Technology Intelligence

Android Update Patches Exploited Zero-Day, 123 Other Vulnerabilities

Google says the Android vulnerability CVE-2025-48595 has been exploited in limited, targeted attacks. The post Android Update Patches Exploited Zero-Day, 123 Other Vulnerabilities appeared first on SecurityWeek .

PayWallet expands payout capabilities with TerraPay integration

TerraPay, a global money movement company, has partnered with PalWallet, a fintech infrastructure provider focused on stablecoin settlement, global payments infrastructure and embedded financial services, to help businesses move money across borders faster and more efficiently.

4h agoFinextra

CRITICALMalware

Attackers exploit Palo Alto GlobalProtect flaw days after disclosure

NVD CRITICAL: CVE-2026-9311 — IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execu...

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to remote code execution caused by the bypass of security controls.

CVE-2026-9311

21h agoNIST NVD

NVD CRITICAL: CVE-2026-8644 — IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing...

IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to identity spoofing.

CVE-2026-8644

21h agoNIST NVD

Microsoft's Zero-Day Legal Threats Spark Backlash

After a disgruntled security researcher published several zero-day exploits in recent weeks, Microsoft seemingly indicated criminal charges were in order.

21h agoDark Reading

NSA selects new leads for key cybersecurity posts

David Imbordino, an NSA senior executive who most recently led its cybersecurity directorate in an acting capacity, has been named as its new chief. Bruce Jones, a career NSA technical and operational leader, as the new head of its Cybersecurity Collaboration Center.

21h agoThe Record

WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites

The security defect (CVE-2026-8732) allows unauthenticated attackers to create administrative accounts on the affected installations. The post WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites appeared first on SecurityWeek .

CVE-2026-8732

22h agoSecurityWeek

Dashlane password manager users locked out by brute force attacks

Multiple Dashlane users have been locked out of their accounts following brute-force attacks that attempted logins from distant locations and unknown devices. [...]

22h agoBleepingComputer

Mastercard joins Tips cross-currency pilot

Mastercard is working with Denmark's and Sweden's central banks to pilot instant cross-currency payments on the Eurosystem’s Target Instant Payment Settlement (Tips) platform.

22h agoFinextra

USPS moving forward with mail-in ballot changes as courts weigh Trump’s election order

A judge said Democrats and civil groups filed the lawsuit too early to demonstrate harm, but that could change after newly proposed postal regulations. The post USPS moving forward with mail-in ballot changes as courts weigh Trump’s election order appeared first on CyberScoop .

22h agoCyberScoop

CRITICALSupply ChainPOC

Oracle’s first monthly patch release fixes 35 flaws, including 11 rated ‘critical’

Oracle has released the first security fixes in its new monthly Critical Security Patch Update (CSPU) cycle, designed to address urgent vulnerabilities that can’t wait for the company’s quarterly patching. The initial batch addresses 35 flaws, including several for which exploit code is publicly available. In total, there are 11 flaws rated ‘critical’ , 18 rated ‘high’, and 6 ‘medium’. The most im

Linux Copy Fail CVE-2026-31431: KEV Privilege Escalation on Shared Build Hosts

[object Object]

One of the more persistent myths in security is that old bug classes become old problems. They don’t. They just show up in different places, under different conditions, and usually at the exact moment we’ve convinced ourselves not to pay attention to them. That’s part of what makes enterprise voice infrastructure so interesting. Earlier this year, we wrote about a critical vulnerability in Grandst

CVE-2026-0826

1d agoRapid7

CVE-2026-0826: Critical unauthenticated stack buffer overflow in HP Poly VVX and Trio VoIP Phones (FIXED)

Overview Rapid7 Labs conducted a zero-day research project against an HP Poly VVX 450 Voice over Internet Protocol (VoIP) phone. This research resulted in the discovery of a critical unauthenticated stack-based buffer overflow vulnerability, CVE-2026-0826. A remote attacker can leverage CVE-2026-0826 to achieve unauthenticated remote code execution (RCE) with root privileges on a target device. Th

CVE-2026-0826

1d agoRapid7

Dragos Acquires xIoT Security Firm Phosphorus

Dragos said customers will soon gain expanded asset visibility and integrated device intelligence, with automated remediation workflows and a unified platform experience to follow. The post Dragos Acquires xIoT Security Firm Phosphorus appeared first on SecurityWeek .

1d agoSecurityWeek

Started my first writeup - Sherlock NeuroSync-D (CVE-2025-29927)

[object Object]

CVE-2025-29927

1d agor/cybersecurity

Critical Windows Netlogon RCE flaw now exploited in attacks

The Centre for Cybersecurity Belgium (CCB), the country's national authority for cybersecurity, warned on Friday that threat actors are now exploiting a recently patched critical Windows Netlogon vulnerability in attacks. [...]

1d agoBleepingComputer

Microsoft says it will not pursue security researchers after zero-day backlash

Microsoft said it is taking the feedback seriously, adding: “To be clear about our approach to legal matters, we have no intention to pursue action against individuals conducting or publishing their security research.”

1d agoThe Record

HIGHAi

Flowise’s MCP implementation can run ghost commands

Enterprises using the lightweight, open-source Flowise platform to power self-hosted AI workloads have a new near-max severity issue to worry about. Researchers at Obsidian Security have detailed a one-click remote code execution (RCE) vulnerability affecting self-hosted Flowise deployments through its implementation of Model Context Protocol ( MCP ) stdio servers. The problem is essentially a san

Hackers began exploiting CVE-2026-0257, an authentication bypass in Palo Alto Networks PAN-OS, four days after public disclosure. The post Recent Palo Alto Networks Vulnerability Exploited for Weeks appeared first on SecurityWeek .

CVE-2026-0257

1d agoSecurityWeek

Election threats are focused on campaign systems, not voting machines

Check Point said actors are shifting toward campaign systems and AI-generated content, outpacing the public's ability to understand and respond to the risks. The post Election threats are focused on campaign systems, not voting machines appeared first on CyberScoop .

1d agoCyberScoop

Wise shares tumble over AML investigation

Shares in Wise have tumbled after prosecutors in Belgium opened an investigation into the alleged use of the money transfer giant's accounts to launder proceeds of fraud, drug trafficking and corruption.

IBM and Red Hat to create clearinghouse for open source software security

IBM and Red Hat have committed $5 billion to build an enterprise clearinghouse for open source software, with a host of top banks lined up as early adopters.

OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack

Cybersecurity researchers have disclosed details of a new malicious supply chain campaign that's targeting developers using OpenAI Codex through a legitimate-looking remote web UI. The tool, named codexui-android, is advertised on GitHub and npm as a remote web UI for OpenAI Codex, attracting over 29,000 weekly downloads. The package is still available for download from the repository. What

1d agoThe Hacker News

1d agoInfosecurity Magazine

Attackers Abuse Shared Content for ChatGPT Phishing Campaign

Push Security says threat actors are delivering malware hosted on chatgpt.com/s/ domain

AccesPay appoints Johan Jardevall as CEO

AccessPay, the leading bank integration provider, today announced the appointment of Johan Jardevall as Chief Executive Officer. Johan succeeds Anish Kapoor, who will become Chairman.

NVD CRITICAL: CVE-2026-44825 — Hardcoded credentials in the Basic Authentication setup tool (bin/solr auth enab...

Loqbox and Blackbullion join forces to financially support students build credit

Loqbox and Blackbullion have partnered to help more than 450,000 students build stronger financial futures through accessible credit-building tools and curriculum-linked financial education.

CVE-2024-21182Oracle WebLogic Server

CISA KEV: Oracle WebLogic Server — Oracle WebLogic Server Unspecified Vulnerability

Oracle WebLogic contains an unspecified vulnerability that could allow an unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data.

1d agoCISA KEV

Miasma supply chain attack: malicious code found in @redhat-cloud-services npm packages

A supply chain worm dubbed Miasma has been found in dozens of @redhat-cloud-services npm releases. The malicious preinstall hook steals credentials, probes cloud identities, and can republish other packages.

1d agoSnyk

Unknown hacker group targeted Russian maritime universities, diplomats for nearly two years

More than half of the attacks observed over the past year targeted educational institutions, particularly maritime universities and schools that train personnel for Russia's shipping, inland waterway and fishing industries.

1d agoThe Record

Afghan finance officials targeted by suspected Pakistani cyberespionage campaign

A suspected Pakistan-linked hacking group has targeted Afghanistan's Ministry of Finance and provincial government officials in a new cyberespionage campaign, researchers have found.

1d agoThe Record

YARA-X 1.17.0 Release, (Sun, May 31st)

YARA-X&&#x23;x26;&#x23;39;s 1.17.0 release brings 5 improvements (several performance improvements) and 1 bugfix.

2d agoSANS ISC

NVD CRITICAL: CVE-2026-10187 — A vulnerability was detected in Totolink N300RH 6.1c.1353_B20190305. Affected by...

A vulnerability was detected in Totolink N300RH 6.1c.1353_B20190305. Affected by this issue is the function setWiFiBasicConfig of the file wireless.so of the component Web Management Interface. Performing a manipulation of the argument KeyStr results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used.

CVE-2026-10187

2d agoNIST NVD

WP Maps Pro bug exploited to create admin accounts on WordPress sites

Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue administrator accounts without authentication. [...]

2d agoBleepingComputer

Bombay High Court Issues Injunction Prohibiting Hackers From Publishing Allegedly Hacked HDFC Investor Data

The Bombay High Court granted interim relief to HDFC AMC after a ransomware group called “Morpheus” allegedly stole over 680 GB of sensitive company and investor data. The court barred unidentified hackers from publishing or sharing the information, warning that any leak could lead to identity theft, financial fraud and irreparable harm. The case will... Source

2d agoDataBreaches.net

Bombay High Court Issues Injunction Prohibiting Hackers From Publishing Allegedly Hacked HDFC Investor Data (1)

2d agoDataBreaches.net

Moscow’s agents are building fake companies, recruiting middlemen and deploying cyber spies and hackers who gather information that could be used to attack key infrastructure. The post Russian Spies Are Aggressively Seeking Western Technology as Sanctions Bite, Officials Say appeared first on SecurityWeek .

3d agoSecurityWeek

CRITICALVulnerabilityPOC

Exploit Code Published for Critical Flowise RCE Vulnerability

The one-click vulnerability allows attackers to execute arbitrary code on self-hosted Flowise servers by tricking users into importing a malicious chatflow. The post Exploit Code Published for Critical Flowise RCE Vulnerability appeared first on SecurityWeek .

CVE-2026-40933

3d agoSecurityWeek

New CIFSwitch Linux flaw gives root on multiple distributions

A newly discovered local privilege escalation vulnerability dubbed 'CIFSwitch' in the Linux kernel could allow attackers to forge CIFS authentication key descriptions, abuse the kernel's key request mechanism, and gain root privileges. [...]

