serisec

Category: cyber-security-news

  • VECT 2.0 Ransomware Can Damage Files Its Own Decryptor Cannot Reliably Restore

    VECT 2.0 Ransomware Can Damage Files Its Own Decryptor Cannot Reliably Restore A new ransomware strain called VECT 2.0 is raising serious concerns among security professionals, and for a troubling reason — even if a victim pays the ransom, the attacker’s own decryptor may not fully restore their files. This is not a typical failure…

  • Cisco SD-WAN Vulnerability Exploited in the Wild to Execute Arbitrary Commands as Root User

    Cisco SD-WAN Vulnerability Exploited in the Wild to Execute Arbitrary Commands as Root User Cisco has disclosed a high-severity vulnerability in its Catalyst SD-WAN Manager that is actively being exploited in the wild, allowing attackers to execute arbitrary commands with root privileges. The issue, tracked as CVE-2026-20245, carries a CVSS score of 7.8 and stems…

  • Let’s Encrypt Unveils Merkle Tree Certificates to Secure the Web Against Quantum Threats

    Let’s Encrypt Unveils Merkle Tree Certificates to Secure the Web Against Quantum Threats Let’s Encrypt has announced its roadmap for post-quantum Web PKI, centering on a novel approach called Merkle Tree Certificates (MTCs), a design that delivers quantum-resistant authentication without bloating TLS handshakes or breaking the web’s performance expectations. Traditional X.509 certificate chains require significant…

  • Microsoft Edge Vulnerability Allows Remote Attackers to Execute Arbitrary Code

    Microsoft Edge Vulnerability Allows Remote Attackers to Execute Arbitrary Code Microsoft has released a security update addressing a critical vulnerability in Microsoft Edge that could allow remote attackers to execute arbitrary code on vulnerable systems. Tracked as CVE-2026-45495 and reported by Orange Tsai of DEVCORE, the flaw carries a CVSS v3 score of 7.5 and…

  • Dashlane Details How Hackers Managed to Download Encrypted Password Vaults

    Dashlane Details How Hackers Managed to Download Encrypted Password Vaults Dashlane has disclosed that threat actors successfully brute-forced two-factor authentication (2FA) protections to register unauthorized devices and download encrypted password vaults belonging to fewer than 20 personal plan users, with a completed investigation confirming no broader impact on its internal systems. Beginning Sunday, May 31,…

  • Acer Working to Patch Wave 7 Router 0-day Vulnerability

    Acer Working to Patch Wave 7 Router 0-day Vulnerability Acer is preparing a firmware update to address a critical zero-day vulnerability affecting its Wave 7 routers, following disclosure by independent security researcher Gergo Pap. The issue affects devices running firmware versions earlier than and poses a significant risk due to unauthenticated remote exploitation. According to…

  • Fake Claude Code Installer Via Google Sites Deliver Credential-Stealing Malware

    Fake Claude Code Installer Via Google Sites Deliver Credential-Stealing Malware Cybercriminals have found a new and clever way to exploit the growing popularity of AI developer tools. A recently identified campaign uses fake pages mimicking Claude Code and OpenAI Codex, hosted on trusted Google Sites infrastructure, to trick users into running commands that quietly steal…

  • Bots Surpass Humans in Global Web Traffic for the First Time in Internet History

    Bots Surpass Humans in Global Web Traffic for the First Time in Internet History For the first time ever, automated bots have officially overtaken human users in global internet traffic, and the shift is accelerating faster than even industry leaders predicted. Bots Surpass Humans in Web Traffic According to data from Cloudflare Radar, bots now…

  • Microsoft Unveils Always-On AI Agent Scout to Integrate With Teams, Outlook, and More

    Microsoft Unveils Always-On AI Agent Scout to Integrate With Teams, Outlook, and More Microsoft has officially introduced Microsoft Scout, its first-ever “Autopilot” AI agent, a persistent, always-on autonomous assistant designed to operate continuously across Microsoft 365 apps without waiting to be prompted. Unveiled at Microsoft Build 2026 on June 2, Scout represents a fundamental shift…

  • New Google Gemini Vulnerability Exploited via Prompt Injections from WhatsApp, Slack, and SMS

    New Google Gemini Vulnerability Exploited via Prompt Injections from WhatsApp, Slack, and SMS A new class of indirect prompt injection (IPI) attacks targets Google Gemini’s voice assistant, allowing attackers to silently hijack the AI through malicious payloads delivered via everyday messaging apps, including WhatsApp, Slack, Signal, SMS, Instagram, and Messenger. The research, led by Or…

  • HTTP/2 Bomb — Remote DoS Exploit Hits nginx, Apache, IIS, Envoy, and Cloudflare Pingora

    HTTP/2 Bomb — Remote DoS Exploit Hits nginx, Apache, IIS, Envoy, and Cloudflare Pingora A newly disclosed remote denial-of-service exploit dubbed “HTTP/2 Bomb” targets the default HTTP/2 configurations of the world’s most widely deployed web servers, nginx, Apache httpd, Microsoft IIS, Envoy, and Cloudflare Pingora, enabling a single attacker on a home internet connection to…

  • 1-Click GitHub Token Vulnerability Lets Attackers Steal Users’ OAuth Tokens

    1-Click GitHub Token Vulnerability Lets Attackers Steal Users’ OAuth Tokens A critical security vulnerability in Visual Studio Code’s webview implementation allows attackers to steal GitHub OAuth tokens, including read/write access to private repositories, simply by tricking a victim into clicking a single malicious link. The bug was publicly disclosed on June 2, 2026, by security…

