serisec

no alarms and no surprises please..

  • The quest for greater tech independence

    The quest for greater tech independence A complete decoupling from US technology is neither realistic nor necessary, but the changing environment does require nations and companies to reassess their relationships and dependencies Go to eset

  • TR-26-0260 (Drupal Güvenlik Bildirimi )

    TR-26-0260 (Drupal Güvenlik Bildirimi ) Go to usom.gov

  • TR-26-0259 (Qlik Talend Güvenlik Bildirimi)

    TR-26-0259 (Qlik Talend Güvenlik Bildirimi) Go to usom.gov

  • Interpol’s ‘Operation Ramz’ Pioneers Cross-Region Collabs in Middle East

    Interpol’s ‘Operation Ramz’ Pioneers Cross-Region Collabs in Middle East While the numbers are modest, the crackdown on cybercrime involved 13 countries in the MENA region, the largest law enforcement collaboration to date. Robert Lemos Go to gbhackers.com

  • Grafana GitHub Breach Exposes Source Code via TanStack npm Attack

    Grafana GitHub Breach Exposes Source Code via TanStack npm Attack Grafana Labs, on May 19, 2026, said an investigation into its recent breach found no evidence of customer production systems or operations being compromised. It said the scope of the incident is limited to the Grafana Labs GitHub environment, which includes public and private source…

  • GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories

    GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories GitHub on Tuesday said it’s investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform’s source code and internal organizations for sale on a cybercrime forum. “While we currently have no evidence of impact to customer information stored…

  • Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps

    Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps Cybersecurity researchers have disclosed details of a new ad fraud and malvertising operation dubbed Trapdoor targeting Android device users. The activity, per HUMAN’s Satori Threat Intelligence and Research Team, encompassed 455 malicious Android apps and 183 threat actor-owned command-and-control (C2) domains,…

  • DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability

    DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability Proof-of-concept (PoC) exploit code has now been released for a recently patched security flaw in the Linux kernel that could allow for local privilege escalation (LPE). Dubbed DirtyDecrypt (aka DirtyCBC), the vulnerability was discovered and reported by the Zellic and V12 security team on May 9,…

  • The New Phishing Click: How OAuth Consent Bypasses MFA

    The New Phishing Click: How OAuth Consent Bypasses MFA In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries.  The targets of the platform received a message asking them to enter a short code at microsoft.com/devicelogin and complete their…

  • WantToCry ransomware remotely encrypts files

    WantToCry ransomware remotely encrypts files Brute-force attempts against SMB services can be early signs of an attack Categories: Threat Research Tags: Ransomware, WantToCry, SMB Go to sophos

  • Laurie Anderson Is Quoting Me

    Laurie Anderson Is Quoting Me Not by name, but Laurie Anderson quotes me in one of the tracks of her new album: My favorite quote is from a cryptologist who said “If you think technology will solve your problems, you don’t understand technology and you don’t understand your problems.” Also in interviews: “Of course, it’s…

  • ISC Stormcast For Wednesday, May 20th, 2026 https://isc.sans.edu/podcastdetail/9938, (Wed, May 20th)

    ISC Stormcast For Wednesday, May 20th, 2026 https://isc.sans.edu/podcastdetail/9938, (Wed, May 20th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu

  • What Will Make AI BOMs Real?

    What Will Make AI BOMs Real? A brief overview of the forces at play that will get more organizations on board with creating and consuming AI bill of materials (BOMs). Ericka Chickowski, Contributing Writer Go to gbhackers.com

  • Verizon DBIR: Enterprises Face a Dangerous Vulnerability Glut

    Verizon DBIR: Enterprises Face a Dangerous Vulnerability Glut Verizon’s “2026 Data Breach Investigations Report” (“DBIR”) finds that exploits are now involved in 31% of initial access for breaches, while patching lags too far behind the bad guys. Alexander Culafi Go to gbhackers.com

  • Windows Zero-Day Barrage Continues After Patch Tuesday

    Windows Zero-Day Barrage Continues After Patch Tuesday YellowKey, GreenPlasma, and MiniPlasma add to the growing list of vulnerabilities a security researcher disclosed over the past six weeks. Jai Vijayan Go to gbhackers.com