3d agoBleepingComputer

MEDIUMVulnerabilityPOC

Microsoft’s incident response is getting a failing grade from researchers

Microsoft is ticking off a lot of researchers this week by claiming that those who dump proof-of-concept exploits for vulnerabilities they have not responsibly disclosed are enabling criminal activity, and that Microsoft will track them and bring cases against them. Whoever advised them to issue that statement may want to walk it back. Kevin Beaumont,... Source

3d agoDataBreaches.net

MEDIUMVulnerabilityPOC

Microsoft’s incident response is getting a failing grade from researchers (1)

3d agoDataBreaches.net

PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation

Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0257 (CVSS score: 7.8), refers to a case of authentication bypass that could be exploited by bad actors to set up VPN connections. "Authentication bypass vulnerabilities in the

Thousands of Oregon prison files accessed by prison worker

Noelle Crombie reports on today’s reminder of the insider threat: A former Snake River Correctional Institution employee accessed tens of thousands of Oregon Department of Corrections files over a six-month period last year, the agency announced Friday. Officials discovered the data breach in January during an investigation into misconduct allegations involving the unnamed employee, accordin

3d agoDataBreaches.net

3d agoSchneier on Security

Friday Squid Blogging: Another Squid

Someone named “Squid” seems to be a “ West Country legend .” As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.

Name That Toon: Mark of (Cybersecurity) Progress

As part of Dark Reading's 20th anniversary package, we asked readers for a cybersecurity-related caption that captures their thoughts about the industry's last two decades.

3d agoDark Reading

NVD CRITICAL: CVE-2026-45700 — FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0...

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's planar bitmap decoder has an out-of-bounds heap write when decoding RLE planar data. In libfreerdp/codec/planar.c, freerdp_bitmap_decompress_planar() validates the X destination coordinate nXDst against the caller-provided destination stride (nDstStep) even when it is writing into the internal temp buffer p

CVE-2026-45700

3d agoNIST NVD

CISA Town Halls Set Final Stage for CIRCIA Debate

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/cisa-town-halls-set-final-stage-for-circia-debate-image_small-9-a-31812.jpg" align=right hspace=4>June Meetings Could Shape Which Entities Must Report Cyber Incidents The Cybersecurity and Infrastructure Security Agency's June town halls will give critical infrastructure operators a final opportunity to influence how the

3d agoBank Info Security

AI Is Making Decisions. Who's Owning Them?

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/ai-making-decisions-whos-owning-them-image_small-1-a-31810.jpg" align=right hspace=4>GSK's Nancy Paul on Why Static Governance, Risk and Compliance Fail in AI Era Traditional governance, risk and compliance principles still hold, but periodic, checklist-driven governance is a dangerous mismatch for AI systems that contin

3d agoBank Info Security

BIS and Gleif team on LEIs in cross-border open finance prototype

The Global Legal Entity Identifier Foundation (GLEIF) and the Bank for International Settlements (BIS) have demonstrated how the Legal Entity Identifier (LEI) can bring new Know Your Customer/Business (KYC/B) and Anti-Money Laundering (AML) process efficiencies to small and medium-sized enterprises (SMEs) when using open banking and open finance APIs to initiate payments and open business accounts

3d agoFinextra

Metasploit Wrap Up 05/29/2026

More Linux LPEs Hark the age of the Linux LPE has arrived. This week’s release follows up on recent work bringing new Linux LPEs to Metasploit users. Copy Fail seemed to have kicked off a trend of similar bugs and hot on its heels is Dirty Frag. Dirty Frag is actually two vulnerabilities in a trenchcoat, individually identified as CVE-2026-43284 and CVE-2026-43500. Each is exploitable individually

Overview On May 13, 2026, Palo Alto Networks published a security advisory for CVE-2026-0257, a medium severity authentication bypass affecting PAN-OS and Prisma Access when a specific configuration is present. Successful exploitation of this vulnerability allows a remote unauthenticated attacker to successfully establish a VPN connection through the GlobalProtect gateway of an affected appliance.

CVE-2026-0257

3d agoRapid7

In Other News: Trump Mobile Data Breach, FIFA World Cup Phishing, CISA Responds to Supply Chain Attacks

Noteworthy stories that might have slipped under the radar: Trump Mobile exposes customer data, phishers target the 2026 FIFA World Cup, CISA responds to recent supply chain attacks. The post In Other News: Trump Mobile Data Breach, FIFA World Cup Phishing, CISA Responds to Supply Chain Attacks appeared first on SecurityWeek .

4d agoSecurityWeek

DNS-AID will make AI agents easier to discover, says Linux Foundation

As AI agents become more numerous and more communicative, keeping track of where to find them is becoming increasingly important. Numerous proprietary agent registries are on the market, but the Linux Foundation suggests we simply extend the distributed, open Domain Name System (DNS) infrastructure we already have. The foundation is now inviting contributions to the DNS-AID project, a standard way

Federal audit reveals NIST’s NVD is plagued by poor planning and duplication

A report from the Commerce Inspector General details how mismanagement allowed a backlog of 27,000 unprocessed security flaws to grow unchecked, while the agency duplicated work with a similar CISA program. The post Federal audit reveals NIST’s NVD is plagued by poor planning and duplication appeared first on CyberScoop .

4d agoCyberScoop

Certifiably random: Swiss researchers claim perfect random number source

Researchers in Switzerland claim to have built a perfect random number generator from two quantum superconducting chips, a 30-meter-long pipe, and some software. The resulting device could be used to generate cryptographic keys, or to offer a “public randomness service” for lotteries or blockchain applications, they say. They’re not the first to make the claim . Many sources of randomness are bias

NVD CRITICAL: CVE-2026-4290 — The WP Travel Pro plugin for WordPress is vulnerable to arbitrary user deletion ...

The WP Travel Pro plugin for WordPress is vulnerable to arbitrary user deletion via the /wp-json/wp-travel/v1/travel-guide/{user_id} REST API endpoint in all versions up to, and including, 10.6.0. This is due to the check_permission() callback unconditionally returning true and the Database::delete() method passing the user ID directly to wp_delete_user() without any role validation. This makes it

CVE-2026-4290

As European payments sovereignty debate rages, Visa makes its case for place on continent

With European leaders pushing for greater payments sovereignty, US giant Visa has moved to reassure the bloc that it is a friendly partner, setting out plans for a €500 million investment in the continent, including the building of a new local data processing centre.

Charter Communications Data Breach Could Impact Nearly 5 Million

The notorious ShinyHunters extortion group leaked over 42 million records allegedly stolen from Charter in April. The post Charter Communications Data Breach Could Impact Nearly 5 Million appeared first on SecurityWeek .

4d agoSecurityWeek

Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit

An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network using a recently disclosed vulnerability. "The attacker compromised an internet-reachable Marimo notebook via CVE-2026-39987, extracted two cloud credentials from the compromised

CVE-2026-39987

Asia's Cyber Insurance Market Shows Signs of Life

The cyber insurance industry has made relatively weak inroads into Asia due to a a variety of factors, but that could be changing.

4d agoDark Reading

MokN Raises $15 Million for Phish-Back Platform

MokN's platform deploys realistic decoy access points to lure attackers into revealing compromised credentials, enabling organizations to respond before abuse occurs. The post MokN Raises $15 Million for Phish-Back Platform appeared first on SecurityWeek .

4d agoSecurityWeek

From $5 Attacks to Botnet-Powered Platforms: Inside the DDoS-as-a- Service Market

DDoS attacks are increasingly being sold like subscription services, complete with pricing tiers, support, and reseller programs. Flare explores how the DDoS-as-a-Service market has evolved from scattered tools into polished attack platforms. [...]

Dutch govt disrupts malware botnet with 17 million infected devices

Dutch authorities have taken offline a massive botnet of 17 million devices and seized more than 200 servers at a local provider that supported the operation. [...]

NVD CRITICAL: CVE-2026-46376 — FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, una...

FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users may be able to access the User Control Panel (UCP) using hard-coded initial template credentials if these were not immediately changed by the Administrator who enabled UCP. Authenticated access to ACP is required for the initial setup of UCP generic templates, but after that, without further steps by

CVE-2026-46376

NVD CRITICAL: CVE-2025-41277 — Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Ele...

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating system commands on the device.

CVE-2025-41277

NVD CRITICAL: CVE-2025-41276 — Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Ele...

CVE-2025-41276

NVD CRITICAL: CVE-2025-41275 — Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Ele...

CVE-2025-41275

NVD CRITICAL: CVE-2025-41274 — Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Ele...

CVE-2025-41274

NVD CRITICAL: CVE-2025-41273 — Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Altern...

Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to bypass authentication of the Console web application and perform actions as an authenticated user.

CVE-2025-41273

NVD CRITICAL: CVE-2025-41272 — Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Ele...

CVE-2025-41272

NVD CRITICAL: CVE-2025-41270 — Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Ele...

CVE-2025-41270

NVD CRITICAL: CVE-2025-41269 — Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Ele...

CVE-2025-41269

NVD CRITICAL: CVE-2025-41268 — Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Adminis...

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to delete arbitrary files on the Host machines.

CVE-2025-41268

Google Chrome adds session cookie theft protection for all users

Google says the Chrome Device Bound Session Credentials (DBSC) security feature is now generally available and is rolling out to all users to prevent account takeovers. [...]

'The Com' Cyberattacks Support Violence & Sexploitation

Your organization's security failures have consequences for everyone else too, since this neo-Nazi-infested criminal gang uses its cyber winnings to support more violent and widespread crimes.

4d agoDark Reading

New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks

A previously undocumented threat actor dubbed GREYVIBE has been attributed to ongoing and persistent attacks targeting Ukraine and Ukraine-related entities since at least August 2025. GREYVIBE, per WithSecure, is assessed to be a Russian-speaking group operating broadly in the Russian time zone, with the activities aligning with Kremlin state interests, specifically when it comes to

4d agoInfosecurity Magazine

From a research-driven pilot, the Cybersecurity Communities of Support (CyCOS) is about to be handed over to CIISec

LOWApt

Notepad++ vulnerabilities could enable arbitrary code execution on Windows systems

Two arbitrary code execution vulnerabilities in Notepad++ let local attackers run commands of their choice on Windows machines by tampering with the editor’s XML configuration files, with both flaws rated High at CVSS 7.8. The flaws, tracked as CVE-2026-48778 and CVE-2026-48800, affect every version of the editor up to and including 8.9.6, Notepad++ said in a release note . However, the vulnerabil

CVE-2026-48778CVE-2026-48800

Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets

Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of Brazil's largest cooperative financial systems, to siphon client IDs and PFX certificates. According to Socket, versions 2.0.0 through 2.0.4 of "Sicoob.Sdk" contain functionality to exfiltrate sensitive information, including PFX certificates that are used to

The Gentlemen are coming for your files, and then your network

Ransomware operators have spent years refining the art of locking files. Now, some are working harder to get those lockers to every reachable system first. Microsoft’s recent warning of the Gentlemen ransomware revealed its operators using a self-propagating Go-based encryptor capable of moving laterally through compromised environments and deploying itself across additional systems. “Modern ranso

Forbes releases 25th-anniversary Midas List of top VC investors

Forbes has released its Midas List of 2026 in partnership with TrueBridge Capital Partners featuring the top 100 venture capitalist investors.