  • WordPress Malware Abuses Steam Community Profiles for C2 Operations

    WordPress Malware Abuses Steam Community Profiles for C2 Operations A newly discovered malware campaign targeting WordPress websites has raised serious concerns across the web security community. Attackers behind this campaign are using an unexpected method to communicate with infected sites, hiding command instructions inside Steam Community profile comments and turning a popular gaming platform into…

  • Threat Actor Uses Stolen Gemini API Keys to Automate Telegram Influence Campaign

    Threat Actor Uses Stolen Gemini API Keys to Automate Telegram Influence Campaign A single threat actor has been running a fake political persona on Telegram for five years, quietly building an audience of over 17,000 subscribers while using stolen AI credentials to power the entire operation. What looks like an American patriot channel is actually…

  • Attackers Abuse AWS, Google Cloud, Cloudflare, and Microsoft Services to Hide Malicious Traffic

    Attackers Abuse AWS, Google Cloud, Cloudflare, and Microsoft Services to Hide Malicious Traffic Cybercriminals are increasingly weaponizing trusted cloud infrastructure, including Amazon Web Services, Google Cloud, Microsoft Azure, Cloudflare, and GitHub, to camouflage malicious traffic, evade detection, and sustain long-lived Command and Control (C2) operations. A recent threat intelligence investigation using ANY.RUN’s Threat Intelligence (TI)…

  • Nimbus Manticore APT Abuses Fake Recruitment Portal to Deliver Custom Malware

    Nimbus Manticore APT Abuses Fake Recruitment Portal to Deliver Custom Malware A state-linked hacking group has been caught running a carefully crafted fake recruitment operation to push custom malware onto unsuspecting victims. The group, known as Nimbus Manticore and also tracked as UNC1549 and Smoke Sandstorm, has a long history of targeting professionals in the…

  • Android 0-Day Vulnerability Exploited in Attacks to Gain Complete Device Control

    Android 0-Day Vulnerability Exploited in Attacks to Gain Complete Device Control A critical Android zero-day vulnerability is being actively exploited in targeted attacks, allowing threat actors to gain near-complete control over affected devices without any user interaction. The flaw, tracked as CVE-2025-48595, was highlighted in the June 2026 Android Security Bulletin, where Google confirmed limited…

  • Critical StrongDM Vulnerability Allows Attackers to Steal and Reuse Authentication

    Critical StrongDM Vulnerability Allows Attackers to Steal and Reuse Authentication A critical authentication flaw in StrongDM’s desktop application has been identified that allows attackers to hijack user sessions by reusing locally stored authentication material, potentially exposing sensitive enterprise infrastructure. The issue, tracked as CVE-2026-4387, was discovered by SpecterOps during a security assessment and has been…

  • Dashlane Password Manager User Accounts Locked Following Brute-Force Attacks

    Dashlane Password Manager User Accounts Locked Following Brute-Force Attacks Dashlane has disclosed a security incident involving a large-scale brute-force attack targeting user accounts, beginning on May 31, 2026. According to the company, an external threat actor attempted to bypass two-factor authentication (2FA) protections by repeatedly guessing authentication codes to register unauthorized devices on victims’ accounts.…

  • Gamaredon APT Hides Malware in Windows Features and Abuses Cloud Platforms for C2

    Gamaredon APT Hides Malware in Windows Features and Abuses Cloud Platforms for C2 Gamaredon, a Russian state-backed espionage group, is deploying a new VBScript worm that hides inside native Windows features while using popular cloud services as covert command-and-control (C2) channels in an ongoing campaign against Ukrainian targets. The operation showcases a modular toolset built…

  • Microsoft Tightens Entra ID Password Resets With New Authentication Change

    Microsoft Tightens Entra ID Password Resets With New Authentication Change Microsoft has announced a significant security update to its Entra ID Self-Service Password Reset (SSPR) feature, introducing stricter authentication requirements designed to reduce identity-based attacks. The update mandates the use of explicitly registered authentication methods, removing reliance on directory-stored contact information that has not been…

  • Famous Chollima Hackers Target PHP Developers Using Compromised Packagist Package

    Famous Chollima Hackers Target PHP Developers Using Compromised Packagist Package A well-known North Korean threat actor has been caught hiding malware inside a legitimate PHP package available through Packagist, the main package repository for PHP projects. The attack takes direct aim at software developers, disguising a dangerous payload as a routine configuration file. This kind…

  • Hackers Attacking Signal Users to Steal Backups in New Wave of Attacks

    Hackers Attacking Signal Users to Steal Backups in New Wave of Attacks A new wave of phishing attacks is targeting users of Signal, the encrypted messaging app trusted by journalists, activists, and privacy-conscious individuals worldwide. Hackers are impersonating Signal’s support team and tricking users into handing over their backup recovery keys, which can unlock entire…

  • Microsoft Clarifies It Won’t Sue Security Researchers Amid Nightmare-Eclipse Controversy

    Microsoft Clarifies It Won’t Sue Security Researchers Amid Nightmare-Eclipse Controversy Microsoft has clarified its stance, reducing perceived legal threats and reaffirming its commitment to coordinated vulnerability disclosure, following significant backlash from the security research community. In a carefully worded statement released in late May 2026, Microsoft’s Security Response Center (MSRC) moved to defuse a growing crisis over…

  • Instagram Meta AI Vulnerability Allegedly Enables Password Reset for Accounts

    Instagram Meta AI Vulnerability Allegedly Enables Password Reset for Accounts A critical flaw in Meta’s AI-powered account recovery tool on Instagram allowed attackers to hijack high-value accounts by tricking the chatbot into forwarding password reset codes with no verification required. Security researchers ZachXBT and Dark Web Informer were among the first to publicly expose the…

