serisec

no alarms and no surprises please..

  • It’s Patch Tuesday for Microsoft and Not a Zero-Day In Sight

    It’s Patch Tuesday for Microsoft and Not a Zero-Day In Sight It’s the first time in two years with no zero-days. But with 137 flaws to patch, including nine critical ones, admins still have plenty of work to do. Jai Vijayan Go to gbhackers.com

  • Hugging Face Packages Weaponized With a Single File Tweak

    Hugging Face Packages Weaponized With a Single File Tweak A tokenizer library file present in Hugging Face AI models can be manipulated to hijack the model’s outputs and exfiltrate data. Alexander Culafi Go to gbhackers.com

  • 20 Leaders Who Built the CISO Era: 2 Decades of Change

    20 Leaders Who Built the CISO Era: 2 Decades of Change As part of Dark Reading’s 20th anniversary special coverage, we profile the CISOs, founders, researchers, criminals, and policymakers who rewrote the enterprise risk playbook. Dark Reading Editorial Team Go to gbhackers.com

  • North Korea Hackers Abuse Git Hooks to Deploy Cross-Platform Malware

    North Korea Hackers Abuse Git Hooks to Deploy Cross-Platform Malware North Korean threat actors have introduced a stealthy new delivery mechanism in their ongoing “Contagious Interview” campaign, shifting tactics to abuse Git hooks for… Delivered by PolitePaul service Go to gbhackers.com

  • Cline AI Agent Flaw Allows Attackers to Launch RCE Attacks

    Cline AI Agent Flaw Allows Attackers to Launch RCE Attacks A critical security vulnerability in the Cline AI coding assistant’s kanban package exposes developers to remote code execution, data theft, and denial-of-service attacks by… Delivered by PolitePaul service Go to gbhackers.com

  • Fake TronLink Chrome Extension Steals Crypto Wallet Credentials

    Fake TronLink Chrome Extension Steals Crypto Wallet Credentials A newly uncovered phishing campaign is targeting TRON wallet users through a deceptive Chrome extension that mimics the popular TronLink wallet. The campaign… Delivered by PolitePaul service Go to gbhackers.com

  • Claude Chrome Extension Flaw Lets Malicious Add-Ons Steal Gmail and Drive Data

    Claude Chrome Extension Flaw Lets Malicious Add-Ons Steal Gmail and Drive Data A critical vulnerability dubbed “ClaudeBleed” has compromised Anthropic’s trusted AI assistant, potentially turning it into a backdoor. This severe design flaw in the Claude… Delivered by PolitePaul service Go to gbhackers.com

  • Microsoft Warns: MistralAI PyPI Package Compromised with Malware

    Microsoft Warns: MistralAI PyPI Package Compromised with Malware Mistral’s official Python client on PyPI has been pulled into the ongoing wave of AI supply‑chain attacks, with Microsoft warning that version 2.4.6 of… Delivered by PolitePaul service Go to gbhackers.com

  • Instructure reaches ‘agreement’ with ShinyHunters to stop data leak

    Instructure reaches ‘agreement’ with ShinyHunters to stop data leak Instructure, the edtech giant behind the widely popular Canvas learning management system (LMS), has reached an “agreement” with the ShinyHunters extortion group to prevent the data stolen in a recent breach from being leaked online. […] Sergiu Gatlan Go to bleepingcomputer

  • GM agrees to $12.75M California settlement over sale of drivers’ data

    GM agrees to $12.75M California settlement over sale of drivers’ data California Attorney General Rob Bonta announced a proposed $12.75 million settlement agreement with General Motors (GM) over allegations that the company violated the California Consumer Privacy Act (CCPA). […] Bill Toulas Go to bleepingcomputer

  • Official CheckMarx Jenkins package compromised with infostealer

    Official CheckMarx Jenkins package compromised with infostealer Checkmarx warned over the weekend that a rogue version of its Jenkins Application Security Testing (AST) plugin had been published on the Jenkins Marketplace. […] Bill Toulas Go to bleepingcomputer

  • New GhostLock tool abuses Windows API to block file access

    New GhostLock tool abuses Windows API to block file access A security researcher has released a proof-of-concept tool named GhostLock that demonstrates how a legitimate Windows file API can be abused in attacks to block access to files stored locally or on SMB network shares. […] Lawrence Abrams Go to bleepingcomputer

  • Instructure confirms hackers used Canvas flaw to deface portals

    Instructure confirms hackers used Canvas flaw to deface portals Education technology giant Instructure has confirmed that a security vulnerability allowed hackers to modify Canvas login portals and leave an extortion message. […] Ionut Ilascu Go to bleepingcomputer