4d agoInfosecurity Magazine

Chinese Hackers Exploit Iran War to Target Maritime and Energy Companies

ESET’s 2026 APT Activity Report suggests China-backed APTs are using instability in the region to target victims, as well as continuing activity against organizations around the globe

CRITICALSupply Chain

Cybersecurity trends in SEC filings

In 2023, the Securities and Exchange Commission (SEC) required public companies to include a new section in their 10-K annual filings that is devoted to cybersecurity. This section is meant to address “cybersecurity risk management, strategy, governance and incidents.” I got curious as to what senior cybersecurity executives are conveying about their companies in these reports. I turned this into

Charter Communications data breach affects 4.9 million accounts

The ShinyHunters extortion gang stole personal information from 4.9 million accounts after hacking the U.S. telecom giant Charter Communications in early April, according to data breach notification service Have I Been Pwned. [...]

NVD CRITICAL: CVE-2026-3655 — The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulner...

The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass in versions 1.8.50 through 1.8.60. This is due to the Firebase verification flow in the `lwp_ajax_register` AJAX handler not binding the Firebase session to the phone number supplied in the request. The `idehweb_lwp_activate_through_firebase()` function validates that a Firebase OTP sessio

CVE-2026-3655

4d agoInfosecurity Magazine

AI-Generated npm Malware Leaks Its Own GitHub Token

Sloppy AI-generated npm infostealer leaked its own GitHub token, exposing the operator

Police arrest man following hack of Ajax football club

Dutch police have arrested a 35-year-old man suspected of hacking into the computer systems of Amsterdam football giant Ajax, after the personal data of hundreds of thousands of supporters was put at risk. Read more in my article on the Hot for Security blog.

4d agoGraham Cluley

4d agoWeLiveSecurity (ESET)

This month in security with Tony Anscombe – May 2026 edition

In this roundup, Tony looks at attacks against Polish water treatment facilities, how AI-directed attacks failed in Mexico, and what Google believes is the first AI-generated zero-day exploit

NVD CRITICAL: CVE-2026-8732 — The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via A...

The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account Creation in all versions up to, and including, 6.1.0. This is due to the wpgmp_temp_access_ajax AJAX action being registered with wp_ajax_nopriv_ and protected only by a nonce check using the fc-call-nonce nonce, which is publicly embedded into every frontend page via wp_localize_script as the nonc

CVE-2026-8732

4d agoSecurelist (Kaspersky)

What’s in the container? Analyzing vulnerabilities, risks and protection with Kaspersky Container Security and the KIRA AI assistant

What are the main risks for container environments: vulnerabilities, supply chain attacks, configuration errors; how to improve container security and how Kaspersky Container Security with the KIRA AI assistant can help.

GDPR set the tone for regulatory action — and the AI fine pushback to come

Big tech firms continue to push back against fines levied for alleged violations of European data protection law, in what could be a harbinger for AI regulations to come. While lawyers and experts quizzed by CSO broadly argue that big tech firms contesting data protection rules isn’t a particular cause for concern, the more widespread introduction of AI technologies is a far greater data protectio

Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels

The North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been attributed to a fresh set of cyber attacks targeting South Korean military and corporate entities through March and April 2026. "Kimsuky employed a range of tailored social engineering tactics, such as spoofing security software installation pages and crafting a fake Webex meeting page that leveraged

How Relay Network Adopted AI Coding Securely - and Built the Foundation for Agentic Development

See how Relay Network securely adopted AI coding with Snyk and GitHub Copilot, implementing "secure at inception" to reduce vulnerabilities and accelerate development.

4d agoSnyk

Fix SCA issues at scale in your terminal with Snyk Remediation Agent in the CLI

Stop security backlogs. Snyk's Remediation Agent in the CLI pairs AI reasoning with Snyk security intelligence to fix SCA issues at scale directly in your terminal.

4d agoSnyk

CRITICALSupply Chain

IBM and Red Hat want to become the ‘security clearinghouse’ for open source applications in the enterprise

Open source code is everywhere in the enterprise; it’s estimated that upwards of 90% of Fortune 500 companies have it in their software supply chains. But open source code is notoriously rife with vulnerabilities, and identifying and patching those bugs can be an endless battle for security teams. IBM and Red Hat are betting that a new initiative, Project Lightwell , can help accelerate this proce

CRITICALData Breach

Lack of response to critical vulnerability in Gogs is a reminder of the limits of open source projects

A newly discovered and so far unpatched critical vulnerability in the open source Gogs Git service not only demands immediate action from developers to secure their code, it also puts a spotlight on the potential issues in using self-hosted code platforms from small maintainers. The hole is a critical argument injection vulnerability, discovered by a researcher at Rapid7, that allows any authentic

Anthropic confirms Claude Mythos-class models will roll out to the public

Anthropic has confirmed that it plans to bring Mythos-class models to the general public after delaying the rollout due to security risks to public and private software. [...]

Fiserv brings in Cognition's AI agent software engineer

Fiserv has brought in a new software engineer, an AI agent called Devin created by vendor Cognition, to help speed up the pace at which it ships new capabilities to clients.

NatWest taps Cleareye.ai for trade finance ops

NatWest has started working with trade finance tech specialist Cleareye.ai to revamp its its trade operations and strengthen financial crime controls.

Snowflake to Buy Startup Natoma Focused on AI Access Control

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/snowflake-to-buy-startup-natoma-focused-on-ai-access-control-image_small-10-a-31808.jpg" align=right hspace=4>San Francisco Startup Built MCP Gateway Technology for AI Authorization Workflows Snowflake plans to acquire AI governance startup Natoma to help enterprises centrally manage model context protocol access, delega

4d agoBank Info Security

CRITICALZero DayPOC

Microsoft Threatens Legal Action Over Zero-Day Leaks

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/microsoft-threatens-legal-action-over-zero-day-leaks-image_small-3-a-31807.jpg" align=right hspace=4>Security Researchers Fear Broader Legal Pressure on Bug Disclosures Microsoft is pursuing legal action after a researcher publicly released six Windows zero-days and exploit code following a breakdown in coordinated discl

4d agoBank Info Security

CVE-2026-0257Palo Alto Networks PAN-OS

CISA KEV: Palo Alto Networks PAN-OS — Palo Alto Networks PAN-OS Authentication Bypass Vulnerability

Palo Alto Networks PAN-OS contains an authentication bypass vulnerability that allows attackers to bypass security restrictions and establish an unauthorized VPN connection.

4d agoCISA KEV

NVD CRITICAL: CVE-2026-9874 — Use after free in Dawn in Google Chrome prior to 148.0.7778.216 allowed a remote...

Use after free in Dawn in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

CVE-2026-9874

NVD CRITICAL: CVE-2026-8809 — The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privi...

The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation via Validation Bypass in all versions up to and including 0.9.2.5. The vulnerability exists due to the after_validate_save_post() function unconditionally trusting the attacker-controlled _acf_post_id POST parameter — with no authentication or integrity verification — to select a cleanup branch that sil

CVE-2026-8809

As Global Powers Explore Humanoid Robots, Cyber-Risk Looms

The future of cybersecurity is germinating, as nation states vie for dominance in the embodied AI market and its supply chain.

4d agoDark Reading

Romanian Access Broker Sentenced in Oregon Network Intrusion

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/romanian-access-broker-sentenced-in-oregon-network-intrusion-image_small-4-a-31809.jpg" align=right hspace=4>Hacker Amassed $250,000 in Losses Across Multiple US Entities The Romanian hacker who in 2021 sold on a hacking forum online credentials to the Oregon disaster management agency received a four year federal prison

4d agoBank Info Security

GreyVibe hackers use ChatGPT, Gemini to power cyberattacks

A likely Russian threat cluster tracked as GreyVibe has been targeting Ukrainian entities with AI-generated lures and a rich set of custom malware tools. [...]

NVD CRITICAL: CVE-2026-44881 — Portainer Community Edition is a lightweight service delivery platform for conta...

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer supports deploying stacks from Git repositories. When a Git-backed stack is created or updated, Portainer clones the repository using go-git v5, which translates G

NVD CRITICAL: CVE-2026-34311 — Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Ora...

Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Opera). Supported versions that are affected are 5.6.19.24, 5.6.22, 5.6.25.19, 5.6.27.6 and 5.6.28. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of

Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code

A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an authenticated user to execute arbitrary code under certain conditions. The security flaw, per Rapid7, is rated 9.4 on the CVSS scoring system. It does not have a CVE identifier. "The vulnerability allows any authenticated user to achieve remote code execution (RCE) on

NVD CRITICAL: CVE-2026-24444 — SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9_B9 con...

Zapier fixes bug chain that researchers say risked widespread account takeover

A five-step flaw chain in the popular automation service, now patched, could have let a single attacker act as any signed-in user across thousands of connected apps. The post Zapier fixes bug chain that researchers say risked widespread account takeover appeared first on CyberScoop .

Critical FortiClient EMS Vulnerability Exploited in Fresh Attacks

Fortinet rolled out hotfixes for the security defect in April, warning that it had been exploited in the wild as a zero-day and urging immediate patching. The post Critical FortiClient EMS Vulnerability Exploited in Fresh Attacks appeared first on SecurityWeek .

CVE-2026-35616

Romanian gets 5 years in prison for hacking Oregon govt network

A Romanian national was sentenced this week to 56 months in federal prison for breaking into an Oregon state government computer network and fr cyberattacks targeting dozens of other U.S. victims. [...]

5d agoBleepingComputer

IBM and Red Hat Commit $5 Billion to Secure Open Source Supply Chains Under “Project Lightwell”

Project Lightwell is designed to fix vulnerabilities without breaking what is already in production. The post IBM and Red Hat Commit $5 Billion to Secure Open Source Supply Chains Under “Project Lightwell” appeared first on SecurityWeek .

Focus on Cyber Insurance: How Quantifying Risk Is Reshaping Security

In this latest installment of the Reporters' Notebook video series, we discuss how cyber insurance is forcing organizations to quantify risk, what's covered (and what's not), and why this could be the best thing to happen to cybersecurity.

GlassWorm falls, but the repo problem is far from solved

Taking down a sprawling malware operation once signaled progress in securing the open-source ecosystem. Now, it barely registers. The GlassWorm campaign disruption comes at a moment when attackers can quickly reconstitute, and defenders are increasingly grappling with a new challenge: distinguishing real threats from automated noise. “I think coordinated actions, like GlassWorm, can sever control,

CVE-2026-9037CVE-2026-9038

CRITICALPhishing

XCharge C6

<a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-148-08.json">View CSAF</a> <h2>Summary</h2> Successful exploitation of these vulnerabilities could allow an attacker to gain administrator rights or execute code on the affected device. The following versions of XCharge C6 are affected: <ul> <li>C6</li> </ul

Schnieider Electric EcoStruxure Machine Expert HVAC

<a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-148-07.json">View CSAF</a> <h2>Summary</h2> Schneider Electric is aware of a vulnerability in its EcostruxureTM Machine Expert HVAC product. The [EcostruxureTM Machine Expert HVAC](https://www.se.com/ww/en/download/document/EcoStruxureME_HVAC/) product is a programming software

CVE-2026-6332

ABB EIBPORT

<a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-148-03.json">View CSAF</a> <h2>Summary</h2> ABB is aware of vulnerabilities in the product versions listed as affected in the advisory. A firmware update is available that resolves these privately reported vulnerabilities in the product versions listed as affected in the adviso

CVE-2021-22291

New Edamame Platform Aims to Catch AI Coding Agents Going Off the Rails

France-based startup Edamame says its runtime verification platform uses host telemetry and AI analysis to detect coding-agent “intent drift,” secret theft and supply-chain attacks in real time. The post New Edamame Platform Aims to Catch AI Coding Agents Going Off the Rails appeared first on SecurityWeek .

