DE
14 AprSAP-Patchday: Eine kritische SQL-Injection-Lücke – und 18 weitereAm April-Patchday behandelt SAP Schwachstellen mit 19 Sicherheitsnotizen. Eine kritische erlaubt das Einschleusen von SQL-Befehlen.HEISE.DE
14 AprScaling MCP adoption: Our reference architecture for simpler, safer and cheaper enterprise deployments of MCPWe share Cloudflare's internal strategy for governing MCP using Access, AI Gateway, and MCP server portals. We also launch Code Mode to slash token costs and recommend new rules for detecting Shadow MCP in Cloudflare Gateway.CLOUDFLARE.COM
14 AprManaged OAuth for Access: make internal apps agent-ready in one clickManaged OAuth for Cloudflare Access helps AI agents securely navigate internal applications. By adopting RFC 9728, agents can authenticate on behalf of users without using insecure service accounts.CLOUDFLARE.COM
14 AprGoogle Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance SecurityGoogle has announced the integration of a Rust-based Domain Name System (DNS) parser into the modem firmware as part of its ongoing efforts to beef up the security of Pixel devices and push memory-safe code at a more foundational level. "The new Rust-based DNS parser signifi…THEHACKERNEWS.COM
14 AprUK gov's Mythos AI tests help separate cybersecurity threat from hypeNew model is the first AI system to complete a difficult multi-step infiltration challenge.ARSTECHNICA.COM
13 AprScans for EncystPHP Webshell, (Mon, Apr 13th)Last week, I wrote about attackers scanning for various webshells, hoping to find some that do not require authentication or others that use well-known credentials. But some attackers are paying attention and are deploying webshells with more difficult-to-guess credentials. Today…ISC.SANS.EDU
13 AprFBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud AttemptsThe U.S. Federal Bureau of Investigation (FBI), in partnership with the Indonesian National Police, has dismantled the infrastructure associated with a global phishing operation that leveraged an off-the-shelf toolkit called W3LL to steal thousands of victims' account creden…THEHACKERNEWS.COM
13 AprFBI announces takedown of phishing operation that targeted thousands of victimsCybercriminals allegedly used the W3LL phishing kit to target more than 17,000 victims worldwide, stealing their passwords and multi-factor authentication codes.TECHCRUNCH.COM
13 AprThe Iran War: What You Need to KnowInsikt Group tracks the cyber, physical, and geopolitical components of the US-Israeli strikes on Iran — with continuously updated threat analysis and scenarios.RECORDEDFUTURE.COM
13 AprHackers access Booking.com user data, company secures systemsHackers accessed some Booking.com user data, including names, emails, phone numbers, and booking details. The issue is now contained. Booking.com warned that hackers may have accessed customer data linked to travel reservations. Exposed details could include names, email addresse…SECURITYAFFAIRS.COM
13 AprKI-Betrug: Deutsche überschätzen ihre Fähigkeit, Deepfakes zu entlarvenEine Sonderauswertung des Cybersicherheitsmonitor von BSI und ProPK zeigt gefährliche Wissenslücken beim Erkennen von KI-Manipulationen und Online-Anlagebetrug.HEISE.DE
13 AprFitnesskette Basic-Fit: Rund eine Million Mitglieder von Datenleck betroffenBei einem IT-Vorfall haben sich Unbekannte Zugriff auf das System von Basic-Fit verschafft und dabei persönliche Informationen abgegriffen.HEISE.DE
13 AprSSL-Konfigurationsfehler gefährdet VMware Tanzu Spring Cloud GatewayEin Sicherheitsupdate schließt eine Lücke im API-Gateway VMware Tanzu Spring Cloud Gateway.HEISE.DE
13 AprAngreifer attackieren Python-Notebook MarimoAufgrund von zurzeit laufenden Attacken sollten Softwareentwickler Marimo zügig auf den aktuellen Stand bringen.HEISE.DE
12 AprFrontier artificial intelligenceThis publication provides your organization with additional details on frontier AI, the associated risks and suggested mitigation measures to enhance your cyber security posture.CYBER.GC.CA
12 AprRockstar bestätigt Cyberangriff und DatendiebstahlDie bekannte Cybercrime-Gruppe Shiny Hunters erpresst Rockstar Games auf ihrer Webseite. Rockstar bestätigt einen Cybervorfall.HEISE.DE
11 AprJetzt patchen! Adobe veröffentlicht Notfall-Sicherheitsupdate für Acrobat ReaderAngreifer nutzen eine kritische Schwachstelle in Adobe Acrobat Reader aus. Nun ist ein Sicherheitspatch für macOS und Windows erschienen.HEISE.DE
11 AprEinzelhändler frustriert über strenge Regeln bei KI-KamerasEine Studie von Ibi Research und der DIHK zeigt: Händler setzen auf KI-Kameras, fühlen sich aber durch die DSGVO und mangelnde Strafverfolgung ausgebremst.HEISE.DE
11 AprUS-Regierung traf sich vor Mythos-Preview-Rollout mit KI-HerstellernVor dem Mythos-Preview-Rollout diese Woche sprachen Regierungsvertreter mit den großen KI-Herstellern. Derweil testen US-Banken die neue KI.HEISE.DE
10 AprGoogle Rolls Out DBSC in Chrome 146 to Block Session Theft on WindowsGoogle has made Device Bound Session Credentials (DBSC) generally available to all Windows users of its Chrome web browser, months after it began testing the security feature in open beta. The public availability is currently limited to Windows users on C…THEHACKERNEWS.COM
10 AprGoogle rolls out Gmail end-to-end encryption on mobile devicesGoogle says Gmail end-to-end encryption (E2EE) is now available on all Android and iOS devices, allowing enterprise users to read and compose emails without additional tools. [...]BLEEPINGCOMPUTER.COM
10 AprBrowser Extensions Are the New AI Consumption Channel That No One Is Talking AboutWhile much of the discussion on AI security centers around protecting ‘shadow’ AI and GenAI consumption, there's a wide-open window nobody's guarding: AI browser extensions. A new report from LayerX exposes just how deep this blind spot goes, and wh…THEHACKERNEWS.COM
10 AprGlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEsCybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that's designed to stealthily infect all integrated development environments (IDEs) on a developer's machine. The technique has been discovere…THEHACKERNEWS.COM