  • CISA Exposes Secrets, Credentials in ‘Private’ Repo

    CISA Exposes Secrets, Credentials in ‘Private’ Repo The agency’s GitHub repository, publicly available since November 2025, was ironically named “Private-CISA.” Rob Wright Go to gbhackers.com

  • Stealer Spoofs Google, Microsoft & Apple, Then Backdoors macOS

    Stealer Spoofs Google, Microsoft & Apple, Then Backdoors macOS The SHub Reaper stealer, which hides behind fake WeChat and Miro installers, marks a shift from ClickFix social engineering to Apple script-based execution. Elizabeth Montalbano Go to gbhackers.com

  • Looking Back, Looking Forward: Digesting a Dynamic Bouillabaisse of Cyber Evolution

    Looking Back, Looking Forward: Digesting a Dynamic Bouillabaisse of Cyber Evolution Dark Reading editors reflect on two decades of dramatic change — from perimeter defense to assume-breach strategies — and warn that while AI, cloud, and COVID-19 have transformed the threat landscape, organizations are still failing at fundamental security hygiene that could stop sophisticated attacks…

  • Is 2026 the Year AI Bills of Materials Get Real?

    Is 2026 the Year AI Bills of Materials Get Real? Understanding AI BOMs and where they fit into risk management for artificial intelligence. Ericka Chickowski, Contributing Writer Go to gbhackers.com

  • Microsoft Edge Enhances Security by Preventing Password Loading at Startup

    Microsoft Edge Enhances Security by Preventing Password Loading at Startup Microsoft is rolling out a key security change in its Edge browser to stop saved passwords from being loaded into memory as soon as… Delivered by PolitePaul service Go to gbhackers.com

  • ShinyHunters Takes Responsibility for Attack on Learning Management Platform

    ShinyHunters Takes Responsibility for Attack on Learning Management Platform A cyberattack linked to the notorious threat group ShinyHunters has disrupted a widely used Learning Management System (LMS), impacting educational institutions and students across… Delivered by PolitePaul service Go to gbhackers.com

  • Gentlemen Ransomware Targets Windows, Linux, NAS, BSD, and ESXi Systems

    Gentlemen Ransomware Targets Windows, Linux, NAS, BSD, and ESXi Systems The Gentlemen ransomware operation has rapidly emerged as one of the most active and scalable cybercrime threats since its public appearance in the second… Delivered by PolitePaul service Go to gbhackers.com

  • Kimsuky Uses LNK, JSE Lures to Target Recruiters, Crypto Users, Defense Officials

    Kimsuky Uses LNK, JSE Lures to Target Recruiters, Crypto Users, Defense Officials Kimsuky Hackers Use LNK and JSE Lures to Target Recruiters, Crypto Users, and Defense Officials. North Korea-linked threat group Kimsuky has launched at least four… Delivered by PolitePaul service Go to gbhackers.com

  • 20-Year-Old PostgreSQL Flaw Gets Public PoC Exploit for Remote Code Execution

    20-Year-Old PostgreSQL Flaw Gets Public PoC Exploit for Remote Code Execution A newly released proof-of-concept (PoC) exploit for CVE-2026-2005 has brought renewed attention to a critical vulnerability in PostgreSQL’s pgcrypto extension, exposing systems to remote… Delivered by PolitePaul service Go to gbhackers.com

  • INTERPOL ‘Operation Ramz’ seizes 53 malware, phishing servers

    INTERPOL ‘Operation Ramz’ seizes 53 malware, phishing servers More than 200 individuals were arrested for cybercrime activities during INTERPOL’s Operation Ramz, which focused on the Middle East and North Africa. […] Bill Toulas Go to bleepingcomputer

  • SHub macOS infostealer variant spoofs Apple security updates

    SHub macOS infostealer variant spoofs Apple security updates A new variant of the ‘SHub’ macOS infostealer uses AppleScript to show a fake security update message and installs a backdoor. […] Bill Toulas Go to bleepingcomputer

  • 5 Steps to Managing Shadow AI Tools Without Slowing Down Employees

    5 Steps to Managing Shadow AI Tools Without Slowing Down Employees Many employees already use shadow AI tools at work without security review. Adaptive Security breaks down how teams can build practical AI governance without adding friction for employees. […] Sponsored by Adaptive Security Go to bleepingcomputer

