no alarms and no surprises please..
-
The Security Growth Platform: Why MSPs Are Moving Beyond vCISO Tools
The Security Growth Platform: Why MSPs Are Moving Beyond vCISO Tools Three years ago, the practical question for an MSP building a cybersecurity practice was which “vCISO platform” to buy. The term was good shorthand for the work at the time: assessments, advisory, reporting, maybe a compliance module bolted on the side. The work has…
-
Vulnerability Disclosure in the Age of AI
Vulnerability Disclosure in the Age of AI New article: “Responsible Disclosure in the Age of AI: A Call for Urgent Action,” by Melissa Hathaway. Abstract: Artificial intelligence is fundamentally reshaping the balance between vulnerability discovery and remediation. Frontier AI models are now capable of autonomously identifying exploitable software vulnerabilities at unprecedented speed and scale. This…
-
ISC Stormcast For Tuesday, June 2nd, 2026 https://isc.sans.edu/podcastdetail/9954, (Tue, Jun 2nd)
ISC Stormcast For Tuesday, June 2nd, 2026 https://isc.sans.edu/podcastdetail/9954, (Tue, Jun 2nd) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
1,000 Data Breaches Later, the Disclosure Lag is Worse Than Ever
1,000 Data Breaches Later, the Disclosure Lag is Worse Than Ever Today, I loaded the 1,000th data breach into Have I Been Pwned. Reflecting on that milestone number, I pondered how to mark the occasion in writing, and what immediately came to mind was a very simple question: why is it still needed? Especially considering…
-
Weekly Update 506
Weekly Update 506 I’m finding it quite fascinating to watch the current spate of ShinyHunters breaches and dumps. There’s the obvious criminality of it all, but then there’s also the response from organisations (or lack thereof, as it relates to disclosure to victims), the appearance and disappearance of victims on their dark web site, the…
-
Anthropic to Open Mythos AI to EU’s ENISA
Anthropic to Open Mythos AI to EU’s ENISA The European security agency’s entry to Project Glasswing is the result of “strong bilateral cooperation” between the European Commission and Anthropic. Jai Vijayan Go to gbhackers.com
-
Patch Now: Another Palo Alto Auth Bypass Bug Under Active Exploit
Patch Now: Another Palo Alto Auth Bypass Bug Under Active Exploit Exploiting the PAN-OS GlobalProtect VPN vulnerability requires certain conditions, but adversaries have done so in two attack waves that started in mid-May. Elizabeth Montalbano Go to gbhackers.com
-
Microsoft: No Lawsuits Against Researchers in Nightmare-Eclipse Row
Microsoft: No Lawsuits Against Researchers in Nightmare-Eclipse Row Microsoft has issued a clarifying statement, assuring the global cybersecurity community that it has no intention of pursuing legal action against security researchers conducting or publishing… Delivered by PolitePaul service Go to gbhackers.com
-
Iran-Linked Hackers Wipe IT and Recovery Systems in Middle East Cyberattack
Iran-Linked Hackers Wipe IT and Recovery Systems in Middle East Cyberattack Iran-linked hackers have launched a destructive cyber campaign that wipes IT, backup, and recovery systems at multiple organizations in the Middle East and beyond,… Delivered by PolitePaul service Go to gbhackers.com
-
Meta AI Vulnerability Allegedly Enables Instagram Password Resets
Meta AI Vulnerability Allegedly Enables Instagram Password Resets Instagram is facing scrutiny after a critical vulnerability in its Meta AI-powered support system allegedly allowed attackers to take over user accounts by abusing… Delivered by PolitePaul service Go to gbhackers.com
-
Microsoft KB5089573 Fixes Windows 11 Patch Tuesday Install Failures
Microsoft KB5089573 Fixes Windows 11 Patch Tuesday Install Failures Microsoft has released cumulative update KB5089573 for Windows 11 versions 24H2 and 25H2, aimed at improving stability and resolving installation issues reported during recent… Delivered by PolitePaul service Go to gbhackers.com
-
Windows Netlogon 0-Click RCE Vulnerability Under Active Exploitation
Windows Netlogon 0-Click RCE Vulnerability Under Active Exploitation Microsoft’s May 2026 Patch Tuesday release has taken a critical turn after security researchers confirmed that a high-risk Windows Netlogon vulnerability is now being… Delivered by PolitePaul service Go to gbhackers.com
-
WP Maps Pro bug exploited to create admin accounts on WordPress sites
WP Maps Pro bug exploited to create admin accounts on WordPress sites Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue administrator accounts without authentication. […] Bill Toulas Go to bleepingcomputer
-
Microsoft Tightens Entra ID Password Resets With New Authentication Change
