InfoSecRadar InfoSecRadar
  • Home
    • Vulnerabilities & Exploits
    • Malware & Ransomware
    • Data Breaches & Leaks
    • Threat Actors & Campaigns
    • Policy & Regulation
    • Industry & Career
    • Tools & Techniques
    • Cloud & Infrastructure
    • AI & Cybersecurity
    • Privacy & Surveillance
    • Signal School
  • Friend
  • Foe
  • Archive
  • About

Archive: May 2026

1258 stories.

← June 2026 All months April 2026 →
FRIEND May 31 SANS Internet Storm Center
YARA-X 1.17.0 Release, (Sun, May 31st)
FOE May 31 Bleeping Computer
WP Maps Pro bug exploited to create admin accounts on WordPress sites
FRIEND May 31 The Hacker News
Dutch Authorities Dismantle Botnet Linked to 17 Million Infected Devices
FOE May 31 The Intercept (Privacy)
A Gay Palestinian Fled to Israel’s “Safe Haven.” Israel Tried to Exploit Him for Intelligence.
FOE May 30 Bleeping Computer
Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks
FOE May 30 SecurityWeek
Russian Spies Are Aggressively Seeking Western Technology as Sanctions Bite, Officials Say
FOE May 30 SecurityWeek
Exploit Code Published for Critical Flowise RCE Vulnerability
FOE May 30 Bleeping Computer
New CIFSwitch Linux flaw gives root on multiple distributions
FOE May 30 The Hacker News
PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation
FOE May 30 CSO Online
Russia-aligned crime group Greyvibe extensively uses AI in attacks
FOE May 29 CSO Online
Microsoft and security researcher’s dueling posts about cybersecurity disclosures get nasty
FOE May 29 The Register (Security)
Lone attacker published 14 malicious npm packages mimicking popular OpenSearch, Elasticsearch libraries
FRIEND May 29 Schneier on Security
Friday Squid Blogging: Another Squid
FRIEND May 29 Dark Reading
Name That Toon: Mark of (Cybersecurity) Progress
FOE May 29 EFF Deeplinks
One Step Forward, Two Steps Back: CA's AB 1856 Exempts Open Source But Expands Age-Gating
FOE May 29 The Register (Security)
ICE to keep an eye on your eyes under $25M biometric scanner deal
FOE May 29 Ars Technica (Security)
Botnet of more than 17 million devices dismantled
FOE May 29 The Register (Security)
No fix yet for critical RCE bug in open-source Git service Gogs - exploit module is out
FOE May 29 Bleeping Computer
ChatGPT share links abused to host fake outage pages to deliver malware
FOE May 29 Bleeping Computer
California AG sues 23andMe over 2023 breach exposing health data
FOE May 29 The Hacker News
ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface
FOE May 29 SecurityWeek
In Other News: Trump Mobile Data Breach, FIFA World Cup Phishing, CISA Responds to Supply Chain Attacks
FOE May 29 The Register (Security)
23andMe inherits lawsuit over 'disturbing' DNA data breach
FRIEND May 29 CSO Online
DNS-AID will make AI agents easier to discover, says Linux Foundation
FRIEND May 29 CSO Online
Certifiably random: Swiss researchers claim perfect random number source
FOE May 29 SecurityWeek
Charter Communications Data Breach Could Impact Nearly 5 Million
FOE May 29 The Hacker News
Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit
FRIEND May 29 Dark Reading
Asia's Cyber Insurance Market Shows Signs of Life
FRIEND May 29 SecurityWeek
MokN Raises $15 Million for Phish-Back Platform
FOE May 29 Bleeping Computer
From $5 Attacks to Botnet-Powered Platforms: Inside the DDoS-as-a- Service Market
FOE May 29 Bleeping Computer
Dutch govt disrupts malware botnet with 17 million infected devices
FOE May 29 Dark Reading
With Complex Cloud Integrations, Small Errors Lead to Major Compromises
FOE May 29 The Register (Security)
Dutch cops wrest 17M devices from mystery botnet's clutches
FOE May 29 SecurityWeek
Gogs Zero-Day Exposes Servers to Remote Code Execution
FRIEND May 29 Bleeping Computer
Google Chrome adds session cookie theft protection for all users
FRIEND May 29 Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: It’s all letters and numbers
FOE May 29 CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE May 29 Dark Reading
'The Com' Cyberattacks Support Violence & Sexploitation
FOE May 29 The Register (Security)
ChatGPT blindly trusts browser content, turning the page into a payload
FOE May 29 The Register (Security)
Russia-linked threat group put ChatGPT to work from lure to payload
FOE May 29 The Hacker News
New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks
FOE May 29 SecurityWeek
California Sues 23andMe, Alleging It Failed to Protect User Data in 2023 Breach
FOE May 29 Bleeping Computer
Man sent to prison for selling data of 7 millions elderly Americans
FOE May 29 The Hacker News
What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks
FOE May 29 The Register (Security)
ShinyHunters adds Charter to trophy shelf after 4.9M customer records leak
FOE May 29 SecurityWeek
Chrome 148 Update Patches 151 Vulnerabilities
FOE May 29 Bleeping Computer
US charges Google security engineer with Polymarket insider trading
FOE May 29 The Intercept (Privacy)
The Race to Build AI Data Centers — Before the People Can Protest
FOE May 29 CSO Online
Notepad++ vulnerabilities could enable arbitrary code execution on Windows systems
FOE May 29 The Hacker News
Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets
FOE May 29 CSO Online
The Gentlemen are coming for your files, and then your network
FRIEND May 29 CSO Online
Cybersecurity trends in SEC filings
FOE May 29 Bleeping Computer
Charter Communications data breach affects 4.9 million accounts
FOE May 29 CSO Online
GDPR set the tone for regulatory action — and the AI fine pushback to come
FOE May 29 The Hacker News
Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels
FOE May 29 Risky Business News
Risky Bulletin: Dutch police take down giant botnet of 17 million devices
FRIEND May 29 CSO Online
IBM and Red Hat want to become the ‘security clearinghouse’ for open source applications in the enterprise
FOE May 29 CSO Online
Lack of response to critical vulnerability in Gogs is a reminder of the limits of open source projects
FOE May 29 Bleeping Computer
Anthropic confirms Claude Mythos-class models will roll out to the public
FOE May 29 CISA KEV
CVE-2026-0257: Palo Alto Networks PAN-OS Authentication Bypass Vulnerability
FOE May 28 Dark Reading
As Global Powers Explore Humanoid Robots, Cyber-Risk Looms
FOE May 28 Bleeping Computer
GreyVibe hackers use ChatGPT, Gemini to power cyberattacks
FOE May 28 The Register (Security)
Troops’ phones gave away location data to foreign adversaries
FOE May 28 Bleeping Computer
BTMOB Android malware service generates custom phishing payloads
FOE May 28 Ars Technica (Security)
Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code
FOE May 28 The Register (Security)
Disgruntled 0-day hunter 'humiliated' by Microsoft pledges 'bone shattering drop' as Redmond calls cops
FRIEND May 28 The Register (Security)
Snowflake buys Natoma to help freeze out rogue agents
FRIEND May 28 The Register (Security)
Snowflake buys Natoma to help freeze out rogue agents
FOE May 28 SANS Internet Storm Center
Analysis of a Year of Files Uploaded to DShield Sensors, (Wed, May 27th)
FOE May 28 Bleeping Computer
FBI warns of fake FIFA websites running World Cup fraud schemes
FOE May 28 Dark Reading
Dutch Raid Fails to Dent Russian Bulletproof Host
FOE May 28 Sophos News
Canvas attack aftermath: What risks come next
FOE May 28 SecurityWeek
Russia-Linked ‘GreyVibe’ Attackers Use AI to Supercharge Cyberattacks
FOE May 28 EPIC
EPIC Urges Vermont Senators to Vote No on Weak ‘Privacy’ Bill
FOE May 28 Bleeping Computer
Hackers exploit FortiClient EMS flaw to push infostealer malware
FOE May 28 The Hacker News
Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code
FRIEND May 28 SecurityWeek
Geordie Raises $30 Million for AI Security and Governance Platform
FOE May 28 EFF Deeplinks
Age Verification is a Privacy Nightmare
FOE May 28 The Register (Security)
Microsoft tests the 15-character limit of Windows Server admins' patience
FOE May 28 The Register (Security)
Microsoft tests the 15-character limit of Windows Server admins' patience
FOE May 28 Dark Reading
Agentic AI Isn't Risky; the Way Orgs Deploy It Is
FOE May 28 The Hacker News
Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer
FRIEND May 28 Professor Messer
Today’s SY0-701 CompTIA Security+ Pop Quiz: The story took an odd turn
FOE May 28 SecurityWeek
Carnival Data Breach Exposed 6 Million People
FOE May 28 Bleeping Computer
New Gogs zero-day flaw lets hackers get remote code execution
FRIEND May 28 Bleeping Computer
How SIEM helps MSPs reduce noise and stop threats faster
FOE May 28 The Hacker News
Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal
FOE May 28 The Hacker News
ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More
FOE May 28 SecurityWeek
New BTMOB Android Malware Enables Full Device Takeover
FOE May 28 CSO Online
Indian CERT urges firms to contain exploited internet-facing flaws within 12 hours
FOE May 28 SecurityWeek
Critical FortiClient EMS Vulnerability Exploited in Fresh Attacks
FOE May 28 Bleeping Computer
Romanian gets 5 years in prison for hacking Oregon govt network
FRIEND May 28 SecurityWeek
IBM and Red Hat Commit $5 Billion to Secure Open Source Supply Chains Under “Project Lightwell”
FRIEND May 28 Dark Reading
Focus on Cyber Insurance: How Quantifying Risk Is Reshaping Security
FOE May 28 CSO Online
GlassWorm falls, but the repo problem is far from solved
FRIEND May 28 Bleeping Computer
Webinar: Why network incidents take too long to resolve
FOE May 28 The Register (Security)
Carnival confirms ShinyHunters cruised off with 6M customer records after April breach
FRIEND May 28 Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: Hand me the doodad
FOE May 28 CISA Alerts
Supply Chain Compromises Impact Nx Console and GitHub Repositories
FOE May 28 CISA Alerts
Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter
FOE May 28 CISA Alerts
KMW CCTV Security Cameras
FOE May 28 CISA Alerts
Fourth Frontier Frontier X Mobile Application, Frontier X2
FOE May 28 CISA Alerts
CP Plus 8 Ch. Network Video Recorder
FOE May 28 CISA Alerts
ABB Busch-Welcome 2 Wire Door Opener Actuator
FOE May 28 CISA Alerts
XCharge C6
FOE May 28 CISA Alerts
ABB EIBPORT
FOE May 28 CISA Alerts
Schnieider Electric EcoStruxure Machine Expert HVAC
FOE May 28 CISA Alerts
MacGregor Voyage Data Recorder (VDR) G4e
FRIEND May 28 SecurityWeek
New Edamame Platform Aims to Catch AI Coding Agents Going Off the Rails
FOE May 28 The Hacker News
New AI Usage Report: Enterprise AI Risk Is Heavily Concentrated Among a Small Group of AI "Power users"
FOE May 28 SecurityWeek
Gitea Vulnerability Exposed 30,000 Deployments to Attacks
FOE May 28 SecurityWeek
Raising the Cybersecurity Stakes: Ante up for the Agentic Era
FOE May 28 Bleeping Computer
Carnival Cruise confirms data breach affecting nearly 6 million people
FOE May 28 CSO Online
The AI governance imperative you can’t afford to ignore
FRIEND May 28 SecurityWeek
Google Unveils AI Threat Defense Platform to Fight AI-Powered Cyberattacks
FOE May 28 Bleeping Computer
Sextortionist sentenced to 33 years for targeting 145 children
FOE May 28 Dark Reading
BTMOB RAT Spreads Across Brazil, LatAm via MaaS Model
FOE May 28 CSO Online
What the industrialization of exploitation means for defenders
FOE May 28 Privacy International
How New EU Access to Documents Rules Can Reduce Transparency and Shield Big Tech
FOE May 28 The Hacker News
JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware
FRIEND May 28 Dark Reading
Nordic CISOs Handle Rising Cyber Threats Remarkably Well
FOE May 28 The Register (Security)
Company CEO flooded file share with smut, called for help after he deleted it
FOE May 28 CSO Online
Employees are unknowingly inviting tech support impersonators into firms, says FBI
FOE May 28 Sophos News
Canvas attack aftermath: What risks come next?
FRIEND May 28 Sophos News
Encore Performance: Sophos ranked #1 Overall in Endpoint, EDR, XDR, MDR, and Firewall for the 2nd consecutive time in the G2 Summer 2026 Reports
FOE May 27 CSO Online
Another IT governance headache: AI-enabled sanction evasion
FRIEND May 27 Sophos News
Gartner EPP MQ-17
FRIEND May 27 Professor Messer
Professor Messer’s SY0-701 Security+ Study Group – May 2026
FOE May 27 CSO Online
AI models more vulnerable than claimed when faced with iterative attacks
FOE May 27 Bleeping Computer
GPU mining malware spreads via SEO poisoning, AI chatbots
FOE May 27 SANS Internet Storm Center
Reconstructing an Akira Ransomware Kill Chain from Perimeter and Endpoint Logs, (Wed, May 27th)
FOE May 27 Ars Technica (Security)
Websites have a new way to spy on visitors: analyzing their SSD activity
FOE May 27 Dark Reading
Ransomware Actors Show Up In Person to Steal Law Firm Data
FOE May 27 The Register (Security)
CrowdStrike, Google shatter Glassworm botnet
FOE May 27 SecurityWeek
UK Cyberspying Chief Calls AI ‘an Unstoppable Force’ and Warns About Russia
FOE May 27 The Register (Security)
Bosses blinded by confidence about shadow AI use by workers
FOE May 27 Dark Reading
Latin American Cybercriminals Hoover Up Government Data
FOE May 27 The Register (Security)
FBI: Get to know your IT guy – extortion crews are visiting law firms pretending to be tech support
FOE May 27 Dark Reading
AI-Assisted Exploit Development Outpaces Scanner Detection
FOE May 27 The Hacker News
Grandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android Users
FOE May 27 The Hacker News
Malicious npm Package Stole Files From Claude AI User Directory via GitHub
FOE May 27 CSO Online
FastAPI-based AI tools exposed to authentication bypass by flaw in Starlette framework
FOE May 27 SecurityWeek
Vulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance Rate
FOE May 27 Schneier on Security
FBI’s 2025 Internet Crime Report
FRIEND May 27 Bleeping Computer
Can you enforce strong Active Directory password rules without frustrating users?