  • Critical PHP SOAP Extension Vulnerabilities Enables Remote Code Execution Attacks

    Critical PHP SOAP Extension Vulnerabilities Enables Remote Code Execution Attacks A serious cluster of vulnerabilities has been uncovered in PHP’s core string processing and ext-soap components, putting numerous web servers at immediate risk of total takeover. While the SOAP extension has a notorious history of memory corruption flaws, this latest discovery crosses the red line…

  • Magecart Hackers Abuse Google Tag Manager to Inject Credit Card Skimmers

    Magecart Hackers Abuse Google Tag Manager to Inject Credit Card Skimmers Online shoppers have long been targets of digital theft, but a recent wave of attacks has raised the stakes in a troubling new way. Hackers tied to the notorious Magecart group are now hiding credit card skimmers inside Google Tag Manager (GTM) containers, turning…

  • TeamPCP Compromised Checkmarx Jenkins AST Plugin Following KICS Supply Chain Attack

    TeamPCP Compromised Checkmarx Jenkins AST Plugin Following KICS Supply Chain Attack A supply chain attack that started with a relatively obscure open-source scanner has now reached one of the most widely used application security tools in the industry. In May 2026, a malicious version of the Checkmarx Jenkins AST plugin was quietly published to the…

  • PoC Exploit Released for Android Zero-Click Vulnerability that Enables Remote Shell Access

    PoC Exploit Released for Android Zero-Click Vulnerability that Enables Remote Shell Access In a chilling blow to mobile security, Google’s May 2026 Android Security Bulletin has unmasked a catastrophic zero-click vulnerability lurking within the core Android System. The CVE-2026-0073 flaw in Android’s adbd daemon lets nearby threat actors remotely gain full shell access without victim…

  • TrickMo Android Banking Malware Targets Banking, Wallet, and Authenticator Apps

    TrickMo Android Banking Malware Targets Banking, Wallet, and Authenticator Apps A dangerous Android banking malware known as TrickMo has resurfaced with a powerful new variant, and this time it is more stealthy, more capable, and harder to stop than ever before. The threat is actively targeting users of banking apps, digital wallets, and authenticator applications…

  • Eyes wide open: How to mitigate the security and privacy risks of smart glasses

    Eyes wide open: How to mitigate the security and privacy risks of smart glasses Smart glasses allow anyone to track and record the world around them. That could put your data and the privacy of those nearby at risk. Go to eset

  • iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android

    iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android Apple on Monday officially released iOS 26.5 with support for end-to-end encryption (E2EE) to Rich Communication Services (RCS) in beta as part of a “cross-industry effort” to replace traditional SMS with a more secure alternative. To that end, E2EE RCS messaging is rolling…

  • TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack

    TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack Checkmarx has confirmed that a modified version of the Jenkins AST plugin was published to the Jenkins Marketplace. “If you are using Checkmarx Jenkins AST plugin, you need to ensure that you are using the version 2.0.13-829.vc72453fa_1c16 that was published on December 17,…

  • cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor

    cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor A threat actor named Mr_Rot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor codenamed Filemanager on compromised environments. The attack exploits CVE-2026-41940, a vulnerability impacting cPanel and WebHost Manager (WHM) that could result in an authentication bypass…

  • Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation

    Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation Google on Monday disclosed that it identified an unknown threat actor using a zero-day exploit that it said was likely developed with an artificial intelligence (AI) system, marking the first time the technology has been put to use in the wild in…

  • ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More

    ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More Rough Monday. Somebody poisoned a trusted download again, somebody else turned cloud servers into public housing, and a few crews are still getting into boxes with bugs that should’ve died years ago — the same old holes, same lazy access paths, same “how…

  • LLMs and Text-in-Text Steganography

    LLMs and Text-in-Text Steganography Turns out that LLMs are really good at hiding text messages in other text messages. Bruce Schneier Go to bruce schneier

  • ISC Stormcast For Tuesday, May 12th, 2026 https://isc.sans.edu/podcastdetail/9928, (Tue, May 12th)

    ISC Stormcast For Tuesday, May 12th, 2026 https://isc.sans.edu/podcastdetail/9928, (Tue, May 12th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu

  • Apple Patches Everything, (Mon, May 11th)

