FRIEND
SANS Internet Storm Center
YARA-X 1.17.0 Release, (Sun, May 31st)
FOE
Bleeping Computer
WP Maps Pro bug exploited to create admin accounts on WordPress sites
FRIEND
The Hacker News
Dutch Authorities Dismantle Botnet Linked to 17 Million Infected Devices
FOE
The Intercept (Privacy)
A Gay Palestinian Fled to Israel’s “Safe Haven.” Israel Tried to Exploit Him for Intelligence.
FOE
Bleeping Computer
Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks
FOE
SecurityWeek
Russian Spies Are Aggressively Seeking Western Technology as Sanctions Bite, Officials Say
FOE
SecurityWeek
Exploit Code Published for Critical Flowise RCE Vulnerability
FOE
Bleeping Computer
New CIFSwitch Linux flaw gives root on multiple distributions
FOE
The Hacker News
PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation
FOE
CSO Online
Russia-aligned crime group Greyvibe extensively uses AI in attacks
FOE
CSO Online
Microsoft and security researcher’s dueling posts about cybersecurity disclosures get nasty
FOE
The Register (Security)
Lone attacker published 14 malicious npm packages mimicking popular OpenSearch, Elasticsearch libraries
FRIEND
Schneier on Security
Friday Squid Blogging: Another Squid
FRIEND
Dark Reading
Name That Toon: Mark of (Cybersecurity) Progress
FOE
EFF Deeplinks
One Step Forward, Two Steps Back: CA's AB 1856 Exempts Open Source But Expands Age-Gating
FOE
The Register (Security)
ICE to keep an eye on your eyes under $25M biometric scanner deal
FOE
Ars Technica (Security)
Botnet of more than 17 million devices dismantled
FOE
The Register (Security)
No fix yet for critical RCE bug in open-source Git service Gogs - exploit module is out
FOE
Bleeping Computer
ChatGPT share links abused to host fake outage pages to deliver malware
FOE
Bleeping Computer
California AG sues 23andMe over 2023 breach exposing health data
FOE
The Hacker News
ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface
FOE
SecurityWeek
In Other News: Trump Mobile Data Breach, FIFA World Cup Phishing, CISA Responds to Supply Chain Attacks
FOE
The Register (Security)
23andMe inherits lawsuit over 'disturbing' DNA data breach
FRIEND
CSO Online
DNS-AID will make AI agents easier to discover, says Linux Foundation
FRIEND
CSO Online
Certifiably random: Swiss researchers claim perfect random number source
FOE
SecurityWeek
Charter Communications Data Breach Could Impact Nearly 5 Million
FOE
The Hacker News
Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit
FRIEND
Dark Reading
Asia's Cyber Insurance Market Shows Signs of Life
FRIEND
SecurityWeek
MokN Raises $15 Million for Phish-Back Platform
FOE
Bleeping Computer
From $5 Attacks to Botnet-Powered Platforms: Inside the DDoS-as-a- Service Market
FOE
Bleeping Computer
Dutch govt disrupts malware botnet with 17 million infected devices
FOE
Dark Reading
With Complex Cloud Integrations, Small Errors Lead to Major Compromises
FOE
The Register (Security)
Dutch cops wrest 17M devices from mystery botnet's clutches
FOE
SecurityWeek
Gogs Zero-Day Exposes Servers to Remote Code Execution
FRIEND
Bleeping Computer
Google Chrome adds session cookie theft protection for all users
FRIEND
Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: It’s all letters and numbers
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
Dark Reading
'The Com' Cyberattacks Support Violence & Sexploitation
FOE
The Register (Security)
ChatGPT blindly trusts browser content, turning the page into a payload
FOE
The Register (Security)
Russia-linked threat group put ChatGPT to work from lure to payload
FOE
The Hacker News
New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks
FOE
SecurityWeek
California Sues 23andMe, Alleging It Failed to Protect User Data in 2023 Breach
FOE
Bleeping Computer
Man sent to prison for selling data of 7 millions elderly Americans
FOE
The Hacker News
What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks
FOE
The Register (Security)
ShinyHunters adds Charter to trophy shelf after 4.9M customer records leak
FOE
SecurityWeek
Chrome 148 Update Patches 151 Vulnerabilities
FOE
Bleeping Computer
US charges Google security engineer with Polymarket insider trading