Microsoft Tightens Entra ID Password Resets With New Authentication Change Microsoft has announced a significant security update to its Entra ID Self-Service Password Reset (SSPR) feature, introducing stricter authentication requirements designed to reduce identity-based attacks. The update mandates the use of explicitly registered authentication methods, removing reliance on directory-stored contact information that has not been…
-
Famous Chollima Hackers Target PHP Developers Using Compromised Packagist Package
Famous Chollima Hackers Target PHP Developers Using Compromised Packagist Package A well-known North Korean threat actor has been caught hiding malware inside a legitimate PHP package available through Packagist, the main package repository for PHP projects. The attack takes direct aim at software developers, disguising a dangerous payload as a routine configuration file. This kind…
-
Hackers Attacking Signal Users to Steal Backups in New Wave of Attacks
Hackers Attacking Signal Users to Steal Backups in New Wave of Attacks A new wave of phishing attacks is targeting users of Signal, the encrypted messaging app trusted by journalists, activists, and privacy-conscious individuals worldwide. Hackers are impersonating Signal’s support team and tricking users into handing over their backup recovery keys, which can unlock entire…
-
Microsoft Clarifies It Won’t Sue Security Researchers Amid Nightmare-Eclipse Controversy
Microsoft Clarifies It Won’t Sue Security Researchers Amid Nightmare-Eclipse Controversy Microsoft has clarified its stance, reducing perceived legal threats and reaffirming its commitment to coordinated vulnerability disclosure, following significant backlash from the security research community. In a carefully worded statement released in late May 2026, Microsoft’s Security Response Center (MSRC) moved to defuse a growing crisis over…
-
Instagram Meta AI Vulnerability Allegedly Enables Password Reset for Accounts
Instagram Meta AI Vulnerability Allegedly Enables Password Reset for Accounts A critical flaw in Meta’s AI-powered account recovery tool on Instagram allowed attackers to hijack high-value accounts by tricking the chatbot into forwarding password reset codes with no verification required. Security researchers ZachXBT and Dark Web Informer were among the first to publicly expose the…
-
Dutch Authorities Dismantle Botnet Linked to 17 Million Infected Devices
Dutch Authorities Dismantle Botnet Linked to 17 Million Infected Devices Dutch authorities have announced the takedown of a botnet that enslaved millions of infected devices, including computers, tablets, smartphones, and IoT devices, to carry out malicious attacks. The bot network, per the Dutch Politie and the National Cyber Security Center (NCSC), consisted of at least…
-
ISC Stormcast For Monday, June 1st, 2026 https://isc.sans.edu/podcastdetail/9952, (Mon, Jun 1st)
ISC Stormcast For Monday, June 1st, 2026 https://isc.sans.edu/podcastdetail/9952, (Mon, Jun 1st) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
Unidentified RAT pushes NetSupport RAT, (Mon, Jun 1st)
Unidentified RAT pushes NetSupport RAT, (Mon, Jun 1st) Introduction This diary provides indicators from an unidentified RAT infection on Wednesday 2026-05-27 that was followed by a malicious NetSupport Manager RAT package. This originated from the SmartApeSG ClickFix campaign. I still don’t know the name of the initial RAT, but it has consistently been generating encoded…
-
YARA-X 1.17.0 Release, (Sun, May 31st)
YARA-X 1.17.0 Release, (Sun, May 31st) YARA-X’s 1.17.0 release brings 5 improvements (several performance improvements) and 1 bugfix. Didier Stevens Senior handler blog.DidierStevens.com (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks
Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks Palo Alto Networks is warning that hackers are now exploiting a PAN-OS GlobalProtect authentication bypass flaw, tracked as CVE-2026-0257, in attacks attempting to breach corporate networks. […] Lawrence Abrams Go to bleepingcomputer
-
New CIFSwitch Linux flaw gives root on multiple distributions
New CIFSwitch Linux flaw gives root on multiple distributions A newly discovered local privilege escalation vulnerability dubbed ‘CIFSwitch’ in the Linux kernel could allow attackers to forge CIFS authentication key descriptions, abuse the kernel’s key request mechanism, and gain root privileges. […] Bill Toulas Go to bleepingcomputer
-
Microsoft Releases KB5089573 for Windows 11 to Fix Patch Tuesday Install Issues
Microsoft Releases KB5089573 for Windows 11 to Fix Patch Tuesday Install Issues Microsoft has rolled out a new cumulative update, KB5089573, for Windows 11 versions 25H2 and 24H2, targeting a critical installation failure that affected users following the May 2026 Patch Tuesday release. The update brings OS builds to 26200.8524 and 26100.8524, respectively, resolving a…
-
GitLab Patches Multiple Duo AI, DoS, and Authorization Flaws in Community and Enterprise Edition