  • Leaked Shai-Hulud malware fuels new npm infostealer campaign

    Leaked Shai-Hulud malware fuels new npm infostealer campaign The Shai-Hulud malware leaked last week is now used in new attacks on the Node Package Manager (npm) index, as infected packages emerged over the weekend. […] Bill Toulas Go to bleepingcomputer

  • Grafana says stolen GitHub token let hackers steal codebase

    Grafana says stolen GitHub token let hackers steal codebase Grafana Labs disclosed that hackers have downloaded its source code after breaching its GitHub environment using a stolen access token. […] Bill Toulas Go to bleepingcomputer

  • Hackers Compromise @antv Packages in Mini Shai-Hulud npm Attack Wave

    Hackers Compromise @antv Packages in Mini Shai-Hulud npm Attack Wave A sweeping supply chain attack has hit the npm ecosystem, compromising hundreds of widely used JavaScript packages tied to the @antv data visualization library. The attack, which unfolded in the early hours of May 19, 2026, injected malicious code into packages used by millions of…

  • CISA Admin Exposes AWS GovCloud Credentials on Public GitHub Repository

    CISA Admin Exposes AWS GovCloud Credentials on Public GitHub Repository A major security lapse has exposed highly sensitive U.S. government cloud credentials after a contractor working with the Cybersecurity and Infrastructure Security Agency (CISA) accidentally published them in a public GitHub repository. The repository, named “Private-CISA,” remained publicly accessible until mid-May 2026 and contained a…

  • Hackers Abuse Microsoft Entra ID Accounts to Exfiltrate Microsoft 365 and Azure Data

    Hackers Abuse Microsoft Entra ID Accounts to Exfiltrate Microsoft 365 and Azure Data A threat actor known as Storm-2949 has launched a sophisticated, multi-layered cloud attack campaign targeting Microsoft Entra ID accounts to steal sensitive data from Microsoft 365 and Azure environments. The campaign was recently uncovered and has raised serious concerns about how modern…

  • Mythos Preview Builds PoC Exploits in Automated Vulnerability Research

    Mythos Preview Builds PoC Exploits in Automated Vulnerability Research Anthropic’s Mythos Preview security-focused AI model is crossing a critical threshold in automated vulnerability research, not just finding bugs, but chaining them together into working proof-of-concept exploits. That’s the finding from Cloudflare’s security team, which spent several weeks running the model against more than fifty internal…

  • Hackers Actively Exploiting Critical NGINX RCE Vulnerability in the Wild

    Hackers Actively Exploiting Critical NGINX RCE Vulnerability in the Wild Hackers are wasting no time exploiting a newly disclosed critical vulnerability in NGINX, with security researchers already observing real-world attacks just days after its public release. Security researcher Patrick Garrity from VulnCheck revealed that threat actors are actively targeting CVE-2026-42945, a heap buffer overflow flaw…

  • TR-26-0258 (Basamak Bilişim – DernekWeb Güvenlik Bildirimi)

    TR-26-0258 (Basamak Bilişim – DernekWeb Güvenlik Bildirimi) Go to usom.gov

  • Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials

    Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious code that harvests sensitive credentials and exfiltrates them to an attacker-controlled server. “Every existing tag in the repository has been moved to point…

  • Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account

    Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account Cybersecurity researchers have discovered a fresh software supply chain attack campaign that has compromised various npm packages associated with the @antv ecosystem as part of the ongoing Mini Shai-Hulud attack wave. “The attack affects packages tied to the npm maintainer account atool, including echarts-for-react,…

  • INTERPOL Operation Ramz Disrupts MENA Cybercrime Networks with 201 Arrests

    INTERPOL Operation Ramz Disrupts MENA Cybercrime Networks with 201 Arrests INTERPOL has coordinated a first-of-its-kind cybercrime crackdown across the Middle East and North Africa (MENA) that led to 201 arrests and the identification of an additional 382 suspects. The initiative involved the efforts of 13 countries from the region between October 2025 and February 2026,…

  • ⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More

    ⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More Monday opens with a trust problem. A mail server flaw is under active use. A network control system was targeted. Trusted packages were poisoned. A fake model page pushed a stealer. Then came the familiar ransom claim: the data was returned…

  • How to Reduce Phishing Exposure Before It Turns into Business Disruption

    How to Reduce Phishing Exposure Before It Turns into Business Disruption What happens when a phishing email looks clean enough to pass through security, but dangerous enough to expose the business after one click? That is the gap many SOCs still struggle with: the attacks that leave teams unsure what was exposed, who else was…