10 AprFrance to ditch Windows for Linux to reduce reliance on US techFrance's move to ditch Windows for Linux is its latest effort to reduce its reliance on American tech giants.TECHCRUNCH.COM
10 AprHow to protect your organization from AirSnitch Wi-Fi vulnerabilities | Kaspersky official blogPractical recommendations for Wi-Fi network isolation and defending against all AirSnitch-style attacks.KASPERSKY.COM
10 AprChatGPT rolls out new $100 Pro subscription to challenge ClaudeOpenAI has rolled out a new Pro subscription that costs $100 and is in line with Claude's pricing, which also has a $100 subscription, in addition to the $200 Max monthly plan. [...]BLEEPINGCOMPUTER.COM
10 AprRecovery scammers hit you when you’re down: Here’s how to avoid a second strikeIf you’ve been the victim of fraud, you’re likely already a lead on a ‘sucker list’ – and if you’re not careful, your ordeal may be about to get worse.WELIVESECURITY.COM
10 AprAI and cryptocurrency scams are costing Americans billions, FBI reportsThe fraud landscape has been changed by AI and cryptocurrency in a way that should concern organisations and individuals alike. Read more in my article on the Fortra blog.FORTRA.COM
10 Apr[webapps] D-Link DIR-650IN - Authenticated Command InjectionD-Link DIR-650IN - Authenticated Command InjectionEXPLOIT-DB.COM
10 AprClickFix finds a new way to infect MacsClickFix campaigns have found a way around macOS Tahoe's warnings against pasting commands in the Terminal. They're using Script Editor instead.MALWAREBYTES.COM
10 ApriOS: Gelöschte Signal-Daten von FBI via Benachrichtigungsdatenbank extrahiertTrotz der Tatsache, dass eine Verdächtige die gesamte App entfernt hatte, konnten FBI-Forensiker noch Signal-Nachrichten finden. Sie verwendeten einen Trick.HEISE.DE
10 AprFrankreichs Plan: Weg von Windows, hin zu LinuxFrankreichs Verwaltung soll weg von Windows und US-Tools: Die Regierung legt einen konkreten Fahrplan für digitale Souveränität vor.HEISE.DE
10 AprGoogle Chrome macht Cookie-Klau unter Windows sinnlosCyberangreifer sehen es auf Session-Cookies ab, mit denen sie Zugang erhalten. Google aktiviert in Chrome für Windows nun einen Schutz. macOS folgt.HEISE.DE
10 AprPornografische KI-Plattform MyLovely.ai: Datenleck von 106.000 KontenBei der pornografischen "KI-Freundin"-Plattform MyLovely.ai haben Kriminelle Daten von 106.000 Zugängen abgegriffen. Die sind nun im Darknet.HEISE.DE
9 AprNumber Usage in Passwords: Take Two, (Thu, Apr 9th)In a previous diary [1], we looked to see how numbers were used within passwords submitted to honeypots. One of the items of interest was how dates, and more specifically years, were represented within the data and how that changed over time. It is often seen that years…ISC.SANS.EDU
9 AprThe Hidden Security Risks of Shadow AI in EnterprisesAs AI tools become more accessible, employees are adopting them without formal approval from IT and security teams. While these tools may boost productivity, automate tasks, or fill gaps in existing workflows, they also operate outside the visibility of security teams, …THEHACKERNEWS.COM
9 AprFake BTS ARIRANG tour tickets: K-pop fans being targeted by scammers | Kaspersky official blogA BTS comeback and world-tour announcement has resulted in a new wave of scam campaigns. Kaspersky experts have discovered fraudulent websites that sell fake BTS tickets to fans all around the world. We explain what those fake pages look like, and how you can avoid getting scamme…KASPERSKY.COM
9 AprWhen attackers already have the keys, MFA is just another door to openStolen credentials turn authentication systems into the attack surface. Token shows how wearable biometric authentication verifies the user—not the session—blocking phishing relays and MFA bypass. [...]BLEEPINGCOMPUTER.COM
9 AprHacker stole £700,000 from U.K. energy company by redirecting paymentThe U.K. energy company said a redirected payment meant for a contractor instead landed in a hacker's bank account.TECHCRUNCH.COM
9 AprTearing down a car telematic unit (and finding an accident on Facebook)From hardware analysis to OSINT: how we retrieved information about a BYD car crash by analyzing the TCU embedded memory.QUARKSLAB.COM
9 AprThird-Party Risk Is an Intelligence Operation. It's Time We Treated It Like One.Recorded Future sees its inclusion in the 2026 Forrester Wave™ for Cybersecurity Risk Ratings Platforms as a reflection of a broader truth: the era of ratings-only vendor risk management is over.RECORDEDFUTURE.COM
9 AprScammers pose as Amazon support to steal your accountA new wave of Amazon refund scams is spreading, hitting both email inboxes and text messages.MALWAREBYTES.COM
9 AprNSFW app leak exposes 70,000 prompts linked to individual usersMyLovelyAI leaked personal data, explicit prompts, and images of over 100,000 users, exposing many to sextortion and doxxing.MALWAREBYTES.COM
9 Apr30,000 private Facebook images allegedly downloaded by Meta employeeThe accused didn't just browse around; he built a custom script designed to circumvent Meta's internal detection systems.MALWAREBYTES.COM
8 AprWeekly Threat Bulletin – April 8th, 2026These are the top threats you should know about this week.F5.COM
8 AprMicrosoft rolls out fix for broken Windows Start Menu searchMicrosoft has pushed a server-side fix for a known issue that broke the Windows Start Menu search feature on some Windows 11 23H2 devices. [...]BLEEPINGCOMPUTER.COM
8 AprShrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, decentralized teams, machine identities, and autonomous systems.&nb…THEHACKERNEWS.COM
8 AprIs a $30,000 GPU Good at Password Cracking?A $30,000 AI GPU doesn't outperform consumer GPUs at password cracking. Specops explains why attackers don't need exotic hardware to break weak passwords. [...]BLEEPINGCOMPUTER.COM
8 AprFinal 3 days to save up to $500 on your TechCrunch Disrupt 2026 passSave up to $500 on your TechCrunch Disrupt 2026 pass until April 10, 11:59 p.m. PT. Secure your spot at the center of the tech ecosystem. Register here.TECHCRUNCH.COM
8 AprMore Honeypot Fingerprinting Scans, (Wed, Apr 8th)One question that often comes up when I talk about honeypots: Are attackers able to figure out if they are connected to a honeypot? The answer is pretty simple: Yes!