GitLab Patches Multiple Duo AI, DoS, and Authorization Flaws in Community and Enterprise Edition GitLab has released emergency security updates for both Community Edition (CE) and Enterprise Edition (EE), addressing multiple Duo AI, denial‑of‑service, and authorization flaws in recent versions of the platform. On May 27, 2026, GitLab shipped versions 19.0.1, 18.11.4, and 18.10.7 as…
-
Pentest Swarm AI Tool With Live Access to nmap, sqlmap, Burp, Metasploit, and Others
Pentest Swarm AI Tool With Live Access to nmap, sqlmap, Burp, Metasploit, and Others Pentest Swarm AI is the first open-source autonomous penetration testing platform built on a swarm intelligence architecture, not just multiple agents firing in a fixed sequence. Developed by Armur AI, it gives security professionals live, coordinated access to the full offensive…
-
PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation
PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0257 (CVSS score: 7.8), refers to a case of authentication bypass that could be exploited by bad actors…
-
Palo Alto PAN-OS Authentication Bypass Vulnerability Actively Exploited in the Wild
Palo Alto PAN-OS Authentication Bypass Vulnerability Actively Exploited in the Wild A critical authentication-bypass vulnerability affecting Palo Alto Networks PAN-OS and Prisma Access is being actively exploited by malicious actors. In response to mounting attacks, the… Delivered by PolitePaul service Go to gbhackers.com
-
Google Chrome’s DBSC Now Generally Available to Prevent Account Takeovers
Google Chrome’s DBSC Now Generally Available to Prevent Account Takeovers Google has officially made Device Bound Session Credentials (DBSC) generally available for the Chrome browser on Windows. This architectural upgrade delivers a robust… Delivered by PolitePaul service Go to gbhackers.com
-
SideCopy Deploys Persistent XenoRAT Against Afghanistan Finance Ministry
SideCopy Deploys Persistent XenoRAT Against Afghanistan Finance Ministry Pakistan-linked threat actor SideCopy has launched a highly targeted spear-phishing campaign against Afghanistan’s Ministry of Finance (MoF). The operation surgically targets all 34 provincial… Delivered by PolitePaul service Go to gbhackers.com
-
Ransomware Abuses SYSTEM Task to Encrypt Drives with Elevated Privileges
Ransomware Abuses SYSTEM Task to Encrypt Drives with Elevated Privileges A newly analyzed ransomware strain, “The Gentlemen,” is raising concern among security researchers due to its ability to combine strong encryption with aggressive lateral… Delivered by PolitePaul service Go to gbhackers.com
-
JINX-0164 Uses LinkedIn Lures to Deploy Custom macOS Malware
JINX-0164 Uses LinkedIn Lures to Deploy Custom macOS Malware A newly identified threat actor tracked as JINX-0164 is targeting cryptocurrency organizations through sophisticated LinkedIn-based social engineering campaigns. The financially motivated group has been active… Delivered by PolitePaul service Go to gbhackers.com
-
ChatGPT share links abused to host fake outage pages to deliver malware
ChatGPT share links abused to host fake outage pages to deliver malware Threat actors are abusing ChatGPT’s content-sharing feature to display fake OpenAI outage pages that direct users to download malware disguised as the ChatGPT desktop application. […] Lawrence Abrams Go to bleepingcomputer
-
California AG sues 23andMe over 2023 breach exposing health data
California AG sues 23andMe over 2023 breach exposing health data California Attorney General Rob Bonta filed a lawsuit against 23andMe, now Chrome Holding Co., over the company’s failure to protect sensitive customer genetic and personal information. […] Bill Toulas Go to bleepingcomputer
-
From $5 Attacks to Botnet-Powered Platforms: Inside the DDoS-as-a- Service Market
From $5 Attacks to Botnet-Powered Platforms: Inside the DDoS-as-a- Service Market DDoS attacks are increasingly being sold like subscription services, complete with pricing tiers, support, and reseller programs. Flare explores how the DDoS-as-a-Service market has evolved from scattered tools into polished attack platforms. […] Sponsored by Flare Go to bleepingcomputer
-
Dutch govt disrupts malware botnet with 17 million infected devices
Dutch govt disrupts malware botnet with 17 million infected devices Dutch authorities have taken offline a massive botnet of 17 million devices and seized more than 200 servers at a local provider that supported the operation. […] Bill Toulas Go to bleepingcomputer
-
Google Chrome adds session cookie theft protection for all users
Google Chrome adds session cookie theft protection for all users Google says the Chrome Device Bound Session Credentials (DBSC) security feature is now generally available and is rolling out to all users to prevent account takeovers. […] Sergiu Gatlan Go to bleepingcomputer