CISA is prioritizing the response to multiple emerging software supply chain intrusion campaigns targeting developer ecosystems Continuous Integration/Continuous Development (CI/CD) pipelines. These recent incidents, including the GitHub compromise via a malicious Nx Console Visual Studio Code (VS Code) extension and the “Megalodon” supply chain intrusion campaign, demonstrate how cyber threat

CVE-2026-48027

Schneider Electric EcoStruxure Machine Expert HVAC

CVE-2026-6332

5d agoInfosecurity Magazine

New Threat Actor Jinx-0164 Targets Crypto Developers on macOS

New actor Jinx-0164 hit crypto developers with fake recruiter lures and macOS malware

New AI Usage Report: Enterprise AI Risk Is Heavily Concentrated Among a Small Group of AI "Power users"

State of AI Usage Report 2026 (full report here) by LayerX Security reveals the extent of the enterprise AI visibility gap and why most organizations still don't understand where their AI exposure is actually coming from. The research shows that enterprise AI risk is not distributed evenly across users or platforms. Instead, it is heavily concentrated among a small group of AI power users and a

5d agoThe Hacker News

Gitea Vulnerability Exposed 30,000 Deployments to Attacks

Sextortionist sentenced to 33 years for targeting 145 children

A Canadian man was sentenced to 33 years in prison after pleading guilty to targeting more than 145 children across the United States, some as young as 6 years old, in an eight-year-long sextortion scheme. [...]

5d agoBleepingComputer

NVD CRITICAL: CVE-2026-4408 — A flaw was found in Samba. A remote attacker can exploit a misconfiguration in S...

A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper escaping of shell meta-characters. This vulnerability allows an attacker to achieve remote command execu

CVE-2026-4408

5d agoNIST NVD

BTMOB RAT Spreads Across Brazil, LatAm via MaaS Model

An advanced remote access Trojan is propagating online. Notably, it's delivered via an operator licensing model and features a no-code malware-development interface.

What the industrialization of exploitation means for defenders

For decades, cybersecurity was a battle of skill. Elite attackers versus elite defenders. The rules of engagement were understood, even if the playing field wasn’t level. If you hired better analysts and bought better tools, hopefully you hardened your systems well enough and built detection capabilities that wore out the adversary’s patience. That era is over, and most security programs haven’t f

5d agoWeLiveSecurity (ESET)

ESET APT Activity Report Q4 2025–Q1 2026

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2025 and Q1 2026

JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware

A new campaign orchestrated by a previously undocumented threat actor has targeted cryptocurrency organizations with an aim to facilitate digital asset theft using recruitment-themed social engineering and bespoke macOS malware. "These campaigns leveraged sophisticated social engineering techniques, custom macOS malware, and deep targeting of CI/CD infrastructure," Wiz researchers Shira Ayal,

5d agoThe Hacker News

Nordic CISOs Handle Rising Cyber Threats Remarkably Well

Artificial intelligence notwithstanding, the vast majority of CISOs in northern Europe say they're facing no more serious cyberattacks than they did two years ago.

5d agoSecurelist (Kaspersky)

Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years

Our experts continue to track attacks targeting consumers of pirated content, both books and movies. 2026 saw the discovery of new target sites with tens of millions of visitors, while the miner gained a RAT module.

AI Is Automating Jobs That Train Security's Next Leaders

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/ai-automating-jobs-that-train-securitys-next-leaders-image_small-3-a-31796.jpg" align=right hspace=4>SANS Survey Says Industry Risks Future by Cutting Roles That Train Cyber Expertise AI is automating the entry-level cybersecurity roles where the next generation of experts have always been trained. As the industry strugg

Chinese Phishers Use Live MFA Interception for Digital Wallet Fraud

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/chinese-phishers-use-live-mfa-interception-for-digital-wallet-fraud-image_small-8-a-31799.jpg" align=right hspace=4>Fraudsters Tokenize Stolen Cards Into Attacker Wallets Google Threat Intelligence Group warned that Chinese-language phishing-as-a-service platforms are using AI, encrypted messaging and real-time OTP inter

Sonar Acquires Gitar to Eliminate AI Code Review Gaps

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/sonar-acquires-gitar-to-eliminate-ai-code-review-gaps-image_small-7-a-31798.jpg" align=right hspace=4>Deal Adds LLM-Based Reasoning to Sonar's Algorithmic Code Verification Platform Sonar purchased Silicon Valley-based startup Gitar to add LLM-based code review and verification capabilities as enterprises use AI agents t

White House Faces Pressure to Rewrite AI Order

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/white-house-faces-pressure-to-rewrite-ai-order-image_small-6-a-31797.jpg" align=right hspace=4>Analysts Say White House Must Quickly Replace Shelved AI Framework U.S. President Donald Trump's decision to abruptly shelve an artificial intelligence executive order aimed at creating a federal review process for frontier mod

Employees are unknowingly inviting tech support impersonators into firms, says FBI

Online or telephone IT support scams have been tricking employees into downloading or clicking on malware for years. But according to the FBI, one group that targets US-based law firms has recently found success in person, by convincing firms to allow a supposed IT support person into the building, where they insert a storage device into a victim’s computer and install malware or steal data. This

Mastercard secures New York BitLicense

Mastercard Transaction Services has been granted a BitLicense by the New York State Department of Financial Services (NYDFS), cementing its support for digital currencies such as stablecoins and tokenized deposits

Tokenisation can improve wholesale cross-border payments - BIS project

A long-running project involving several central banks and a host of private sector players has built a prototype demonstrating that tokenisation can tackle inefficiencies in wholesale cross-border payments.

Farsight launches AI agent for client-ready deal materials

Farsight, an institutional AI platform for financial services, has launched an agent designed to produce client-ready deck materials from a single prompt.

Another IT governance headache: AI-enabled sanction evasion

Over the next three to five years, both governments and the private sector will need to rapidly adapt identification and mitigation protocols as adversaries move from AI-assisted to AI-enabled sanctions evasion and proliferation financing (PF), a new research paper warns. The report , Algorithms of Evasion: The Rise of AI-Enabled Proliferation Financing, from the Royal United Services Institute (

5d agoUnit 42 (Palo Alto)

Out of the Crypt: The Evolving Cyber Extortion Economy

Unit 42 explores trends in data theft and extortion, outlining key strategies for organizations as frontier AI models advance. The post Out of the Crypt: The Evolving Cyber Extortion Economy appeared first on Unit 42 .

AI models more vulnerable than claimed when faced with iterative attacks

CISOs relying on LLM runtime guardrails and official safety scores when making security decisions about their organizations’ AI usage and model selection are due for a wakeup call. According to a new study from Cisco, frontier models from OpenAI, Anthropic, Google, xAI, and Amazon have significantly worse risk profiles when pressured in multi-turn attacks compared to when their safety is benchmark

GPU mining malware spreads via SEO poisoning, AI chatbots

Threat actors are targeting systems with high-performance computers in an ongoing cryptojacking campaign spread through a coordinated SEO poisoning operation that also manipulated AI chatbot recommendations. [...]

5d agoBleepingComputer

Reconstructing an Akira Ransomware Kill Chain from Perimeter and Endpoint Logs, (Wed, May 27th)

Most Akira write-ups focus on the ransom note or the encryption routine. By the time those show up the interesting forensic work is over. The questions that matter to defenders sit earlier. How did they get in. When did they get domain admin. What did they touch before the binary fired. Those answers live in the days before impact. They sit in two log sources that almost never get joined. The peri

5d agoSANS ISC

OpenAI heralds cybersecurity, election interference safeguard plans for 2026 midterms

The announcement builds on work from major tech firms in 2024 to combat AI-infused election chicanery. The post OpenAI heralds cybersecurity, election interference safeguard plans for 2026 midterms appeared first on CyberScoop .

Ransomware Actors Show Up In Person to Steal Law Firm Data

The FBI warned that the extortion gang Silent Ransom Group is targeting law firms and socially engineering its way into servers and databases.

FBI warns US-based law firms to be on the lookout for cybercrime group that steals data in person

Silent Ransom Group isn’t prolific, but it's demonstrated a knack for attacking the legal services sector with an extraordinary dual use of social engineering and in-person visits to victims’ workstations. The post FBI warns US-based law firms to be on the lookout for cybercrime group that steals data in person appeared first on CyberScoop .

UK spy chief labels AI ‘unstoppable force’ with offensive, defensive ramifications for cyberspace

Anne Keast-Butler, head of the GCHQ, said her agency was developing an artificial intelligence-powered cyber shield as other nations were deploying AI in warfare. The post UK spy chief labels AI ‘unstoppable force’ with offensive, defensive ramifications for cyberspace appeared first on CyberScoop .

Fold rolls out bitcoin rewards credit card

Fold Holdings, Inc. (NASDAQ: FLD) (“Fold” or the “Company”), a bitcoin financial services company making it easy for individuals to earn, save and spend bitcoin through everyday financial tools, announced it has begun rolling out the Fold Bitcoin Credit Card to a portion of the waitlist members.

Sella becomes first bank in Italy to get permission to set up crypto-asset services

Romanian national sentenced to more than 4 years for hacking Oregon government systems

Dragomir was arrested in Romania in November 2024 and brought to the U.S. last year to face charges for hacking into the network belonging to Oregon’s Office of Emergency Management.

5d agoThe Record

UK Cyberspying Chief Calls AI ‘an Unstoppable Force’ and Warns About Russia

The speech is the latest in a string of warnings from intelligence experts that Russia is stepping up hostile activity in a “gray zone” that falls just below the threshold of war. The post UK Cyberspying Chief Calls AI ‘an Unstoppable Force’ and Warns About Russia appeared first on SecurityWeek .

NVD CRITICAL: CVE-2026-48027 — Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious ver...

Nx Console is the user interface for Nx & Lerna. On 19 May 2026, a malicious version of Nx Console, 18.95.0, was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for ~18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the compromised version was available from 12:33 UTC to 13:09 UTC (~36 minutes). Version 18.100.0 of Nx C

NVD CRITICAL: CVE-2026-8175 — IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM A...

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a buffer overflow in the asperahttpd component. This vulnerability could be exploited to cause a denial of service and potentially lead to authentication bypass or remote code execution.

CVE-2026-8175

NVD CRITICAL: CVE-2026-7876 — IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19

IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19

CVE-2026-7876

NVD CRITICAL: CVE-2026-7524 — IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to im...

IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction.

For most of my career running security operations, the shape of cyber conflict has been defined by who could move faster than the other side. Faster at identifying a vulnerability, faster at patching, faster at detecting, faster at responding. The last few months have made me reevaluate that framing. Speed still matters. It just no longer carries the picture on its own. Scale and autonomy have mov

CVE-2026-4747

6d agoCSO Online

6d agoWeLiveSecurity (ESET)

What to consider before asking an AI chatbot for health advice

Using chatbots for medical advice could elicit hallucinations and even expose you to security and privacy risks. Here’s what’s at stake and how to stay safe.