    Apple Patches Everything, (Mon, May 11th) Apple today released its typical feature update across it’s operating systems (iOS, iPadOS, macOS, tvOS, watchOS, vision OS). With this update, Apple patched 84 different vulnerabilities. Updates are available for the “26” series of operating systems, as well as for the previous “18” version of iOS/iPadOS, and two versions…

  • Why we use CAPTCHAs, (Mon, May 11th)

    Why we use CAPTCHAs, (Mon, May 11th) A few months ago, I implemented Cloudflare’s Turnstile CAPTCHA on some pages. The reason for implementing these CAPTCHAs is obvious: Bots make up a large percentage of traffic and affect site performance. So I figured it was a good time to look back and see how effective these…

  • ISC Stormcast For Monday, May 11th, 2026 https://isc.sans.edu/podcastdetail/9926, (Mon, May 11th)

    ISC Stormcast For Monday, May 11th, 2026 https://isc.sans.edu/podcastdetail/9926, (Mon, May 11th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu

  • YARA-X 1.16.0 Release, (Sun, May 10th)

    YARA-X 1.16.0 Release, (Sun, May 10th) YARA-X’s 1.16.0 release brings 4 improvements and 4 bugfixes. Didier Stevens Senior handler blog.DidierStevens.com   (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu

  • Welcoming the Bangladesh Government to Have I Been Pwned

    Welcoming the Bangladesh Government to Have I Been Pwned Today, we welcome the 43rd government onboarded to Have I Been Pwned’s free gov service, Bangladesh. The BGD e-GOV CIRT department now has full access to query all their government domains via API, and monitor them against future breaches. Bangladesh joins a growing list of national…

  • Welcoming the Costa Rican Government to Have I Been Pwned

    Welcoming the Costa Rican Government to Have I Been Pwned Today, we welcome the 42nd government onboarded to Have I Been Pwned’s free gov service: Costa Rica. The CSIRT of the Government of Costa Rica now has access to monitor government domains against the data in HIBP. This enables their national cybersecurity incident response team…

  • FCC Softens Ban on Foreign-Made Routers

    FCC Softens Ban on Foreign-Made Routers The Federal Communications Commission eased some restrictions and pushed back deadlines for foreign router manufacturers, but the ban is still in place. Jai Vijayan Go to gbhackers.com

  • Tech Can’t Stop These Threats — Your People Can

    Tech Can’t Stop These Threats — Your People Can Security controls can do only so much. Here are four attacks where your employees are usually your first, and only, line of cyber defense. A. Stryker Go to gbhackers.com

  • ‘Dirty Frag’ Exploit Poised to Blow Up on Enterprise Linux Distros

    ‘Dirty Frag’ Exploit Poised to Blow Up on Enterprise Linux Distros The privilege escalation vulnerability, which is similar to other Linux flaws like Copy Fail and Dirty Pipe, may already be under limited exploitation. Elizabeth Montalbano Go to gbhackers.com

  • Hackers Use AI for Exploit Development, Attack Automation

    Hackers Use AI for Exploit Development, Attack Automation Cyber adversaries have long used AI, but now attackers are using large language models to develop exploits and orchestrate complex attacks. Alexander Culafi Go to gbhackers.com

  • Cyber Espionage Group Targets Aviation Firms to Steal Map Data

    Cyber Espionage Group Targets Aviation Firms to Steal Map Data The campaign quietly compromises aerospace and drone operators to exfiltrate GIS files, terrain models, and GPS data and gain a clear picture of adversaries’ world view. Robert Lemos Go to gbhackers.com

  • Fake Claude Campaign Uses PlugX-Style DLL Sideloading Chain

    Fake Claude Campaign Uses PlugX-Style DLL Sideloading Chain Hackers are abusing a fake Claude AI download site to deliver a PlugX‑style DLL sideloading chain that ultimately deploys a new Windows backdoor dubbed… Delivered by PolitePaul service Go to gbhackers.com

  • Microsoft 365 Copilot Flaws Could Let Attackers Access Sensitive Data

    Microsoft 365 Copilot Flaws Could Let Attackers Access Sensitive Data Microsoft has disclosed a trio of critical information disclosure vulnerabilities affecting Microsoft 365 Copilot and Copilot Chat in Microsoft Edge. Released on May 7,… Delivered by PolitePaul service Go to gbhackers.com

  • Trending Hugging Face Repo With 200K Downloads Spreads Windows Malware

    Trending Hugging Face Repo With 200K Downloads Spreads Windows Malware A malicious Hugging Face repository, Open-OSS/privacy-filter, that abused the platform’s trust and trending algorithm to deliver a sophisticated Rust-based infostealer to Windows users. The… Delivered by PolitePaul service Go to gbhackers.com