FOE May 27 The Register (Security)
India's cyber agency sets clock at 12 hours to tackle exploited bugs as AI turns up the heat
FRIEND May 27 Black Hills Information Security
Bad Habits: An ANTISOC Operation
FOE May 27 Bleeping Computer
Glassworm botnet disrupted after resilient C2 infrastructure takedown
FRIEND May 27 SecurityWeek
SecurityWeek to Host AI Risk Summit August 11-12 at the Ritz-Carlton, Half Moon Bay
FRIEND May 27 Dark Reading
Cybersecurity Evolution: How We Went From Perimeter Defense to AI-Native Security
FRIEND May 27 Professor Messer
Today’s 220-1202 CompTIA A+ Quiz: Sit and stay
FOE May 27 CISA Alerts
CISA Adds Three Known Exploited Vulnerabilities to Catalog
FRIEND May 27 The Register (Security)
How to guarantee a speaker gig: Hack the system. Literally
FRIEND May 27 SecurityWeek
RevEng.AI Raises $15 Million to Hunt for Flaws and Backdoors in Software Binaries
FOE May 27 Bleeping Computer
FBI warns of in-person data theft attacks from extortion gang
FOE May 27 The Hacker News
GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure
FRIEND May 27 The Hacker News
3 SOC Steps that Shut Down Incident Risks Early
FOE May 27 SecurityWeek
Romanian Hacker Sentenced to Prison in US for Selling Access to State Network
FOE May 27 The Hacker News
5 Steps to Managing Shadow AI Tools Without Slowing Down Employees
FRIEND May 27 SecurityWeek
Lastwall Raises $11.5 Million for Quantum-Resilient Identity Platform
FOE May 27 SecurityWeek
The Credential Crisis: How Stolen Credentials Defeat Modern Security
FRIEND May 27 Privacy International
The ILO Convention on decent work in the platform economy
FOE May 27 SecurityWeek
‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery Systems
FRIEND May 27 SecurityWeek
GlassWorm Botnet Disrupted
FOE May 27 The Hacker News
Gitea Vulnerability Exposes Private Container Images without Authentication
FOE May 27 Bleeping Computer
CISA gives feds 4 days to patch actively exploited cPanel plugin flaw
FOE May 27 SecurityWeek
LA Metro Cyberattack Linked to Iranian State-Sponsored Hackers
FOE May 27 Bleeping Computer
Dutch police arrests suspect linked to Ajax football club hack
FOE May 27 CSO Online
The NSA, ‘Mythos’ and the quiet emergence of AI cyber doctrine
FRIEND May 27 Bleeping Computer
Windows 11 KB5089573 update released with performance improvements
FOE May 27 SecurityWeek
FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal Data
FOE May 27 The Hacker News
AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites
FRIEND May 27 CSO Online
DSPM buyer’s guide: Top 10 data security posture management tools
FOE May 27 SecurityWeek
CISA Urges Immediate Patching of Exploited LiteSpeed cPanel Plugin Zero-Day
FRIEND May 27 SecurityWeek
Anthropic Releases New Claude Sandbox, Security Guidance Plugin
FOE May 27 Risky Business News
Risky Bulletin: BadHost vulnerability bypasses authentication on AI infrastructure
FOE May 27 Sophos News
GitHub internal repositories breached
FOE May 27 CSO Online
Microsoft previews automatic device isolation in Defender for Endpoint
FRIEND May 27 Sophos News
Sophos named a Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection for the 17th consecutive report
FOE May 27 CISA KEV
CVE-2026-45321: TanStack Unspecified Vulnerability
FOE May 27 CISA KEV
CVE-2026-48027: Nx Console Embedded Malicious Code Vulnerability
FOE May 26 EFF Deeplinks
More License Plate Reader Mission Creep: School Residency Verification, Background Checks, and Noise Complaints
FOE May 26 Bleeping Computer
KnowledgeDeliver flaw exploited as a zero-day to install web shells
FOE May 26 Ars Technica (Security)
Millions of AI agents imperiled by critical vulnerability in open source package
FOE May 26 Dark Reading
Feeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub Repos
FOE May 26 Bleeping Computer
Charter confirms data breach after ShinyHunters extortion threat
FRIEND May 26 EPIC
EPIC Joins NCLC in Support of FCC Bond Requirement Proposal to Prevent Robocalls
FOE May 26 Dark Reading
State Cyber Leaders Beg Congress for More Funding, Support
FOE May 26 Dark Reading
The Hackers Behind Shai-Hulud: Lucky or Skilled?
FOE May 26 Dark Reading
For Enterprises, Security Remains Agentic AI's Biggest Challenge
FOE May 26 EPIC
The Indian Express: AI firms use same deceptive opt-out tactics as data brokers to confuse users, study finds
FOE May 26 EPIC
iGaming: Roblox Receives FTC Complaint Over Child Safety Claims
FOE May 26 Dark Reading
Microsoft Issues Out-of-Band SharePoint Patch
FOE May 26 The Register (Security)
MyPillow must decide whether to be firm or soft as ransomware crims demand pay
FOE May 26 The Hacker News
MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries
FOE May 26 Schneier on Security
Identifying People Using Wi-Fi Routers
FRIEND May 26 Professor Messer
Today’s N10-009 CompTIA Network+ Pop Quiz: We need a good map
FOE May 26 CSO Online
GitHub Actions abused by Megalodon attack to slip malicious commits into 5,500 repos
FRIEND May 26 Bleeping Computer
How Varonis Atlas integrates Claude Compliance API for AI governance
FRIEND May 26 SecurityWeek
AppOmni’s Marlin AI Brings Autonomous Investigation to SaaS Security
FOE May 26 SecurityWeek
Iranian APT Targets Aviation, Software Companies With Updated Tools
FRIEND May 26 Bleeping Computer
Microsoft Defender can now automatically isolate hacked endpoints
FRIEND May 26 Bleeping Computer
Webinar: Too many tools are slowing network incident response
FOE May 26 The Register (Security)
Experts pour cold borscht on Farage's Russian hack claim
FRIEND May 26 Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: A bit metallic
FOE May 26 CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE May 26 CISA Alerts
Eppendorf BioFlo 320
FOE May 26 CISA Alerts
ABB AC500 V2
FOE May 26 CISA Alerts
ABB AbilityTM Zenon Remote Transport Vulnerability
FOE May 26 CISA Alerts
ABB LVS MConfig
FOE May 26 CISA Alerts
ABB Terra AC
FOE May 26 CISA Alerts
ABB B&R Automation Runtime DoS Vulnerability in System Diagnostics Manager (SDM)
FOE May 26 CISA Alerts
ABB Ability Camera Connect
FRIEND May 26 Dark Reading
Remembering Tim Wilson, Whose Legacy Lives on at Dark Reading
FOE May 26 SecurityWeek
185,000 Likely Impacted by 7-Eleven Data Breach
FRIEND May 26 The Hacker News
[THN Webinar] New AI DDoS Attacks Are Smarter. Learn How to Fight Back
FOE May 26 The Hacker News
Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions
FRIEND May 26 SecurityWeek
Anthropic Expands Claude’s Enterprise Security Governance With 28 New Integrations
FOE May 26 CSO Online
TrapDoor malware campaign puts developer workstations in CISO spotlight
FOE May 26 SecurityWeek
Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment
FRIEND May 26 SecurityWeek
Watch on Demand: Threat Detection & Incident Response Summit – All Sessions Available
FRIEND May 26 SecurityWeek
Open Source DockSec Uses AI to Cut Through Vulnerability Noise in Docker Images
FOE May 26 The Hacker News
MFA Prompt Bombing: Why Your Second Factor Isn't Saving You
FOE May 26 SecurityWeek
Lithuania Suspects Foreign Involvement in Data Leak of Over 600,000 National Register Entries
FOE May 26 SecurityWeek
Admins of Bulletproof Hosting Service Used by Russian Hackers Arrested in Netherlands
FOE May 26 The Hacker News
CERT-In Mandates 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks
FOE May 26 CSO Online
Stop treating AI governance as a review layer. Make it release infrastructure
FOE May 26 Bleeping Computer
CISA orders feds to patch actively exploited Drupal vulnerability
FOE May 26 Bleeping Computer
Microsoft: Domain Controller lookup may fail on Windows Server 2016
FOE May 26 The Hacker News
Iranian Hackers Deploy MiniFast and MiniJunk V2 via Phishing and SEO Poisoning
FOE May 26 Bleeping Computer
7-Eleven data breach exposes personal information of 185,000 people
FOE May 26 CSO Online
Vulnerabilities have become cyber attackers’ No. 1 door to the enterprise
FOE May 26 The Hacker News
KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike
FOE May 26 CSO Online
Security experts caution MFA alone can no longer stop threat actors
FRIEND May 26 CSO Online
Project Glasswing has uncovered 10,000 vulnerabilities: Anthropic
FOE May 26 SANS Internet Storm Center
Possible ACR Stealer From Page Impersonating Claude, (Tue, May 26th)
FOE May 26 CISA KEV
CVE-2026-48172: LiteSpeed cPanel Plugin Privilege Escalation Vulnerability
FOE May 25 Bleeping Computer
Anthropic’s restricted Claude Mythos model may be coming to Claude Code
FOE May 25 SANS Internet Storm Center
Microsoft Access VBA, (Mon, May 25th)
FOE May 25 The Hacker News
⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos
FOE May 25 SecurityWeek
Ghost CMS Vulnerability Exploited to Hack Over 700 Websites
FOE May 25 SANS Internet Storm Center
TeamPCP Supply Chain Campaign: Activity Through 2026-05-24, (Mon, May 25th)
FOE May 25 SANS Internet Storm Center
TeamPCP Supply Chain Campaign: Activity Through 2026-05-24, (Mon, May 25th)
FOE May 25 Krebs on Security
Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks
FOE May 25 Bleeping Computer
FBI warns of Kali365 phishing service targeting Microsoft 365 accounts
FOE May 25 CSO Online
AI security needs a shift from models to systems, researchers argue
FOE May 25 SecurityWeek
Oncology Institute Discloses Data Breach
FOE May 25 The Hacker News
Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks
FRIEND May 25 Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: Welcome to the club
FRIEND May 25 CSO Online
As AI speeds coding, CVE Lite CLI keeps security deliberately AI-free
FRIEND May 25 The Hacker News
The Alert Firehose Finally Meets Its Match
FOE May 25 SecurityWeek
266,000 Affected by Data Breach at Radiology Associates of Richmond
FOE May 25 SecurityWeek
Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects
FOE May 25 SecurityWeek
Laravel-Lang Packages Poisoned for Malware Delivery
FOE May 25 SecurityWeek
DocketWise Data Breach Impacts 143,000
FOE May 25 The Hacker News
Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms
FOE May 25 SecurityWeek
Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack
FOE May 25 The Register (Security)
Anthropic to release Mythos-class models to the public
FOE May 25 CSO Online
To pay, or not to pay: 58% of CISOs say they would pay the ransom for their data
FOE May 25 The Hacker News
TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO
FOE May 25 Risky Business News
Risky Bulletin: Mythos found thousands of critical bugs
FRIEND May 24 SANS Internet Storm Center
Wireshark 4.6.6 Released, (Sun, May 24th)
FOE May 24 Bleeping Computer
Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign
FOE May 23 Bleeping Computer
Laravel Lang packages hijacked to deploy credential-stealing malware
FRIEND May 23 The Hacker News
npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
FOE May 23 The Hacker News
Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
FOE May 23 Bleeping Computer
Italy disrupts CINEMAGOAL piracy app that stole streaming auth codes
FRIEND May 23 The Hacker News
Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software
FOE May 23 SecurityWeek
‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains
FOE May 23 The Register (Security)
AI eyes scanning for bugs create a worrisome Linux security trend
FOE May 23 The Register (Security)
Dirty Frag, Copy Fail, Fragnesia: The start of a worrisome Linux security trend
FOE May 23 The Hacker News
Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer
FOE May 23 The Hacker News
LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root
FOE May 23 The Hacker News
Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV
FRIEND May 23 SANS Internet Storm Center
An Example of Stack String in High Level Language, (Sat, May 23rd)
FOE May 23 CSO Online
Google leaks details for Chromium bug that can turn browsers into bots
FOE May 22 The Register (Security)
A Russian speaker and jailbroken Gemini went on a hacking spree and emptied at least one MAGA victim's crypto wallets
FOE May 22 The Register (Security)
Megalodon chums the waters in 5.5K+ GitHub repo poisonings
FOE May 22 Ars Technica (Security)
Police boast of hacking VPN where criminals "believed themselves to be safe"
FRIEND May 22 EPIC
NPR: DHS says ICE has ‘no relationship’ with spyware maker Paragon Solutions
FOE May 22 Ars Technica (Security)
Texas AG sues Meta over claims that WhatsApp doesn't provide end-to-end encryption
FOE May 22 CSO Online
FBI warns of Kali Oauth stealers
FOE May 22 The Hacker News
First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups
FOE May 22 Bleeping Computer
Netherlands seizes 800 servers of hosting firm enabling cyberattacks
FOE May 22 SecurityWeek
Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure
FOE May 22 CSO Online
Police take down VPN service (this time with a good reason)
FOE May 22 Krebs on Security
Lawmakers Demand Answers as CISA Tries to Contain Data Leak
FOE May 22 The Hacker News
Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware
FRIEND May 22 CSO Online
Microsoft says it’s making AI ‘safe for work’ in your browser
FRIEND May 22 Dark Reading
Akamai Joins Growing Chorus of Vendors Betting Big on Secure Enterprise Browsers
FOE May 22 Bleeping Computer
Former US execs plead guilty to aiding tech support scammers
FOE May 22 SecurityWeek
In Other News: Industrial Router Exploitation, CISA KEV Nomination Form, Gas Station Hacking
FOE May 22 Schneier on Security
CISA Security Leak
FOE May 22 Bleeping Computer
Trend Micro warns of Apex One zero-day exploited in the wild
FOE May 22 Dark Reading
Verizon DBIR: Healthcare Fends Off Increased Social Engineering Attacks
FOE May 22 Bleeping Computer
Drupal: Critical SQL injection flaw now targeted in attacks
FOE May 22 Bleeping Computer
Why Chargebacks are Just One Piece of the Fraud Puzzle
FOE May 22 SecurityWeek
Canadian Man Arrested for Operating Kimwolf Botnet
FRIEND May 22 Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: Bright colors are making a comeback
FOE May 22 Bleeping Computer
Ubiquiti patches three max severity UniFi OS vulnerabilities
FOE May 22 CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE May 22 The Hacker News
Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows
FOE May 22 The Hacker News
Making Vulnerable Drivers Exploitable Without Hardware - The BYOVD Perspective
FOE May 22 The Register (Security)
Techie claims Trump Mobile website was leaking thousands of people's data
FOE May 22 Ars Technica (Security)
A hacker group is poisoning open source code at an unprecedented scale
FOE May 22 The Intercept (Privacy)
AIPAC, AI, Crypto and Gambling Are Hiding Their Big Election Spends
FOE May 22 CSO Online
Why your AI strategy stops where the PLC starts: Hard lessons from the OT frontlines
FOE May 22 SecurityWeek
‘First VPN’ Cybercrime Service Disrupted, Administrator Arrested
FOE May 22 Bleeping Computer
US and Canada arrest and charge suspected Kimwolf botnet admin
FOE May 22 CSO Online
Identity as the primary attack surface: What modern breaches are really exploiting
FOE May 22 The Hacker News
Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks
FOE May 22 SecurityWeek
TrendAI Patches Apex One Zero-Day Exploited in the Wild
FOE May 22 SecurityWeek
Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack
FRIEND May 22 CSO Online
Google folds CodeMender into agent ecosystem amid push for AI-led AppSec
FOE May 22 Dark Reading
China's Webworm Uses Discord, Microsoft Graphs to Hack EU Govts.