  • Microsoft Releases KB5089573 for Windows 11 to Fix Patch Tuesday Install Issues

    Microsoft Releases KB5089573 for Windows 11 to Fix Patch Tuesday Install Issues Microsoft has rolled out a new cumulative update, KB5089573, for Windows 11 versions 25H2 and 24H2, targeting a critical installation failure that affected users following the May 2026 Patch Tuesday release. The update brings OS builds to 26200.8524 and 26100.8524, respectively, resolving a…

  • GitLab Patches Multiple Duo AI, DoS, and Authorization Flaws in Community and Enterprise Edition

    GitLab Patches Multiple Duo AI, DoS, and Authorization Flaws in Community and Enterprise Edition GitLab has released emergency security updates for both Community Edition (CE) and Enterprise Edition (EE), addressing multiple Duo AI, denial‑of‑service, and authorization flaws in recent versions of the platform. On May 27, 2026, GitLab shipped versions 19.0.1, 18.11.4, and 18.10.7 as…

  • Pentest Swarm AI Tool With Live Access to nmap, sqlmap, Burp, Metasploit, and Others

    Pentest Swarm AI Tool With Live Access to nmap, sqlmap, Burp, Metasploit, and Others Pentest Swarm AI is the first open-source autonomous penetration testing platform built on a swarm intelligence architecture, not just multiple agents firing in a fixed sequence. Developed by Armur AI, it gives security professionals live, coordinated access to the full offensive…

  • Google Chrome’s Device-Bound Session Credentials Now GA to Block Account Takeovers

    Google Chrome’s Device-Bound Session Credentials Now GA to Block Account Takeovers Google has officially moved Device Bound Session Credentials (DBSC) to general availability in the Chrome browser on Windows, delivering a powerful defense against one of the most persistent threats in modern cybersecurity session cookie theft. Previously available in beta for Google Workspace users, DBSC…

  • GREYVIBE Hackers Leverage ChatGPT and Google Gemini to Fuel Cyberattacks

    GREYVIBE Hackers Leverage ChatGPT and Google Gemini to Fuel Cyberattacks GREYVIBE hackers are increasingly leveraging generative AI tools such as ChatGPT and Google Gemini to enhance cyberattack operations. The campaign, active since at least August 2025, primarily targets Ukraine and related entities across the government, military, and civilian sectors, highlighting a growing convergence between artificial…

  • Palo Alto Networks PAN-OS Authentication Vulnerability Bypass Exploited in the Wild

    Palo Alto Networks PAN-OS Authentication Vulnerability Bypass Exploited in the Wild Palo Alto Networks authentication bypass vulnerability, CVE-2026-0257, affecting PAN-OS and Prisma Access, is now being actively exploited in the wild, with CISA adding it to the Known Exploited Vulnerabilities (KEV) catalog on May 29, 2026. Palo Alto Networks published its security advisory on May…

  • Post-quantum cryptography is not the future. It is your current reality.  

    Post-quantum cryptography is not the future. It is your current reality.   For most of the last decade, post-quantum cryptography lived in a particular kind of conversation. It came up at security conferences. It appeared in NIST press releases. CISOs nodded politely when it surfaced in briefings, filed it under “things to deal with eventually,” and moved…

  • Ransomware Uses SYSTEM Scheduled Task to Encrypt Local Drives With Elevated Privileges

    Ransomware Uses SYSTEM Scheduled Task to Encrypt Local Drives With Elevated Privileges A newly analyzed ransomware strain called The Gentlemen is raising serious alarms across the cybersecurity community. Built in the Go programming language and obfuscated with a tool called Garble, it combines powerful per-file encryption with an aggressive ability to spread itself silently across…

  • Malicious RVTools Installer Abuses Sectigo Certificate to Bypass SmartScreen Warnings

    Malicious RVTools Installer Abuses Sectigo Certificate to Bypass SmartScreen Warnings A trusted tool for VMware administrators has been weaponized. Attackers built a fake version of RVTools, a widely used utility for managing virtual infrastructure, and disguised it with a real digital certificate to slip past Windows security warnings without raising a flag. RVTools is a…

  • Critical Samba Vulnerability Enables Remote Code Execution Attacks

    Critical Samba Vulnerability Enables Remote Code Execution Attacks A critical vulnerability in the Samba printing subsystem, tracked as CVE-2026-4480, has been disclosed, allowing unauthenticated attackers to achieve remote code execution (RCE) on affected systems. The flaw carries a maximum CVSS v3.1 score of 10.0, highlighting its severe impact and ease of exploitation. Samba, widely used…

  • Google Patches 151 Vulnerabilities in Chrome, Including 22 Critical Ones

    Google Patches 151 Vulnerabilities in Chrome, Including 22 Critical Ones Google has pushed a major Chrome Stable update that fixes 151 security flaws, including 22 critical vulnerabilities affecting core graphics, networking, media, and UI components across Windows, macOS, and Linux. The Stable channel has been updated to version 148.0.7778.216/217 for Windows, 148.0.7778.215/216 for macOS, and…

  • Google Employee Charged for Making $1.2 Million With Confidential Information

    Google Employee Charged for Making $1.2 Million With Confidential Information A Google software engineer has been charged in the United States for allegedly using confidential internal data to generate more than $1.2 million in profits through prediction market trading. The case highlights growing concerns around insider threats and misuse of privileged access in large technology…

  • VS Code Remote-SSH RCE Lets Attackers Pivot From Developer Machines to Cloud Servers

    VS Code Remote-SSH RCE Lets Attackers Pivot From Developer Machines to Cloud Servers A newly disclosed vulnerability in Visual Studio Code’s Remote-SSH extension exposes a critical post-compromise attack path that allows threat actors to pivot from infected developer machines into cloud and production environments. Given the extension’s widespread adoption across modern development workflows, the issue…

