Technology Intelligence
Threats against technology companies, software vendors, cloud services, and tech infrastructure.
Shifting Budget Dynamics for Identity Security and AI Agents
AI agent projects are proliferating throughout the enterprise, and those AI agent identities require management, security, and governance. New Omdia research shows the AI agent identity budget dynamics are very different than traditional IAM projects.
CMC Markets launches spread-betting account for retail clients
CMC Markets (“CMC”), a FTSE 250 company and global leader in multi-asset online trading and investing, has launched Spectre for retail clients, following strong demand after the product was initially introduced for professional traders.
Zepz joins NCA efforts to identify financial signals linked to child sexual abuse
Zepz, the global payments group behind WorldRemit and Sendwave, today announced their participation in a National Economic Crime Centre (NECC) Public Private Partnership (PPP) Cell focused on combatting child sexual abuse (CSA).
PRA consults on ring-fencing reforms
The Prudential Regulation Authority (PRA) has today announced plans to consult on reforming rules around shared operational services for ring-fenced banks.
The Boring Stuff is Dangerous Now
AI agents capable of discovering and exploiting obscure vulnerabilities are emerging alongside developers producing vast amounts of potentially flawed AI-generated code, forcing defenders to adapt accordingly.
Millions Impacted Across Several US Healthcare Data Breaches
Several healthcare data breaches impacting hundreds of thousands and even millions were added to the HHS tracker. The post Millions Impacted Across Several US Healthcare Data Breaches appeared first on SecurityWeek .
New image-based prompt injection attack targets multimodal AI models
Security researchers have developed a new image-based prompt injection attack that can manipulate how multimodal AI systems interpret user instructions without modifying the original text prompt, potentially expanding security risks for AI agents and vision-language systems. In a research paper published this week, researchers from Xidian University described a technique called “CrossMPI,” which u
CFIT unveils Open Property roadmap
The Centre for Finance, Innovation and Technology (CFIT) today marks the culmination of the first phase of its Open Property Coalition, publishing a landmark Roadmap for Open Property that has the potential to transform the UK’s homebuying process - and signals the next phase of the UK’s Smart Data journey beyond Open Banking and Open Finance.
‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor Delivery
Four vulnerabilities in OpenClaw can be chained together to steal credentials, escape the sandbox, and plant persistent backdoors. The post ‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor Delivery appeared first on SecurityWeek .
‘Patched’ Windows bug resurfaces 6 years later as working SYSTEM-level exploit
An old elevation-of-privilege (EoV) vulnerability affecting the Cloud Filter driver “cldflt.sys” in Windows has come back to haunt Microsoft, as researchers claim it is still exploitable six years after it was supposedly patched. The flaw, originally reported to Microsoft by Google Project Zero researcher James Forshaw in September 2020, was recently picked up by Nightmare Eclipse , a researcher o
IT threat evolution in Q1 2026. Mobile statistics
This report contains mobile threat statistics for Q1 2026, along with noteworthy discoveries and quarterly trends: new versions of SparkCat and Triada.
IT threat evolution in Q1 2026. Non-mobile statistics
The report presents key trends and statistics on malware that targeted personal computers running Windows and macOS, as well as Internet of Things (IoT) devices, during Q1 2026.
Digital Assets Clearing Center secures $10 million investment
Digital Asset Clearing Center (DACC.HK), a next-generation financial market infrastructure for the tokenized economy, today announced US$10 million in funding from strategic partners including Conflux, Transaction Technologies Limited (“TTL”) and Global InfoTech.
7-Eleven Data Breach Confirmed After ShinyHunters Ransom Demand
The hackers claimed to have stolen more than 600,000 Salesforce records, including personal information and corporate data. The post 7-Eleven Data Breach Confirmed After ShinyHunters Ransom Demand appeared first on SecurityWeek .
Developer Workstations Are Now Part of the Software Supply Chain
Supply chain attackers are not only trying to slip malicious code into trusted software. They are trying to steal the access that makes trusted software possible. Recently, three separate campaigns hit npm, PyPI, and Docker Hub in a 48-hour window, and all three targeted secrets from developer environments and CI/CD pipelines, including API keys, cloud credentials, SSH keys, and tokens. This is
Microsoft testing adjustable taskbar, Start menu in Windows 11
Microsoft has finally brought back the resizable taskbar and Start menu to Windows 11 in the latest preview version rolling out to Insiders in the Experimental channel. [...]
Zero-Day Exploit Against Windows BitLocker
It’s nasty , but it requires physical access to the computer: The exploit, named YellowKey, was published earlier this week by a researcher who goes by the alias Nightmare-Eclipse. It reliably bypasses default Windows 11 deployments of BitLocker, the full-volume encryption protection Microsoft provides to make disk contents off-limits to anyone without the decryption key, which is stored in
SGX FX conneccts with Chainlink
SGX FX, a leading technology partner for the global institutional FX ecosystem, has adopted Chainlink, the industry-standard oracle platform, to broaden access to its OTC FX data and support greater flexibility in how institutional participants consume trusted market information.
Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws
Ivanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities that could be exploited by bad actors to bypass authentication and execute arbitrary code. Topping the list is a critical flaw impacting Ivanti Xtraction (CVE-2026-8043, CVSS score: 9.6) that could be exploited to achieve information disclosure or client-side attacks. "External control of a file name
Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE
The researcher dropped the MiniPlasma exploit that uses the original proof-of-concept (PoC) code targeting the bug. The post Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE appeared first on SecurityWeek .
UK regulators warn of new threats from frontier AI models
The FCA, Bank of England and HM Treasury are warning banks to prepare for a new wave of powerful cyber attacks from AI-driven 'frontier' models.
FCA and Bank of England set out shared vision for tokenisation in UK wholesale markets
UK financial firms can adopt tokenisation and distributed ledger technology (DLT) with greater confidence, as the Financial Conduct Authority (FCA) and the Bank of England set out a shared vision and seek industry views on the future of UK wholesale markets.
NCSC Publishes Guidance on Securing Agentic AI Use
The UK’s National Cyber Security Centre is helping organizations to understand agentic AI security risks
OpenAI begins roll out of personal finance suite
OpenAI has released a preview of a new integration with account aggregator Plaid that enables ChatGPT users to connect all of their accounts and ask questions ranging from spending analysis to future financial planning.
The Canvas breach proved that prevention is no longer enough
Cybercriminals brought down the most widely used learning platform in North America. The Canvas breach is a blueprint for how SaaS attacks now work — and a warning about how unprepared most organizations still are. The post The Canvas breach proved that prevention is no longer enough appeared first on CyberScoop .
First Shai-Hulud Worm Clones Emerge
At least one threat actor has adopted the recently released malware source code in attacks against NPM developers. The post First Shai-Hulud Worm Clones Emerge appeared first on SecurityWeek .
Security Researchers Find 47 Zero-Days at Pwn2Own Berlin
The research community was awarded $1.3m as it found dozens of novel vulnerabilities at Pwn2Own Berlin
Nationwide gives abuse survivors the power to block harmful payment messages
Nationwide has released a new in-app features that gives abuse survivors the power to block harmful payment messages.
State Employees’ Credit Union signs with Corelation
State Employees’ Credit Union (SECU) has signed with credit union core processor Corelation, Inc., announcing plans to convert to the KeyStone core. Based in Raleigh, North Carolina, SECU is the second largest credit union in the United States with over $59 billion in assets, serving more than 2.9 million members.
OMS appoints Simon Tippett as head of delivery
One Mortgage System (OMS), the CRM and loan origination platform for intermediaries and lenders, has announced the appointment of Simon Tippett as Head of Delivery as the business continues to strengthen its technical and operational capabilities during its next phase of growth.
Banking Circle names Kush Saxena as CEO
Banking Circle Group, the financial technology platform for global commerce, today announces the appointment of Kush Saxena as Group Chief Executive Officer.
Bank of England, FCA and Treasury Raise Alarm Over Frontier AI
The UK’s financial authorities have set expectations for the sector on cybersecurity and operational resilience
Why the best security investment a board can make in 2026 isn’t another tool
There is a conversation that happens in boardrooms every quarter that security leaders will recognize. The CISO presents the threat landscape. The board asks what the company needs. The answer, almost always, is another tool. Another platform, another module, another vendor to close the latest gap. The budget gets approved. The tool gets deployed. And six months later, the conversation happens aga
AI coding is fueling a secrets-sprawl crisis few CISOs are containing
When Matt Schlicht built Moltbook, the social network where AI agents talk to one another, he didn’t write the code himself . He “just had a vision,” and vibe-coded it. The social network launched on Jan. 28, 2026, and within days, security researchers started to see serious security flaws. Experts at cloud security company Wiz and, independently, researcher Jameson O’Reilly, discovered that Molt
Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
Cybersecurity researchers have discovered four new npm packages containing information-stealing malware, one of which is a clone of the Shai-Hulud worm open-sourced by TeamPCP. The list of identified packages is below - chalk-tempalte (825 Downloads) @deadcode09284814/axios-util (284 Downloads) axois-utils (963 Downloads) color-style-utils (934 Downloads) "One of the packages (chalk-tempalte)
Sygnum delivers AI agent-driven digital asset transactions
Swiss digital asset bank Sygnum is to use AI agents to test live on-chain transactions using a 'human-in-the-loop' design, with the client signing every action and private keys never leaving their device.
Aon to modernize how brokers access capital and syndicate risk
Aon plc (NYSE: AON), a leading global professional services firm, today announced plans to launch Aon Digital Placement Exchange (Aon DPX), a new digital trading platform designed to modernize how brokers access capital and syndicate risk.
Grafana Confirms Breach After Hackers Claim They Stole Data
Grafana appears to have been targeted by Coinbase Cartel, a cybercrime group linked to ShinyHunters, Scattered Spider, and Lapsus$. The post Grafana Confirms Breach After Hackers Claim They Stole Data appeared first on SecurityWeek .
Microsoft confirms Windows 11 security update install issues
Microsoft has confirmed that the May 2026 Windows 11 security update (KB5089549) fails to install on some systems and triggers 0x800f0922 errors. [...]
Exploitation of Critical NGINX Vulnerability Begins
The flaw leads to denial-of-service on default configurations and to remote code execution if ASLR is disabled. The post Exploitation of Critical NGINX Vulnerability Begins appeared first on SecurityWeek .
Exploit available for new DirtyDecrypt Linux root escalation flaw
A recently patched local privilege escalation vulnerability in the Linux kernel's rxgk module now has a proof-of-concept exploit that allows attackers to gain root access on some Linux systems. [...]
Pre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons Simulations
A new analysis of the Lua-based fast16 malware has confirmed that it was a cyber sabotage tool designed to tamper with nuclear weapons testing simulations. According to Broadcom-owned Symantec and Carbon Black teams, the pre-Stuxnet tool was engineered to corrupt uranium-compression simulations that are central to nuclear weapon design. "Fast16's hook engine is selectively interested in
Hackers earn $1,298,250 for 47 zero-days at Pwn2Own Berlin 2026
The Pwn2Own Berlin 2026 hacking contest has concluded, with security researchers collecting $1,298,250 in rewards after exploiting 47 zero-day flaws. [...]
MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems
Chaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and GreenPlasma, has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day flaw that grants attackers SYSTEM privileges on fully patched Windows systems. Codenamed MiniPlasma, the vulnerability impacts "cldflt.sys," which refers to the Windows Cloud Files Mini Filter Driver,
Hackers Earn $1.3 Million at Pwn2Own Berlin 2026
Participants demonstrated exploits for Windows, Linux, VMware, Nvidia, and AI products. The post Hackers Earn $1.3 Million at Pwn2Own Berlin 2026 appeared first on SecurityWeek .
Former CISA nominee Sean Plankey named US CEO of defense startup
UFORCE, a London-based company founded by Ukrainians, is looking to make drones in America. The post Former CISA nominee Sean Plankey named US CEO of defense startup appeared first on CyberScoop .
Weekly Update 504
It's a hot topic, the old "pay or don't pay" for hackers not to leak your data. Since recording this a few days ago, we've had Grafana go with the "no pay" approach , and I've seen a raft
Can Laws Stop Deepfakes? South Korea Aims to Find Out
South Korea's local elections next month will be a test bed for how effective regulations might be to stymie the flow of deepfakes.
Zopa and ClearScore sign up 22 members for GenAI upskilling push
Zopa Bank and ClearScore have signed up 22 members to their coalition dedicated to upskilling 100,000 fintech and banking professionals in AI disciplines by 2030.
New Windows 'MiniPlasma' zero-day exploit gives SYSTEM access, PoC released
A cybersecurity researcher has released a proof-of-concept exploit for a Windows privilege escalation zero-day dubbed "MiniPlasma" that lets attackers gain SYSTEM privileges on fully patched Windows systems. [...]
Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing
The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack Microsoft 365 accounts. [...]
NVD CRITICAL: CVE-2018-25335 — WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerabili...
WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Attackers can upload files with arbitrary extensions by manipulating the 'name' parameter to execute code from the uploads directory.
NVD CRITICAL: CVE-2018-25332 — GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability...
GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR plugin via the git-lfs endpoint, and execute system commands through an exposed exploit endpoint.
NVD CRITICAL: CVE-2018-25320 — ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code executi...
ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with system privileges to establish reverse shells and gain complete system control.
NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE
A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public disclosure, according to VulnCheck. The vulnerability, tracked as CVE-2026-42945 (CVSS score: 9.2), is a heap buffer overflow in ngx_http_rewrite_module affecting NGINX versions 0.6.27 through 1.30.0. According to AI-native security company depthfirst, the
Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt
Grafana has disclosed that an "unauthorized party" obtained a token that granted them the ability to access the company's GitHub environment and download its codebase. "Our investigation has determined that no customer data or personal information was accessed during this incident, and we have found no evidence of impact to customer systems or operations," Grafana said in a series of
Microsoft rejects critical Azure vulnerability report, no CVE issued
A security researcher claims Microsoft quietly fixed an Azure Backup for AKS vulnerability after rejecting his report, and without issuing a CVE. Microsoft disputes the claim, telling BleepingComputer the behavior was expected and that "no product changes were made," despite the researcher documenting a silent fix. [...]
Another detail emerges about Instructure’s agreement with ShinyHunters; Debate continues about whether to pay
Media outlets have been understandably eager to learn whether Instructure paid ShinyHunters after the latter attacked them for a second time on May 7. Considering that they pledged to be more transparent, DataBreaches doesn’t fully understand why Instructure wasn’t more forthright about the payment issue in its update, unless they were trying to avoid encouraging... Source
NVD CRITICAL: CVE-2021-47952 — python jsonpickle 2.0.0 contains a remote code execution vulnerability that allo...
python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by deserializing malicious JSON payloads containing py/repr objects. Attackers can craft JSON strings with py/repr directives that invoke the eval function during deserialization to execute system commands and arbitrary code.
NVD CRITICAL: CVE-2020-37239 — libbabl 0.1.62 contains a broken double free detection vulnerability that allows...
libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety checks by exploiting signature overwriting in freed chunks. Attackers can call babl_free() twice on the same pointer without triggering detection, as libc's malloc metadata overwrites babl's signature field upon freeing, enabling potential memory corruption and code execution.
NVD CRITICAL: CVE-2020-37228 — iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulner...
iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retrieve valid CAPTCHA codes via the login endpoint and use them to perform brute-force attacks against user accounts.
Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming
A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild to inject malicious JavaScript code into WooCommerce checkout pages with the goal of stealing payment data. Details of the activity were published by Sansec this week. The vulnerability currently does not have an official CVE identifier. It
Russian hackers turn Kazuar backdoor into modular P2P botnet
The Russian hacker group Secret Blizzard has developed its long-running Kazuar backdoor into a modular peer-to-peer (P2P) botnet designed for long-term persistence, stealth, and data collection. [...]
Michigan Nurse Convicted in $1.6M Medicare Fraud Scheme Using Stolen Patient Records
Scott McClallen reports: A federal jury in the Eastern District of Michigan convicted a Michigan nurse and home health care agency owner yesterday for operating a $1.6 million scheme to defraud Medicare. Court documents say that Ruby Scott, 55, of Farmington Hills, Michigan, owned and operated Delta Home Health Care LLC. From 2018 through 2021,... Source
Illuminate wins another round in court, but it may not all be over
The Supreme Court of California has ruled in J.M. v. Illuminate Education, Inc., a case closely watched by those concerned about holding edtech vendors liable in the event of a data breach. As background on the case: In December 2021, Illuminate suffered a data breach that affected 1.7 million students in New York, 434,000 students... Source
New Cisco SD-WAN Zero-Day Grants Admin Access
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/new-cisco-sd-wan-zero-day-grants-admin-access-image_small-6-a-31708.jpg" align=right hspace=4><b>Broken vdaemon Peering Authentication Enables Unauthenticated Admin Access</b><br>A maximum-severity vulnerability in Cisco Catalyst SD-WAN Controller is being actively exploited, giving attackers administrative privileges without auth
SecurityScorecard Buys Driftnet for More Internet Visibility
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/securityscorecard-buys-driftnet-for-more-internet-visibility-image_small-7-a-31707.jpg" align=right hspace=4><b>Driftnet Acquisition Adds Real-Time Visibility Into Exposed Assets and AI Risks</b><br>SecurityScorecard acquired internet reconnaissance startup Driftnet to expand real-time visibility into hidden infrastructure, expose
AI Doctors? Lawsuits Say No, Some Doctors Say Yes
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/pennsylvania-targets-ai-chatbots-posing-as-doctors-image_small-5-a-31705.jpg" align=right hspace=4><b>License Frontier AI to Practice Medicine, Argues JAMA Article</b><br>Scrutiny is intensifying around the quickly evolving role that AI is playing in healthcare. That includes issues around the transparency and safety of consumer h
ISMG Editors: Should We Trust Ransomware Gangs?
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/ismg-editors-should-we-trust-ransomware-gangs-image_small-2-a-31704.jpg" align=right hspace=4><b>Ransomware Payouts, AI-Driven Threats and Reshaping Payment Fraud</b><br>In this week's panel, four ISMG editors discussed a ransomware case that once again raises questions about paying extortionists, why security leaders fear AI is a
PoC Code Published for Critical NGINX Vulnerability
Introduced in 2008, the critical-severity security defect was patched this week in NGINX Plus and NGINX open source. The post PoC Code Published for Critical NGINX Vulnerability appeared first on SecurityWeek .
Friday Squid Blogging: Bigfin Squid
Article about the bigfin squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.
Colorado governor commutes prison sentence for election denier Tina Peters
Peters was sentenced to nine years for stealing voting data and has been publicly unrepentant. But Colorado Governor Jared Polis has been hinting at the decision for months. The post Colorado governor commutes prison sentence for election denier Tina Peters appeared first on CyberScoop .
Expired domain leads to supply chain attack on node-ipc npm package
A popular npm package called node-ipc has been compromised, with hackers publishing malicious versions that bundle credential stealing malware. The root cause of the compromise was an expired domain name that attackers managed to register in order to hijack a maintainer’s account. The node-ipc package has had malware added to its code in the past. In March 2022, following Russia’s invasion of Ukra
Exchange Server zero-day vulnerability can be triggered by opening a malicious email
A newly discovered zero-day vulnerability in Microsoft Exchange Server has experts declaring an emergency and urging CSOs to think about the need to abandon on-premises email solutions. “Because it’s already being exploited in the wild, this isn’t a ‘patch next week situation; it’s a ‘mitigate right now’ emergency,” warned Rob Enderle of the Enderle Group. “This is another reminder to find a trust
Here’s how the FTC plans to enforce the Take It Down Act
The commission will dole out hefty fines and promises investigations for Take It Down Act violators. Experts say questions remain around the agency’s resources and priorities. The post Here’s how the FTC plans to enforce the Take It Down Act appeared first on CyberScoop .
More than $10 million stolen from crypto platform THORChain
THORChain officials said the investigation into the incident is ongoing but explained that one of their six vaults was compromised, leading to a loss of about $10.7 million.
Funnel Builder WordPress plugin bug exploited to steal credit cards
A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited to inject malicious JavaScript snippets into WooCommerce checkout pages. [...]
NVD CRITICAL: CVE-2026-46364 — phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in...
phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector() and BuiltinCaptcha::saveCaptcha() methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captcha endpoint by crafting malicious User-Agent headers to perform time-based blind SQL injection, ext
NVD CRITICAL: CVE-2026-45010 — phpMyFAQ before 4.1.2 contains an improper restriction of excessive authenticati...
phpMyFAQ before 4.1.2 contains an improper restriction of excessive authentication attempts vulnerability in the /admin/check endpoint, which accepts arbitrary user-id parameters without session binding or rate limiting. Unauthenticated attackers can brute-force any user's six-digit TOTP code by submitting POST requests with sequential token values, bypassing two-factor authentication to gain full
NVD CRITICAL: CVE-2021-47965 — WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file u...
WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous file types without validation. Attackers can upload arbitrary files through the filemanager upload endpoint to achieve remote code execution and complete system compromise.
Metasploit Wrap-Up 05/15/2026
Weaponizing a text editor for fun and profit Gather round, dear readers, because today, we (by we, we mean @h00die) dropped the ultimate persistence mechanism: Vim plugin persistence. And honestly, calling it "persistence" feels redundant — Vim is already the most persistent thing ever. Somewhere, somehow, there will still be a Vim session open since 2011, because no one has figured out how to clo
Microsoft Exchange, Windows 11 hacked on second day of Pwn2Own
During the second day of Pwn2Own Berlin 2026, competitors collected $385,750 in cash awards after exploiting 15 unique zero-day vulnerabilities in multiple products, including Windows 11, Microsoft Exchange, and Red Hat Enterprise Linux for Workstations. [...]
Popular node-ipc npm package compromised to steal credentials
Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply chain attack targeting npm. [...]
Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access
The Russian state-sponsored hacking group known as Turla has transformed its custom backdoor Kazuar into a modular peer-to-peer (P2P) botnet that's engineered for stealth and persistent access to compromised hosts. Turla, per the U.S. Cybersecurity and Infrastructure Security Agency (CISA), is assessed to be affiliated with Center 16 of Russia's Federal Security Service (FSB)
UK: Hospital workers inappropriately accessed details of Southport victims, investigation finds
On the Spot News reports: An investigation has revealed than nearly 50 staff at a Merseyside hospital group accessed horrific details of the condition of those attacked in Southport. The investigation has only just come to light, with victims finding out this week about the horrific data breach as a result of investigative journalism by... Source
Avada Builder WordPress plugin flaws allow site credential theft
Two vulnerabilities in the Avada Builder plugin for WordPress, with an estimated one million active installations, allow hackers to read arbitrary files and extract sensitive information from the database. [...]
In Other News: Big Tech vs Canada Encryption Bill, Cisco’s Free AI Security Spec, Audi App Flaws
Other noteworthy stories that might have slipped under the radar: Nvidia cloud gaming data breach, Android 17 security upgrades, FBI warning after ShinyHunters hacks Canvas. The post In Other News: Big Tech vs Canada Encryption Bill, Cisco’s Free AI Security Spec, Audi App Flaws appeared first on SecurityWeek .
Microsoft Edge to stop loading cleartext passwords in memory on startup
Microsoft is updating the Edge web browser to ensure it no longer loads saved passwords into process memory in clear text at startup. [...]
Microsoft backpedals: Edge to stop loading passwords into memory
Microsoft is updating the Edge web browser to ensure it no longer loads saved passwords into process memory in clear text at startup after previously stating it was "by design." [...]
9 in 10 social media posts by finfluencers are low quality - research
Almost 90% of social media posts from financial influencers are low quality, according to research from Queen Mary University of London.
Fiserv unveils agentic AI operating system
Fiserv has launched AgentOS, an agentic AI operating system designed to help financial institutions deploy, manage, and scale agents across their banking workflows.
Gremlin Stealer Evolves into Modular Threat with Advanced Evasion Capabilities
A new Gremlin stealer variant has evolved into a modular toolkit with advanced evasion and data theft capabilities, according to new Unit 42 research
Cisco zero-day under ongoing attack by persistent threat group
The threat group behind the attacks is also linked to a series of recently disclosed vulnerabilities in the vendor’s firewalls and SD-WAN systems. The post Cisco zero-day under ongoing attack by persistent threat group appeared first on CyberScoop .
NAB buys A2A payments platform Banked
National Australia Bank has acquired account-to-account payments platform Banked. Financial terms were not disclosed.
Inside the REMUS Infostealer: Session Theft, MaaS, and Rapid Evolution
Stolen browser sessions and authentication tokens are becoming more valuable than stolen passwords. Flare explains how the REMUS infostealer evolved around session theft and operational scalability. [...]
Raising the bar: Quality, shared responsibility, and the future of GitHub’s bug bounty program
We're updating our bug bounty program standards to prioritize quality submissions, clarify shared responsibility boundaries, and evolve how we reward low-risk findings. The post Raising the bar: Quality, shared responsibility, and the future of GitHub’s bug bounty program appeared first on The GitHub Blog .
Welcome to BlackFile: Inside a Vishing Extortion Operation
<div class="block-paragraph_advanced"><p>Written by: Austin Larsen, Tyler McLellan, Genevieve Stark, Dan Ebreo</p> <hr/></div> <div class="block-paragraph_advanced"><h3><span style="vertical-align: baseline;">Introduction</span><strong style="vertical-align: baseline;"> </strong></h3> <p><span style="vertical-align: baseline;">Google Threat Intelligence Group (GTIG) has continued to track an expan
Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence
Cybersecurity researchers have disclosed a set of four security flaws in OpenClaw that could be chained to achieve data theft, privilege escalation, and persistence. The vulnerabilities, collectively dubbed Claw Chain by Cyera, can permit an attacker to establish a foothold, expose sensitive data, and plant backdoors. A brief description of the flaws is below -
Bitget Wallet hires Uber Jack Zhai as head of the Americas
Bitget Wallet, the everyday finance app, has appointed Jack Zhai as Head of the Americas. Zhai helped scale Uber during its aggressive international expansion.
Wyden integrates with EDX Markets
Wyden, the leader in institutional digital asset trading technology, announced its integration with EDX Markets (EDX), a leading digital asset technology firm that combines an institutional-only trading venue with a central clearinghouse.
CISA orders all federal agencies to patch exploited bug in Cisco SD-WAN systems by Sunday
Cisco released a patch for the vulnerability on Thursday, writing in an advisory that it could “allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.”
Carta buys Avantia for new law unit
Carta, the agentic enterprise resource planning (ERP) platform for private capital, today announced it has acquired Avantia, a leading AI-powered legal and compliance law firm for asset managers.
Microsoft Reports Severe Zero-Day Flaw in On-Prem Exchange Servers
The zero-day vulnerability affects on-premises installations for all versions of Exchange Server 2016, 2019 and Subscription Edition
Microsoft to automatically roll back faulty Windows drivers
Microsoft is introducing a new capability that will allow it to remotely roll back problematic Windows drivers delivered through Windows Update. [...]
US Senate committee advances Clarity Act to Senate
On Thursday, the Republican-led Senate Banking Committee advanced the Clarity Act which would regulate digital assets.
US banking committee advances Clarity Act to Senate
On Thursday, the Republican-led Senate Banking Committee advanced the Clarity Act which would regulate digital assets.
Esse Health Agrees to Pay 2.53M to Settle Data Breach Lawsuit
American Multispecialty Group, doing business as Esse Health, a Missouri-based independent physician group serving the greater St. Louis area, experienced […] The post Esse Health Agrees to Pay 2.53M to Settle Data Breach Lawsuit appeared first on The HIPAA Journal .
Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild
Microsoft has shared mitigations for CVE-2026-42897 until a permanent patch can be released for affected Exchange Server versions. The post Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild appeared first on SecurityWeek .
Cyber Pioneers Ponder Past as Prologue
Robert "RSnake" Hansen, Katie Moussouris, Rich Mogull, Richard Stiennon, and Bruce Schneier reflect on how their favorite columns penned for Dark Reading over the past 20 years have stood the test of time.
Cisco warns of an actively exploited SD-WAN flaw with max severity
Cisco has disclosed a max-severity authentication bypass vulnerability affecting its Catalyst SD-WAN Controller and Catalyst SD-WAN Manager platforms, warning that the flaw has already been found to be exploited in the wild. The disclosure follows an earlier authentication bypass vulnerability that Cisco patched in February. In the latest advisory, the company said the new flaw was identified whil
Congress Members’ Prescription Information Compromised in RXNT Data Breach
Further information has come to light about the RXNT data breach, reported by the HIPAA Journal on May 6, 2026. […] The post Congress Members’ Prescription Information Compromised in RXNT Data Breach appeared first on The HIPAA Journal .
American Lending Center Data Breach Affects 123,000 Individuals
The non-bank lender discovered a ransomware attack nearly one year ago, but only recently completed its investigation. The post American Lending Center Data Breach Affects 123,000 Individuals appeared first on SecurityWeek .
Bypassing On-Camera Age-Verification Checks
Some AI-based video age-verification checks can be fooled with a fake mustache .
What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface
In Your Biggest Security Risk Isn't Malware — It's What You Already Trust, we made a simple argument: the most dangerous activity inside most organizations no longer looks like an attack. It looks like administration. PowerShell, WMIC, netsh, Certutil, MSBuild — the same trusted utilities your IT team uses every day are also the preferred toolkit of modern threat actors. Bitdefender's analysis
TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates
OpenAI has disclosed that two of its employee devices in its corporate environment were impacted via the Mini Shai-Hulud supply chain attack on TanStack, but noted that no user data, production systems, or intellectual property were compromised or modified in an unauthorized manner. "Upon identification of the malicious activity, we worked quickly to investigate, contain, and take steps to
OpenAI Hit by TanStack Supply Chain Attack
Two employee devices were compromised in the attack, and credential material was stolen from OpenAI code repositories. The post OpenAI Hit by TanStack Supply Chain Attack appeared first on SecurityWeek .
nsave to offer Syrians international USD accounts
Offshore banking platform nsave will launch financial services for underbanked Syrians both abroad and in Syria.
Klarna breaks even first time after IPO listing
Swedish fintech firm Klarna broke even for the first time since it announced its $15 billion New York IPO last September.
Ransomware Groups Claim Responsibility for Attacks on 3 Healthcare Providers
Ransomware groups have claimed responsibility for attacks on Advanced Family Surgery Center in Tennessee, Orem Eye Clinic in Utah, and […] The post Ransomware Groups Claim Responsibility for Attacks on 3 Healthcare Providers appeared first on The HIPAA Journal .
Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files
Unit 42 analyzes the evolution of Gremlin stealer. This variant uses advanced obfuscation, crypto clipping and session hijacking to compromise data. The post Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files appeared first on Unit 42 .
Autonomous systems are finally working. Security is next
Waymo recently crossed a major milestone: Over 170 million autonomous miles driven without a single serious crash or injury. For years, autonomous driving was treated as a promise that was always just out of reach — too complex, too risky and not ready for the real world. That argument is no longer credible. Autonomous systems are now outperforming humans in high-speed, high-volume environments. T
B2C2 gains MiCA authorisation
B2C2, a global leader in institutional digital asset liquidity, has obtained authorisation under the EU’s Markets in Crypto-Assets (MiCA) framework from Luxembourg’s Commission de Surveillance du Secteur Financier (CSSF).
TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code
The hacking group is encouraging miscreants to use the code in supply chain attacks, promising monetary rewards. The post TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code appeared first on SecurityWeek .
Microsoft warns of Exchange zero-day flaw exploited in attacks
On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow threat actors to execute arbitrary code via cross-site scripting (XSS) while targeting Outlook on the web users. [...]
NVD CRITICAL: CVE-2026-5229 — The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in v...
The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.1.10. This is due to the plugin trusting user-controlled cookie data to determine which WordPress account to authenticate after a LINE OAuth login. When LINE doesn't provide an email address (which is common), the plugin falls back to reading the 'form_notify_line_email' cookie value witho
EU’s Cyber Resiliency Act will put IT leaders to the test
Unlike most cyber security regulations, the EU’s Cyber Resilience Act is about product safety rather than processes or certification, extending the CE mark from the physical side of products to software, firmware, backend services, and anything with a network connection. It encodes existing best practices, enforces minimum product support lifecycles, and could mean developing stronger relationship
The economics of ransomware 3.0
The moment every boardroom dreads There is a moment in almost every ransomware negotiation — usually around 36 hours, when legal, IT and the CFO are all in the same room — when someone says it out loud: “Let’s just see what the insurance covers.” That instinct, understandable as it is, has become one of the most expensive assumptions in modern business. The threat landscape has moved on. The insur
Why geopolitical turmoil is a gift for scammers, and how to stay safe
Conflict is a boon for opportunistic fraudsters. Look out for their ploys.
Former Nuance Employee Sentenced for 1.2 Million-record Geisinger Health System Data Breach
A former employee of Nuance Communications, a business associate of Geisinger Health System that provided IT and conversational AI services, […] The post Former Nuance Employee Sentenced for 1.2 Million-record Geisinger Health System Data Breach appeared first on The HIPAA Journal .
China-Linked Hackers Deploy New TencShell Malware Against Global Manufacturer
A suspected China-linked threat actor targeted the Indian branch of a global manufacturer leveraging an open source offensive toolkit
Chrome 148 Update Patches Critical Vulnerabilities
The refresh resolves critical-severity use-after-free and other types of bugs in various browser components. The post Chrome 148 Update Patches Critical Vulnerabilities appeared first on SecurityWeek .
Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026
The zero-day, tracked as CVE-2026-20182, has been exploited in targeted attacks by a sophisticated threat actor identified as UAT-8616. The post Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026 appeared first on SecurityWeek .
On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email
Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-42897 (CVSS score: 8.1), has been described as a spoofing bug stemming from a cross-site scripting flaw. An anonymous researcher has been credited with discovering and reporting the issue. "
CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits
The U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed vulnerability impacting Cisco Catalyst SD-WAN Controller to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate the issue by May 17, 2026. The vulnerability is a critical authentication bypass tracked as CVE-2026-20182. It's
Go-Ahead for AI Chip Sales to 10 Chinese Firms Raise Alarms
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/go-ahead-for-ai-chip-sales-to-10-chinese-firms-raise-alarms-image_small-9-a-31697.jpg" align=right hspace=4><b>Reports: Trump Administration Approval of Nvidia H200 Sales Poses Frontier AI Risks</b><br>Trump administration discussions on AI governance with China are colliding with reports that Washington may permit expanded Nvidia
Mustang Panda Linked to New Modular FDMTP Backdoor
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/mustang-panda-linked-to-new-modular-fdmtp-backdoor-image_small-10-a-31696.jpg" align=right hspace=4><b>Researchers Say Nation-State Actors Are Evolving Persistence Techniques</b><br>An apparent Chinese nation-state hacking group gussied up its tooling with new modular functionality, say security researchers who observed a cyberesp
Taiwan Incident Highlights Cybersecurity Gaps in Rail Systems
A Taiwanese student experimenting with software-defined radio technology shut down three bullet trains for nearly an hour, leading to an anti-terrorism response.
Taiwan Bullet Train Hack Highlights Cybersecurity Gaps in Rail Systems
A Taiwanese student experimenting with software-defined radio technology shut down three bullet trains for nearly an hour, leading to an anti-terrorism response.
No need to hack when it’s leaking: Dalbir Singh & Associates law firm edition
Dalbir Singh & Associates ignored multiple attempts at responsible disclosure but finally locked down its misconfigured Amazon bucket, only to expose it again. Now the data is in the hands of criminals trying to extort them. On April 6, DataBreaches reported on a misconfigured Amazon bucket belonging to an immigration law firm in New York.... Source
Fasset raises $51 for stablecoin-powered digital banking
Stablecoin-powered digital banking and investment platform Fasset has raised $51 million in Series B funding.
Fasset raises $51m for stablecoin-powered digital banking
Stablecoin-powered digital banking and investment platform Fasset has raised $51 million in Series B funding.
Malicious node-ipc versions published to npm in suspected maintainer account compromise
On May 14, 2026, multiple malicious versions of the popular npm package node-ipc were published to the npm registry. Current public reporting identifies node...
CISA KEV: Microsoft Microsoft — Microsoft Exchange Server Cross-Site Scripting Vulnerability
Microsoft Exchange Server contains a cross-site scripting vulnerability during web page generation in Outlook Web Access and when certain interaction conditions are met, arbitrary JavaScript can be executed in the browser context.
AI agent finds 18-year-old remote code execution flaw in Nginx
Researchers have found a critical vulnerability in the widely used Nginx web server that can potentially lead to remote code execution under certain conditions. The flaw is a heap buffer overflow that has gone undetected in the program’s code for the past 18 years. Tracked as CVE-2026-42945 , the vulnerability is one of 4 bugs found in Nginx by researchers from security startup DepthFirst AI, usin
What's Next for the Proposed HIPAA Security Rule Overhaul?
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/whats-next-for-proposed-hipaa-security-rule-overhaul-image_small-5-a-31692.jpg" align=right hspace=4><b>Will Regulators Make the May Deadline, and What Changes Will Make the Cut?</b><br>Federal regulators are scheduled to issue a rule this month finalizing a proposed massive overhaul of the 23-year-old HIPAA Security Rule. Will th
Akamai to Buy LayerX for $205M to Expand AI Browser Security
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/akamai-to-buy-layerx-for-205m-to-expand-ai-browser-security-image_small-9-a-31695.jpg" align=right hspace=4><b>Akamai Says Startup LayerX's Browser Telemetry Will Strengthen Access Decisions</b><br>Akamai said its proposed $205 million acquisition of LayerX will add enterprise browser security and AI usage controls to its zero tru
Breach Roundup: US Lawmakers Sound Alarm on AI Bug Hunters
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/breach-roundup-us-lawmakers-sound-alarm-on-ai-bughunters-image_small-3-a-31694.jpg" align=right hspace=4><b>Also, YellowKey Bypasses BitLocker, Škoda Breach, Kingdom Market Operator Jailed</b><br>This week, U.S. lawmakers urged action on AI, a BitLocker exploit. Škoda, Nvidia’s GeForce NOW partner and telehealth firm OpenLoop repo
Tech Leaders Say AI Is Delivering But Few Track Results
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/tech-leaders-say-ai-delivering-but-few-track-results-image_small-5-a-31693.jpg" align=right hspace=4><b>Economist Enterprise Research Reveals the Gap Between AI Optimism and Real Returns</b><br>Four out of five executives say their AI programs are beating expectations, but fewer than half track whether that's true. New Economist E
TeamPCP hackers advertise Mistral AI code repos for sale
The TeamPCP hacker group is threatening to leak source code from the Mistral AI project unless a buyer is found for the data. [...]
Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin
Hackers are leveraging a critical authentication bypass vulnerability in the WordPress plugin Burst Statistics to obtain admin-level access to websites. [...]
SecurityScorecard Snags Driftnet to Level Up Threat Intelligence
The new acquisition looks to boost visibility into third-party ecosystems that are becoming a bigger concern as vectors for supply-chain attacks.
Pentagon cyber official calls advanced AI ‘revolutionary warfare’
Paul Lyons, principal deputy assistant secretary for cyber policy, also discussed the importance of cyber offense. The post Pentagon cyber official calls advanced AI ‘revolutionary warfare’ appeared first on CyberScoop .
Meet Fragnesia, the third Linux kernel vulnerability in a month
Linux admins reeling from handling last month’s CopyFail and last week’s Dirty Frag kernel vulnerabilities have a new headache to deal with: Fragnesia. “This is a significant vulnerability,” Robert Beggs , head of incident response firm DigitalDefence, told CSO . “It is bypassing traditional filesystem permissions that are present and enforced (for example, ‘file is owned by root’, or ‘file is rea
OpenAI asks macOS users to update after TanStack npm supply chain attack
The actions are being taken in light of an expanding supply chain campaign impacting the popular open-source library TanStack and additional npm and PyPI packages tied to several AI companies.
Maximum Severity Cisco SD-WAN Bug Exploited in the Wild
This is the second time this year a threat actor has leveraged a CVSS 10.0 vulnerability in Cisco's network control system.
Congress Puts Heat on Instructure After Canvas Outage
The House Committee on Homeland Security sent a letter about the Canvas cyberattack, the same day that the edtech company said it reached an "agreement" with the ShinyHunters cybercriminals.
NVD CRITICAL: CVE-2026-8634 — Crabbox prior to v0.12.0 contains an environment variable exposure vulnerability...
Crabbox prior to v0.12.0 contains an environment variable exposure vulnerability that allows attackers with access to a malicious or compromised repository to forward local secrets such as API tokens, cloud credentials, and broker tokens into the remote command environment. Attackers can exploit overly permissive environment variable allowlisting in repo-local Crabbox configuration to serialize se
White House cyber official: identity security matters more than ever in the age of AI
While AI tools present unique cybersecurity threats, they still rely on poor identity security by organizations to do the most damage, a White House official said Thursday. The post White House cyber official: identity security matters more than ever in the age of AI appeared first on CyberScoop .
Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks
Cisco is warning that a critical Catalyst SD-WAN Controller authentication bypass flaw, tracked as CVE-2026-20182, was actively exploited in zero-day attacks that allowed attackers to gain administrative privileges on compromised devices. [...]
Issue with Amazon SageMaker Python SDK - Model artifact integrity verification issues (CVE-2026-8596 &amp: CVE-2026-8597)
<p><b>Bulletin ID:</b> 2026-031-AWS<br> <b>Scope:</b> AWS<br> <b>Content Type:</b> Important (requires attention)<br> <b>Publication Date:</b> 05/14/2026 13:00 PM PDT</p> <p><b>Description:</b></p> <p>Amazon SageMaker Python SDK is an open-source library for training and deploying machine learning models on Amazon SageMaker. The ModelBuilder component simplifies model deployment by automating mode
Suspected Dream Market kingpin arrested after gold bars sent to his home address
Lesson one for aspiring dark web kingpins: don't have your laundered gold bars shipped to your home address. Read more in my article on the Hot for Security blog.
CVE-2026-0265: Authentication Bypass in Palo Alto Networks PAN-OS
Overview On May 13, 2026, Palo Alto Networks published a security advisory for CVE-2026-0265 , a signature verification vulnerability that facilitates authentication bypass on PAN-OS , the operating system that most Palo Alto Networks firewalls run. This vulnerability allows a remote unauthenticated attacker with network access to bypass authentication when Cloud Authentication Service (CAS) is en
OpenAI confirms security breach in TanStack supply chain attack
OpenAI says two employees' devices were breached in the recent TanStack supply chain attack that impacted hundreds of npm and PyPI packages, causing the company to rotate code-signing certificates for its applications as a precaution. [...]
Windows 11 and Microsoft Edge hacked at Pwn2Own Berlin 2026
On the first day of Pwn2Own Berlin 2026, security researchers collected $523,000 in cash awards after exploiting 24 unique zero-days. [...]
BofE to soften plans for stablecoin restrictions
The Bank of England look set to ease planned stablecoin restrictions in the face of industry pushback, according to the Financial Times.
ODNI taps officials to coordinate response to foreign election threats
Director of National Intelligence Tulsi Gabbard has tapped two individuals to coordinate work across U.S. spy agencies to monitor threats to the 2026 elections, according to multiple sources familiar with the matter.
Equipifi secures $34m to help banks embed BNPL
Equipifi, the fintech platform enabling banks and credit unions to offer flexible payment solutions natively within their digital banking experience, today announced the close of its $34-million Series B.
NVD CRITICAL: CVE-2026-41615 — Exposure of sensitive information to an unauthorized actor in Microsoft Authenti...
Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network.
Adyen collaborates SAP on Unified Payments solution
Adyen, the financial technology platform of choice for leading businesses, today announced a new collaboration with SAP, deepening its partnership to support the launch of the SAP Unified Payment solution.
Digital Prime Technologies launches digital asset lending platform
Digital Prime Technologies, a provider of digital asset technology solutions, today announced the launch of Tokenet, its institutional digital asset lending platform, with the first trades now successfully executed on the platform.
The time of much patching is coming
In this week’s newsletter, Martin reflects on what the next iteration of AI tools means for vulnerability discovery and our ability to manage large-scale patch releases.
Understanding the Hidden Cost of Faster Payments
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/understanding-hidden-cost-faster-payments-image_small-5-a-31686.jpg" align=right hspace=4><b>As Regulators Tighten Liability Rules, Banks Face Pressure to Justify Fraud Losses</b><br>So far, banks have managed to strike a balance between fraud prevention and customer convenience, often accepting a certain level of loss rather than
Cryptohack Roundup: Banking Trojan Targets Crypto Firms
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/cryptohack-roundup-banking-trojan-targets-crypto-firms-image_small-2-a-31683.jpg" align=right hspace=4><b>Also: Indictments in Theft Case, KelpDAO Restarts Operations</b><br>This week, banking Trojan TCLBanker targeted crypto platforms, three people indicted in a violent digital assets-related robbery, Kelp DAO restarted services
Cisco CEO Robbins Ties AI Push to Unpatchable Tech Risk
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/cisco-ceo-robbins-ties-ai-push-to-unpatchable-tech-risk-image_small-7-a-31682.jpg" align=right hspace=4><b>Chuck Robbins Warns Customers Face Growing Exposure From Equipment Past Support</b><br>Cisco is embedding Anthropic's Claude Mythos Preview into internal security operations to test code, accelerate patching and push infrastr
Russian Attacks on Polish Water Utilities Use Fear as Weapon
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/russian-attacks-on-polish-water-utilities-use-fear-as-weapon-image_small-9-a-31681.jpg" align=right hspace=4><b>Russian Hybrid Warfare Illuminates Debate Over Defending Cyber Poor Operators</b><br>A spate of pro-Russian hacktivists attacks against Polish water facilities have illuminated a debate about the best way to defend water
Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access
Cisco has released updates to address a maximum-severity authentication bypass flaw in Catalyst SD-WAN Controller that it said has been exploited in limited attacks. The vulnerability, tracked as CVE-2026-20182, carries a CVSS score of 10.0. "A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly
Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets
Cybersecurity researchers are sounding the alarm about what has been described as "malicious activity" in newly published versions of node-ipc. According to Socket and StepSecurity, three different versions of the npm package have been confirmed as malicious - node-ipc@9.1.6 node-ipc@9.2.3 node-ipc@12.0.1 "Early analysis indicates that node-ipc@9.1.6, node-ipc@9.2.3, and node-ipc@12.0.1
ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories
Everything is still on fire. This week feels dumb in the worst way — bad links, weak checks, fake help desks, shady forum posts, and people turning supply chain attacks into some cursed little game for clout and cash. Half of it feels new. Half of it feels like crap we should have fixed years ago. The mess keeps getting louder: users get tricked, boxes get popped, tools meant for normal work
Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities
Cisco Talos is tracking the active exploitation of CVE-2026-20182, an authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage.
Achieve Federal-Grade M365 Security: Governing with Qualys SSPM and SCuBA
Qualys SaaS Security Posture Management (SSPM) introduces native support for the Secure Cloud Business Applications (SCuBA) compliance framework, bringing CISA’s toughest M365 security benchmarks directly into your continuous posture monitoring workflow. Key Takeaways What Is SCuBA and Why Does It Matter for Enterprise Security The Secure Cloud Business Applications (SCuBA) project is a cybe
CVE-2026-20182: Critical authentication bypass in Cisco Catalyst SD-WAN Controller (FIXED)
Overview While researching a critical authentication bypass vulnerability, CVE-2026-20127 , which was exploited in-the-wild , Rapid7 Labs discovered a new authentication bypass vulnerability affecting Cisco Catalyst SD-WAN Controller (formerly known as vSmart), CVE-2026-20182 . This new authentication bypass vulnerability affects the “vdaemon” service over DTLS (UDP port 12346), which is the same
The Dark Side of Efficiency: When Network Controllers Become "God Mode" for Attackers
Imagine you build a massive corporate campus with every security control money can buy. Blast resistant doors. Biometric scanners. Guards at every entrance. Maybe something similar to the infamous Death Star. On paper, it looks fantastic. Then, somewhere along the way, somebody decides the maintenance team needs a universal key that opens every door in the building without setting off any alarms.
Detecting Exploitation of CrushFTP Vulnerability (CVE-2025-31161) With PacketSmith Yara Detection Module - Using track_state and flow_state
[object Object]
18-year-old NGINX vulnerability allows DoS, potential RCE
An 18-year-old flaw in the NGINX open-source web server, discovered using an autonomous scanning system, can be exploited for denial of service and, under certain conditions, remote code execution. [...]
NYC Mayor Mamdani calls on regulator to block Western Union takeover of rival
New York City Mayor Zohran Mamdani has asked regulators to block Western Union's proposed acquisition of Intermex, arguing that the money transfer giant wants to buy its rival to "jack up remittance fees".
Cyber-Enabled Cargo Crime: How Cybercrime Tradecraft is Used to Steal Freight
Cargo theft now starts with phishing emails and stolen credentials, not hijackings, to reroute and steal freight from supply chains. NMFTA outlines how cyber-enabled cargo crime is changing transportation security. [...]
Bloomberg Vault integrates BSpeech
Bloomberg today announced the integration of Bloomberg BSpeech (‘BSpeech’), a multi-language voice transcription service, into Bloomberg Vault, enabling systematic surveillance, search and analysis of voice communications at scale.
Mustang Panda Linked to Updated FDMTP Backdoor in Asia-Pacific Espionage Campaign
Mustang Panda campaign deploys updated FDMTP backdoor against Asia-Pacific and Japan networks
Stop Chasing Threats: Top 3 Insights from the SANS Attack Surface Management Survey
Executive Summary The 2025 SANS ASM Survey highlights a clear shift in cybersecurity operations. Organizations are moving beyond fragmented, alert-driven security approaches toward unified, automated, and business-aligned risk operations. Continuous visibility, intelligent automation, and business-contextual prioritization are becoming essential for managing modern attack surfaces at scale. The fi
Endava teas up with Tyl by NatWest
Endava, the technology-driven business transformation group whose AI-native approach combines cutting-edge technology with deep industry expertise today announced a strategic partnership with Tyl by NatWest, NatWest Group’s merchant-payments arm, to accelerate the evolution of its offering.
Rato integrates iDenfy ID verification tech into onboarding flow
IDenfy, a RegTech company offering ID verification and fraud prevention solutions, has announced a partnership with RATO, a licensed bank with nearly 30 years of financial heritage in Lithuania.
Major tech manufacturer Foxconn confirms cyberattack hit North American factories
The ransomware group Nitrogen claimed responsibility for the attack and said it stole 8 terabytes of data spanning more than 11 million files belonging to the company’s top customers. The post Major tech manufacturer Foxconn confirms cyberattack hit North American factories appeared first on CyberScoop .
Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike
The Belarus-aligned threat group known as Ghostwriter has been attributed to a fresh set of attacks targeting governmental organizations in Ukraine. Active since at least 2016, Ghostwriter has been linked to both cyber espionage and influence operations targeting neighboring countries, particularly Ukraine. It's also tracked under the monikers FrostyNeighbor, PUSHCHA, Storm-0257, TA445, UAC‑0057
Finix unveils unattended payment terminal
Finix, the full-stack payment processor enabling businesses to accept and send payments online and in-store, today announced the official launch and integration of the unattended payment terminal, a premium Android-based all-in-one payment terminal.
Enhancing Data Center Security Without Sacrificing Performance
For AI data centers, where the stakes are the highest and performance constraints are the tightest, security and performance are no longer a zero-sum game. The post Enhancing Data Center Security Without Sacrificing Performance appeared first on SecurityWeek .
New Linux Kernel Vulnerability Fragnesia Allows Root Privilege Escalation
The vulnerability, tracked as CVE-2026-46300, is similar to the recently disclosed exploits named Dirty Frag and Copy Fail. The post New Linux Kernel Vulnerability Fragnesia Allows Root Privilege Escalation appeared first on SecurityWeek .
Concentrix and Flexys partner to scale digital, compliant collections
Concentrix and Flexys today announced a strategic partnership that brings together Flexys digital-first debt management and collections software, with Concentrix global delivery capability, operational resilience and scale.
Freetrade appoints Jenny Zhao CEO
Freetrade, the commission-free investment platform, has today announced the appointment of Jenny Zhao as Chief Executive Officer, subject to regulatory approvals. She succeeds co-founder Viktor Nebehaj, who is stepping down after nearly ten years of building the business.
Google Launches Android Spyware Forensics Tool for High-Risk Users
Google’s Android Advanced Protection Mode is getting a new feature allowing trusted security experts to investigate potential spyware infections
LABScon25 Replay | Breach Alpha: Trading on Cyber Fallout
Mick Baccio and Scott Roberts examine whether public breach signals and market timing models can turn cyber incidents into actionable trading opportunities.
FlowerStorm phishing gang adopts virtual-machine obfuscation to evade email defenses
A widely active phishing-as-a-service (PhaaS) operation known as FlowerStorm has begun using a browser-based virtual machine to conceal credential theft code, marking what researchers say is an escalation in phishing-kit sophistication that could make attacks harder for traditional email and static-analysis tools to detect. Researchers at Sublime Security said in April that they identified the cam
Derivative Path launches AI-enabled treasury hedging platform for banks
Derivative Path, a leading derivatives and risk management platform for financial institutions, today announced the launch of ALM Strategy Builder, a product that gives banks and credit unions the ability to build, stress-test, compare, and present interest rate hedging strategies in a single environment.
New Fragnesia Flaw Hands Linux Local Users Root Access
New Fragnesia kernel flaw lets unprivileged local users escalate to root on Linux systems
AI Drives Cybersecurity Investments, Widening 'Valley of Death'
In a role reversal, investment dollars in AI security startups exceeded the value of AI acquisitions in 1Q26 by more than $1 billion, a rare occurrence.
Mythos Proves Potent in Vulnerability Discovery, Less Convincing Elsewhere
Independent benchmarking finds Mythos highly effective for source code audits, reverse engineering, and native-code analysis, though its exploit validation and reasoning capabilities remain inconsistent. The post Mythos Proves Potent in Vulnerability Discovery, Less Convincing Elsewhere appeared first on SecurityWeek .
Akamai to Acquire AI and Browser Security Firm LayerX for $205 Million
The acquisition enables Akamai to expand its Zero Trust portfolio to add protection directly into the browser. The post Akamai to Acquire AI and Browser Security Firm LayerX for $205 Million appeared first on SecurityWeek .
FedRAMP High Authorized: Qualys TotalCloud CNAPP – From Compliance to Defense
Qualys TotalCloud™ has achieved FedRAMP High Authorization, marking a major milestone in delivering validated cloud security and compliance assurance for high-impact federal and regulated environments. Key Takeaways Cloud security and compliance expectations have fundamentally shifted. Organizations are no longer evaluated based on whether controls exist; they’re evaluated on w
UK Payments Association names CEO
The Payments Association, the trade body for UK-based payment providers, has appointed Emma Banymandhub, as chief executive.
Alleged Dream Market admin arrested in Germany
Jonathan Greig reports: German and U.S. authorities arrested the alleged administrator behind Dream Market, a popular dark web forum that shut down in 2019. During a May 7 raid on three locations, German and U.S. law enforcement arrested Owe Martin Andresen, 49, on multiple charges of money laundering. An indictment unsealed this week by the... Source
Verber Dental Group Notifies Patients About January Hacking Incident
Data breaches have recently been announced by Verber Dental Group in Pennsylvania, Northwoods Surgery Center in Minnesota, Cunningham Prosthetic Care […] The post Verber Dental Group Notifies Patients About January Hacking Incident appeared first on The HIPAA Journal .
Cavenwell Group launches tokenisation platform
Cavenwell Group, the regulated fiduciary and fund services business with more than $7 billion USD in assets under administration, has launched Assetize, a new institutional platform designed to streamline the creation and management of tokenised investment products.
KongTuke hackers now use Microsoft Teams for corporate breaches
Initial access broker KongTuke has moved to Microsoft Teams for social engineering attacks, taking as little as five minutes to gain persistent access to corporate networks. [...]
Chinese APTs Expand Targets, Update Backdoors in Recent Campaigns
Salt Typhoon has hit an energy entity in Azerbaijan. Twill Typhoon has targeted Asian entities with an updated RAT. The post Chinese APTs Expand Targets, Update Backdoors in Recent Campaigns appeared first on SecurityWeek .
Siemens Opcenter RDnL
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-134-09.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Opcenter RDnL is affected by missing authentication in critical function in ‘ActiveMQ Artemis’. An unauthenticated attacker within the adjacent network could use the Core protocol to force a target broker to establish an outbound Core
Siemens Industrial Devices
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-134-06.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Multiple industrial devices contain a vulnerability that could allow an attacker to cause a denial of service condition. Siemens has released new versions for several affected products and recommends to update to the latest versions.
Siemens SIPROTEC 5
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-134-13.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>The SIPROTEC 5 devices do not use sufficiently random numbers to generate session identifiers. This could facilitate a brute-force attack against a valid session identifier which could allow an unauthenticated remote attacker to hijac
Siemens Siemens ROS#
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-134-08.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>ROS# contains a ROS service file_server, that before version 2.2.2 contains a path traversal vulnerability which could allow an attacker to access, i.e. read and write, arbitrary files, which are accessible with the user rights of the
Siemens gWAP
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-134-01.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Siemens gPROMS Web Applications Publisher (gWAP) is affected by a remote code execution vulnerability introduced through a third-party component, namely the Axios HTTP client library. The vulnerability stems from a specific "Gadget" a
Siemens Simcenter Femap
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-134-05.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Simcenter Femap is affected by heap based buffer overflow vulnerability in Datakit library that could be triggered when the application reads files in IPT format. If a user is tricked to open a malicious file with the affected applica
Universal Robots Polyscope 5
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-134-17.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and execute code.</strong></p> <p>The following versions of Universal Robots Polyscope 5 are affected:</p> <ul> <li>Polyscope 5 <5.25.1&
Siemens Teamcenter
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-134-04.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Siemens Teamcenter is affected by multiple vulnerabilities which could potentially lead to a compromise in availability, integrity and confidentiality. Siemens has released new versions for the affected products and recommends to upda
Siemens Solid Edge
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-134-03.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Solid Edge SE2026 before Update 5 is affected by two file parsing vulnerabilities that could be triggered when the application reads specially crafted files in PAR format. This could allow an attacker to crash the application or execu
Siemens SENTRON 7KT PAC1261 Data Manager
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-134-14.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>The web server in SENTRON 7KT PAC1261 Data Manager Before V2.1.0 contains a request smuggling vulnerability in the Go Project's net/http package that could allow an attacker to retrieve authorization tokens that can be used to ga
Foxconn Attack Highlights Manufacturing's Cyber Crisis
A Nitrogen ransomware attack on Foxconn's North American facilities is one of 600 hits on manufacturers this year, as gangs increasingly target the sector for its low tolerance for downtime.
Siemens SIMATIC
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-134-10.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>SIMATIC CN 4100 contains multiple vulnerabilities which could potentially lead to a compromise in availability, integrity and confidentiality. Siemens has released a new version for SIMATIC CN 4100 and recommends to update to the late
Siemens Ruggedcom Rox
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-134-12.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Ruggedcom Rox contains an input validation vulnerability in the Scheduler functionality that could allow an authenticated remote attacker to execute arbitrary commands with root privileges on the underlying operating system. Siemens h
Siemens SIMATIC S7 PLC Web Server
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-134-15.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>SIMATIC S7 PLCs contain multiple vulnerabilities in the web server that could allow an attacker to perform cross-site scripting attacks. Siemens has released new versions for several affected products and recommends to update to the l
PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure
Threat actors have been observed attempting to exploit a recently disclosed security vulnerability in PraisonAI, an open-source multi-agent orchestration framework, within four hours of public disclosure. The vulnerability in question is CVE-2026-44338 (CVSS score: 7.3), a case of missing authentication that exposes sensitive endpoints to anyone, potentially allowing an attacker to invoke the
PraisonAI vulnerability gets scanned within 4 hours of disclosure
A newly disclosed authentication bypass flaw in the open-source AI orchestration framework PraisonAI was probed by internet scanners less than four hours after its public disclosure. According to Sysdig observations, roughly three hours and 44 minutes after a GitHub advisory dropped, a scanner identifying itself as “CVE-Detector/1.0” was already looking through the exposed PraisonAI instances for
How AI Hallucinations Are Creating Real Security Risks
AI hallucinations are introducing serious security risks into critical infrastructure decision-making by exploiting human trust through highly confident yet incorrect outputs. When an AI model lacks certainty, it doesn’t have a mechanism to recognize that. Instead, it generates the most probable response based on patterns in its training data, even if that response is inaccurate. These outputs
G7 Countries Release AI SBOM Guidance
The goal of the guidance, which outlines minimum elements, is to help organizations enhance transparency in AI systems and supply chains. The post G7 Countries Release AI SBOM Guidance appeared first on SecurityWeek .
UK fintech funding falls by 43% in Q1
Fintechs in the UK raised close to three-quarters of a billion dollars in the first three months of the year, according to recently-released research.
How Dangerous Is Anthropic’s Mythos AI?
Last month, Anthropic made a remarkable announcement about its new model, Claude Mythos Preview: it was so good at finding security vulnerabilities in software that the company would not release it to the general public. Instead, it would only be available to a select group of companies to scan and fix their own software. The announcement requires context—but it contained an essential truth.
Broadridge opens Glasgow office for BPO services
Broadridge Financial Solutions, Inc. (NYSE: BR), a global Fintech leader, today announced the opening of a newly established Glasgow center to provide technology-led business process outsourcing (BPO) services, further advancing the company’s international expansion strategy aligned to global client demand.
Kimsuky targets organizations with PebbleDash-based tools
Kaspersky researchers analyze a range of new PebbleDash-based tools used in recent Kimsuky campaigns and reveal their connection to the AppleSeed malware cluster.
F5 Patches Over 50 Vulnerabilities
The company’s latest quarterly advisory describes high and medium-severity issues in BIG-IP, BIG-IQ, and NGINX. The post F5 Patches Over 50 Vulnerabilities appeared first on SecurityWeek .
CVE-2026-42945 : NGINX Heap Buffer Overflow in rewrite module - Writeup and PoC
[object Object]
NVD CRITICAL: CVE-2026-2347 — Authorization bypass through User-Controlled key vulnerability in Akilli Commerc...
Authorization bypass through User-Controlled key vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Session Hijacking. This issue affects E-Commerce Website: before 4.5.001.
NVD CRITICAL: CVE-2025-11024 — Improper neutralization of special elements used in an SQL command ('SQL injecti...
Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Blind SQL Injection. This issue affects E-Commerce Website: before 4.5.001.
Revolut primed for wealth management push after FCA approval
Challenger bank Revolut is set to expand its investment services in the UK after securing a series of permissions from the Financial Conduct Authority (FCA).
Dell confirms its SupportAssist software causes Windows BSOD crashes
Dell confirmed that its SupportAssist software is causing blue-screen crashes on some Windows systems following a wave of user reports about random reboots affecting Dell devices since Friday. [...]
Atrium Health & Interim HealthCare Affected by Business Associate Data Breaches
Atrium Health Navicent and Interim HealthCare of Lubbock/Amarillo have recently announced that they have been affected by data breaches at […] The post Atrium Health & Interim HealthCare Affected by Business Associate Data Breaches appeared first on The HIPAA Journal .
Hackers Targeted PraisonAI Vulnerability Hours After Disclosure
The first exploitation attempts were observed less than four hours after the authentication bypass was publicly disclosed. The post Hackers Targeted PraisonAI Vulnerability Hours After Disclosure appeared first on SecurityWeek .
When ransomware gets physical: cybercriminals turn to threats of violence
Pay up, or we'll pay someone to pay you a visit. Cybercrime gangs are increasingly turning to real-world threats - and even hiring local muscle to deliver the message. Read more in my article on the Hot for Security blog.
Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation
An anonymous cybersecurity researcher who disclosed three Microsoft Defender vulnerabilities has returned with two more zero-days involving a BitLocker bypass and a privilege escalation impacting Windows Collaborative Translation Framework (CTFMON). The security defects have been codenamed YellowKey and GreenPlasma, respectively, by the researcher, who goes by the online aliases Chaotic Eclipse
Malawi and UN Technology bank launch national tech needs initiative
The Government of Malawi, in partnership with the UN Technology Bank for the Least Developed Countries, officially launched Malawi’s Technology Needs Assessment (TNA) during a high-level event held at the Bingu International Convention Centre (BICC) in Lilongwe on 13 May 2026.
Most Organizations Now Use AI Agents for Sensitive Security Tasks
Semperis study finds 74% of organizations believe AI will increase attacks on identity infrastructure
NVD CRITICAL: CVE-2026-6512 — The InfusedWoo Pro plugin for WordPress is vulnerable to authorization bypass in...
The InfusedWoo Pro plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to permanently delete arbitrary posts, pages, products, or orders, mass-delete all comments on any post, and change any post's
US fintech Parker files for bankruptcy
US-based payments startup Parker has declared bankruptcy as questions remain over its future.
What CISOs need to land a board role
Cybersecurity leaders often have complex relationships with their boards. Many boards lack cyber expertise, and CISOs can encounter roadblocks as a result when it comes to earning board approval. Other security leaders may not have a direct line to their board, or they may be viewed as too technical to win the support needed. One way some CISOs are working to improve that relationship is by becomi
ICO Publishes Five-Step Plan to Counter Emerging AI-Powered Attacks
The Information Commissioner’s Office has released new guidance on how to mitigate the risk of AI-powered attacks
US charges suspected Dream Market admin arrested in Germany
The alleged main administrator of Dream Market Incognito Market, one of the largest dark web marketplaces before its shutdown, has been indicted in the United States on money laundering charges. [...]
FrostyNeighbor: Fresh mischief and digital shenanigans
ESET researchers uncovered new activities attributed to FrostyNeighbor, updating its compromise chain to support the group’s continual cyberespionage operations
High-Severity Vulnerability Patched in VMware Fusion
The patch was announced as Broadcom is attending the Pwn2Own hacking competition in Berlin this week. The post High-Severity Vulnerability Patched in VMware Fusion appeared first on SecurityWeek .
Saudi startup Stitch raises $25m
Stitch, the operating system built for modern financial institutions, today announced it has raised $25 million in Series A funding led by Andreessen Horowitz (a16z).