Windows 11 KB5089573 update released with performance improvements

Microsoft has released the KB5089573 preview cumulative update for Windows 11 versions 25H2 and 24H2, which comes with 30 changes, including performance and reliability improvements. [...]

6d agoBleepingComputer

6d agoInfosecurity Magazine

FortiGuard Labs detailed a PureLogs campaign using JavaScript, PowerShell and process hollowing

AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites

Microsoft has warned of an active cryptojacking campaign that makes use of artificial intelligence (AI) chatbot interactions as a mechanism for surfacing malicious download sites. "This emerging delivery technique extends social engineering beyond conventional search results and increases the visibility of malicious software recommendations," Microsoft Defender Experts and the Microsoft

6d agoThe Hacker News

NVD HIGH: CVE-2026-9200 — The Query Shortcode plugin for WordPress is vulnerable to Local File Inclusion i...

The Query Shortcode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.2.1 via the shortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls

CVE-2026-9200

NVD HIGH: CVE-2026-8994 — The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass ...

The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.3.3. The `ajaxLoginWithNear()` function — registered as a `wp_ajax_nopriv` action and therefore reachable by unauthenticated users — accepts an attacker-supplied `account` POST parameter and issues a valid WordPress authentication cookie based solely on a substring check for `.ne

CVE-2026-8994

NVD HIGH: CVE-2026-8787 — The Firebase Support & Chat Management plugin for WordPress is vulnerable to pri...

The Firebase Support & Chat Management plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.1.1. This is due to the `firebase_auth()` function authenticating the request as the WordPress user whose email is supplied in the `user_email` POST parameter without verifying ownership of that email (no Firebase ID token signature/issuer/audience verification)

CVE-2026-8787

NVD CRITICAL: CVE-2026-8760 — The Login with OTP plugin for WordPress is vulnerable to authentication bypass i...

The Login with OTP plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.6. This is due to an incomplete fix for CVE-2024-11178: the rate-limit/lockout check added to `otpl_login_action()` was placed only inside the OTP-generation branch and is never evaluated on the OTP-validation branch, and the generated 6-digit OTP additionally has no expiration. T

Microsoft is previewing a new automatic device isolation capability in Defender for Endpoint’s auto attack disruption tool to help security pros contain cyber attacks in progress on their IT networks. The company announced the capability earlier this month in a column about new features in Defender. There’s no word on when automatic device isolation will be in full production. However, a new SANS

6d agoCSO Online

NVD HIGH: CVE-2026-9606 — A vulnerability has been found in itsourcecode Courier Management System 1.0. Im...

A vulnerability has been found in itsourcecode Courier Management System 1.0. Impacted is an unknown function of the file /manage_user.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.

CVE-2026-9606

Indian travel-fintech Scapia raises $63m

Scapia, an Indian outfit that combines co-branded credit cards with travel booking, has raised $63 million in a funding round led by General Catalyst.

6d agoFinextra

CommBank tests AI companion in banking app

CommBank is testing a new conversational AI interface within its banking app, designed to slice and dice spending and savings data to help customers to better manage their money

6d agoFinextra

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/us-takeover-dutch-cloud-id-provider-blocked-by-government-image_small-2-a-31780.jpg" align=right hspace=4>New York-Based Kyndryl Can't Buy Amsterdam-Based Solvinity Group The growing push for European technological sovereignty from the United States claimed a significant scalp in the Netherlands, where authorities blocke

6d agoBank Info Security

Anthropic Expands Public Access to Claude Mythos AI Model

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/anthropic-expands-public-access-to-claude-mythos-ai-model-image_small-1-a-31778.jpg" align=right hspace=4>Expect to See Widespread Availability of Mythos-Level Models Within 6-12 Months Anthropic is expanding public access to its frontier artificial intelligence model Claude Mythos "to qualifying customers' security team

6d agoBank Info Security

Why AI Agents Are Creating a New Security Blind Spot

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/ai-agents-are-creating-new-security-blind-spot-image_small-6-a-31776.jpg" align=right hspace=4>Okta's Charlotte Wylie on Identity, Governance and Rogue AI Access AI agents are becoming a new identity type inside enterprises, creating visibility gaps and security risks most organizations aren't prepared to manage. Okta's

6d agoBank Info Security

FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the dynamic_binary_buffer_t class (src/dynamic_binary_buffer.hpp). Five methods (append_dynamic_buffer, append_data_as_pointer, append_data_as_object_ptr, memcpy_from_ptr, memcpy_from_object_ptr) use an incorrect bounds check of the form 'if (offset + length > maximum_internal_storage_size + 1)' instead

CVE-2026-48689

For Enterprises, Security Remains Agentic AI's Biggest Challenge

Every company needs an agentic AI strategy, but the tools to allow agentic AI frameworks be safely and securely adopted are just starting to appear.

6d agoDark Reading

White House charts new course for federal agencies and cybersecurity logging

A Trump administration memo published last week replaces one from its predecessor, with at least one analyst fearful of potential harmful results. The post White House charts new course for federal agencies and cybersecurity logging appeared first on CyberScoop .

6d agoCyberScoop

6d agoSonatype (Maven/npm)

BNP Paribas partners Mistral to strengthen AI defences

BNP Paribas is working with French startup Mistral AI as it seeks to strengthen its cyber defences against weaknesses exposed by new models such as Anthropic's Mythos.

Your Outdated Repository Still Works, But It May Not Be Safe

<div class="hs-featured-image-wrapper"> <a href="https://www.sonatype.com/blog/your-outdated-repository-still-works-but-it-may-not-be-safe" title="" class="hs-featured-image-link"> <img src="https://www.sonatype.com/hubfs/blog_legacy_repo.png" alt="Image with hexagon shape at center containing an exclamation point, signifying a technology notification. Icons surrounding the hexagon comprise a soft

FBI warns of Kali365 phishing kit that breaks into Microsoft 365 accounts – no password required

So, you've enabled multi-factor authentication. You've taught your staff never to type their passwords into dodgy-looking login pages. Surely your Microsoft 365 accounts are safe now? Well, think again. Read more in my article on the Hot for Security blog.

6d agoGraham Cluley

NVD HIGH: CVE-2026-48692 — FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 500...

FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 50052 with no authentication mechanism. The server is initialized with grpc::InsecureServerCredentials() (src/fastnetmon.cpp line 477) and a source code comment explicitly acknowledges 'Listen on the given address without any authentication mechanism.' None of the RPC methods in src/api.cpp (ExecuteBan, ExecuteUnBan, GetB

CVE-2026-48692

NVD HIGH: CVE-2026-48688 — FastNetMon Community Edition through 1.2.9 contains multiple out-of-bounds reads...

FastNetMon Community Edition through 1.2.9 contains multiple out-of-bounds reads in the BGP MP_REACH_NLRI IPv6 attribute decoder. The function decode_mp_reach_ipv6() in src/bgp_protocol.cpp contains a TODO comment at line 156 explicitly acknowledging 'we should add sanity checks to avoid reads after attribute memory block.' The function casts raw pointers to structure types without verifying suffi

CVE-2026-48688

NVD CRITICAL: CVE-2026-48687 — FastNetMon Community Edition through 1.2.9 contains an OS command injection vuln...

FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The _log() function in src/juniper_plugin/fastnetmon_juniper.php (lines 117-118) constructs shell commands by concatenating the $msg parameter directly into exec() calls: exec("echo `date` \"- {FASTNETMON] - " . $msg . " \" >> " . $FILE_LOG_TMP). The $msg variable con

CVE-2026-48687

NVD CRITICAL: CVE-2026-48686 — FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflo...

FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI (Network Layer Reachability Information) decoder. The function decode_bgp_subnet_encoding_ipv4_raw() in src/bgp_protocol.cpp reads prefix_bit_length directly from the BGP packet (line 99) without validating it is <= 32 for IPv4 prefixes. This value is passed to how_much_bytes_we_need_for_storing_certa

CVE-2026-48686

Garanti BBVA launches Request to Pay API

Garanti BBVA has gone live with its BKM-integrated Request to Pay API, enabling businesses to manage collections directly from their own systems while offering customers a fast, easy, and seamless bill-payment experience. The solution was piloted in partnership with energy company Uludağ Elektrik.

OpenKM 6.3.12 contains an unrestricted SQL execution vulnerability that allows authenticated administrative users to execute arbitrary SQL statements against the application database via the DatabaseQuery interface. Attackers can submit malicious SQL queries through the qs parameter to the /admin/DatabaseQuery endpoint to extract sensitive data including usernames and password hashes from the OKM_

CVE-2026-42425

Anthropic: Mythos finds more than 10,000 software flaws in first month

Early results show a tenfold jump in bug discovery at some partners, and a widening gap between finding flaws and fixing them. The post Anthropic: Mythos finds more than 10,000 software flaws in first month appeared first on CyberScoop .

May 26, 2026CyberScoop

May 26, 2026Schneier on Security

Identifying People Using Wi-Fi Routers

Not identifying people based on their use of Wi-Fi routers, but identifying people using Wi-Fi signals . This is accomplished through what is known as WiFi sensing , or the use of WiFi signals to infer information about a physical environment. When radio signals like WiFi travel through a space, they interact with the objects and people around them. Those signals can be reflected, scattered, or ab

May 26, 2026Infosecurity Magazine

Chinese Threat Actors Ditch Static Phishing Pages for Live Credential Interception

Almost all organizations impersonated by Chinese phishing platforms are non-Chinese entities, suggesting operators deliberately avoid domestic targets

NVD HIGH: CVE-2026-9544 — A vulnerability was found in Shenzhen Sixun Software Sixun Shanghui Group Busine...

A vulnerability was found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 10. Affected by this vulnerability is an unknown functionality of the file /api/Dinner/PayConfig. Performing a manipulation of the argument tableno results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contact

CVE-2026-9544

NVD CRITICAL: CVE-2026-7374 — A flaw was found in KubeVirt's virt-handler component. This vulnerability allows...

UK Government commissions review into bank branch closures

The UK Government has commissioned an independent review to examine the impact of bank branch closures and consider whether further intervention is needed to protect access to services.

May 26, 2026The Hacker News

CERT-In Mandates 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks

The Indian Computer Emergency Response Team (CERT-In) has issued new guidelines requiring organizations to patch critical security vulnerabilities in internet-exposed systems within 12 hours of being flagged where "feasible" to safeguard against potential threats stemming from threat actors' abuse of artificial intelligence (AI) tools and large language models (LLMs) to automate vulnerability

May 26, 2026The Hacker News

CERT-In Recommends 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks

Alipay delivers full-stack Ai payments infrastructure

Alipay today introduced its full-stack AI payment solution to partners across industries, ranging from AI companies to traditional retailers, and debuted two new services — the world’s first AI Wallet and Token Pay — to support the agentic economy’s rapid growth.