  • Sandboxie Escape Flaw Could Let Attackers Gain SYSTEM-Level Privileges

    Sandboxie Escape Flaw Could Let Attackers Gain SYSTEM-Level Privileges Security researchers have exposed critical sandbox escape vulnerabilities in Sandboxie and Sandboxie-Plus that allow attackers to gain full SYSTEM-level privileges. We strongly urge users… Delivered by PolitePaul service Go to gbhackers.com

  • OpenClaw Malware Targets Crypto Wallets and Bitwarden Credentials

    OpenClaw Malware Targets Crypto Wallets and Bitwarden Credentials OpenClaw users are being targeted in a fresh malware campaign that abuses a fake installer to steal credentials from popular crypto wallets and password… Delivered by PolitePaul service Go to gbhackers.com

  • TrickMo Android banker adopts TON blockchain for covert comms

    TrickMo Android banker adopts TON blockchain for covert comms A new variant of the TrickMo Android banking malware, delivered in campaigns targeting users across Europe, introduces new commands and uses The Open Network (TON) for stealthy command-and-control communications. […] Bill Toulas Go to bleepingcomputer

  • Hackers abuse Google ads, Claude.ai chats to push Mac malware

    Hackers abuse Google ads, Claude.ai chats to push Mac malware Attackers are abusing Google Ads and legitimate Claude.ai shared chats in an active malvertising campaign. Users searching for “Claude mac download” may come across sponsored search results that list claude.ai as the target website, but lead to instructions that install malware on their Mac. […]…

  • Police shut down reboot of Crimenetwork marketplace, arrest admin

    Police shut down reboot of Crimenetwork marketplace, arrest admin German authorities have shut down a relaunch version of the criminal marketplace ‘Crimenetwork’ that generated more than 3.6 million euros, and arrested its operator. […] Bill Toulas Go to bleepingcomputer

  • Vidar Malware Targets Browser Credentials, Cookies, Crypto Wallets, and System Data

    Vidar Malware Targets Browser Credentials, Cookies, Crypto Wallets, and System Data A long-active information stealer is making headlines again, and this time it is targeting more than just passwords. Vidar malware, a credential-harvesting tool in circulation since late 2018, has been observed running through a sophisticated multi-stage attack chain designed to slip past modern security…

  • Google reCAPTCHA Update Blocks Privacy-Focused Android Users From Sites

    Google reCAPTCHA Update Blocks Privacy-Focused Android Users From Sites Google has rolled out a significant update to its reCAPTCHA verification system that fundamentally alters how websites verify human traffic. Announced on April 22 at the Google Cloud Next 2026 conference, the new mechanism operates through Google’s Cloud Fraud Defense tool and introduces a mandatory QR…

  • JDownloader Downloader Hacked to Infect Users With New Python RAT

    JDownloader Downloader Hacked to Infect Users With New Python RAT JDownloader, the popular open-source download manager trusted by millions of users worldwide, was at the center of a serious supply chain attack in early May 2026. Attackers quietly compromised the official jdownloader.org website and replaced legitimate installer download links with malicious files carrying a fully…

  • 10 Best Full Disk Encryption Tools in 2026

    10 Best Full Disk Encryption Tools in 2026 Full Disk Encryption (FDE) is a security feature that encrypts the entire contents of a disk drive, ensuring that all data stored on the drive is protected from unauthorized access, even if the device is physically stolen. FDE uses robust encryption algorithms to encrypt data on the…

  • Top 10 Best Interactive Malware Analysis Tools in 2026

    Top 10 Best Interactive Malware Analysis Tools in 2026 As we navigate through 2026, the cybersecurity landscape has never been more complex. Threat actors are actively leveraging advanced AI, highly evasive techniques, and fileless architectures to bypass traditional security controls. For security operation centers (SOCs), incident responders, and threat hunters, static analysis alone is no…

  • Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak

    Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak Cybersecurity researchers have disclosed a critical security vulnerability in Ollama that, if successfully exploited, could allow a remote, unauthenticated attacker to leak its entire process memory. The out-of-bounds read flaw, which likely impacts over 300,000 servers globally, is tracked as CVE-2026-7482 (CVSS score: 9.1). It has…

  • Weekly Update 503

    Weekly Update 503 Well, it’s the day before the Instructure “pay or leak” deadline (at least by my Aussie watch), and the company remains removed from the ShinyHunters website. In its place sits a press statement that amounts to “we’re not making any statements”. So did they pay? And if so, what lofty figure would…