FOE
The Intercept (Privacy)
The Race to Build AI Data Centers — Before the People Can Protest
FOE
CSO Online
Notepad++ vulnerabilities could enable arbitrary code execution on Windows systems
FOE
The Hacker News
Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets
FOE
CSO Online
The Gentlemen are coming for your files, and then your network
FRIEND
CSO Online
Cybersecurity trends in SEC filings
FOE
Bleeping Computer
Charter Communications data breach affects 4.9 million accounts
FOE
CSO Online
GDPR set the tone for regulatory action — and the AI fine pushback to come
FOE
The Hacker News
Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels
FOE
Risky Business News
Risky Bulletin: Dutch police take down giant botnet of 17 million devices
FRIEND
CSO Online
IBM and Red Hat want to become the ‘security clearinghouse’ for open source applications in the enterprise
FOE
CSO Online
Lack of response to critical vulnerability in Gogs is a reminder of the limits of open source projects
FOE
Bleeping Computer
Anthropic confirms Claude Mythos-class models will roll out to the public
FOE
CISA KEV
CVE-2026-0257: Palo Alto Networks PAN-OS Authentication Bypass Vulnerability
FOE
Dark Reading
As Global Powers Explore Humanoid Robots, Cyber-Risk Looms
FOE
Bleeping Computer
GreyVibe hackers use ChatGPT, Gemini to power cyberattacks
FOE
The Register (Security)
Troops’ phones gave away location data to foreign adversaries
FOE
Bleeping Computer
BTMOB Android malware service generates custom phishing payloads
FOE
Ars Technica (Security)
Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code
FOE
The Register (Security)
Disgruntled 0-day hunter 'humiliated' by Microsoft pledges 'bone shattering drop' as Redmond calls cops
FRIEND
The Register (Security)
Snowflake buys Natoma to help freeze out rogue agents
FRIEND
The Register (Security)
Snowflake buys Natoma to help freeze out rogue agents
FOE
SANS Internet Storm Center
Analysis of a Year of Files Uploaded to DShield Sensors, (Wed, May 27th)
FOE
Bleeping Computer
FBI warns of fake FIFA websites running World Cup fraud schemes
FOE
Dark Reading
Dutch Raid Fails to Dent Russian Bulletproof Host
FOE
Sophos News
Canvas attack aftermath: What risks come next
FOE
SecurityWeek
Russia-Linked ‘GreyVibe’ Attackers Use AI to Supercharge Cyberattacks
FOE
EPIC
EPIC Urges Vermont Senators to Vote No on Weak ‘Privacy’ Bill
FOE
Bleeping Computer
Hackers exploit FortiClient EMS flaw to push infostealer malware
FOE
The Hacker News
Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code
FRIEND
SecurityWeek
Geordie Raises $30 Million for AI Security and Governance Platform
FOE
EFF Deeplinks
Age Verification is a Privacy Nightmare
FOE
The Register (Security)
Microsoft tests the 15-character limit of Windows Server admins' patience
FOE
The Register (Security)
Microsoft tests the 15-character limit of Windows Server admins' patience
FOE
Dark Reading
Agentic AI Isn't Risky; the Way Orgs Deploy It Is
FOE
The Hacker News
Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer
FRIEND
Professor Messer
Today’s SY0-701 CompTIA Security+ Pop Quiz: The story took an odd turn
FOE
SecurityWeek
Carnival Data Breach Exposed 6 Million People
FOE
Bleeping Computer
New Gogs zero-day flaw lets hackers get remote code execution
FRIEND
Bleeping Computer
How SIEM helps MSPs reduce noise and stop threats faster
FOE
The Hacker News
Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal
FOE
The Hacker News
ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More
FOE
SecurityWeek
New BTMOB Android Malware Enables Full Device Takeover
FOE
CSO Online
Indian CERT urges firms to contain exploited internet-facing flaws within 12 hours
FOE
SecurityWeek
Critical FortiClient EMS Vulnerability Exploited in Fresh Attacks
FOE
Bleeping Computer
Romanian gets 5 years in prison for hacking Oregon govt network
FRIEND
SecurityWeek
IBM and Red Hat Commit $5 Billion to Secure Open Source Supply Chains Under “Project Lightwell”
FRIEND
Dark Reading
Focus on Cyber Insurance: How Quantifying Risk Is Reshaping Security
FOE
CSO Online
GlassWorm falls, but the repo problem is far from solved