May 26, 2026Infosecurity Magazine

Iran-Linked Hackers Target US Aviation with Phishing and SEO Poisoning Campaign

Iran's Nimbus Manticore pushes AI-built MiniFast backdoor via phishing and SEO poisoning

Finova strengthens Manchester hub with senior appointments

Finova, the UK's largest provider of cloud-based mortgage, savings and lending software, has appointed three directors who will be based in its new Manchester hub, with recruitment for the site now 80% complete.

May 26, 2026WeLiveSecurity (ESET)

CRITICALRansomware

Stop treating AI governance as a review layer. Make it release infrastructure

I’ve spent years building compliance into security products. FedRAMP and Department of War Impact Level authorizations, vulnerability management pipelines: They all follow the same pattern. Build the product, then prove it meets requirements. The compliance layer sits outside the engineering workflow. It reviews what already exists. That model worked when the product stayed static between audits.

May 26, 2026CSO Online

LOWMalware

BTMOB: A stealthy RAT burrowing deep into Android devices

The malware pairs remote access capabilities with ready-made campaign tools, lowering the barrier for full device compromise

May 26, 2026BleepingComputer

Microsoft has confirmed a new known issue affecting Windows Server 2016 systems that causes domain controller lookups to fail after installing the KB5087537 May 2026 security update. [...]

LOWApt

Iranian Hackers Deploy MiniFast and MiniJunk V2 via Phishing and SEO Poisoning

The Iranian state-sponsored threat actor known as Nimbus Manticore (aka Screening Serpens and UNC1549) has been attributed to a fresh campaign using lures impersonating organizations in the aviation and software sectors across the U.S., Europe, and the Middle East following the joint U.S.-Israeli military campaign against the country in late February 2026. The activity, besides embracing

May 26, 2026The Hacker News

May 26, 2026BleepingComputer

7-Eleven data breach exposes personal information of 185,000 people

The ShinyHunters extortion gang stole the personal information of over 183,000 people after hacking the systems of convenience store chain giant 7-Eleven in April, according to data breach notification service Have I Been Pwned. [...]

CRITICALRansomware

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/automated-megalodon-campaign-spreads-github-repo-backdoors-image_small-9-a-31772.jpg" align=right hspace=4>Supply-Chain Attack Uses Malicious GitHub Actions Workflow File to Steal Secrets More than 5,000 GitHub repositories fell victim to an automated campaign, codenamed "Megalodon," in which an attacker injected malicio

May 26, 2026Bank Info Security

May 26, 2026Bank Info Security

Responding to Breaches With AI? Beware Cross-Contamination

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/responding-to-breaches-ai-beware-cross-contamination-image_small-8-a-31771.jpg" align=right hspace=4>Separate Breach Details Can Bleed Into Each Other, Incident Responders Find Cybersecurity investigators who use artificial intelligence tools to draft incident response reports, beware: Information tied to one security in

CRITICALApt

Security experts caution MFA alone can no longer stop threat actors

Cybersecurity experts are warning enterprise admins about an increasing number of phishing campaigns aimed at stealing Microsoft 365 (M365) access tokens to bypass multifactor authentication login protection. Phishing kits aimed at capturing M365 tokens aren’t new; some reports say these kits have been around since 2021. One of the latest is EvilTokens , which researchers at Sekoia say has been ci

May 26, 2026CSO Online

NVD HIGH: CVE-2026-9538 — Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker ...

Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header. _read_tar() reads each entry's payload with $handle->read($$data, $block), where $block is derived from the entry's 12-byte size field in the tar header with no upper bound on that value. A crafted header declaring a multi-gigabyte size causes Perl to allocate a scalar of th

CVE-2026-9538

NVD HIGH: CVE-2026-9521 — A security vulnerability has been detected in fraillt bitsery up to 5.2.4. Affec...

A security vulnerability has been detected in fraillt bitsery up to 5.2.4. Affected is the function loadFromSharedState in the library include/bitsery/ext/std_smart_ptr.h. Such manipulation leads to improper validation of specified type of input. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 5.2.5 is able to address this

CVE-2026-9521

NVD HIGH: CVE-2026-42497 — Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker control...

Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. _make_special_file() passes the tar header's linkname to link() without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode. A subsequent write through the extracted name modifies the victim file, and the post-extract

CVE-2026-42497

NVD CRITICAL: CVE-2026-42496 — Archive::Tar versions before 3.08 for Perl extract symlinks with attacker contro...

Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. _make_special_file() passes the tar header's linkname to symlink() without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular file extraction does not cover the symlink target. A subsequent open through the extracted na

CVE-2026-42496

Project Glasswing has uncovered 10,000 vulnerabilities: Anthropic

Anthropic says it and upwards of 50 partners involved in Project Glasswing have uncovered an estimated 10,000 critical or high-severity vulnerabilities in their software offerings. The company launched the cybersecurity initiative, which is built around Claude Mythos Preview , in April, stating that its launch partners would use it as part of their defensive security work. Anthropic said it create

May 26, 2026CSO Online

NVD HIGH: CVE-2026-9517 — A vulnerability was determined in hemant6488 CodeIgniter-StudentManagementSystem...

A vulnerability was determined in hemant6488 CodeIgniter-StudentManagementSystem. The affected element is an unknown function of the file /index.php/students/addStudentView of the component Student Management Handler. Executing a manipulation can lead to improper access controls. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This product implemen

CVE-2026-9517

NVD CRITICAL: CVE-2026-8376 — Perl versions through 5.43.10 have a heap buffer overflow when compiling regular...

Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGR

CVE-2026-8376

SME banking platform Relay raises $50m

Relay, a business banking and money management service for SMEs, has secured $50 million in growth investment from General Catalyst.

SmartComply bids to help UK firms reopen African payment corridors

Lagos-based compliance and cybersecurity company SmartComply has launched in the UK, making its AI-powered anti-money laundering platform available to British payment firms serving African markets.

CVE-2026-48172LiteSpeed cPanel Plugin

CISA KEV: LiteSpeed cPanel Plugin — LiteSpeed cPanel Plugin Privilege Escalation Vulnerability

LiteSpeed cPanel Plugin contains privilege escalation vulnerability that is exposed via the user-end cPanel plugin, which can be abused by any cPanel user account to execute arbitrary scripts with root privileges.

May 26, 2026CISA KEV

Kremlin appoints cyber executive with alleged GRU ties to Security Council role

Andrei Kozlov, the former head of a cybersecurity center within Russia’s state-owned defense conglomerate Rostec, was named an aide to Security Council Secretary Sergei Shoigu on Friday.

May 25, 2026The Record

Dutch authorities arrest men suspected of providing infrastructure for Russian cyber operations

Investigators seized more than 800 servers as they arrested two men suspected of violating European sanctions and assisting pro-Russian cyberattacks and disinformation campaigns.

May 25, 2026The Record

MEDIUMData Breach

May 25, 2026Finextra

CVE-2021-21735: ZTE H168N wizard whitelist exposed PPPoE and WLAN secrets pre-auth

[object Object]

CVE-2021-21735

May 25, 2026r/netsec

Microsoft Access files (Microsoft Office&&#x23;x26;&#x23;39;s Database) can contain VBA code.

May 25, 2026SANS ISC

MEDIUMZero Day

⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos

Monday recap. Same mess, new week. A sketchy dev tool got people pwned, old bugs came back from the dead, and security products somehow needed protecting from themselves. A bunch of companies spent the week checking old boxes and forgotten servers they should've patched years ago. Good times. Phishing crews are getting smarter too - less obvious scam junk, more targeted stuff that actually

2 PhaaS 2 Furious: The Evolution of Chinese-language Phishing Services

<div class="block-paragraph_advanced">Written by: Jamie Collier <hr/></div> <div class="block-paragraph_advanced">While Russian-speaking threat actors have historically dominated the phishing-as-a-service (PhaaS) landscape, a rival ecosystem is rapidly growing within the Chinese-language underground. Google Threat Intelligence Group (GTIG) analyzed

May 25, 2026Mandiant

Exploitation of KnowledgeDeliver via ViewState Deserialization Vulnerability

<div class="block-paragraph_advanced">Written by: Takahiro Sugiyama, Peter Revelant, Mathew Potaczek <hr/></div> <div class="block-paragraph_advanced"><h3>Introduction</h3> In late 2025, Mandiant responded to a security incident involving a compromised web server running <a href="https://www.dig

NVD CRITICAL: CVE-2026-9455 — A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This iss...

A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function UploadOpenVpnCert of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. The manipulation of the argument FileName leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

CVE-2026-9455

NVD CRITICAL: CVE-2026-9454 — A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerabilit...

A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setOpenVpnCertGenerationCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument servername can lead to os command injection. The attack may be launched remotely. The exploit has been published and may be used.

CVE-2026-9454

NVD HIGH: CVE-2026-9453 — A vulnerability was detected in FoundDream miniclawd up to 2d65665046e2222eeea76...

A vulnerability was detected in FoundDream miniclawd up to 2d65665046e2222eeea76cafc8570ed546a8c125. This affects the function which of the file /src/application/skills-loader.ts of the component SkillsLoader. Performing a manipulation of the argument requires.bins results in command injection. The attack may be initiated remotely. The exploit is now public and may be used. This product uses a rol

CVE-2026-9453

May 25, 2026DataBreaches.net

PowerSchool’s $17.25 Million Settlement Exposes Years of Student Data Tracking

If you ask most people what breach PowerSchool experienced, their first response might be the 2024 hacking incident that affected tens of millions of students. But even before that breach, there was another significant breach involving PowerSchool that began in 2021. Colin Lee and Koji Edmunds report: In early April, many students across the world... Source

May 25, 2026BleepingComputer

FBI warns of Kali365 phishing service targeting Microsoft 365 accounts

The FBI is warning about the Kali365 phishing-as-a-service platform (PhaaS) that is used to hijack Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass multi-factor authentication (MFA). [...]

AI security needs a shift from models to systems, researchers argue

Enterprises cannot secure AI agents by making the underlying models more robust and must instead enforce security controls at the system level around them, researchers behind a paper published this month argued, warning that traditional AI-security approaches are increasingly misaligned with how autonomous agents actually operate inside enterprise environments. The paper argues that enterprises sh

May 25, 2026CSO Online

Oncology Institute Discloses Data Breach

The affected third-party vendor has not been named, but one possible candidate is TriZetto. The post Oncology Institute Discloses Data Breach appeared first on SecurityWeek .

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks. According to QiAnXin XLab, the activity involves the exploitation of CVE-2026-26980 (CVSS score: 9.4), an SQL injection vulnerability in Ghost's Content API that could allow an unauthenticated attacker to read arbitrary data from the

CVE-2026-26980

As AI speeds coding, CVE Lite CLI keeps security deliberately AI-free

As AI coding assistants accelerate software development, one OWASP-backed open-source project is arguing that dependency security tooling still arrives too late to be truly useful. CVE Lite CLI , a JavaScript and TypeScript dependency vulnerability scanner focused on local lockfile analysis, is positioning itself around a simple idea. Developers should see dependency risks while they are still wri

May 25, 2026CSO Online

The Alert Firehose Finally Meets Its Match

Ask a cybersecurity pro about Network Detection and Response (NDR) and you might still hear "Noisy," "Too much data." But ask the teams running NDR that includes agentic AI capabilities and you'll hear they're actually using it to catch threats earlier, triage faster, and chase fewer false positives. The old complaint lingers in part because reputations are sticky, and because NDR has evolved

266,000 Affected by Data Breach at Radiology Associates of Richmond

Threat actors stole files containing names and protected health information from the healthcare organization’s systems. The post 266,000 Affected by Data Breach at Radiology Associates of Richmond appeared first on SecurityWeek .