  • TCLBANKER Malware Leverages WhatsApp and Outlook Worm Features in Active Attacks

    TCLBANKER Malware Leverages WhatsApp and Outlook Worm Features in Active Attacks A sophisticated Brazilian banking trojan named TCLBANKER, deployed through a trojanized Logitech installer and capable of hijacking victims’ WhatsApp and Outlook accounts to spread itself… Delivered by PolitePaul service Go to gbhackers.com

  • JDownloader site hacked to replace installers with Python RAT malware

    JDownloader site hacked to replace installers with Python RAT malware The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows and Linux installers, with the Windows payload found deploying a Python-based remote access trojan. […] Lawrence Abrams Go to bleepingcomputer

  • Fake OpenAI repository on Hugging Face pushes infostealer malware

    Fake OpenAI repository on Hugging Face pushes infostealer malware A malicious Hugging Face repository that reached the platform’s trending list impersonated OpenAI’s “Privacy Filter” project to deliver information-stealing malware to Windows users. […] Bill Toulas Go to bleepingcomputer

  • New cPanel and WHM Flaws Enable Code Execution, DoS Attacks

    New cPanel and WHM Flaws Enable Code Execution, DoS Attacks cPanel has disclosed three critical security vulnerabilities tracked as CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203 affecting its widely deployed cPanel & WHM web hosting control panel and WP Squared (WP2) platform. The flaws, patched on May 8, 2026, expose servers to arbitrary file reads, Perl code injection,…

  • cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now

    cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now cPanel has released updates to address three vulnerabilities in cPanel and Web Host Manager (WHM) that could be exploited to achieve privilege escalation, code execution, and denial-of-service. The list of vulnerabilities is as follows – CVE-2026-29201 (CVSS score: 4.3) – An insufficient input validation…

  • Vidar Infostealer Campaign Steals Passwords, Cookies, Crypto Wallets, and Device Data

    Vidar Infostealer Campaign Steals Passwords, Cookies, Crypto Wallets, and Device Data A highly evasive multi-stage malware campaign deploying the Vidar Infostealer. First discovered in late 2018 and built on the Arkei stealer source code, Vidar… Delivered by PolitePaul service Go to gbhackers.com

  • NVIDIA Confirms GeForce Data Breach Exposed Users’ Personal Data

    NVIDIA Confirms GeForce Data Breach Exposed Users’ Personal Data GFN Cloud Internet Services, operating as the regional NVIDIA GeForce NOW cloud gaming partner, GFN.AM has officially confirmed a significant data breach. The security… Delivered by PolitePaul service Go to gbhackers.com

  • Pam Backdoor Targets Linux Systems to Steal SSH Credentials

    Pam Backdoor Targets Linux Systems to Steal SSH Credentials A newly observed Linux backdoor technique, dubbed Pam, is exploiting the flexibility of Pluggable Authentication Modules (PAM) to capture SSH credentials and maintain persistence on… Delivered by PolitePaul service Go to gbhackers.com

  • Modular RAT Campaign Steals Credentials and Captures Screenshots

    Modular RAT Campaign Steals Credentials and Captures Screenshots A sophisticated spear-phishing campaign, dubbed Operation GriefLure, targeting senior executives in Vietnam and the Philippines with a stealthy modular remote access trojan (RAT). The campaign… Delivered by PolitePaul service Go to gbhackers.com

  • NVIDIA confirms GeForce NOW data breach affecting Armenian users

    NVIDIA confirms GeForce NOW data breach affecting Armenian users NVIDIA has confirmed in a statement for BleepingComputer that GeForce NOW user information has been exposed in a data breach. […] Bill Toulas Go to bleepingcomputer

  • Why More Analysts Won’t Solve Your SOC’s Alert Problem

    Why More Analysts Won’t Solve Your SOC’s Alert Problem Attackers move faster than overwhelmed SOC teams can realistically investigate alerts. Prophet Security breaks down how AI can help analysts investigate alerts faster and focus on real threats. […] Sponsored by Prophet Security Go to bleepingcomputer

  • Trellix source code breach claimed by RansomHouse hackers

    Trellix source code breach claimed by RansomHouse hackers The attack on the Trellix source code repository disclosed last week has been claimed by the RansomHouse threat group, which leaked a small set of images as proof of the intrusion. […] Bill Toulas Go to bleepingcomputer