FRIEND
Bleeping Computer
Webinar: Why network incidents take too long to resolve
FOE
The Register (Security)
Carnival confirms ShinyHunters cruised off with 6M customer records after April breach
FRIEND
Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: Hand me the doodad
FOE
CISA Alerts
Supply Chain Compromises Impact Nx Console and GitHub Repositories
FOE
CISA Alerts
Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter
FOE
CISA Alerts
KMW CCTV Security Cameras
FOE
CISA Alerts
Fourth Frontier Frontier X Mobile Application, Frontier X2
FOE
CISA Alerts
CP Plus 8 Ch. Network Video Recorder
FOE
CISA Alerts
ABB Busch-Welcome 2 Wire Door Opener Actuator
FOE
CISA Alerts
XCharge C6
FOE
CISA Alerts
ABB EIBPORT
FOE
CISA Alerts
Schnieider Electric EcoStruxure Machine Expert HVAC
FOE
CISA Alerts
MacGregor Voyage Data Recorder (VDR) G4e
FRIEND
SecurityWeek
New Edamame Platform Aims to Catch AI Coding Agents Going Off the Rails
FOE
The Hacker News
New AI Usage Report: Enterprise AI Risk Is Heavily Concentrated Among a Small Group of AI "Power users"
FOE
SecurityWeek
Gitea Vulnerability Exposed 30,000 Deployments to Attacks
FOE
SecurityWeek
Raising the Cybersecurity Stakes: Ante up for the Agentic Era
FOE
Bleeping Computer
Carnival Cruise confirms data breach affecting nearly 6 million people
FOE
CSO Online
The AI governance imperative you can’t afford to ignore
FRIEND
SecurityWeek
Google Unveils AI Threat Defense Platform to Fight AI-Powered Cyberattacks
FOE
Bleeping Computer
Sextortionist sentenced to 33 years for targeting 145 children
FOE
Dark Reading
BTMOB RAT Spreads Across Brazil, LatAm via MaaS Model
FOE
CSO Online
What the industrialization of exploitation means for defenders
FOE
Privacy International
How New EU Access to Documents Rules Can Reduce Transparency and Shield Big Tech
FOE
The Hacker News
JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware
FRIEND
Dark Reading
Nordic CISOs Handle Rising Cyber Threats Remarkably Well
FOE
The Register (Security)
Company CEO flooded file share with smut, called for help after he deleted it
FOE
CSO Online
Employees are unknowingly inviting tech support impersonators into firms, says FBI
FOE
Sophos News
Canvas attack aftermath: What risks come next?
FRIEND
Sophos News
Encore Performance: Sophos ranked #1 Overall in Endpoint, EDR, XDR, MDR, and Firewall for the 2nd consecutive time in the G2 Summer 2026 Reports
FOE
CSO Online
Another IT governance headache: AI-enabled sanction evasion
FRIEND
Sophos News
Gartner EPP MQ-17
FRIEND
Professor Messer
Professor Messer’s SY0-701 Security+ Study Group – May 2026
FOE
CSO Online
AI models more vulnerable than claimed when faced with iterative attacks
FOE
Bleeping Computer
GPU mining malware spreads via SEO poisoning, AI chatbots
FOE
SANS Internet Storm Center
Reconstructing an Akira Ransomware Kill Chain from Perimeter and Endpoint Logs, (Wed, May 27th)
FOE
Ars Technica (Security)
Websites have a new way to spy on visitors: analyzing their SSD activity
FOE
Dark Reading
Ransomware Actors Show Up In Person to Steal Law Firm Data
FOE
The Register (Security)
CrowdStrike, Google shatter Glassworm botnet
FOE
SecurityWeek
UK Cyberspying Chief Calls AI ‘an Unstoppable Force’ and Warns About Russia
FOE
The Register (Security)
Bosses blinded by confidence about shadow AI use by workers
FOE
Dark Reading
Latin American Cybercriminals Hoover Up Government Data
FOE
The Register (Security)
FBI: Get to know your IT guy – extortion crews are visiting law firms pretending to be tech support
FOE
Dark Reading
AI-Assisted Exploit Development Outpaces Scanner Detection
FOE
The Hacker News
Grandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android Users
FOE
The Hacker News
Malicious npm Package Stole Files From Claude AI User Directory via GitHub
FOE
CSO Online
FastAPI-based AI tools exposed to authentication bypass by flaw in Starlette framework
FOE
SecurityWeek
Vulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance Rate
FOE
Schneier on Security
FBI’s 2025 Internet Crime Report
FRIEND
Bleeping Computer
Can you enforce strong Active Directory password rules without frustrating users?