NVD HIGH: CVE-2026-9452 — A security vulnerability has been detected in FoundDream miniclawd up to 2d65665...

A security vulnerability has been detected in FoundDream miniclawd up to 2d65665046e2222eeea76cafc8570ed546a8c125. Affected by this issue is the function ExecTool.execute of the file /src/tools/exec.ts. Such manipulation leads to os command injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. This product does not use versioning. This is why info

CVE-2026-9452

NVD HIGH: CVE-2026-9447 — A vulnerability was found in SourceCodester Simple POS and Inventory System 1.0....

A vulnerability was found in SourceCodester Simple POS and Inventory System 1.0. The impacted element is an unknown function of the file /user/search.php. Performing a manipulation of the argument Name results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.

CVE-2026-9447

Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects

Many findings have been confirmed to be critical or high-severity vulnerabilities and the number will continue to increase. The post Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects appeared first on SecurityWeek .

Laravel-Lang Packages Poisoned for Malware Delivery

Published within a 15-minute window, the malicious tags introduced backdoors to exfiltrate CI secrets. The post Laravel-Lang Packages Poisoned for Malware Delivery appeared first on SecurityWeek .

NVD HIGH: CVE-2026-9443 — A security vulnerability has been detected in Edimax BR-6478AC 1.23. This vulner...

A security vulnerability has been detected in Edimax BR-6478AC 1.23. This vulnerability affects the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. The manipulation of the argument L2TPUserName leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about

CVE-2026-9443

NVD HIGH: CVE-2026-9442 — A weakness has been identified in Edimax BR-6478AC 1.23. This affects the functi...

A weakness has been identified in Edimax BR-6478AC 1.23. This affects the function formiNICSiteSurvey of the file /goform/formiNICSiteSurvey of the component POST Request Handler. Executing a manipulation of the argument selSSID can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted

CVE-2026-9442

DocketWise Data Breach Impacts 143,000

Hackers accessed names, addresses, Social Security numbers, financial information, and medical data from third-party partner repositories. The post DocketWise Data Breach Impacts 143,000 appeared first on SecurityWeek .

Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms

Cybersecurity researchers have shed light on a cross-platform malware called RemotePE that has been put to use by the North Korea-linked Lazarus Group in attacks targeting financial and cryptocurrency organizations. RemotePE, per NCC Group subsidiary Fox-IT, is part of a multi-stage attack chain that involves two loaders tracked as DPAPILoader and RemotePELoader. "DPAPILoader decrypts and

May 25, 2026Infosecurity Magazine

LOWPhishing

FBI Warns 'Kali365' Phishing Kit Hijacks Microsoft 365 OAuth Tokens

The Kali365 phishing-as-a-service platform lowers the barrier of entry for cybercriminals, said the FBI

May 25, 2026Infosecurity Magazine

Fake Streams, Counterfeit Merch and Other Scams: How Fraudsters Target F1 Fans

From fake F1 streams to counterfeit merch, fraudsters are exploiting fans online and the Bitdefender Cybersecurity Grand Prix Fan Threat Index details how

NVD CRITICAL: CVE-2026-9436 — A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. The impacted elem...

A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setL2tpServerCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used.

CVE-2026-9436

NVD CRITICAL: CVE-2026-9435 — A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. The affect...

A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setQosCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument enable results in os command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.

CVE-2026-9435

May 25, 2026r/blueteamsec

Fix: CVE-2025-33073 NTLM reflection not exploitable on pre-NT10.0 systems by azoxlpf · Pull Request #1245 · Pennyw0rth/NetExec

[object Object]

CVE-2025-33073

If you were hit by ransomware tomorrow, would you pay to get your data back? That’s what more than half of CISOs in a recent survey said their organization would do. It’s a situation more companies are going to face in future. “Attacks are increasing and continuing to increase,” said Christy Wyatt , CEO of security vendor Absolute Software, which commissioned the survey. “Companies are better prep

May 25, 2026CSO Online

A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Performing a manipulation of the argument enable results in os command injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.

CVE-2026-9405

A vulnerability was found in H3C Magic B0 up to 100R002. This affects the function Edit_BasicSSID_5G of the file /goform/aspForm. Performing a manipulation of the argument param results in buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Weekly Update 505

Well, that didn't last long! Recording this on Saturday morning my time, I observed ShinyHunters having gone quiet since the massive haul that would have been the Instructure ransom. It was two weeks almost to the hour since I'd first heard rumour of payment being made,

May 24, 2026Troy Hunt

NVD HIGH: CVE-2026-9344 — A security vulnerability has been detected in Edimax EW-7438RPn up to 1.31. The ...

A security vulnerability has been detected in Edimax EW-7438RPn up to 1.31. The impacted element is an unknown function of the file /goform/formWpsStart of the component webs. Such manipulation of the argument pinCode/wlan-url leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this

CVE-2026-9344

May 24, 2026NIST NVD

May 23, 2026DataBreaches.net

UK: £355,880.10 confiscation order secured following proceeds of crime hearing

There’s a follow-up to the case of a motor insurance worker who received a suspended prison sentence for unlawfully accessing personal information. On May 21, the Information Commissioner’s Office (ICO) announced that it had secured a £355,880.10 confiscation order against the former Manchester motor insurance worker, Rizwan Manjra. A statement by the ICO indicates that... Source

Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to category.php with UNION-based SQL injection payloads in the id parameter to extract sensitive database information including usernames and other data.

CVE-2018-25340

May 23, 2026DataBreaches.net

Rhode Island’s workers’ compensation notifies those affected by January data breach

Rhode Island residents may understandably wonder about the state’s vendor security monitoring. First, it was the Deloitte and the RIBridges data breach that affected more than 730,000 residents. Now the vendor that administers the state’s workers’ compensation insurance has disclosed a breach affecting 131,000 residents, including 4,500 former and current state employees. Alexand

npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages becoming publicly available for installation. Called staged publishing, the feature is now generally available on npm. It mandates that a human maintainer pass a two-factor authentication (2FA) challenge to approve

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

A new "coordinated" supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a GitHub Releases URL. "Although the affected packages were all Composer packages, the malicious code was not added to composer.json," Socket said. "Instead, it was inserted into package.json, targeting projects that ship JavaScript

Laravel Lang Supply Chain Advisory

Hundreds of historical Laravel Lang Packagist releases were republished with malicious code, putting Composer installs at risk of credential theft and secret exfiltration.

May 23, 2026Snyk

May 23, 2026DataBreaches.net

UK: Victims feel ‘violated’ after water firm’s data breach

Oprah Flash reports: “Violated” and being “unable to trust” have been the feelings plaguing victims of a cyber attack on a Midlands-based water company. The personal data of 633,887 people was stolen and published on the dark web, after South Staffs Water was hacked in 2020. Customers said they faced a deluge of scam emails... Source

May 23, 2026BleepingComputer

Italy disrupts CINEMAGOAL piracy app that stole streaming auth codes

Italian authorities have dismantled a piracy ecosystem centered around the CINEMAGOAL app that provided access to various streaming platforms, including Netflix, Disney+, and Spotify. [...]

NVD HIGH: CVE-2026-46300 — In the Linux kernel, the following vulnerability has been resolved: net: skbuff...

In the Linux kernel, the following vulnerability has been resolved: net: skbuff: preserve shared-frag marker during coalescing skb_try_coalesce() can attach paged frags from @from to @to. If @from has SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same externally-owned or page-cache-backed frags, but the shared-frag marker is currently lost. That breaks the invariant relied on by

CVE-2026-46300

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across some of the most "systemically" important software across the world since the cybersecurity initiative went live last month. Project Glasswing is an effort led by the artificial intelligence (AI) company, as part of which a small set of about 50 partners

‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains

The stealthy vulnerability impacts roughly 88 million domains and can be exploited to bypass DNS filtering and hide command-and-control traffic. The post ‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains appeared first on SecurityWeek .

May 23, 2026SecurityWeek

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing framework. The affected packages include - laravel-lang/lang laravel-lang/http-statuses laravel-lang/attributes laravel-lang/actions "The timing and pattern of the newly published tags

NVD HIGH: CVE-2026-9295 — A security flaw has been discovered in Edimax BR-6428NS 1.10. This affects the f...

A security flaw has been discovered in Edimax BR-6428NS 1.10. This affects the function formWirelessTbl of the file /goform/formWirelessTbl of the component POST Request Handler. Performing a manipulation of the argument vapurl results in buffer overflow. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early ab

CVE-2026-9295

NVD HIGH: CVE-2026-9294 — A vulnerability was identified in Edimax BR-6428NS 1.10. The impacted element is...

A vulnerability was identified in Edimax BR-6428NS 1.10. The impacted element is the function formWanTcpipSetup of the file /goform/formWanTcpipSetup of the component POST Request Handler. Such manipulation of the argument pppUserName leads to buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about thi

CVE-2026-9294

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild. The flaw, tracked as CVE-2026-48172 (CVSS score: 10.0), relates to an instance of incorrect privilege assignment that an attacker could abuse to run arbitrary scripts with elevated permissions. "Any cPanel user (including an attacker or a compromised account) may

CVE-2026-48172

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw impacting Drupal Core to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2026-9082 (CVSS score: 6.5), an SQL injection vulnerability affecting all supported versions of Drupal Core. "Drupal Core

CVE-2026-9082

May 23, 2026Bank Info Security

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/rondodox-botnet-exploits-2018-flaw-in-asus-routers-image_small-3-a-31768.jpg" align=right hspace=4>Botnet Operators Execute First Known Exploit of Nearly Decade-Old Flaw Operators behind a botnet picked up on a nearly decade-old flaw in Asus routers allowing an unauthenticated attacker to achieve remote code execution as

May 23, 2026Bank Info Security

FBI Director’s Former Apparel Brand Hit by Malware

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/fbi-directors-former-apparel-brand-hit-by-malware-image_small-9-a-31767.jpg" align=right hspace=4>Malware Targeted macOS Users Visiting Patel Foundation Merchandise Page Two months after Iran-linked hackers exfiltrated FBI Director Kash Patel's personal email, the government official's name is tangled up in another cyber

CISA to allow researchers to report vulnerabilities to exploited bugs catalog

The Cybersecurity and Infrastructure Security Agency (CISA) announced the creation of a nomination form on Thursday that they said enables “researchers, vendors, and industry partners” to report bugs that need to be added to the Known Exploited Vulnerabilities catalog.