  • Zero-Day Exploit Against Windows BitLocker

    Zero-Day Exploit Against Windows BitLocker It’s nasty, but it requires physical access to the computer: The exploit, named YellowKey, was published earlier this week by a researcher who goes by the alias Nightmare-Eclipse. It reliably bypasses default Windows 11 deployments of BitLocker, the full-volume encryption protection Microsoft provides to make disk contents off-limits to anyone…

  • ISC Stormcast For Tuesday, May 19th, 2026 https://isc.sans.edu/podcastdetail/9936, (Tue, May 19th)

    ISC Stormcast For Tuesday, May 19th, 2026 https://isc.sans.edu/podcastdetail/9936, (Tue, May 19th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu

  • TeamPCP Supply Chain Campaign: Activity Through 2026-05-17, (Mon, May 18th)

    TeamPCP Supply Chain Campaign: Activity Through 2026-05-17, (Mon, May 18th) Since the last update, the TeamPCP supply chain campaign produced its loudest stretch since the March Trivy disclosure: an officially confirmed Checkmarx Jenkins plugin compromise and a new self-spreading Mini Shai-Hulud worm across npm and PyPI. Bottom line up front Two TeamPCP events broke within 48…

  • CISA Admin Leaked AWS GovCloud Keys on Github

    CISA Admin Leaked AWS GovCloud Keys on Github Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how…

  • Weekly Update 504

    Weekly Update 504 It’s a hot topic, the old “pay or don’t pay” for hackers not to leak your data. Since recording this a few days ago, we’ve had Grafana go with the “no pay” approach, and I’ve seen a raft of commentary around other companies reaching “agreements”, which is a much politer way of…

  • Microsoft Exchange Zero-Day Under Attack, No Patch Available

    Microsoft Exchange Zero-Day Under Attack, No Patch Available CVE-2026-42897 stems from a cross-site scripting (XSS) vulnerability and can allow an attacker to compromise Outlook Web Access (OWA) mailboxes. Rob Wright Go to gbhackers.com

  • ‘Claw Chain’ Vulnerabilities Threaten OpenClaw Deployments

    ‘Claw Chain’ Vulnerabilities Threaten OpenClaw Deployments The now patched vulnerabilities in the rapidly growing AI agent framework allow attackers to steal credentials, escalate privileges, and maintain persistence. Jai Vijayan Go to gbhackers.com

  • Shai-Hulud Worm Clones Spread After Code Release

    Shai-Hulud Worm Clones Spread After Code Release The release of Shai-Hulud source code spells trouble for software developers as researchers worry the self-replicating worm could scale. Alexander Culafi Go to gbhackers.com

  • Fuel Tank Breaches Expand Scope of Iran’s Cyber Offensive

    Fuel Tank Breaches Expand Scope of Iran’s Cyber Offensive Security experts have long warned that insecure automatic tank gauge (ATG) systems exposed on the Internet can be tampered with by threat actors. Elizabeth Montalbano Go to gbhackers.com

  • Paper Werewolf APT Spreads EchoGather RAT via Fake Adobe Installer

    Paper Werewolf APT Spreads EchoGather RAT via Fake Adobe Installer A sophisticated Russian-language threat cluster known as Paper Werewolf (also tracked as GOFFEE) has launched a fresh wave of targeted cyberattacks against Russian industrial, financial, and… Delivered by PolitePaul service Go to gbhackers.com

  • Hackers Abuse Cloudflare Storage to Exfiltrate Network Files

    Hackers Abuse Cloudflare Storage to Exfiltrate Network Files A sophisticated cyber espionage campaign targeting multiple Malaysian organizations has been uncovered, revealing a highly structured attack chain that blends custom tooling, cloud infrastructure,… Delivered by PolitePaul service Go to gbhackers.com

  • Microsoft Acknowledges Windows 11 Update Failure Linked to Error 0x800f0922

    Microsoft Acknowledges Windows 11 Update Failure Linked to Error 0x800f0922 Microsoft has acknowledged a growing issue affecting Windows 11 users: the May 2026 cumulative update (KB5089549) fails to install, resulting in error code 0x800f0922…. Delivered by PolitePaul service Go to gbhackers.com