  • CISA gives feds four days to patch Ivanti flaw exploited as zero-day

    CISA gives feds four days to patch Ivanti flaw exploited as zero-day CISA has given U.S. federal agencies four days to secure their networks against a high-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) exploited in zero-day attacks. […] Sergiu Gatlan Go to bleepingcomputer

  • Zara data breach exposed personal information of 197,000 people

    Zara data breach exposed personal information of 197,000 people Hackers who gained access to the databases of Spanish fast-fashion retailer Zara stole data belonging to more than 197,000 customers, according to data breach notification service Have I Been Pwned. […] Sergiu Gatlan Go to bleepingcomputer

  • TCLBANKER Malware Targets Users Through Self-Propagating WhatsApp and Outlook Worm Modules

    TCLBANKER Malware Targets Users Through Self-Propagating WhatsApp and Outlook Worm Modules A highly sophisticated Brazilian banking trojan named TCLBANKER, tracked under the campaign REF3076, this malware represents a major update to the older Maverick and SORVEPOTEL families. It stands out because it uses a fake, signed Logitech installer to infect systems and spreads automatically via…

  • NVIDIA Data Breach Reportedly Exposes Personal Information of GeForce Users

    NVIDIA Data Breach Reportedly Exposes Personal Information of GeForce Users A data breach at GFN.AM, an authorized NVIDIA GeForce NOW cloud gaming service provider operating under “GFN CLOUD INTERNET SERVICES” LLC, has exposed personal information belonging to registered users. The company disclosed the incident on May 5, 2026, revealing that unauthorized access to its database…

  • Let’s Encrypt Halts Certificate Issuance After Cross-Signed Root Certificate Incident

    Let’s Encrypt Halts Certificate Issuance After Cross-Signed Root Certificate Incident Let’s Encrypt temporarily suspended all certificate issuance on May 8, 2026, after engineers identified a critical issue involving a cross-signed certificate linking the organization’s Generation X root to its upcoming Generation Y root infrastructure. The incident triggered a complete shutdown of issuance across both production…

  • Critical Microsoft 365 Copilot Vulnerabilities Expose sensitive Information

    Critical Microsoft 365 Copilot Vulnerabilities Expose sensitive Information Microsoft has disclosed and fully remediated three critical information disclosure vulnerabilities affecting Microsoft 365 Copilot and Copilot Chat in Microsoft Edge, all released on May 7, 2026, requiring no action from end users or administrators. Microsoft’s Security Response Center published advisories for CVE-2026-26129, CVE-2026-26164, and CVE-2026-33111 as…

  • New PamDOORa Backdoor Attacking Linux Systems to Steal SSH Credentials

    New PamDOORa Backdoor Attacking Linux Systems to Steal SSH Credentials A new backdoor called PamDOORa has emerged as a serious and growing threat to Linux systems, targeting one of the most trusted components of the operating system to silently steal SSH credentials. The malware was advertised for sale on a Russian-speaking cybercrime forum called Rehub,…

  • TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms

    TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms Threat hunters have flagged a previously undocumented Brazilian banking trojan dubbed TCLBANKER that’s capable of targeting 59 banking, fintech, and cryptocurrency platforms. The activity is being tracked by Elastic Security Labs under the moniker REF3076. The malware family is assessed to be a major…

  • Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads

    Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads Cybersecurity researchers have discovered fraudulent apps on the official Google Play Store for Android that falsely claimed to offer access to call histories for any phone number, only to trick users into joining a subscription that provided fake data and incurred…

  • One Click, Total Shutdown: The “Patient Zero” Webinar on Killing Stealth Breaches

    One Click, Total Shutdown: The “Patient Zero” Webinar on Killing Stealth Breaches The hardest part of cybersecurity isn’t the technology, it’s the people. Every major breach you’ve read about lately usually starts the same way: one employee, one clever email, and one “Patient Zero” infection. In 2026, hackers are using AI to make these “first…

  • Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise

    Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise A previously undocumented Linux implant codenamed Quasar Linux RAT (QLNX) is targeting developers’ systems to establish a silent foothold as well as facilitate a broad range of post-compromise functionality, such as credential harvesting, keylogging, file manipulation, clipboard monitoring, and network tunneling. “QLNX targets developers…

  • One Missed Threat Per Week: What 25M Alerts Reveal About Low-Severity Risk

    One Missed Threat Per Week: What 25M Alerts Reveal About Low-Severity Risk The dark secret of enterprise security operations is that defenders have quietly institutionalized the practice of not looking. This is not just anecdotal, but rather backed by a recent report investigating more than 25 million security alerts, including informational and low-severity, across live…