FOE
The Register (Security)
India's cyber agency sets clock at 12 hours to tackle exploited bugs as AI turns up the heat
FRIEND
Black Hills Information Security
Bad Habits: An ANTISOC Operation
FOE
Bleeping Computer
Glassworm botnet disrupted after resilient C2 infrastructure takedown
FRIEND
SecurityWeek
SecurityWeek to Host AI Risk Summit August 11-12 at the Ritz-Carlton, Half Moon Bay
FRIEND
Dark Reading
Cybersecurity Evolution: How We Went From Perimeter Defense to AI-Native Security
FRIEND
Professor Messer
Today’s 220-1202 CompTIA A+ Quiz: Sit and stay
FOE
CISA Alerts
CISA Adds Three Known Exploited Vulnerabilities to Catalog
FRIEND
The Register (Security)
How to guarantee a speaker gig: Hack the system. Literally
FRIEND
SecurityWeek
RevEng.AI Raises $15 Million to Hunt for Flaws and Backdoors in Software Binaries
FOE
Bleeping Computer
FBI warns of in-person data theft attacks from extortion gang
FOE
The Hacker News
GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure
FRIEND
The Hacker News
3 SOC Steps that Shut Down Incident Risks Early
FOE
SecurityWeek
Romanian Hacker Sentenced to Prison in US for Selling Access to State Network
FOE
The Hacker News
5 Steps to Managing Shadow AI Tools Without Slowing Down Employees
FRIEND
SecurityWeek
Lastwall Raises $11.5 Million for Quantum-Resilient Identity Platform
FOE
SecurityWeek
The Credential Crisis: How Stolen Credentials Defeat Modern Security
FRIEND
Privacy International
The ILO Convention on decent work in the platform economy
FOE
SecurityWeek
‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery Systems
FRIEND
SecurityWeek
GlassWorm Botnet Disrupted
FOE
The Hacker News
Gitea Vulnerability Exposes Private Container Images without Authentication
FOE
Bleeping Computer
CISA gives feds 4 days to patch actively exploited cPanel plugin flaw
FOE
SecurityWeek
LA Metro Cyberattack Linked to Iranian State-Sponsored Hackers
FOE
Bleeping Computer
Dutch police arrests suspect linked to Ajax football club hack
FOE
CSO Online
The NSA, ‘Mythos’ and the quiet emergence of AI cyber doctrine
FRIEND
Bleeping Computer
Windows 11 KB5089573 update released with performance improvements
FOE
SecurityWeek
FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal Data
FOE
The Hacker News
AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites
FRIEND
CSO Online
DSPM buyer’s guide: Top 10 data security posture management tools
FOE
SecurityWeek
CISA Urges Immediate Patching of Exploited LiteSpeed cPanel Plugin Zero-Day
FRIEND
SecurityWeek
Anthropic Releases New Claude Sandbox, Security Guidance Plugin
FOE
Risky Business News
Risky Bulletin: BadHost vulnerability bypasses authentication on AI infrastructure
FOE
Sophos News
GitHub internal repositories breached
FOE
CSO Online
Microsoft previews automatic device isolation in Defender for Endpoint
FRIEND
Sophos News
Sophos named a Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection for the 17th consecutive report
FOE
CISA KEV
CVE-2026-45321: TanStack Unspecified Vulnerability
FOE
CISA KEV
CVE-2026-48027: Nx Console Embedded Malicious Code Vulnerability
FOE
EFF Deeplinks
More License Plate Reader Mission Creep: School Residency Verification, Background Checks, and Noise Complaints
FOE
Bleeping Computer
KnowledgeDeliver flaw exploited as a zero-day to install web shells
FOE
Ars Technica (Security)
Millions of AI agents imperiled by critical vulnerability in open source package
FOE
Dark Reading
Feeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub Repos
FOE
Bleeping Computer
Charter confirms data breach after ShinyHunters extortion threat
FRIEND
EPIC
EPIC Joins NCLC in Support of FCC Bond Requirement Proposal to Prevent Robocalls
FOE
Dark Reading
State Cyber Leaders Beg Congress for More Funding, Support
FOE
Dark Reading
The Hackers Behind Shai-Hulud: Lucky or Skilled?
FOE
Dark Reading
For Enterprises, Security Remains Agentic AI's Biggest Challenge
FOE
EPIC
The Indian Express: AI firms use same deceptive opt-out tactics as data brokers to confuse users, study finds
FOE
EPIC
iGaming: Roblox Receives FTC Complaint Over Child Safety Claims
FOE
Dark Reading
Microsoft Issues Out-of-Band SharePoint Patch
FOE
The Register (Security)
MyPillow must decide whether to be firm or soft as ransomware crims demand pay
FOE
The Hacker News
MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries
FOE
Schneier on Security
Identifying People Using Wi-Fi Routers
FRIEND
Professor Messer
Today’s N10-009 CompTIA Network+ Pop Quiz: We need a good map
FOE
CSO Online
GitHub Actions abused by Megalodon attack to slip malicious commits into 5,500 repos
FRIEND
Bleeping Computer
How Varonis Atlas integrates Claude Compliance API for AI governance
FRIEND
SecurityWeek
AppOmni’s Marlin AI Brings Autonomous Investigation to SaaS Security