ISC.SANS.EDU
8 AprHardening security management console settings | Kaspersky official blogA complete checklist for strengthening security in the Kaspersky Security Center console.KASPERSKY.COM
8 Apr[local] Microsoft MMC MSC EvilTwin - Local Admin CreationMicrosoft MMC MSC EvilTwin - Local Admin CreationEXPLOIT-DB.COM
8 AprYour extensions leak clues about you, so we made sure Browser Guard doesn’tYour browser extensions can be used to build a profile of you for advertisers and scammers. We're making sure our Browser Guard extension stays private.MALWAREBYTES.COM
8 AprTimeshare owners warned to watch out for cartel-linked scamsAuthorities warn that Mexican drug cartels are targeting timeshare owners with advance-fee fraud. Here’s what to watch for.MALWAREBYTES.COM
7 AprCybersecurity in the Age of Instant SoftwareAI is rapidly changing how software is written, deployed, and used. Trends point to a future where AIs can write custom software quickly and easily: “instant software.” Taken to an extreme, it might become easier for a user to have an AI write an application on demand—a spr…SCHNEIER.COM
7 AprAnthropic debuts preview of powerful new AI model Mythos in new cybersecurity initiativeThe new model will be used by a small number of high-profile companies to engage in defensive cybersecurity work.TECHCRUNCH.COM
7 AprCloudflare targets 2029 for full post-quantum securityRecent advances in quantum hardware and software have accelerated the timeline on which quantum attack might happen. Cloudflare is responding by moving our target for full post-quantum security to 2029.CLOUDFLARE.COM
7 AprTraffic violation scams swap links for QR codes to steal your card detailsPhishers are using QR codes on official-looking notices to level up their traffic and toll scams.MALWAREBYTES.COM
6 AprTicket savings of up to $500 this week for TechCrunch Disrupt 2026Starting today, you have 5 days to save nearly $500 on your ticket to TechCrunch Disrupt 2026. This offer disappears Friday, April 10, at 11:59 p.m. PT. Register here to secure these low rates.TECHCRUNCH.COM
6 AprDrift $280M crypto theft linked to 6-month in-person operationThe Drift Protocol says that the $280+ million hack it suffered last week was the result of a long-term, carefully planned operation that included building "a functioning operational presence inside the Drift ecosystem." [...]BLEEPINGCOMPUTER.COM
6 AprDPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South KoreaThreat actors likely associated with the Democratic People's Republic of Korea (DPRK) have been observed using GitHub as command-and-control (C2) infrastructure in multi-stage attacks targeting organizations in South Korea. The attack chain, per Fortinet Forti…THEHACKERNEWS.COM
6 AprMicrosoft removes Support and Recovery Assistant from WindowsMicrosoft has deprecated and removed the Support and Recovery Assistant (SaRA) command-line utility from all in-support versions of Windows updates starting March 10. [...]BLEEPINGCOMPUTER.COM
6 AprMicrosoft fixes Classic Outlook bug causing email delivery issuesMicrosoft has resolved a known issue that was preventing some Classic Outlook users from sending emails via Outlook.com. [...]BLEEPINGCOMPUTER.COM
6 AprAnthropic Claude Mythos Preview: The More Capable AI Becomes, the More Security It NeedsCROWDSTRIKE.COM
6 Apr[webapps] Fortinet FortiWeb v8.0.1 - Auth BypassFortinet FortiWeb v8.0.1 - Auth BypassEXPLOIT-DB.COM
6 Apr[local] Windows Kernel - Elevation of PrivilegeWindows Kernel - Elevation of PrivilegeEXPLOIT-DB.COM
6 Apr[webapps] Zhiyuan OA - arbitrary file upload leadingZhiyuan OA - arbitrary file upload leadingEXPLOIT-DB.COM
6 Apr[webapps] WordPress Madara - Local File InclusionWordPress Madara - Local File InclusionEXPLOIT-DB.COM
5 AprTraffic violation scams switch to QR codes in new phishing textsScammers are sending fake "Notice of Default" traffic violation text messages impersonating state courts across the U.S., pressuring recipients to scan a QR code that leads to a phishing site demanding a $6.99 payment while stealing personal and financial information. [...]BLEEPINGCOMPUTER.COM
5 Apr$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering OperationDrift has revealed that the April 1, 2026, attack that led to the theft of $285 million was the culmination of a months-long targeted and meticulously planned social engineering operation undertaken by the Democratic People's Republic of Korea (DPRK) that began in …THEHACKERNEWS.COM
4 AprDevice code phishing attacks surge 37x as new kits spread onlineDevice code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more than 37 times this year. [...]BLEEPINGCOMPUTER.COM
3 AprMan admits to locking thousands of Windows devices in extortion plotA former core infrastructure engineer has pleaded guilty to locking Windows admins out of 254 servers as part of a failed extortion plot targeting his employer, an industrial company headquartered in Somerset County, New Jersey. [...]BLEEPINGCOMPUTER.COM
3 AprMicrosoft still working to fix Exchange Online mailbox access issuesMicrosoft is investigating and working to resolve Exchange Online mailbox access issues that have intermittently affected Outlook mobile and macOS users for weeks. [...]BLEEPINGCOMPUTER.COM
3 AprLinkedIn secretely scans for 6,000+ Chrome extensions, collects dataA new report dubbed "BrowserGate" warns that Microsoft's LinkedIn is using hidden JavaScript scripts on its website to scan visitors' browsers for installed extensions and collect device data. [...]BLEEPINGCOMPUTER.COM
3 AprLinkedIn secretly scans for 6,000+ Chrome extensions, collects dataA new report dubbed "BrowserGate" warns that Microsoft's LinkedIn is using hidden JavaScript scripts on its website to scan visitors' browsers for installed extensions and collect device data. [...]BLEEPINGCOMPUTER.COM
3 AprDay in the Life: Product Manager at Recorded FutureVentureFizz interviews Senior Product Manager Kyle Kohler on his role at Recorded FutureRECORDEDFUTURE.COM
3 AprHow AWS KMS and AWS Encryption SDK overcome symmetric encryption boundsIf you run high-scale applications that encrypt large volumes of data, you might be concerned about tracking encryption limits and rotating keys. This post explains how AWS Key Management Service (AWS KMS) and the AWS Encryption SDK handle Advanced Encryption Standard in Galois C…AWS.AMAZON.COM