PE firm Verdane acquires Augmentum Fintech
Verdane, the European private equity firm, today announces that it has completed the acquisition of Augmentum Fintech following the acceptance of its offer and subsequent shareholder approval.
New Fragnesia Linux flaw lets attackers gain root privileges
Linux distros are rolling out patches for a new high-severity kernel privilege escalation vulnerability (known as Fragnasia and tracked as CVE-2026-46300) that allows attackers to run malicious code as root. [...]
Researcher Drops YellowKey, GreenPlasma Windows Zero-Days
YellowKey is a BitLocker bypass that requires physical access. GreenPlasma enables elevation of privileges to System. The post Researcher Drops YellowKey, GreenPlasma Windows Zero-Days appeared first on SecurityWeek .
NVD CRITICAL: CVE-2026-6510 — The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation vi...
The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation via missing authorization in all versions up to, and including, 5.1.2. This is due to missing nonce verification and capability checks in the iwar_save_recipe() AJAX handler. This makes it possible for unauthenticated attackers to create a malicious automation recipe that pairs an HTTP post trigger with an auto-login act
NVD CRITICAL: CVE-2026-6271 — The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload i...
The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7 via the CV upload handler. This is due to missing file type validation. This makes it possible for unauthenticated attackers to upload files that may be executable, which makes remote code execution possible.
New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption
Details have emerged about a new variant of the recent Dirty Frag Linux local privilege escalation (LPE) vulnerability that allows local attackers to gain root access, making it the third such bug to be identified in the kernel within a span of two weeks. Codenamed Fragnesia, the security vulnerability is tracked as CVE-2026-46300 (CVSS score: 7.8) and is rooted in the Linux kernel's XFRM
NVD CRITICAL: CVE-2026-8181 — The Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Al...
The Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to incorrect return-value handling in the `is_mainwp_authenticated()` function when validating application passwords from the Authorization header. This makes it possible for unauthenticated attackers, with
Simple bypass of the link preview function in Outlook Junk folder, (Thu, May 14th)
Besides serving as a place where Microsoft Outlook places suspected spam, the Outlook Junk folder has one additional function that can be quite helpful when it comes to identifying malicious messages. Any e-mail placed in this folder is stripped of all formatting, and destinations of all links included in the message become visible to the user, as you can see in the following images which show the
18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE
Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open, including a critical flaw that remained undetected for 18 years. The vulnerability, discovered by depthfirst, is a heap buffer overflow issue impacting ngx_http_rewrite_module (CVE-2026-42945, CVSS v4 score: 9.2) that could allow an attacker to achieve remote code execution or cause a
Welcoming the Bahamian Government to Have I Been Pwned
Today, we welcome the 44th government onboarded to Have I Been Pwned’s free gov service: The Bahamas. The National Computer Incident Response Team of The Bahamas, CIRT-BS, now has access to monitor government domains against the data in HIBP. As the national CIRT, CIRT-BS is responsible for coordinating
Fragnesia Local Privilege Escalation report via ESP-in-TCP in the Linux Kernel
<p><b>Bulletin ID:</b> 2026-029-AWS<br> <b>Scope:</b> AWS<br> <b>Content Type:</b> Important (requires attention)<br> <b>Publication Date:</b> 05/13/2026 18:45 PM PDT</p> <p><b>This is an ongoing issue. Information is subject to change. Please refer to our Security Bulletin (ID: 2026-030-AWS) for the most updated patching information.</b></p> <p><b>Description:</b></p> <p>Amazon is aware of CVE-20
Ongoing updates on Copy.fail and variants
<p><b>Bulletin ID:</b> 2026-030-AWS<br> <b>Scope:</b> AWS<br> <b>Content Type:</b> Important (requires attention)<br> <b>Publication Date:</b> 05/13/2026 10:00 PM PDT</p> <p><b>This is an ongoing issue. This bulletin will be updated as more information becomes available.</b></p> <p><b>Description:</b></p> <p>AWS is aware of the copy.fail or DirtyFrag class of issues - a set of privilege escalation
Bunq applies for Mexican banking license
Bunq, the European neobank for "global citizens", has applied for a Mexican banking license.
US banks hurry to patch vulnerabilities uncovered by Mythos
US banks have been scrambling to fix IT issues uncovered by Anthropic's Mythos AI tool, according to Reuters.
CISA KEV: Cisco Catalyst SD-WAN — Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
Cisco Catalyst SD-WAN Controller & Manager contain an authentication bypass vulnerability that allows an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.
Fired employee sought AI help to hide deletion of hosting firm’s customer data
The apparent revenge deletion of US federal databases after the dismissal of twin brothers from an online hosting company is another reminder to IT and HR leaders that tough off-boarding procedures have to be implemented to prevent insider attacks. Destructive attacks either from disgruntled current or former employees aren’t new . But the conviction by a Virginia jury last week of one of the brot
Researchers say AI just broke every benchmark for autonomous cyber capability
Two independent studies found that Anthropic's Claude Mythos Preview and OpenAI's GPT-5.5 have outpaced every trend line researchers were tracking. No one is sure if this is a one-time leap or the new normal. The post Researchers say AI just broke every benchmark for autonomous cyber capability appeared first on CyberScoop .
West Pharmaceutical says hackers stole data, encrypted systems
West Pharmaceutical Services disclosed that it was the target of a cyberattack that resulted in data exfiltration and system encryption. [...]
Closed briefing sets stage for House hearing on Anthropic’s Mythos and cyber risks
The committee held a closed briefing Wednesday with company reps, and more oversight is in the works. The post Closed briefing sets stage for House hearing on Anthropic’s Mythos and cyber risks appeared first on CyberScoop .
Iranian hackers targeted major South Korean electronics maker
The Iran-linked hacking group MuddyWater (a.k.a. Seedworm, Static Kitten) launched a broad cyber-espionage campaign targeting at least nine high-profile organizations across multiple sectors and countries. [...]
Checkbox Assessments Aren't Fit to Measure to Risk
Security governance needs to be more than an annual compliance exercise. New companies are emerging to address risk-management gaps in current audit tools.
Checkbox Assessments Aren't Fit to Measure Risk
Security governance needs to be more than an annual compliance exercise. New companies are emerging to address risk-management gaps in current audit tools.
Attackers Weaponize RubyGems for Data Dead Drops
Threat actors are publishing RubyGems packages that include scrapers targeting public-facing UK government servers, but with no clear objective.
Fortinet fixes two critical RCE flaws in FortiAuthenticator and FortiSandbox
Fortinet released a batch of patches across its products on Patch Tuesday, including two critical vulnerabilities that can lead to remote code execution. Fortinet flaws, both zero-day and n-day, have been exploited in the wild many times in the past, so companies should deploy patches as soon as possible. “Fortinet vulnerabilities are often attractive to threat actors because these products sit in
Tables Turn on 'The Gentlemen' RaaS Gang With Data Leak
An OPSEC failure provides a window into what helped the ransomware group rise: a generous affiliate model, opportunistic TTPs, and an effective organizational structure.
New critical Exim mailer flaw allows remote code execution
A critical vulnerability affecting certain configurations of the Exim open-source mail transfer agent could be exploited by an unauthenticated remote attacker to execute arbitrary code. [...]
DOJ releases legal rationale for nationwide voter data collection
The memo claims a robust executive branch role vetting voter eligibility. One Secretary of State called it a “fantasy” that “isn’t worth the paper it’s printed on.” The post DOJ releases legal rationale for nationwide voter data collection appeared first on CyberScoop .
Alleged Dream Market admin arrested in Germany after US indictment
Court documents said Dream Market was launched in 2013 by Owe Martin Andresen and others before becoming one of the biggest criminal marketplaces online.
NVD CRITICAL: CVE-2026-42584 — Netty is an asynchronous, event-driven network application framework. Prior to 4...
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpClientCodec pairs each inbound response with an outbound request by queue.poll() once per response, including for 1xx. If the client pipelines GET then HEAD and the server sends 103, then 200 with GET body, then 200 for HEAD, the queue pairs HEAD with the first 200. The HEAD rule then
NVD CRITICAL: CVE-2026-42579 — Netty is an asynchronous, event-driven network application framework. Prior to 4...
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not enforce RFC 1035 domain name constraints during either encoding or decoding. This creates a bidirectional attack surface: malicious DNS responses can exploit the decoder, and user-influenced hostnames can exploit the encoder. This vulnerability is fixed in 4.2.1
NVD CRITICAL: CVE-2026-42032 — CKAN is an open-source DMS (data management system) for powering data hubs and d...
CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastore_search_sql allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed in 2.10.10 and 2.11.5.
NVD CRITICAL: CVE-2026-42031 — CKAN is an open-source DMS (data management system) for powering data hubs and d...
CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastore_search_sql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed in 2.10.10 and 2.11.5.
Dark Reading Celebrates 20 Years as a Leading Authority on Cybersecurity, Highlighting the People, Events, Ideas, and Technologies Shaping the Modern Risk Landscape
Informa TechTarget's flagship cybersecurity media brand launches a special content series to mark two decades as a trusted source for cybersecurity professionals.
Weaponized AI: The new frontier of fraud and identity spoofing
As fake identity fraud is projected to cause $40 billion in losses next year, leaders must abandon static security in favor of rapid-iteration, AI-enabled defenses that adapt in days, not months. The post Weaponized AI: The new frontier of fraud and identity spoofing appeared first on CyberScoop .
European Commission head pushes creation of new law delaying teens’ social media access
The comments come as several European countries, including Spain, Greece, Norway, France, Denmark, Turkey and the Netherlands have said they are considering or are implementing age verification protocols to restrict young teens from accessing social media platforms.
Foxconn Confirms North American Factories Hit by Cyberattack
The Nitrogen ransomware group claims to have hacked the company’s systems, stealing 8TB of data, including confidential documents. The post Foxconn Confirms North American Factories Hit by Cyberattack appeared first on SecurityWeek .
How to Build a Software Supply Chain Security Playbook
<div class="hs-featured-image-wrapper"> <a href="https://www.sonatype.com/blog/how-to-build-a-software-supply-chain-security-playbook" title="" class="hs-featured-image-link"> <img src="https://www.sonatype.com/hubfs/blog_gartner_supply_chain_risk2.jpg" alt="Image with lock icon at center" class="hs-featured-image" style="width:auto !important; max-width:50%; float:left; margin:0 15px 15px 0;"> </
Windows BitLocker zero-day gives access to protected drives, PoC released
A cybersecurity researcher has published proof-of-concept (PoC) exploits for two unpatched Microsoft Windows vulnerabilities named YellowKey and GreenPlasma, which are a BitLocker bypass and a privilege-escalation flaw. [...]
NVD CRITICAL: CVE-2026-41225 — A vulnerability exists in iControl REST where a highly privileged, authenticated...
A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
NVD CRITICAL: CVE-2020-37168 — Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerabili...
Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerability that allows attackers to brute force the 16-character production secret key used for payment signature generation. Attackers can extract payment form data and signatures from POST requests to the payment endpoint, then use SHA1 hash comparison to iteratively test key candidates until discovering the correct producti
Microsoft, Palo Alto Networks Find Many Vulnerabilities by Using AI on Their Own Code
Microsoft’s MDASH discovered 16 of the Patch Tuesday vulnerabilities, and Palo Alto used Mythos to find dozens of flaws. The post Microsoft, Palo Alto Networks Find Many Vulnerabilities by Using AI on Their Own Code appeared first on SecurityWeek .
Microsoft fixes BitLocker recovery issue only for Windows 11 users
Microsoft has addressed a known issue causing some Windows 11 systems to boot into BitLocker recovery after installing the April 2026 Windows security updates. [...]
Sweet Security Launches Agentic AI Red Teaming to Counter ‘Mythos Moment’
New “Sweet Attack” platform uses runtime intelligence and continuous agentic red teaming to identify exploitable attack chains human teams may miss. The post Sweet Security Launches Agentic AI Red Teaming to Counter ‘Mythos Moment’ appeared first on SecurityWeek .
When IT Support Calls: Dissecting a ModeloRAT Campaign from Teams to Domain Compromise
Overview Attackers do not need to break into the front door when they can convince employees to open it for them through the tools they already trust. In April 2026, Rapid7 investigated an enterprise intrusion that began with a Microsoft Teams message from a fake “IT Support” account and quickly escalated into a full compromise chain involving malware deployment, privilege escalation, credential t
Microsoft fixes Windows Autopatch bug installing restricted drivers
Microsoft has fixed a Windows Autopatch bug that caused driver updates restricted by administrative policies to be deployed on some Autopatch-managed Windows devices in the European Union. [...]
Daybreak is OpenAI’s answer to the AI arms race in cybersecurity
With Daybreak, OpenAI is taking direct aim at Anthropic's tightly restricted Mythos model, offering a more open — but still carefully gated — path to AI-powered cyber defense. The post Daybreak is OpenAI’s answer to the AI arms race in cybersecurity appeared first on CyberScoop .
Canvas Owner Reaches Agreement With Cybercriminals After Ransomware Attack
Instructure says it reached an agreement with ShinyHunters over the Canvas breach data
Avada Builder Flaws Expose One Million WordPress Sites
Avada Builder flaws allowed file read and SQL injection on one million WordPress sites
Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday
Microsoft has unveiled a new multi-model artificial intelligence (AI)-driven system called MDASH to facilitate vulnerability discovery and remediation at scale, adding that it's being tested by some customers as part of a limited private preview. MDASH, short for multi-model agentic scanning harness, is designed as a model-agnostic system that uses bespoke AI agents for different vulnerability
'FrostyNeighbor' APT Carefully Targets Govt Orgs in Poland, Ukraine
Attackers uniquely fingerprint victims before delivering spear-phishing payloads aimed at espionage, in the latest campaign from the Belarussian nation-state threat group.
What happens when China’s AI catches up to Mythos?
The Trump-Xi summit opening in Beijing this week carries an agenda item unlike any in the history of US-China diplomacy: what to do about artificial intelligence that can autonomously find and exploit vulnerabilities in the world’s most critical software — and what happens when both superpowers have it. Anthropic’s Mythos Preview, released last month to a limited group of security partners, has de
Deutsche Bank joins $120m funding round for crypto analytics firm Elliptic
Cryptocurrency and blockchain surveillance and analytics specialist Elliptic has raised $120 million in a Series D funding round led by One Peak, with participation from Nasdaq Ventures, Deutsche Bank and the British Business Bank.
Paybis secures MiCA and PSD2 licences
Paybis, a trusted cryptocurrency platform serving 7 million people, today joins a small club of global crypto platforms to have received authorisation as a Crypto Asset Service Provider (CASP) under the EU’s Markets in Crypto-Assets regulation (MiCA), alongside receiving a Payment Institution (PI) licence under PSD2 simultaneously, on the same day.
NL: Dutch watchdog says healthcare lab failed data security rules before cyberattack affecting 850,000
In August 2025, research agency Bevolkingsonderzoek Nederland revealed that half a million women who had undergone cervical cancer screening had their data stolen. The research agency paid Nova ransomware gang’s demand, which Nova confirmed, but then the criminals turned around and seemingly demanded even more money because the lab had spoken with police. Or at... Source
UK: Regulator fines water company almost £1m for cybersecurity failures
Maxine Brigue reports: The Information Commissioner’s Office (ICO) has fined utility company South Staffordshire Water £963,900 after a cyber attack that resulted in users’ personal information being extracted and published on the dark web. The fine was issued last week (7 May) after a cyber attack ran from September 2020 to July 2022 and exposed the data... Source
UK: Aylesbury police officer found guilty of data protection breaches after snapping confidential information
James Lowson reports: A police officer based in Aylesbury was found guilty of breaching data protection laws after she photographed confidential information. At Reading Magistrates’ Court on April 28, PC Lily Maxey was found guilty of breaching data protection laws twice by a district judge. During the same hearing she was ordered to pay £2,050... Source
AI Agents Generate Custom Hacking Tools on the Fly
Two threat campaigns heavily leveraged AI agents to support attacks against entities in Mexico and Brazil.
China's 'FamousSparrow' APT Nests in South Caucasus Energy Firm
The cyberthreat group targets an Azerbaijani oil and gas firm with repeated attacks, as the China-linked actors extend targeting beyond hospitality, telecom, and government sectors.
Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation
A threat actor with affiliations to China has been linked to a "multi-wave intrusion" targeting an unnamed Azerbaijani oil and gas company between late December 2025 and late February 2026, marking an expansion of its targeting. The activity has been attributed by Bitdefender with moderate-to-high confidence to a hacking group known as FamousSparrow (aka UAT-9244), which shares some level of
LatAm Vibe Hackers Generate Custom Hacking Tools on the Fly
In the latest evolution of automated cyberattacks, two threat campaigns heavily leveraged AI agents to support attacks against entities in Mexico and Brazil.
UK moves to shield security researchers in cybercrime law overhaul
The proposed reforms, outlined in briefing documents published alongside the King’s Speech opening a new parliamentary session, would update the Computer Misuse Act 1990 as part of a broader national security package focused on cybercrime and digital threats.
Microsoft on pace to break annual vulnerability record as AI-driven patch wave takes hold
Five months into 2026, Microsoft has already patched more than 500 vulnerabilities — although the exact monthly count varies depending on whether analysts include Edge, Chromium and fixes shipped earlier in the month.
Foxconn confirms cyberattack claimed by Nitrogen ransomware gang
Foxconn, the world's largest electronics manufacturer, says some of its North American factories are now working to resume normal operations after a cyberattack. [...]
73 Seconds to Breach, 24 Hours to Patch: The Case for Autonomous Validation
Attackers can compromise systems in minutes while patching and response still take hours or days. Picus Security breaks down why autonomous validation is becoming critical for modern defense strategies. [...]
Ransomware: Over Half of CISOs Would Consider Paying Ransom to Hackers
Survey of cybersecurity leaders suggests that majority would strongly consider paying cybercriminals, if that’s what it took to help restore encrypted systems
Microsoft’s new AI system finds 16 Windows flaws, including four critical RCEs
Microsoft has unveiled a new AI-driven vulnerability discovery system that identified 16 previously unknown Windows vulnerabilities, including four critical remote code execution flaws, in what security analysts say could mark a major shift in how software vulnerabilities are discovered and remediated. The system, codenamed MDASH, was developed by Microsoft’s Autonomous Code Security team alongsid
Gandara Mental Health Center Settles Class Action Data Breach Lawsuit
Gandara Mental Health Center in Springfield, Massachusetts, has agreed to settle class action litigation stemming from a June 2024 cyberattack […] The post Gandara Mental Health Center Settles Class Action Data Breach Lawsuit appeared first on The HIPAA Journal .
Government to Scrutinize Instructure Over Canvas Disruption, Data Breach
The Committee on Homeland Security has requested to be briefed on the incident and Instructure’s remediation steps. The post Government to Scrutinize Instructure Over Canvas Disruption, Data Breach appeared first on SecurityWeek .
Mt. Spokane Pediatrics Data Breach Affects 32,000 Patients
A cyberattack on Mt. Spokane Pediatrics exposed the data of more than 32,000 patients. Data breaches have also been announced […] The post Mt. Spokane Pediatrics Data Breach Affects 32,000 Patients appeared first on The HIPAA Journal .
Palo Alto bets on identity security for autonomous AI with Idira launch
Palo Alto Networks has launched Idira, a new identity security platform aimed at securing human users, machine identities, and AI agents amid the rising adoption of autonomous AI systems amongst enterprises. The company is positioning Idira as a next-generation identity security platform that goes beyond traditional privileged access management (PAM) systems by applying dynamic privilege controls
Palo Alto Networks bets on identity security for autonomous AI with Idira launch
Palo Alto Networks has launched Idira, a new identity security platform aimed at securing human users, machine identities, and AI agents amid the rising adoption of autonomous AI systems amongst enterprises. The company is positioning Idira as a next-generation identity security platform that goes beyond traditional privileged access management (PAM) systems by applying dynamic privilege controls
London fintech Adfin raises $18 million
London fintech Adfin has raised $18 million in Series A funding to help SME's get paid on time.
Microsoft says some users can't install Office on Windows 365 devices
Microsoft says some customers are experiencing issues downloading and installing Office on their Windows 365 devices. [...]
ClickFix finds a backup plan in PySoxy proxy chains
ClickFix, a one-shot social engineering technique that tricks victims into executing malicious workflows disguised as fixes to technical issues in their systems, has got a persistence upgrade. In a one-off instance, ReliaQuest researchers have spotted an intrusion chain using scheduled tasks, PowerShell-based command-and-control (C2), and a unique abuse of the decade-old open-source proxy tool PyS
Most Remediation Programs Never Confirm the Fix Actually Worked
Security teams have never had better visibility into their environments and never been worse at confirming what they fix stays fixed. Mandiant's M-Trends 2026 report puts the mean time to exploit at an estimated negative seven days. The Verizon 2025 DBIR puts median time to remediate edge device vulnerabilities at 32 days. These numbers have understandably driven the industry toward a clear
716,000 Impacted by OpenLoop Health Data Breach
The telehealth platform was hacked in January, and users’ personal information was exfiltrated from its systems. The post 716,000 Impacted by OpenLoop Health Data Breach appeared first on SecurityWeek .
OpenAI’s GPT-5.5 is as Good as Mythos at Finding Security Vulnerabilities
The UK’s AI Security Institute evaluated GPT-5.5’s ability to find security vulnerabilities, and found that it is comparable to Claude Mythos. Note that the OpenAI model is generally available. Here is the Institute’s evaluation of Mythos. And here is an analysis of a smaller, cheaper model. It requires more scaffolding from the prompter, but it is also just as good.
Global Cyber Agencies Issue New SBOMs for AI Guidance to Tackle AI Supply Chain Risks
The G7 Cybersecurity Working Group releases new SBOM for AI guidance, outlining seven key data clusters to boost transparency and security across AI supply chains
Bank of England uncovers significant trade‑offs in use of DLT for wholesale settlement
After months of trials the Bank of England remains no clearer about the applicability of distributed ledger technology in wholesale payments and settlement, uncovering critial trade-offs in governance, resilience and scalability.
Claude Mythos technical breakdown: CVE-2026-4747 ROP chain, OpenBSD SACK integer overflow, Linux 1-bit OOB-to-root, and what AISLE's reproductions actually showed
[object Object]
CISA’s AI SBOM guidance pushes software supply-chain oversight into new territory
The US Cybersecurity and Infrastructure Security Agency (CISA) and its G7 cyber agency partners have released a list of minimum elements for an AI software bill of materials, a move that could help CISOs assess the security and provenance of AI systems entering enterprise environments. The guidance extends traditional SBOM concepts into AI by calling for documentation of models, datasets, software
Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws
Microsoft on Tuesday released patches for 138 security vulnerabilities spanning its product portfolio, although none of them have been listed as publicly known or under active attack. Of the 138 flaws, 30 are rated Critical, 104 are rated Important, three are rated Moderate, and one is rated Low in severity. As many as 61 vulnerabilities are classified as privilege escalation bugs, followed by
Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises
CVE-2026-40361 is similar to a vulnerability found a decade ago, BadWinmail, which at the time was dubbed an “enterprise killer”. The post Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises appeared first on SecurityWeek .
Jifiti and Peach Finance come together to deliver lending tech to community and regional banks
Jifiti, a leading lending technology provider, and Peach Finance, a modern loan management and servicing platform, announced a strategic partnership to deliver a fully integrated, end-to-end lending solution tailored for community and regional banks across the United States.
Apex Fintech Solutions links with Plaid
Apex Fintech Solutions Inc. (“Apex”), the infrastructure powering modern investing, announced a partnership with Plaid, the data network powering the digital financial ecosystem, in which Apex will integrate multiple Plaid products to help brokerage firms enhance their digital capabilities and deliver superior investor experiences.
Tether to fund developers with grants programme
Tether, the largest company in the digital asset ecosystem, announced today that it is launching a grants program to fund developers building on its open technology stack, with no cap on total payouts, tied to specific technical deliverables.
Breaking things to keep them safe with Philippe Laulheret
Philippe shares his unique journey from French engineering school to the front lines of cybersecurity, explaining how his lifelong love for solving puzzles helps him uncover critical security flaws before they can be exploited.
The Payments Association appoints Emma Banymandhub as CEO
The Payments Association, a trade body representing over 250 member organisations in the financial services sector, has appointed Emma Banymandhub as Chief Executive Officer.
Kroo Bank acquires loan portfolio of specialist bridging lender Glenhawk
Fully licensed digital bank Kroo has completed a loan portfolio acquisition and entered into a forward flow funding arrangement with specialist bridging lender Glenhawk to support future lending across the UK property market.
Fortinet, Ivanti Patch Critical Vulnerabilities
Successful exploitation of these flaws could lead to arbitrary code execution and information disclosure. The post Fortinet, Ivanti Patch Critical Vulnerabilities appeared first on SecurityWeek .
BBVA and Goldman Sachs back new OpenAI company
OpenAI has secured the backing of 19 investment firms to launch the OpenAI Deployment Company, a new standalone venture designed to help organizations build and deploy AI systems fro complex workflows.
Digital asset operating system Virtex selects Gold-i as first integration partner
Virtex Technologies, an operating system for digital asset brokerages, has selected Gold-i, a global leader in FX and crypto trading technology, as its first integration partner.
Dark web traders selling stolen UK payment cards for just £9
Stolen forms of ID and payment details are being traded on the dark web for less than a tenner, according to new data published by the cybersecurity firm NordVPN.
UK Cybersecurity Market Expands to £14.7bn with Strong Growth in AI Security Firms
UK cybersecurity sector reaches £14.7bn in revenue, driven by rapid growth in AI security firms, increased investment and rising employment across the industry
Chipmaker Patch Tuesday: Intel and AMD Patch 70 Vulnerabilities
The two chip giants have published over two dozen advisories describing recently identified security defects. The post Chipmaker Patch Tuesday: Intel and AMD Patch 70 Vulnerabilities appeared first on SecurityWeek .
Microsoft Fixes 17 Critical Flaws in May Patch Tuesday
Microsoft has patched 120 vulnerabilities in this month’s security update round
GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data
Cybersecurity researchers are calling attention to a new campaign dubbed GemStuffer that has targeted the RubyGems repository with more than 150 gems that use the registry as a data exfiltration channel rather than for malware distribution. "The packages do not appear designed for mass developer compromise," Socket said. "Many have little or no download activity, and the payloads are repetitive,
Google entdeckt erstmals KI-basierten Zero-Day-Exploit
Willkommen im neuen, KI-geschwängerten Bedrohungszeitalter. Gorodenkoff / Shutterstock Die Google Threat Intelligence Group (GTIG) warnt davor, dass kriminelle Hacker mittlerweile KI einsetzen – sowohl, um Schwachstellen aufzuspüren, als auch um anschließend Malware zu entwickeln, die diese aktiv ausnutzt. Der Anlass: Im Rahmen der eingehenden Analyse einer Angriffskampagne prorussischer Hacker ha
Hundreds of Malicious Packages Force RubyGems to Suspend Registrations
More than 500 packages were pushed during the attack, but the target appears to have been RubyGems itself rather than users. The post Hundreds of Malicious Packages Force RubyGems to Suspend Registrations appeared first on SecurityWeek .
Android Adds Intrusion Logging for Sophisticated Spyware Forensics
Google on Tuesday unveiled a new opt-in Android feature called Intrusion Logging for storing forensic logs to better analyze sophisticated spyware attacks. Intrusion Logging, available as part of Advanced Protection Mode, enables "persistent and privacy-preserving forensics logging to allow for investigation of devices in the event of a suspected compromise," the company said. The feature, it
ICS Patch Tuesday: New Security Advisories From Siemens, Schneider, CISA
Many ICS vendors have not released new advisories for the May 2026 Patch Tuesday. The post ICS Patch Tuesday: New Security Advisories From Siemens, Schneider, CISA appeared first on SecurityWeek .
[GUEST DIARY] Tearing apart website fraud to see how it works., (Wed, May 13th)
&#;x26;#;x5b;This is a Guest Diary by Joshua Nikolson, an ISC Intern and part of the SANS.edu Bachelor&#;x26;#;39;s degree in Applied Cybersecurity (BACS) program.]
Rhode Island Finalizes $12 Million Settlement With Deloitte Consulting Over RIBridges Cyberattack
An agreement has been reached between the state of Rhode Island and Deloitte Consulting LLP that will see the professional […] The post Rhode Island Finalizes $12 Million Settlement With Deloitte Consulting Over RIBridges Cyberattack appeared first on The HIPAA Journal .
Linux Defenders Face Patch and Exploit Race
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/linux-defenders-face-patch-exploit-race-image_small-2-a-31669.jpg" align=right hspace=4><b>Kernel Privilege Escalation Has One Linux Maintainer Contemplating a 'Kill Switch'</b><br>Back-to-back kernel vulnerabilities in Linux has defenders scrambling to apply defenses in the age of quick turnaround time for hackers to exploit nasc
US FCC Lets Consumer Routers Receive Updates Through 2028
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/us-fcc-lets-consumer-routers-receive-updates-through-2028-image_small-7-a-31668.jpg" align=right hspace=4><b>Agency Grants Routers a 18-Month Reprieve From Obsolesce</b><br>The U.S. Federal Communications Commission extended through Jan. 1, 2029, a waiver allowing foreign-made routers already approved for use in the United States
Frame Security Debuts With $50M for Human-Centric Protection
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/frame-security-debuts-50m-for-human-centric-protection-image_small-9-a-31667.jpg" align=right hspace=4><b>Frame's AI Models Build Contextualized Security Lessons Automatically in Minutes</b><br>Frame Security, founded by former Wiz product and sales leader Tal Shlomo, emerged from stealth with $50 million to build AI-generated cyb
Why Cyber Insurance Faces New AI Liability Risks
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/cyber-insurance-faces-new-ai-liability-risks-image_small-8-a-31666.jpg" align=right hspace=4><b>Josephine Wolff on Why Healthcare Must Scrutinize Cyber and AI Coverage</b><br>Healthcare organizations face growing pressure to reassess cyber insurance policies as cyberattacks disrupt patient care and AI tools introduce new liability
Der Kaufratgeber für Breach & Attack Simulation Tools
Breach & Attack Simulation Tools geben Aufschluss darüber, wie gut (oder schlecht) Ihre Sicherheitskontrollen funktionieren. Roman Samborskyi | shutterstock.com Lösungen im Bereich Breach & Attack Simulation (BAS) unterstützen Unternehmen dabei, ihr Sicherheitsniveau zu verstehen . Dazu automatisieren die Tools die Tests spezifischer Bedrohungsvektoren. Als Grundlage dienen dabei in der Regel das
Proxying the Unproxyable? Sending EXE traffic to a Proxy, (Wed, May 13th)
.. if “unproxyable” is a word that is ..
May Patch Tuesday roundup: Critical holes in Windows Netlogon, DNS, and SAP S/4HANA
Critical vulnerabilities in Windows Server’s networking and identity infrastructure, as well as a serious hole in Microsoft Dynamics 365 on-premises version, highlight Microsoft’s May Patch Tuesday fixes. They are among the 118 vulnerabilities identified this month by the company. Some in cloud-based services like Azure and Microsoft Teams have already been fixed, so no admin action is needed. But
Patch Tuesday - May 2026
Microsoft is publishing 137 vulnerabilities on May 2026 Patch Tuesday . Microsoft is not aware of exploitation in the wild or public disclosure for any of these vulnerabilities. So far this month, Microsoft has provided patches to address 133 browser vulnerabilities, which are not included in the Patch Tuesday count above. Windows Netlogon: critical RCE Anyone responsible for securing a domain con
Palm payments startup Five ID raises $6 million
Five ID, a London-based startup founded by two former Revoluters, has raised $6 million to support the launch of its palm-based biometric payment system.
BaFin preps IT spotlight inspections amidst growing AI cybersecurity risks
German financial regulator BaFin is setting up a division to carry out targeted inspections at firms as it seeks to ward of the threat of AI-enabled cyber attacks on the sector.
Google adds Affirm and Klarna BNPL options for AI shopping
Americans shopping in the Gemini app or Google Search, including AI mode, will soon be able to pay using BNPL options from Klarna and Affirm via Google Pay.
US govt seeks Instructure testimony on massive Canvas cyberattack
The U.S. House Committee on Homeland Security is calling on Instructure executives to testify about two cyberattacks by the ShinyHunters extortion group that targeted the company's Canvas platform, allowing threat actors to steal student data and disrupt schools during final exams. [...]
NVD CRITICAL: CVE-2026-44015 — Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier,...
Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated user can perform Server-Side Request Forgery (SSRF) by creating a cluster node pointing to an arbitrary internal URL and then sending API requests with the X-Node-ID header. The Proxy middleware forwards these requests to the attacker-specified internal address, bypassing network segmentation and enab
Patch Tuesday, May 2026 Edition
Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month with some of the more widely-used software makers -- including Apple, Google, Microsoft, Mozilla and Oracle -- fixing near record volumes of security bugs,
‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack
The campaign hit major registries and hid behind legitimate-looking release signatures, showing how attackers can weaponize the software update process itself. The post ‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack appeared first on CyberScoop .
Major world economies spell out key elements of AI ‘ingredients list’
Experts on the topic say the G7 guidance is good, but could still use some improvements. The post Major world economies spell out key elements of AI ‘ingredients list’ appeared first on CyberScoop .