FOE
SecurityWeek
Iranian APT Targets Aviation, Software Companies With Updated Tools
FRIEND
Bleeping Computer
Microsoft Defender can now automatically isolate hacked endpoints
FRIEND
Bleeping Computer
Webinar: Too many tools are slowing network incident response
FOE
The Register (Security)
Experts pour cold borscht on Farage's Russian hack claim
FRIEND
Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: A bit metallic
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
CISA Alerts
Eppendorf BioFlo 320
FOE
CISA Alerts
ABB AC500 V2
FOE
CISA Alerts
ABB AbilityTM Zenon Remote Transport Vulnerability
FOE
CISA Alerts
ABB LVS MConfig
FOE
CISA Alerts
ABB Terra AC
FOE
CISA Alerts
ABB B&R Automation Runtime DoS Vulnerability in System Diagnostics Manager (SDM)
FOE
CISA Alerts
ABB Ability Camera Connect
FRIEND
Dark Reading
Remembering Tim Wilson, Whose Legacy Lives on at Dark Reading
FOE
SecurityWeek
185,000 Likely Impacted by 7-Eleven Data Breach
FRIEND
The Hacker News
[THN Webinar] New AI DDoS Attacks Are Smarter. Learn How to Fight Back
FOE
The Hacker News
Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions
FRIEND
SecurityWeek
Anthropic Expands Claude’s Enterprise Security Governance With 28 New Integrations
FOE
CSO Online
TrapDoor malware campaign puts developer workstations in CISO spotlight
FOE
SecurityWeek
Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment
FRIEND
SecurityWeek
Watch on Demand: Threat Detection & Incident Response Summit – All Sessions Available
FRIEND
SecurityWeek
Open Source DockSec Uses AI to Cut Through Vulnerability Noise in Docker Images
FOE
The Hacker News
MFA Prompt Bombing: Why Your Second Factor Isn't Saving You
FOE
SecurityWeek
Lithuania Suspects Foreign Involvement in Data Leak of Over 600,000 National Register Entries
FOE
SecurityWeek
Admins of Bulletproof Hosting Service Used by Russian Hackers Arrested in Netherlands
FOE
The Hacker News
CERT-In Mandates 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks
FOE
CSO Online
Stop treating AI governance as a review layer. Make it release infrastructure
FOE
Bleeping Computer
CISA orders feds to patch actively exploited Drupal vulnerability
FOE
Bleeping Computer
Microsoft: Domain Controller lookup may fail on Windows Server 2016
FOE
The Hacker News
Iranian Hackers Deploy MiniFast and MiniJunk V2 via Phishing and SEO Poisoning
FOE
Bleeping Computer
7-Eleven data breach exposes personal information of 185,000 people
FOE
CSO Online
Vulnerabilities have become cyber attackers’ No. 1 door to the enterprise
FOE
The Hacker News
KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike
FOE
CSO Online
Security experts caution MFA alone can no longer stop threat actors
FRIEND
CSO Online
Project Glasswing has uncovered 10,000 vulnerabilities: Anthropic
FOE
SANS Internet Storm Center
Possible ACR Stealer From Page Impersonating Claude, (Tue, May 26th)
FOE
CISA KEV
CVE-2026-48172: LiteSpeed cPanel Plugin Privilege Escalation Vulnerability
FOE
Bleeping Computer
Anthropic’s restricted Claude Mythos model may be coming to Claude Code
FOE
SANS Internet Storm Center
Microsoft Access VBA, (Mon, May 25th)
FOE
The Hacker News
⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos
FOE
SecurityWeek
Ghost CMS Vulnerability Exploited to Hack Over 700 Websites
FOE
SANS Internet Storm Center
TeamPCP Supply Chain Campaign: Activity Through 2026-05-24, (Mon, May 25th)
FOE
SANS Internet Storm Center
TeamPCP Supply Chain Campaign: Activity Through 2026-05-24, (Mon, May 25th)
FOE
Krebs on Security
Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks
FOE
Bleeping Computer
FBI warns of Kali365 phishing service targeting Microsoft 365 accounts
FOE
CSO Online
AI security needs a shift from models to systems, researchers argue
FOE
SecurityWeek
Oncology Institute Discloses Data Breach
FOE
The Hacker News
Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks
FRIEND
Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: Welcome to the club
FRIEND
CSO Online
As AI speeds coding, CVE Lite CLI keeps security deliberately AI-free
FRIEND
The Hacker News
The Alert Firehose Finally Meets Its Match
FOE
SecurityWeek
266,000 Affected by Data Breach at Radiology Associates of Richmond
FOE
SecurityWeek
Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects
FOE
SecurityWeek
Laravel-Lang Packages Poisoned for Malware Delivery
FOE
SecurityWeek
DocketWise Data Breach Impacts 143,000
FOE
The Hacker News
Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms
FOE
SecurityWeek
Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack
FOE
The Register (Security)
Anthropic to release Mythos-class models to the public
FOE
CSO Online
To pay, or not to pay: 58% of CISOs say they would pay the ransom for their data
FOE