3 AprThat dream job offer from Coca-Cola or Ferrari? It’s a trap for your passwordsWe uncovered two job scams posing as legitimate offers from Coca-Cola and Ferrari that could pry into Google and Facebook accounts.MALWAREBYTES.COM
3 AprBlocking children from social media is a badly executed good ideaGovernments are each inventing their own flavor of an age based ban for social media. Is the cure worse than the disease?MALWAREBYTES.COM
2 AprMicrosoft links Classic Outlook issue to email delivery problemsMicrosoft is investigating a known issue that prevents some Classic Outlook users from sending emails via Outlook.com. [...]BLEEPINGCOMPUTER.COM
2 AprCritical Cisco IMC auth bypass gives attackers Admin accessCisco has patched several critical and high-severity vulnerabilities, including an Integrated Management Controller (IMC) authentication bypass that enables attackers to gain Admin access. [...]BLEEPINGCOMPUTER.COM
2 AprSuggested organizational security and privacy control and activity profile — Medium impact (ITSP.10.033-01)CYBER.GC.CA
2 AprResidential proxies evaded IP reputation checks in 78% of 4B sessionsResearchers warn that residential proxies used to route malicious traffic are a big problem for IP reputation systems, as there is no clear distinction between attackers and legitimate users. [...]BLEEPINGCOMPUTER.COM
2 AprMoney transfer app Duc exposed thousands of driver’s licenses and passports to the open webAn exposed Amazon-hosted server allowed anyone to access reams of customer data without needing a password.TECHCRUNCH.COM
2 AprLatin America and the Caribbean Cybercrime LandscapeThis report provides an overview of trends and developments in the cybercriminal ecosystem of Latin America and the Caribbean (LAC) in 2025.RECORDEDFUTURE.COM
2 AprPrioritizing Alerts Triage with Higher-Order Detection RulesScaling SOC efficiency through multi-signal correlation and higher-order detection patterns.ELASTIC.CO
1 AprWeekly Threat Bulletin – April 1st, 2026These are the top threats you should know about this week.F5.COM
1 AprNew Windows 11 emergency update fixes preview update install issuesMicrosoft released an emergency update to fix the March 2026 KB5079391 non-security preview update, which was pulled over the weekend due to installation issues. [...]BLEEPINGCOMPUTER.COM
1 AprFBI warns against using Chinese mobile apps due to privacy risksThe U.S. Federal Bureau of Investigation (FBI) warned Americans against using foreign-developed mobile applications, particularly those created by Chinese developers. [...]BLEEPINGCOMPUTER.COM
1 AprBlock the Prompt, Not the Work: The End of "Doctor No"There is a character that keeps appearing in enterprise security departments, and most CISOs know exactly who that is. It doesn’t build. It doesn’t enable. Its entire function is to say "No." No to ChatGPT. No to DeepSeek. No to the file-sharing tool the product team …THEHACKERNEWS.COM
1 AprNew EvilTokens service fuels Microsoft device code phishing attacksA new malicious kit called EvilTokens integrates device code phishing capabilities, allowing attackers to hijack Microsoft accounts and provide advanced features for business email compromise attacks. [...]BLEEPINGCOMPUTER.COM
1 AprDe-fi platform Drift suspends deposits and withdrawals after millions in crypto stolen in hackBlockchain trackers put the cryptocurrency heist in the hundreds of millions of dollars and is already on track to be the largest crypto theft in 2026 so far.TECHCRUNCH.COM
1 AprDigital assets after death: Managing risks to your loved one’s digital estateFraudsters often target the accounts of the deceased or their grieving relatives. Here’s how to keep the scammers at bay.WELIVESECURITY.COM
1 AprIndustrialization of the Fraud Ecosystem BlogPayment fraud has industrialized, and that's a defensive advantage. Learn how standardized attack infrastructure creates detectable patterns that financial institutions can act on before losses occur.RECORDEDFUTURE.COM
31 MarHow to Categorize AI Agents and Prioritize RiskAI agent risk isn't equal, it scales with access to systems and level of autonomy. Token Security explains how CISOs should categorize agents and prioritize what to secure first. [...]BLEEPINGCOMPUTER.COM
31 MarMicrosoft fixes Outlook Classic crashes caused by Teams Meeting add-inMicrosoft has resolved a known issue that rendered the classic Outlook email client unusable for users who enabled the Microsoft Teams Meeting Add-in. [...]BLEEPINGCOMPUTER.COM
31 MarHacker charged with stealing $53 million from Uranium crypto exchangeU.S. prosecutors have charged a Maryland man with stealing more than $53 million after hacking the Uranium Finance crypto exchange twice and laundering the proceeds through a cryptocurrency mixer. [...]BLEEPINGCOMPUTER.COM
31 MarHealth data giant CareCloud says hackers accessed patients’ medical recordsCareCloud, a major provider of medical records storage, said hackers accessed one of its repositories of patient data earlier in March. It provides technology for more than 45,000 providers covering millions of patients.TECHCRUNCH.COM
31 MarTrendAI™ Research at RSAC 2026: Advancing Defense Across AI‑Driven and Cyber‑Physical ThreatsTrendAI™ Research explored agentic AI cybercrime and EV infrastructure security through two research sessions at RSAC 2026.TRENDMICRO.COM
31 MarQBDI vs TritonDSE against a VM: who will be the fastest?In this blog, we present how QBDI and TritonDSE can be used to attack a complex C++ binary implementing a VM.QUARKSLAB.COM
31 MarThe Real Risk of VibecodingThis blog looks at how AI‑driven vibecoding speeds up software development while increasing security risk by outpacing traditional review and ownership. It explains why security needs to move earlier and be built into modern development workflows.TRENDMICRO.COM
31 MarGIGABYTE Control Center vulnerable to arbitrary file write flawThe GIGABYTE Control Center is vulnerable to an arbitrary file-write flaw that could allow a remote, unauthenticated attacker to access files on vulnerable hosts. [...]BLEEPINGCOMPUTER.COM
31 MarProton launches new "Meet" privacy-focused conferencing platformProton has announced a new video conferencing service named Meet and positioned it as a privacy-focused alternative to mainstream services like Google Meet, Zoom, and Microsoft Teams. [...]BLEEPINGCOMPUTER.COM