FOE May 22 SANS Internet Storm Center
Cross-Platform NPM Stealer, (Fri, May 22nd)
FOE May 22 The Hacker News
CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV
FRIEND May 22 The Register (Security)
Cisco used AI to write security incident reports, with mixed results
FOE May 22 The Hacker News
Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access
FRIEND May 22 Risky Business News
Risky Bulletin: Microsoft ends SMS MFA for personal accounts
FOE May 22 CISA KEV
CVE-2026-9082: Drupal Core SQL Injection Vulnerability
FOE May 21 The Register (Security)
Dems slam Trump for making cybersecurity hold out the tin cup while splurging on ballroom and Jan. 6 'slush fund'
FOE May 21 CSO Online
Critical vulnerability in Cisco Secure Workload rated at maximum severity
FOE May 21 CSO Online
Microsoft patches two zero-day flaws in Defender
FOE May 21 Krebs on Security
Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada
FRIEND May 21 EPIC
EPIC Submits Comments to FTC Urging the Agency to Prioritize Privacy in Potential Antitrust Guidelines
FOE May 21 CSO Online
Unpatched ChromaDB flaw leaves servers open to remote code execution
FOE May 21 Dark Reading
How CISOs Should Prep for Agentic-Ready AI BOMs
FOE May 21 The Register (Security)
Threat hunters find Google API keys still usable 23 minutes after deletion
FOE May 21 Dark Reading
Google API Keys Remain Active After Deletion
FOE May 21 The Register (Security)
HackerOne takes an axe to its bug bounty rewards
FOE May 21 EPIC
Biometric Update: Texas AG opens investigation into Meta glasses over privacy, biometric concerns
FOE May 21 EPIC
NPR: What we know about how the U.S. government uses spyware (and what we don’t)
FOE May 21 Bleeping Computer
Google accidentally exposed details of unfixed Chromium flaw
FOE May 21 Schneier on Security
macOS Kernel Memory Corruption Exploit
FOE May 21 Dark Reading
AI Agents Are Shifting Identity Security Budget Dynamics
FOE May 21 Bleeping Computer
Apple blocked over $11 billion in App Store fraud in 6 years
FRIEND May 21 Professor Messer
Today’s SY0-701 CompTIA Security+ Pop Quiz: A forest of data
FOE May 21 The Hacker News
Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor
FOE May 21 BrightTALK InfoSec
Securing AI-Driven Supply Chains Before the Next Breach
FOE May 21 Bleeping Computer
Inside a Crypto Drainer: How to Spot it Before it Empties Your Wallet
FOE May 21 Dark Reading
Chinese APTs Share Linux Backdoor in Central Asia Telco Attacks
FOE May 21 Bleeping Computer
Chinese hackers target telcos with new Linux, Windows malware
FOE May 21 Bleeping Computer
Max severity Cisco Secure Workload flaw gives Site Admin privileges
FRIEND May 21 SANS Internet Storm Center
Selective HTTP Proxying in Linux, (Thu, May 21st)
FOE May 21 Bleeping Computer
Police seize “First VPN” service used in ransomware, data theft attacks
FOE May 21 Dark Reading
Content Delivery Exploit Opens Websites to Brand Hijacking
FOE May 21 The Register (Security)
Attackers spill plaintext passwords of 46k Myspace93 users after 2021 breach
FOE May 21 SecurityWeek
Cisco Patches Critical Vulnerability in Secure Workload
FRIEND May 21 Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: We need more light
FOE May 21 CISA Alerts
CISA Adds Two Known Exploited Vulnerabilities to Catalog
FOE May 21 CISA Alerts
ABB B&R Automation Runtime
FOE May 21 CISA Alerts
Hitachi Energy GMS600
FOE May 21 CISA Alerts
ABB Terra AC Wallbox
FOE May 21 CISA Alerts
ABB B&R PCs
FOE May 21 CISA Alerts
ABB B&R Automation Studio
FOE May 21 The Hacker News
ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories
FRIEND May 21 SecurityWeek
Ocean Emerges From Stealth With $28M for Agentic Email Security Platform
FOE May 21 The Register (Security)
Cisco serves up yet another perfect 10 bug with Secure Workload admin flaw
FRIEND May 21 SecurityWeek
Apple Rejected 2 Million App Store Submissions in 2025 for Security and Fraud Prevention
FRIEND May 21 Bleeping Computer
Flipper One project needs community help to build open Linux platform
FOE May 21 SecurityWeek
Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking
FOE May 21 The Hacker News
Microsoft Warns of Two Actively Exploited Defender Vulnerabilities
FRIEND May 21 SecurityWeek
Socket Raises $60 Million at $1 Billion Valuation
FRIEND May 21 The Register (Security)
Microsoft storms RAMPART, adds Clarity to agentic AI safety
FOE May 21 The Hacker News
When Identity is the Attack Path
FRIEND May 21 CSO Online
Microsoft releases open-source tools to operationalize AI agent safety
FOE May 21 BrightTALK InfoSec
From Tools to Teammates: Governing AI Agents as Enterprise Workers
FOE May 21 SecurityWeek
Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days
FRIEND May 21 SecurityWeek
Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI
FOE May 21 SecurityWeek
Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility
FOE May 21 Bleeping Computer
Microsoft warns of new Defender zero-days exploited in attacks
FOE May 21 The Hacker News
9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros
FOE May 21 The Register (Security)
Zombie user account let hackers control the city’s water
FRIEND May 21 CSO Online
AI becoming an SOC imperative for curtailing emerging cyber threats
FOE May 21 Bleeping Computer
GitHub links repo breach to TanStack npm supply-chain attack
FOE May 21 Risky Business News
Srsly Risky Biz: Politicians to Ditch Signal for Homegrown Apps
FOE May 21 The Hacker News
GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension
FOE May 21 The Hacker News
Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks
FOE May 21 CSO Online
Microsoft is working on a patch for ‘YellowKey’ attack on Bitlocker, offers temporary fix
FOE May 21 CISA KEV
CVE-2026-34926: Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability
FOE May 21 CISA KEV
CVE-2025-34291: Langflow Origin Validation Error Vulnerability
FOE May 20 CSO Online
Drupal admins rushing to patch maximum severity SQL injection vulnerability
FOE May 20 Bleeping Computer
Ukraine identifies infostealer operator tied to 28,000 stolen accounts
FOE May 20 Bleeping Computer
Hackers bypass SonicWall VPN MFA due to incomplete patching
FOE May 20 EPIC
EPIC, Coalition Urge Congress to Ban Flock Automatic License Plate Readers
FOE May 20 Dark Reading
Cyber Pros Can't Decide If AI Is a Good or a Bad Thing
FOE May 20 Dark Reading
GitHub Confirms Breach, 4K Internal Repos Stolen
FOE May 20 Dark Reading
Fake Android Apps Commit Carrier Billing Fraud for Premium Svcs.
FOE May 20 The Register (Security)
Even Claude agrees: hole in its sandbox was real and dangerous
FOE May 20 Ars Technica (Security)
Google publishes exploit code threatening millions of Chromium users
FOE May 20 EPIC
EPIC, Coalition Call on FTC to Investigate Roblox’s Manipulative Design Harms
FRIEND May 20 TCM Security Blog
TCM Academy Course Release: Introduction to Windows Forensics
FOE May 20 Dark Reading
Processes and Culture Top Reasons Behind Data Breaches
FOE May 20 Sophos News
Sophos Firewall and Synchronized Security
FRIEND May 20 The Hacker News
Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development
FRIEND May 20 EPIC
EPIC Encourages CalPrivacy to Prohibit Dark Patterns in Privacy Policies
FOE May 20 Dark Reading
Patch Now: Critical Flaw in OT Robot OS Gives Attackers Control
FOE May 20 CSO Online
GitHub admits major source code leak after 3,800 internal repositories breached
FOE May 20 Bleeping Computer
Grafana breach caused by missed token rotation after TanStack attack
FRIEND May 20 SecurityWeek
Quantum Bridge Raises $8 Million for Quantum-Safe Key Distribution Solution
FOE May 20 SecurityWeek
Microsoft Rolls Out Mitigations for ‘YellowKey’ BitLocker Bypass
FRIEND May 20 EFF Deeplinks
🔒 A Win for Encrypted Messaging | EFFector 38.10
FOE May 20 SecurityWeek
AI-Powered App Attacks Are Faster, More Frequent and Harder to Stop
FOE May 20 The Hacker News
Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks
FOE May 20 Schneier on Security
On AI Security
FOE May 20 Bleeping Computer
Identity Alone Isn't Enough: Why Device Security Has to Share the Load
FRIEND May 20 Dark Reading
Infosecurity Europe
FRIEND May 20 Black Hills Information Security
Same Problem, Different Angles: When Red Team and Blue Team Actually Talk to Each Other
FRIEND May 20 SecurityWeek
1Password Teams With OpenAI to Stop AI Coding Agents From Leaking Credentials
FOE May 20 SecurityWeek
Anthropic Silently Patches Claude Code Sandbox Bypass
FOE May 20 Bleeping Computer
Drupal critical update to fix bug with high exploitation risk
FOE May 20 The Hacker News
Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API
FRIEND May 20 Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: The screen can’t be large enough
FOE May 20 CISA Alerts
CISA Adds Seven Known Exploited Vulnerabilities to Catalog
FOE May 20 The Hacker News
Agent AI is Coming. Are You Ready?
FOE May 20 CSO Online
SHub Reaper impersonates Apple, Google, and Microsoft in one MacOS attack chain
FOE May 20 SecurityWeek
Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack
FOE May 20 SecurityWeek
Caught Off Guard: Securing AI After It Hits Production
FOE May 20 Bleeping Computer
Exploit released for new PinTheft Arch Linux root escalation flaw
FOE May 20 The Hacker News
Typosquatting Is No Longer a User Problem. It's a Supply Chain Problem
FOE May 20 The Register (Security)
GitHub says internal repos exfiltrated after poisoned VS Code extension attack
FRIEND May 20 SecurityWeek
Real-World ICS Security Tales From the Trenches
FRIEND May 20 SecurityWeek
Virtual Event Today: Threat Detection & Incident Response Summit
FOE May 20 SecurityWeek
GitHub Confirms Hack Impacting 3,800 Internal Repositories
FOE May 20 EPIC
PRESS RELEASE: EPIC Releases New Report on Manipulative Design Patterns in Opt-Out Processes
FOE May 20 CSO Online
Why some security fixes never reach your vulnerability dashboard
FOE May 20 The Register (Security)
London's police asked Big Tech for comms data over 700,000 times last year
FOE May 20 The Hacker News
Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit
FOE May 20 Bleeping Computer
GitHub confirms breach of 3,800 repos via malicious VSCode extension
FOE May 20 Bleeping Computer
Microsoft shares mitigation for YellowKey Windows zero-day
FRIEND May 20 Dark Reading
Interpol's 'Operation Ramz' Pioneers Cross-Region Collabs in Middle East
FOE May 20 The Hacker News
Grafana GitHub Breach Exposes Source Code via TanStack npm Attack
FOE May 20 Bleeping Computer
GitHub investigates internal repositories breach claimed by TeamPCP
FOE May 20 The Hacker News
GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories
FRIEND May 20 Dark Reading
What It'll Take to Make AI BOMs Usable in a Modern Security Program
FOE May 20 Risky Business News
Risky Bulletin: Microsoft takes down MSaaS used by ransomware gangs
FOE May 20 CSO Online
Microsoft disrupts malware code-signing service used by ransomware gangs
FOE May 20 SecurityWeek
Verizon DBIR 2026: Vulnerability Exploitation Overtakes Credential Theft as Top Breach Vector
FRIEND May 20 Sophos News
Sophos Firewall and Synchronized Security
FOE May 20 Sophos News
GitHub internal repositories breached
FOE May 20 CISA KEV
CVE-2026-45498: Microsoft Defender Denial of Service Vulnerability
FOE May 20 CISA KEV
CVE-2026-41091: Microsoft Defender Link Following Vulnerability
FOE May 20 CISA KEV
CVE-2009-3459: Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability
FOE May 20 CISA KEV
CVE-2009-1537: Microsoft DirectX NULL Byte Overwrite Vulnerability
FOE May 20 CISA KEV
CVE-2008-4250: Microsoft Windows Buffer Overflow Vulnerability
FOE May 20 CISA KEV
CVE-2010-0806: Microsoft Internet Explorer Use-After-Free Vulnerability
FOE May 19 Bleeping Computer
Max-severity flaw in ChromaDB for AI apps allows server hijacking
FRIEND May 19 Dark Reading
What Will Make AI BOMs Real?
FOE May 19 The Register (Security)
Microsoft shuts down illegal code-signing operation used by ransomware crims to mask their malware
FOE May 19 Dark Reading
Verizon DBIR: Enterprises Face a Dangerous Vulnerability Glut
FOE May 19 Bleeping Computer
Cybercrime service disrupted for abusing Microsoft platform to sign malware
FOE May 19 Dark Reading
Windows Zero-Day Barrage Continues After Patch Tuesday
FOE May 19 EFF Deeplinks
Microsoft Took a Step Toward Human Rights Accountability. Google and Amazon (and Others) Should Pay Attention!
FOE May 19 CSO Online
Contractor’s public GitHub account exposed GovCloud and CISA credentials
FRIEND May 19 Bleeping Computer
Discord rolls out end-to-end encryption on voice, video calls
FRIEND May 19 Dark Reading
[Virtual Event] Anatomy of a Data Breach: What to Do if it Happens to You
FOE May 19 Dark Reading
CISA Exposes Secrets, Credentials in 'Private' Repo
FOE May 19 Dark Reading
Stealer Spoofs Google, Microsoft & Apple, Then Backdoors macOS
FOE May 19 Bleeping Computer
FBI: Americans lost over $388 million to scams using crypto ATMs in 2025
FOE May 19 Bleeping Computer
Microsoft Self-Service Password Reset abused in Azure data theft attacks
FOE May 19 CSO Online
AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks
FOE May 19 Ars Technica (Security)
In stunning display of stupid, secret CISA credentials found in public GitHub repo
FOE May 19 BrightTALK InfoSec
AI Did It: Who is Liable for AI Failures in Cybersecurity?