-
Google Chrome’s Device-Bound Session Credentials Now GA to Block Account Takeovers
Google Chrome’s Device-Bound Session Credentials Now GA to Block Account Takeovers Google has officially moved Device Bound Session Credentials (DBSC) to general availability in the Chrome browser on Windows, delivering a powerful defense against one of the most persistent threats in modern cybersecurity session cookie theft. Previously available in beta for Google Workspace users, DBSC…
-
GREYVIBE Hackers Leverage ChatGPT and Google Gemini to Fuel Cyberattacks
GREYVIBE Hackers Leverage ChatGPT and Google Gemini to Fuel Cyberattacks GREYVIBE hackers are increasingly leveraging generative AI tools such as ChatGPT and Google Gemini to enhance cyberattack operations. The campaign, active since at least August 2025, primarily targets Ukraine and related entities across the government, military, and civilian sectors, highlighting a growing convergence between artificial…
-
Palo Alto Networks PAN-OS Authentication Vulnerability Bypass Exploited in the Wild
Palo Alto Networks PAN-OS Authentication Vulnerability Bypass Exploited in the Wild Palo Alto Networks authentication bypass vulnerability, CVE-2026-0257, affecting PAN-OS and Prisma Access, is now being actively exploited in the wild, with CISA adding it to the Known Exploited Vulnerabilities (KEV) catalog on May 29, 2026. Palo Alto Networks published its security advisory on May…
-
Post-quantum cryptography is not the future. It is your current reality.
Post-quantum cryptography is not the future. It is your current reality. For most of the last decade, post-quantum cryptography lived in a particular kind of conversation. It came up at security conferences. It appeared in NIST press releases. CISOs nodded politely when it surfaced in briefings, filed it under “things to deal with eventually,” and moved…
-
Ransomware Uses SYSTEM Scheduled Task to Encrypt Local Drives With Elevated Privileges
Ransomware Uses SYSTEM Scheduled Task to Encrypt Local Drives With Elevated Privileges A newly analyzed ransomware strain called The Gentlemen is raising serious alarms across the cybersecurity community. Built in the Go programming language and obfuscated with a tool called Garble, it combines powerful per-file encryption with an aggressive ability to spread itself silently across…
-
This month in security with Tony Anscombe – May 2026 edition
This month in security with Tony Anscombe – May 2026 edition In this roundup, Tony looks at attacks against Polish water treatment facilities, how AI-directed attacks failed in Mexico, and what Google believes is the first AI-generated zero-day exploit Go to eset
-
ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface
ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the artificial intelligence (AI) assistant’s implicit trust in Markdown links and images to trigger prompt injections and open the door to phishing attacks. The technique has been codenamed ChatGPhish by Permiso Security.…
-
Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit
Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network using a recently disclosed vulnerability. “The attacker compromised an internet-reachable Marimo notebook via CVE-2026-39987, extracted…
-
New Russia-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks
New Russia-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks A previously undocumented threat actor dubbed GREYVIBE has been attributed to ongoing and persistent attacks targeting Ukraine and Ukraine-related entities since at least August 2025. GREYVIBE, per WithSecure, is assessed to be a Russian-speaking group operating broadly in the Russian time zone, with the activities aligning with…
-
What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks
What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks Shadow AI used to mean employees pasting things they shouldn’t into ChatGPT. It now means something bigger: employees building full applications with AI, wiring them into production systems, and publishing them on the open internet. Without Security or IT in the loop.…
-
Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets
Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of Brazil’s largest cooperative financial systems, to siphon client IDs and PFX certificates. According to Socket, versions 2.0.0 through 2.0.4 of “Sicoob.Sdk” contain functionality…
-
Friday Squid Blogging: Another Squid
Friday Squid Blogging: Another Squid Someone named “Squid” seems to be a “West Country legend.” As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy. Bruce Schneier Go to bruce schneier
-
Chilling Effects