31 MarGoogle now allows you to change your @gmail.com addressGoogle is rolling out a new feature that allows you to change your @gmail address or create a new alias. [...]BLEEPINGCOMPUTER.COM
31 MarThis month in security with Tony Anscombe – March 2026 editionThe past four weeks have seen a slew of new cybersecurity wake-up calls that showed why every organization needs a well-thought-out cyber-resilience planWELIVESECURITY.COM
31 MarAWS Security Agent on-demand penetration testing now generally availableAWS Security Agent on-demand penetration testing is now generally available, enabling you to run comprehensive security tests across all your applications, not only your most critical ones. This milestone transforms penetration testing from a periodic bottleneck into an on-demand…AWS.AMAZON.COM
31 MarFake Installers to Monero: A Multi-Tool Mining OperationElastic Security Labs dissects a long-running operation deploying RATs, cryptominers, and CPA fraud through fake installer lures, tracking its evolution across campaigns and Monero payouts.ELASTIC.CO
30 MarApple adds macOS Terminal warning to block ClickFix attacksApple has introduced a security feature in macOS Tahoe 26.4 that blocks pasting and executing potentially harmful commands in Terminal and alerts users to possible risks. [...]BLEEPINGCOMPUTER.COM
30 MarHow to Evaluate AI SOC Agents: 7 Questions Gartner Says You Should Be AskingAI SOC agents can reduce alert fatigue, but most teams fail to measure real outcomes. Prophet Security breaks down Gartner's questions for evaluating AI SOC agents and separating real impact from hype. [...]BLEEPINGCOMPUTER.COM
30 MarMicrosoft pulls KB5079391 Windows update over install issuesMicrosoft has pulled a buggy Windows 11 non-security preview update to investigate a known issue that triggers 0x80073712 errors during installation. [...]BLEEPINGCOMPUTER.COM
30 Mar3 SOC Process Fixes That Unlock Tier 1 ProductivityWhat is really slowing Tier 1 down: the threat itself or the process around it? In many SOCs, the biggest delays do not come from the threat alone. They come from fragmented workflows, manual triage steps, and limited visibility early in the investigation. Fixing those process ga…THEHACKERNEWS.COM
30 MarRussian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP TunnelsCybersecurity researchers have discovered a remote access toolkit of Russian-origin that's distributed via malicious Windows shortcut (LNK) files that are disguised as private key folders. The CTRL toolkit, according to Censys, is custom-built using .NET and includes various exec…THEHACKERNEWS.COM
30 MarThe State of Secrets Sprawl 2026: 9 Takeaways for CISOsSecrets sprawl isn't slowing down: in 2025, it accelerated faster than most security teams anticipated. GitGuardian's State of Secrets Sprawl 2026 report analyzed billions of commits across public GitHub and uncovered 29 million new hardcoded secrets in 2025 alone, a 34% increase…THEHACKERNEWS.COM
30 MarDShield (Cowrie) Honeypot Stats and When Sessions Disconnect, (Mon, Mar 30th)A lot of the information seen on DShield honeypots [1] is repeated bot traffic, especially when looking at the Cowrie [2] telnet and SSH sessions. However, how long a session lasts, how many commands are run per session and what the last commands run before a …ISC.SANS.EDU
30 MarApple will hide your email address from apps and websites, but not copsDemands for Apple customer records by federal agents in recent months underscore the privacy limitations of email.TECHCRUNCH.COM
30 MarAn iron curtain for AI: how to improve autonomous AI agent security | Kaspersky official blogThe IronCurtain project offers a new approach to AI agent security: virtual machine isolation and action control via security policies.KASPERSKY.COM
27 MarWindows 11 KB5079391 update rolls out Smart App Control improvementsMicrosoft has released the KB5079391 preview cumulative update for Windows 11 24H2 and 25H2, which includes 29 changes, such as Smart App Control and Display improvements. [...]BLEEPINGCOMPUTER.COM
27 MarAnti-piracy coalition takes down AnimePlay app with 5 million usersThe Alliance for Creativity and Entertainment (ACE) announced the shutdown of AnimePlay, a major anime streaming platform with over 5 million users. [...]BLEEPINGCOMPUTER.COM
27 MarWe Are At WarRising geopolitical tensions are reflected (or in some cases preceded) by cyber operations, while technology itself has become politicized. Let’s admit it: we are in the middle of it. Introduction: One tech power to rule them all is a thing of the past The relative sa…THEHACKERNEWS.COM
27 MarAgentic GRC: Teams Get the Tech. The Mindset Shift Is What's Missing.Agentic GRC automates workflows, forcing teams to rethink their role beyond operations. Anecdotes explains why the biggest challenge is shifting from execution to risk leadership. [...]BLEEPINGCOMPUTER.COM
27 MarMost notable supply-chain attacks of 2025 | Kaspersky official blogA look at the most significant supply-chain attacks of 2025, and their impact on target organizations.KASPERSKY.COM
27 MarRSAC 2026 wrap-up – Week in security with Tony AnscombeThis year, AI agents took the center stage – as a defensive capability, but more pressingly as a risk many organizations haven't caught up withWELIVESECURITY.COM
27 MarA cunning predator: How Silver Fox preys on Japanese firms this tax seasonSilver Fox is back in Japan, spoofing tax and HR emails timed to the one season when no one thinks twice about opening themWELIVESECURITY.COM
26 MarMasters of Imitation: How Hackers and Art Forgers Perfect the Art of DeceptionUnmasking impostors is something the art world has faced for decades, and there are valuable lessons from the works of Elmyr de Hory that can apply to the world of defensive cybersecurity. During the 1960s, de Hory gained infamy as a premier forger, passing off counterfeit master…THEHACKERNEWS.COM
26 MarThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More StoriesSome weeks in security feel loud. This one feels sneaky. Less big dramatic fireworks, more of that slow creeping sense that too many people are getting way too comfortable abusing things they probably shouldn’t even be touching. There’s a little bit of everything in t…THEHACKERNEWS.COM