FOE May 19 The Register (Security)
America's top cyber-defense agency left a GitHub repo open with passwords, keys, tokens – and incredibly obvious filenames
FOE May 19 The Register (Security)
America's top cyber-defense agency left a GitHub repo open with with passwords, keys, tokens – and incredibly obvious filenames
FOE May 19 The Hacker News
Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps
FRIEND May 19 Bleeping Computer
Microsoft plans to improve Windows 11 driver quality in 2026
FOE May 19 SecurityWeek
Drupal to Patch Highly Critical Vulnerability at Risk of Quick Exploitation
FOE May 19 EPIC
EPIC Joins Bipartisan Coalition Calling on State AGs to Hold Apple, Google Accountable for Platforming ‘Nudify’ Apps
FOE May 19 Bleeping Computer
Microsoft blames macOS update for undismissible Teams location prompts
FOE May 19 SecurityWeek
Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tempest’
FOE May 19 The Register (Security)
Clear your calendar, Drupal user: You have a critically urgent patch to install
FOE May 19 The Register (Security)
Clear your calendar, Drupal user: You have a critically urgent patch to install
FRIEND May 19 CSO Online
GitHub scales back bug bounties, reminds users security is their responsibility too
FOE May 19 EFF Deeplinks
Your Privacy Shouldn't Be A Corporate Decision
FRIEND May 19 Professor Messer
Today’s N10-009 CompTIA Network+ Pop Quiz: It comes in many different colors
FOE May 19 The Hacker News
DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability
FOE May 19 Bleeping Computer
New Shai-Hulud malware wave compromises 600 npm packages
FOE May 19 Bleeping Computer
7-Eleven confirms data breach claimed by the ShinyHunters gang
FOE May 19 Bleeping Computer
Critical Microsoft Vulnerabilities Doubled: From Exposure to Escalation
FOE May 19 Dark Reading
Looking Back, Looking Forward: Digesting a Dynamic Bouillabaisse of Cyber Evolution
FOE May 19 Sophos News
WantToCry ransomware remotely encrypts files
FOE May 19 SecurityWeek
Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks
FOE May 19 CSO Online
Internet Explorer may be dead, but its ghost still runs malware
FOE May 19 SecurityWeek
Unpatched ChromaDB Vulnerability Can Lead to Server Takeover
FRIEND May 19 Bleeping Computer
Webinar: The hidden bottlenecks in network incident response
FRIEND May 19 Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: Trailers for sale or rent
FOE May 19 CISA Alerts
ZKTeco CCTV Cameras
FOE May 19 CISA Alerts
Siemens RUGGEDCOM APE1808 Devices
FOE May 19 CISA Alerts
Kieback & Peter DDC Building Controllers
FOE May 19 CISA Alerts
ABB CoreSense HM and CoreSense M10
FOE May 19 CISA Alerts
ScadaBR
FOE May 19 SecurityWeek
B1ack’s Stash Marketplace Gives Away 4.6 Million Stolen Credit Cards
FOE May 19 The Hacker News
The New Phishing Click: How OAuth Consent Bypasses MFA
FRIEND May 19 SecurityWeek
Cyber Resilience is the New Business Continuity Plan
FOE May 19 Bleeping Computer
Microsoft confirms patching issues in restricted Windows networks
FRIEND May 19 Schneier on Security
Laurie Anderson Is Quoting Me
FOE May 19 The Hacker News
Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare
FRIEND May 19 SecurityWeek
201 Arrested in Crackdown on Cybercrime in Middle East, North Africa
FOE May 19 SecurityWeek
PoC Released for DirtyDecrypt Linux Kernel Vulnerability
FOE May 19 The Hacker News
SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access
FRIEND May 19 CSO Online
7 tips for accelerating cyber incident recovery
FOE May 19 The Hacker News
Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer
FOE May 19 SecurityWeek
Critical Vulnerability Exposes Industrial Robot Fleets to Hacking
FOE May 19 The Hacker News
GitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD Credentials
FOE May 19 The Hacker News
Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
FRIEND May 19 CSO Online
Schwachstellen managen: Die besten Vulnerability-Management-Tools
FRIEND May 19 CSO Online
Security-Infotainment: Die besten Hacker-Dokus
FOE May 19 Sophos News
WantToCry ransomware remotely encrypts files
FOE May 18 The Register (Security)
Do fear the Reaper - stealer swipes macOS users' passwords, wallets, then backdoors them
FOE May 18 Bleeping Computer
INTERPOL ‘Operation Ramz’ seizes 53 malware, phishing servers
FOE May 18 The Register (Security)
Shai-Hulud copycat worm infects yet another npm package
FRIEND May 18 Dark Reading
Is 2026 the Year AI Bills of Materials Get Real?
FOE May 18 Dark Reading
Microsoft Exchange Zero-Day Under Attack, No Patch Available
FOE May 18 Bleeping Computer
SHub macOS infostealer variant spoofs Apple security updates
FOE May 18 Dark Reading
'Claw Chain' Vulnerabilities Threaten OpenClaw Deployments
FOE May 18 Krebs on Security
CISA Admin Leaked AWS GovCloud Keys on Github
FOE May 18 CSO Online
Microsoft May security patch fails for some due to boot partition size glitch
FOE May 18 SANS Internet Storm Center
TeamPCP Supply Chain Campaign: Activity Through 2026-05-17, (Mon, May 18th)
FRIEND May 18 BrightTALK InfoSec
Transform SBOM from Compliance Burden to Strategic Security Intelligence
FOE May 18 Dark Reading
Shai-Hulud Worm Clones Spread After Code Release
FOE May 18 Bleeping Computer
5 Steps to Managing Shadow AI Tools Without Slowing Down Employees
FRIEND May 18 EFF Deeplinks
We Updated Our Privacy Policy. Here's What Changed and Why.
FRIEND May 18 BrightTALK InfoSec
From Axios to Trivy: Stopping the Next Ecosystem-Scale Supply Chain Breach
FOE May 18 Bleeping Computer
Leaked Shai-Hulud malware fuels new npm infostealer campaign
FRIEND May 18 The Hacker News
INTERPOL Operation Ramz Disrupts MENA Cybercrime Networks with 201 Arrests
FOE May 18 EFF Deeplinks
We Must Not Normalize Digital Surveillance Abuses. EFF’s New Guide Underlines Concrete Steps to Fight Back.
FOE May 18 CSO Online
AI cyberattackers are getting better faster
FOE May 18 The Register (Security)
Linux kernel flaw opens root-only files to unprivileged users
FOE May 18 Dark Reading
Fuel Tank Breaches Expand Scope of Iran's Cyber Offensive
FOE May 18 The Register (Security)
TanStack weighs invitation-only pull requests after supply chain attack
FOE May 18 The Hacker News
⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More
FOE May 18 Bleeping Computer
Grafana says stolen GitHub token let hackers steal codebase
FOE May 18 Ars Technica (Security)
Bug bounty businesses bombarded with AI slop
FOE May 18 The Register (Security)
NGINX Rift attackers waste no time targeting exposed servers
FOE May 18 The Hacker News
How to Reduce Phishing Exposure Before It Turns into Business Disruption
FOE May 18 SecurityWeek
Millions Impacted Across Several US Healthcare Data Breaches
FOE May 18 CSO Online
New image-based prompt injection attack targets multimodal AI models
FOE May 18 The Register (Security)
Poland directs officials to ditch Signal in favor of 'secure' state-developed alternative
FOE May 18 SecurityWeek
‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor Delivery
FOE May 18 CSO Online
‘Patched’ Windows bug resurfaces 6 years later as working SYSTEM-level exploit
FRIEND May 18 Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: I can see it much better
FOE May 18 Dark Reading
Boulevard of Broken Dreams: 2 Decades of Cyber Fails
FOE May 18 SecurityWeek
7-Eleven Data Breach Confirmed After ShinyHunters Ransom Demand
FOE May 18 The Hacker News
Developer Workstations Are Now Part of the Software Supply Chain
FOE May 18 Schneier on Security
Zero-Day Exploit Against Windows BitLocker
FOE May 18 The Hacker News
Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws
FOE May 18 SecurityWeek
Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE
FOE May 18 The Register (Security)
Mozilla warns UK: Breaking VPNs will not magically fix Britain's age-check mess
FOE May 18 SecurityWeek
First Shai-Hulud Worm Clones Emerge
FRIEND May 18 CSO Online
Why the best security investment a board can make in 2026 isn’t another tool
FOE May 18 CSO Online
AI coding is fueling a secrets-sprawl crisis few CISOs are containing
FOE May 18 The Hacker News
Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
FOE May 18 SecurityWeek
Grafana Confirms Breach After Hackers Claim They Stole Data
FOE May 18 Bleeping Computer
Microsoft confirms Windows 11 security update install issues
FOE May 18 SecurityWeek
Exploitation of Critical NGINX Vulnerability Begins
FOE May 18 Bleeping Computer
Exploit available for new DirtyDecrypt Linux root escalation flaw
FOE May 18 The Hacker News
Pre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons Simulations
FOE May 18 The Register (Security)
Grafana Labs admits all its codebase are belong to someone who popped its GitHub account
FOE May 18 Bleeping Computer
Hackers earn $1,298,250 for 47 zero-days at Pwn2Own Berlin 2026
FOE May 18 Risky Business News
Risky Bulletin: Indonesia emerges as a new hub for cyber scams
FOE May 18 The Hacker News
MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems
FOE May 18 SecurityWeek
Hackers Earn $1.3 Million at Pwn2Own Berlin 2026
FOE May 18 Dark Reading
Can Laws Stop Deepfakes? South Korea Aims to Find Out
FOE May 17 The Register (Security)
Linus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable’
FOE May 17 Bleeping Computer
New Windows 'MiniPlasma' zero-day exploit gives SYSTEM access, PoC released
FOE May 17 Bleeping Computer
Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing
FOE May 17 The Hacker News
NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE
FOE May 17 The Hacker News
Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt
FOE May 16 Bleeping Computer
Microsoft rejects critical Azure vulnerability report, no CVE issued
FOE May 16 The Hacker News
Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming
FOE May 16 Bleeping Computer
Russian hackers turn Kazuar backdoor into modular P2P botnet
FOE May 16 SecurityWeek
PoC Code Published for Critical NGINX Vulnerability
FOE May 15 Dark Reading
The Boring Stuff is Dangerous Now
FOE May 15 CSO Online
Expired domain leads to supply chain attack on node-ipc npm package
FOE May 15 CSO Online
Exchange Server zero-day vulnerability can be triggered by opening a malicious email
FOE May 15 Bleeping Computer
Funnel Builder WordPress plugin bug exploited to steal credit cards
FOE May 15 Bleeping Computer
Microsoft Exchange, Windows 11 hacked on second day of Pwn2Own
FOE May 15 Bleeping Computer
Popular node-ipc npm package compromised to steal credentials
FOE May 15 The Hacker News
Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access
FOE May 15 EPIC
EPIC Testifies in Support of Bill to Protect New Jersey Consumers From Surveillance Pricing
FOE May 15 Bleeping Computer
Avada Builder WordPress plugin flaws allow site credential theft
FOE May 15 SecurityWeek
In Other News: Big Tech vs Canada Encryption Bill, Cisco’s Free AI Security Spec, Audi App Flaws
FRIEND May 15 Bleeping Computer
Microsoft backpedals: Edge to stop loading passwords into memory
FOE May 15 Bleeping Computer
Inside the REMUS Infostealer: Session Theft, MaaS, and Rapid Evolution
FOE May 15 BrightTALK InfoSec
Beyond the Air Gap: Securing Industrial Systems Against Invisible AI Threats
FOE May 15 The Hacker News
Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence
FRIEND May 15 Bleeping Computer
Microsoft to automatically roll back faulty Windows drivers
FOE May 15 Privacy International
Privacy International’s submission to the UN High Commissioner for Human Rights on the protection of human rights defenders in the digital age
FOE May 15 SecurityWeek
Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild
FRIEND May 15 Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: Almost time for shift change
FOE May 15 CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FRIEND May 15 Dark Reading
Cyber Pioneers Ponder Past as Prologue
FOE May 15 CSO Online
Cisco warns of an actively exploited SD-WAN flaw with max severity
FOE May 15 The Intercept (Privacy)
How Trump’s New Counterterrorism Strategy Puts You at Risk
FOE May 15 SecurityWeek
American Lending Center Data Breach Affects 123,000 Individuals
FOE May 15 Schneier on Security
Bypassing On-Camera Age-Verification Checks
FOE May 15 The Hacker News
What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface
FOE May 15 The Hacker News
TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates
FOE May 15 Privacy International
Collateral Damage: Grok AI and the Human Cost of Generative AI
FOE May 15 SecurityWeek
OpenAI Hit by TanStack Supply Chain Attack
FOE May 15 The Register (Security)
OpenAI caught in TanStack npm supply chain chaos after employee devices compromised
FOE May 15 CSO Online
Autonomous systems are finally working. Security is next
FOE May 15 SecurityWeek
TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code
FOE May 15 Bleeping Computer
Microsoft warns of Exchange zero-day flaw exploited in attacks
FOE May 15 CSO Online
EU’s Cyber Resiliency Act will put IT leaders to the test
FOE May 15 CSO Online
The economics of ransomware 3.0
FOE May 15 The Register (Security)
MPs want social media treated more like unsafe toys than harmless apps
FOE May 15 SecurityWeek
Chrome 148 Update Patches Critical Vulnerabilities
FOE May 15 SANS Internet Storm Center
[Guest Diary] New Malware Libraries means New Signatures, (Fri, May 15th)
FOE May 15 SecurityWeek
Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026
FOE May 15 The Hacker News
On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email
FOE May 15 The Hacker News
CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits
FOE May 15 Risky Business News
Risky Bulletin: Shai-Hulud goes open-source
FOE May 15 Dark Reading
Taiwan Incident Highlights Cybersecurity Gaps in Rail Systems
FOE May 15 CISA KEV
CVE-2026-42897: Microsoft Exchange Server Cross-Site Scripting Vulnerability
FOE May 14 CSO Online
AI agent finds 18-year-old remote code execution flaw in Nginx
FOE May 14 Bleeping Computer
TeamPCP hackers advertise Mistral AI code repos for sale
FOE May 14 The Register (Security)
Nobody believes the 'criminals and scumbags' who hacked Canvas really deleted stolen student data
FOE May 14 Bleeping Computer
Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin
FRIEND May 14 Dark Reading
SecurityScorecard Snags Driftnet to Level Up Threat Intelligence
FOE May 14 CSO Online
Meet Fragnesia, the third Linux kernel vulnerability in a month
FOE May 14 Dark Reading
Maximum Severity Cisco SD-WAN Bug Exploited in the Wild
FOE May 14 Dark Reading
Congress Puts Heat on Instructure After Canvas Outage
FOE May 14 Bleeping Computer
Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks
FOE May 14 EPIC
Colorado Legislature Again Amends Landmark AI Law
FOE May 14 Bleeping Computer
OpenAI confirms security breach in TanStack supply chain attack
FOE May 14 Bleeping Computer
Windows 11 and Microsoft Edge hacked at Pwn2Own Berlin 2026
FOE May 14 Ars Technica (Security)
Zero-day exploit completely defeats default Windows 11 BitLocker protections
FOE May 14 The Hacker News
Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access
FOE May 14 The Hacker News
Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets
FOE May 14 Dark Reading
'FrostyNeighbor' APT Carefully Targets Govt Orgs in Poland, Ukraine
FOE May 14 The Hacker News
ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories
FRIEND May 14 Schneier on Security
Upcoming Speaking Engagements
FOE May 14 Bleeping Computer
18-year-old NGINX vulnerability allows DoS, potential RCE
FOE May 14 Bleeping Computer
Cyber-Enabled Cargo Crime: How Cybercrime Tradecraft is Used to Steal Freight
FRIEND May 14 Professor Messer
Today’s SY0-701 CompTIA Security+ Pop Quiz: A lottery ticket and some gum
FOE May 14 The Hacker News
Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike
FRIEND May 14 SecurityWeek
Enhancing Data Center Security Without Sacrificing Performance
FOE May 14 SecurityWeek
New Linux Kernel Vulnerability Fragnesia Allows Root Privilege Escalation
FOE May 14 Dark Reading
AI Drives Cybersecurity Investments, Widening 'Valley of Death'
FRIEND May 14 SecurityWeek
Mythos Proves Potent in Vulnerability Discovery, Less Convincing Elsewhere
FOE May 14 CSO Online
FlowerStorm phishing gang adopts virtual-machine obfuscation to evade email defenses
FRIEND May 14 SecurityWeek
Akamai to Acquire AI and Browser Security Firm LayerX for $205 Million
FOE May 14 Bleeping Computer
KongTuke hackers now use Microsoft Teams for corporate breaches
FOE May 14 SecurityWeek
Chinese APTs Expand Targets, Update Backdoors in Recent Campaigns
FRIEND May 14 Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: We could use an upgrade
FOE May 14 CISA Alerts
Siemens Ruggedcom Rox
FOE May 14 CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE May 14 CISA Alerts
Siemens Ruggedcom Rox
FOE May 14 CISA Alerts
Siemens Ruggedcom Rox
FOE May 14 CISA Alerts
Siemens SIMATIC
FOE May 14 CISA Alerts
Universal Robots Polyscope 5
FOE May 14 CISA Alerts
Siemens Simcenter Femap
FOE May 14 CISA Alerts
Siemens gWAP
FOE May 14 CISA Alerts
Siemens SENTRON 7KT PAC1261 Data Manager
FOE May 14 CISA Alerts
Siemens Siemens ROS#
FOE May 14 CISA Alerts
Siemens Opcenter RDnL
FOE May 14 CISA Alerts
Siemens Solid Edge
FOE May 14 CISA Alerts
Siemens Teamcenter
FOE May 14 CISA Alerts
Siemens SIPROTEC 5
FOE May 14 CISA Alerts
Siemens Industrial Devices
FOE May 14 CISA Alerts
Siemens SIMATIC S7 PLC Web Server
FOE May 14 CISA Alerts
Siemens Ruggedcom Rox
FOE May 14 CISA Alerts
Siemens SIMATIC
FOE May 14 Dark Reading
Foxconn Attack Highlights Manufacturing's Cyber Crisis
FOE May 14 The Hacker News
PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure
FOE May 14 CSO Online
PraisonAI vulnerability gets scanned within 4 hours of disclosure
FOE May 14 The Hacker News
How AI Hallucinations Are Creating Real Security Risks
FOE May 14 The Register (Security)
Cops arrest man suspected of being Dream Market kingpin
FRIEND May 14 SecurityWeek
G7 Countries Release AI SBOM Guidance
FOE May 14 Schneier on Security
How Dangerous Is Anthropic’s Mythos AI?