Chilling Effects Younger Americans have soured on the second Donald Trump presidency, but they are not protesting it. Despite an unpopular Iran war and an even more unpopular Trump administration, college campus protests nationwide have gone silent. And at many schools, student activism is virtually nonexistent. This silence comes in the wake of a relentless…
-
Police arrest man following hack of Ajax football club
Police arrest man following hack of Ajax football club Dutch police have arrested a 35-year-old man suspected of hacking into the computer systems of Amsterdam football giant Ajax, after the personal data of hundreds of thousands of supporters was put at risk. Read more in my article on the Hot for Security blog. Graham Cluley…
-
Name That Toon: Mark of (Cybersecurity) Progress
Name That Toon: Mark of (Cybersecurity) Progress As part of Dark Reading’s 20th anniversary package, we asked readers for a cybersecurity-related caption that captures their thoughts about the industry’s last two decades. John Klossner Go to gbhackers.com
-
Asia’s Cyber Insurance Market Shows Signs of Life
Asia’s Cyber Insurance Market Shows Signs of Life The cyber insurance industry has made relatively weak inroads into Asia due to a a variety of factors, but that could be changing. Alexander Culafi Go to gbhackers.com
-
With Complex Cloud Integrations, Small Errors Lead to Major Compromises
With Complex Cloud Integrations, Small Errors Lead to Major Compromises Researchers discover an exploit chain combining over-permissioned roles, secrets discovery, and non-human identities that could have compromised a popular automation service. Robert Lemos Go to gbhackers.com
-
‘The Com’ Cyberattacks Support Violence & Sexploitation
‘The Com’ Cyberattacks Support Violence & Sexploitation Your organization’s security failures have consequences for everyone else too, since this neo-Nazi-infested criminal gang uses its cyber winnings to support more violent and widespread crimes. Nate Nelson Go to gbhackers.com
-
Trusted Dev Tools Abused to Steal Code and Secrets
Trusted Dev Tools Abused to Steal Code and Secrets Attackers are increasingly weaponizing trusted developer tools to infiltrate software supply chains, with CISA warning of multiple ongoing campaigns targeting CI/CD ecosystems and developer… Delivered by PolitePaul service Go to gbhackers.com
-
Typosquatted npm Packages Steal Cloud and CI/CD Secrets
Typosquatted npm Packages Steal Cloud and CI/CD Secrets A coordinated npm supply chain attack has been uncovered targeting developers working with OpenSearch, ElasticSearch, and DevOps tooling, with attackers actively stealing cloud credentials… Delivered by PolitePaul service Go to gbhackers.com
-
GitLab Patches Multiple Duo AI, DoS, and Authorisation Vulnerabilities
GitLab Patches Multiple Duo AI, DoS, and Authorisation Vulnerabilities GitLab has released patch versions 19.0.1, 18.11.4, and 18.10.7 to fix seven security issues affecting GitLab CE and EE, including Duo AI workflow runner… Delivered by PolitePaul service Go to gbhackers.com
-
Fake Adobe Document Cloud Pages Spread ScreenConnect Malware
Fake Adobe Document Cloud Pages Spread ScreenConnect Malware Hackers are actively exploiting trust in Adobe Document Cloud by using fake delivery pages to install remote access malware. The campaign leverages a sophisticated phishing… Delivered by PolitePaul service Go to gbhackers.com
-
Samba Security Flaw Lets Attackers Execute Code Remotely
Samba Security Flaw Lets Attackers Execute Code Remotely A critical security vulnerability in Samba’s printing subsystem has been disclosed, allowing unauthenticated attackers to execute arbitrary code remotely on affected servers. Tracked as… Delivered by PolitePaul service Go to gbhackers.com
-
Charter Communications data breach affects 4.9 million accounts
Charter Communications data breach affects 4.9 million accounts The ShinyHunters extortion gang stole personal information from 4.9 million accounts after hacking the U.S. telecom giant Charter Communications in early April, according to data breach notification service Have I Been Pwned. […] Sergiu Gatlan Go to bleepingcomputer
-
Anthropic confirms Claude Mythos-class models will roll out to the public
Anthropic confirms Claude Mythos-class models will roll out to the public Anthropic has confirmed that it plans to bring Mythos-class models to the general public after delaying the rollout due to security risks to public and private software. […] Mayank Parmar Go to bleepingcomputer
-
GreyVibe hackers use ChatGPT, Gemini to power cyberattacks
GreyVibe hackers use ChatGPT, Gemini to power cyberattacks A likely Russian threat cluster tracked as GreyVibe has been targeting Ukrainian entities with AI-generated lures and a rich set of custom malware tools. […] Bill Toulas Go to bleepingcomputer
-
BTMOB Android malware service generates custom phishing payloads