26 MarConntour raises $7M from General Catalyst, YC to build an AI search engine for security video systemsConntour uses AI models to let security teams query camera feeds using natural language to find any object, person, or situation.TECHCRUNCH.COM
26 MarInside a Modern Fraud Attack: From Bot Signups to Account TakeoversMulti-stage fraud attacks chain bots, proxies, and stolen credentials from signup to takeover. IPQS shows why correlating IP, device, identity, and behavior is critical to stop it. [...]BLEEPINGCOMPUTER.COM
26 MarWhatsApp rolls out more AI features, iOS multi-account supportWhatsApp is rolling out multiple features designed to make the app easier to use, including AI-powered message replies and photo retouching, support for two accounts on iOS, and chat history transfer between iOS and Android devices. [...]BLEEPINGCOMPUTER.COM
26 MarA major hacking tool has leaked online, putting millions of iPhones at risk. Here’s what you need to knowHere’s what we know, and what you need to know, about Coruna and DarkSword, two advanced iPhone hacking tools discovered by security researchers. DarkSword has now leaked online.TECHCRUNCH.COM
26 MarWorld Leaks data extortion: What you need to knowWorld Leaks is a cyber extortion operation that steals sensitive data from organizations and threatens to leak it via the dark web if a ransom is not paid. Read more in my article on the Fortra blog.FORTRA.COM
26 MarPreparing for agentic AI: A financial services approachDeploying agentic AI in financial services requires additional security controls that address AI-specific risks. This post walks you through comprehensive observability and fine-grained access controls—two critical capabilities for maintaining explainability and accountability in…AWS.AMAZON.COM
25 MarWeekly Threat Bulletin – March 25th, 2026These are the top threats you should know about this week.F5.COM
25 MarSmartApeSG campaign pushes Remcos RAT, NetSupport RAT, StealC, and Sectop RAT (ArechClient2), (Wed, Mar 25th)Introduction
ISC.SANS.EDU
25 MarHow one man used 10,000 bots to steal $8,000,000 from music artistsA man has pleaded guilty to defrauding online music streaming platforms out of more than US $8 million, after creating hundreds of thousands of songs with AI, and then using bots to play them billions of times. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
25 MarTP-Link warns users to patch critical router auth bypass flawTP-Link has patched several vulnerabilities in its Archer NX router series, including a critical-severity flaw that may allow attackers to bypass authentication and upload new firmware. [...]BLEEPINGCOMPUTER.COM
25 MarDevice Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth AbuseCybersecurity researchers are calling attention to an active device code phishing campaign that's targeting Microsoft 365 identities across more than 340 organizations in the U.S., Canada, Australia, New Zealand, and Germany. The activity, per Huntress, was first spotted on Febru…THEHACKERNEWS.COM
25 MarKali Linux 2026.1 released with 8 new tools, new BackTrack modeKali Linux 2026.1, the first release of the year, is now available for download, featuring 8 new tools, a theme refresh, and a new BackTrack mode for Kali-Undercover. [...]BLEEPINGCOMPUTER.COM
25 MarJoint guidance on securing space and cyber security for low earth orbit satellite communicationsThis joint guidance is intended for users of LEO SATCOM services. It highlights the key cyber security risks and mitigation strategies to support informed decision-making.CYBER.GC.CA
25 MarVirtual machines, virtually everywhere – and with real security gapsCloud VMs offer unmatched speed, scale and flexibility – all of which could eventually count for little if they’re left to fend for themselvesWELIVESECURITY.COM
24 MarThe Hidden Cost of Cybersecurity Specialization: Losing Foundational SkillsCybersecurity has changed fast. Roles are more specialized, and tooling is more advanced. On paper, this should make organizations more secure. But in practice, many teams struggle with the same basic problems they faced years ago: unclear risk priorities, misaligned tooling…THEHACKERNEWS.COM
24 MarGhost Campaign Uses 7 npm Packages to Steal Crypto Wallets and CredentialsCybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive data. The activity is being tracked by ReversingLabs as the Ghost campaign. The list of identified packages, all published by a user named …THEHACKERNEWS.COM
24 Mar5 Learnings from the First-Ever Gartner Market Guide for Guardian AgentsOn February 25, 2026, Gartner published its inaugural Market Guide for Guardian Agents, marking an important milestone for this emerging category. For those unfamiliar with the various Gartner report types, “a Market Guide defines a market and explains what clients can expect it …THEHACKERNEWS.COM
24 MarBubble’s role in phishing scams | Kaspersky official blogThe Tycoon phishing kit has introduced new functionality to create redirect web apps with the help of Bubble.KASPERSKY.COM
24 MarZero Trust: Bridging the Gap Between Authentication and TrustPassing MFA doesn't mean a session is safe, attackers can hijack tokens and bypass identity checks. Specops Software explains why Zero Trust must verify both user identity and device health. [...]BLEEPINGCOMPUTER.COM
24 MarFCC bans import of new consumer routers made overseas, citing security risksThe FCC ban will affect the import of all new, foreign-made consumer routers, the agency's head Brendan Carr said.TECHCRUNCH.COM
24 MarMicrosoft fixes bug causing Classic Outlook sync issues with GmailMicrosoft has fixed a known issue causing Gmail and Yahoo email synchronization and connection problems for classic Outlook users. [...]BLEEPINGCOMPUTER.COM
24 MarHackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto MinerAn ongoing phishing campaign is targeting French-speaking corporate environments with fake resumes that lead to the deployment of cryptocurrency miners and information stealers. "The campaign uses highly obfuscated VBScript files disguised as resume/CV documents, delivered throug…THEHACKERNEWS.COM
24 MarFirefox now has a free built-in VPN with 50GB monthly data limitMozilla released Firefox 149 with added privacy protection through a built-in VPN tool offering up to 50GB of monthly traffic. [...]BLEEPINGCOMPUTER.COM
