AI-analyzed cybersecurity news with IFF classification and defender context.
A malicious npm package named codexui-android, disguised as a remote UI for OpenAI Codex, has been found to exfiltrate developer authentication tokens. Attackers allegedly injected malicious code into the published package that was not present in its public GitHub repository, highlighting risks in the AI software supply chain.
A supply chain attack has compromised 32 Red Hat npm packages, with attackers publishing 96 malicious package versions. These versions contained a credential-stealing worm, reportedly similar to Mini Shai-Hulud.
A spear-phishing campaign, attributed to the Pakistan-aligned SideCopy group, has targeted Afghanistan's Ministry of Finance. The attackers used a ZIP archive containing a malicious LNK file with a Pashto-language filename to deliver the Xeno RAT, an open-source remote access trojan.
Dashlane experienced a brute-force attack where attackers attempted to access user accounts. The company's security systems automatically locked accounts to prevent further unauthorized access and limited the number of encrypted vault downloads that could be initiated.
A new wave of phishing emails is using SVG files as attachments to deliver malicious content. Threat actors are leveraging the SVG format to embed harmful code, bypassing traditional email filters by presenting the content as an image without any URLs in the email body.
Oracle has released its first monthly Critical Security Patch Update (CSPU), addressing a total of 77 vulnerabilities. These updates are part of Oracle's initiative to deliver critical fixes more rapidly.
This article discusses common mistakes organizations make when conducting tabletop exercises for incident response. It highlights the importance of clear objectives, realistic scenarios, and involving diverse stakeholders to ensure these simulations effectively test preparedness for cyber incidents.
Password manager Dashlane has reported a brute-force attack that resulted in the encrypted vaults of fewer than 20 personal plan users being downloaded. The attack, which occurred on May 31, 2026, targeted the company's two-factor authentication (2FA) system.
Hackers are using compromised websites to distribute malware through "ClickFix" and "FakeUpdate" techniques. A threat actor named DriveSurge is behind these large-scale campaigns, which target thousands of sites to deliver malicious payloads.
A new malware strain dubbed Shai-Hulud is targeting versions of the Red Hat build of Node.js package manager (npm). The malicious code was found embedded in a legitimate-looking package and has been downloaded approximately 80,000 times per week.
A supply-chain attack compromised over 30 npm packages within Red Hat's '@redhat-cloud-services' namespace. The attackers distributed a new variant of the Shai-Hulud malware, named "Miasma," designed to steal developer credentials.
Spanish police have arrested an individual accused of leaking sensitive data belonging to government employees from several important state organizations. Among the affected entities was the National Cybersecurity Institute (INCIBE). The investigation is ongoing to determine the full extent of the data leak and identify any accomplices.
Anthropic's AI model, Mythos, will be made available to the European Union's Agency for Cybersecurity (ENISA) through a collaboration known as Project Glasswing. This initiative stems from close cooperation between the European Commission and Anthropic.
Hackers exploited a vulnerability in Meta's AI-powered customer support chatbot to gain unauthorized access to celebrity Instagram accounts. They then resold these high-value accounts before Meta was able to fix the exploit.
A supply chain attack has compromised dozens of Red Hat packages via its official NPM channel. Attackers injected malicious code into these packages, which were then distributed to users through the official Red Hat registry.
Malicious actors have registered over 5,000 new domains in an effort to impersonate election-related entities and conduct phishing attacks. These domains are designed to mimic legitimate election websites and organizations, aiming to trick voters into revealing personal information. This tactic highlights the shift from direct election system attacks to social engineering methods.
Microsoft has threatened legal action against a security researcher who published several zero-day exploits, sparking backlash from the cybersecurity community. Critics argue that Microsoft's stance discourages responsible disclosure and could hinder vulnerability research.
A vulnerability in the WP Maps Pro WordPress plugin, identified as CVE-2026-8732, is being exploited by unauthenticated attackers. This flaw allows attackers to create administrative accounts on vulnerable WordPress sites.
Dashlane password manager is investigating reports of users being locked out of their accounts due to brute-force attacks. These attacks appear to originate from unknown locations and devices, with attackers attempting multiple login attempts. Dashlane is working to address the issue and has stated that no user data has been compromised.
Oracle has released its first monthly Critical Security Patch Update (CSPU) for May 2026, addressing 35 vulnerabilities, including 11 rated as critical. Among these are several flaws with publicly available exploit code, some of which have been known for a considerable time, highlighting ongoing challenges with patching embedded open-source components.
Dutch police have successfully dismantled a massive botnet consisting of 17 million infected devices. This botnet was allegedly used to operate a residential proxy network and facilitate various cybercriminal activities.
A new supply chain attack campaign, codenamed Miasma, has compromised Red Hat npm packages to steal credentials and secrets. The attack uses install-time execution tactics to harvest credentials, target CI/CD systems, and exfiltrate data with a self-propagating worm.
Hackers exploited Meta's AI support bot to gain unauthorized access to Instagram accounts, including those of the Obama White House and the U.S. Space Force Chief Master Sergeant. Instructions circulating on Telegram guided users on how to trick the AI into resetting account passwords, leading to the brief defacement of these accounts with pro-Iranian content.
A sophisticated WordPress malware campaign has been discovered that uses Steam Community profile comments to hide its command-and-control (C2) infrastructure. Attackers are exploiting WordPress sites to inject malicious code, which then communicates with C2 servers disguised within user comments on Steam profiles, making detection more challenging.