BTMOB Android malware service generates custom phishing payloads An Android remote access trojan named BTMOB is offered to cybercriminals with a builder interface for generating malware payloads tailored to phishing lures. […] Bill Toulas Go to bleepingcomputer
-
FBI warns of fake FIFA websites running World Cup fraud schemes
FBI warns of fake FIFA websites running World Cup fraud schemes The FBI is warning of fake websites impersonating FIFA ahead of the 2026 World Cup, to steal personal and financial information, sell fake tickets and hospitality packages, and push other fraud related to the event. […] Bill Toulas Go to bleepingcomputer
-
Malicious RVTools Installer Abuses Sectigo Certificate to Bypass SmartScreen Warnings
Malicious RVTools Installer Abuses Sectigo Certificate to Bypass SmartScreen Warnings A trusted tool for VMware administrators has been weaponized. Attackers built a fake version of RVTools, a widely used utility for managing virtual infrastructure, and disguised it with a real digital certificate to slip past Windows security warnings without raising a flag. RVTools is a…
-
Critical Samba Vulnerability Enables Remote Code Execution Attacks
Critical Samba Vulnerability Enables Remote Code Execution Attacks A critical vulnerability in the Samba printing subsystem, tracked as CVE-2026-4480, has been disclosed, allowing unauthenticated attackers to achieve remote code execution (RCE) on affected systems. The flaw carries a maximum CVSS v3.1 score of 10.0, highlighting its severe impact and ease of exploitation. Samba, widely used…
-
Google Patches 151 Vulnerabilities in Chrome, Including 22 Critical Ones
Google Patches 151 Vulnerabilities in Chrome, Including 22 Critical Ones Google has pushed a major Chrome Stable update that fixes 151 security flaws, including 22 critical vulnerabilities affecting core graphics, networking, media, and UI components across Windows, macOS, and Linux. The Stable channel has been updated to version 148.0.7778.216/217 for Windows, 148.0.7778.215/216 for macOS, and…
-
Google Employee Charged for Making $1.2 Million With Confidential Information
Google Employee Charged for Making $1.2 Million With Confidential Information A Google software engineer has been charged in the United States for allegedly using confidential internal data to generate more than $1.2 million in profits through prediction market trading. The case highlights growing concerns around insider threats and misuse of privileged access in large technology…
-
VS Code Remote-SSH RCE Lets Attackers Pivot From Developer Machines to Cloud Servers
VS Code Remote-SSH RCE Lets Attackers Pivot From Developer Machines to Cloud Servers A newly disclosed vulnerability in Visual Studio Code’s Remote-SSH extension exposes a critical post-compromise attack path that allows threat actors to pivot from infected developer machines into cloud and production environments. Given the extension’s widespread adoption across modern development workflows, the issue…
-
ESET APT Activity Report Q4 2025–Q1 2026
ESET APT Activity Report Q4 2025–Q1 2026 An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2025 and Q1 2026 Go to eset
-
Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels
Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels The North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been attributed to a fresh set of cyber attacks targeting South Korean military and corporate entities through March and April 2026. “Kimsuky employed a range of tailored social engineering tactics, such…
-
Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code
Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an authenticated user to execute arbitrary code under certain conditions. The security flaw, per Rapid7, is rated 9.4 on the CVSS scoring system. It does not have…
-
Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer
Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server (EMS) deployments to deliver credential-stealing malware. “The campaign abused trusted endpoint management infrastructure to deliver malware across managed endpoints,” Arctic Wolf said. “Threat actors disguised the credential stealer…
-
Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal
Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal Microsoft has come out strongly in favor of Coordinated Vulnerability Disclosure (CVD), urging the research community to share their findings and give affected vendors an opportunity to better understand the impact and address them before they are publicly disclosed. The development comes after a researcher…
-
ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More
ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More Every time you think the industry has finally stopped doing some reckless, low-effort crap, somebody spins up a fresh box full of sketchy loaders, fake installers, recycled social-engineering bait, and enough exposed infrastructure to make you wonder if prod is just…