24 MarFCC bans new routers made outside the USA over security risksThe Federal Communications Commission has updated its Covered List to include all consumer routers made in foreign countries, banning the sale of new models in the U.S. [...]BLEEPINGCOMPUTER.COM
24 MarCrowdStrike Advances CNAPP with Industry-First Adversary-Informed Risk PrioritizationCROWDSTRIKE.COM
24 MarSecurity Automation with Elastic Workflows: From Alert to ResponseA practical guide to building intelligent, automated security playbooks with Elastic Workflows.ELASTIC.CO
24 MarStreamlining the Security Analyst ExperienceAlert Triage, Investigation, and Response with Elastic's Agentic Security Operations Platform.ELASTIC.CO
24 MarSupercharge Your SOCDetection Engineering in the Era of AI Agents - The New Frontier.ELASTIC.CO
23 MarTrivy supply-chain attack spreads to Docker, GitHub reposThe TeamPCP hackers behind the Trivy supply-chain attack continued to target Aqua Security, pushing malicious Docker images and hijacking the company's GitHub organization to tamper with dozens of repositories. [...]BLEEPINGCOMPUTER.COM
23 MarVaronis Atlas: Securing AI and the Data That Powers ItAI agents can access data directly, making data security the foundation of AI security. Learn more about how Varonis Atlas helps orgs see, secure, and control AI systems and the data they can reach. [...]BLEEPINGCOMPUTER.COM
23 MarMicrosoft Exchange Online service change causes email access issuesMicrosoft is working to address an ongoing service issue that has intermittently prevented some users from accessing their cloud-based Exchange Online mailboxes via Outlook mobile and Mac desktop clients since Thursday. [...]BLEEPINGCOMPUTER.COM
23 MarNew KB5085516 emergency update fixes Microsoft account sign-inMicrosoft has released an emergency update to address a major issue that breaks sign-ins with Microsoft accounts across multiple Microsoft apps, including Teams and OneDrive. [...]BLEEPINGCOMPUTER.COM
23 MarRussian authorities block paywall removal site Archive.todayA notice on the popular paywall-bypass website Archive.today said that access is blocked "by decision of [Russian] public authorities."TECHCRUNCH.COM
23 MarTeamPCP deploys Iran-targeted wiper in Kubernetes attacksThe TeamPCP hacking group is targeting Kubernetes clusters with a malicious script that wipes all machines when it detects systems configured for Iran. [...]BLEEPINGCOMPUTER.COM
23 MarTool updates: lots of security and logic fixes, (Mon, Mar 23rd)So, I&#;x26;#;39;ve been slow to get on the Claude Code/OpenCode/Codex/OpenClaw bandwagon, but I had some time last week so I asked Claude to review ( /security-review ) some of my python scripts. He found more than I&#;x26;#;39&…ISC.SANS.EDU
23 MarTycoon2FA phishing platform returns after recent police disruptionThe Tycoon2FA phishing-as-a-service (PhaaS) platform that Europol and partners disrupted on March 4 has already returned to previously observed activity levels. [...]BLEEPINGCOMPUTER.COM
23 MarOpenAI rolls out ChatGPT Library to store your personal filesOpenAI is rolling out a new feature called 'Library' for ChatGPT, which allows you to store your personal files or images on OpenAI's cloud storage, so you can reference those items in a future chat. [...]BLEEPINGCOMPUTER.COM
21 MarGoogle adds ‘Advanced Flow’ for safe APK sideloading on AndroidGoogle has announced a new mechanism in Android called Advanced Flow that will allow sideloading APKs from unverified developers for power users in a more secure way. [...]BLEEPINGCOMPUTER.COM
21 MarMicrosoft Azure Monitor alerts abused for callback phishing attacksMicrosoft Azure Monitor alerts are being abused to send callback phishing emails that impersonate warnings from the Microsoft Security Team about unauthorized charges on your account. [...]BLEEPINGCOMPUTER.COM
20 MarA French Navy officer accidentally leaked the location of an aircraft carrier by logging his run on StravaA French naval officer went on a run around the deck of the Charles de Gaulle aircraft carrier, inadvertently leaking the warship's location when he uploaded the workout to Strava.TECHCRUNCH.COM
20 MarLinux & Cloud Detection Engineering - TeamPCP Container Attack ScenarioThis publication provides a real-world walkthrough of TeamPCP's multi-stage container compromise, demonstrating how Elastic's D4C surfaces runtime signals across each stage of the attack chain.ELASTIC.CO
19 MarIndonesianFoods Spam Campaign: 89 000 junk packages in npmThe IndonesianFoods campaign saw attackers flood the npm registry with junk packages. We explore how it works, and how to safeguard enterprise development.KASPERSKY.COM
19 MarHow Ceros Gives Security Teams Visibility and Control in Claude CodeSecurity teams have spent years building identity and access controls for human users and service accounts. But a new category of actor has quietly entered most enterprise environments, and it operates entirely outside those controls. Claude Code, Anthropic's AI coding agent, is …THEHACKERNEWS.COM
19 MarMax severity Ubiquiti UniFi flaw may allow account takeoverUbiquiti has patched two vulnerabilities in the UniFi Network Application, including a maximum-severity flaw that may allow attackers to take over user accounts. [...]BLEEPINGCOMPUTER.COM
19 MarConsumer-focused privacy company Cloaked raises $375M as it expands to enterpriseCloaked's latest round is a mix of equity and growth funding.TECHCRUNCH.COM
19 MarCopyright Lures Mask a Multi‑Stage PureLog Stealer Attack on Key IndustriesWe look into a stealthy multi‑stage attack campaign that delivers PureLog Stealer entirely in memory using encrypted, fileless techniques.TRENDMICRO.COM
19 MarEDR killers explained: Beyond the driversESET researchers dive deeper into the EDR killer ecosystem, disclosing how attackers abuse vulnerable driversWELIVESECURITY.COM
19 MarFrom Invitation to Infection: How SILENTCONNECT Delivers ScreenConnectSILENTCONNECT is a multi-stage loader that leverages VBScript, in-memory PowerShell execution, and PEB masquerading to silently deploy the ScreenConnect RMM tool.ELASTIC.CO
18 MarWeekly Threat Bulletin – March 18th, 2026These are the top threats you should know about this week.F5.COM
18 MarWhy East-West Visibility Matters for Grid SecurityLearn how east-west traffic visibility helps detect and stop lateral movement attacks inside electric grid infrastructure and critical OT networks.TRENDMICRO.COM