  • Veeam Backup & Replication Tool Vulnerability Enables Privilege Escalation Attacks

    Veeam Backup & Replication Tool Vulnerability Enables Privilege Escalation Attacks Veeam has addressed a high-severity vulnerability in its Backup & Replication platform that could enable attackers to escalate privileges and gain deeper access to enterprise systems. The issue impacts Veeam Backup & Replication version 13.0.1.2067 and all earlier version 13 builds, prompting urgent patching recommendations…

  • Microsoft Warns Public Release of Zero-Day Details Before Vendor Coordination

    Microsoft Warns Public Release of Zero-Day Details Before Vendor Coordination Microsoft has issued a strong warning after multiple zero-day vulnerabilities were publicly disclosed without prior coordination, raising concerns about increased risk to users and enterprise environments. The company stated that recent disclosures exposed critical security flaws before patches were available, giving threat actors a potential…

  • Critical Notepad++ Vulnerabilities Allow Attackers to Execute Arbitrary Code

    Critical Notepad++ Vulnerabilities Allow Attackers to Execute Arbitrary Code Notepad++, one of the most widely used open-source text editors for Windows, has released an urgent security update addressing three vulnerabilities, including two arbitrary code execution flaws that could allow attackers to silently run malicious programs on a victim’s machine. The Notepad++ development team released version…

  • Silent Ransom Group Targets Law Firms With IT Support Impersonation Attacks

    Silent Ransom Group Targets Law Firms With IT Support Impersonation Attacks A threat group known as the Silent Ransom Group is actively targeting US-based law firms using a bold and deceptive social engineering playbook. Rather than deploying ransomware in the traditional sense, this group goes straight for the data and then turns it into a…

  • SBI Warns of Scammers are Sending Fake Messages Claiming Your YONO App Will be Deactivated

    SBI Warns of Scammers are Sending Fake Messages Claiming Your YONO App Will be Deactivated A new wave of social engineering attacks is targeting millions of State Bank of India customers across the country. Fraudsters are sending fake messages warning users that their YONO banking app will be deactivated unless they update their Aadhaar number…

  • Apple’s New Anti-Snatching Feature Will Auto-Lock iPhones When Stolen From Your Hand

    Apple’s New Anti-Snatching Feature Will Auto-Lock iPhones When Stolen From Your Hand Apple is reportedly developing a new iPhone security feature designed to automatically lock the device the moment it detects a theft-in-progress, a significant upgrade to the company’s existing anti-theft protections that could close one of the most dangerous gaps in mobile security today.…

  • Developer-Targeting Glassworm Malware Abuses npm, PyPI, OpenVSX, and GitHub

    Developer-Targeting Glassworm Malware Abuses npm, PyPI, OpenVSX, and GitHub A dangerous malware campaign known as Glassworm has been spreading through the tools that software developers trust most every day. By abusing popular platforms like npm, PyPI, OpenVSX, and GitHub, the attackers have turned routine development workflows into entry points for data theft, credential harvesting, and…

  • Attackers Abuse Open RDP Ports to Gain Initial Access Into Business Networks

    Attackers Abuse Open RDP Ports to Gain Initial Access Into Business Networks There is a decades-old misconfiguration sitting quietly inside countless business networks, and attackers are still making full use of it. Remote Desktop Protocol, or RDP, allows users to connect to and control a computer remotely over a network. When its default port, 3389,…

  • New 0-Click WhatsApp Account Takeover Attack Targeting iOS 16 Users

    New 0-Click WhatsApp Account Takeover Attack Targeting iOS 16 Users A new 0-Click WhatsApp Account Takeover Attack Targeting iOS 16 Users is raising serious concerns after multiple iPhone users reported their accounts being hijacked without any interaction, warnings, or visible linked devices. According to a recent forensic investigation by the Italian security firm Forenser, attackers…

  • GitLab Suspends Windows Exploit Researcher Nightmare-Eclipse After GitHub Ban

    GitLab Suspends Windows Exploit Researcher Nightmare-Eclipse After GitHub Ban The anonymous researcher known as Nightmare-Eclipse has been blocked from two major code-hosting platforms in less than a week, as their disruptive public zero-day campaign against Microsoft draws serious real-world consequences. GitLab moved to suspend the account of security researcher Nightmare-Eclipse on May 26, 2026, just…

  • Phishing Services Use RCS and iMessage to Bypass Traditional SMS Security Filters

    Phishing Services Use RCS and iMessage to Bypass Traditional SMS Security Filters A new wave of phishing operations is quietly changing the way cybercriminals steal financial data from everyday people. Rather than relying on traditional SMS messages that carriers can easily flag and block, threat actors are now using encrypted messaging channels like Rich Communication…

  • Payload Ransomware Uses ChaCha20 and Curve25519 ECDH to Encrypt Windows Files

    Payload Ransomware Uses ChaCha20 and Curve25519 ECDH to Encrypt Windows Files A dangerous new ransomware strain called Payload has been quietly building a global victim list since it first appeared in February 2026. The group launched its leak site with a high-profile target and has since expanded operations across Egypt, Mexico, Poland, and beyond. What…

  • PuTTY 0.84 Released With Fix for SSH KEX Crashes and Telnet Prompt Spoofing Flaw

    PuTTY 0.84 Released With Fix for SSH KEX Crashes and Telnet Prompt Spoofing Flaw PuTTY 0.84 has been released with fixes for multiple minor security flaws, including issues that could trigger SSH key exchange crashes and a Telnet prompt spoofing weakness. While these vulnerabilities are considered low severity, they highlight how even small flaws in…