FOE May 14 SecurityWeek
F5 Patches Over 50 Vulnerabilities
FOE May 14 Bleeping Computer
Dell confirms its SupportAssist software causes Windows BSOD crashes
FOE May 14 The Register (Security)
Dirty Frag gets a sequel as Fragnesia hands Linux attackers root-level access
FOE May 14 SecurityWeek
Hackers Targeted PraisonAI Vulnerability Hours After Disclosure
FOE May 14 The Hacker News
Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation
FRIEND May 14 CSO Online
What CISOs need to land a board role
FOE May 14 Bleeping Computer
US charges suspected Dream Market admin arrested in Germany
FOE May 14 SecurityWeek
High-Severity Vulnerability Patched in VMware Fusion
FOE May 14 Bleeping Computer
New Fragnesia Linux flaw lets attackers gain root privileges
FOE May 14 SecurityWeek
Researcher Drops YellowKey, GreenPlasma Windows Zero-Days
FOE May 14 The Hacker News
New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption
FOE May 14 The Register (Security)
To gain root access at this company, all an intruder had to do was ask nicely
FOE May 14 The Register (Security)
To gain root access at this company, all an intruder had to do was ask nicely
FOE May 14 The Register (Security)
AI models are getting better at replacing cybersecurity pros on certain tasks
FRIEND May 14 SANS Internet Storm Center
Simple bypass of the link preview function in Outlook Junk folder, (Thu, May 14th)
FOE May 14 The Hacker News
18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE
FOE May 14 Risky Business News
Srsly Risky Biz: The AI Regulation Knife Fight
FRIEND May 14 The Register (Security)
Cisco to fire 4,000 staff and generously give them free training – on Cisco
FOE May 14 CISA KEV
CVE-2026-20182: Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
FOE May 14 Sophos News
Why AMOS matters: The macOS malware stealing data at scale
FOE May 13 The Register (Security)
Welcome to the vulnpocalypse, as vendors use AI to find bugs and patches multiply like rabbits
FOE May 13 CSO Online
Fired employee sought AI help to hide deletion of hosting firm’s customer data
FOE May 13 The Register (Security)
AWS to Quick admins: The access control didn't work, but you weren't using it anyway, so what's the problem?
FOE May 13 The Register (Security)
AWS to Quick admins: The access control didn't work, but you weren't using it anyway, so what's the problem?
FOE May 13 Bleeping Computer
West Pharmaceutical says hackers stole data, encrypted systems
FRIEND May 13 Professor Messer
Professor Messer’s N10-009 Network+ Study Group – May 2026
FOE May 13 Bleeping Computer
Iranian hackers targeted major South Korean electronics maker
FOE May 13 Dark Reading
Checkbox Assessments Aren't Fit to Measure to Risk
FOE May 13 Sophos News
May’s Patch Tuesday hauls out 132 CVEs
FOE May 13 Dark Reading
Attackers Weaponize RubyGems for Data Dead Drops
FOE May 13 CSO Online
Fortinet fixes two critical RCE flaws in FortiAuthenticator and FortiSandbox
FOE May 13 Dark Reading
Tables Turn on 'The Gentlemen' RaaS Gang With Data Leak
FOE May 13 Bleeping Computer
New critical Exim mailer flaw allows remote code execution
FOE May 13 The Register (Security)
Bug hunter tracks down three massive MCP flaws and one vendor won't fix theirs
FRIEND May 13 Dark Reading
Dark Reading Celebrates 20 Years as a Leading Authority on Cybersecurity, Highlighting the People, Events, Ideas, and Technologies Shaping the Modern Risk Landscape
FOE May 13 SecurityWeek
Foxconn Confirms North American Factories Hit by Cyberattack
FRIEND May 13 EFF Deeplinks
Help EFF Solve an Issue That's Bigger than Creepy Ads
FRIEND May 13 EFF Deeplinks
The Science is Not Settled: How Weak Evidence is Fueling a National Push to Ban Social Media for Youth
FOE May 13 Bleeping Computer
Windows BitLocker zero-day gives access to protected drives, PoC released
FOE May 13 The Register (Security)
Mystery Microsoft bug leaker keeps the zero-days coming
FRIEND May 13 SecurityWeek
Microsoft, Palo Alto Networks Find Many Vulnerabilities by Using AI on Their Own Code
FRIEND May 13 Bleeping Computer
Webinar tomorrow: Why security alone won't stop modern attacks
FOE May 13 Bleeping Computer
Microsoft fixes BitLocker recovery issue only for Windows 11 users
FRIEND May 13 SecurityWeek
Sweet Security Launches Agentic AI Red Teaming to Counter ‘Mythos Moment’
FOE May 13 Bleeping Computer
Microsoft fixes Windows Autopatch bug installing restricted drivers
FOE May 13 Black Hills Information Security
How to Identify and Exploit New Vulnerabilities
FRIEND May 13 The Hacker News
Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday
FOE May 13 CSO Online
What happens when China’s AI catches up to Mythos?
FRIEND May 13 SecurityWeek
Webinar Today: ROI for Cyber-Physical Security Programs
FOE May 13 Dark Reading
LatAm Vibe Hackers Generate Custom Hacking Tools on the Fly
FOE May 13 Dark Reading
China's 'FamousSparrow' APT Nests in South Caucasus Energy Firm
FOE May 13 The Hacker News
Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation
FOE May 13 Bleeping Computer
Foxconn confirms cyberattack claimed by Nitrogen ransomware gang
FOE May 13 Bleeping Computer
73 Seconds to Breach, 24 Hours to Patch: The Case for Autonomous Validation
FRIEND May 13 CSO Online
Microsoft’s new AI system finds 16 Windows flaws, including four critical RCEs
FOE May 13 SecurityWeek
Government to Scrutinize Instructure Over Canvas Disruption, Data Breach
FRIEND May 13 CSO Online
Palo Alto bets on identity security for autonomous AI with Idira launch
FRIEND May 13 Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: I need my clipboard
FOE May 13 Bleeping Computer
Microsoft says some users can't install Office on Windows 365 devices
FRIEND May 13 The Hacker News
[Webinar] Why Your AppSec Tools Miss the "Lethal Path" (and How to Fix It)
FOE May 13 CSO Online
ClickFix finds a backup plan in PySoxy proxy chains
FOE May 13 The Hacker News
Most Remediation Programs Never Confirm the Fix Actually Worked
FOE May 13 SecurityWeek
716,000 Impacted by OpenLoop Health Data Breach
FOE May 13 Schneier on Security
OpenAI’s GPT-5.5 is as Good as Mythos at Finding Security Vulnerabilities
FRIEND May 13 CSO Online
CISA’s AI SBOM guidance pushes software supply-chain oversight into new territory
FOE May 13 The Hacker News
Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws
FOE May 13 SecurityWeek
Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises
FOE May 13 SecurityWeek
Fortinet, Ivanti Patch Critical Vulnerabilities
FRIEND May 13 CSO Online
2026 CSO Award winners showcase business-enabling cyber innovation
FOE May 13 SecurityWeek
Chipmaker Patch Tuesday: Intel and AMD Patch 70 Vulnerabilities
FOE May 13 The Hacker News
GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data
FOE May 13 CSO Online
Google entdeckt erstmals KI-basierten Zero-Day-Exploit
FOE May 13 SecurityWeek
Hundreds of Malicious Packages Force RubyGems to Suspend Registrations
FRIEND May 13 OWASP Blog
Juice Shop v20.0.0 — a fresh squeeze of features, now with AI
FOE May 13 Google Project Zero
A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens
FRIEND May 13 The Hacker News
Android Adds Intrusion Logging for Sophisticated Spyware Forensics
FOE May 13 SecurityWeek
ICS Patch Tuesday: New Security Advisories From Siemens, Schneider, CISA
FOE May 13 SANS Internet Storm Center
[GUEST DIARY] Tearing apart website fraud to see how it works., (Wed, May 13th)
FOE May 13 The Register (Security)
Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub
FOE May 13 Risky Business News
Risky Bulletin: RubyGems disables sign-ups after attack on staff
FRIEND May 13 CSO Online
Der Kaufratgeber für Breach & Attack Simulation Tools
FRIEND May 13 The Register (Security)
Vietnam to develop domestic cloud so it can ditch risky overseas operators for government workloads
FRIEND May 13 SANS Internet Storm Center
Proxying the Unproxyable? Sending EXE traffic to a Proxy, (Wed, May 13th)
FOE May 13 CSO Online
May Patch Tuesday roundup: Critical holes in Windows Netlogon, DNS, and SAP S/4HANA
FOE May 13 Sophos News
May’s Patch Tuesday hauls out 132 CVEs
FOE May 12 The Register (Security)
Doozy of a Patch Tuesday includes 30 critical Microsoft CVEs
FOE May 12 Bleeping Computer
US govt seeks Instructure testimony on massive Canvas cyberattack
FOE May 12 EFF Deeplinks
Broken Promises: RIP Instagram’s End-to-End Encrypted DMs
FOE May 12 The Register (Security)
Foxconn confirms cyberattack after ransomware crew claims it stole confidential Apple, Nvidia files
FRIEND May 12 Krebs on Security
Patch Tuesday, May 2026 Edition
FRIEND May 12 Dark Reading
It's Patch Tuesday for Microsoft and Not a Zero-Day In Sight
FOE May 12 Bleeping Computer
UK fines water supplier $1.3M for exposing data of 664k customers
FRIEND May 12 Bleeping Computer
Webinar: Fixing the gaps in network incident response
FRIEND May 12 Bleeping Computer
Signal adds security warnings for social engineering, phishing attacks
FRIEND May 12 Bleeping Computer
Microsoft releases Windows 10 KB5087544 extended security update
FRIEND May 12 SANS Internet Storm Center
Microsoft May 2026 Patch Tuesday, (Tue, May 12th)
FOE May 12 Bleeping Computer
Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator
FRIEND May 12 Bleeping Computer
Windows 11 KB5089549 & KB5087420 cumulative updates released
FRIEND May 12 Bleeping Computer
Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-days
FOE May 12 SecurityWeek
Microsoft Patches 137 Vulnerabilities
FOE May 12 Sophos News
Inside the lethal trifecta: Blast radius reduction in AI agent deployments
FRIEND May 12 SecurityWeek
Exaforce Raises $125 Million for Agentic SOC Platform
FOE May 12 CSO Online
Mistral AI SDK, TanStack Router hit in npm software supply chain attack
FOE May 12 Bleeping Computer
Škoda warns of customer data breach after online shop hack
FRIEND May 12 Bleeping Computer
Android 17 to expand banking scam call and privacy protections
FRIEND May 12 EFF Deeplinks
Victory! End-to-End Encrypted RCS Comes to Apple and Android Chats
FOE May 12 SecurityWeek
Adobe Patches 52 Vulnerabilities in 10 Products
FOE May 12 The Hacker News
New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution
FOE May 12 EFF Deeplinks
EFF Launches New Offline Campaign for Saudi Wikipedian Osama Khalid
FRIEND May 12 BrightTALK InfoSec
Closing the Resilience Gap: Security Architecture for Modern Threats
FRIEND May 12 BrightTALK InfoSec
Red Teaming AI: A CISO's Guide to Proactive Defense
FOE May 12 EFF Deeplinks
A Hackers Guide to Circumventing Internet Shutdowns
FRIEND May 12 SecurityWeek
White Circle Raises $11 Million for AI Control Platform
FRIEND May 12 Professor Messer
Today’s N10-009 CompTIA Network+ Pop Quiz: I’m looking for something in chartreuse
FOE May 12 The Register (Security)
US bank reports itself after slinging customer data at 'unauthorized AI app'
FOE May 12 The Hacker News
RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded
FOE May 12 SecurityWeek
BWH Hotels Says Hackers Had Access to Reservation Data for 6 Months
FOE May 12 Dark Reading
Hugging Face Packages Weaponized With a Single File Tweak
FOE May 12 SecurityWeek
Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware
FOE May 12 SecurityWeek
Deal Reached With Hackers to Delete Data Stolen From the Canvas Educational Platform
FRIEND May 12 CSO Online
OpenAI introduces Daybreak cyber platform, takes on Anthropic Mythos
FRIEND May 12 Sophos News
Sophos Leader KuppingerCole MDR 2026
FOE May 12 Sophos News
Sophos ChatGPT Cyber
FOE May 12 SecurityWeek
West Pharmaceutical Services Hit by Disruptive Ransomware Attack
FOE May 12 The Hacker News
New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots
FOE May 12 SecurityWeek
Apple Patches Dozens of Vulnerabilities in macOS, iOS
FOE May 12 SecurityWeek
SAP Patches Critical S/4HANA, Commerce Vulnerabilities
FRIEND May 12 Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: The clarity could be improved
FOE May 12 CISA Alerts
Fuji Electric Tellus
FOE May 12 CISA Alerts
ABB AC500 V3 Stack Buffer Overflow in Cryptographic Message Syntax
FOE May 12 CISA Alerts
ABB Automation Builder Gateway for Windows
FOE May 12 CISA Alerts
Subnet Solutions PowerSYSTEM Center
FOE May 12 CISA Alerts
ABB AC500 V3 Multiple Vulnerabilities
FOE May 12 CISA Alerts
ABB WebPro SNMP Card PowerValue Multiple Vulnerabilities
FRIEND May 12 CISA Alerts
Software Bill of Materials for AI - Minimum Elements
FOE May 12 The Register (Security)
Cache-poisoning caper turns TanStack npm packages toxic
FRIEND May 12 Dark Reading
20 Leaders Who Built the CISO Era: 2 Decades of Change
FOE May 12 The Hacker News
Webinar: What the Riskiest SOC Alerts Go Unanswered - and How Radiant Security Can Help
FOE May 12 CSO Online
Fake Claude Code takes the IElevator to your browser secrets
FOE May 12 Bleeping Computer
Shai Hulud attack ships signed malicious TanStack, Mistral npm packages
FRIEND May 12 SecurityWeek
Claude Mythos Finds Only One Curl Vulnerability; Experts Divided on What It Really Means
FOE May 12 Dark Reading
Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply Chain
FOE May 12 Schneier on Security
Copy.Fail Linux Vulnerability
FOE May 12 Bleeping Computer
SAP fixes critical vulnerabilities in Commerce Cloud and S/4HANA
FOE May 12 SecurityWeek
Is The SOC Obsolete, And We Just Haven’t Admitted It Yet?