  • Hackers Hide PureLogs Infostealer in PawsRunner Loader

    Hackers Hide PureLogs Infostealer in PawsRunner Loader Threat actors are increasingly hiding malware inside seemingly harmless files, and a new campaign shows just how effective this tactic has become. The attack… Delivered by PolitePaul service Go to gbhackers.com

  • Critical Marimo RCE Flaw Could Let Attackers Execute Malicious Code Remotely

    Critical Marimo RCE Flaw Could Let Attackers Execute Malicious Code Remotely A newly disclosed critical vulnerability in the Marimo Python notebook framework is raising serious alarms across the cybersecurity community, as it allows attackers to… Delivered by PolitePaul service Go to gbhackers.com

  • Microsoft confirms Windows 11 security update install issues

    Microsoft confirms Windows 11 security update install issues Microsoft has confirmed that the May 2026 Windows 11 security update (KB5089549) fails to install on some systems and triggers 0x800f0922 errors. […] Sergiu Gatlan Go to bleepingcomputer

  • Exploit available for new DirtyDecrypt Linux root escalation flaw

    Exploit available for new DirtyDecrypt Linux root escalation flaw A recently patched local privilege escalation vulnerability in the Linux kernel’s rxgk module now has a proof-of-concept exploit that allows attackers to gain root access on some Linux systems. […] Sergiu Gatlan Go to bleepingcomputer

  • Hackers earn $1,298,250 for 47 zero-days at Pwn2Own Berlin 2026

    Hackers earn $1,298,250 for 47 zero-days at Pwn2Own Berlin 2026 The Pwn2Own Berlin 2026 hacking contest has concluded, with security researchers collecting $1,298,250 in rewards after exploiting 47 zero-day flaws. […] Sergiu Gatlan Go to bleepingcomputer

  • New Windows ‘MiniPlasma’ zero-day exploit gives SYSTEM access, PoC released

    New Windows ‘MiniPlasma’ zero-day exploit gives SYSTEM access, PoC released A cybersecurity researcher has released a proof-of-concept exploit for a Windows privilege escalation zero-day dubbed “MiniPlasma” that lets attackers gain SYSTEM privileges on fully patched Windows systems.  […] Lawrence Abrams Go to bleepingcomputer

  • Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing

    Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack Microsoft 365 accounts. […] Bill Toulas Go to bleepingcomputer

  • CISA Warns of Microsoft Exchange Server Vulnerability Exploited in Attacks

    CISA Warns of Microsoft Exchange Server Vulnerability Exploited in Attacks CISA has issued a fresh warning about a newly disclosed Microsoft Exchange Server vulnerability that is already being exploited in real-world attacks, raising concerns for organizations relying on on-premises email infrastructure. The flaw CVE-2026-42897 is a cross-site scripting (XSS) vulnerability affecting Microsoft Exchange Server, specifically within…

  • 1 Million WordPress Sites Affected by Avada Builder File Read and SQL Injection Flaws

    1 Million WordPress Sites Affected by Avada Builder File Read and SQL Injection Flaws A widely used WordPress plugin powering over one million websites has been hit by two serious vulnerabilities that could allow attackers to steal sensitive data and access server files. Security researchers warn that the flaws in the Avada Builder plugin could be…

  • Microsoft Confirms Windows 11 Update Fails With Error 0x800f0922

    Microsoft Confirms Windows 11 Update Fails With Error 0x800f0922 Microsoft has officially acknowledged a critical installation failure affecting its May 2026 Patch Tuesday cumulative update for Windows 11, KB5089549, leaving users stranded with error code 0x800f0922 and, in some cases, additional errors 0x80240069 and 0x80240031. The known issue was formally added to the update’s change…

  • New Windows ‘MiniPlasma’ Zero-Day Let Attackers Gain SYSTEM Access – PoC Released

    New Windows ‘MiniPlasma’ Zero-Day Let Attackers Gain SYSTEM Access – PoC Released A critical Windows privilege escalation zero-day vulnerability dubbed “MiniPlasma” has emerged with a public proof-of-concept exploit that allows attackers to achieve SYSTEM-level privileges on fully patched Windows systems. Security researcher Nightmare-Eclipse released the weaponized exploit on GitHub on May 13, 2026, claiming that…

  • Critical WordPress Plugin Vulnerability Exposes Websites to Authentication Bypass Attacks