-
ISC Stormcast For Friday, May 29th, 2026 https://isc.sans.edu/podcastdetail/9950, (Fri, May 29th)
ISC Stormcast For Friday, May 29th, 2026 https://isc.sans.edu/podcastdetail/9950, (Fri, May 29th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
Analysis of a Year of Files Uploaded to DShield Sensors, (Wed, May 27th)
Analysis of a Year of Files Uploaded to DShield Sensors, (Wed, May 27th) Using the data collected over the past year and using Kibana these two ES|QL query to summarize the data, this shows the list of the most uploaded threat to two DShield sensors (local and cloud) over the past year. I have sorted the…
-
MyPillow listed on ransomware gang’s leak site, but denies it has been breached
MyPillow listed on ransomware gang’s leak site, but denies it has been breached A notorious ransomware gang claims to have stolen MyPillow’s private data, but CEO Mike Lindell calls it a politically motivated “hit job.” With the countdown ticking toward a massive dark web leak, who is telling the truth? Read more in my article…
-
Dutch Raid Fails to Dent Russian Bulletproof Host
Dutch Raid Fails to Dent Russian Bulletproof Host Dutch law enforcement seized 800 servers and arrested two operators of THE.Hosting but left the hosting provider’s core IP address space intact. Jai Vijayan Go to gbhackers.com
-
Name That Toon Contest
Name That Toon Contest Go to gbhackers.com
-
Agentic AI Isn’t Risky; the Way Orgs Deploy It Is
Agentic AI Isn’t Risky; the Way Orgs Deploy It Is AI agents aren’t black boxes — they’re models interacting with software tools. The risk lies in their overlap. Nate Nelson Go to gbhackers.com
-
Focus on Cyber Insurance: How Quantifying Risk Is Reshaping Security
Focus on Cyber Insurance: How Quantifying Risk Is Reshaping Security In this latest installment of the Reporters’ Notebook video series, we discuss how cyber insurance is forcing organizations to quantify risk, what’s covered (and what’s not), and why this could be the best thing to happen to cybersecurity. Fahmida Y. Rashid, Kristina Beek Go to…
-
VaultJacking Attack Exposes Google Password Vaults via Single PIN
VaultJacking Attack Exposes Google Password Vaults via Single PIN A newly disclosed phishing technique dubbed “VaultJacking” is raising serious concerns across the cybersecurity community after researchers demonstrated how a single captured Google Password… Delivered by PolitePaul service Go to gbhackers.com
-
Top 10 Best Mobile Application Security Testing (MAST) Tools in 2026
Top 10 Best Mobile Application Security Testing (MAST) Tools in 2026 As mobile usage continues to dominate the digital landscape, securing mobile applications has never been more critical. The year 2026 brings new challenges to… Delivered by PolitePaul service Go to gbhackers.com
-
Gitea Container Registry Vulnerability Could Lead to Private Image Exposure
Gitea Container Registry Vulnerability Could Lead to Private Image Exposure A critical vulnerability, tracked as CVE-2026-27771, has been discovered in Gitea’s built-in container registry, allowing unauthenticated remote attackers to access private container images without… Delivered by PolitePaul service Go to gbhackers.com
-
AI-Generated npm Malware Leaks Hacker’s Private GitHub Token
AI-Generated npm Malware Leaks Hacker’s Private GitHub Token A newly discovered malicious npm package is drawing attention across the cybersecurity community after inadvertently exposing its own operator’s private GitHub token. Identified by… Delivered by PolitePaul service Go to gbhackers.com
-
Critical Notepad++ Flaw Could Enable Remote Code Execution Attacks
Critical Notepad++ Flaw Could Enable Remote Code Execution Attacks Notepad++ has released version 8.9.6.1 to address multiple security vulnerabilities, including critical flaws that could allow arbitrary code execution under specific conditions. The update,… Delivered by PolitePaul service Go to gbhackers.com
-
Sextortionist sentenced to 33 years for targeting 145 children
Sextortionist sentenced to 33 years for targeting 145 children A Canadian man was sentenced to 33 years in prison after pleading guilty to targeting more than 145 children across the United States, some as young as 6 years old, in an eight-year-long sextortion scheme. […] Sergiu Gatlan Go to bleepingcomputer
-
GPU mining malware spreads via SEO poisoning, AI chatbots
GPU mining malware spreads via SEO poisoning, AI chatbots Threat actors are targeting systems with high-performance computers in an ongoing cryptojacking campaign spread through a coordinated SEO poisoning operation that also manipulated AI chatbot recommendations. […] Ionut Ilascu Go to bleepingcomputer
-
Can you enforce strong Active Directory password rules without frustrating users?