EquiLend acquires securities finance research and consultancy firm Finadium
EquiLend, a global leader in securities finance technology, data, and analytics, today announced the acquisition of Finadium, a premier research and consultancy firm serving the securities finance, repo, collateral, and capital markets infrastructure industries.
It's Patch Tuesday for Microsoft and Not a Zero-Day In Sight
It's the first time in two years with no zero-days. But with 137 flaws to patch, including nine critical ones, admins still have plenty of work to do.
It's Patch Tuesday for Microsoft & Not a Zero-Day In Sight
It's the first time in two years with no zero-days. But with 137 flaws to patch, including nine critical ones, admins still have plenty of work to do.
Microsoft addresses 137 vulnerabilities in May’s Patch Tuesday, including 13 rated critical
The high volume of vulnerabilities reflects a growing trend researchers have been anticipating as artificial intelligence models are deployed to find previously uncovered defects in code. The post Microsoft addresses 137 vulnerabilities in May’s Patch Tuesday, including 13 rated critical appeared first on CyberScoop .
UK fines water supplier $1.3M for exposing data of 664k customers
The Information Commissioner's Office has fined South Staffordshire Water Plc and parent company South Staffordshire Plc £963,900 ($1.3 million) over a cyberattack that exposed the personal data of 663,887 customers and employees. [...]
Microsoft Patch Tuesday for May 2026 — Snort rules and prominent vulnerabilities
Microsoft has released its monthly security update for May 2026, which includes 112 vulnerabilities affecting a range of products, including 16 that Microsoft marked as “critical”.
Foxconn confirms cyberattack impacting North American factories
A spokesperson for the company confirmed the incident but declined to provide specifics on how many factories in North America were impacted. Foxconn has factories in Wisconsin, Ohio, Texas, Virginia, Indiana and several across Mexico.
Microsoft and Adobe Patch Tuesday, May 2026 Security Update Review
May 2026’s Patch Tuesday arrives with Microsoft addressing a fresh set of vulnerabilities across its ecosystem, reinforcing the ongoing need for timely patching in an increasingly threat-heavy landscape. Here’s a quick breakdown of what you need to know. Microsoft Patch Tuesday for May 2026 This month’s release addresses 137 vulnerabil
Congressman launches inquiry into how food retailers use surveillance pricing
The letter noted that many Americans are unaware that their data is being used to set variable prices, a trend that is particularly pervasive for online shoppers.
Signal adds security warnings for social engineering, phishing attacks
Signal has introduced new in-app confirmations and warning messages as additional safeguards against phishing and social engineering attempts that could lead to various forms of fraud. [...]
NVD CRITICAL: CVE-2026-34660 — Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by an Inco...
Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue re
NVD CRITICAL: CVE-2026-34659 — Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by a Deser...
Adobe Connect versions 2025.9.15, 2025.8.157 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to execute arbitrary code. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with
West Pharmaceutical warns of ransomware attack impacting business operations
West Pharmaceutical Services filed a report with the Securities and Exchange Commission (SEC) on Monday evening warning customers that a hacker breached the company network on May 4, stole data and encrypted systems.
Microsoft releases Windows 10 KB5087544 extended security update
Microsoft has released the Windows 10 KB5087544 extended security update to fix the May 2026 Patch Tuesday vulnerabilities and resolve an issue with the new Remote Desktop warnings. [...]
Microsoft May 2026 Patch Tuesday, (Tue, May 12th)
Today&#;x26;#;39;s Microsoft patch Tuesday fixes 137 different vulnerabilities. In addition, the update addresses 137 Chromium-related issues affecting Microsoft Edge.
Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator
Fortinet has released security patches for two critical vulnerabilities in FortiSandbox and FortiAuthenticator that could enable attackers to run commands or arbitrary code. [...]
NVD CRITICAL: CVE-2026-41103 — Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for...
Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network.
NVD CRITICAL: CVE-2026-41096 — Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attac...
Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.
NVD CRITICAL: CVE-2026-41089 — Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker ...
Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.
NVD CRITICAL: CVE-2026-40402 — Use after free in Windows Hyper-V allows an unauthorized attacker to elevate pri...
Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.
NVD CRITICAL: CVE-2026-40379 — Exposure of sensitive information to an unauthorized actor in Azure Entra ID all...
Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network.
NVD CRITICAL: CVE-2026-33821 — Improper privilege management in Microsoft Dynamics 365 Customer Insights allows...
Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network.
NVD CRITICAL: CVE-2026-33117 — Improper authentication in Azure SDK allows an unauthorized attacker to bypass a...
Improper authentication in Azure SDK allows an unauthorized attacker to bypass a security feature over a network.
NVD HIGH: CVE-2026-33110 — Deserialization of untrusted data in Microsoft Office SharePoint allows an autho...
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
NVD HIGH: CVE-2026-32204 — External control of file name or path in Azure Monitor Agent allows an authorize...
External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
NVD HIGH: CVE-2026-32161 — Concurrent execution using shared resource with improper synchronization ('race ...
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent network.
NVD HIGH: CVE-2026-20767 — Improper input validation for some Intel(R) QAT software drivers for Windows bef...
Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without
NVD HIGH: CVE-2026-20714 — Out-of-bounds write for some Intel(R) QAT software drivers for Windows before ve...
Out-of-bounds write for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without specia
Windows 11 KB5089549 & KB5087420 cumulative updates released
Microsoft has released Windows 11 KB5089549 and KB5087420 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. [...]
Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-days
Today is Microsoft's May 2026 Patch Tuesday, with security updates for 120 flaws and no zero-days disclosed this month. [...]
Microsoft Patches 137 Vulnerabilities
Fresh security updates resolve critical flaws in Azure, Windows, Dynamics 365, and the SSO Plugin for Jira & Confluence. The post Microsoft Patches 137 Vulnerabilities appeared first on SecurityWeek .
Corpay partners BVNK to add stablecoin wallets for global customers
Corpay, Inc. (NYSE: CPAY), the leading corporate payments company, today announced that it is partnering with stablecoin infrastructure platform BVNK to provide stablecoin wallets and settlement capabilities to its global customer base.
Visa and Zilch bring flexible card payments to UK
Visa is working with UK BNPL provider and processing platform Thredd to enable issuers to offer flexible payment options through cards.
EcoFlow signs for Worldline Global Collect platform
Worldline, a European leader in payment services, and EcoFlow, a leading provider of smart home energy storage solutions, today announced a strategic partnership to enhance EcoFlow's global payment infrastructure and accelerate its expansion across the US, UK, Europe and new international markets.
Dead.Letter (CVE-2026-45185) How XBOW found an unauthenticated RCE on Exim
[object Object]
Exaforce Raises $125 Million for Agentic SOC Platform
Exaforce has raised a total of $200 million and plans on using the latest investment for product development and international expansion. The post Exaforce Raises $125 Million for Agentic SOC Platform appeared first on SecurityWeek .
Mistral AI SDK, TanStack Router hit in npm software supply chain attack
The TeamPCP threat group has pulled off another big supply chain attack which within a few hours this week was able to successfully compromise 170 Node Package Manager (npm) and PyPI packages. The attack affected the entire TanStack Router ecosystem (@tanstack) of 42 packages, a routing library hugely popular among React web application developers. Multiple other packages were also affected, inclu
Škoda warns of customer data breach after online shop hack
Škoda Auto, a wholly owned subsidiary of the Volkswagen Group, has disclosed a data breach after attackers hacked its online shop and stole the personal information of an undisclosed number of customers. [...]
Android 17 to expand banking scam call and privacy protections
Android 17, expected to roll out next month, will introduce several security and privacy features focused on device theft, threat detection, and banking scam calls. [...]
Google and Amnesty International teamed up to make it harder for spyware vendors to hide
Intrusion Logging marks the first feature from a major device vendor to aid with forensic detection of sophisticated threats, Amnesty International said. The post Google and Amnesty International teamed up to make it harder for spyware vendors to hide appeared first on CyberScoop .
European countries are exporting surveillance tech to countries with poor human rights records, report says
The report, released by the advocacy group Human Rights Watch on Tuesday, alleges that the European Commission has failed to effectively police member states' surveillance tech sales despite the 2021 implementation of updated bloc-wide export rules designed to rein in the practice.
Adobe Patches 52 Vulnerabilities in 10 Products
While none of the flaws have been exploited in the wild, many of them could lead to arbitrary code execution. The post Adobe Patches 52 Vulnerabilities in 10 Products appeared first on SecurityWeek .
New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution
Exim has released security updates to address a severe security issue affecting certain configurations that could enable memory corruption and potential code execution. Exim is an open-source Mail Transfer Agent (MTA) designed for Unix-like systems to receive, route, and deliver email. The vulnerability, tracked as CVE-2026-45185, aka Dead.Letter, has been described as a use-after-free
OCR Reports to Congress on HIPAA Compliance and Data Breaches in 2023
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has submitted a pair of reports to […] The post OCR Reports to Congress on HIPAA Compliance and Data Breaches in 2023 appeared first on The HIPAA Journal .
NVD CRITICAL: CVE-2026-34187 — Improper Neutralization of Special Elements used in an SQL Command vulnerability...
Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via graph container parameter. This issue affects Pandora FMS: from 777 through 800
NVD HIGH: CVE-2026-31223 — The snorkel library thru v0.10.0 contains a critical insecure deserialization vu...
The snorkel library thru v0.10.0 contains a critical insecure deserialization vulnerability (CWE-502) in the BaseLabeler.load() method of the BaseLabeler class. The method loads serialized labeler models using the unsafe pickle.load() function on user-supplied file paths without any validation or security controls. Python's pickle module is inherently dangerous for deserializing untrusted data, as
NVD HIGH: CVE-2026-31222 — The snorkel library thru v0.10.0 contains an insecure deserialization vulnerabil...
The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability (CWE-502) in the Trainer.load() method of the Trainer class. The method loads model checkpoint files using torch.load() without enabling the security-restrictive weights_only=True parameter. This default behavior allows the deserialization of arbitrary Python objects via the Pickle module. A remote attacker can exp
NVD HIGH: CVE-2026-31221 — PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization...
PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability (CWE-502) in the checkpoint loading mechanism. The LightningModule.load_from_checkpoint() method, which is commonly used to load saved model states, internally calls torch.load() without setting the security-restrictive weights_only=True parameter. This default behavior allows the deserialization of arbi
NVD HIGH: CVE-2026-30810 — Server-Side Request Forgery vulnerability allows Privilege Escalation via API Ch...
Server-Side Request Forgery vulnerability allows Privilege Escalation via API Checker extension. This issue affects Pandora FMS: from 777 through 800
NVD HIGH: CVE-2026-30808 — Session Fixation vulnerability allows Session Hijacking via crafted session ID. ...
Session Fixation vulnerability allows Session Hijacking via crafted session ID. This issue affects Pandora FMS: from 777 through 800
NVD HIGH: CVE-2026-30807 — Cross-Site Request Forgery vulnerability allows an attacker to perform unauthori...
Cross-Site Request Forgery vulnerability allows an attacker to perform unauthorized actions via crafted web page. This issue affects Pandora FMS: from 777 through 800
NVD CRITICAL: CVE-2026-30805 — Insecure Default Initialization of Resource vulnerability allows Authentication ...
Insecure Default Initialization of Resource vulnerability allows Authentication Bypass via API access. This issue affects Pandora FMS: from 777 through 800
Payfinia names Keith Riddle CEO
Payfinia, an independent payment services firm providing an open framework, today announced the appointment of Keith Riddle as Chief Executive Officer.
Ualett launches rewards package for gig workers
Ualett, the leading financial technology platform serving gig workers, announced the launch of Ualett Rewards, a new loyalty program designed to recognize and reward clients for their engagement and financial activity.
White Circle Raises $11 Million for AI Control Platform
The startup will invest in accelerating product development, hiring new talent, and expanding its customer base. The post White Circle Raises $11 Million for AI Control Platform appeared first on SecurityWeek .
US bank reports itself for revealing customer data to unauthorized AI application
Connor Jones reports: A US commercial bank just tattled on itself to the Securities and Exchange Commission (SEC) for plugging a bunch of customer data into an unauthorized AI application. Community Bank, which operates in southwestern Pennsylvania, Ohio, and West Virginia, filed an 8-K with the regulator on Monday, saying it launched an investigation into the internal... Source
NVD HIGH: CVE-2026-7432 — A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally a...
A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEM
NVD HIGH: CVE-2026-43983 — Pocket ID is an OIDC provider that allows users to authenticate with their passk...
Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. Prior to 2.6.0, The createTokenFromRefreshToken function (oidc_service.go) validates the refresh token's cryptographic integrity but does not re-validate the user's current authorization state before issuing new tokens. This allows (1) the client to refresh the token indefinitely after authorizati
OpenAI Launches 'Daybreak' to Help Build Secure By Design Software
With Daybreak, OpenAI wants its frontier AI models to be used to deploy secure by design software from the ground up
RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded
RubyGems, the standard package manager for the Ruby programming language, has temporarily paused account sign ups following what has been described as a "major malicious attack." "We're dealing with a major malicious attack on Ruby Gems right now," Maciej Mensfeld, senior product manager for software supply chain security at Mend.io, said in a post on X. "Signups are paused for the time being.
Mini Shai-Hulud Hits TanStack npm Packages
Mini Shai-Hulud compromises TanStack npm packages and spreads across PyPI
BWH Hotels Says Hackers Had Access to Reservation Data for 6 Months
Threat actors obtained names and contact information for an unspecified number of BWH Hotels guests. The post BWH Hotels Says Hackers Had Access to Reservation Data for 6 Months appeared first on SecurityWeek .
Taceo brings privacy to x402 payments
TACEO, the company building software for secure computation on encrypted data, today releases a working implementation of confidential payments for x402, the open payment standard developed by Coinbase and Cloudflare and now governed by the Linux Foundation.
Hugging Face Packages Weaponized With a Single File Tweak
A tokenizer library file present in Hugging Face AI models can be manipulated to hijack the model's outputs and exfiltrate data.
Homeland Security wants to know about the Instructure breach; we still want to know about the Navigate360 breach
Breaches involving school-related vendors such as PowerSchool and Instructure are causing major headaches for schools, students, and parents. They are also getting more attention from Congress. While some breaches have not exposed core data or personal information of students or personnel, other breaches, such as those involving PowerSchool and Navigate360’s P3 Campus, have involved sensitiv
Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware
CRPx0 is a complex, stealthy malware campaign that targets macOS and Windows systems, and appears to have Linux capabilities in development. The post Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware appeared first on SecurityWeek .
Broadridge expands tokenization capabilities
Broadridge Financial Solutions, Inc. (NYSE: BR), a global fintech leader, today announced a comprehensive expansion of its tokenization capabilities, providing institutional firms the infrastructure to operate across tokenized and traditional securities on a single, integrated platform.
Malaysia's Ryt bank siggns with tencent Cloud for AI push
Tencent Cloud, the cloud business of global technology company Tencent, today announced it has partnered with Ryt Bank, the world’s first AI-powered bank in Malaysia, delivers a conversational banking experience for everyday payments.
Wise debuts US listing on Nasdaq
Wise (Nasdaq:WSE, LSE:WISE), the global technology company building the best way to move and manage the world’s money, today announces its listing on Nasdaq, with trading to commence at 9:30am ET.
Deal Reached With Hackers to Delete Data Stolen From the Canvas Educational Platform
The company that operates online learning system Canvas said it struck a deal with hackers to delete the data they pilfered in a cyberattack that created chaos for students, many of them in the middle of finals. The post Deal Reached With Hackers to Delete Data Stolen From the Canvas Educational Platform appeared first on SecurityWeek .
How Rapid7 is bringing Cyber GRC closer to security operations
Sabeen Malik is VP, Global Government Affairs and Public Policy at Rapid7. ⠀ Security teams need a better way to connect what they detect, what they fix, and what they can prove. The pace of modern security operations no longer works in defenders’ favor. IBM’s Cost of a Data Breach Report 2025 found that the mean time to identify and contain a breach is now 241 days, even as AI and automation help
SoFi buys PrimaryBid assets
US fintech SoFi Technologies has acquired the assets of UK retail investor platform PirmaryBid. Terms have not been disclosed.
OpenAI introduces Daybreak cyber platform, takes on Anthropic Mythos
OpenAI has unveiled Daybreak, its answer to Anthropic’s Claude Mythos, amid a growing market for frontier AI-powered cyber defense platforms. The initiative combines OpenAI’s large language models, Codex’s agentic capabilities, and integrations with the broader enterprise security ecosystem. The company said Daybreak is focused on accelerating cyber defense operations and enabling organizations to
Instructure pays ransom after Canvas incident as Congress announces investigation
The company said its agreement with the hackers involved their data being “returned” to them and digital confirmation of data destruction.
End‑to‑End Encrypted RCS Messaging Arrives Across iPhone and Android
Apple begins rolling out end-to-end encrypted RCS messaging between iPhone and Android in iOS 26.5
West Pharmaceutical Services Hit by Disruptive Ransomware Attack
The company took systems offline globally after hackers exfiltrated data and deployed file-encrypting ransomware. The post West Pharmaceutical Services Hit by Disruptive Ransomware Attack appeared first on SecurityWeek .
New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots
Cybersecurity researchers have flagged a new version of the TrickMo Android banking trojan that uses The Open Network (TON) for command-and-control (C2). The new variant, observed by ThreatFabric between January and February 2026, has been observed actively targeting banking and cryptocurrency wallet users in France, Italy, and Austria. "TrickMo relies on a runtime-loaded APK (dex.module),
Apple Patches Dozens of Vulnerabilities in macOS, iOS
The tech giant has also ported the patch for a recent deleted chats recovery issue to older versions of iOS. The post Apple Patches Dozens of Vulnerabilities in macOS, iOS appeared first on SecurityWeek .
SAP Patches Critical S/4HANA, Commerce Vulnerabilities
The flaws could allow attackers to inject malicious code, leading to information disclosure and code execution. The post SAP Patches Critical S/4HANA, Commerce Vulnerabilities appeared first on SecurityWeek .
Software Bill of Materials for AI - Minimum Elements
<p>CISA and the Group of Seven (G7) international partners—Germany, Canada, France, Italy, Japan, the United Kingdom, and the European Union—have released joint guidance, <a href="https://bsi.bund.de/SharedDocs/Downloads/EN/BSI/KI/SBOM-for-AI_minimum-elements.html" target="_blank"><em>Software Bill of Materials for AI – Minimum Elements</em></a>, to help public and private sector stakeholders impr
ABB Automation Builder Gateway for Windows
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-132-04.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>ABB became aware of severe vulnerability in the products versions listed as affected in the advisory. The Windows gateway is accessible remotely by default. Unauthenticated attackers can therefore search for PLCs, but the user managem
Fuji Electric Tellus
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-132-01.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of this vulnerability could allow an attacker to elevate privileges from user to system, which may then enable the attacker to cause a temporary denial of service, open files, or delete files.</strong></p> <p>T
Attackers Combine ClickFix With PySoxy Proxying to Maintain Persistence
Exploitation of open-source tools allows attackers to maintain persistent access after initial social engineering, warn ReliaQuest researchers
ABB WebPro SNMP Card PowerValue Multiple Vulnerabilities
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-132-06.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>ABB became aware of multiple internally discovered vulnerabilities in the WebPro SNMP card PowerValue for the product versions listed as affected in the advisory. Depending upon the vulnerability, an attacker with access to local netw
ABB AC500 V3 Stack Buffer Overflow in Cryptographic Message Syntax
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-132-05.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>ABB became aware of vulnerability in the products versions listed as affected in the advisory. An update is available that resolves publicly reported vulnerability. An attacker who successfully exploited these vulnerabilities could ca
Subnet Solutions PowerSYSTEM Center
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-132-02.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of these vulnerabilities could allow an authenticated attacker to expose sensitive information or cause a CRLF injection.</strong></p> <p>The following versions of Subnet Solutions PowerSYSTEM Center are affect
ABB AC500 V3 Multiple Vulnerabilities
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-132-03.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>ABB became aware of severe vulnerability in the products versions listed as affected in the advisory. An update is available that resolves these vulnerabilities. An attacker who successfully exploited these vulnerabilities could bypas
Fake Claude Code takes the IElevator to your browser secrets
Developers looking for Anthropic’s increasingly popular Claude Code tool are now being lured into downloading malware. According to researchers at Ontinue, attackers are abusing a fake Claude Code installer to deliver a previously undocumented PowerShell payload. The malware is designed to evade detection, recover browser encryption material, and steal sensitive data from developer systems. “Devel
Shai Hulud attack ships signed malicious TanStack, Mistral npm packages
Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering credential-stealing malware targeting developers. [...]
Moneyline selects NatWest Payit for variable recurring payments
East Lancashire Moneyline, the UK‑based not‑for‑profit social lender, has partnered with Payit by NatWest, NatWest Group’s Open Banking payments business, to introduce a more flexible, customer‑controlled way for borrowers to repay their loans using Variable Recurring Payments (VRP).
NVD HIGH: CVE-2026-2465 — Incorrect Authorization vulnerability in E-Kalite Software Hardware Engineering ...
Incorrect Authorization vulnerability in E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd. Co. Turboard FOR-S allows Privilege Escalation. This issue affects Turboard FOR-S: from 7.01.2026 before 18.02.2026.
Claude Mythos Finds Only One Curl Vulnerability; Experts Divided on What It Really Means
Curl’s lead developer says Mythos claims are marketing, but many in the industry believe the results stem from Curl’s robust security. The post Claude Mythos Finds Only One Curl Vulnerability; Experts Divided on What It Really Means appeared first on SecurityWeek .
Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply Chain
Hundreds of npm packages infected by the self-propagating, credential-stealing worm from TeamPCP are related to the open source TanStack ecosystem.
Copy.Fail Linux Vulnerability
This is the worst Linux vulnerability in years. TL;DR copy.fail is a Linux kernel local privilege escalation, not a browser or clipboard attack. Disclosed by Theori on 29 April 2026 with a working PoC. It abuses the kernel crypto API (AF_ALG sockets) plus splice() to write four bytes at a time straight into the page cache of a file the attacker does not own. The exploit works unmodified across Ubu
NatWest selects eight AI-driven fintechs for 2026 innovation programme
In a reflection of the growing importance of artificial intelligence in banking, NatWest has selected eight AI-focused fintechs to explore collaboration opportunities with the UK bank.
SAP fixes critical vulnerabilities in Commerce Cloud and S/4HANA
SAP has released the May 2026 security updates addressing 15 vulnerabilities across multiple products, including two critical flaws in the Commerce Cloud enterprise-grade e-commerce platform and the S/4HANA ERP suite. [...]
Axiology appoints Laurin Bylica as chief commercial officer
Axiology, one of Europe’s first regulated DLT Trading & Settlement Systems, has appointed Laurin Bylica as Chief Commercial Officer.
Is The SOC Obsolete, And We Just Haven’t Admitted It Yet?
Many AI-first enterprises have already embraced sovereign architectures for general AI initiatives; cybersecurity—and the SOC—should be next. The post Is The SOC Obsolete, And We Just Haven’t Admitted It Yet? appeared first on SecurityWeek .
Go fuzzing was missing half the toolkit. We forked the toolchain to fix it.
<p>Go’s native fuzzing is useful, but it stands far behind state-of-the-art tooling that the Rust, C, and C++ ecosystems offer with LibAFL and AFL++. Path constraints are hard to solve. Structured inputs usually need handmade parsing. It doesn’t even detect several common bug classes, such as integer overflows, goroutine leaks, data races, and execution timeouts. So to make it better, we bui
Why Agentic AI Is Security's Next Blind Spot
Agentic AI is already running in production environments across many organizations today. It is executing tasks, consuming data, and taking actions — most likely without meaningful involvement from the security team. The industry conversation has largely framed this as a question of policy: allow it, restrict it, or monitor it? However, that framing misses the point. The more urgent
cPanel flaw exposes enterprises to hosting supply-chain risks
A newly disclosed cPanel vulnerability is being exploited at scale, giving attackers a route into web hosting environments that many enterprises may not monitor closely. Analysts say the risk highlights weak visibility into hosting supply chains. The flaw, tracked as CVE-2026-41940, has been used to deploy backdoors, plant SSH keys, steal credentials, and compromise hosting systems, according to r
Jonathan Carter joins FIA Tech as chief product officer
FIA Tech, a leading futures industry technology provider, today announced that Jonathan Carter has joined the firm in the newly created role of Chief Product Officer, a global role based in London.
NVD HIGH: CVE-2026-6001 — Authorization bypass through User-Controlled key vulnerability in ABIS Technolog...
Authorization bypass through User-Controlled key vulnerability in ABIS Technology Ltd. Co. BAPSİS allows Exploitation of Trusted Identifiers. This issue affects BAPSİS: before v.202604152042.
NVD HIGH: CVE-2026-44412 — A vulnerability has been identified in Solid Edge SE2026 (All versions < V226.0 ...
A vulnerability has been identified in Solid Edge SE2026 (All versions < V226.0 Update 5). The affected applications contain a stack based overflow vulnerability while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.
NVD HIGH: CVE-2026-44411 — A vulnerability has been identified in Solid Edge SE2026 (All versions < V226.0 ...
A vulnerability has been identified in Solid Edge SE2026 (All versions < V226.0 Update 5). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process.
NVD CRITICAL: CVE-2026-41551 — A vulnerability has been identified in ROS# (All versions < V2.2.2). Affected ve...
A vulnerability has been identified in ROS# (All versions < V2.2.2). Affected versions contain a path traversal vulnerability because user input is not properly sanitized. This could allow a remote attacker to access arbitrary files on the device.
NVD HIGH: CVE-2026-33893 — A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.00...
A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012), Teamcenter V2412 (All versions < V2412.0009), Teamcenter V2506 (All versions < V2506.0005), Teamcenter V2512 (All versions). The affected application contains hardcoded key which is used for obfuscation stored directly into the application. This could allow an attacke
NVD HIGH: CVE-2026-33862 — A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.00...
A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012), Teamcenter V2412 (All versions < V2412.0009), Teamcenter V2506 (All versions < V2506.0005), Teamcenter V2512 (All versions). The affected application does not properly encode or filter user-supplied data. This could allow an attacker to inject malicious code that can b
NVD HIGH: CVE-2026-27662 — Affected devices do not properly restrict access to the web browser via the Cont...
Affected devices do not properly restrict access to the web browser via the Control Panel when no corresponding security mechanisms are in place. This could allow an unauthenticated attacker to gain unauthorized access to the web browser, potentially enabling the discovery of backdoors, performing unauthorized actions, or exploiting misconfigurations that may lead to further system compromise.
NVD HIGH: CVE-2026-25789 — Affected devices do not properly validate and sanitize filenames on the Firmware...
Affected devices do not properly validate and sanitize filenames on the Firmware Update page. This could allow a remote attacker to social engineer the user into selecting the modified firmware file to be uploaded. This would result in malitcious JavaScript execution in the context of the authenticated user's session without requiring the file to be uploaded, potentially leading to session hijack
NVD CRITICAL: CVE-2026-25787 — Affected devices do not properly validate and sanitize Technology Object (TO) na...
Affected devices do not properly validate and sanitize Technology Object (TO) name rendered on the "Motion Control Diagnostics" page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the page. If a benign user with appropriate rights accesses the "Motion Control Diagnostics" parameters pa
NVD CRITICAL: CVE-2026-25786 — Affected devices do not properly validate and sanitize PLC/station name rendered...
Affected devices do not properly validate and sanitize PLC/station name rendered on the "communication" parameters page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the page. If a benign user with appropriate rights accesses the "communication" parameters page, the malicious code wo
NVD HIGH: CVE-2026-22925 — A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). Th...
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). The affected application is susceptible to resource exhaustion when subjected to high volume of TCP SYN packets This could allow an attacker to render the service unavailable and cause denial-of-service conditions by overwhelming system resources.
NVD CRITICAL: CVE-2026-22924 — A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). Th...
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). The affected application does not properly restrict unauthenticated connections and is susceptible to resource exhaustion conditions. This could allow an attacker to disrupt normal operations or perform unauthorized actions, potentially impacting system availability and integrity.
NVD CRITICAL: CVE-2025-6577 — Improper neutralization of special elements used in an SQL command ('SQL injecti...
Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows SQL Injection. This issue affects E-Commerce Website: before 4.5.001.
NVD CRITICAL: CVE-2025-40949 — A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.1...
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1500 (All versions < V2.17.1), RUGGEDCOM ROX RX1501 (All versions < V2.17.1), RUGGEDCOM ROX RX1510 (All versions < V2.17.1), RUGGEDCOM ROX RX1511 (All versions < V2.17.1), RUGGEDCOM ROX RX1512 (All vers
NVD HIGH: CVE-2025-40947 — A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.1...
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1500 (All versions < V2.17.1), RUGGEDCOM ROX RX1501 (All versions < V2.17.1), RUGGEDCOM ROX RX1510 (All versions < V2.17.1), RUGGEDCOM ROX RX1511 (All versions < V2.17.1), RUGGEDCOM ROX RX1512 (All vers
NVD HIGH: CVE-2025-40946 — A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blu...
A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blueplanet 100 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 105 TL3 (All versions), blueplanet 105 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 110 TL3 (All versions), blueplanet 125 NX3 M11 (All versions), blueplanet 125 TL3 (All versions), blueplanet 125 TL3 GEN2 (All versions < V6.1.4.9), blueplanet 137 TL3 (All ve
NVD HIGH: CVE-2025-40833 — The affected devices contain a null pointer dereference vulnerability while proc...
The affected devices contain a null pointer dereference vulnerability while processing specially crafted IPv4 requests. This could allow an attacker to cause denial of service condition. A manual restart is required to recover the system.
TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack
Over 400 malicious versions of 170 packages were published as part of the new Mini Shai-Hulud campaign. The post TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack appeared first on SecurityWeek .
AI is separating the companies built to scale from the ones built to sell
Startups are scaling faster, attackers are getting smarter, and investors are getting more selective. The cybersecurity industry is in the middle of a reset. The post AI is separating the companies built to scale from the ones built to sell appeared first on CyberScoop .
Developer workstations are the new beachhead
I spent the first week of April reading three separate threat intelligence reports that, on the surface, had nothing in common. One covered a North Korean campaign that had published over 1,700 malicious packages across five open-source ecosystems. Another detailed a malware operation using a Zig-compiled binary to silently infect every IDE on a developer’s machine. The third walked through a casc
Lunar co-founder and CEO Ken Villum Klausen steps down
Ken Vullum Klausen is stepping down as CEO of Nordic challenger bank Lunar after eleven years in the role.
TransFi goes live with BizPay conversational payments
TransFi, the cross-border payments and stablecoin infrastructure company, launched BizPay’s conversational payments integration that allows small and medium-sized businesses to collect and send cross-border payments directly through WhatsApp and Telegram.
LexisNexis Risk Solutions joins European Alliance Against Illicit Financial Flows
LexisNexis Risk Solutions has joined the European Alliance Against Illicit Financial Flows, marking a significant step forward in advancing collective action to combat illicit finance and corruption across the region.
Unlimit gains access to Comviva payments gateway
Unlimit, the global growth infrastructure provider, has partnered with Comviva, a global leader in digital transformation solutions, specialising in customer experience management, data monetisation, and digital financial services, to enable simplified, reliable checkout experiences for merchants.
Malicious Hugging Face Repository Typosquats OpenAI
HiddenLayer reveals infostealer malware in a Hugging Face repository
Instructure reaches 'agreement' with ShinyHunters to stop data leak
Instructure, the edtech giant behind the widely popular Canvas learning management system (LMS), has reached an "agreement" with the ShinyHunters extortion group to prevent the data stolen in a recent breach from being leaked online. [...]
Embat secures €30 million Series B
Treasury management fintech Embat has raised €30 million from AI-focused investement fund Cathay Innovation with support from existing investors.
NVD HIGH: CVE-2026-6690 — The LifePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting ...
The LifePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'n' parameter of the lp_update_mds AJAX action in all versions up to, and including, 2.2.2. This is due to the `wp_ajax_nopriv_lp_update_mds` action being registered without nonce verification or capability checks, combined with insufficient input sanitization and output escaping when the series name is rendere
NVD HIGH: CVE-2026-2993 — The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable ...
The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4.17 due to insufficient escaping on user supplied parameters and lack of sufficient preparation on the existing SQL query in the getListForTbl() function. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing que
CISOs step into the AI spotlight
Serving in the military requires a precise, tactical mindset, and that’s exactly what Barry Hensley espoused during his 24 years in the US Army , where he rose to the rank of colonel. The military “is where you earn your stripes, showing your soldiers your willingness to jump into a foxhole and pick up a weapon,” says Hensley , CSO of Brown & Brown, an independent insurance brokerage firm. As a se
Shift4 partners with Lydian to support USDT payment acceptance
Shift4 (NYSE: FOUR), the leader in integrated payments and commerce technology, and Lydian, the global crypto and stablecoin payment platform, today announced a partnership to expand upon Shift4's "Pay with Crypto" solution, enabling Shift4's merchants to accept all digital assets, in addition to Tether (USDT), with settlement in local currency.