FOE May 12 The Hacker News
Why Agentic AI Is Security's Next Blind Spot
FOE May 12 CSO Online
cPanel flaw exposes enterprises to hosting supply-chain risks
FOE May 12 SecurityWeek
TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack
FOE May 12 CSO Online
Developer workstations are the new beachhead
FRIEND May 12 The Register (Security)
Apple, Google drag cross-platform texting into the encrypted age
FOE May 12 Bleeping Computer
Instructure reaches 'agreement' with ShinyHunters to stop data leak
FRIEND May 12 CSO Online
CISOs step into the AI spotlight
FOE May 12 CSO Online
Why patching SLAs should be the floor, not the strategy
FOE May 12 The Hacker News
Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages
FOE May 12 The Hacker News
Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak
FRIEND May 12 The Hacker News
OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation
FOE May 12 The Register (Security)
Japan’s PM orders cybersecurity review to stop Mythos going full CyberZilla
FRIEND May 12 The Hacker News
iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android
FRIEND May 12 CSO Online
Cybersicherheitsvorschriften: So erfüllen Sie Ihre Compliance-Anforderungen
FRIEND May 12 CSO Online
Customer Identity & Access Management: Die besten CIAM-Tools
FRIEND May 12 CSO Online
Linux kernel maintainers suggest a ‘kill switch’ to protect systems until a zero-day vulnerability is patched
FRIEND May 12 Professor Messer
Professor Messer’s CompTIA A+ 220-1202 Study Group – May 2026
FOE May 12 Sophos News
Inside the lethal trifecta: Blast radius reduction in AI agent deployments
FRIEND May 12 Sophos News
Sophos Endpoint in action: Blocking a novel supply chain attack
FOE May 12 Sophos News
The State of Identity Security 2026: Identity is the new perimeter
FOE May 11 The Register (Security)
Double Canvas breach acknowledged as ShinyHunters sets new pay-or-leak deadline
FRIEND May 11 Bleeping Computer
GM agrees to $12.75M California settlement over sale of drivers’ data
FOE May 11 Ars Technica (Security)
Linux bitten by second severe vulnerability in as many weeks
FRIEND May 11 SANS Internet Storm Center
Apple Patches Everything, (Mon, May 11th)
FOE May 11 Bleeping Computer
Official CheckMarx Jenkins package compromised with infostealer
FOE May 11 Bleeping Computer
New GhostLock tool abuses Windows API to block file access
FOE May 11 Dark Reading
FCC Softens Ban on Foreign-Made Routers
FOE May 11 The Register (Security)
Cookie thieves caught stealing dev secrets via fake Claude Code installers
FOE May 11 Sophos News
Sophos State of Identity Security 2026
FOE May 11 EFF Deeplinks
Canada’s Bill C-22 Is a Repackaged Version of Last Year’s Surveillance Nightmare
FOE May 11 EFF Deeplinks
EFF to Fourth Circuit: Electronic Device Searches at the Border Require a Warrant
FRIEND May 11 BrightTALK InfoSec
The CISO's Playbook: Turning AI Governance Into Boardroom Currency
FRIEND May 11 Dark Reading
Tech Can't Stop These Threats — Your People Can
FOE May 11 The Hacker News
TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack
FOE May 11 The Hacker News
cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor
FOE May 11 EFF Deeplinks
EFF Stands in Solidarity With RightsCon and the Global Digital Rights Community
FRIEND May 11 SecurityWeek
Frame Security Emerges From Stealth With $50M for Awareness and Training Platform
FOE May 11 The Register (Security)
Anthropic’s bug-hunting Mythos was greatest marketing stunt ever, says cURL creator
FRIEND May 11 CSO Online
Entries now open for the 2026 CSO30 Australia Awards
FOE May 11 The Hacker News
Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation
FOE May 11 Bleeping Computer
Instructure confirms hackers used Canvas flaw to deface portals
FOE May 11 Dark Reading
'Dirty Frag' Exploit Poised to Blow Up on Enterprise Linux Distros
FOE May 11 Sophos News
Why AMOS matters: The macOS malware stealing data at scale
FOE May 11 The Register (Security)
BWH Hotels guests warned after reservation data checks out with cybercrooks
FRIEND May 11 SANS Internet Storm Center
Why we use CAPTCHAs, (Mon, May 11th)
FRIEND May 11 SecurityWeek
Build Application Firewalls Aim to Stop the Next Supply Chain Attack
FRIEND May 11 Sophos News
Sophos Ransomware AI
FOE May 11 Bleeping Computer
Why Changing Passwords Doesn’t End an Active Directory Breach
FRIEND May 11 CSO Online
Lyrie.ai Joins First Batch of Anthropic’s Cyber Verification Program
FOE May 11 SecurityWeek
Google Detects First AI-Generated Zero-Day Exploit
FOE May 11 Bleeping Computer
Google: Hackers used AI to develop zero-day exploit for web admin tool
FOE May 11 Dark Reading
Hackers Use AI for Exploit Development, Attack Automation
FOE May 11 CSO Online
Google discovers weaponized zero-day exploits created with AI
FOE May 11 The Hacker News
⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
FRIEND May 11 Bleeping Computer
Webinar this week: Prevention alone is not enough against modern attacks
FOE May 11 CSO Online
Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads
FOE May 11 The Register (Security)
Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotaged
FOE May 11 CSO Online
New ‘Dirty Frag’ exploit targets Linux kernel for root access
FRIEND May 11 Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: Don’t sneak off
FOE May 11 Dark Reading
Cyber Espionage Group Targets Aviation Firms to Steal Map Data
FOE May 11 SecurityWeek
Skoda Data Breach Hits Online Shop Customers
FRIEND May 11 The Hacker News
Your Purple Team Isn't Purple — It's Just Red and Blue in the Same Room
FRIEND May 11 SecurityWeek
Cloudflare Lays Off 1,100 Employees in AI-Driven Restructuring
FOE May 11 Schneier on Security
LLMs and Text-in-Text Steganography
FOE May 11 SecurityWeek
SailPoint Discloses GitHub Repository Hack
FOE May 11 CSO Online
AI security is repeating endpoint security’s biggest mistake
FOE May 11 SecurityWeek
Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack
FOE May 11 Bleeping Computer
TrickMo Android banker adopts TON blockchain for covert comms
FRIEND May 11 CSO Online
8 guiding principles for reskilling the SOC for agentic AI
FOE May 11 CSO Online
1,800+ MCP servers exposed without authentication: How zero trust can secure the AI agent revolution
FOE May 11 SecurityWeek
Canvas System Is Online After a Cyberattack Disrupted Thousands of Schools
FOE May 11 The Register (Security)
Taiwan's train cyber-trauma reveals a global system that’s coming off the tracks
FOE May 11 SecurityWeek
New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks
FOE May 11 SecurityWeek
Resurrected ‘Crimenetwork’ Marketplace Taken Down, Administrator Arrested
FOE May 11 The Hacker News
Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads
FRIEND May 11 OWASP Blog
Welcome to the Google Summer of Code 2026!
FOE May 11 SecurityWeek
Over 500 Organizations Hit in Years-Long Phishing Campaign
FOE May 11 Risky Business News
Risky Bulletin: FCC relaxes foreign router ban to allow for security updates
FOE May 11 Sophos News
Ransomware: AI changes the writer. It doesn't change the math.
FRIEND May 11 Sophos News
GPT-5.5-Cyber is here. What it means for defenders operating at the frontier.
FRIEND May 10 SANS Internet Storm Center
YARA-X 1.16.0 Release, (Sun, May 10th)
FOE May 10 Bleeping Computer
Hackers abuse Google ads, Claude.ai chats to push Mac malware
FOE May 10 Bleeping Computer
Police shut down reboot of Crimenetwork marketplace, arrest admin
FOE May 10 The Hacker News
Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak
FOE May 09 Bleeping Computer
JDownloader site hacked to replace installers with Python RAT malware
FOE May 09 Bleeping Computer
Fake OpenAI repository on Hugging Face pushes infostealer malware
FOE May 09 The Hacker News
cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now
FOE May 08 EFF Deeplinks
Congress Narrowed the GUARD Act, But Serious Problems Remain
FRIEND May 08 Professor Messer
Professor Messer’s 220-1201 CompTIA A+ Study Group – May 2026
FOE May 08 CSO Online
Five new holes, one exploited, found in Ivanti Endpoint Manager Mobile
FOE May 08 Dark Reading
ShinyHunters Claims Second Attack Against Instructure
FOE May 08 Ars Technica (Security)
Chaos erupts as cyberattack disrupts learning platform Canvas amid finals
FOE May 08 The Hacker News
TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms
FOE May 08 The Register (Security)
Worm rubs out competitor's malware, then takes control
FRIEND May 08 EFF Deeplinks
Free Signal Guide
FOE May 08 Bleeping Computer
NVIDIA confirms GeForce NOW data breach affecting Armenian users
FRIEND May 08 BrightTALK InfoSec
Harmonizing AI Governance and Cybersecurity Operations
FOE May 08 The Hacker News
Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads
FOE May 08 SecurityWeek
In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner
FRIEND May 08 Bleeping Computer
Why More Analysts Won’t Solve Your SOC’s Alert Problem
FOE May 08 The Register (Security)
'Dirty Frag' Linux flaw one-ups CopyFail with no patches and public root exploit
FOE May 08 Bleeping Computer
Trellix source code breach claimed by RansomHouse hackers
FOE May 08 The Register (Security)
Meta U-turns on encryption push for Instagram as DMs go plaintext
FOE May 08 Bleeping Computer
CISA gives feds four days to patch Ivanti flaw exploited as zero-day
FRIEND May 08 Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: Or any other color
FOE May 08 Dark Reading
Shifting Budget Dynamics for Identity Security and AI Agents
FOE May 08 CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE May 08 SecurityWeek
Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants
FOE May 08 CSO Online
Claude in Chrome is taking orders from the wrong extensions
FOE May 08 SecurityWeek
AI Firm Braintrust Prompts API Key Rotation After Data Breach
FOE May 08 The Hacker News
Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise
FOE May 08 The Register (Security)
Hackers ate my homework: Educational SaaS Canvas down after cyberattack
FOE May 08 SecurityWeek
Cyberattack Hits Canvas System Used by Thousands of Schools as Finals Loom
FOE May 08 Bleeping Computer
Zara data breach exposed personal information of 197,000 people
FOE May 08 The Hacker News
One Missed Threat Per Week: What 25M Alerts Reveal About Low-Severity Risk
FOE May 08 CSO Online
Your CTEM program is probably ignoring MCP. Here’s how to fix it
FOE May 08 CSO Online
Pen tests show AI security flaws far more severe than legacy software bugs
FOE May 08 CSO Online
Your refresh plan has a CVE blind spot
FOE May 08 Bleeping Computer
Former govt contractor convicted for wiping dozens of federal databases
FOE May 08 The Hacker News
New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials
FOE May 08 SecurityWeek
‘PCPJack’ Worm Removes TeamPCP Infections, Steals Credentials
FOE May 08 SecurityWeek
Ransomware Group Takes Credit for Trellix Hack
FOE May 08 SANS Internet Storm Center
Another Universal Linux Local Privilege Escalation (LPE) Vulnerability: Dirty Frag, (Fri, May 8th)
FOE May 08 Bleeping Computer
New Linux 'Dirty Frag' zero-day gives root on all major distros
FOE May 08 SecurityWeek
Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover
FOE May 08 SecurityWeek
Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks
FOE May 08 The Hacker News
Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions
FOE May 08 Krebs on Security
Canvas Breach Disrupts Schools & Colleges Nationwide
FOE May 08 Risky Business News
Risky Bulletin: Google patches Android remote takeover bug
FOE May 08 CSO Online
Palo Alto Networks firewall flaw has been exploited for several weeks
FRIEND May 08 CSO Online
Become a millionaire by bug hunting on Android
FOE May 08 CSO Online
13 new critical holes in JavaScript sandbox allow execution of arbitrary code
FRIEND May 08 Sophos News
Sophos named a Leader in the KuppingerCole Analysts Leadership Compass for Managed Detection and Response 2026
FOE May 08 CISA KEV
CVE-2026-42208: BerriAI LiteLLM SQL Injection Vulnerability
FRIEND May 07 The Register (Security)
Mozilla boasts Mythos boosted Firefox bug cull
FOE May 07 Bleeping Computer
Canvas login portals hacked in mass ShinyHunters extortion campaign
FOE May 07 Bleeping Computer
New TCLBanker malware self-spreads over WhatsApp and Outlook
FOE May 07 CSO Online
Ollama vulnerability highlights danger of AI frameworks with unrestricted access
FOE May 07 Dark Reading
After Replacing TeamPCP Malware, 'PCPJack' Steals Cloud Secrets
FOE May 07 CSO Online
LinkedIn illegally blocking free accounts from seeing ‘who’s viewed your profile’ data, group alleges
FOE May 07 The Register (Security)
Anthropic response to 1-click pwn: Shouldn't have clicked 'ok'
FRIEND May 07 Ars Technica (Security)
Mozilla says 271 vulnerabilities found by Mythos have "almost no false positives"
FOE May 07 SecurityWeek
Worries About AI’s Risks to Humanity Loom Over the Trial Pitting Musk Against OpenAI’s Leaders
FOE May 07 Bleeping Computer
New PCPJack worm steals credentials, cleans TeamPCP infections
FOE May 07 Bleeping Computer
Australia warns of ClickFix attacks pushing Vidar Stealer malware
FOE May 07 The Hacker News
Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access
FOE May 07 The Hacker News
PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems
FRIEND May 07 Dark Reading
Has CISA Finally Found Its New Leader in Tom Parker?