Can you enforce strong Active Directory password rules without frustrating users? Strong Active Directory passwords don’t have to come at the expense of usability. Specops Software explains how passphrases, breached password protection, and self-service resets can improve security without frustrating users. […] Sponsored by Specops Software Go to bleepingcomputer
-
Glassworm botnet disrupted after resilient C2 infrastructure takedown
Glassworm botnet disrupted after resilient C2 infrastructure takedown The Glassworm botnet targeting developers in software supply-chain attacks has been disrupted after researchers took down its resilient command-and-control infrastructure relying on Solana blockchain transactions and the BitTorrent DHT network. […] Ionut Ilascu Go to bleepingcomputer
-
FBI warns of in-person data theft attacks from extortion gang
FBI warns of in-person data theft attacks from extortion gang The FBI warned on Tuesday that the Silent Ransom Group (SRG) extortion gang is now targeting U.S.-based law firms in in-person data theft attacks. […] Sergiu Gatlan Go to bleepingcomputer
-
Veeam Backup & Replication Tool Vulnerability Enables Privilege Escalation Attacks
Veeam Backup & Replication Tool Vulnerability Enables Privilege Escalation Attacks Veeam has addressed a high-severity vulnerability in its Backup & Replication platform that could enable attackers to escalate privileges and gain deeper access to enterprise systems. The issue impacts Veeam Backup & Replication version 13.0.1.2067 and all earlier version 13 builds, prompting urgent patching recommendations…
-
Microsoft Warns Public Release of Zero-Day Details Before Vendor Coordination
Microsoft Warns Public Release of Zero-Day Details Before Vendor Coordination Microsoft has issued a strong warning after multiple zero-day vulnerabilities were publicly disclosed without prior coordination, raising concerns about increased risk to users and enterprise environments. The company stated that recent disclosures exposed critical security flaws before patches were available, giving threat actors a potential…
-
Critical Notepad++ Vulnerabilities Allow Attackers to Execute Arbitrary Code
Critical Notepad++ Vulnerabilities Allow Attackers to Execute Arbitrary Code Notepad++, one of the most widely used open-source text editors for Windows, has released an urgent security update addressing three vulnerabilities, including two arbitrary code execution flaws that could allow attackers to silently run malicious programs on a victim’s machine. The Notepad++ development team released version…
-
Silent Ransom Group Targets Law Firms With IT Support Impersonation Attacks
Silent Ransom Group Targets Law Firms With IT Support Impersonation Attacks A threat group known as the Silent Ransom Group is actively targeting US-based law firms using a bold and deceptive social engineering playbook. Rather than deploying ransomware in the traditional sense, this group goes straight for the data and then turns it into a…
-
SBI Warns of Scammers are Sending Fake Messages Claiming Your YONO App Will be Deactivated
SBI Warns of Scammers are Sending Fake Messages Claiming Your YONO App Will be Deactivated A new wave of social engineering attacks is targeting millions of State Bank of India customers across the country. Fraudsters are sending fake messages warning users that their YONO banking app will be deactivated unless they update their Aadhaar number…