The Hacker News
TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO
FOE
Risky Business News
Risky Bulletin: Mythos found thousands of critical bugs
FRIEND
SANS Internet Storm Center
Wireshark 4.6.6 Released, (Sun, May 24th)
FOE
Bleeping Computer
Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign
FOE
Bleeping Computer
Laravel Lang packages hijacked to deploy credential-stealing malware
FRIEND
The Hacker News
npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
FOE
The Hacker News
Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
FOE
Bleeping Computer
Italy disrupts CINEMAGOAL piracy app that stole streaming auth codes
FRIEND
The Hacker News
Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software
FOE
SecurityWeek
‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains
FOE
The Register (Security)
AI eyes scanning for bugs create a worrisome Linux security trend
FOE
The Register (Security)
Dirty Frag, Copy Fail, Fragnesia: The start of a worrisome Linux security trend
FOE
The Hacker News
Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer
FOE
The Hacker News
LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root
FOE
The Hacker News
Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV
FRIEND
SANS Internet Storm Center
An Example of Stack String in High Level Language, (Sat, May 23rd)
FOE
CSO Online
Google leaks details for Chromium bug that can turn browsers into bots
FOE
The Register (Security)
A Russian speaker and jailbroken Gemini went on a hacking spree and emptied at least one MAGA victim's crypto wallets
FOE
The Register (Security)
Megalodon chums the waters in 5.5K+ GitHub repo poisonings
FOE
Ars Technica (Security)
Police boast of hacking VPN where criminals "believed themselves to be safe"
FRIEND
EPIC
NPR: DHS says ICE has ‘no relationship’ with spyware maker Paragon Solutions
FOE
Ars Technica (Security)
Texas AG sues Meta over claims that WhatsApp doesn't provide end-to-end encryption
FOE
CSO Online
FBI warns of Kali Oauth stealers
FOE
The Hacker News
First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups
FOE
Bleeping Computer
Netherlands seizes 800 servers of hosting firm enabling cyberattacks
FOE
SecurityWeek
Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure
FOE
CSO Online
Police take down VPN service (this time with a good reason)
FOE
Krebs on Security
Lawmakers Demand Answers as CISA Tries to Contain Data Leak
FOE
The Hacker News
Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware
FRIEND
CSO Online
Microsoft says it’s making AI ‘safe for work’ in your browser
FRIEND
Dark Reading
Akamai Joins Growing Chorus of Vendors Betting Big on Secure Enterprise Browsers
FOE
Bleeping Computer
Former US execs plead guilty to aiding tech support scammers
FOE
SecurityWeek
In Other News: Industrial Router Exploitation, CISA KEV Nomination Form, Gas Station Hacking
FOE
Schneier on Security
CISA Security Leak
FOE
Bleeping Computer
Trend Micro warns of Apex One zero-day exploited in the wild
FOE
Dark Reading
Verizon DBIR: Healthcare Fends Off Increased Social Engineering Attacks
FOE
Bleeping Computer
Drupal: Critical SQL injection flaw now targeted in attacks
FOE
Bleeping Computer
Why Chargebacks are Just One Piece of the Fraud Puzzle
FOE
SecurityWeek
Canadian Man Arrested for Operating Kimwolf Botnet
FRIEND
Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: Bright colors are making a comeback
FOE
Bleeping Computer
Ubiquiti patches three max severity UniFi OS vulnerabilities
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
The Hacker News
Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows
FOE
The Hacker News
Making Vulnerable Drivers Exploitable Without Hardware - The BYOVD Perspective
FOE
The Register (Security)
Techie claims Trump Mobile website was leaking thousands of people's data
FOE
Ars Technica (Security)
A hacker group is poisoning open source code at an unprecedented scale
FOE
The Intercept (Privacy)
AIPAC, AI, Crypto and Gambling Are Hiding Their Big Election Spends
FOE
CSO Online
Why your AI strategy stops where the PLC starts: Hard lessons from the OT frontlines
FOE
SecurityWeek
‘First VPN’ Cybercrime Service Disrupted, Administrator Arrested
FOE
Bleeping Computer
US and Canada arrest and charge suspected Kimwolf botnet admin
FOE
CSO Online
Identity as the primary attack surface: What modern breaches are really exploiting
FOE
The Hacker News
Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks
FOE
SecurityWeek
TrendAI Patches Apex One Zero-Day Exploited in the Wild
FOE
SecurityWeek
Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack
FRIEND
CSO Online
Google folds CodeMender into agent ecosystem amid push for AI-led AppSec
FOE
Dark Reading
China's Webworm Uses Discord, Microsoft Graphs to Hack EU Govts.