  • New 7-Zip Vulnerabilities Let Attackers Execute Arbitrary Code and Compromise Systems

    New 7-Zip Vulnerabilities Let Attackers Execute Arbitrary Code and Compromise Systems A critical heap buffer overflow vulnerability has been disclosed in 7-Zip version 26.00, enabling attackers to achieve arbitrary code execution via a vtable hijack by exploiting a defect in the tool’s NTFS archive handler. Tracked as CVE-2026-48095 and assigned advisory GHSL-2026-140, the flaw resides…

  • Anthropic’s Restricted Claude Mythos Moves Toward Public Release via Claude Code and Security

    Anthropic’s Restricted Claude Mythos Moves Toward Public Release via Claude Code and Security Anthropic appears to be loosening its grip on Claude Mythos, the company’s most powerful and previously restricted AI model, with new signals pointing to a commercially versioned release under the name Mythos 1 (claude-mythos-1-preview), integrated directly into Claude Code and a revamped…

  • MiniUpdate RAT Uses Azure-Hosted C2 Domains for Targeted Espionage Campaigns

    MiniUpdate RAT Uses Azure-Hosted C2 Domains for Targeted Espionage Campaigns A new wave of targeted espionage attacks has put technology professionals across the United States, Israel, and the United Arab Emirates on high alert. The threat comes from an Iran-linked hacking group deploying two families of remote access trojans through cleverly disguised recruitment lures and…

  • WhatsApp Chat Histories Stored Unencrypted on macOS and iOS

    WhatsApp Chat Histories Stored Unencrypted on macOS and iOS Security researchers have revealed that WhatsApp chat histories may be stored unencrypted on both macOS and iOS devices, raising fresh concerns about local data protection and cross-application access within the Apple ecosystem. The issue, highlighted by iOS security researchers at Mysk, centers on how WhatsApp stores…

  • Authorities Seized 800 Servers of Hosting Company Used to Launch Cyberattacks

    Authorities Seized 800 Servers of Hosting Company Used to Launch Cyberattacks Dutch authorities have seized more than 800 servers and arrested two individuals as part of a major investigation into a hosting infrastructure allegedly used to support cyberattacks, disinformation campaigns, and sanctions evasion linked to Russia. The Fiscal Information and Investigation Service (FIOD) confirmed that…

  • CISA Warns of Drupal Core SQL Injection Vulnerability Exploited in Attacks

    CISA Warns of Drupal Core SQL Injection Vulnerability Exploited in Attacks CISA has issued an urgent alert regarding a critical SQL injection vulnerability in Drupal Core, tracked as CVE-2026-9082, which is now being actively exploited in real-world attacks. The flaw, classified under CWE-89, affects Drupal’s database abstraction API and could allow attackers to execute malicious…

  • GitHub Adds Staged Publishing to npm to Block Automated Supply Chain Attacks

    GitHub Adds Staged Publishing to npm to Block Automated Supply Chain Attacks GitHub has introduced a major security upgrade to the npm ecosystem with the general availability of staged publishing and new install-time controls, aimed at reducing automated supply chain attacks targeting open-source packages. The newly released staged publishing feature changes how npm packages are…

  • PyrsistenceSniper – Tool that Detects 117 Persistence Malware Techniques on Windows, Linux, and macOS

    PyrsistenceSniper – Tool that Detects 117 Persistence Malware Techniques on Windows, Linux, and macOS PyrsistenceSniper is an advanced tool for detecting offline persistence, enabling cybersecurity analysts to identify 117 separate persistence mechanisms across Windows, Linux, and macOS platforms. Originally inspired by Autoruns and PersistenceSniper, this Python-based solution developed by Hexastrike enables rapid triage of forensic…

  • Nginx-poolslip Vulnerability Enables DoS and Code Execution Attacks — Patch Now!

    Nginx-poolslip Vulnerability Enables DoS and Code Execution Attacks — Patch Now! A newly disclosed flaw in one of the world’s most widely deployed web servers is forcing administrators into another emergency patch cycle. Tracked as CVE-2026-9256 and publicly nicknamed nginx-poolslip, the vulnerability affects both NGINX Plus and NGINX Open Source, and can be triggered by…

  • Hackers Exploit F5 BIG-IP Appliance to Gain SSH Access and Pivot Into Enterprise Linux Networks

    Hackers Exploit F5 BIG-IP Appliance to Gain SSH Access and Pivot Into Enterprise Linux Networks A multi-stage intrusion attack where a threat actor exploited an internet-facing F5 BIG-IP edge appliance as the entry point for a widespread, identity-focused attack that ultimately accessed Active Directory. According to Microsoft’s Defender Security Research, the attack reflects a growing…

  • Hackers Compromised 233 Versions of Laravel-Lang Packages by Hacking 700 GitHub Repos

    Hackers Compromised 233 Versions of Laravel-Lang Packages by Hacking 700 GitHub Repos A highly sophisticated supply chain attack has compromised the Laravel-Lang ecosystem, injecting credential-stealing remote code execution backdoors into 233 package versions across 700 GitHub repositories. Discovered in May 2026 by Socket and Aikido, threat actors manipulated GitHub tags to distribute malware through Composer’s…

  • Anthropic’s Claude Mythos Preview Uncovers 10,000+ 0-Days in Project Glasswing

    Anthropic’s Claude Mythos Preview Uncovers 10,000+ 0-Days in Project Glasswing Anthropic has revealed the staggering initial results of Project Glasswing, a collaborative cybersecurity initiative designed to secure critical infrastructure using advanced AI before malicious actors can exploit it. In its first month, the project leveraged the unreleased Claude Mythos Preview model to autonomously discover over…