Why patching SLAs should be the floor, not the strategy
I’ve been a CISO for two separate companies, know several CISOs personally, and interact with many others through various cybersecurity forums. We all have one thing in common. We can tell you our patching SLA numbers off the top of our heads. Ninety-five percent of criticals closed in 14 days. Eighty-something on highs. The board slide is green. The auditors are satisfied. The client questionnair
Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages
TeamPCP, the threat actor behind the recent supply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign. The affected npm packages have been modified to include an obfuscated JavaScript file ("router_init.js") that's designed to profile the execution
South Staffordshire Water Fined £1m After Data Breach
The ICO has fined South Staffordshire Water nearly £1m for a series of data protection failings
Paymentology raises $175m
Global card issuer and processor Paymentology has raised $175 million in investment co-led by Apis Partners and Aspirity Partners.
Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak
American educational technology company Instructure, the parent company of Canvas, said it reached an "agreement" with a decentralized cybercrime extortion group after it breached its network and threatened to leak stolen information from thousands of schools and universities. In an update shared on Monday, the Utah-based firm said it "reached an agreement with the unauthorized actor involved in
State of ransomware in 2026
Kaspersky researchers are sharing insights into the main ransomware trends for 2026: EDR killers on the rise, switching from data encryption to data leaks, and more.
OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation
OpenAI has launched Daybreak, a new cybersecurity initiative that brings together frontier artificial intelligence (AI) model capabilities and Codex Security to help organizations identify and patch vulnerabilities before attackers find a way in using the same issues. "Daybreak combines the intelligence of OpenAI models, the extensibility of Codex as an agentic harness, and our partners across
Threat Actor Mr_Rot13 Actively Exploits CVE-2026-41940 for Backdoor Deployment
[object Object]
TwoWay raises €1.5m pre-seed, brings real-time intelligence to fragmented trading desks
Paris-based fintech TwoWay, led by industry leaders Chirine BenZaied-Bourgerie, David Boclé, and Guillaume Spay, aims to tackle the volume of unstructured broker communication that dominates front-office flows across institutional trading.
iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android
Apple on Monday officially released iOS 26.5 with support for end-to-end encryption (E2EE) to Rich Communication Services (RCS) in beta as part of a "cross-industry effort" to replace traditional SMS with a more secure alternative. To that end, E2EE RCS messaging is rolling out to iPhone users running iOS 26.5 with supported carriers and Android users on the latest version of Google Messages.
Missouri Regulators Claim Conduent is Stonewalling State’s Data Breach Investigation
An investigation by regulators in Missouri into the 2024 hacking incident at Conduent Business Services has stalled. The Missouri Department […] The post Missouri Regulators Claim Conduent is Stonewalling State’s Data Breach Investigation appeared first on The HIPAA Journal .
NVD HIGH: CVE-2026-7287 — ** UNSUPPORTED WHEN ASSIGNED ** A buffer overflow vulnerability in the formWep()...
** UNSUPPORTED WHEN ASSIGNED ** A buffer overflow vulnerability in the formWep(), formWlAc(), formPasswordSetup(), formUpgradeCert(), and formDelcert() functions of the “webs” binary in Zyxel NWA1100-N customized firmware version 1.00(AACE.1)C0 could allow an attacker to trigger a denial-of-service (DoS) condition by sending a crafted HTTP request to a vulnerable device.
NVD HIGH: CVE-2026-7256 — ** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the CGI pro...
** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the LAN to execute operating system (OS) commands on a vulnerable device by sending a crafted HTTP request.
Cybersicherheitsvorschriften: So erfüllen Sie Ihre Compliance-Anforderungen
Mit der Zunahme von Cyberbedrohungen steigt auch die Zahl der Compliance-Rahmenwerke. So können CISOs diese Herausforderung bewältigen. Foto: Dapitart – shutterstock.com Die Anforderungen von Cybersicherheitsvorschriften können je nach Unternehmensgröße, Region, Branche, Datensensibilität und Programmreifegrad sehr unterschiedlich sein. Ein börsennotiertes Unternehmen hat beispielsweise keine ande
NVD CRITICAL: CVE-2026-34263 — Due to improper Spring Security configuration, SAP Commerce cloud allows an unau...
Due to improper Spring Security configuration, SAP Commerce cloud allows an unauthenticated user to perform malicious configuration upload and code injection, resulting in arbitrary server-side code execution, leading to high impact on Confidentiality, Integrity, and Availability of the application.
NVD CRITICAL: CVE-2026-34260 — SAP S/4HANA (SAP Enterprise Search for ABAP) contains a SQL injection vulnerabil...
SAP S/4HANA (SAP Enterprise Search for ABAP) contains a SQL injection vulnerability that allows an authenticated attacker to inject malicious SQL statements through user-controlled input. The application directly concatenates this malicious user input into SQL queries, which are then passed to the underlying database without proper validation or sanitization. Upon successful exploitation, an attac
NVD HIGH: CVE-2026-34259 — Due to an OS Command Execution vulnerability in SAP Forecasting & Replenishment,...
Due to an OS Command Execution vulnerability in SAP Forecasting & Replenishment, an authenticated attacker with administrative authorizations could abuse a non-remote-enabled function to execute arbitrary operating system commands. Successful exploitation could allow the attacker to read or modify any system data or shut down the system, resulting in a complete compromise of confidentiality, integ
Customer Identity & Access Management: Die besten CIAM-Tools
Wir haben die besten Lösungen in Sachen Customer Identity & Access Management für Sie zusammengestellt. Jackie Niam | shutterstock.com Customer Identity & Access Management (CIAM) bildet eine Unterkategorie von Identity & Access Management ( IAM ). CIAM wird dazu eingesetzt, die Authentifizierungs- und Autorisierungsprozesse von Applikationen zu managen, die öffentlich zugänglich sind, beziehungsw
Linux kernel maintainers suggest a ‘kill switch’ to protect systems until a zero-day vulnerability is patched
Linux server admins may get the ability to turn off a vulnerable function in the OS kernel until a patch for a zero-day vulnerability is ready, if a proposal from a kernel developer and maintainer is accepted by the open source community. The idea of a kill switch for privileged operators has been suggested by Sasha Levin , a distinguished engineer at Nvidia and co-maintainer of the long-term supp
NVD HIGH: CVE-2026-8346 — A vulnerability was detected in D-Link DIR-816 1.10CNB05_R1B011D88210. This affe...
A vulnerability was detected in D-Link DIR-816 1.10CNB05_R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ip_address results in command injection. The attack can be initiated remotely. The exploit is now public and may be used.
Alipay lets shoppers delegate purchases to AI
Chinese payments giant Alipay has begun letting users authorise AI to handle payments on their behalf.
Cloudflare Cuts 1,100, Arctic Wolf Axes 250 Amid AI Surge
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/cloudflare-cuts-1100-arctic-wolf-axes-250-amid-ai-surge-image_small-1-a-31657.jpg" align=right hspace=4><b>Cloud Connectivity, Security Operations Providers Reportedly Chop 20%, 7% of Staff</b><br>Cloudflare cut more than 1,100 workers from its 5,483-person staff, saying the layoffs will align Cloudflare's operations with AI-drive
Hackers Hid Inside Major UK Water Utility for Nearly 2 Years
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/hackers-hid-inside-major-uk-water-utility-for-nearly-2-years-image_small-10-a-31656.jpg" align=right hspace=4><b>ICO Warns Key Security Gaps Led to Exposed Data of Over 630,000 People</b><br>A British regulator said a major water sector organization failed to use establish cybersecurity safeguards to secure sensitive data, allowin
Tables Turned: Gentlemen Ransomware Group Suffers Data Leak
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/tables-turned-gentlemen-ransomware-group-suffers-data-leak-image_small-4-a-31654.jpg" align=right hspace=4><b>Internal Communications Dumped Online, Revealing Fresh Victims, Repeat Tactics</b><br>Ransomware group The Gentlemen, a relative newcomer to the cybercrime scene, suffered a leak of its internal communications, revealing p
Cops Shutter Rebooted German Language Cybercrime Market
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/cops-shutter-rebooted-german-language-cybercrime-market-image_small-1-a-31652.jpg" align=right hspace=4><b>Spanish Police Bust German Accused of Relaunching 'Crimenetwork' Cybercrime Forum</b><br>Spanish police have arrested a German national suspected of a string of cybercrime offenses, including remotely administering from the s
Why Hospitals Must Rethink Cyber Resilience
In the face of relentless cyberattacks that threaten patient safety, hospitals must strengthen their resilience, with clinical continuity, secure backups and coordinated recovery emerging as critical strategies, said John Riggi of the American Hospital Association and Josh Howell of Rubrik.
Pressure mounts on Canvas as data leak extortion deadline looms
Attackers affiliated with The Com are threatening to leak data from more than 8,800 school systems if Instructure doesn’t pay a ransom. The post Pressure mounts on Canvas as data leak extortion deadline looms appeared first on CyberScoop .
Instructure claims hackers returned stolen Canvas data after an extortion standoff
ShinyHunters, a prolific cybercrime group, threatened to leak data from more than 8,800 school systems. The post Instructure claims hackers returned stolen Canvas data after an extortion standoff appeared first on CyberScoop .
NVD HIGH: CVE-2026-8345 — A security vulnerability has been detected in D-Link DIR-816 1.10CNB05_R1B011D88...
A security vulnerability has been detected in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this issue is the function sub_445E7C of the file /goform/singlePortForward. Such manipulation of the argument ip_address leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
NVD CRITICAL: CVE-2026-43914 — Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.4, t...
Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.4, there is a security vulnerability in Vaultwarden that allows bypassing the login brute-force protection if email 2fa is enabled. If email 2fa is enabled, the unprotected 2fa-function send_email_login (email.rs, api endpoint /api/two-factor/send-email-login) also acts as an oracle determining whether a username-password
NVD HIGH: CVE-2026-34963 — barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabiliti...
barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual image size computation using 32-bit arithmetic on section VirtualAddress and size values allows undersized heap allocation, and PE section loading logic fails to validate that PointerToRawData plus copied size remains within the PE file buffer
GM agrees to $12.75M California settlement over sale of drivers’ data
California Attorney General Rob Bonta announced a proposed $12.75 million settlement agreement with General Motors (GM) over allegations that the company violated the California Consumer Privacy Act (CCPA). [...]
Welcoming the Bangladesh Government to Have I Been Pwned
Today, we welcome the 43rd government onboarded to Have I Been Pwned's free gov service, Bangladesh. The BGD e-GOV CIRT department now has full access to query all their government domains via API, and monitor them against future breaches. Bangladesh joins a growing list of national governments using
NVD HIGH: CVE-2026-8344 — A weakness has been identified in D-Link DIR-816 1.10CNB05_R1B011D88210. Affecte...
A weakness has been identified in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this vulnerability is the function sub_445E7C of the file /goform/formDMZ.cgi. This manipulation causes command injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.
NVD HIGH: CVE-2026-34961 — barebox prior to version 2026.04.0 contains out-of-bounds read vulnerabilities i...
barebox prior to version 2026.04.0 contains out-of-bounds read vulnerabilities in ext4 extent parsing due to missing validation of the eh_entries field against buffer capacity in fs/ext4/ext4_common.c. Attackers can supply a malicious ext4 filesystem image via USB, SD card, or network boot to trigger heap out-of-bounds reads during boot-time filesystem parsing, potentially redirecting reads to arb
Apple Patches Everything, (Mon, May 11th)
Apple today released its typical feature update across it&#;x26;#;39;s operating systems (iOS, iPadOS, macOS, tvOS, watchOS, vision OS). With this update, Apple patched 84 different vulnerabilities. Updates are available for the "26" series of operating systems, as well as for the previous "18" version of iOS/iPadOS, and two versions back for macOS (version 14 and 15).&
Official CheckMarx Jenkins package compromised with infostealer
Checkmarx warned over the weekend that a rogue version of its Jenkins Application Security Testing (AST) plugin had been published on the Jenkins Marketplace. [...]
New GhostLock tool abuses Windows API to block file access
A security researcher has released a proof-of-concept tool named GhostLock that demonstrates how a legitimate Windows file API can be abused in attacks to block access to files stored locally or on SMB network shares. [...]
Inside AD CS Escalation: Unpacking Advanced Misuse Techniques and Tools
Unit 42 analyzes AD CS exploitation through template misconfigurations and shadow credential misuse while offering behavioral detection for defenders. The post Inside AD CS Escalation: Unpacking Advanced Misuse Techniques and Tools appeared first on Unit 42 .
The Gentlemen Ransomware Group Becomes a Victim
Ah, more drama in the cybercrime ecosystem. Matthew J. Schwartz reports: A ransomware organization is suffering an extreme case of turnabout is fair play through a data breach that splaying internal correspondence across the internet. “The Gentlemen” surfaced as a ransomware-as-a-service organization in mid-2025 with – as SOCRadar has noted – little intention of playing nic
FCC Softens Ban on Foreign-Made Routers
The Federal Communications Commission eased some restrictions and pushed back deadlines for foreign router manufacturers, but the ban is still in place.
NVD HIGH: CVE-2026-8321 — A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affect...
A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function createDevContext of the file agents-api/src/middleware/runAuth.ts of the component runAuth Middleware. Performing a manipulation results in authentication bypass using alternate channel. The attack is possible to be carried out remotely. The exploit is now public and may be used. The project was informed
Texas sues Netflix over alleged data practices that create ‘surveillance machinery’ without user consent
In addition to fines, Texas is asking a judge to prevent Netflix from illegally collecting and sharing user data and to mandate that the company no longer use autoplay by default on kids’ profiles.
Tech Can't Stop These Threats — Your People Can
Security controls can do only so much. Here are four attacks where your employees are usually your first, and only, line of cyber defense.
NVD HIGH: CVE-2026-45224 — Crabbox before 0.9.0 contains a path traversal vulnerability in the Islo provide...
Crabbox before 0.9.0 contains a path traversal vulnerability in the Islo provider's workspace path resolution that allows attackers to supply absolute or relative paths that resolve outside the intended /workspace directory. Attackers can craft a malicious .crabbox.yaml or crabbox.yaml file with traversal sequences to cause arbitrary file deletion and overwrite when sync.delete is enabled, as the
20 Leaders Who Built the CISO Era: 2 Decades of Change
As part of Dark Reading's 20th anniversary special coverage, we profile the CISOs, founders, researchers, criminals, and policymakers who rewrote the enterprise risk playbook.
TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack
Checkmarx has confirmed that a modified version of the Jenkins AST plugin was published to the Jenkins Marketplace. "If you are using Checkmarx Jenkins AST plugin, you need to ensure that you are using the version 2.0.13-829.vc72453fa_1c16 that was published on December 17, 2025 or previously," the cybersecurity company said in a statement over the weekend. As of writing, Checkmarx has released
Google Finance lands in Europe
This week, the new, AI-powered Google Finance is launching across Europe, with full local language support.
NVD CRITICAL: CVE-2026-8305 — A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element i...
A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookRequest of the file extensions/bluebubbles/src/monitor.ts of the component bluebubbles Webhook. Performing a manipulation results in improper authentication. It is possible to initiate the attack remotely. The exploit is now public and may be used. Upgrading to version 2026.2.12 i
NVD CRITICAL: CVE-2026-7210 — `xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Exp...
`xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch.
NVD HIGH: CVE-2026-45006 — OpenClaw before 2026.4.23 contains an improper access control vulnerability in t...
OpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's config.apply and config.patch operations that allows compromised models to write unsafe configuration changes by bypassing an incomplete denylist protection. Attackers can persist malicious config modifications affecting command execution, network behavior, credentials, and operator policies that surv
NVD HIGH: CVE-2026-45004 — OpenClaw before 2026.4.23 contains an arbitrary code execution vulnerability in ...
OpenClaw before 2026.4.23 contains an arbitrary code execution vulnerability in the bundled plugin setup resolver that loads setup-api.js from process.cwd() during provider setup metadata resolution. Attackers can execute arbitrary JavaScript under the current user account by placing a malicious extensions/<plugin>/setup-api.js file in a repository and convincing a user to run OpenClaw commands fr
NVD HIGH: CVE-2026-45001 — OpenClaw before 2026.4.20 contains a guard bypass vulnerability in the agent-fac...
OpenClaw before 2026.4.20 contains a guard bypass vulnerability in the agent-facing gateway config.patch and config.apply endpoints that fails to protect operator-trusted settings including sandbox policy, plugin enablement, gateway auth/TLS, hook routing, MCP server configuration, SSRF policy, and filesystem hardening. A prompt-injected model with access to the owner-only gateway tool can persist
NVD HIGH: CVE-2026-44995 — OpenClaw before 2026.4.20 contains an improper environment variable validation v...
OpenClaw before 2026.4.20 contains an improper environment variable validation vulnerability in MCP stdio server configuration that allows attackers to execute arbitrary code. Malicious workspace configurations can pass dangerous startup variables like NODE_OPTIONS, LD_PRELOAD, or BASH_ENV to spawned MCP server processes, enabling code injection when operators start sessions using those servers.
NVD HIGH: CVE-2026-44413 — In JetBrains TeamCity before 2026.1 2025.11.5 authenticated users could expose s...
In JetBrains TeamCity before 2026.1 2025.11.5 authenticated users could expose server API to unauthorised access
NVD HIGH: CVE-2026-43640 — Bitwarden Server prior to v2026.4.1 does not require master-password re-authenti...
Bitwarden Server prior to v2026.4.1 does not require master-password re-authentication when retrieving or rotating an organization's SCIM API key, allowing an authenticated user with SCIM management privileges to obtain the key using only a valid session.
NVD CRITICAL: CVE-2026-43639 — Bitwarden Server prior to v2026.4.0 contains a missing authorization vulnerabili...
Bitwarden Server prior to v2026.4.0 contains a missing authorization vulnerability that allows a provider service user to add an arbitrary organization to their provider via `POST /providers/{providerId}/clients/existing`, resulting in takeover of the target organization; self-hosted installations are unaffected as this endpoint is restricted to Cloud via SelfHosted(NotSelfHostedOnly = true).
NVD CRITICAL: CVE-2026-42858 — Open edX Platform enables the authoring and delivery of online learning at any s...
Open edX Platform enables the authoring and delivery of online learning at any scale. The sync_provider_data endpoint in SAMLProviderDataViewSet allows authenticated Enterprise Admin users to supply an arbitrary URL via the metadata_url POST parameter. This URL is passed directly to requests.get() in fetch_metadata_xml() without any URL validation, IP filtering, or scheme enforcement. An attacker
NVD HIGH: CVE-2026-3609 — Wellbia's XIGNCODE3 xhunter1.sys kernel driver Privilege Escalation Vulnerabilit...
Wellbia's XIGNCODE3 xhunter1.sys kernel driver Privilege Escalation Vulnerability provides access to IRP_MJ_REITS command interface, which allows any user process to request a PROCESS_ALL_ACCESS. Cross reference to KVE 2023-5589 (https://krcert.or.kr)
cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor
A threat actor named Mr_Rot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor codenamed Filemanager on compromised environments. The attack exploits CVE-2026-41940, a vulnerability impacting cPanel and WebHost Manager (WHM) that could result in an authentication bypass and allow remote attackers to gain elevated control of the control
Visa unveils Tap to Confirm tech
Visa has introduced technology lets people verify their identity or activate a new card by tapping their physical card to their mobile inside the issuer’s banking app.
Visa unveils Tap to Confirm ID tech
Visa has introduced technology lets people verify their identity or activate a new card by tapping their physical card to their mobile inside the issuer’s banking app.
Frame Security Emerges From Stealth With $50M for Awareness and Training Platform
Team8, Index Ventures, Picture Capital, Elad Gil, Cerca Partners, and Tesonet invested in Frame Security. The post Frame Security Emerges From Stealth With $50M for Awareness and Training Platform appeared first on SecurityWeek .
March 2026 Healthcare Data Breach Report
In March 2026, 44 healthcare data breaches affecting 500 or more individuals were reported to the HHS’ Office for Civil […] The post March 2026 Healthcare Data Breach Report appeared first on The HIPAA Journal .
FCC pushes ban on security updates for foreign-made routers, drones to 2029
The router deadline, originally slated for March 1, 2027, has been pushed back to at least January 1, 2029, according to the announcement from the FCC’s Office of Engineering and Technology (OET).
IFast Global Bank enables QR code payments in partnership with Ant International
iFAST Global Bank (“the Bank”) today announced the launch of Worldwide Scan & Pay, a cross-border QR code payment feature powered by Alipay+, the unified wallet gateway of Ant International.
Telr gets physical with Geidea POS
Telr, a licensed Payments Acquirer operating under the Central Bank of the UAE’s regulations, is pleased to announce a strategic partnership with Geidea, a key player in the UAE’s fintech ecosystem.
Gresham integrates wih FundGuard investment accounting
Gresham, a leading provider of Enterprise Data Management (EDM) solutions and services to global markets, has announced a strategic partnership with FundGuard, the cloud-native, AI-enabled investment accounting platform.
NVD CRITICAL: CVE-2026-44643 — Angular Expressions provides expressions for the Angular.JS web framework as a s...
Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to 1.5.2, an attacker can write a malicious expression using filters that escapes the sandbox to execute arbitrary code on the system. This vulnerability is fixed in 1.5.2.
NVD CRITICAL: CVE-2026-42608 — Grav is a file-based Web platform. Prior to 2.0.0-beta.2, there is a Path Traver...
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, there is a Path Traversal vulnerability within the FormFlash core component. By manipulating the session_id (passed as __form-flash-id in POST requests), an unauthenticated attacker can traverse the filesystem to create arbitrary directories and write an index.yaml file containing attacker-controlled data. This vulnerability can lead to una
NVD HIGH: CVE-2026-34092 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wiki...
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Skin/Skin.Php. This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.
NVD HIGH: CVE-2026-34091 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wiki...
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.
NVD HIGH: CVE-2026-34090 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wiki...
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation CheckUser. This issue affects CheckUser: from 1.45.0 before 1.45.2.
NVD HIGH: CVE-2026-34088 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wiki...
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This issue affects MediaWiki: from * before 1.43.7, 1.44.4, 1.45.2.
NVD HIGH: CVE-2026-34087 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wiki...
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation OATHAuth. This issue affects OATHAuth: from * before 1.43.7, 1.44.4, 1.45.2.
Thousands of DICOM servers exposed due to shameful lack of basic security measures
From the way-too-slow-learning-curve dept. Steve Alder reports: Healthcare organizations are exposing a vast amount of patient data by failing to implement even basic security measures for DICOM servers, according to a recent Trend Micro TrendAI analysis. TrendAI identified thousands of internet-facing DICOM servers belonging to hundreds of entities. The lack of security protections puts patient..
Augustus gets OCC conditional approval to build clearing bank for AI era
Fintech Augustus has secured conditional approval to charter what it claims will be the first clearing bank for the AI era.
Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation
Google on Monday disclosed that it identified an unknown threat actor using a zero-day exploit that it said was likely developed with an artificial intelligence (AI) system, marking the first time the technology has been put to use in the wild in a malicious context for vulnerability discovery and exploit generation. The activity is said to be the work of cybercrime threat actors who appear to
Instructure confirms hackers used Canvas flaw to deface portals
Education technology giant Instructure has confirmed that a security vulnerability allowed hackers to modify Canvas login portals and leave an extortion message. [...]
TrickMo Variant Routes Android Trojan Traffic Through TON
ThreatFabric finds new TrickMo Android banking trojan variant routing C2 through The Open Network
'Dirty Frag' Exploit Poised to Blow Up on Enterprise Linux Distros
The privilege escalation vulnerability, which is similar to other Linux flaws like Copy Fail and Dirty Pipe, may already be under limited exploitation.
Rushed Patches Follow Broken Embargo on New Linux Kernel Vulnerabilities
Two new high-severity vulnerabilities, dubbed ’Dirty Frag’ when chained, have been found in the Linux kernel, affecting most Linux distributions
Circle unveils Agent Stack
Circle Internet Group, Inc. today announced the launch of Circle Agent Stack, a new set of services and tools designed for the agentic economy, including products that help enable agents as autonomous economic actors.
Why we use CAPTCHAs, (Mon, May 11th)
A few months ago, I implemented Cloudflare&#;x26;#;39;s Turnstile CAPTCHA on some pages. The reason for implementing these CAPTCHAs is obvious: Bots make up a large percentage of traffic and affect site performance.
NVD HIGH: CVE-2026-4802 — A flaw was found in Cockpit. This vulnerability allows a remote attacker to achi...
A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface (UI). An attacker can inject shell metacharacters and command substitutions into these parameters, leading to the execution of arbitrary shell commands on the affected
AWS targets AI agent payments
Amazon Web Services has teamed up with Stripe and Coinbase to enable AI agents to autonomously access and pay for MCP servers, web content, and other agents.
Build Application Firewalls Aim to Stop the Next Supply Chain Attack
Rather than scanning code alone, Build Application Firewalls inspect runtime behavior inside the software build pipeline. The post Build Application Firewalls Aim to Stop the Next Supply Chain Attack appeared first on SecurityWeek .
Fake Claude Code Page Pushes PowerShell Stealer at Devs
Ontinue uncovers fake Claude Code installer pushing PowerShell stealer abusing Chrome's IElevator2
GTIG AI Threat Tracker: Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access
<div class="block-paragraph_advanced"><h3><span style="vertical-align: baseline;">Executive Summary</span></h3> <p><span style="vertical-align: baseline;">Since our </span><a href="https://cloud.google.com/blog/topics/threat-intelligence/distillation-experimentation-integration-ai-adversarial-use"><span style="text-decoration: underline; vertical-align: baseline;">February 2026 report</span></a><s
Bringing AI Code Security into Qualys ETM
A first-class data model for the next generation of findings AI-driven code security is becoming a real category. Anthropic’s Claude Code Security and OpenAI’s Codex Security are the leading examples, and more will follow. These tools reason about source code at a depth that traditional SAST cannot reach, surfacing logic flaws, broken authentication patterns, hardcoded […]
Why Changing Passwords Doesn’t End an Active Directory Breach
Resetting a password doesn't always remove attackers from Active Directory. Specops Software explains how cached credentials and Kerberos tickets can keep attackers authenticated after a reset. [...]
Dun & Bradstreet to share risk data with Anthropic's Claude
Dun & Bradstreet announced that it will collaborate with Anthropic to bring D&B risk data directly inside Claude to speed up businesses’ onboarding and compliance work.
Restive Ventures raises $45 million for AI-native fintech fund
Restive Ventures, the early-stage venture firm, announced the close of its third fund, Restive Fund III, with $45 million in committed capital, reinforcing its conviction in a new category of AI-native financial services companies reshaping the global financial system.
University Centre Leeds opens applications for new fintech degree
A brand new degree, designed to equip learners with the future-ready skills needed to thrive in FinTech, one of the fastest-growing global sectors, is starting in September 2026 at University Centre Leeds.
Lyrie.ai Joins First Batch of Anthropic’s Cyber Verification Program
Dubai-founded OTT Cybersecurity LLC also unveils the Agent Trust Protocol (ATP), the first open cryptographic standard for AI agent identity, scope, and action verification — slated for IETF submission. OTT Cybersecurity LLC, the company behind Lyrie.ai, today announced two milestones that together position the company as foundational infrastructure for the agentic AI era: acceptance into Anthropi
Google Detects First AI-Generated Zero-Day Exploit
The zero-day was designed to bypass 2FA and it was developed by a prominent cybercrime group. The post Google Detects First AI-Generated Zero-Day Exploit appeared first on SecurityWeek .
Google: Hackers used AI to develop zero-day exploit for web admin tool
Researchers at Google Threat Intelligence Group (GTIG) say that a zero-day exploit targeting a popular open-source web administration tool was likely generated using AI. [...]
Hackers Use AI for Exploit Development, Attack Automation
Cyber adversaries have long used AI, but now attackers are using large language models to develop exploits and orchestrate complex attacks.
Hackers Observed Using AI to Develop Zero-Day for the First Time
Google Threat Intelligence Group details how cybercriminals attempted to launch a campaign based around an AI-developed Zero-Day targeting open-source software
Google spotted an AI-developed zero-day before attackers could use it
Researchers found artifacts in the code that proved AI was heavily involved. A prominent cybercrime group planned to exploit the zero-day en masse for financial gain. The post Google spotted an AI-developed zero-day before attackers could use it appeared first on CyberScoop .
Google discovers weaponized zero-day exploits created with AI
The Google Threat Intelligence Group (GTIG) today released evidence of a zero-day exploit developed by a cybercriminal group with the help of AI. It marks the first time the security research group has identified what it believes to be an AI-crafted zero-day exploit in the wild. While evidence of threat actors using AI models for vulnerability research and discovery has existed for some time, inst
Final Countdown: Last Chance to Join the Rapid7 Global Cybersecurity Summit
The Rapid7 2026 Global Cybersecurity Summit is just around the corner, and with it, a final opportunity to join the conversations shaping how security teams are adapting to a rapidly changing landscape. Over the past few weeks, we’ve shared a preview of what to expect, from the sessions and speakers to the themes running across the agenda. What has become increasingly clear is how closely these to
UK water company allowed hackers to lurk undetected for nearly two years, regulator finds
The Information Commissioner's Office (ICO) fined South Staffordshire Water £963,900 ($1.3 million) on Monday over an attack by the Cl0p ransomware group that led to the personal data of 633,887 customers and employees being published in August 2022.
⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
Rough Monday. Somebody poisoned a trusted download again, somebody else turned cloud servers into public housing, and a few crews are still getting into boxes with bugs that should’ve died years ago — the same old holes, same lazy access paths, same “how the hell is this still open” feeling. One report this week basically reads like a guy tripped over root access by accident and decided to stay
Total Payments moves into business banking
A UK payments provider is extending into offering business bank accounts as it looks to help small firms streamline their financial workings.
Dirty Frag: Linux kernel hit by second major security flaw in two weeks
The issue was found in the same area of the Linux kernel that produced last month’s Copy Fail bug, and also allows anyone with a basic account on an affected computer to seize full administrative control.
Korea’s child rights agency data mishandling exposes a lot of sensitive and personal info
Jung Da-hyun reports: A recent data breach at the National Center for the Rights of the Child (NCRC), exposing sensitive personal records of adoptees, is drawing criticism from overseas adoptee groups and raising questions about the agency’s credibility. The breach, which the NCRC said occurred between April 30 and May 2, came to light when... Source
Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads
A malicious Hugging Face repository posing as an OpenAI release delivered infostealer malware to Windows systems and logged 244,000 downloads before being removed, raising fresh concerns about how enterprises source and validate AI models from public repositories. The repository, named Open-OSS/privacy-filter, impersonated OpenAI’s legitimate Privacy Filter release, copied its model card almost wo
New ‘Dirty Frag’ exploit targets Linux kernel for root access
A newly disclosed Linux privilege escalation issue dubbed “Dirty Frag” is giving attackers a cleaner path to post-compromise escalation to root privileges. According to Microsoft, a couple of vulnerabilities constituting the issue, affecting Linux kernel networking and memory-fragment handling components, are already seeing active exploitation in the wild. The exploitation attempts look indistingu
Broadridge goes in to full production of agentic AI
Broadridge Financial Solutions (NYSE: BR) today announced that its agentic AI capabilities — software that autonomously analyzes, prioritizes, and resolves operational exceptions without constant human instruction — are live in production, spanning capital markets and wealth management workflows.
Skoda Data Breach Hits Online Shop Customers
Using a vulnerability in the portal, hackers accessed names, addresses, email addresses, and phone numbers. The post Skoda Data Breach Hits Online Shop Customers appeared first on SecurityWeek .
Your Purple Team Isn't Purple — It's Just Red and Blue in the Same Room
Defending a network at 2 am looks a lot like this: an analyst copy-pasting a hash from a PDF into a SIEM query. A red team script is being rewritten by hand so the blue team can use it. A patch waiting on a change-approval window that's longer than the exploitation window itself. Nobody in that chain is incompetent. Every human is doing their job correctly. The problem is the system, its
Cloudflare Lays Off 1,100 Employees in AI-Driven Restructuring
The company topped revenue and earnings forecasts for the first quarter of 2026, but its shares plunged more than 20%. The post Cloudflare Lays Off 1,100 Employees in AI-Driven Restructuring appeared first on SecurityWeek .
LLMs and Text-in-Text Steganography
Turns out that LLMs are really good at hiding text messages in other text messages.
Santander seeks companies with the best solutions in quantum computing and artificial intelligence
Banco Santander has launched Santander X Global Challenge | The Quantum AI Leap, a new global challenge developed in collaboration with IBM, Bluzec and Oxentia Foundation.
US: FCC Relaxes Foreign-Made Router Ban to Allow for Security Updates
The same extension applies to security updates shipped to US-based users of foreign-made drones
Lloyds study explores the benefits of digital tools to help people make the most of their finances
Digital tools that enable financial empowerment by supporting consumers to take control of their financial lives could unlock £100billion for households over the next decade, according to new research commissioned and published by Lloyds Banking Group.
SailPoint Discloses GitHub Repository Hack
The incident occurred on April 20 and did not affect customer data in the company’s production and staging environments. The post SailPoint Discloses GitHub Repository Hack appeared first on SecurityWeek .
MAS to train AI on live bank account data to combat financial crime
Singapore's central bank is to collate live account data from across five of the nation's largest banks to build accurate AI/ML models that help identify higher-risk transactions and accounts.