    Critical WordPress Plugin Vulnerability Exposes Websites to Authentication Bypass Attacks A critical vulnerability in a widely used WordPress plugin has exposed over 200,000 websites to full account takeover, raising urgent concerns across the security community. Discovered on May 8, 2026, by Wordfence’s AI-powered PRISM threat intelligence platform, the flaw affects the Burst Statistics plugin, a…

  • NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

    NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public disclosure, according to VulnCheck. The vulnerability, tracked as CVE-2026-42945 (CVSS score: 9.2), is a heap buffer overflow in ngx_http_rewrite_module affecting…

  • Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt

    Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt Grafana has disclosed that an “unauthorized party” obtained a token that granted them the ability to access the company’s GitHub environment and download its codebase. “Our investigation has determined that no customer data or personal information was accessed during this incident, and we have…

  • Microsoft rejects critical Azure vulnerability report, no CVE issued

    Microsoft rejects critical Azure vulnerability report, no CVE issued A security researcher claims Microsoft quietly fixed an Azure Backup for AKS vulnerability after rejecting his report, and without issuing a CVE. Microsoft disputes the claim, telling BleepingComputer the behavior was expected and that “no product changes were made,” despite the researcher documenting a silent fix.…

  • Russian hackers turn Kazuar backdoor into modular P2P botnet

    Russian hackers turn Kazuar backdoor into modular P2P botnet The Russian hacker group Secret Blizzard has developed its long-running Kazuar backdoor into a modular peer-to-peer (P2P) botnet designed for long-term persistence, stealth, and data collection. […] Bill Toulas Go to bleepingcomputer

  • Grafana Labs Security Breach – Hackers Access GitHub and Download Codebase

    Grafana Labs Security Breach – Hackers Access GitHub and Download Codebase A threat actor infiltrated Grafana Labs’ GitHub environment, stealing a privileged token to download the company’s private codebase, and then attempted to extort the open-source observability giant with an unanswered ransom demand. Grafana Labs disclosed on May 16, 2026, that an unauthorized party obtained…

  • First Public macOS Kernel Exploit on Apple M5 Prepared Using Mythos Preview in Five Days

    First Public macOS Kernel Exploit on Apple M5 Prepared Using Mythos Preview in Five Days Apple’s M5 silicon has reportedly been exploited for the first time in a public macOS kernel memory corruption attack, successfully bypassing the company’s notable hardware-level memory protection. Researchers from Calif, Bruce Dang, Dion Blazakis, and Josh Maine, developed a working…

  • Microsoft Exchange, Windows 11, and Cursor Zero-Days Exploited on Pwn2Own Day 2

    Microsoft Exchange, Windows 11, and Cursor Zero-Days Exploited on Pwn2Own Day 2 Pwn2Own Berlin 2026 is rapidly escalating into one of the most intense offensive security contests in recent years, with Day Two delivering a fresh wave of critical zero-day exploits targeting enterprise software, AI tools, and operating systems. Security researchers demonstrated real-world attack scenarios…

  • JDownloader Website Compromised to Distribute Malicious Windows and Linux Installers

    JDownloader Website Compromised to Distribute Malicious Windows and Linux Installers A widely used download manager trusted by millions has briefly turned into a malware delivery platform after attackers compromised the official JDownloader website, replacing legitimate installers with malicious versions targeting both Windows and Linux users. The incident, confirmed by developers and security researchers, occurred between…

  • Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming

    Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild to inject malicious JavaScript code into WooCommerce checkout pages with the goal of stealing payment data. Details of the activity were published by Sansec this week.…

  • JDownloader Website Hack Exposes Windows and Linux Users to Malicious Installers

    JDownloader Website Hack Exposes Windows and Linux Users to Malicious Installers A popular open-source download manager trusted by millions suddenly became a malware delivery platform after attackers compromised its official website, replacing legitimate installers with… Delivered by PolitePaul service Go to gbhackers.com

  • Linux “ssh-keysign-pwn” Flaw Exposing Critical Authentication Files

    Linux “ssh-keysign-pwn” Flaw Exposing Critical Authentication Files A newly disclosed Linux kernel vulnerability, dubbed “ssh-keysign-pwn” by Qualys researchers, exposes millions of Linux systems to unauthorized access to sensitive SSH private keys and hashed… Delivered by PolitePaul service Go to gbhackers.com