FOE
SANS Internet Storm Center
Cross-Platform NPM Stealer, (Fri, May 22nd)
FOE
The Hacker News
CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV
FRIEND
The Register (Security)
Cisco used AI to write security incident reports, with mixed results
FOE
The Hacker News
Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access
FRIEND
Risky Business News
Risky Bulletin: Microsoft ends SMS MFA for personal accounts
FOE
CISA KEV
CVE-2026-9082: Drupal Core SQL Injection Vulnerability
FOE
The Register (Security)
Dems slam Trump for making cybersecurity hold out the tin cup while splurging on ballroom and Jan. 6 'slush fund'
FOE
CSO Online
Critical vulnerability in Cisco Secure Workload rated at maximum severity
FOE
CSO Online
Microsoft patches two zero-day flaws in Defender
FOE
Krebs on Security
Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada
FRIEND
EPIC
EPIC Submits Comments to FTC Urging the Agency to Prioritize Privacy in Potential Antitrust Guidelines
FOE
CSO Online
Unpatched ChromaDB flaw leaves servers open to remote code execution
FOE
Dark Reading
How CISOs Should Prep for Agentic-Ready AI BOMs
FOE
The Register (Security)
Threat hunters find Google API keys still usable 23 minutes after deletion
FOE
Dark Reading
Google API Keys Remain Active After Deletion
FOE
The Register (Security)
HackerOne takes an axe to its bug bounty rewards
FOE
EPIC
Biometric Update: Texas AG opens investigation into Meta glasses over privacy, biometric concerns
FOE
EPIC
NPR: What we know about how the U.S. government uses spyware (and what we don’t)
FOE
Bleeping Computer
Google accidentally exposed details of unfixed Chromium flaw
FOE
Schneier on Security
macOS Kernel Memory Corruption Exploit
FOE
Dark Reading
AI Agents Are Shifting Identity Security Budget Dynamics
FOE
Bleeping Computer
Apple blocked over $11 billion in App Store fraud in 6 years
FRIEND
Professor Messer
Today’s SY0-701 CompTIA Security+ Pop Quiz: A forest of data
FOE
The Hacker News
Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor
FOE
BrightTALK InfoSec
Securing AI-Driven Supply Chains Before the Next Breach
FOE
Bleeping Computer
Inside a Crypto Drainer: How to Spot it Before it Empties Your Wallet
FOE
Dark Reading
Chinese APTs Share Linux Backdoor in Central Asia Telco Attacks
FOE
Bleeping Computer
Chinese hackers target telcos with new Linux, Windows malware
FOE
Bleeping Computer
Max severity Cisco Secure Workload flaw gives Site Admin privileges
FRIEND
SANS Internet Storm Center
Selective HTTP Proxying in Linux, (Thu, May 21st)
FOE
Bleeping Computer
Police seize “First VPN” service used in ransomware, data theft attacks
FOE
Dark Reading
Content Delivery Exploit Opens Websites to Brand Hijacking
FOE
The Register (Security)
Attackers spill plaintext passwords of 46k Myspace93 users after 2021 breach
FOE
SecurityWeek
Cisco Patches Critical Vulnerability in Secure Workload
FRIEND
Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: We need more light
FOE
CISA Alerts
CISA Adds Two Known Exploited Vulnerabilities to Catalog
FOE
CISA Alerts
ABB B&R Automation Runtime
FOE
CISA Alerts
Hitachi Energy GMS600
FOE
CISA Alerts
ABB Terra AC Wallbox
FOE
CISA Alerts
ABB B&R PCs
FOE
CISA Alerts
ABB B&R Automation Studio
FOE
The Hacker News
ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories
FRIEND
SecurityWeek
Ocean Emerges From Stealth With $28M for Agentic Email Security Platform
FOE
The Register (Security)
Cisco serves up yet another perfect 10 bug with Secure Workload admin flaw
FRIEND
SecurityWeek
Apple Rejected 2 Million App Store Submissions in 2025 for Security and Fraud Prevention
FRIEND
Bleeping Computer
Flipper One project needs community help to build open Linux platform
FOE
SecurityWeek
Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking
FOE
The Hacker News
Microsoft Warns of Two Actively Exploited Defender Vulnerabilities
FRIEND
SecurityWeek
Socket Raises $60 Million at $1 Billion Valuation
FRIEND
The Register (Security)
Microsoft storms RAMPART, adds Clarity to agentic AI safety
FOE
The Hacker News
When Identity is the Attack Path
FRIEND
CSO Online
Microsoft releases open-source tools to operationalize AI agent safety
FOE
BrightTALK InfoSec
From Tools to Teammates: Governing AI Agents as Enterprise Workers
FOE
SecurityWeek
Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days
FRIEND
SecurityWeek
Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI
FOE
SecurityWeek
Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility
FOE
Bleeping Computer
Microsoft warns of new Defender zero-days exploited in attacks
FOE
The Hacker News
9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros
FOE
The Register (Security)
Zombie user account let hackers control the city’s water
FRIEND
CSO Online
AI becoming an SOC imperative for curtailing emerging cyber threats
FOE
Bleeping Computer
GitHub links repo breach to TanStack npm supply-chain attack
FOE
Risky Business News
Srsly Risky Biz: Politicians to Ditch Signal for Homegrown Apps
FOE
The Hacker News
GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension
FOE
The Hacker News
Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks
FOE
CSO Online
Microsoft is working on a patch for ‘YellowKey’ attack on Bitlocker, offers temporary fix
FOE
CISA KEV
CVE-2026-34926: Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability
FOE
CISA KEV
CVE-2025-34291: Langflow Origin Validation Error Vulnerability
FOE
CSO Online
Drupal admins rushing to patch maximum severity SQL injection vulnerability
FOE
Bleeping Computer
Ukraine identifies infostealer operator tied to 28,000 stolen accounts
FOE
Bleeping Computer
Hackers bypass SonicWall VPN MFA due to incomplete patching
FOE
EPIC
EPIC, Coalition Urge Congress to Ban Flock Automatic License Plate Readers
FOE
Dark Reading
Cyber Pros Can't Decide If AI Is a Good or a Bad Thing
FOE
Dark Reading
GitHub Confirms Breach, 4K Internal Repos Stolen
FOE
Dark Reading
Fake Android Apps Commit Carrier Billing Fraud for Premium Svcs.