BBVA appoints Jürgen von der Lehr as head of german digital bank
With extensive experience in banking, strategy, digital transformation, and business development, Jürgen von der Lehr joins as Head of BBVA’s Digital Bank in Germany, reporting directly to Murat Kalkan, Global Head of Digital Banks.
LSEG adds Open Risk Analytics to Models‑as‑a‑Service marketplace
LSEG today announced that Open Risk Analytics, an offering within its Post Trade Solutions business, is now available via its Models‑as‑a‑Service (MaaS) marketplace, expanding client access to quantitative risk models.
NVD HIGH: CVE-2026-40636 — Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to...
Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to filesystem access for attacker.
NVD CRITICAL: CVE-2026-35157 — Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to...
Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to remote execution.
NVD HIGH: CVE-2026-32658 — Dell Automation Platform versions prior to 2.0.0.0, contains a missing authoriza...
Dell Automation Platform versions prior to 2.0.0.0, contains a missing authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.
ShinyHunters Escalates Canvas Extortion with School by School Ransom Campaign
ShinyHunters has escalated its Canvas extortion campaign, defacing hundreds of school login pages and threatening to leak stolen data unless institutions negotiate
The missing cybersecurity leader in small business
As AI and quantum threats target the backbone of the American economy, Washington must provide the guidance and incentives necessary for SMBs to access executive-level cyber expertise. The post The missing cybersecurity leader in small business appeared first on CyberScoop .
AI security is repeating endpoint security’s biggest mistake
The security industry is experiencing déjà vu, and most teams haven’t recognized it yet. If you were in the trenches during the early 2000s, you remember the antivirus arms race. IT teams buried under signature updates. Configuration baselines checked obsessively. Patch cycles treated as the primary defense. Meanwhile, attackers pivoted. They wrote malware that matched no known signature and walke
Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack
A malicious version of the plugin was published to the Jenkins Marketplace late last week. The post Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack appeared first on SecurityWeek .
US Bank taps AWS for cloud migration and AI deployment
US Bank is to migrate hundreds of mission-critical banking applications to AWS as part of a strategy to upskill the workforce and advance the deployment of arttificial intelligence.
CommBank selects FIS to streamline reconciliations
Global financial technology leader FIS (NYSE: FIS) has been selected by the Commonwealth Bank of Australia (CommBank), the nation's largest bank, to streamline reconciliations through FIS Data Integrity Manager.
OMS embeds Twenty7tec Adapt to keep track of panel product changes
One Mortgage System (OMS), the CRM and loan origination platform for intermediaries and lenders, has announced that Twenty7tec’s ADAPT solution is now fully integrated into its platform, with the functionality live and available to users immediately.
TrickMo Android banker adopts TON blockchain for covert comms
A new variant of the TrickMo Android banking malware, delivered in campaigns targeting users across Europe, introduces new commands and uses The Open Network (TON) for stealthy command-and-control communications. [...]
8 guiding principles for reskilling the SOC for agentic AI
At DXC Technology, global CISO Mike Baker has established one of the largest agentic security operation centers (SOCs) in the world. To upskill the workforce as part of this journey, he embedded experts from agentic SOC vendor 7AI within his security teams. When Damon McDougald , global cybersecurity services lead at Accenture, wanted to retrain his team for agentic AI, the first thing he did was
Zara Data Breach Impacts Nearly 200,000 Customers
ShinyHunters gets away with emails and other data on 200,000 Zara customers
1,800+ MCP servers exposed without authentication: How zero trust can secure the AI agent revolution
We find ourselves teetering upon a precipice of our own unwitting construction, and the vertiginous depth of our collective negligence ought to give every security practitioner profound pause. In our headlong rush to deploy AI agents across enterprise environments, we have erected an infrastructure so thoroughly unfortified that it beggars belief. The Model Context Protocol, which Anthropic unveil
UK BaaS platform Keel emerges from stealth
Keel, a UK-based Banking-as-a-Service provider, is emerging from two years in stealth, having already reached profitability.
Eyes wide open: How to mitigate the security and privacy risks of smart glasses
Smart glasses allow anyone to track and record the world around them. That could put your data and the privacy of those nearby at risk.
5 HIPAA Compliance Tips for Medical Office Managers
Medical office managers sit at the center of every operational workflow in a small or mid‑sized practice. They are the […] The post 5 HIPAA Compliance Tips for Medical Office Managers appeared first on The HIPAA Journal .
Canvas System Is Online After a Cyberattack Disrupted Thousands of Schools
Tens of thousands of students studying for final exams around the world have regained access to a key online learning system after a cyberattack had earlier knocked it offline. The post Canvas System Is Online After a Cyberattack Disrupted Thousands of Schools appeared first on SecurityWeek .
NVD HIGH: CVE-2026-43500 — In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also...
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpc_input_call_event() and the RESPONSE handler in rxrpc_verify_response() copy the skb to a linear one before calling into the security ops only when skb_cloned() is true. An skb that is not cloned but still carries externally-o
New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks
Also called Copy Fail 2 and tracked as CVE-2026-43284 and CVE-2026-43500, the exploit was disclosed before a patch was released. The post New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks appeared first on SecurityWeek .
Police Shut Relaunched Crimenetwork Dark Web Marketplace
Spanish police have arrested the suspected administrator of German dark web marketplace Crimenetwork
OpenLoop Health Data Breach Affects 716,000 Individuals
On March 24, 2026, The HIPAA Journal reported on a data breach at the telehealth platform provider Open Loop Health […] The post OpenLoop Health Data Breach Affects 716,000 Individuals appeared first on The HIPAA Journal .
Resurrected ‘Crimenetwork’ Marketplace Taken Down, Administrator Arrested
The second iteration of the German-speaking online crime marketplace had over 22,000 users and more than 100 sellers. The post Resurrected ‘Crimenetwork’ Marketplace Taken Down, Administrator Arrested appeared first on SecurityWeek .
Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads
A malicious Hugging Face repository managed to take a spot in the platform's trending list by impersonating OpenAI's Privacy Filter open-weight model to deliver a Rust-based information stealer to Windows users. The project, named Open-OSS/privacy-filter, masqueraded as its legitimate counterpart, released by OpenAI late last month (openai/privacy-filter), including copying the entire
NVD HIGH: CVE-2026-8273 — A weakness has been identified in D-Link DNS-320 2.06B01. This impacts the funct...
A weakness has been identified in D-Link DNS-320 2.06B01. This impacts the function cgi_set_host/cgi_set_ntp/cgi_fan_control/cgi_merge_user of the file /cgi-bin/system_mgr.cgi. This manipulation causes os command injection. It is possible to initiate the attack remotely.
NVD HIGH: CVE-2026-8272 — A security flaw has been discovered in D-Link DNS-320 2.06B01. This affects the ...
A security flaw has been discovered in D-Link DNS-320 2.06B01. This affects the function delete/rename/copy/move/chmod/chown of the file /cgi-bin/webfile_mgr.cgi. The manipulation results in os command injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
NVD HIGH: CVE-2026-8271 — A vulnerability was identified in D-Link DNS-320 2.06B01. The impacted element i...
A vulnerability was identified in D-Link DNS-320 2.06B01. The impacted element is the function cgi_speed/cgi_dhcpd_lease/cgi_ddns/cgi_set_ip/cgi_upnp_del/cgi_dhcpd/cgi_upnp_add/cgi_upnp_edit of the file /cgi-bin/network_mgr.cgi. The manipulation leads to os command injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
TanStack Npm Packages Compromised Inside The Mini Shai Hulud Supply Chain Attack
On May 11, 2026, the Mini Shai-Hulud worm compromised 84 npm package artifacts across 42 @tanstack/* packages (as well as @squawk/*, @mistralai/* packages, and others) by chaining a GitHub Actions "Pwn Request," cache poisoning, and OIDC token extraction from runner memory — producing the first npm supply chain attack with valid SLSA Build Level 3 attestations. Here's what happened, what was stole
NVD HIGH: CVE-2026-8265 — A security vulnerability has been detected in Tenda AC6 15.03.06.23. Affected by...
A security vulnerability has been detected in Tenda AC6 15.03.06.23. Affected by this issue is the function get_log_file of the file /goform/getLogFile of the component httpd. The manipulation of the argument wans.flag leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
NVD HIGH: CVE-2026-8264 — A weakness has been identified in Tenda AC6 15.03.06.23. Affected by this vulner...
A weakness has been identified in Tenda AC6 15.03.06.23. Affected by this vulnerability is the function formWifiApScan of the file /goform/WifiApScan of the component httpd. Executing a manipulation of the argument wl2g.public.country/wl5g.public.country can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be us
Over 500 Organizations Hit in Years-Long Phishing Campaign
Victims span across the aviation, critical infrastructure, energy, logistics, public administration, and technology sectors. The post Over 500 Organizations Hit in Years-Long Phishing Campaign appeared first on SecurityWeek .
NVD CRITICAL: CVE-2026-8263 — A security flaw has been discovered in Tenda AC6 15.03.06.49_multi_TDE01. Affect...
A security flaw has been discovered in Tenda AC6 15.03.06.49_multi_TDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipulation of the argument mac/ssid results in os command injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
NVD HIGH: CVE-2026-8260 — A vulnerability was found in D-Link DCS-935L up to 1.10.01. The impacted element...
A vulnerability was found in D-Link DCS-935L up to 1.10.01. The impacted element is the function SetDeviceSettings of the file /web/cgi-bin/hnap/hnap_service of the component HNAP Service. The manipulation of the argument AdminPassword results in buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.
NVD HIGH: CVE-2026-8259 — A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected elemen...
A vulnerability has been found in Tenda AC6 2.0/15.03.06.23. The affected element is an unknown function of the file /goform/telnet of the component httpd. The manipulation of the argument lan.ip leads to os command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
Welcoming the Costa Rican Government to Have I Been Pwned
Today, we welcome the 42nd government onboarded to Have I Been Pwned’s free gov service: Costa Rica. The CSIRT of the Government of Costa Rica now has access to monitor government domains against the data in HIBP. This enables their national cybersecurity incident response team to identify exposure
Commerzbank to axe 3000 jobs as it fends off UniCredit takeover
Germany's Commerzbank says it will cut 3000 jobs as it steps up investment in AI and fends off a takeover effort from Italy's UniCredit.
Weekly Update 503
Well, it's the day before the Instructure "pay or leak" deadline (at least by my Aussie watch), and the company remains removed from the ShinyHunters website. In its place sits a press statement that amounts to "we're not making any statements". So
YARA-X 1.16.0 Release, (Sun, May 10th)
YARA-X&#;x26;#;39;s 1.16.0 release brings 4 improvements and 4 bugfixes.
A government contractor hired twin brothers who were convicted felons. A year later, they regretted it.
In May 2015, DataBreaches reported that on April 30, 2015, the Department of Justice had announced the indictment of twin brothers Muneeb and Sohaib Akhter of Virginia. The twins. who were 23 years old, were indicted on charges of aggravated identity theft, conspiracy to commit wire fraud, conspiracy to access a protected computer without authorization,... Source
A government contractor hired twin brothers who were convicted felons. A year later, it regretted it.
In May 2015, DataBreaches reported that on April 30, 2015, the Department of Justice had announced the indictment of twin brothers Muneeb and Sohaib Akhter of Virginia. The twins. who were 23 years old, were indicted on charges of aggravated identity theft, conspiracy to commit wire fraud, conspiracy to access a protected computer without authorization,... Source
Hackers abuse Google ads, Claude.ai chats to push Mac malware
Attackers are abusing Google Ads and legitimate Claude.ai shared chats in an active malvertising campaign. Users searching for "Claude mac download" may come across sponsored search results that list claude.ai as the target website, but lead to instructions that install malware on their Mac. [...]
page_inject: CVE-2026-31431-killed page-cache exploit — code exec into containers sharing the same image layer
[object Object]
Police shut down reboot of Crimenetwork marketplace, arrest admin
German authorities have shut down a relaunch version of the criminal marketplace 'Crimenetwork' that generated more than 3.6 million euros, and arrested its operator. [...]
NVD HIGH: CVE-2022-50944 — Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authentic...
Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with source=add_post parameter, and the uploaded files are executed by the server.
NVD HIGH: CVE-2021-47949 — CyberPanel 2.1 contains a command execution vulnerability that allows authentica...
CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute remote code by exploiting symlink attacks through the filemanager controller endpoint. Attackers can manipulate the completeStartingPath parameter in POST requests to /filemanager/controller to create symbolic links, read sensitive files like database credentials, and e
NVD HIGH: CVE-2021-47945 — Argus Surveillance DVR 4.0 contains an unquoted service path vulnerability in th...
Argus Surveillance DVR 4.0 contains an unquoted service path vulnerability in the DVRWatchdog service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious executable in the Program Files directory to be executed with LocalSystem privileges when the service starts.
NVD HIGH: CVE-2021-47944 — memono Notepad 4.2 contains a denial of service vulnerability that allows attack...
memono Notepad 4.2 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character buffers into note fields. Attackers can generate a payload containing 350000 repeated characters and paste it twice into a new note to trigger an application crash on iOS devices.
NVD HIGH: CVE-2021-47943 — TextPattern CMS 4.8.7 contains a remote code execution vulnerability that allows...
TextPattern CMS 4.8.7 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by uploading malicious PHP files through the file upload functionality. Attackers can upload a PHP shell via the Files section in the content area and execute commands by accessing the uploaded file at /textpattern/files/ with GET parameters passed to the system fu
NVD HIGH: CVE-2021-47941 — WordPress Plugin Survey & Poll 1.5.7.3 contains an SQL injection vulnerability t...
WordPress Plugin Survey & Poll 1.5.7.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wp_sap cookie parameter. Attackers can craft SQL payloads in the cookie to extract sensitive database information including usernames, passwords, and other confidential data from the WordPress database.
NVD CRITICAL: CVE-2021-47940 — WordPress Plugin Download From Files version 1.48 and earlier contains an arbitr...
WordPress Plugin Download From Files version 1.48 and earlier contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting the AJAX fileupload action. Attackers can send POST requests to the admin-ajax.php endpoint with the download_from_files_617_fileupload action, manipulating the allowExt parameter to bypass file type restrictions
NVD HIGH: CVE-2021-47939 — Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows a...
Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by injecting PHP code into module parameters. Attackers can send POST requests to /manager/index.php with malicious PHP code in the 'post' parameter to create modules that execute arbitrary commands when invoked.
NVD HIGH: CVE-2021-47938 — ImpressCMS 1.4.2 contains a remote code execution vulnerability in the autotasks...
ImpressCMS 1.4.2 contains a remote code execution vulnerability in the autotasks administrative interface that allows authenticated attackers to execute arbitrary PHP code by injecting malicious code into the sat_code parameter. Attackers can authenticate, submit a POST request to /modules/system/admin.php?fct=autotasks&op=mod with crafted sat_code containing PHP commands, which creates an executa
NVD HIGH: CVE-2021-47937 — e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authen...
e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions to execute arbitrary commands by uploading malicious theme files. Attackers can upload a crafted theme package through the theme.php endpoint that deploys a web shell to the e107_themes directory, then execute system commands via the payload.php script.
NVD CRITICAL: CVE-2021-47936 — OpenCATS 0.9.4 contains a remote code execution vulnerability that allows unauth...
OpenCATS 0.9.4 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by uploading malicious PHP files disguised as resume attachments. Attackers can upload PHP payloads through the careers job application endpoint and execute system commands via POST requests to the uploaded file in the upload directory.
NVD HIGH: CVE-2021-47935 — Sentry 8.2.0 contains a remote code execution vulnerability that allows authenti...
Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint with base64-encoded compressed pickle payloads in the data field to achieve code execution with applicati
NVD CRITICAL: CVE-2021-47933 — WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that ...
WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the REST API endpoint. Attackers can upload PHP files with arbitrary names to the config_file endpoint to achieve remote code execution on the server.
NVD CRITICAL: CVE-2021-47932 — WordPress TheCartPress 1.5.3.6 contains an unauthenticated privilege escalation ...
WordPress TheCartPress 1.5.3.6 contains an unauthenticated privilege escalation vulnerability that allows attackers to create administrator accounts by submitting crafted requests to the AJAX handler. Attackers can send POST requests to the tcp_register_and_login_ajax action with tcp_role set to administrator to gain full administrative access without authentication.
NVD HIGH: CVE-2021-47930 — Balbooa Joomla Forms Builder 2.0.6 contains an unauthenticated SQL injection vul...
Balbooa Joomla Forms Builder 2.0.6 contains an unauthenticated SQL injection vulnerability in the form submission handler that allows remote attackers to execute arbitrary SQL queries. Attackers can send POST requests to the com_baforms component with malicious JSON payloads in the 'id' field parameter to extract sensitive database information.
NVD HIGH: CVE-2021-47928 — Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability that...
Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the product_id parameter. Attackers can craft malicious SQL queries using time-based or content-based blind injection techniques to enumerate usernames, emails, and password reset codes from the oc_user table.
NVD CRITICAL: CVE-2021-47923 — OpenCart 3.0.3.8 contains a session fixation vulnerability that allows attackers...
OpenCart 3.0.3.8 contains a session fixation vulnerability that allows attackers to hijack user sessions by injecting arbitrary values into the OCSESSID cookie. Attackers can set malicious OCSESSID cookie values that the server accepts and maintains, enabling session takeover and unauthorized access to user accounts.
Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak
Cybersecurity researchers have disclosed a critical security vulnerability in Ollama that, if successfully exploited, could allow a remote, unauthenticated attacker to leak its entire process memory. The out-of-bounds read flaw, which likely impacts over 300,000 servers globally, is tracked as CVE-2026-7482 (CVSS score: 9.1). It has been codenamed Bleeding Llama by Cyera. Ollama is a
NVD HIGH: CVE-2026-8234 — A security vulnerability has been detected in EFM ipTIME A8004T 14.18.2. This vu...
A security vulnerability has been detected in EFM ipTIME A8004T 14.18.2. This vulnerability affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument security_5g leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but d
NVD HIGH: CVE-2026-45186 — In libexpat before 2.8.1, the computational complexity of attribute name collisi...
In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.
NVD HIGH: CVE-2026-7263 — In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, DOMNode::C14N() meth...
In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, DOMNode::C14N() method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial of service in the processing application.
NVD CRITICAL: CVE-2026-6104 — In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, when an encoding nam...
In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mb_convert_encoding() or related mbstring functions, the code incorrectly assumes that when strncasecmp() returns 0 it means the strings have the same length. This can lead to out-of-bounds read of global memory, potentially causing a crash or information disclosure or cra
NVD HIGH: CVE-2026-8230 — A flaw has been found in Wavlink NU516U1 240425. The impacted element is the fun...
A flaw has been found in Wavlink NU516U1 240425. The impacted element is the function sys_login1 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure.
NVD HIGH: CVE-2026-8229 — A vulnerability was detected in Wavlink NU516U1 240425. The affected element is ...
A vulnerability was detected in Wavlink NU516U1 240425. The affected element is the function WifiBasic of the file /cgi-bin/wireless.cgi. Performing a manipulation of the argument AuthMethod/EncrypType results in os command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure.
NVD HIGH: CVE-2026-8228 — A security vulnerability has been detected in Wavlink NU516U1 240425. Impacted i...
A security vulnerability has been detected in Wavlink NU516U1 240425. Impacted is the function advance of the file /cgi-bin/wireless.cgi. Such manipulation of the argument wlan_conf/Channel/skiplist/ieee_80211h leads to os command injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure.
NVD HIGH: CVE-2026-8227 — A weakness has been identified in Wavlink NU516U1 240425. This issue affects the...
A weakness has been identified in Wavlink NU516U1 240425. This issue affects the function wzdapMesh of the file /cgi-bin/adm.cgi. This manipulation causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure.
NVD HIGH: CVE-2026-8226 — A security flaw has been discovered in Open5GS up to 2.7.7. This vulnerability a...
A security flaw has been discovered in Open5GS up to 2.7.7. This vulnerability affects the function ogs_pcc_rule_install_flow_from_media in the library /lib/proto/types.c. The manipulation results in denial of service. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report b
NVD HIGH: CVE-2026-8225 — A vulnerability was identified in Open5GS up to 2.7.7. This affects the function...
A vulnerability was identified in Open5GS up to 2.7.7. This affects the function pcf_npcf_smpolicycontrol_handle_delete of the file src/pcf/sm-sm.c of the component delete Endpoint. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not
NVD HIGH: CVE-2026-7568 — In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, a...
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the metaphone() function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If a string longer than 2,147,483,647 bytes is passed, a signed integer overflow occurs, resulting in undefined behavior. This can lead to an out-of-bounds read,
NVD HIGH: CVE-2026-7262 — In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, a...
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of missing value element. This leads to dereferences a NULL pointer, causing a segmentation fault. This allows a remote unauthenticated attacker to crash the PHP SOAP serv
NVD CRITICAL: CVE-2026-7261 — In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, a...
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when SoapServer is configured with SOAP_PERSISTENCE_SESSION, the handler object is persisted across requests via session storage. However, in the case SOAP requests results in an error, the persistance is handled incorrectly, resulting in freeing the object while keeping a pointer to it, which ma
NVD HIGH: CVE-2026-7258 — In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, a...
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, some functions, including urldecode(), pass signed char to ctype functions (like isxdigit()). On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - this can lead to accessing array with negative offset, which can trigger a denial of service.
NVD CRITICAL: CVE-2026-6722 — In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, a...
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains duplicate keys, processing the second entry overwrites the first in the temporary result map, freeing the original PHP o
NVD CRITICAL: CVE-2025-14179 — In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, a...
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a string token containing a NUL byte is copied via strncat(), which stops at the NUL byte, dropping the closing quote and causing subsequent SQL tokens to be interpreted as p
NVD HIGH: CVE-2026-8224 — A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is...
A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function pcf_sess_set_ipv6prefix of the file /src/pcf/context.c of the component PCF. Executing a manipulation of the argument SmPolicyContextData.ipv6AddressPrefix can lead to denial of service. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor w
NVD HIGH: CVE-2026-8223 — A vulnerability was found in Open5GS up to 2.7.7. Affected by this vulnerability...
A vulnerability was found in Open5GS up to 2.7.7. Affected by this vulnerability is the function pcf_sess_sbi_discover_and_send of the component sm-policies Endpoint. Performing a manipulation results in denial of service. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has
NVD HIGH: CVE-2026-8222 — A vulnerability has been found in Open5GS up to 2.7.7. Affected is the function ...
A vulnerability has been found in Open5GS up to 2.7.7. Affected is the function pcf_nbsf_management_handle_register of the file src/pcf/nbsf-handler.c of the component sm-policies Endpoint. Such manipulation leads to denial of service. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issu
CVE-2026-44843: One Chat Message Steals Your Credentials. Then It Gets Worse!
[object Object]
NVD HIGH: CVE-2026-42606 — AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to vers...
AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the ApplyXForwarded middleware unconditionally trusts the client-supplied X-Forwarded-Host HTTP header with no trusted proxy allowlist. An unauthenticated attacker can poison the password reset URL sent to any user by injecting this header when triggering the forgot-password flow. When the victim clicks the
NVD CRITICAL: CVE-2026-42601 — ArchiveBox is an open source self-hosted web archiving system. In versions 0.8.6...
ArchiveBox is an open source self-hosted web archiving system. In versions 0.8.6rc0 and prior, the /add/ endpoint (AddView in core/views.py) accepts a config JSON field that gets merged into the crawl config without validation. This config is exported as environment variables when archive plugins run, allowing injection of arbitrary tool arguments to achieve RCE. At time of publication, there are
NVD HIGH: CVE-2026-41893 — Signal K Server is a server application that runs on a central hub in a boat. Pr...
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.25.0, the HTTP login endpoints (POST /login and POST /signalk/v1/auth/login) are protected by express-rate-limit (default: 100 attempts per 10-minute window, configurable via HTTP_RATE_LIMITS). The WebSocket login path — sending {login: {username, password}} messages over an established WebSocket conne
JDownloader site hacked to replace installers with Python RAT malware
The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows and Linux installers, with the Windows payload found deploying a Python-based remote access trojan. [...]
NVD HIGH: CVE-2026-8192 — A security flaw has been discovered in Wavlink NU516U1 M16U1_V240425. This vulne...
A security flaw has been discovered in Wavlink NU516U1 M16U1_V240425. This vulnerability affects the function wzdap of the file /cgi-bin/adm.cgi. Performing a manipulation of the argument EncrypType/wl_Pass is directly passed by the attacker/so we can control the EncrypType/wl_Pass results in os command injection. The attack may be initiated remotely. The exploit has been released to the public an
NVD HIGH: CVE-2026-8191 — A vulnerability was identified in Wavlink NU516U1 M16U1_V240425. This affects th...
A vulnerability was identified in Wavlink NU516U1 M16U1_V240425. This affects the function wifi_region of the file /cgi-bin/adm.cgi. Such manipulation of the argument skiplist1/skiplist2 leads to os command injection. The attack can be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.
NVD HIGH: CVE-2026-8190 — A vulnerability was determined in Wavlink NU516U1 M16U1_V240425. Affected by thi...
A vulnerability was determined in Wavlink NU516U1 M16U1_V240425. Affected by this issue is the function wan of the file /cgi-bin/adm.cgi. This manipulation of the argument ppp_username/ppp_passwd/rwan_ip/rwan_mask/rwan_gateway is directly passed by the attacker/so we can control the ppp_username/ppp_passwd/rwan_ip/rwan_mask/rwan_gateway causes os command injection. The attack can be initiated remo
NVD HIGH: CVE-2026-8189 — A vulnerability was found in Wavlink NU516U1 M16U1_V240425. Affected by this vul...
A vulnerability was found in Wavlink NU516U1 M16U1_V240425. Affected by this vulnerability is the function wzdrepeater of the file /cgi-bin/adm.cgi. The manipulation of the argument wlan_bssid/sel_Automode/sel_EncrypTyp results in os command injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclos
NVD HIGH: CVE-2026-8188 — A vulnerability has been found in Wavlink NU516U1 M16U1_V240425. Affected is the...
A vulnerability has been found in Wavlink NU516U1 M16U1_V240425. Affected is the function change_wifi_password of the file /cgi-bin/adm.cgi. The manipulation of the argument wl_channel/wl_Pass/EncrypType leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure.
Fake OpenAI repository on Hugging Face pushes infostealer malware
A malicious Hugging Face repository that reached the platform's trending list impersonated OpenAI's "Privacy Filter" project to deliver information-stealing malware to Windows users. [...]
NVD HIGH: CVE-2026-8186 — A vulnerability was detected in Open5GS up to 2.7.7. This affects the function o...
A vulnerability was detected in Open5GS up to 2.7.7. This affects the function ogs_sbi_client_send_via_scp_or_sepp in the library lib/sbi/client.c of the component NF. Performing a manipulation results in out-of-bounds read. The attack is possible to be carried out remotely. The patch is named d5bc487fcf9ea87d2b03f2ef95123af344773bfb. It is suggested to install a patch to address this issue.
NVD HIGH: CVE-2026-8187 — A flaw has been found in Open5GS up to 2.7.7. This impacts the function _gtpv1_u...
A flaw has been found in Open5GS up to 2.7.7. This impacts the function _gtpv1_u_recv_cb of the file src/upf/gtp-path.c of the component UPF. Executing a manipulation can lead to resource consumption. The attack may be performed from remote. The project was informed of the problem early through an issue report but has not responded yet.
Dirty Frag: Using the Page Caches as an Attack Surface
Dirty Frag is a Linux local privilege escalation (LPE) chain published on May 7, 2026. It combines two previously unknown kernel vulnerabilities can allow an unprivileged local user to escalate to root on many major Linux distributions. As of May 8, 2026, CVE-2026-43284 had been patched in mainline Linux, while public reporting indicated that CVE-2026-43500 […]
cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now
cPanel has released updates to address three vulnerabilities in cPanel and Web Host Manager (WHM) that could be exploited to achieve privilege escalation, code execution, and denial-of-service. The list of vulnerabilities is as follows - CVE-2026-29201 (CVSS score: 4.3) - An insufficient input validation of the feature file name in the "feature::LOADFEATUREFILE" adminbin call that could result
NVD HIGH: CVE-2026-42311 — Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0...
Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This issue has been patched in version 12.2.0.
NVD HIGH: CVE-2026-42461 — Arcane is an interface for managing Docker containers, images, networks, and vol...
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.18.0, four GET endpoints under /api/templates* in Arcane's Huma backend are registered without any Security requirement, allowing any unauthenticated network client to list and read the full Compose YAML and .env content of every custom template stored in the instance. Because Arcane's UI expos
NVD HIGH: CVE-2026-42297 — Argo Workflows is an open source container-native workflow engine for orchestrat...
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the Sync Service's ConfigMap-backed provider (server/sync/sync_cm.go) performs zero authorization checks on all CRUD operations (create, read, update, delete). Any authenticated user — including those using fake Bearer tokens — can create, rea
NVD HIGH: CVE-2026-42294 — Argo Workflows is an open source container-native workflow engine for orchestrat...
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, the Webhook Interceptor loads the entire request body into memory before authenticating the request or verifying its signature. This occurs on the /api/v1/events/ endpoint, which is publicly accessible (albeit intended for webhooks). An attacker can s
NVD HIGH: CVE-2026-6666 — A possible null pointer reference in PgBouncer before 1.25.2 could lead to a cra...
A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE field.
NVD CRITICAL: CVE-2026-6665 — The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strl...
The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat() correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long nonce can trigger a stack overflow.
Missouri Alleges Conduent is Stonewalling State on Hack
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/missouri-alleges-conduent-stonewalling-state-on-hack-image_small-2-a-31645.jpg" align=right hspace=4><b>State Insurance Officials Seeking Details About Service Firm's Mega Data Breach</b><br>Missouri regulators are widening their investigation into the 204 hacking incident at Conduent Business Services, alleging that the company h
ISMG Editors: The Battle Over Access to Frontier AI Models
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/ismg-editors-battle-over-access-to-frontier-ai-models-image_small-10-a-31644.jpg" align=right hspace=4><b>Also: Washington's AI Policy Divide, FDA's Push for AI-Driven Clinical Trials</b><br>In this week's panel, four ISMG editors discussed the battle over who gets to access powerful AI cybersecurity models, policy issues unfoldin
Water System Hack Shows Potential, And Limits, of AI Attacks
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/water-system-hack-shows-potential-limits-ai-attacks-image_small-10-a-31647.jpg" align=right hspace=4><b>AI-Developed Attack Tooling Generated 'High-Volume, Noisy Workflows'</b><br>A hacker used Claude and Chat GPT in a cyberattack against a municipal water and sewage utility's operational technology systems in Mexico in January, a
US Senator Presses CISA on Election Security Rollbacks
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/us-senator-presses-cisa-on-election-security-rollbacks-image_small-6-a-31646.jpg" align=right hspace=4><b>Top Democrat Warns States Are Losing Federal Cyber Defense Support</b><br>A top U.S, Senate Democrat decried shrinking federal support for election security ahead of the November midterms, warning that cuts to the Cybersecurit
Friday Squid Blogging: Giant Squid Live in the Waters of Western Australia
Evidence of them has been found by analyzing DNA in the seawater. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.
Five new holes, one exploited, found in Ivanti Endpoint Manager Mobile
The five new vulnerabilities discovered in Ivanti’s on-premises mobile endpoint management solution are a “classic example of the legacy trap” that CSOs must avoid, says an expert. “Patch today to survive the weekend,” said Robert Enderle of the Enderle Group, “but start planning your exit from legacy MDM as soon as possible.” He was commenting on an advisory issued Thursday by Ivanti about the di
NVD CRITICAL: CVE-2026-44694 — n8n-MCP is an MCP server that provides AI assistants access to n8n node document...
n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. From version 2.18.7 to before version 2.50.2, there is an authenticated server-side request forgery vulnerability affecting the webhook trigger tools, the n8n API client (N8N_API_URL), and per-request URLs supplied via the x-n8n-url header in multi-tenant HTTP mode. This issue has bee
ShinyHunters Claims Second Attack Against Instructure
The edtech company is struggling to wrest control from its hackers. PII belonging to hundreds of millions of people is on the line.
Kraken parent Payward files for national trust charter
We have filed an application with the Office of the Comptroller of the Currency (“OCC”) for a national trust company charter. If approved, the application would establish Payward National Trust Company (“PNTC”), which would provide fiduciary custody and other services primarily for digital assets.
GM to pay over $12 million in California privacy settlement involving driver data
The settlement, announced by California officials Friday, is the largest fine issued under the California Consumer Privacy Act (CCPA) in its more than five-year history.
Kingdom Market administrator given 16-year sentence
Slovakian national Alan Bill, 33, pleaded guilty in January to a conspiracy to distribute controlled substances charge after admitting to his role in running Kingdom Market — a platform used by drug dealers and cybercriminals between March 2021 and December 2023.