FOE May 07 The Register (Security)
60% of MD5 password hashes are crackable in under an hour
FRIEND May 07 BrightTALK InfoSec
Application Security for the New Age: From Reactive to Proactive
FRIEND May 07 BrightTALK InfoSec
The Autonomous Pipeline: Embedding Zero-Trust Guardrails with Kyverno
FRIEND May 07 EPIC
EPIC Encourages CalPrivacy to Enact Independent Testing and Inspection Requirements for Data Broker Audits
FOE May 07 SecurityWeek
Palo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking
FOE May 07 Bleeping Computer
Ivanti warns of new EPMM flaw exploited in zero-day attacks
FRIEND May 07 Professor Messer
Today’s SY0-701 CompTIA Security+ Pop Quiz: What could go wrong
FRIEND May 07 SecurityWeek
Boost Security Raises $4 Million for SDLC Defense Platform
FOE May 07 SecurityWeek
Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking
FRIEND May 07 SecurityWeek
Chrome 148 Rolls Out With 127 Security Fixes
FOE May 07 Bleeping Computer
The Browser Is Breaking Your DLP: How Data Slips Past Modern Controls
FRIEND May 07 The Hacker News
One Click, Total Shutdown: The "Patient Zero" Webinar on Killing Stealth Breaches
FOE May 07 SecurityWeek
Attackers Could Exploit AI Vision Models Using Imperceptible Image Changes
FOE May 07 Bleeping Computer
Americans sentenced for running 'laptop farms' for North Korea
FOE May 07 The Hacker News
PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage
FOE May 07 SecurityWeek
Vendor Says Daemon Tools Supply Chain Attack Contained
FRIEND May 07 Dark Reading
World's First AI-Driven Cyberattack Couldn't Breach OT Systems
FOE May 07 Dark Reading
'TrustFall' Convention Exposes Claude Code Execution Risk
FOE May 07 SecurityWeek
AI Coding Agents Could Fuel Next Supply Chain Crisis
FOE May 07 Bleeping Computer
Crypto gang member gets 6.5 years for role in $230 million heist
FRIEND May 07 CSO Online
Bots in translation: Can AI really fix SIEM rule sprawl across vendors?
FRIEND May 07 Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: It’s a 50,000 mile network
FRIEND May 07 Bleeping Computer
Webinar: Why modern attacks require both security and recovery
FOE May 07 CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE May 07 CISA Alerts
MAXHUB Pivot Client Application
FRIEND May 07 SecurityWeek
Webinar Today: Securing Identity Across Humans, Machines and AI
FOE May 07 The Hacker News
ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories
FOE May 07 SecurityWeek
Cisco Patches High-Severity Vulnerabilities in Enterprise Products
FOE May 07 CSO Online
Critical Palo Alto Networks software bug hits exposed firewalls
FOE May 07 Schneier on Security
Smart Glasses for the Authorities
FOE May 07 Bleeping Computer
Palo Alto Networks firewall zero-day exploited for nearly a month
FOE May 07 The Hacker News
Day Zero Readiness: The Operational Gaps That Break Incident Response
FOE May 07 SecurityWeek
Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack
FOE May 07 Bleeping Computer
Fake Claude AI website delivers new 'Beagle' Windows malware
FOE May 07 The Hacker News
PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux
FRIEND May 07 CSO Online
CISOs: Align cyber risk communication with boardroom psychology
FOE May 07 SecurityWeek
Claude AI Guided Hackers Toward OT Assets During Water Utility Intrusion
FRIEND May 07 CSO Online
Ten years later, has the GDPR fulfilled its purpose?
FOE May 07 The Hacker News
vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution
FOE May 07 Risky Business News
Srsly Risky Biz: After Mythos, US Government Weighs AI Model Regulation
FRIEND May 07 CSO Online
US government agency to safety test frontier AI models before release
FRIEND May 07 SANS Internet Storm Center
An Adaptive Cyber Analytics UI for Web Honeypot Logs [Guest Diary], (Wed, May 6th)
FOE May 07 CISA KEV
CVE-2026-6973: Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability
FRIEND May 07 Sophos News
How AI-accelerated threat discovery is reshaping network security
FOE May 07 Sophos News
Donuts and Beagles: Fake Claude site spreads backdoor
FRIEND May 06 EFF Deeplinks
Milestone 1.0.0 Release of APK Downloader `apkeep` Powers Research on Android Apps
FOE May 06 Bleeping Computer
Hackers abuse Google ads for GoDaddy ManageWP login phishing
FOE May 06 Dark Reading
Yet Another Way to Bypass Google Chrome's Encryption Protection
FOE May 06 Dark Reading
Instructure Breach Exposes Schools' Vendor Dependence
FOE May 06 The Hacker News
Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks
FOE May 06 Bleeping Computer
Critical vm2 sandbox bug lets attackers execute code on hosts
FOE May 06 The Register (Security)
Arctic Wolf kicks 250 employees out of the pack to save money for AI
FOE May 06 Bleeping Computer
New Cisco DoS flaw requires manual reboot to revive devices
FOE May 06 The Register (Security)
1 in 8 employees totally cool with selling work credentials
FOE May 06 CSO Online
Iranian state-backed spies pose as ransomware slingers in false flag attacks
FOE May 06 Bleeping Computer
DAEMON Tools devs confirm breach, release malware-free version
FOE May 06 EPIC
EPIC, CDT Urge HUD to Abandon Proposed AI Tool That Would Use Sensitive Data
FOE May 06 EFF Deeplinks
👎 California's Terrible, No Good, Very Bad Social Media Ban | EFFector 38.9
FOE May 06 The Register (Security)
Iran cybersnoops still LARPing as ransomware crooks in espionage ops
FOE May 06 SecurityWeek
Autonomous Offensive Security Firm XBOW Raises $35 Million
FOE May 06 EFF Deeplinks
The SECURE Data Act is Not a Serious Piece of Privacy Legislation
FOE May 06 Bleeping Computer
Why ransomware attacks succeed even when backups exist
FRIEND May 06 Black Hills Information Security
Swapper – A Pure Regex Match/Replace Burp Extension
FRIEND May 06 SecurityWeek
Herd Security Raises $3 Million for AI-Powered Training Platform
FRIEND May 06 TCM Security Blog
AI Tools and Certification Exams: What’s Changing and Why
FOE May 06 The Register (Security)
UK age-gating plans risk breaking the internet, privacy groups warn
FOE May 06 Bleeping Computer
MuddyWater hackers use Chaos ransomware as a decoy in attacks
FOE May 06 The Hacker News
MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack
FOE May 06 SecurityWeek
Iranian APT Intrusion Masquerades as Chaos Ransomware Attack
FRIEND May 06 Bleeping Computer
Webinar: Why network incidents escalate and how to fix response gaps
FRIEND May 06 The Hacker News
The Hacker News Launches 'Cybersecurity Stars Awards 2026' — Submissions Now Open
FRIEND May 06 Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: It’s not that private
FOE May 06 CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE May 06 Dark Reading
From Stuxnet to ChatGPT: 20 News Events That Shaped Cyber
FOE May 06 SecurityWeek
Romanian Extradited to US for Role in Hacking Scheme 17 Years Ago
FOE May 06 CSO Online
New malware turns Linux systems into P2P attack networks
FOE May 06 The Hacker News
Your AI Agents Are Already Inside the Perimeter. Do You Know What They're Doing?
FOE May 06 Schneier on Security
Rowhammer Attack Against NVIDIA Chips
FOE May 06 Dark Reading
Attacks Abuse Windows Phone Link to Steal Texts & Bypass 2FA
FRIEND May 06 SecurityWeek
CISA: Critical Infrastructure Must Master Isolation, Recovery
FOE May 06 SecurityWeek
Sophisticated Quasar Linux RAT Targets Software Developers
FOE May 06 Bleeping Computer
Palo Alto Networks warns of firewall RCE zero-day exploited in attacks
FRIEND May 06 The Hacker News
Google's Android Apps Get Public Verification to Stop Supply Chain Attacks
FOE May 06 CSO Online
Poisoned truth: The quiet security threat inside enterprise AI
FRIEND May 06 CSO Online
Train like you fight: Why cyber operations teams need no-notice drills
FOE May 06 The Hacker News
Windows Phone Link Exploited by CloudZ RAT to Steal Credentials and OTPs
FOE May 06 SecurityWeek
Government, Scientific Entities Hit via Daemon Tools Supply Chain Attack
FRIEND May 06 SecurityWeek
Oracle Debuts Monthly Critical Security Patch Updates
FOE May 06 Risky Business News
Risky Bulletin: Extremely targeted supply chain attack hits DAEMON Tools
FOE May 06 The Hacker News
Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution
FOE May 06 Dark Reading
Middle East Cyber Battle Field Broadens — Especially in UAE
FOE May 06 SecurityWeek
Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls
FRIEND May 06 CSO Online
Die besten DAST- & SAST-Tools
FOE May 06 The Register (Security)
India orders infosec red alert in case Mythos sparks crime spree
FOE May 06 The Register (Security)
India orders infosec red alert in case Mythos sparks crime spree
FOE May 06 CISA KEV
CVE-2026-0300: Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability
FOE May 05 Bleeping Computer
New stealthy Quasar Linux malware targets software developers
FOE May 05 Bleeping Computer
Instructure hacker claims data theft from 8,800 schools, universities
FOE May 05 CSO Online
Supply-chain attacks take aim at your AI coding agents
FOE May 05 Dark Reading
Trellix Source Code Breach Highlights Growing Supply Chain Threats
FRIEND May 05 Dark Reading
Research Hub Bridges Cybersecurity Gap for Under-Resourced Organizations
FOE May 05 CSO Online
Edge browser leaves passwords exposed in plain text, says researcher
FOE May 05 Ars Technica (Security)
Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack
FOE May 05 CSO Online
CISA mulls new three-day remediation deadline for critical flaws
FOE May 05 Bleeping Computer
DAEMON Tools trojanized in supply-chain attack to deploy backdoor
FRIEND May 05 Dark Reading
Why Security Leadership Makes or Breaks a Pen Test
FOE May 05 Bleeping Computer
Student hacked Taiwan high-speed rail to trigger emergency brakes
FRIEND May 05 CSO Online
CISA pushes critical infrastructure operators to prepare to work in isolation
FRIEND May 05 The Register (Security)
ServiceNow clears agents for landing with new AI control tower
FOE May 05 The Hacker News
Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE
FOE May 05 The Hacker News
DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware
FRIEND May 05 CSO Online
Oracle will patch more often to counter AI cybersecurity threat
FOE May 05 The Register (Security)
Attackers are cashing in on fresh 'CopyFail' Linux flaw
FOE May 05 The Register (Security)
Attackers are cashing in on fresh 'CopyFail' Linux flaw
FRIEND May 05 Professor Messer
Today’s N10-009 CompTIA Network+ Pop Quiz: That one clashes with the metal
FOE May 05 Dark Reading
Microsoft Edge Stores Passwords in Process Memory, Posing Enterprise Risk
FOE May 05 SecurityWeek
Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations
FRIEND May 05 Bleeping Computer
FTC to ban data broker Kochava from selling Americans’ location data
FOE May 05 The Hacker News
China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions
FOE May 05 Privacy International
From Big Oil to Big Algorithm: Public Money in Private Models
FRIEND May 05 Bleeping Computer
The EOL Blind Spot in Your CVE Feed: What SCA Tools Miss
FOE May 05 Bleeping Computer
The EOL Blind Spot in Your CVE Feed: What SCA Tools Don't Check.