May 23, 2026The Record

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow (out-of-bounds read) in the SampleAuxInfoReader constructor. The SampleAuxInfoReader constructor iterates over saiz->get_num_samples() samples but doesn't validate

[object Object]

CVE-2026-9256

May 22, 2026r/netsec

Metasploit Wrap Up 05/22/2026

Another week, another authentication bypass Our humble Metasploit weekly(ish) blog has been blessed with a new network component vulnerability. The dynamic duo of @sfewer-r7 and @jburgess-r7 have discovered and authored the admin/networking/cisco_sdwan_vhub_auth_bypass module for CVE-2026-20182, a vulnerability gracing the Cisco Catalyst SD-WAN Controller. The devices, whose purpose is to control

Police take down VPN service (this time with a good reason)

European authorities have cracked down on a VPN that has been used for various criminal activities. The operation, led by investigators in France and the Netherlands with help from Europol and Eurojust, has dismantled First VPN, a service that has been heavily promoted within Russia as a way of evading law enforcement. Criminals used it to conceal their identities and infrastructure while carrying

May 22, 2026CSO Online

May 22, 2026Bank Info Security

Water, the Soft Underbelly of Critical Infrastructure

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/water-soft-underbelly-critical-infrastructure-image_small-5-a-31758.jpg" align=right hspace=4>Fragmented Governance and Scarce Resources Make America's Water Sector Vulnerable America's water utilities are the nation's most cyber-vulnerable critical service sector, but their cybersecurity is overseen and supported by an

May 22, 2026Bank Info Security

Everyone Suddenly Wants Claude's Audit Logs

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/everyone-suddenly-wants-claudes-audit-logs-image_small-6-a-31753.jpg" align=right hspace=4>27 Enterprises Integrate Claude's Compliance API More than two dozen enterprise security vendors, including Microsoft, CrowdStrike and Palo Alto Networks, have built integrations with Anthropic's Claude Compliance API, an interface

May 22, 2026DataBreaches.net

Radiology Associates of Richmond discloses second data breach; 266k people affected

On July 1, 2025, Radiology Associates of Richmond (“RAR”) reported a breach to HHS that had occurred in April 2024 and affected more than 1.4 million patients. By the end of July 2025, the well-known radiology practice had experienced a second breach. The second breach, recently reported to the Maine Attorney General’s Office on May... Source

May 22, 2026Krebs on Security

Lawmakers Demand Answers as CISA Tries to Contain Data Leak

Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account. The inquiry comes as CISA is still struggling to contain the breach and invalidate the leaked

May 22, 2026HIPAA Journal

Home Healthcare Agency Owner Facing Decades in Jail for $1.6M Medicare Fraud Scheme

The owner and operator of a Michigan home health care company has been convicted of five counts of healthcare fraud […] The post Home Healthcare Agency Owner Facing Decades in Jail for $1.6M Medicare Fraud Scheme appeared first on The HIPAA Journal .

CRITICALMalware

Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware

The Belarus-aligned threat actor known as Ghostwriter (aka UAC-0057 and UNC1151Ukraine's National Security and Defense Council) has been observed using lures related to Prometheus, a Ukrainian online learning platform, to target government organizations in the country. The activity, per the Computer Emergency Response Team of Ukraine (CERT-UA), involves sending phishing emails to government

May 22, 2026The Hacker News

NVD HIGH: CVE-2022-34363 — Dell Unisphere for PowerMax vApp version prior to 10.0.0.2, contains an authoriz...

Dell Unisphere for PowerMax vApp version prior to 10.0.0.2, contains an authorization bypass vulnerability in the Unisphere for VMAX application running in vApp

CVE-2022-34363

May 22, 2026NIST NVD

NVD HIGH: CVE-2022-31231 — Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identi...

Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management (IAM) module. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to gaining read access to unauthorized data.

NVD HIGH: CVE-2026-5308 — Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11....

Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to enforce request body size limits on plugin HTTP endpoints which allows an attacker to cause a denial of service via crafted oversized HTTP requests.. Mattermost Advisory ID: MMSA-2026-00646

CVE-2026-5308

May 22, 2026NIST NVD

NVD HIGH: CVE-2026-3473 — Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11....

Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate file ownership and access control, which allows an authenticated user to access and download files belonging to other users or teams via crafted Boards API requests using valid file IDs.. Mattermost Advisory ID: MMSA-2026-00620

NVD HIGH: CVE-2026-8679 — The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Re...

The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the handle_playlist_endpoint() function (hooked to template_redirect) accepting a user-controlled playlist ID via the audioigniter_playlist_id query var or the /audioigniter/playlist/{id}/ rewrite rule and returning playlist track data without performing a

CVE-2026-8679

May 22, 2026NIST NVD

May 22, 2026Securelist (Kaspersky)

Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload

The experienced Cloud Atlas group remains active, continuing to target government sectors and diplomatic entities in Russia and Belarus, employing both new and established techniques to maintain persistence in compromised systems.

May 22, 2026BleepingComputer

US and Canada arrest and charge suspected Kimwolf botnet admin

U.S. and Canadian authorities arrested and charged a Canadian man with operating the KimWolf distributed denial-of-service (DDoS) botnet, which infected nearly two million devices worldwide. [...]

CRITICALRansomware

Identity as the primary attack surface: What modern breaches are really exploiting

The “retro” way “The thing about the old days is… they are the old days” – Slim Charles , The Wire Protecting a specified network perimeter was the main focus of enterprise security strategy for several decades. Businesses made significant investments in firewalls, intrusion detection systems, endpoint security and segmentation controls, all of which were built on the premise that an organization

May 22, 2026CSO Online

EBAday 2026 Fintech Zone unveils 16 finalists set to pitch in Copenhagen

After reviewing a strong field of entries from across the fintech landscape, 16 innovative companies have been selected to pitch their solutions live to a panel of judges and senior banking executives at EBAday in Copenhagen, Denmark on 16 and 17 June 2026. Here’s all you need to know about Europe’s most innovative fintech startups and the organisations most likely to shape the future of payments.

May 22, 2026Finextra

May 22, 2026The Hacker News

Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks

The U.S. Department of Justice (DoJ) on Thursday announced the arrest of a Canadian man in connection with allegedly operating a distributed denial-of-service (DDoS) botnet known as Kimwolf. In tandem, Jacob Butler (aka Dort), 23, Ottawa, Canada, has been charged with offenses related to the development and operation of the botnet. Kimwolf is assessed to be a variant of AISURU. "Kimwolf

May 22, 2026WeLiveSecurity (ESET)

Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise

Watch out for bogus World Cup websites that mimic official ticket and merchandise flows to steal money and personal data

TrendAI Patches Apex One Zero-Day Exploited in the Wild

CVE-2026-34926 is a directory traversal flaw that can be exploited against the on-premise version of Apex One. The post TrendAI Patches Apex One Zero-Day Exploited in the Wild appeared first on SecurityWeek .

CVE-2026-34926

May 22, 2026SecurityWeek

Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack

Hackers accessed Grafana’s GitHub repositories after a token compromised in the TanStack attack was not rotated. The post Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack appeared first on SecurityWeek .

May 22, 2026SecurityWeek

Google folds CodeMender into agent ecosystem amid push for AI-led AppSec

Google is expanding the role of its CodeMender security agent from autonomous vulnerability remediation toward a larger agentic development ecosystem, signalling a broader push toward AI-driven AppSec. Months after introducing CodeMender, an AI-powered agent designed to autonomously identify and patch software vulnerabilities, Google is now integrating the technology into its expanding Agent Platf

May 22, 2026CSO Online

China's Webworm Uses Discord, Microsoft Graphs to Hack EU Governments

The advanced persistent threat group also relied on SOCKS proxies like SoftEther VPN, tunneling tools that act as a middleman between victim and attacker.

May 22, 2026Dark Reading

China's Webworm Uses Discord, Microsoft Graphs to Hack EU Govts.

The advanced persistent threat group also relied on SOCKS proxies like SoftEther VPN, tunneling tools that act as a middleman between victim and attacker.

May 22, 2026Dark Reading

How CISOs Should Prep for Agentic-Ready AI BOMs

Finding ways to document both component and execution attributes for AI bill of materials (AI BOM).

May 21, 2026Dark Reading

May 21, 2026Sonatype (Maven/npm)

Hijacked npm Package Attempts to Deliver PolinRider-Linked RAT

<div class="hs-featured-image-wrapper"> <a href="https://www.sonatype.com/blog/hijacked-npm-package-attempts-to-deliver-polinrider-linked-rat" title="" class="hs-featured-image-link"> <img src="https://www.sonatype.com/hubfs/blog_npm_hijack2.jpg" alt="Image with large text at center "npm package hijack" and the Sonatype company name above it." class="hs-featured-image" style="width:auto !important

May 21, 2026r/blueteamsec

NVD HIGH: CVE-2026-47114 — IINA before 1.4.3 contains a user-assisted command execution vulnerability that ...

IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote attackers to execute arbitrary commands by supplying malicious mpv_-prefixed query parameters through the iina://open custom URL scheme handler. Attackers can deliver a crafted URL via a browser that passes unvalidated mpv_options/input-commands parameters into the mpv runtime, causing arbitrary command e

[object Object]

CVE-2026-26980

European authorities take down prolific cybercrime VPN service

Officials arrested the alleged administrator of First VPN, seized its servers and domains. Europol said the service appeared in almost every major recent cybercrime investigation. The post European authorities take down prolific cybercrime VPN service appeared first on CyberScoop .

May 21, 2026CyberScoop

May 21, 2026Schneier on Security

macOS Kernel Memory Corruption Exploit

A group used Anthropic’s Mythos AI model to help find a kernel memory corruption vulnerability and exploit on Apple’s M5. News article .

May 21, 2026r/cybersecurity

CVE-2026-40369: Twelve Bytes to Escape the Browser Sandbox

[object Object]

CVE-2026-40369

CVE-2026-34474: Pre-auth credential disclosure in ZTE H298A / H108N via ETHCheat

[object Object]

CVE-2026-34474

May 21, 2026r/netsec

AI Agents Are Shifting Identity Security Budget Dynamics

AI agent projects are proliferating throughout the enterprise, and those AI agent identities require management, security, and governance. New Omdia research shows the AI agent identity budget dynamics are very different than traditional IAM projects.

May 21, 2026Dark Reading

May 21, 2026Unit 42 (Palo Alto)

The npm Threat Landscape: Attack Surface and Mitigations (Updated May 21)

Unit 42 analyzes npm supply chain evolution post-Shai Hulud. Discover wormable malware, CI/CD persistence, multi-stage attacks and more. The post The npm Threat Landscape: Attack Surface and Mitigations (Updated May 21) appeared first on Unit 42 .

May 21, 2026Infosecurity Magazine

Cybercriminal VPN Dismantled in Europol Crackdown

First VPN, a service used by ransomware actors and fraudsters, was dismantled by Europol

Keys to the Kingdom: Anonymous SQL Injection in Drupal Core (CVE-2026-9082)

[object Object]

NVD HIGH: CVE-2025-13477 — Exposure of private personal information to an unauthorized actor, Insufficientl...

Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations Services Inc. WifiBurada allows Authentication Bypass. This issue affects WifiBurada: through 21052026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-13477

May 21, 2026NIST NVD

May 21, 2026BleepingComputer

Inside a Crypto Drainer: How to Spot it Before it Empties Your Wallet

Modern crypto drainers don't hack wallets. They trick users into approving malicious transactions. Flare explores how the Lucifer DaaS platform scales wallet theft through phishing and automation. [...]