'Dirty Frag' Gives Root on Linux Distros
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/dirty-frag-gives-root-on-linux-distros-image_small-10-a-31641.jpg" align=right hspace=4><b>No Patches Yet Available, After Third Party Published Vulnerability Details</b><br>Security researchers have discovered a new, critical flaw in the Linux kernel that attackers can exploit to gain root access. No patches are yet available to
Metasploit Wrap-Up 05/08/2026
Spring cleanup This week’s Metasploit updates focused on foundational improvements and expanded target reach. Key enhancements were made to the recently released Copy Fail exploit module, which now benefits from payload fixes in linux/x64/exec and linux/armle/exec. These changes expand its capability, enabling the use of the cmd/unix/python/meterpreter/reverse_tcp payload on x64 targets and introd
Virginia man found guilty of deleting 96 government databases
A Virginia man was convicted on federal charges Thursday after a jury found him guilty of deleting 96 government databases and stealing an individual’s password, leading their email account to be accessed without permission.
TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms
Threat hunters have flagged a previously undocumented Brazilian banking trojan dubbed TCLBANKER that's capable of targeting 59 banking, fintech, and cryptocurrency platforms. The activity is being tracked by Elastic Security Labs under the moniker REF3076. The malware family is assessed to be a major update of the Maverick, which is known to leverage a worm called SORVEPOTEL to spread via
Canvas E-Learning Platform Breached by Cybercriminals
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/canvas-e-learning-platform-breached-by-cybercriminals-image_small-6-a-31639.jpg" align=right hspace=4><b>Ransomware Group ShinyHunters' Victims: Schools, Universities, Ambulance Service</b><br>The Canvas learning management system with over 30 million active K-12 and higher-education student and teacher users worldwide has been br
ECB president Lagarde questions case for euro stablecoins
European Central Bank president Christine Lagarde has poured cold water on euro-denominated stablecoins, arguing that they are not an effective way of strengthening the currency's international appeal.
Insider Betting on Polymarket
Insider trading is rife on Polymarket: Analysis by the Anti-Corruption Data Collective, a non-profit research and advocacy group, found that long-shot bets—defined as wagers of $2,500 or more at odds of 35 percent or less—on the platform had an average win rate of around 52 percent in markets on military and defense actions. That compares with a win rate of 25 percent across all poli
Codat launches advisory platform bringing real-time data and AI solutions to commercial banks
After nearly a decade building the data infrastructure connecting financial institutions to their business customers, Codat today announced the launch of a strategic repositioning and a new advisory intelligence platform purpose-built for commercial and business banks.
Bitget launches Scan to Pay for instant payments via USDT
Bitget, the world’s largest Universal Exchange (UEX), has introduced its Scan to Pay feature on Bitget Pay, enabling users to spend USDT directly at offline merchants by scanning QR codes through the Bitget App.
Marqeta names Lukasz Strozek CTO
Marqeta, Inc. (NASDAQ: MQ), the modern card issuing platform, today announced the appointment of Lukasz Strozek as the Company’s Chief Technology Officer, effective May 18, 2026.
CISA Launches Initiative to Improve Critical Infrastructure Resilience During Geopolitical Conflicts
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has announced a new initiative aimed at improving critical infrastructure cyber resilience […] The post CISA Launches Initiative to Improve Critical Infrastructure Resilience During Geopolitical Conflicts appeared first on The HIPAA Journal .
Sen. Schumer seeks DHS plan on AI cyber coordination with state, local governments
The Senate’s top Democrat is worried about smaller government entities being left behind as AI models advance hacking risks. The post Sen. Schumer seeks DHS plan on AI cyber coordination with state, local governments appeared first on CyberScoop .
NVIDIA confirms GeForce NOW data breach affecting Armenian users
NVIDIA has confirmed in a statement for BleepingComputer that GeForce NOW user information has been exposed in a data breach. [...]
Multiple universities forced to reschedule final exams after Canvas cyber incident
On Thursday, dozens of students took to social media to say they saw a message from a cybercriminal group as they navigated through Canvas, an educational platform created by Instructure that hosts teaching materials, tests, readings and more.
One in eight UK workers has sold their company passwords, and bosses think it’s fine
One in eight UK workers admits to selling their company login credentials - or knowing someone who has - in the past 12 months. The really alarming bit? Their bosses are even more relaxed about it. Read more in my article on the Fortra blog.
NVD HIGH: CVE-2026-44498 — ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, Zebra's ...
ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, Zebra's block validator undercounts transparent signature operations against the 20000-sigop block limit (MAX_BLOCK_SIGOPS), allowing it to accept blocks that zcashd rejects with bad-blk-sigops. A miner who produces such a block can split the network: Zebra nodes follow the offending chain while zcashd nodes do not. This issue
NVD CRITICAL: CVE-2026-44497 — ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0 an...
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0 and prior to zebra-script version 6.0.0, the fix for CVE-2026-41583 introduced a separate issue due to insufficient error handling of the case where the sighash type is invalid, during sighash computation. Instead of returning an error, the normal flow would resume, and the input sighash buffer would be left untouched. I
NVD HIGH: CVE-2026-41588 — RELATE is a web-based courseware package. Prior to commit 2f68e16, there is a ti...
RELATE is a web-based courseware package. Prior to commit 2f68e16, there is a timing attack vulnerability in course/auth.py — check_sign_in_key(). This issue has been patched via commit 2f68e16.
NVD HIGH: CVE-2026-41584 — ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 an...
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-chain version 6.0.2, Orchard transactions contain a rk field which is a randomized validating key and also an elliptic curve point. The Zcash specification allows the field to be the identity (a "zero" value), however, the orchard crate which is used to verify Orchard proofs would panic when fed a rk w
NVD CRITICAL: CVE-2026-41583 — ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 an...
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-script version 5.0.2, after a refactoring, Zebra failed to validate a consensus rule that restricted the possible values of sighash hash types for V5 transactions which were enabled in the NU5 network upgrade. Zebra nodes could thus accept and eventually mine a block that would be considered invalid by
NVD CRITICAL: CVE-2026-41574 — Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.49...
Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.49.1, Nhost automatically links an incoming OAuth identity to an existing Nhost account when the email addresses match. This is only safe when the email has been verified by the OAuth provider. Nhost's controller trusts a profile.EmailVerified boolean that is set by each provider adapter. The vulnerability is that severa
NVD HIGH: CVE-2026-38361 — An issue in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote att...
An issue in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dash_uploader/httprequesthandler.py, dash_uploader/upload.py in the Upload function and max_file_size parameter, dash_uploader/configure_upload.py components
NVD HIGH: CVE-2025-67486 — Dolibarr is an enterprise resource planning (ERP) and customer relationship mana...
Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. Versions 22.0.2 and earlier contains an authenticated remote code execution vulnerability in the user extrafields functionality. User-controlled input from the "computed value" field is passed to PHP's `eval()` function without adequate sanitization, allowing authenticated administrators
Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads
Cybersecurity researchers have discovered fraudulent apps on the official Google Play Store for Android that falsely claimed to offer access to call histories for any phone number, only to trick users into joining a subscription that provided fake data and incurred financial loss. The 28 apps have collectively racked up more than 7.3 million downloads, with one of them alone accounting for over
Eltropy appoints Kavitha Nalla CFO
Eltropy, the leading agentic AI platform for credit unions and community banks, today announced the appointment of Kavitha Nalla as Chief Financial Officer.
Inside Department 4: Russia’s secret school for hackers
Most universities have a careers fair. At Bauman Moscow State Technical University, however, an elite group of students appear to have something rather more unusual: a direct pipeline into some of the world's most notorious state-sponsored hacking groups. Read more in my article on the Hot for Security blog.
In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner
Other noteworthy stories that might have slipped under the radar: US gov targets 72-hour patch cycles, malware uses Windows Phone Link to steal OTPs, spy operation targets Eurasian drone industry. The post In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner appeared first on SecurityWeek .
Coinbase hit by 7-hour outage
Coinbase has blamed an issue at an Amazon Web Services data centre for a seven-hour outage at the cryptocurrency exchange.
Healthcare Organizations Exposing Patient Data Via Poorly Secured DICOM Servers
Healthcare organizations are exposing a vast amount of patient data by failing to implement even basic security measures for DICOM […] The post Healthcare Organizations Exposing Patient Data Via Poorly Secured DICOM Servers appeared first on The HIPAA Journal .
NVD HIGH: CVE-2026-44340 — PraisonAI is a multi-agent teams system. Prior to version 4.6.37, the _safe_extr...
PraisonAI is a multi-agent teams system. Prior to version 4.6.37, the _safe_extractall helper that all recipe pull, recipe publish, and recipe unpack flows route through validates each archive member's name for absolute paths, .. segments, and resolved-path escape — but does not validate member.linkname, does not reject symlink/hardlink members, and calls tar.extractall(dest_dir) without filter="d
NVD CRITICAL: CVE-2026-44336 — PraisonAI is a multi-agent teams system. Prior to version 4.6.34, PraisonAI's MC...
PraisonAI is a multi-agent teams system. Prior to version 4.6.34, PraisonAI's MCP (Model Context Protocol) server (praisonai mcp serve) registers four file-handling tools by default — praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and praisonai.workflow.show. Each accepts a path or filename string from MCP tools/call arguments and joins it onto ~/.praison/rules/ (or, for wor
NVD CRITICAL: CVE-2026-44335 — PraisonAI is a multi-agent teams system. Prior to version 1.6.32, the URL checki...
PraisonAI is a multi-agent teams system. Prior to version 1.6.32, the URL checking logic in PraisonAI has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. This issue has been patched in version 1.6.32.
NVD CRITICAL: CVE-2026-41509 — CROSS implementation contains reference and optimized implementations of the CRO...
CROSS implementation contains reference and optimized implementations of the CROSS post-quantum signature algorithm. Prior to commit fc6b7e7, there is a buffer overflow in crypto_sign_open() caused by an underflow of the integer mlen. This issue has been patched via commit fc6b7e7.
NVD HIGH: CVE-2026-41506 — go-git is an extensible git implementation library written in pure Go. Prior to ...
go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 and 6.0.0-alpha.2.
NVD HIGH: CVE-2026-41493 — YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vul...
YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions. This issue has been patched in version 0.9.42.
NVD HIGH: CVE-2026-39816 — The optional extension component TinkerpopClientService is missing the Restricte...
The optional extension component TinkerpopClientService is missing the Restricted annotation with the Execute Code Required Permission in Apache NiFi 2.0.0-M1 through 2.8.0. The TinkerpopClientService supports configuration of ByteCode Submission for the Script Submission Type, enabling Groovy Script execution in the service prior to submitting the query. The missing Restricted annotation allows u
Why More Analysts Won’t Solve Your SOC’s Alert Problem
Attackers move faster than overwhelmed SOC teams can realistically investigate alerts. Prophet Security breaks down how AI can help analysts investigate alerts faster and focus on real threats. [...]
ShinyHunters claims nearly 9,000 schools affected by Canvas data breach
The group that stole data from Instructure users claims that it will release the data of students from nearly 9,000 education institutions around the country. The post ShinyHunters claims nearly 9,000 schools affected by Canvas data breach appeared first on CyberScoop .
Trellix source code breach claimed by RansomHouse hackers
The attack on the Trellix source code repository disclosed last week has been claimed by the RansomHouse threat group, which leaked a small set of images as proof of the intrusion. [...]
NVD HIGH: CVE-2025-66467 — Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows use...
Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates a new bucket with the same name, the previous owners can gain unauthorized read and write access to it by using the previously generated access and secret keys. Users are recommended to upgrade to Apache CloudStack versions 4.20.3.0 or
NVD HIGH: CVE-2022-50994 — DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command inje...
DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection vulnerability in the CGI login handler that allows unauthenticated remote attackers to execute arbitrary commands by injecting shell metacharacters into the formpassword parameter. Attackers can exploit unsanitized input passed to the otp_check.sh script to achieve remote code execution with web server privileges
Pro-Ukraine BO Team and Head Mare hackers appear to team up in attacks against Russia
Researchers at Moscow-based cybersecurity firm Kaspersky said they identified overlapping infrastructure and tools used by both groups — including command-and-control systems operating on the same compromised host — suggesting some coordination.
Flaw in Claude’s Chrome extension allowed ‘any’ other plugin to hijack victims’ AI
Agentic AI is more popular than ever, but researchers keep finding trivial ways to hijack LLMs for nefarious purposes. The post Flaw in Claude’s Chrome extension allowed ‘any’ other plugin to hijack victims’ AI appeared first on CyberScoop .
Cyber Espionage Group Targets Aviation Firms to Steal Map Data
The campaign quietly compromises aerospace and drone operators to exfiltrate GIS files, terrain models, and GPS data and gain a clear picture of adversaries' world view.
Remote Code Execution in GitHub.com and GitHub Enterprise Server (CVE-2026-3854)
[object Object]
One size does not fit all — sometimes, victims probably should pay ransom
DataBreaches posted the following opinion piece on LinkedIn this morning in my Dissent Doe, PhD account: Last night, Canvas was restored, and the Instructure leak site listing was removed from the threat actors’ leak site. The listing is still not on the leak site as of this morning. Given ShinyHunters’ practices, this usually indicates that... Source
Zero Chaos: Scaling Detection Engineering at the Speed of Software, with Detection As Code
Every engineering team in your organization ships code through a pipeline. They branch, test, review, and deploy. If something breaks, they roll back. If someone asks "what changed?", the answer is in the commit history. This isn't heroic discipline to process; it's just how software gets built. Now think about how your detection engineering team works. Rules get written in a UI. Maybe copied and
CISA gives feds four days to patch Ivanti flaw exploited as zero-day
CISA has given U.S. federal agencies four days to secure their networks against a high-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) exploited in zero-day attacks. [...]
Inside Starling: A conversation with group CRO Keith Algie
Appointed in March 2026, Algie joins Starling from ANZ, where he spent 15 years, most recently serving as group chief compliance officer. Speaking to Finextra as part of a new CXO interview series, he outlines how approaches to risk must evolve, from reactive oversight to proactive, design-led systems.
Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants
The hackers gained the ability to modify equipment operational parameters, creating a direct risk to the public water supply. The post Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants appeared first on SecurityWeek .
Claude in Chrome is taking orders from the wrong extensions
Anthropic Claude’s Chrome browser extension, known as Claude in Chrome, has a bug that can allow other malicious extensions to hijack it, compromising trusted AI workflows. Researchers at LayerX Security have warned that Claude’s overly trusted browser communication flows can be abused to inject scripts that can potentially hijack the assistant’s capabilities and manipulate browsing sessions. Laye
Unlimit partners with Decentro to boost cross-border payments in India
Unlimit, the global financial infrastructure platform, today announced that Decentro, India’s leading fintech enabler, has integrated the platform’s universal operating layer to extend its cross-border payment capabilities into new markets and payment methods.
AI Firm Braintrust Prompts API Key Rotation After Data Breach
Hackers accessed one of the company’s AWS accounts and compromised AI provider secrets stored in Braintrust. The post AI Firm Braintrust Prompts API Key Rotation After Data Breach appeared first on SecurityWeek .
Australian Cyber Security Centre Issues Alert Over ClickFix Attacks
ACSC warns over a campaign targeting organizations which uses ClickFix to deliver Vidar infostealer malware
Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise
A previously undocumented Linux implant codenamed Quasar Linux RAT (QLNX) is targeting developers' systems to establish a silent foothold as well as facilitate a broad range of post-compromise functionality, such as credential harvesting, keylogging, file manipulation, clipboard monitoring, and network tunneling. "QLNX targets developers and DevOps credentials across the software supply chain,"
Sui announces RedotPay-powered Slush card for digital assets
Blockchain platform Sui’s Slush Card will be a credit card for digital asset payments powered by stablecoin payments fintech RedotPay.
Cyberattack Hits Canvas System Used by Thousands of Schools as Finals Loom
A system that thousands of schools and universities use went offline due to a cyberattack, creating chaos as students tried to study for finals. The post Cyberattack Hits Canvas System Used by Thousands of Schools as Finals Loom appeared first on SecurityWeek .
Zara data breach exposed personal information of 197,000 people
Hackers who gained access to the databases of Spanish fast-fashion retailer Zara stole data belonging to more than 197,000 customers, according to data breach notification service Have I Been Pwned. [...]
One Missed Threat Per Week: What 25M Alerts Reveal About Low-Severity Risk
The dark secret of enterprise security operations is that defenders have quietly institutionalized the practice of not looking. This is not just anecdotal, but rather backed by a recent report investigating more than 25 million security alerts, including informational and low-severity, across live enterprise environments. The dataset behind these findings includes 10 million monitored
City of London calls UK tech firms to set up digital verification network
The City of London Corporation has called for support from UK tech firms for a digital verification network to combat fraud.
Hematology Oncology Consultants; Southcoast Health; Cunningham Prosthetic Care Announce Data Breaches
Data breaches have recently been announced by Hematology Oncology Consultants in Michigan, Cunningham Prosthetic Care in Maine, and Southcoast Health […] The post Hematology Oncology Consultants; Southcoast Health; Cunningham Prosthetic Care Announce Data Breaches appeared first on The HIPAA Journal .
Your CTEM program is probably ignoring MCP. Here’s how to fix it
Model Context Protocol (MCP) is the connective tissue of modern AI tooling and has quietly become one of the most significant blind spots in modern security programs. Like shadow IT before it, shadow AI — especially as it relates to MCP risk — introduces a new class of exposures that security teams lack adequate tooling to see and address. Integrating MCP risks into a Continuous Threat Exposure Ma
Mastercard launches SME resilience programme in MENA
Mastercard has launched Built Small. Moving Strong, a regional resilience program designed to support small and medium-sized enterprises (SMEs) as they navigate a challenging operating environment marked by supply chain disruption and tightening financial conditions.
Sri Lanka makes 37 arrests as it raids another scam centre
You don't need to live near a scam compound for it to wreck your life. Americans lost $5.8 billion to crypto investment scams last year alone - and a raid in Sri Lanka this month shows exactly how the operations behind them keep finding new places to hide. Read more in my article on the Hot for Security blog.
NVD HIGH: CVE-2026-7330 — The Auto Affiliate Links plugin for WordPress is vulnerable to Stored Cross-Site...
The Auto Affiliate Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.8.8 This is due to insufficient input sanitization on the 'url' POST parameter in the aal_url_stats_save_action() function and a complete absence of output escaping in aal_display_clicks(), where the stored value is echoed directly into an anchor element's href attribute a
NVD HIGH: CVE-2026-5127 — The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Members...
The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to Deserialization of Untrusted Data in versions up to, and including, 4.3.1 This is due to insufficient input validation and type checking on the wpuf_files parameter during form submission, combined with unconditional deserialization via maybe_unserialize() w
Pen tests show AI security flaws far more severe than legacy software bugs
Penetration tests of AI-based systems are revealing a greater percentage of high-risk flaws than those discovered in legacy systems. Security consultancy Cobalt’s annual State of Pentesting Report reveals that 32% of all AI and large language model (LLM) findings are rated as high risk — nearly 2.5 times the rate (13%) of severe flaws found in enterprise security tests more generally. LLM vulnerab
PCPJack Campaign Boots TeamPCP Off Compromised Machines
SentinelOne believes the PCPJack campaign may be the brainchild of a former TeamPCP member
Your refresh plan has a CVE blind spot
The conversation is straightforward, but the problem behind it is not. The customer bought servers in 2017 and typically refresh every five to six years. Generally, around the 2022 to 2023 timeframe, they would have looked to buy new. Historically, that is what would have happened. But COVID hit, and there were supply chain constraints during COVID. The original end-of-life notice that would have
Former govt contractor convicted for wiping dozens of federal databases
A 34-year-old Virginia man was found guilty of conspiring to destroy dozens of government databases after getting fired from his job as a federal contractor. [...]
New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials
Cybersecurity researchers have disclosed details of a new Linux backdoor named PamDOORa that's being advertised on the Rehub Russian cybercrime forum for $1,600 by a threat actor called "darkworm." The backdoor is designed as a Pluggable Authentication Module (PAM)-based post-exploitation toolkit that enables persistent SSH access by means of a magic password and specific TCP port combination.
‘PCPJack’ Worm Removes TeamPCP Infections, Steals Credentials
The malware framework targets web applications and cloud environments, including AWS, Docker, Kubernetes, and more. The post ‘PCPJack’ Worm Removes TeamPCP Infections, Steals Credentials appeared first on SecurityWeek .
NVD CRITICAL: CVE-2013-10075 — Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The...
Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DB_File will create a session that does not exist. This can lead to sessions being revived, potentially with data that was to be deleted.
CVE-2025-68670: discovering an RCE vulnerability in xrdp
During a security assessment of Kaspersky USB Redirector, we discovered CVE-2025-68670: a pre-auth RCE in the xrdp server component. Project maintainers promptly patched the vulnerability.
Ransomware Group Takes Credit for Trellix Hack
RansomHouse has published several screenshots to demonstrate access to internal Trellix services. The post Ransomware Group Takes Credit for Trellix Hack appeared first on SecurityWeek .
Another Universal Linux Local Privilege Escalation (LPE) Vulnerability: Dirty Frag, (Fri, May 8th)
Less than two weeks after the public disclosure of the Copy Fail vulnerability (CVE-2026-31431), another local privilege escalation (LPE) vulnerability in the Linux kernel has been revealed. Referred to as "Dirty Frag," this vulnerability was discovered and reported by Hyunwoo Kim (@v4bel) [1]. In this diary, I will provide a brief background on Dirty Frag, and discuss its relations
New Linux 'Dirty Frag' zero-day gives root on all major distros
A new Linux zero-day vulnerability, named Dirty Frag, allows local attackers to gain root privileges on most major Linux distributions with a single command. [...]
Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover
Lax extension permissions and improper trust implementation allow attackers to inject prompts in the Claude Chrome extension. The post Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover appeared first on SecurityWeek .
Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks
CVE-2026-6973 is a high-severity vulnerability that allows an attacker who has admin privileges to execute arbitrary code. The post Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks appeared first on SecurityWeek .
NVD HIGH: CVE-2026-8138 — A vulnerability was found in Tenda CX12L 16.03.53.12. This issue affects the fun...
A vulnerability was found in Tenda CX12L 16.03.53.12. This issue affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg”. The manipulation results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.
NVD HIGH: CVE-2026-8137 — A vulnerability has been found in Totolink X5000R 9.1.0u.6369_B20230113. This vu...
A vulnerability has been found in Totolink X5000R 9.1.0u.6369_B20230113. This vulnerability affects the function sub_458E40 of the file /boafrm/formDdns. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions
Details have emerged about a new, unpatched local privilege escalation (LPE) vulnerability impacting the Linux kernel. Dubbed Dirty Frag, it has been described as a successor to Copy Fail (CVE-2026-31431, CVSS score: 7.8), a recently disclosed LPE flaw impacting the Linux kernel that has since come under active exploitation in the wild. The vulnerability was reported to Linux kernel maintainers
Ivanti: We are aware of a very limited number of customers exploited with CVE-2026-6973. Successful exploitation requires Admin authentication.
[object Object]
NVD HIGH: CVE-2026-8133 — A security vulnerability has been detected in zyx0814 FilePress up to 2.2.0. Aff...
A security vulnerability has been detected in zyx0814 FilePress up to 2.2.0. Affected by this vulnerability is an unknown functionality of the file dzz/shares/admin.php of the component Shares Filelist API. Such manipulation of the argument order leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The name of the patch is e20ec58414
NVD HIGH: CVE-2026-8132 — A weakness has been identified in CodeAstro Leave Management System 1.0. Affecte...
A weakness has been identified in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /login.php. This manipulation of the argument txt_username causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
NVD HIGH: CVE-2026-8131 — A security flaw has been discovered in SourceCodester SUP Online Shopping 1.0. T...
A security flaw has been discovered in SourceCodester SUP Online Shopping 1.0. This impacts an unknown function of the file /admin/replymsg.php. The manipulation of the argument msgid results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
NVD HIGH: CVE-2026-8130 — A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. This a...
A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. This affects an unknown function of the file /admin/message.php. The manipulation of the argument seenid leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
NVD HIGH: CVE-2026-8129 — A vulnerability was determined in SourceCodester SUP Online Shopping 1.0. The im...
A vulnerability was determined in SourceCodester SUP Online Shopping 1.0. The impacted element is an unknown function of the file wishlist.php. Executing a manipulation of the argument delwlistid can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
NVD CRITICAL: CVE-2026-43944 — electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ft...
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From versions 3.0.6 to before 3.8.15, electerm is vulnerable to arbitrary local code execution via deep links, CLI --opts, or crafted shortcuts. Exploit requires clicking a crafted electerm://... link or opening a crafted shortcut/command that launches electerm with attacker-controlled opts. This issue has be
NVD HIGH: CVE-2026-42271 — LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) fo...
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration in the request body, including the command, args, and env fields used by the stdio transport. When c
NVD CRITICAL: CVE-2026-42264 — Axios is a promise based HTTP client for the browser and Node.js. From version 1...
Axios is a promise based HTTP client for the browser and Node.js. From version 1.0.0 to before version 1.15.2, fFive config properties (auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser) in the HTTP adapter are read via direct property access without hasOwnProperty guards, making them exploitable as prototype pollution gadgets. When Object.prototype is polluted by another dependenc
NVD CRITICAL: CVE-2026-42208 — LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) fo...
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.81.16 to before version 1.83.7, a database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An unauthenticated attacker could send a specially crafted Authorization header to any LLM API route (for example
NVD HIGH: CVE-2026-42203 — LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) fo...
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.80.5 to before version 1.83.7, the POST /prompts/test endpoint accepted user-supplied prompt templates and rendered them without sandboxing. A crafted template could run arbitrary code inside the LiteLLM Proxy process. The endpoint only checks that the caller presents a valid proxy API key, so any
NVD HIGH: CVE-2026-8128 — A vulnerability was found in SourceCodester SUP Online Shopping 1.0. The affecte...
A vulnerability was found in SourceCodester SUP Online Shopping 1.0. The affected element is an unknown function of the file /admin/viewmsg.php. Performing a manipulation of the argument msgid results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
NVD HIGH: CVE-2026-8126 — A flaw has been found in SourceCodester Comment System 1.0. This issue affects s...
A flaw has been found in SourceCodester Comment System 1.0. This issue affects some unknown processing of the file post_comment.php. This manipulation of the argument Name causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.
Canvas Breach Disrupts Schools & Colleges Nationwide
An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the service's login page with a ransom demand that threatened to leak data from 275 million students and faculty across nearly 9,000 educational institutions.
Dirty Frag and other issues in Amazon Linux kernels
<p><b>Bulletin ID:</b> 2026-027-AWS<br> <b>Scope:</b> AWS<br> <b>Content Type:</b> Important (requires attention)<br> <b>Publication Date:</b> 2026/05/07 19:45 PM PDT</p> <p><b>Description:</b></p> <p>Amazon is aware of a class of issues in the Linux kernel related to the original issue (CVE-2026-31431). The issues commonly referred to as "DirtyFrag" are present in a number of loadable modules, in
Palo Alto Networks firewall flaw has been exploited for several weeks
Palo Alto Networks warns that a critical zero-day vulnerability has been discovered in the PAN-OS firewall system. The vulnerability has already been exploited by suspected state-sponsored hackers for nearly a month, reports Bleeping Computer . The vulnerability, CVE-2026-0300, is located in the User-ID Authentication Portal (also known as the Captive Portal) and allows attackers to execute code w
Become a millionaire by bug hunting on Android
Over the past decade, Google has introduced a wide range of bug bounty programs for its software and services. The company has now announced that the reward for individuals who discover vulnerabilities in Android or the Chrome browser is being increased , bringing the maximum reward to $1.5 million. However, reports indicate that you must find a critical vulnerability in the Pixel Titan M2 securit
13 new critical holes in JavaScript sandbox allow execution of arbitrary code
Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code to escape the container and do nasty things to IT environments. As a result, developers using this library in their applications are urged to update the software to the latest version, which is currently 3.11.2. The warnings come in advisories from vm2 maintainer Patrik Simek
Kraken owner to pay $600m for stablecoin infrastructure firm Reap
The parent company of crypto exchange Kraken has agreed its second major acquisition in a matter of weeks, striking a $600 million deal to acquire stablecoin-native, card issuing and payments infrastructure platform Reap Technologies.
Credit Karma opens up membership to America's 'credit invisible'
Intuit-owned Credit Karma is now letting the 17 million Americans without a credit score open accounts, paving the way for them to emerge from "financial invisibility.
The Privacy Risks of Embedded, Shadow AI in Healthcare
Artificial intelligence that is embedded in newer editions of software and other technology tools but is not explicitly revealed by vendors is a substantial risk on par with shadow AI, said regulatory attorney Elizabeth Hodge with the law firm Akerman LLP.
Pentagon Official Vows to Diversify Frontier AI Suppliers
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/pentagon-official-vows-to-diversify-frontier-ai-suppliers-image_small-8-a-31632.jpg" align=right hspace=4><b>Pentagon Expands Frontier AI Providers Amid Anthropic Legal Fight</b><br>The Pentagon said it will no longer depend on a single artificial intelligence provider as the White House pushes agencies to diversify frontier AI sy
ServiceNow's New Platform Also Governs Everyone Else's AI
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/servicenows-new-platform-also-governs-everyone-elses-ai-image_small-3-a-31631.jpg" align=right hspace=4><b>ServiceNow Takes Aim at Enterprise AI Sprawl at Knowledge 2026</b><br>At its Knowledge 2026 conference, ServiceNow announced artificial intelligence control tower expansions, an autonomous workforce across every business func
WatchGuard Strengthens Cloud Detection With Perimeters Buy
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/watchguard-strengthens-cloud-detection-perimeters-buy-image_small-9-a-31630.jpg" align=right hspace=4><b>WatchGuard Aims to Reduce Alert Fatigue Through Telemetry Correlation</b><br>WatchGuard acquired SaaS security startup Perimeters to strengthen cloud detection and response capabilities spanning identity threat detection, cloud
Breach Roundup: Microsoft Edge Turns Passwords Into Targets
<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/breach-roundup-microsoft-edge-turns-passwords-into-targets-image_small-5-a-31629.jpg" align=right hspace=4><b>Also, Taiwan Rail Hack, Massive DDoS Attack and Karakurt Jail Sentence</b><br>This week, Microsoft Edge exposed passwords, Taiwan police make arrests in high-speed rail hack and a 2.45 billion-request DDoS attack. A Karaku
CISA KEV: BerriAI LiteLLM — BerriAI LiteLLM SQL Injection Vulnerability
BerriAI LiteLLM contains a SQL injection vulnerability that allows an attacker to read data from the proxy's database and potentially modify it, leading to unauthorised access to the proxy and the credentials it manages.
Canvas login portals hacked in mass ShinyHunters extortion campaign
The ShinyHunters extortion gang has breached education technology giant Instructure again, this time exploiting another vulnerability to deface Canvas login portals for hundreds of colleges and universities. [...]
NVD CRITICAL: CVE-2026-8034 — A server-side request forgery (SSRF) vulnerability was identified in the GitHub ...
A server-side request forgery (SSRF) vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname validation used a different URL parser than the request library, enabling a crafted URL to pass validation while directing the
NVD HIGH: CVE-2026-7541 — A denial of service vulnerability was identified in GitHub Enterprise Server tha...
A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to cause service disruption by sending crafted requests with deeply nested JSON payloads to an unauthenticated API endpoint. The endpoint parsed user-controlled JSON request bodies without size or depth limits, causing excessive CPU and memory consumption. This vulnerability affect
NVD HIGH: CVE-2026-42826 — Exposure of sensitive information to an unauthorized actor in Azure DevOps allow...
Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network.
NVD HIGH: CVE-2026-41105 — Server-side request forgery (ssrf) in Azure Notification Service allows an autho...
Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network.
NVD CRITICAL: CVE-2026-35435 — Improper access control in Azure AI Foundry M365 published agents allows an unau...
Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network.
NVD CRITICAL: CVE-2026-35428 — Improper neutralization of special elements used in a command ('command injectio...
Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.
NVD HIGH: CVE-2026-34327 — Externally controlled reference to a resource in another sphere in Microsoft Par...
Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network.
NVD CRITICAL: CVE-2026-33844 — Improper input validation in Azure Managed Instance for Apache Cassandra allows ...
Improper input validation in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.
NVD HIGH: CVE-2026-33111 — Improper neutralization of special elements used in a command ('command injectio...
Improper neutralization of special elements used in a command ('command injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.
NVD CRITICAL: CVE-2026-33109 — Improper access control in Azure Managed Instance for Apache Cassandra allows an...
Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network.
NVD HIGH: CVE-2026-26164 — Improper neutralization of special elements in output used by a downstream compo...
Improper neutralization of special elements in output used by a downstream component ('injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
NVD HIGH: CVE-2026-26129 — Improper neutralization of special elements in M365 Copilot allows an unauthoriz...
Improper neutralization of special elements in M365 Copilot allows an unauthorized attacker to disclose information over a network.
Developing: ShinyHunters Hacks Instructure Again; Canvas Down
When Instructure did not contact ShinyHunters to negotiate any payment after ShinyHunters attacked them for a second time in April, the threat actors threatened to leak every school’s data, and posted a notice telling schools how to contact them directly to avoid having their data leaked. When Instructure still didn’t contact them after that escalation, ... Source
Developing: ShinyHunters Hacks Instructure Again; Canvas Down (1)
When Instructure did not contact ShinyHunters to negotiate any payment after ShinyHunters attacked them for a second time in April, the threat actors threatened to leak every school’s data, and posted a notice telling schools how to contact them directly to avoid having their data leaked. When Instructure still didn’t contact them after that escalation, ... Source
New TCLBanker malware self-spreads over WhatsApp and Outlook
A new trojan named TCLBanker, which targets 59 banking, fintech, and cryptocurrency platforms, uses a trojanized MSI installer for Logitech AI Prompt Builder to infect systems. [...]