  • Gunra Ransomware Expands RaaS After Conti Locker Shift

    Gunra Ransomware Expands RaaS After Conti Locker Shift Gunra ransomware is rapidly evolving into a more structured and dangerous cybercrime operation after shifting from a Conti-based locker to its own Ransomware-as-a-Service (RaaS)… Delivered by PolitePaul service Go to gbhackers.com

  • VMware Fusion Flaw Could Allow Attackers to Gain Root Privileges

    VMware Fusion Flaw Could Allow Attackers to Gain Root Privileges A newly disclosed vulnerability in VMware Fusion has raised serious security concerns after researchers confirmed it could allow attackers to escalate privileges to root… Delivered by PolitePaul service Go to gbhackers.com

  • Shai-Hulud Worm Steals Dev Secrets Across npm, GitHub, AWS & Kubernetes

    Shai-Hulud Worm Steals Dev Secrets Across npm, GitHub, AWS & Kubernetes Shai-Hulud is a major cybersecurity threat targeting the open-source software supply chain. Security researchers are raising alarms over “Shai-Hulud,” a self-propagating npm worm designed to… Delivered by PolitePaul service Go to gbhackers.com

  • Funnel Builder WordPress plugin bug exploited to steal credit cards

    Funnel Builder WordPress plugin bug exploited to steal credit cards A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited to inject malicious JavaScript snippets into WooCommerce checkout pages. […] Bill Toulas Go to bleepingcomputer

  • Microsoft Exchange, Windows 11 hacked on second day of Pwn2Own

    Microsoft Exchange, Windows 11 hacked on second day of Pwn2Own ​During the second day of Pwn2Own Berlin 2026, competitors collected $385,750 in cash awards after exploiting 15 unique zero-day vulnerabilities in multiple products, including Windows 11, Microsoft Exchange, and Red Hat Enterprise Linux for Workstations. […] Sergiu Gatlan Go to bleepingcomputer

  • Popular node-ipc npm package compromised to steal credentials

    Popular node-ipc npm package compromised to steal credentials Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply chain attack targeting npm. […] Bill Toulas Go to bleepingcomputer

  • Avada Builder WordPress plugin flaws allow site credential theft

    Avada Builder WordPress plugin flaws allow site credential theft Two vulnerabilities in the Avada Builder plugin for WordPress, with an estimated one million active installations, allow hackers to read arbitrary files and extract sensitive information from the database. […] Bill Toulas Go to bleepingcomputer

  • Microsoft backpedals: Edge to stop loading passwords into memory

    Microsoft backpedals: Edge to stop loading passwords into memory Microsoft is updating the Edge web browser to ensure it no longer loads saved passwords into process memory in clear text at startup after previously stating it was “by design.” […] Sergiu Gatlan Go to bleepingcomputer

  • Malicious JPEG Images Could Trigger PHP Memory Safety Vulnerabilities

    Malicious JPEG Images Could Trigger PHP Memory Safety Vulnerabilities Two critical memory-safety vulnerabilities in PHP’s image-processing functions could allow attackers to leak sensitive heap memory or to execute denial-of-service attacks via specially crafted JPEG files. The flaws, discovered in PHP’s ext/standard extension by Positive Technologies researcher Nikita Sveshnikov, affect the widely-used getimagesize and iptcembed functions…

  • Critical Linux Kernel Flaw ‘ssh-keysign-pwn’ Exposes SSH Keys and Shadow Passwords

    Critical Linux Kernel Flaw ‘ssh-keysign-pwn’ Exposes SSH Keys and Shadow Passwords A newly disclosed Linux kernel vulnerability is raising serious concerns across the security community, as it allows attackers to access highly sensitive data, including SSH private keys and password hashes, on affected systems. Tracked as CVE-2026-46333, the flaw has been nicknamed “ssh-keysign-pwn” and impacts a wide range…

  • Google Project Zero Discloses Zero-Click Exploit Chain for Pixel 10 Devices

    Google Project Zero Discloses Zero-Click Exploit Chain for Pixel 10 Devices A newly disclosed zero-click exploit chain targeting Google Pixel 10 devices has raised fresh concerns about Android’s low-level security. Google Project Zero researchers demonstrated how attackers could silently compromise a device and escalate privileges to root without any user interaction by chaining just two…