FRIEND May 05 EPIC
EPIC Urges Support for Chatbot Provider Liability Framework in Illinois
FOE May 05 The Register (Security)
Real estate giant confirms vishing incident as ShinyHunters and Qilin both come knocking
FOE May 05 The Register (Security)
Real estate giant confirms vishing incident as ShinyHunters and Qilin both come knocking
FOE May 05 SecurityWeek
Hacker Conversations: Joey Melo on Hacking AI
FOE May 05 Bleeping Computer
Vimeo data breach exposes personal information of 119,000 people
FOE May 05 SecurityWeek
Critical Bug Could Expose 300,000 Ollama Deployments to Information Theft
FOE May 05 The Register (Security)
ShinyHunters claims dump puts 119K Vimeo emails in the wild
FOE May 05 The Register (Security)
ShinyHunters claims dump puts 119K Vimeo emails in the wild
FRIEND May 05 Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: It might be the new glasses
FOE May 05 CISA Alerts
ABB B&R Automation Studio
FOE May 05 CISA Alerts
Johnson Controls CEM AC2000
FOE May 05 CISA Alerts
ABB B&R PVI
FOE May 05 CISA Alerts
Hitachi Energy PCM600
FOE May 05 CISA Alerts
ABB B&R Automation Runtime
FOE May 05 SecurityWeek
Critical Remote Code Execution Vulnerability Patched in Android
FOE May 05 The Hacker News
The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed
FRIEND May 05 Dark Reading
How the Story of a USB Penetration Test Went Viral
FOE May 05 Dark Reading
How the Story of a USB Penetration Test Went Viral
FOE May 05 The Hacker News
MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks
FOE May 05 CSO Online
AI finds 20-year-old bugs in PostgreSQL and MariaDB
FOE May 05 The Register (Security)
Romance scammers turn sweet talk into £102M payday
FOE May 05 The Register (Security)
Romance scammers turn sweet talk into £102M payday
FRIEND May 05 SANS Internet Storm Center
SSL.com rotates their root certificate today, (Tue, May 5th)
FOE May 05 SANS Internet Storm Center
Cleartext Passwords in MS Edge? In 2026?, (Mon, May 4th)
FRIEND May 05 Bleeping Computer
Google now offers up to $1.5 million for some Android exploits
FOE May 05 SecurityWeek
Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server
FOE May 05 CSO Online
Stealthy malware abuses Microsoft Phone Link to siphon SMS OTPs from enterprise PCs
FOE May 05 SecurityWeek
Karakurt Ransomware Negotiator Sentenced to Prison
FOE May 05 Schneier on Security
DarkSword Malware
FOE May 05 EFF Deeplinks
EFF and 18 Organizations Urge UK Policymakers to Prioritize Addressing the Roots of Online Harm
FOE May 05 The Hacker News
We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is
FOE May 05 Bleeping Computer
Karakurt extortion gang ‘cold case’ negotiator gets 8.5 years in prison
FOE May 05 Bleeping Computer
CloudZ malware abuses Microsoft Phone Link to steal SMS and OTPs
FOE May 05 SecurityWeek
MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs
FOE May 05 The Register (Security)
NHS to close-source hundreds of GitHub repos over AI, security concerns
FOE May 05 The Hacker News
ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows
FOE May 05 Bleeping Computer
ScarCruft hackers push BirdCall Android malware via game platform
FOE May 05 SecurityWeek
WhatsApp Discloses File Spoofing, Arbitrary URL Scheme Vulnerabilities
FRIEND May 05 CSO Online
CISOs step up to the security workforce challenge
FOE May 05 The Intercept (Privacy)
Maker of AI Targeting System for Drones Faces Protests for Shipments to Israeli Military
FOE May 05 CSO Online
Why most zero-trust architectures fail at the traffic layer
FOE May 05 The Register (Security)
Microsoft's bad obsession is showing up in shabby services and slipshod software. Here's proof
FRIEND May 05 Sophos News
Sophos Endpoint Mythos AI
FOE May 05 Sophos News
AI Zero Days Sophos Endpoint
FOE May 05 The Hacker News
Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API
FOE May 05 EFF Deeplinks
Shut Down Turnkey Totalitarianism
FRIEND May 05 OWASP Blog
OWASP Foundation Unveils Its Strategic Plan for a World Without Insecure Software
FOE May 05 The Hacker News
Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries
FRIEND May 05 CSO Online
10 Anzeichen für einen schlechten CSO
FRIEND May 05 The Register (Security)
Singapore boffins get diverse SIEMs singing in harmony with agentic rule translation
FRIEND May 05 The Register (Security)
Singapore boffins get diverse SIEMs singing in harmony with agentic rule translation
FOE May 05 CSO Online
Anthropic Mythos spurs White House to weigh pre-release reviews for high-risk AI models
FRIEND May 05 Sophos News
Introducing the Sophos Security Services Retainer
FOE May 04 Bleeping Computer
Weaver E-cology critical bug exploited in attacks since March
FOE May 04 Dark Reading
Physical Cargo Theft Gets a Boost From Cybercriminals
FOE May 04 Dark Reading
RMM Tools Fuel Stealthy Phishing Campaign
FOE May 04 The Register (Security)
Kids say they can beat age checks by drawing on a fake mustache
FOE May 04 Bleeping Computer
Researchers report Amazon SES abused in phishing to evade detection
FOE May 04 Bleeping Computer
Amazon SES increasingly abused in phishing to evade detection
FOE May 04 EPIC
America needs a strong privacy law. The SECURE Data Act isn’t it.
FOE May 04 Dark Reading
Exploit Cyber-Frenzy Threatens Millions via Critical cPanel Vulnerability
FRIEND May 04 SecurityWeek
Cisco Moves to Acquire Astrix Security to Tackle Non-Human Identity Risks
FOE May 04 CSO Online
The Winter Games effect: When gold meets DDoS
FOE May 04 EFF Deeplinks
EFF Submission to UK Consultation on Digital ID
FOE May 04 The Hacker News
Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools
FOE May 04 SecurityWeek
Trellix Source Code Repository Breached
FOE May 04 Bleeping Computer
Backdoored PyTorch Lightning package drops credential stealer
FOE May 04 SANS Internet Storm Center
TeamPCP Weekly Analysis: 2026-W18 (2026-04-27 through 2026-05-03), (Mon, May 4th)
FOE May 04 CSO Online
How orphaned applications are quietly fueling your shadow IT problem
FOE May 04 The Hacker News
Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass
FOE May 04 Bleeping Computer
Trellix discloses data breach after source code repository hack
FOE May 04 The Register (Security)
Shadow IT has given way to shadow AI. Enter AI-BOMs
FRIEND May 04 The Register (Security)
Shadow IT has given way to shadow AI. Enter AI-BOMs
FOE May 04 Dark Reading
Silver Fox Springs Tax-Themed Attacks on Orgs in India, Russia
FRIEND May 04 SANS Internet Storm Center
DShield Honeypot Update, (Mon, May 4th)
FOE May 04 The Hacker News
⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More
FOE May 04 Bleeping Computer
They don’t hack, they borrow: How fraudsters target credit unions
FRIEND May 04 SecurityWeek
Cybersecurity M&A Roundup: 33 Deals Announced in April 2026
FOE May 04 SecurityWeek
DigiCert Revokes Certificates After Support Portal Hack
FOE May 04 Bleeping Computer
Progress warns of critical MOVEit Automation auth bypass flaw
FRIEND May 04 Bleeping Computer
Webinar: Why MSPs must rethink security and backup strategies
FRIEND May 04 Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: Too many emojis
FRIEND May 04 EFF Deeplinks
Getting Digital Fairness Right: EFF's Recommendations for the EU's Digital Fairness Act
FOE May 04 The Hacker News
2026: The Year of AI-Assisted Attacks
FOE May 04 The Hacker News
Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia
FOE May 04 CSO Online
Security agencies draw red lines around agentic AI deployments
FOE May 04 Bleeping Computer
CISA says ‘Copy Fail’ flaw now exploited to root Linux systems
FOE May 04 SecurityWeek
Exploitation of ‘Copy Fail’ Linux Vulnerability Begins
FOE May 04 Bleeping Computer
Microsoft confirms April Windows updates cause backup failures
FRIEND May 04 EFF Deeplinks
Getting Digital Fairness Right: EFF's Recommendations for the EU's Digital Fairness Act
FOE May 04 Schneier on Security
Hacking Polymarket
FRIEND May 04 SecurityWeek
OpenAI Rolls Out Advanced Security for ChatGPT Accounts
FOE May 04 The Hacker News
Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks
FOE May 04 The Register (Security)
If the vote you rocked, your personal info can be grokked
FOE May 04 The Register (Security)
If the vote you rocked, your personal info can be grokked
FOE May 04 CSO Online
The fake IT worker problem CISOs can’t ignore
FRIEND May 04 CSO Online
How CISOs should utilize data security posture management to inform risk
FOE May 04 SecurityWeek
Over 40,000 Servers Compromised in Ongoing cPanel Exploitation
FOE May 04 SecurityWeek
Edtech Firm Instructure Discloses Data Breach Amid Hacker Leak Threats
FOE May 04 The Hacker News
Global Crackdown Arrests 276, Shuts 9 Crypto Scam Centers, Seizes $701M
FOE May 04 Risky Business News
Risky Bulletin: DigiCert hacked with a malicious screensaver file
FOE May 04 CSO Online
Was ist ein Botnet?
FOE May 04 The Register (Security)
Five Eyes spook shops warn rapid rollouts of agentic AI are too risky
FOE May 04 The Register (Security)
Five Eyes spook shops warn agentic is too wonky for rapid rollout
FOE May 03 Bleeping Computer
Instructure confirms data breach, ShinyHunters claims attack
FOE May 03 Bleeping Computer
Microsoft Defender wrongly flags DigiCert certs as Trojan:Win32/Cerdigent.A!dha
FRIEND May 03 SANS Internet Storm Center
Wireshark 4.6.5 Released, (Sun, May 3rd)
FOE May 03 SecurityWeek
US Military Reaches Deals With 7 Tech Companies to Use Their AI on Classified Systems
FOE May 03 Bleeping Computer
Telegram Mini Apps abused for crypto scams, Android malware delivery
FOE May 03 The Hacker News
CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV
FOE May 02 Bleeping Computer
Critrical cPanel flaw mass-exploited in "Sorry" ransomware attacks
FOE May 02 Bleeping Computer
ConsentFix v3 attacks target Azure with automated OAuth abuse
FOE May 02 SecurityWeek
New Bluekit Phishing Kit Features AI Assistant
FOE May 02 The Register (Security)
Brace for the patch tsunami: AI is unearthing decades of buried code debt
FOE May 02 The Register (Security)
Brace for the patch tsunami: AI is unearthing decades of buried code debt
FOE May 02 The Hacker News
Trellix Confirms Source Code Breach With Unauthorized Repository Access
FOE May 01 Bleeping Computer
Edu tech firm Instructure discloses cyber incident, probes impact
FOE May 01 CSO Online
AI agents can bypass guardrails and put credentials at risk, Okta study finds
FOE May 01 EPIC
EPIC Urges Representatives to Vote NO on Privacy Invasions at Treasury
FOE May 01 Dark Reading
76% of All Crypto Stolen in 2026 Is Now in North Korea
FOE May 01 CSO Online
Windows shell spoofing vulnerability puts sensitive data at risk
FOE May 01 Ars Technica (Security)
Ubuntu infrastructure has been down for more than a day
FOE May 01 SANS Internet Storm Center
Malicious Ad for Homebrew Leads to MacSync Stealer, (Fri, May 1st)
FOE May 01 The Hacker News
30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign
FOE May 01 Bleeping Computer
15-year-old detained over French govt agency data breach
FOE May 01 Bleeping Computer
Story retracted
FOE May 01 The Intercept (Privacy)
Musk Warns of Killer AI — While He and the Rest of Silicon Valley Cash In on AI That Kills
FOE May 01 Ars Technica (Security)
GPT-5.5 matches heavily hyped Mythos Preview in new cybersecurity tests
FOE May 01 SecurityWeek
In Other News: Scattered Spider Hacker Arrested, SOC Effectiveness Metrics, NSA Tool Vulnerability
FRIEND May 01 EFF Deeplinks
A Bridge to Somewhere: How to Link Your Mastodon, Bluesky, or Other Federated Accounts
FOE May 01 Dark Reading
If AI's So Smart, Why Does It Keep Deleting Production Databases?
FRIEND May 01 SecurityWeek
Google Adjusts Bug Bounties: Chrome Payouts Drop as Android Rewards Rise Amid AI Surge
FOE May 01 The Hacker News
Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks
FRIEND May 01 Bleeping Computer
Criminal IP and Securonix ThreatQ Collaborate to Enhance Threat Intelligence Operations
FOE May 01 The Hacker News
China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists
FOE May 01 The Register (Security)
First reports come in of victims of critical cPanel vuln as 'millions' of sites potentially exposed
FOE May 01 The Register (Security)
First reports come in of victims of critical cPanel vuln as 'millions' of sites potentially exposed
FRIEND May 01 Bleeping Computer
Microsoft fixes Remote Desktop warnings displaying incorrectly
FRIEND May 01 Dark Reading
Name That Toon: Mark of (Security) Progress
FRIEND May 01 Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: I just saw him at the coffee machine
FOE May 01 CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FRIEND May 01 CISA Alerts
Careful Adoption of Agentic AI Services
FRIEND May 01 Dark Reading
20 Years in Cyber: Dark Reading Marks Milestone With Month of Special Coverage
FOE May 01 The Register (Security)
OpenAI locks GPT-5.5-Cyber behind velvet rope despite slamming Anthropic for doing exactly that
FRIEND May 01 The Register (Security)
OpenAI locks GPT-5.5-Cyber behind velvet rope despite slamming Anthropic for doing exactly that
FOE May 01 SecurityWeek
Two US Security Experts Sentenced to Prison for Helping Ransomware Gang
FOE May 01 Schneier on Security
A Ransomware Negotiator Was Working for a Ransomware Gang
FRIEND May 01 Bleeping Computer
Microsoft now lets admins choose pre-installed Store apps to uninstall
FOE May 01 SecurityWeek
Sophisticated Deep#Door Backdoor Enables Espionage, Disruption
FOE May 01 The Register (Security)
Pro-Iran crew turns DDoS into shakedown as Ubuntu.com stays down
FOE May 01 The Register (Security)
Pro-Iran crew turns DDoS into shakedown as Ubuntu.com stays down
FRIEND May 01 The Hacker News
Top Five Sales Challenges Costing MSPs Cybersecurity Revenue
FRIEND May 01 SecurityWeek
Cisco Releases Open Source Tool for AI Model Provenance
FRIEND May 01 Bleeping Computer
Windows 11 KB5083631 update released with 34 changes and fixes
FOE May 01 CSO Online
Human-centric failures: Why BEC continues to work despite MFA
FOE May 01 The Hacker News
Two Cybersecurity Professionals Get 4-Year Sentences in BlackCat Ransomware Attacks
FOE May 01 The Hacker News
Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft
FRIEND May 01 CSO Online
Just 34% of cyber pros plan to stick with their current employer
FRIEND May 01 CSO Online
Enterprise Spotlight: Transforming software development with AI
FOE May 01 CSO Online
Managing OT risk at scale: Why OT cyber decisions are leadership decisions
FOE May 01 SecurityWeek
Hugging Face, ClawHub Abused for Malware Distribution
FOE May 01 SecurityWeek
FBI Warns of Surge in Hacker-Enabled Cargo Theft
FOE May 01 Bleeping Computer
US ransomware negotiators get 4 years in prison over BlackCat attacks
FOE May 01 SecurityWeek
1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom
FOE May 01 Risky Business News
Risky Bulletin: The mysterious hack of Moldova's healthcare database
FOE May 01 CSO Online
‘Trivial’ exploit can give attackers root access to Linux kernel
FOE May 01 Sophos News
AI finds the vulnerabilities, but exploiting them is a different problem.
FOE May 01 Sophos News
AI just became the world's most dangerous exploit writer. Here's why Sophos Endpoint is built to stop it.
FOE May 01 Sophos News
Proof-of-concept exploit available for Linux 'Copy Fail' vulnerability (CVE-2026-31431)
FOE May 01 CISA KEV
CVE-2026-31431: Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability
About Methodology Fair Use Privacy Contact RSS

Scanning the threat landscape.