  • Hackers Abuse Middle East Telecom Networks for Large-Scale Command-and-Control Operations

    Hackers Abuse Middle East Telecom Networks for Large-Scale Command-and-Control Operations Hackers are using telecom networks and hosting providers across the Middle East as a foundation for massive command-and-control operations, turning trusted infrastructure into a launchpad for cyberattacks. A newly released threat intelligence report reveals that more than 1,350 active command-and-control (C2) servers were identified across…

  • World Cup Phishing Campaign Nearly Triples With 203 Unique IP Addresses

    World Cup Phishing Campaign Nearly Triples With 203 Unique IP Addresses A large-scale phishing campaign targeting the 2026 FIFA World Cup has grown far beyond what security researchers originally thought. What began as a documented set of 79 fraudulent domains has ballooned into a network of at least 222 domains spread across 203 unique IP…

  • Russian Threat Groups Use RDP, VPN, Supply Chain Attacks, and Social Engineering for Initial Access

    Russian Threat Groups Use RDP, VPN, Supply Chain Attacks, and Social Engineering for Initial Access Russian state-sponsored threat groups significantly stepped up their cyber operations in 2025, using a range of methods to break into targeted systems. From exploiting remote desktop tools and virtual private networks to manipulating trusted supply chains and deceiving employees through…

  • Splunk Patches Multiple Vulnerabilities that Enable DOS Attack and Exposes Sensitive Data

    Splunk Patches Multiple Vulnerabilities that Enable DOS Attack and Exposes Sensitive Data Splunk has released security updates addressing multiple vulnerabilities across Splunk Enterprise, Splunk Cloud Platform, and the Splunk AI Toolkit that could lead to denial-of-service (DoS) conditions and exposure of sensitive data. The issues, disclosed on May 20, 2026, include three tracked vulnerabilities: CVE-2026-20238,…

  • CISA Warns of Trend Micro Apex One Vulnerability Exploited in Attacks

    CISA Warns of Trend Micro Apex One Vulnerability Exploited in Attacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Trend Micro Apex One to its Known Exploited Vulnerabilities (KEV) catalog, warning organizations of active exploitation risks. The flaw, tracked as CVE-2026-34926, affects on-premise deployments of Trend Micro Apex One…

  • FBI Warns of Kali365 Attacking Microsoft 365 Users to Steal Logins and Bypass MFA

    FBI Warns of Kali365 Attacking Microsoft 365 Users to Steal Logins and Bypass MFA The FBI has issued a new cybersecurity warning about a rapidly emerging phishing-as-a-service (PhaaS) platform named Kali365, which is actively targeting Microsoft 365 users to steal access tokens and bypass multi-factor authentication (MFA). Kali365 is being distributed primarily through Telegram channels,…

  • Hackers Use Hugging Face to Host Second-Stage Malware for npm Supply Chain Attack

    Hackers Use Hugging Face to Host Second-Stage Malware for npm Supply Chain Attack Hackers have found a new and alarming way to weaponize one of the most trusted platforms in the AI world. A threat actor linked to North Korea has embedded second-stage malware inside Hugging Face, the widely used AI and machine learning hub,…

  • Google Publishes Exploit Code for Unfixed Chromium Bug Exposing Millions of Users

    Google Publishes Exploit Code for Unfixed Chromium Bug Exposing Millions of Users Google has publicly released proof-of-concept (PoC) exploit code for a critical, still-unpatched vulnerability in the Chromium codebase, potentially exposing millions of users across Chrome, Microsoft Edge, and other Chromium-based browsers to stealthy botnet-style abuse. The vulnerability, originally reported in late 2022 by independent…

  • Nine-year-old Linux Kernel Vulnerability Let Attackers Exfiltrate SSH Private Keys

    Nine-year-old Linux Kernel Vulnerability Let Attackers Exfiltrate SSH Private Keys A newly disclosed Linux kernel vulnerability, tracked as CVE-2026-46333, exposes a serious local privilege escalation flaw that has remained undetected for nearly nine years. Security researchers at the Qualys Threat Research Unit (TRU) revealed that the issue allows attackers to exfiltrate sensitive data, including SSH…

  • New Microsoft Defender 0‑Days Actively Exploited in the Wild

    New Microsoft Defender 0‑Days Actively Exploited in the Wild Two newly disclosed Microsoft Defender vulnerabilities are being actively exploited in the wild, enabling local attackers to elevate privileges to SYSTEM and potentially disrupt endpoint protection across Windows environments. The bugs, tracked as CVE‑2026‑41091 (Elevation of Privilege) and CVE‑2026‑45498 (Denial of Service), were published on May…

  • BadIIS Malware Turns Hijacks IIS Servers and Redirect Users to Illicit Sites

    BadIIS Malware Turns Hijacks IIS Servers and Redirect Users to Illicit Sites A dangerous piece of malware known as BadIIS has been actively targeting Internet Information Services (IIS) web servers, quietly hijacking them and redirecting unsuspecting visitors to illegal gambling sites, adult content platforms, and other illicit destinations. The attacks have been going on for…

  • Critical Cisco Secure Workload Vulnerability Enables Unauthorized API Access

    Critical Cisco Secure Workload Vulnerability Enables Unauthorized API Access Cisco has disclosed a critical security vulnerability in its Secure Workload platform that could allow unauthenticated attackers to gain unauthorized access to sensitive resources via internal APIs. The flaw, tracked as CVE-2026-20223, carries a maximum CVSS score of 10.0 and is categorized under CWE-306 (Missing Authentication…