A new article by Melissa Hathaway argues that AI is dramatically accelerating vulnerability discovery, exposing decades of software development prioritizing speed over security. It calls for a coordinated national and international effort involving governments, vendors, and operators to accelerate remediation and invest in automated repair before adversaries exploit this opportunity.
Organizations are urged to patch CVE-2026-41089, a critical vulnerability affecting Windows Netlogon. Attackers are actively targeting this flaw, making timely patching essential for defense.
Microsoft is investigating an ongoing incident that is preventing users of Microsoft Teams and Office for the web from accessing and opening files. The issue appears to be related to issues with accessing files from SharePoint and OneDrive, impacting users across various platforms and devices.
Palo Alto Networks is urging users to patch a critical authentication bypass vulnerability in its PAN-OS GlobalProtect VPN, which is being actively exploited in the wild. Adversaries have already launched two waves of attacks leveraging this flaw, highlighting the urgency for defenders to apply the necessary security updates.
Law enforcement is reportedly scanning social media for individuals who post criticism of AI data centers. This surveillance activity raises concerns about privacy and freedom of expression.
The EFF welcomes Nicole Ozer as its new Executive Director. Ozer is a legal expert with extensive experience in privacy, surveillance, and AI, and has previously worked with the ACLU of Northern California.
The GTA cheat service Atlas Menu has been hacked, with the attacker publishing a database of 64,000 user records to GitHub. The attacker alleges that Atlas Menu was spying on users via screenshots.
Attackers are increasingly exploiting vulnerabilities before organizations can identify and patch them. Faster vulnerability alerts are crucial for reducing exposure and improving security response times.
This weekly recap highlights several cybersecurity events, including a new Linux vulnerability, an exploit targeting PAN-OS, the rise of AI-powered attacks, and OAuth-based phishing campaigns. It also mentions poisoned development tools and the increasing accessibility of malicious activities.
Dragos has acquired xIoT security firm Phosphorus. This acquisition is expected to enhance asset visibility, device intelligence, and automated remediation workflows for Dragos customers.
The Centre for Cybersecurity Belgium has issued a warning that threat actors are actively exploiting a critical Windows Netlogon Remote Code Execution (RCE) vulnerability in ongoing attacks. This vulnerability was recently patched, highlighting the ongoing threat posed by unaddressed security flaws.
Attackers are actively exploiting a critical authentication bypass vulnerability in Palo Alto Networks' PAN-OS software. This flaw allows unauthorized access to VPNs, necessitating urgent patching for affected users and organizations.
This article announces a webinar focusing on improving network incident response times. It will cover how automation and AI-assisted workflows can help IT teams accelerate the process from initial alert to final resolution.
A critical remote code execution (RCE) vulnerability, tracked as CVE-2026-40933, has been discovered in self-hosted Flowise deployments. The flaw exists within the implementation of Model Context Protocol (MCP) stdio servers, allowing attackers to trigger code execution with a single click via a malicious chatflow import. This vulnerability could grant attackers root-level access in containerized environments.
This article presents a pop quiz specifically for the CompTIA A+ 220-1201 certification exam, focusing on a topic applicable to a wide range of IT systems. It is hosted on Professor Messer's website, known for providing free IT certification training resources.
CISA has added CVE-2024-21182, an unspecified vulnerability in Oracle WebLogic Server, to its Known Exploited Vulnerabilities (KEV) Catalog. This addition is based on evidence of active exploitation, posing significant risks to federal networks. Federal agencies are required to remediate this vulnerability, and CISA strongly encourages all organizations to prioritize its patching.
Operation Dragon Weave, a new cyber espionage campaign aligned with China, is targeting officials and citizens in the Czech Republic and Taiwan. The campaign uses spear-phishing emails with ZIP attachments to deliver the AdaptixC2 agent to sectors including government, research, academic, technology, and financial services.
The Pentagon is actively promoting the use of Artificial Intelligence in military operations, viewing it as a significant advantage. However, some military leaders are expressing a need for caution regarding its implementation.
Microsoft has resolved an issue that was preventing customers from setting up multi-factor authentication (MFA) and accessing the My Sign-Ins service. The outage impacted users globally, causing difficulties in managing security settings. Services have now been restored, allowing normal access and MFA configuration.
Microsoft is experiencing an outage that is preventing customers from setting up multi-factor authentication (MFA) and accessing the My Sign-Ins platform. The company is actively working to resolve the issue.
Managed Service Providers (MSPs) are evolving beyond basic vCISO (virtual Chief Information Security Officer) tools, which previously focused on assessments, advisory, and reporting. The industry is shifting towards 'Security Growth Platforms' to meet the expanding needs of MSPs and Managed Security Service Providers (MSSPs).
A 19-year-old Linux kernel vulnerability, known as CIFSwitch, has been disclosed with a proof-of-concept exploit available. This flaw allows low-privileged users to gain root access on affected systems.
Password manager Dashlane has suspended customer accounts due to a surge in brute-force attacks. The company's automated security measures triggered the suspensions to protect user data from unauthorized access.
Microsoft has released a fix for installation problems affecting the May 2026 Windows 11 security update, identified as KB5089549. The update was experiencing installation failures, often accompanied by the error code 0x800f0922, preventing users from successfully applying the security patch.
Russia is reportedly surveying Britain's subsea cables with submarines, prompting the UK to deploy the Royal Navy and mobilize parliamentary draftsmen. Proposed legislation aims to impose fines and prison sentences for reckless damage to critical infrastructure like these cables.
Hackers have been actively exploiting a critical authentication bypass vulnerability, identified as CVE-2026-0257, in Palo Alto Networks' PAN-OS software. The exploitation began just four days after the vulnerability was publicly disclosed.