18 MarProduct Walkthrough: How Mesh CSMA Reveals and Breaks Attack Paths to Crown JewelsSecurity teams today are not short on tools or data. They are overwhelmed by both. Yet within the terabytes of alerts, exposures, and misconfigurations – security teams still struggle to understand context: Q: Which exposures, misconfigurations, and vulnerabilities ch…THEHACKERNEWS.COM
18 MarClaude Code Security and Magecart: Getting the Threat Model RightWhen a Magecart payload hides inside the EXIF data of a dynamically loaded third-party favicon, no repository scanner will catch it – because the malicious code never actually touches your repo. As teams adopt Claude Code Security for static analysis, this is the exact technical …THEHACKERNEWS.COM
18 MarNordstrom's email system abused to send crypto scams to customersCustomers of upscale department store chain Nordstrom received fraudulent messages from a legitimate company email address that promoted cryptocurrency scams disguised as a St. Patrick's Day promotion. [...]BLEEPINGCOMPUTER.COM
18 MarFBI is buying location data to track US citizens, director confirmsFBI director Kash Patel told lawmakers that the agency is actively purchasing commercially available location data, which can track Americans without needing a warrant.TECHCRUNCH.COM
18 MarProofpoint Pursues FedRAMP High Authorization Process for Collaboration SecurityPROOFPOINT.COM
18 MarThe SOC Files: Time to “Sapecar”. Unpacking a new Horabot campaign in MexicoKaspersky SOC uncovered and analyzed a complex Horabot campaign in Mexico. In this article we share insights into how it is unleashed and how to hunt for this threat.SECURELIST.COM
17 MarMicrosoft: Enabling Teams Meeting add-in breaks Outlook ClassicMicrosoft is working to address a known issue that renders the classic Outlook email client unusable for users who have enabled the Microsoft Teams Meeting Add-in. [...]BLEEPINGCOMPUTER.COM
17 MarNew Windows 11 hotpatch fixes Bluetooth device visibility issueMicrosoft has released an emergency update to fix a Bluetooth device visibility issue on hotpatch-enabled Windows 11 Enterprise devices. [...]BLEEPINGCOMPUTER.COM
17 MarNew font-rendering trick hides malicious commands from AI toolsA new font-rendering attack causes AI assistants to miss malicious commands shown on webpages by hiding them in seemingly harmless HTML. [...]BLEEPINGCOMPUTER.COM
17 MarTop 5 Things CISOs Need to Do Today to Secure AI AgentsAI agents are autonomous actors with real access to data and systems, not just copilots. Token Security explains why identity-based access control is critical to prevent misuse and data exposure. [...]BLEEPINGCOMPUTER.COM
17 MarResearchers disclose vulnerabilities in IP KVMs from four manufacturersInternet-exposed devices that give BIOS-level access? What could possibly go wrong?ARSTECHNICA.COM
17 MarHow World ID wants to put a unique human identity on every AI agentIris-scan backed tokens could help stop agent swarms from overwhelming online systems.ARSTECHNICA.COM
17 MarAWS completes the second GDV community audit with participant insurers in GermanyWe’re excited to announce that Amazon Web Services (AWS) has completed its second GDV (German Insurance Association) community audit with 36 members from the Germany insurance industry participating, corresponding to over 63% coverage of the German market in terms of insurance pr…AWS.AMAZON.COM
16 MarMicrosoft pulls Samsung app blocking Windows C: drive from StoreMicrosoft has removed the Samsung Galaxy Connect app from the Microsoft Store because it was causing issues on specific Samsung Galaxy Book 4 and desktop models running Windows 11. [...]BLEEPINGCOMPUTER.COM
16 Mar/proxy/ URL scans with IP addresses, (Mon, Mar 16th)Attempts to find proxy servers are among the most common scans our honeypots detect. Most of the time, the attacker attempts to use a host header or include the hostname in the URL to trigger the proxy server forwarding the request. In some cases, common URL prefixes like "/proxy…ISC.SANS.EDU
16 MarShadow AI is everywhere. Here’s how to find and secure it.Shadow AI is quietly spreading across SaaS environments as employees adopt new AI tools without IT oversight. Nudge Security explains how security teams can discover AI apps, monitor usage, and govern risky AI activity. [...]BLEEPINGCOMPUTER.COM
16 MarWhen AI hallucinations turn fatal: how to stay grounded in reality | Kaspersky official blogA 36-year-old American man took his own life after two months of interacting with Gemini, with the chatbot reportedly pushing the concept of digital immortality. We explore why scenarios straight from Black Mirror are becoming a reality, and how to push back.KASPERSKY.COM
16 MarMicrosoft Exchange Online outage blocks access to mailboxesMicrosoft is working to address an ongoing Exchange Online outage that is preventing customers from accessing their mailboxes and calendars. [...]BLEEPINGCOMPUTER.COM
16 MarUK’s Companies House confirms security flaw exposed business dataCompanies House, a British government agency that operates the registry for all U.K. companies, says its WebFiling service is back online after it was closed on Friday to fix a security flaw that exposed companies' information since October 2025. [...]BLEEPINGCOMPUTER.COM
16 MarFree parking in Russia after Distributed Denial-of-Service attack knocks city’s parking system offlineDrivers in the Russian city of Perm have been enjoying an unexpected bonus this week: free parking. Not because the city council suddenly decided to embrace generosity - but rather because hackers succeeded in knocking the city's payment system offline. Read more in my article on…BITDEFENDER.COM
16 MarSecuring Autonomous AI Agents with TrendAI & NVIDIA OpenShellLearn how TrendAI and NVIDIA OpenShell help secure autonomous AI agents and build trusted enterprise AI systems with stronger visibility and control.TRENDMICRO.COM
15 MarWiz investor unpacks Google’s $32B acquisitionShardul Shah of Index Ventures walks us through Google's biggest acquisition ever.TECHCRUNCH.COM
15 MarOpenAI says ChatGPT ads are not rolling out globally for nowOpenAI told BleepingComputer that ChatGPT ads on Free and Go plans are not yet rolling out outside the United States, even though some users noticed references to ads in the updated privacy policy. [...]BLEEPINGCOMPUTER.COM