  • Android 16 VPN Bypass Lets Malicious Apps Reveal Users Real IP Address

    Android 16 VPN Bypass Lets Malicious Apps Reveal Users Real IP Address A newly disclosed flaw in Android 16 is raising serious privacy concerns after researchers revealed that malicious apps can bypass VPN protections and expose a user’s real IP address even when strict security settings are enabled. The vulnerability, dubbed the “Tiny UDP Cannon,”…

  • Gunra Ransomware Expands RaaS Operations After Shifting From Conti-Based Locker

    Gunra Ransomware Expands RaaS Operations After Shifting From Conti-Based Locker Gunra ransomware has quickly grown from a new threat into a serious global problem, hitting dozens of organizations in less than a year. The group behind it is not just encrypting data, but also running a business-like operation that sells access, leaks stolen files, and…

  • Why geopolitical turmoil is a gift for scammers, and how to stay safe

    Why geopolitical turmoil is a gift for scammers, and how to stay safe Conflict is a boon for opportunistic fraudsters. Look out for their ploys. Go to eset

  • Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access

    Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access The Russian state-sponsored hacking group known as Turla has transformed its custom backdoor Kazuar into a modular peer-to-peer (P2P) botnet that’s engineered for stealth and persistent access to compromised hosts. Turla, per the U.S. Cybersecurity and Infrastructure Security Agency (CISA), is assessed to be…

  • Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence

    Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence Cybersecurity researchers have disclosed a set of four security flaws in OpenClaw that could be chained to achieve data theft, privilege escalation, and persistence. The vulnerabilities, collectively dubbed Claw Chain by Cyera, can permit an attacker to establish a foothold, expose sensitive data, and plant…

  • What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface

    What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface In Your Biggest Security Risk Isn’t Malware — It’s What You Already Trust, we made a simple argument: the most dangerous activity inside most organizations no longer looks like an attack. It looks like administration. PowerShell, WMIC, netsh, Certutil,…

  • TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates

    TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates OpenAI has disclosed that two of its employee devices in its corporate environment were impacted via the Mini Shai-Hulud supply chain attack on TanStack, but noted that no user data, production systems, or intellectual property were compromised or modified in an unauthorized manner.…

  • Friday Squid Blogging: Bigfin Squid

    Friday Squid Blogging: Bigfin Squid Article about the bigfin squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy. Bruce Schneier Go to bruce schneier

  • Bypassing On-Camera Age-Verification Checks

    Bypassing On-Camera Age-Verification Checks Some AI-based video age-verification checks can be fooled with a fake mustache. Bruce Schneier Go to bruce schneier

  • [Guest Diary] New Malware Libraries means New Signatures, (Fri, May 15th)

    [Guest Diary] New Malware Libraries means New Signatures, (Fri, May 15th) This is a Guest Diary by Gokul Prema Thangavel, an ISC intern as part of the SANS.edu Bachelor Degree Program. Introduction The SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 is one of the most-observed Outlaw / Shellbot artifacts on the public internet. VirusTotal first ingested it on 5 July…

  • ISC Stormcast For Friday, May 15th, 2026 https://isc.sans.edu/podcastdetail/9934, (Fri, May 15th)

    ISC Stormcast For Friday, May 15th, 2026 https://isc.sans.edu/podcastdetail/9934, (Fri, May 15th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu

  • The Boring Stuff is Dangerous Now

    The Boring Stuff is Dangerous Now AI agents capable of discovering and exploiting obscure vulnerabilities are emerging alongside developers producing vast amounts of potentially flawed AI-generated code, forcing defenders to adapt accordingly. Shlomie Liberow Go to gbhackers.com

  • Cyber Pioneers Ponder Past as Prologue

    Cyber Pioneers Ponder Past as Prologue Robert “RSnake” Hansen, Katie Moussouris, Rich Mogull, Richard Stiennon, and Bruce Schneier reflect on how their favorite columns penned for Dark Reading over the past 20 years have stood the test of time. Kelly Jackson Higgins, Becky Bracken Go to gbhackers.com

  • OrBit Rootkit Targets Linux to Steal SSH and Sudo Credentials

    OrBit Rootkit Targets Linux to Steal SSH and Sudo Credentials Hackers are continuing to abuse a stealthy Linux rootkit known as OrBit to harvest SSH and sudo credentials, with new research showing the threat… Delivered by PolitePaul service Go to gbhackers.com