  • Critical Drupal Core Security Vulnerability Exposes Websites to Cyberattack

    Critical Drupal Core Security Vulnerability Exposes Websites to Cyberattack A highly critical security vulnerability in Drupal core is set to impact websites worldwide, with the official security release scheduled for May 20, 2026. The vulnerability has been assigned a “Highly Critical” severity rating (20/25), indicating potential risks to confidentiality and integrity across affected systems. While…

  • Microsoft Releases Mitigation for Windows BitLocker Security Bypass 0-Day Vulnerability

    Microsoft Releases Mitigation for Windows BitLocker Security Bypass 0-Day Vulnerability Microsoft has disclosed a critical zero-day vulnerability in Windows BitLocker, tracked as CVE-2026-45585, that allows threat actors with physical access to bypass full-disk encryption entirely, potentially exposing sensitive data within minutes. The flaw was publicly disclosed on May 19, 2026, and while no active exploitation…

  • New NGINX Vulnerability Allow Remote Attackers to Trigger Malicious Code

    New NGINX Vulnerability Allow Remote Attackers to Trigger Malicious Code A new vulnerability in NGINX JavaScript (njs), tracked as CVE‑2026‑8711, allows unauthenticated remote attackers to trigger a heap‑based buffer overflow that can lead to denial‑of‑service and, in some conditions, remote code execution in the NGINX worker process. The flaw is tied to how the js_fetch_proxy…

  • Fox Tempest Malware-Signing Service Abused Microsoft Artifact Signing to Certify Malware

    Fox Tempest Malware-Signing Service Abused Microsoft Artifact Signing to Certify Malware A financially motivated threat actor known as Fox Tempest has been operating a sophisticated malware-signing-as-a-service (MSaaS) platform that abused Microsoft’s Artifact Signing infrastructure to generate trusted digital signatures for malicious code. This activity enabled cybercriminals to bypass security controls and distribute malware that appeared…

  • GitHub Hacked – Internal Source Code Repositories Compromised via Employee Device

    GitHub Hacked – Internal Source Code Repositories Compromised via Employee Device GitHub has confirmed unauthorized access to its internal repositories after detecting a compromised employee device infected through a malicious Visual Studio Code extension, the company disclosed in a series of official statements on May 20, 2026. The Microsoft-owned code hosting platform said it identified…

  • PoC Exploit Released for 20-Year Old PostgreSQL RCE Vulnerability

    PoC Exploit Released for 20-Year Old PostgreSQL RCE Vulnerability A proof-of-concept (PoC) exploit has been publicly released for CVE-2026-2005, a critical remote code execution (RCE) vulnerability affecting PostgreSQL’s pgcrypto extension. The flaw, rooted in legacy code dating back nearly two decades, highlights the long-standing risks associated with memory handling issues in widely deployed database systems.…

  • Hackers Compromise @antv Packages in Mini Shai-Hulud npm Attack Wave

    Hackers Compromise @antv Packages in Mini Shai-Hulud npm Attack Wave A sweeping supply chain attack has hit the npm ecosystem, compromising hundreds of widely used JavaScript packages tied to the @antv data visualization library. The attack, which unfolded in the early hours of May 19, 2026, injected malicious code into packages used by millions of…

  • CISA Admin Exposes AWS GovCloud Credentials on Public GitHub Repository

    CISA Admin Exposes AWS GovCloud Credentials on Public GitHub Repository A major security lapse has exposed highly sensitive U.S. government cloud credentials after a contractor working with the Cybersecurity and Infrastructure Security Agency (CISA) accidentally published them in a public GitHub repository. The repository, named “Private-CISA,” remained publicly accessible until mid-May 2026 and contained a…

  • Hackers Abuse Microsoft Entra ID Accounts to Exfiltrate Microsoft 365 and Azure Data

    Hackers Abuse Microsoft Entra ID Accounts to Exfiltrate Microsoft 365 and Azure Data A threat actor known as Storm-2949 has launched a sophisticated, multi-layered cloud attack campaign targeting Microsoft Entra ID accounts to steal sensitive data from Microsoft 365 and Azure environments. The campaign was recently uncovered and has raised serious concerns about how modern…

  • Mythos Preview Builds PoC Exploits in Automated Vulnerability Research

    Mythos Preview Builds PoC Exploits in Automated Vulnerability Research Anthropic’s Mythos Preview security-focused AI model is crossing a critical threshold in automated vulnerability research, not just finding bugs, but chaining them together into working proof-of-concept exploits. That’s the finding from Cloudflare’s security team, which spent several weeks running the model against more than fifty internal…

  • Hackers Actively Exploiting Critical NGINX RCE Vulnerability in the Wild

    Hackers Actively Exploiting Critical NGINX RCE Vulnerability in the Wild Hackers are wasting no time exploiting a newly disclosed critical vulnerability in NGINX, with security researchers already observing real-world attacks just days after its public release. Security researcher Patrick Garrity from VulnCheck revealed that threat actors are actively targeting CVE-2026-42945, a heap buffer overflow flaw…

  • CISA Warns of Microsoft Exchange Server Vulnerability Exploited in Attacks

    CISA Warns of Microsoft Exchange Server Vulnerability Exploited in Attacks CISA has issued a fresh warning about a newly disclosed Microsoft Exchange Server vulnerability that is already being exploited in real-world attacks, raising concerns for organizations relying on on-premises email infrastructure. The flaw CVE-2026-42897 is a cross-site scripting (XSS) vulnerability affecting Microsoft Exchange Server, specifically within…

  • 1 Million WordPress Sites Affected by Avada Builder File Read and SQL Injection Flaws

    1 Million WordPress Sites Affected by Avada Builder File Read and SQL Injection Flaws A widely used WordPress plugin powering over one million websites has been hit by two serious vulnerabilities that could allow attackers to steal sensitive data and access server files. Security researchers warn that the flaws in the Avada Builder plugin could be…