  • Friday Squid Blogging: Giant Squid Live in the Waters of Western Australia

    Friday Squid Blogging: Giant Squid Live in the Waters of Western Australia Evidence of them has been found by analyzing DNA in the seawater. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy. Bruce Schneier Go to bruce schneier

  • Insider Betting on Polymarket

    Insider Betting on Polymarket Insider trading is rife on Polymarket: Analysis by the Anti-Corruption Data Collective, a non-profit research and advocacy group, found that long-shot bets—­defined as wagers of $2,500 or more at odds of 35 percent or less—­on the platform had an average win rate of around 52 percent in markets on military and…

  • Another Universal Linux Local Privilege Escalation (LPE) Vulnerability: Dirty Frag, (Fri, May 8th)

    Another Universal Linux Local Privilege Escalation (LPE) Vulnerability: Dirty Frag, (Fri, May 8th) Less than two weeks after the public disclosure of the Copy Fail vulnerability (CVE-2026-31431), another local privilege escalation (LPE) vulnerability in the Linux kernel has been revealed. Referred to as “Dirty Frag,” this vulnerability was discovered and reported by Hyunwoo Kim (@v4bel)…

  • One in eight UK workers has sold their company passwords, and bosses think it’s fine

    One in eight UK workers has sold their company passwords, and bosses think it’s fine One in eight UK workers admits to selling their company login credentials – or knowing someone who has – in the past 12 months. The really alarming bit? Their bosses are even more relaxed about it. Read more in my…

  • Inside Department 4: Russia’s secret school for hackers

    Inside Department 4: Russia’s secret school for hackers Most universities have a careers fair. At Bauman Moscow State Technical University, however, an elite group of students appear to have something rather more unusual: a direct pipeline into some of the world’s most notorious state-sponsored hacking groups. Read more in my article on the Hot for…

  • Sri Lanka makes 37 arrests as it raids another scam centre

    Sri Lanka makes 37 arrests as it raids another scam centre You don’t need to live near a scam compound for it to wreck your life. Americans lost $5.8 billion to crypto investment scams last year alone – and a raid in Sri Lanka this month shows exactly how the operations behind them keep finding…

  • ShinyHunters Claims Second Attack Against Instructure

    ShinyHunters Claims Second Attack Against Instructure The edtech company is struggling to wrest control from its hackers. PII belonging to hundreds of millions of people is on the line. Nate Nelson Go to gbhackers.com

  • Shifting Budget Dynamics for Identity Security and AI Agents

    Shifting Budget Dynamics for Identity Security and AI Agents AI agent projects are proliferating throughout the enterprise, and those AI agent identities require management, security, and governance. New Omdia research shows the AI agent identity budget dynamics are very different than traditional IAM projects. Todd Thiemann Go to gbhackers.com

  • Fake OpenClaw Installer Targets Crypto Wallets and Password Managers

    Fake OpenClaw Installer Targets Crypto Wallets and Password Managers Hackers are abusing a fake OpenClaw installer to deploy a modular Rust-based infostealer framework dubbed Hologram, aimed at harvesting credentials from more than 250 crypto… Delivered by PolitePaul service Go to gbhackers.com

  • Cline Kanban WebSocket Vulnerability Enables Malicious Sites to Take Over AI Coding Agents

    Cline Kanban WebSocket Vulnerability Enables Malicious Sites to Take Over AI Coding Agents Cline, a widely adopted open-source AI coding agent, has recently patched a severe vulnerability in its local Kanban server. Trusted by developers with deep… Delivered by PolitePaul service Go to gbhackers.com

  • ZiChatBot Malware Abuses Zulip APIs for Stealthy C2 Operations

    ZiChatBot Malware Abuses Zulip APIs for Stealthy C2 Operations A new cross‑platform malware family, dubbed ZiChatBot, that abuses the trusted Python Package Index (PyPI) ecosystem and the Zulip team chat platform to run a… Delivered by PolitePaul service Go to gbhackers.com

  • Fake Moustache Fools Age Checks, Sparks Online Safety Act Fears

    Fake Moustache Fools Age Checks, Sparks Online Safety Act Fears A critical gaps in age verification systems introduced under the Online Safety Act, with children easily bypassing safeguards using simple tricks including drawing fake… Delivered by PolitePaul service Go to gbhackers.com

  • Trellix Investigates RansomHouse Breach Claims Involving Source Code Repository