Ivanti customers confront yet another actively exploited zero-day
Attackers are hitting a frequent target in the network edge space, intruding victim networks through a defect in a widely used mobile endpoint security product. The post Ivanti customers confront yet another actively exploited zero-day appeared first on CyberScoop .
Iranian government hackers using Chaos ransomware as cover, researchers say
Incident responders from cybersecurity firm Rapid7 published a report about a recent intrusion that initially appeared to be a Chaos ransomware attack but was later discovered to be an attack attributed to MuddyWater, an Iranian APT group tied to the country’s Ministry of Intelligence and Security (MOIS).
NVD HIGH: CVE-2026-8098 — A security vulnerability has been detected in code-projects Feedback System 1.0....
A security vulnerability has been detected in code-projects Feedback System 1.0. Impacted is an unknown function of the file /admin/checklogin.php. Such manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
Ollama vulnerability highlights danger of AI frameworks with unrestricted access
A critical vulnerability in Ollama poses a direct risk of sensitive information leaks to more than 300,000 internet-exposed servers, researchers have found. The flaw, tracked as CVE-2026-7482, stems from an out-of-bounds heap read in Ollama’s model quantization pipeline. Ollama is one of the most popular frameworks for running AI models on local hardware. The flaw also subjects servers on local LA
Searching for bulletproof detections in cPanel Land: Hunting for CVE-2026-41940: Building Detections for the exploit, not the PoC
[object Object]
After Replacing TeamPCP Malware, 'PCPJack' Steals Cloud Secrets
PCPJack makes innovative use of parquet files for stealthy, pre-validated target discovery as it canvasses multiple cloud environments.
LinkedIn illegally blocking free accounts from seeing ‘who’s viewed your profile’ data, group alleges
A LinkedIn feature that allows paid subscribers to view a list of visitors to their profile should be made available to all EU users free of charge to comply with the region’s General Data Protection Regulation (GDPR), a legal complaint launched by the None of Your Business (NOYB) digital rights group has claimed. Filed this week in an Austrian court, the group’s argument is that LinkedIn’s ‘Who’s
NVD HIGH: CVE-2026-8087 — A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is...
A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. Upgrading to version 3.13.0RC1 is r
NVD HIGH: CVE-2026-39836 — The Dial and LookupPort functions panic on Windows when provided with an input c...
The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).
NVD HIGH: CVE-2026-39820 — Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were ...
Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.
NVD HIGH: CVE-2026-33814 — When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of...
When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.
NVD HIGH: CVE-2026-33811 — When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can...
When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.
Rapid7 and OpenAI: Helping Defenders Move at Machine Speed
Wade Woolwine is Senior Director, Product Security at Rapid7. Announcing OpenAI's Trusted Access for Cyber program CIOs and CISOs are telling us the same thing in different ways: Advances in frontier AI are accelerating the threat environment and putting pressure on security operating models built for a different pace. Vulnerabilities can be discovered faster, exploitation windows are shrinking, a
Trump officials are steering a cybersecurity scholarship program toward AI
The latest development has thrown scholars for a curveball, and has some worried about being “left out to dry” when it comes to job positions. The post Trump officials are steering a cybersecurity scholarship program toward AI appeared first on CyberScoop .
Kalshi valuation soars to $22bn
Prediction market Kalshi has seen its valuation double to $22 billion in five months off the back of a $1 billion Series F funding round.
NVD HIGH: CVE-2026-8086 — A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affec...
A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument DimensionName leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. Upgrading to version 3.12.4RC1 is capable of addressing this issue. The nam
NVD HIGH: CVE-2026-8083 — A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System ...
A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=save_user. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.
NVD HIGH: CVE-2026-44243 — GitPython is a python library used to interact with Git repositories. Prior to v...
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.48, a vulnerability in GitPython allows attackers who can supply a crafted reference path to an application using GitPython to write, overwrite, move, or delete files outside the repository’s .git directory via insufficient validation of reference paths in reference creation, rename, and delete operations. T
NVD CRITICAL: CVE-2026-42284 — GitPython is a python library used to interact with Git repositories. Prior to v...
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _clone() validates multi_options as the original list, then executes shlex.split(" ".join(multi_options)). A string like "--branch main --config core.hooksPath=/x" passes validation (starts with --branch), but after split becomes ["--branch", "main", "--config", "core.hooksPath=/x"]. Git applies the conf
Worries About AI’s Risks to Humanity Loom Over the Trial Pitting Musk Against OpenAI’s Leaders
Musk said that he could have founded OpenAI as a for-profit company, just like the other companies he started or took over. “I deliberately chose this,” he said, “for the public good.” The post Worries About AI’s Risks to Humanity Loom Over the Trial Pitting Musk Against OpenAI’s Leaders appeared first on SecurityWeek .
New PCPJack worm steals credentials, cleans TeamPCP infections
A new malware framework called PCPJack is stealing credentials from exposed cloud infrastructure while actively removing TeamPCP's access to the systems. [...]
Australia warns of ClickFix attacks pushing Vidar Stealer malware
The Australian Cyber Security Center (ACSC) is warning organizations of an ongoing malware campaign using the ClickFix social engineering technique to distribute the Vidar Stealer info-stealing malware. [...]
Unplug your way to better code
Cybersecurity concepts — logs, packets, DNS exfiltration, and more — are usually intangible, and its practitioners are prone to mental fatigue, Amy takes a second to yell at you to go touch grass.
Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access
Ivanti is warning that a new security flaw impacting Endpoint Manager Mobile (EPMM) has been explored in limited attacks in the wild. The high-severity vulnerability, CVE-2026-6973 (CVSS score: 7.2), is a case of improper input validation affecting EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1. It allows "a remotely authenticated user with administrative access to achieve remote code
FCA green lights Clear Street UK CEO appointment
Clear Street ("Clear Street" or "the Company"), a cloud-native financial infrastructure technology firm on a mission to give sophisticated investors access to every asset in every market, through a unified platform built for speed, transparency and scale, today announced that Alex Lawton has been confirmed as Chief Executive Officer of Clear Street U.K. Limited, following approval by the Financial
PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems
Cybersecurity researchers have disclosed details of a new credential theft framework dubbed PCPJack that targets exposed cloud infrastructure and ousts any artifacts linked to TeamPCP from the environments. "The toolset harvests credentials from cloud, container, developer, productivity, and financial services, then exfiltrates the data through attacker-controlled infrastructure while attempting
Has CISA Finally Found Its New Leader in Tom Parker?
Dark Reading investigates rumors that Tom Parker, a board room 'operator' and longtime cyber exec, could be next in line to take over CISA.
CVE-2026-42511 Breakdown: RCE in FreeBSD
[object Object]
NVD CRITICAL: CVE-2026-7821 — Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0....
Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about EPMM appliance and impacting on the integrity of the newly enrolled device identity.
NVD CRITICAL: CVE-2026-5788 — An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, an...
An Improper Access Control in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to invoke arbitrary methods.
NVD CRITICAL: CVE-2026-5787 — An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7...
An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates.
Why Medical Couriers Are Always Classified as HIPAA Business Associates
Other than when they are directly employed by a covered entity, medical couriers are always classified as a HIPAA business […] The post Why Medical Couriers Are Always Classified as HIPAA Business Associates appeared first on The HIPAA Journal .
Temenos Community Forum 2026: AI will power the bank of tomorrow
Day two of the Temenos Community Forum in Copenhagen was focused on the biggest revolution in banking: AI. AI-readiness, AI capabilities, and AI-driven products; business leaders explored the concept of an AI-powered bank of the future.
Palo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking
The cybersecurity firm has not explicitly accused China of being behind the attack, but the evidence suggests it was. The post Palo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking appeared first on SecurityWeek .
Squads raises $18m to build stablecoin operating system
Squads today announced an $18 million strategic round led by Solana Ventures, with participation from Coinbase Ventures, Haun Ventures, L1D, Collab+Currency, Electric Capital, Placeholder, Jump Crypto, and Robot Ventures, bringing total funding to $42.9M.
Ivanti warns of new EPMM flaw exploited in zero-day attacks
Ivanti warned customers today to patch a high-severity remote code execution vulnerability in Endpoint Manager Mobile (EPMM) exploited in zero-day attacks. [...]
Bulldog Federal Credit Union taps FMSI for branch revamp
FMSI, a provider of branch workforce management and lobby optimization solutions for financial institutions, today announced a new partnership with Bulldog Federal Credit Union, a community-chartered credit union serving Washington County, Maryland since 1968.
NVD HIGH: CVE-2026-42011 — A flaw was found in gnutls. This vulnerability occurs because permitted name con...
A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate validation. This bypass could lead to the acceptance of invalid certificates, potentially enabling spoofing
NVD HIGH: CVE-2026-41654 — Weblate is a web based localization tool. Prior to version 5.17.1, an authentica...
Weblate is a web based localization tool. Prior to version 5.17.1, an authenticated user with project.add permission (default on hosted Weblate SaaS and for any user holding an active billing/trial plan) can import a crafted project backup ZIP whose components/<name>.json contains an attacker-chosen repo URL pointing at a private address (e.g. http://127.0.0.1:9999/) or using a non-allow-listed sc
North Carolina man pleads guilty to doxxing Supreme Court justices
The incident underscores the dangers public officials face from doxxing, as well as how easy it has become to find sensitive information online.
Boost Security Raises $4 Million for SDLC Defense Platform
The company is expanding its platform’s capabilities with the acquisition of SecureIQx and Korbit.ai. The post Boost Security Raises $4 Million for SDLC Defense Platform appeared first on SecurityWeek .
Legacy Security Tools Are Failing Data Protection, Capital One Software Report Finds
Traditional network security tools are undermining data protection, with Forrester and Capital One Software research warning AI adoption is impossible without rethinking data security
Legacy Security Tools Failing Data Protection, Capital One Software Report Finds
Traditional network security tools are undermining data protection, with Forrester and Capital One Software research warning AI adoption is impossible without rethinking data security
Bypassing Bitlocker under 5 min using downgrade attack on CVE-2025-48804
[object Object]
Mastercard and Yellow Card target stablecoin payments in EEMEA
Mastercard and Yellow Card, a licensed stablecoin infrastructure provider operating primarily across Africa, with additional capabilities in select emerging markets, have announced a strategic partnership to accelerate stablecoin-enabled payment innovation across Eastern Europe, the Middle East, and Africa (EEMEA), with plans for global expansion.
Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking
Mitiga researchers say attackers can silently redirect Claude Code MCP traffic, intercept OAuth tokens, and maintain persistent access to connected SaaS platforms. The post Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking appeared first on SecurityWeek .
Cline Kanban Flaw Lets Websites Hijack AI Coding Agents
Oasis Security finds critical Cline kanban WebSocket flaw exposing AI coding agents to hijack
RemitBee partners Visa Canada on cross-border payments
RemitBee Inc., a Canadian remitter and fintech platform, today announced a collaboration with Visa Canada, a global leader in digital payments.
Settlement Resolves FTC Lawsuit Against Kochava Over Sale of Geolocation Data
A settlement has been reached between the Federal Trade Commission (FTC) and the Idaho-based data broker Kochava and its subsidiary […] The post Settlement Resolves FTC Lawsuit Against Kochava Over Sale of Geolocation Data appeared first on The HIPAA Journal .
NVD CRITICAL: CVE-2026-6795 — URL redirection to untrusted site ('open redirect') vulnerability in DivvyDrive ...
URL redirection to untrusted site ('open redirect') vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Parameter Injection. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2.
NVD HIGH: CVE-2025-14341 — Improperly controlled modification of Dynamically-Determined object attributes, ...
Improperly controlled modification of Dynamically-Determined object attributes, Allocation of resources without limits or throttling vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Excessive Allocation, Flooding. This issue affects DivvyDrive: from 4.8.2.19 before 4.8.3.2.
Chrome 148 Rolls Out With 127 Security Fixes
The fresh browser update resolves critical-severity integer overflow and use-after-free vulnerabilities. The post Chrome 148 Rolls Out With 127 Security Fixes appeared first on SecurityWeek .
The Browser Is Breaking Your DLP: How Data Slips Past Modern Controls
Your security controls aren't failing, they're missing where most of today's work actually happens. Keep Aware shows how browser activity like copy/paste and AI prompts bypass traditional protections. [...]
OpenAI and Anthropic LLMs Used in Critical Infrastructure Cyber-Attack, Warns Dragos
Commercial AI models were used to help plan and conduct cyber-attack against operational technology of a water and drainage facility, say researchers
American duo sentenced for hosting laptop farms for North Korean IT workers
The men’s separate schemes impacted almost 70 U.S. companies and generated a combined $1.2 million in revenue for the North Korean regime. The post American duo sentenced for hosting laptop farms for North Korean IT workers appeared first on CyberScoop .
Attackers Could Exploit AI Vision Models Using Imperceptible Image Changes
Cisco’s AI security researchers have analyzed ways to target vision-language models (VLMs) using pixel-level perturbation. The post Attackers Could Exploit AI Vision Models Using Imperceptible Image Changes appeared first on SecurityWeek .
Americans sentenced for running 'laptop farms' for North Korea
Two U.S. nationals were sentenced to 18 months in prison each for operating so-called laptop farms that helped North Korean IT workers fraudulently obtain remote employment at nearly 70 American companies. [...]
PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage
Palo Alto Networks has disclosed that threat actors may have attempted to unsuccessfully exploit a recently disclosed critical security flaw as early as April 9, 2026. The vulnerability in question is CVE-2026-0300 (CVSS score: 9.3/8.7), a buffer overflow vulnerability in the User-ID Authentication Portal service of Palo Alto Networks PAN-OS software that could allow an unauthenticated attacker
Vendor Says Daemon Tools Supply Chain Attack Contained
The software developer has identified the impacted systems, removed potentially compromised files, and validated installation packages. The post Vendor Says Daemon Tools Supply Chain Attack Contained appeared first on SecurityWeek .
NVD HIGH: CVE-2026-6002 — Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vu...
Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross-Site Scripting (XSS). This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2.
NVD CRITICAL: CVE-2026-5791 — Cross-Site request forgery (CSRF) vulnerability in DivvyDrive Information Techno...
Cross-Site request forgery (CSRF) vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross Site Request Forgery. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2.
NVD HIGH: CVE-2026-5784 — Improper neutralization of input during web page generation ('cross-site scripti...
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2.
Fake Claude AI Site Drops Beagle Backdoor on Windows Users
Sophos finds fake Claude site spreading DonutLoader and a new Beagle backdoor via DLL sideloading
Why Security in 2026 Requires Continuous Threat and Exposure Management (CTEM) at Scale
Let's be honest, the patching window just shrank to something no practitioner or organization can keep up with. Organizations now need to operate in an environment that must assume breach, which means fundamentals like attack surface management, micro-segmentation, identity management, and attack path validation – aka a few core pillars of CTEM – just became the most important initiatives within t
'TrustFall' Exposes Claude Code Execution Risk
Researchers find malicious repositories can trigger code execution in Claude Code with minimal or no user interaction.
World's First AI-Driven Cyberattack Couldn't Breach OT Systems
The most sophisticated AI-integrated campaign to date hit a brick wall in the form of a SCADA login screen.
'TrustFall' Convention Exposes Claude Code Execution Risk
Malicious repositories can trigger code execution in Claude Code, Cursor CLI, Gemini CLI, and CoPilot CLI with minimal or no user interaction, thanks to skimpy warning dialogs.
AI Coding Agents Could Fuel Next Supply Chain Crisis
“TrustFall” attack shows how AI coding agents can be manipulated into launching stealthy supply chain compromises. The post AI Coding Agents Could Fuel Next Supply Chain Crisis appeared first on SecurityWeek .
AI-Driven Cyberattack on Mexico Couldn't Breach OT Systems
The most sophisticated AI-integrated campaign to date hit a brick wall in the form of a SCADA login screen.
Polish intelligence warns hackers attacked water treatment control systems
The agency did not publicly attribute the incidents to a specific group or country but said Poland faced intensified hostile cyber activity in 2024 and 2025, “with particular emphasis on the special services of the Russian Federation.”
NVD CRITICAL: CVE-2026-6508 — Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Re...
Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Liderahenk: from 2.0.1 before 2.0.2.
NVD CRITICAL: CVE-2026-42010 — A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adlem...
A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication
NVD HIGH: CVE-2026-41644 — monetr is a budgeting application for recurring expenses. Prior to version 1.12....
monetr is a budgeting application for recurring expenses. Prior to version 1.12.5, a server-side request forgery (SSRF) vulnerability in monetr's Lunch Flow integration allowed any authenticated user on a self-hosted instance to cause the monetr server to issue HTTP GET requests to arbitrary URLs supplied by the caller, with the response body from non-200 upstream responses reflected back in the A
NVD HIGH: CVE-2026-3953 — Improper neutralization of input during web page generation ('cross-site scripti...
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Gosoft Software Industry and Trade Ltd. Co. Proticaret E-Commerce allows Cross-Site Scripting (XSS), Reflected XSS. This issue affects Proticaret E-Commerce: from v5.0.0 before V 6.0.1767.1383.
Crypto gang member gets 6.5 years for role in $230 million heist
A 20-year-old California man was sentenced to 78 months in prison for serving as a home invader and money launderer in a criminal ring that stole over $250 million in cryptocurrency. [...]
Bots in translation: Can AI really fix SIEM rule sprawl across vendors?
Enterprises migrating between SIEM platforms often have to manually rewrite detection rules because vendors such as Splunk, Microsoft Sentinel, IBM QRadar, and Google Chronicle use different query languages and data models. Researchers now say AI may be able to automate much of that work, though security experts remain divided over whether the problem really requires AI at all. Researchers from th
MAXHUB Pivot Client Application
<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-127-01.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Successful exploitation of this vulnerability may enable an attacker to access tenant email addresses and associated information in cleartext or cause a denial-of-service condition.</strong></p> <p>The following versions of MAXHUB Piv
ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories
Bad week. Turns out the easiest way to get hacked in 2026 is still the same old garbage: shady packages, fake apps, forgotten DNS junk, scam ads, and stolen logins getting dumped into Discord channels like it’s normal. Some of these attack chains don’t even feel sophisticated anymore. More like some tired guy with a Telegram account and too much free time. The worst part is how often this stuff
Cybersecurity Stolen ChipSoft claims patient data confirmed destroyed following cyberattack
There’s an update to the ChipSoft ransomware attack. DigitalShield reports that although ChipSoft hasn’t revealed whether it paid Embargo ransom, it did disclose that some negotiations had occurred. One of the most striking elements of the case is the company’s claim about the deletion of the stolen data. According to the company, the destruction has been... Source
Cisco Patches High-Severity Vulnerabilities in Enterprise Products
Successful exploitation of the flaws could lead to code execution, server-side request forgery attacks, and denial-of-service conditions. The post Cisco Patches High-Severity Vulnerabilities in Enterprise Products appeared first on SecurityWeek .
NVD HIGH: CVE-2026-33588 — Lack of user input validation in the file upload functionality of Open Notebook ...
Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to create or modify files on the docker container via path traversal.
NVD CRITICAL: CVE-2026-33587 — Lack of user input sanitisation in Open Notebook v1.8.3 allows the application u...
Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker container via Server-Side Template Injection (SSTI) for user-created transformations.
NVD HIGH: CVE-2026-28201 — An improper input validation, together with an overly permissive default CORS co...
An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote attacker to trick a legitimate user to alter or delete arbitrary database entries via specially crafted malicious URL. Depending on the deployment, data exfiltration is also possible.
Critical Palo Alto Networks software bug hits exposed firewalls
Palo Alto Networks is warning customers about a critical buffer overflow vulnerability affecting its PAN-OS user-ID authentication portal that is already being exploited in the wild. The flaw allows attackers to execute arbitrary code with root privileges on exposed firewalls, the company said in a security advisory . PAN-OS is the software that runs all Palo Alto Networks next-generation firewall
Smart Glasses for the Authorities
ICE is developing its own version of smart glasses, with facial recognition tied to various databases.
New Cyber Resilience Readiness Program Developed by Joint Commission; AHA
Joint Commission and the American Hospital Association (AHA) have partnered to create a new Cyber Resilience Readiness program for hospitals […] The post New Cyber Resilience Readiness Program Developed by Joint Commission; AHA appeared first on The HIPAA Journal .
Top Wall Street dealers join bond trading platform LTX
Five of Wall Street's top banks have joined the AI-powered LTX corporate bond e-trading platform in a bid to unlock greater liquidity in corporate bonds.
Palo Alto Networks firewall zero-day exploited for nearly a month
Palo Alto Networks warned customers that suspected state-sponsored hackers have been exploiting a critical-severity PAN-OS firewall zero-day vulnerability for nearly a month. [...]
Oglethorpe Settles Data Breach Lawsuit
Oglethorpe, a Tampa, FL-based network of mental health and addiction recovery treatment facilities, was sued in response to a June […] The post Oglethorpe Settles Data Breach Lawsuit appeared first on The HIPAA Journal .
Cross-border QR code payments go live between Indonesia and China
Under the guidance of Bank Indonesia and People's Bank of China, the China-Indonesia cross-border QR payment linkage was launched between Indonesia’s Quick Response Code Indonesian Standard (QRIS) and China’s leading payment ecosystems, enabled by Alipay+, the unified wallet gateway of Ant International, and UnionPay International.
Day Zero Readiness: The Operational Gaps That Break Incident Response
Having an incident response retainer, or even a pre-approved external incident response firm, is not the same as being ready for an incident. A retainer means someone will answer the phone. Operational readiness determines whether that team can do meaningful work the moment they do. That distinction matters far more than many organizations realize. In the first hours of a security incident
Lloyds: Adapting to changing customer behaviour is now a top priority for nine in ten retailers
New research from Lloyds reveals that 91% of UK retail business owners and decision-makers say adapting to changing customer behaviour is now a top business priority, as retailers face growing pressure to deliver faster, easier and more flexible experiences, both in-store and behind the scenes.
Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack
Attackers could inject prompts into a GitHub issue and take over the AI agent designed to automatically triage the issue. The post Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack appeared first on SecurityWeek .
Romance fraud costs UK victims £102 million in a year as reports surge by nearly a third
Victims of romance fraud lost more than £102 million last year, as criminals continue to exploit online relationships to manipulate people into transferring money, new figures from the City of London Police reveal.
NVD HIGH: CVE-2026-6805 — Vulnerability on the external sharing feature in Cryptobox allows an attacker kn...
Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing link URL to retrieve information from the server allowing an offline brute-force attack of the access code associated to this sharing link.
Fake Claude AI website delivers new 'Beagle' Windows malware
A fake version for the Claude AI website offers a malicious Claude-Pro Relay download that pushes a previously undocumented backdoor for Windows named Beagle. [...]
Exploits and vulnerabilities in Q1 2026
This report provides statistical data on published vulnerabilities and exploits we researched during Q1 2026. It also includes summary data on the use of C2 frameworks in APT attacks.
Data Breaches Announced by Four Healthcare Providers
Data breaches have recently been announced by Western Orthopaedics in Colorado, Community Health Systems in California, Tri-Cities Gastroenterology in Tennessee, […] The post Data Breaches Announced by Four Healthcare Providers appeared first on The HIPAA Journal .
PCPJack | Cloud Worm Evicts TeamPCP and Steals Credentials at Scale
Cloud attack framework skips cryptomining, harvests financial, messaging, and enterprise credentials for fraud, spam, and potential extortion.
One House Democrat is pressing Commerce on the government’s spyware use
Rep. Summer Lee’s letter, first reported by CyberScoop, follows ICE confirmation of using spyware and news of a Trump ally becoming NSO Group’s executive chairman. The post One House Democrat is pressing Commerce on the government’s spyware use appeared first on CyberScoop .
BNY and Finstreet to deliver digital asset infrastructure in UEA
BNY (NYSE: BK), a global financial services company, together with Finstreet Limited and ADI Foundation, have announced a strategic collaboration that intends to offer regulated, scalable, institutional-grade digital asset custody anchored in the Abu Dhabi Global Market (ADGM).
Daemon Tools Developer Confirms Software Was Trojanized
A China-linked threat actor backdoored a version of Daemon Tools to infect thousands
PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux
Cybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository that are designed to stealthily deliver a previously unknown malware family called ZiChatBot on Windows and Linux systems. "While these wheel packages do implement the features described on their PyPI web pages, their true purpose is to covertly deliver malicious files," Kaspersky
NVD HIGH: CVE-2026-44407 — A remote denial-of-service vulnerability exists in the ZTE Cloud PC client uSmar...
A remote denial-of-service vulnerability exists in the ZTE Cloud PC client uSmartview, which may lead to memory corruption and remote denial of service.
NVD CRITICAL: CVE-2025-1978 — Remote Code Execution Vulnerability in Hitachi Storage Navigator and the mainten...
Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One Block 23, One Block 24, One Block 26, One Block 28. This issue affects Virtual S
Open Banking Limited appoints former FCA general counsel to board
Open Banking Limited (OBL), the standards setter for Open Banking, today announces the appointment of Sean Martin to its board as an Independent Non-Executive Director.
ISI introduces debt intelligence platform
ISI, the global market intelligence provider, today announced the launch of its new platform for investors, bankers and advisers, powered by REDD’s actionable intelligence on emerging market corporates across public bonds, private credit, and primary debt issuance.
CISOs: Align cyber risk communication with boardroom psychology
By now, executive boards across industries understand that cyberattacks can be costly. What they often lack, however, is a clear view of which risks pose the biggest threat to their business and why certain investments need to rise to the top. Many security leaders lose traction at that point. The challenge is less about sounding the alarm and more about translating risk into actionable business i
Fake call logs, real payments: How CallPhantom tricks Android users
ESET researchers uncovered fraudulent apps on Google Play that claim to provide the call history “for any number” and had been downloaded more than seven million times before being taken down
Researchers Spot Uptick in Use of Vercel for Phishing Campaigns
Cofense has warned of a “significant” increase in phishing campaigns abusing Vercel platform
NVD HIGH: CVE-2026-4430 — Out-of-bounds write vulnerability in The Document Foundation LibreOffice via cra...
Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters. This issue affects LibreOffice: from 26.2 before 26.2.3, from 25.8 before 25.8.7.
NVD HIGH: CVE-2026-44406 — ZTE Cloud PC client uSmartView contains a DLL hijacking vulnerability; since uSm...
ZTE Cloud PC client uSmartView contains a DLL hijacking vulnerability; since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful hijacking enables local arbitrary code execution, privilege escalation, and memory corruption.contains a DLL hijacking vulnerability; since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful hijacking enables local arbitrary code execution,
NVD CRITICAL: CVE-2025-9661 — OS command injection vulneravility in the management gui (maintenance utility) o...
OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28. This issue affects Hitachi Virtual Storage Platform One Block 23/24/26/28: before DKCMAIN A3-04-21-40/00, ESM A3-04-21/00.
Pleo integrates expense management with iplicit cloud accounting
Pleo, Europe’s most trusted strategic finance platform, today announces a strategic partnership with leading cloud accounting platform iplicit, purpose-built for the UK and Ireland's mid-market, to bring smart corporate cards and automated spend management to mid-market finance teams across the UK & Ireland via Pleo Embedded.
Claude AI Guided Hackers Toward OT Assets During Water Utility Intrusion
Dragos has published a report describing how threat actors used Claude AI in an attack on a water and drainage utility in Mexico. The post Claude AI Guided Hackers Toward OT Assets During Water Utility Intrusion appeared first on SecurityWeek .
Ten years later, has the GDPR fulfilled its purpose?
This year marks the 10th anniversary of the EU’s adoption of the General Data Protection Regulation , which became mandatory for all companies beginning on May 25, 2018. The aim of the GDPR was simple, but important: to improve individuals’ control over their personal data. This regulation replaced Directive 95/46/EC with the clear purpose of unifying data protection regulations in the EU, strengt
Fixing the password problem is as easy as 123456
How come it’s still possible to ‘secure’ an online account with a six-digit string?
NVD HIGH: CVE-2026-7252 — The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page ...
The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unscheduled_original_file_deletion function in all versions up to, and including, 4.5.2 This makes it possible for authenticated attackers, with author-level access and above, to delete arbi
NVD HIGH: CVE-2026-6692 — The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Uploa...
The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7.0.0 to 7.0.10 via the '_get_media_url' and '_check_file_path' function. This is due to insufficient file type validation. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload files that may be executable, which makes remote code execution possible. The vu
NVD HIGH: CVE-2026-4348 — The BetterDocs Pro plugin for WordPress is vulnerable to SQL Injection via the `...
The BetterDocs Pro plugin for WordPress is vulnerable to SQL Injection via the `get_current_letter_docs` and `docs_sort_by_letter` AJAX actions in all versions up to, and including, 3.7.0. This is due to the `limit` POST parameter being interpolated directly into a SQL query string before being passed to `$wpdb->prepare()`, which only parameterizes other variables. This makes it possible for unaut
NVD HIGH: CVE-2026-41413 — Istio is an open platform to connect, manage, and secure microservices. Prior to...
Istio is an open platform to connect, manage, and secure microservices. Prior to versions 1.28.6 and 1.29.2, when a RequestAuthentication resource is created with a jwksUri pointing to an internal service, istiod makes an unauthenticated HTTP GET request to that URL without filtering out localhost or link local ips. This can result in sensitive data being distributed to Envoy proxies via xDS confi
Temenos launches embedded AI-powered capabilities
Temenos (SIX: TEMN), a global leader in banking technology, today announced new AI-powered product capabilities launching at Temenos Community Forum (TCF) 2026. The new releases include Temenos AI Agents, Copilots and Conversational Studio embedded across Temenos’ Core and Digital Banking products, as well as its Financial Crime Mitigation (FCM) solution.
Pakistan's Habib Bank Limited goes live with Temenos banking solution
Temenos (SIX: TEMN), a global leader in banking technology, today announced that Habib Bank Limited (HBL), a leading financial institution in Pakistan, has successfully gone live with Temenos Core Banking in one of the region’s most ambitious modernization programs.
NVD CRITICAL: CVE-2026-44603 — Tor before 0.4.9.7 has an out-of-bounds read by one byte via a malformed BEGIN c...
Tor before 0.4.9.7 has an out-of-bounds read by one byte via a malformed BEGIN cell, aka TROVE-2026-007.
NVD HIGH: CVE-2026-44602 — Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received o...
Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006.
NVD HIGH: CVE-2026-44601 — Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a ...
Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009.
NVD CRITICAL: CVE-2026-42217 — OpenEXR provides the specification and reference implementation of the EXR file ...
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, readVariableLengthInteger() decodes a variable-length integer from untrusted EXR input without bounding the shift count. After enough continuation bytes, the code exe
NVD CRITICAL: CVE-2026-42216 — OpenEXR provides the specification and reference implementation of the EXR file ...
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, IDManifest::init() reconstructs strings from a prefix-compressed representation. If the previous string is longer than 255 bytes, the next string is expected to begin
NVD HIGH: CVE-2026-41640 — NocoBase is an AI-powered no-code/low-code platform for building business applic...
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the queryParentSQL() function in the core database package constructs a recursive CTE query by joining nodeIds with string concatenation instead of using parameterized queries. The nodeIds array contains primary key values read from database rows. An attacker wh
NVD HIGH: CVE-2026-41002 — The base directory (`spring.cloud.config.server.git.basedir`) used by the Spring...
The base directory (`spring.cloud.config.server.git.basedir`) used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use (TOCTOU) attacks. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 (inclusive); upgrade to 3.1.14 or greater (Enterprise Support Only). Spring Cloud Config 4.1.x: affected from 4.1.0 through 4.1.9 (inclusive); upg
NVD HIGH: CVE-2026-40004 — There exists an openssl.cnf privilege escalation vulnerability in ZTE Cloud PC c...
There exists an openssl.cnf privilege escalation vulnerability in ZTE Cloud PC client uSmartview. An attacker can execute arbitrary code locally and escalate privileges.
vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution
A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the sandbox and execute arbitrary code on susceptible systems. vm2 is an open-source library used to run untrusted JavaScript code inside a secure sandbox by intercepting and proxying JavaScript objects to prevent sandboxed code from accessing the host
European leaders unveil tentative deal for AI Act simplification, including a ban on nudification tools
The tentative deal responds to industry criticism by postponing enforcement of rules governing so-called “high-risk” AI tools involving biometrics and those used in employment, law enforcement and critical infrastructure to December 2027.
US government agency to safety test frontier AI models before release
The Center for AI Standards and Innovation (CAISI), a division of the US Department of Commerce, has signed agreements with Google DeepMind, Microsoft, and xAI that would give the agency the ability to vet AI models from these organizations and others prior to their being made publicly available. According to a release from CAISI, which is part of the department’s National Institute of Standards a
NVD CRITICAL: CVE-2026-44597 — Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNC...
Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka TROVE-2026-011.
An Adaptive Cyber Analytics UI for Web Honeypot Logs [Guest Diary], (Wed, May 6th)
[This is a Guest Diary by Eric Roldan, an ISC intern as part of the SANS.edu BACS program]