  • Microsoft Confirms Windows 11 Update Fails With Error 0x800f0922

    Microsoft Confirms Windows 11 Update Fails With Error 0x800f0922 Microsoft has officially acknowledged a critical installation failure affecting its May 2026 Patch Tuesday cumulative update for Windows 11, KB5089549, leaving users stranded with error code 0x800f0922 and, in some cases, additional errors 0x80240069 and 0x80240031. The known issue was formally added to the update’s change…

  • New Windows ‘MiniPlasma’ Zero-Day Let Attackers Gain SYSTEM Access – PoC Released

    New Windows ‘MiniPlasma’ Zero-Day Let Attackers Gain SYSTEM Access – PoC Released A critical Windows privilege escalation zero-day vulnerability dubbed “MiniPlasma” has emerged with a public proof-of-concept exploit that allows attackers to achieve SYSTEM-level privileges on fully patched Windows systems. Security researcher Nightmare-Eclipse released the weaponized exploit on GitHub on May 13, 2026, claiming that…

  • Critical WordPress Plugin Vulnerability Exposes Websites to Authentication Bypass Attacks

    Critical WordPress Plugin Vulnerability Exposes Websites to Authentication Bypass Attacks A critical vulnerability in a widely used WordPress plugin has exposed over 200,000 websites to full account takeover, raising urgent concerns across the security community. Discovered on May 8, 2026, by Wordfence’s AI-powered PRISM threat intelligence platform, the flaw affects the Burst Statistics plugin, a…

  • Grafana Labs Security Breach – Hackers Access GitHub and Download Codebase

    Grafana Labs Security Breach – Hackers Access GitHub and Download Codebase A threat actor infiltrated Grafana Labs’ GitHub environment, stealing a privileged token to download the company’s private codebase, and then attempted to extort the open-source observability giant with an unanswered ransom demand. Grafana Labs disclosed on May 16, 2026, that an unauthorized party obtained…

  • First Public macOS Kernel Exploit on Apple M5 Prepared Using Mythos Preview in Five Days

    First Public macOS Kernel Exploit on Apple M5 Prepared Using Mythos Preview in Five Days Apple’s M5 silicon has reportedly been exploited for the first time in a public macOS kernel memory corruption attack, successfully bypassing the company’s notable hardware-level memory protection. Researchers from Calif, Bruce Dang, Dion Blazakis, and Josh Maine, developed a working…

  • Microsoft Exchange, Windows 11, and Cursor Zero-Days Exploited on Pwn2Own Day 2

    Microsoft Exchange, Windows 11, and Cursor Zero-Days Exploited on Pwn2Own Day 2 Pwn2Own Berlin 2026 is rapidly escalating into one of the most intense offensive security contests in recent years, with Day Two delivering a fresh wave of critical zero-day exploits targeting enterprise software, AI tools, and operating systems. Security researchers demonstrated real-world attack scenarios…

  • JDownloader Website Compromised to Distribute Malicious Windows and Linux Installers

    JDownloader Website Compromised to Distribute Malicious Windows and Linux Installers A widely used download manager trusted by millions has briefly turned into a malware delivery platform after attackers compromised the official JDownloader website, replacing legitimate installers with malicious versions targeting both Windows and Linux users. The incident, confirmed by developers and security researchers, occurred between…

  • Malicious JPEG Images Could Trigger PHP Memory Safety Vulnerabilities

    Malicious JPEG Images Could Trigger PHP Memory Safety Vulnerabilities Two critical memory-safety vulnerabilities in PHP’s image-processing functions could allow attackers to leak sensitive heap memory or to execute denial-of-service attacks via specially crafted JPEG files. The flaws, discovered in PHP’s ext/standard extension by Positive Technologies researcher Nikita Sveshnikov, affect the widely-used getimagesize and iptcembed functions…

  • Critical Linux Kernel Flaw ‘ssh-keysign-pwn’ Exposes SSH Keys and Shadow Passwords

    Critical Linux Kernel Flaw ‘ssh-keysign-pwn’ Exposes SSH Keys and Shadow Passwords A newly disclosed Linux kernel vulnerability is raising serious concerns across the security community, as it allows attackers to access highly sensitive data, including SSH private keys and password hashes, on affected systems. Tracked as CVE-2026-46333, the flaw has been nicknamed “ssh-keysign-pwn” and impacts a wide range…

  • Google Project Zero Discloses Zero-Click Exploit Chain for Pixel 10 Devices

    Google Project Zero Discloses Zero-Click Exploit Chain for Pixel 10 Devices A newly disclosed zero-click exploit chain targeting Google Pixel 10 devices has raised fresh concerns about Android’s low-level security. Google Project Zero researchers demonstrated how attackers could silently compromise a device and escalate privileges to root without any user interaction by chaining just two…

  • Android 16 VPN Bypass Lets Malicious Apps Reveal Users Real IP Address

    Android 16 VPN Bypass Lets Malicious Apps Reveal Users Real IP Address A newly disclosed flaw in Android 16 is raising serious privacy concerns after researchers revealed that malicious apps can bypass VPN protections and expose a user’s real IP address even when strict security settings are enabled. The vulnerability, dubbed the “Tiny UDP Cannon,”…

  • Gunra Ransomware Expands RaaS Operations After Shifting From Conti-Based Locker

    Gunra Ransomware Expands RaaS Operations After Shifting From Conti-Based Locker Gunra ransomware has quickly grown from a new threat into a serious global problem, hitting dozens of organizations in less than a year. The group behind it is not just encrypting data, but also running a business-like operation that sells access, leaks stolen files, and…