    Trellix Investigates RansomHouse Breach Claims Involving Source Code Repository Leading cybersecurity firm Trellix is actively investigating a potential security incident following claims made by the RansomHouse extortion group. The threat actors recently listed… Delivered by PolitePaul service Go to gbhackers.com

  • Former govt contractor convicted for wiping dozens of federal databases

    Former govt contractor convicted for wiping dozens of federal databases A 34-year-old Virginia man was found guilty of conspiring to destroy dozens of government databases after getting fired from his job as a federal contractor. […] Sergiu Gatlan Go to bleepingcomputer

  • New Linux ‘Dirty Frag’ zero-day gives root on all major distros

    New Linux ‘Dirty Frag’ zero-day gives root on all major distros A new Linux zero-day vulnerability, named Dirty Frag, allows local attackers to gain root privileges on most major Linux distributions with a single command. […] Sergiu Gatlan Go to bleepingcomputer

  • Canvas login portals hacked in mass ShinyHunters extortion campaign

    Canvas login portals hacked in mass ShinyHunters extortion campaign The ShinyHunters extortion gang has breached education technology giant Instructure again, this time exploiting another vulnerability to deface Canvas login portals for hundreds of colleges and universities. […] Lawrence Abrams Go to bleepingcomputer

  • New TCLBanker malware self-spreads over WhatsApp and Outlook

    New TCLBanker malware self-spreads over WhatsApp and Outlook A new trojan named TCLBanker, which targets 59 banking, fintech, and cryptocurrency platforms, uses a trojanized MSI installer for Logitech AI Prompt Builder to infect systems. […] Bill Toulas Go to bleepingcomputer

  • New PCPJack worm steals credentials, cleans TeamPCP infections

    New PCPJack worm steals credentials, cleans TeamPCP infections A new malware framework called PCPJack is stealing credentials from exposed cloud infrastructure while actively removing TeamPCP’s access to the systems. […] Bill Toulas Go to bleepingcomputer

  • Mozilla Patches 423 Firefox 0-Day Vulnerabilities with Claude Mythos and Other AI Models

    Mozilla Patches 423 Firefox 0-Day Vulnerabilities with Claude Mythos and Other AI Models Mozilla has fixed a total of 423 Firefox security bugs in April 2026 alone, a figure nearly 20 times higher than its monthly average of about 21 bugs throughout 2025, driven by a groundbreaking agentic AI pipeline built around Anthropic’s Claude Mythos…

  • Critical Spring Vulnerabilities Expose Arbitrary Files and GCP Secrets

    Critical Spring Vulnerabilities Expose Arbitrary Files and GCP Secrets Spring Cloud Config provides crucial server-side and client-side support for externalized configuration in distributed systems. Recently, the Spring development team disclosed four security vulnerabilities impacting the Spring Cloud Config Server. These flaws range from medium to critical severity, exposing environments to unauthorized arbitrary file access, cloud…

  • Dirty Frag Linux Vulnerability Let Attackers Gain Root Privileges – PoC Released

    Dirty Frag Linux Vulnerability Let Attackers Gain Root Privileges – PoC Released Dirty Frag is a newly disclosed, CVE-pending Linux kernel local privilege escalation (LPE) vulnerability that chains two separate page-cache write flaws, the xfrm-ESP Page-Cache Write and the RxRPC Page-Cache Write, to achieve root access on virtually all major Linux distributions, with a public exploit…

  • Multiple Critical Vulnerabilities Patched in Next.js and React Server Components

    Multiple Critical Vulnerabilities Patched in Next.js and React Server Components Vercel has released an extensive set of security advisories for Next.js, addressing more than a dozen vulnerabilities, including denial-of-service, middleware bypass, server-side request forgery, and cross-site scripting. The flaws affect Next.js versions 13.x through 16.x using the App Router, as well as React Server Components…

  • New Ivanti EPMM 0-Day Vulnerability Actively Exploited in Attacks

    New Ivanti EPMM 0-Day Vulnerability Actively Exploited in Attacks Ivanti has issued a critical security advisory for its Endpoint Manager Mobile (EPMM) product, disclosing multiple actively exploited vulnerabilities, including CVE-2026-6973, and urging all on-premises EPMM customers to apply patches immediately. At the time of disclosure, Ivanti confirmed active exploitation of CVE-2026-6973, a vulnerability that requires…

  • Fake call logs, real payments: How CallPhantom tricks Android users

    Fake call logs, real payments: How CallPhantom tricks Android users ESET researchers uncovered fraudulent apps on Google Play that claim to provide the call history “for any number” and had been downloaded more than seven million times before being taken down Go to eset