FOE
The Register (Security)
Even Claude agrees: hole in its sandbox was real and dangerous
FOE
Ars Technica (Security)
Google publishes exploit code threatening millions of Chromium users
FOE
EPIC
EPIC, Coalition Call on FTC to Investigate Roblox’s Manipulative Design Harms
FRIEND
TCM Security Blog
TCM Academy Course Release: Introduction to Windows Forensics
FOE
Dark Reading
Processes and Culture Top Reasons Behind Data Breaches
FOE
Sophos News
Sophos Firewall and Synchronized Security
FRIEND
The Hacker News
Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development
FRIEND
EPIC
EPIC Encourages CalPrivacy to Prohibit Dark Patterns in Privacy Policies
FOE
Dark Reading
Patch Now: Critical Flaw in OT Robot OS Gives Attackers Control
FOE
CSO Online
GitHub admits major source code leak after 3,800 internal repositories breached
FOE
Bleeping Computer
Grafana breach caused by missed token rotation after TanStack attack
FRIEND
SecurityWeek
Quantum Bridge Raises $8 Million for Quantum-Safe Key Distribution Solution
FOE
SecurityWeek
Microsoft Rolls Out Mitigations for ‘YellowKey’ BitLocker Bypass
FRIEND
EFF Deeplinks
🔒 A Win for Encrypted Messaging | EFFector 38.10
FOE
SecurityWeek
AI-Powered App Attacks Are Faster, More Frequent and Harder to Stop
FOE
The Hacker News
Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks
FOE
Schneier on Security
On AI Security
FOE
Bleeping Computer
Identity Alone Isn't Enough: Why Device Security Has to Share the Load
FRIEND
Dark Reading
Infosecurity Europe
FRIEND
Black Hills Information Security
Same Problem, Different Angles: When Red Team and Blue Team Actually Talk to Each Other
FRIEND
SecurityWeek
1Password Teams With OpenAI to Stop AI Coding Agents From Leaking Credentials
FOE
SecurityWeek
Anthropic Silently Patches Claude Code Sandbox Bypass
FOE
Bleeping Computer
Drupal critical update to fix bug with high exploitation risk
FOE
The Hacker News
Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API
FRIEND
Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: The screen can’t be large enough
FOE
CISA Alerts
CISA Adds Seven Known Exploited Vulnerabilities to Catalog
FOE
The Hacker News
Agent AI is Coming. Are You Ready?
FOE
CSO Online
SHub Reaper impersonates Apple, Google, and Microsoft in one MacOS attack chain
FOE
SecurityWeek
Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack
FOE
SecurityWeek
Caught Off Guard: Securing AI After It Hits Production
FOE
Bleeping Computer
Exploit released for new PinTheft Arch Linux root escalation flaw
FOE
The Hacker News
Typosquatting Is No Longer a User Problem. It's a Supply Chain Problem
FOE
The Register (Security)
GitHub says internal repos exfiltrated after poisoned VS Code extension attack
FRIEND
SecurityWeek
Real-World ICS Security Tales From the Trenches
FRIEND
SecurityWeek
Virtual Event Today: Threat Detection & Incident Response Summit
FOE
SecurityWeek
GitHub Confirms Hack Impacting 3,800 Internal Repositories
FOE
EPIC
PRESS RELEASE: EPIC Releases New Report on Manipulative Design Patterns in Opt-Out Processes
FOE
CSO Online
Why some security fixes never reach your vulnerability dashboard
FOE
The Register (Security)
London's police asked Big Tech for comms data over 700,000 times last year
FOE
The Hacker News
Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit
FOE
Bleeping Computer
GitHub confirms breach of 3,800 repos via malicious VSCode extension
FOE
Bleeping Computer
Microsoft shares mitigation for YellowKey Windows zero-day
FRIEND
Dark Reading
Interpol's 'Operation Ramz' Pioneers Cross-Region Collabs in Middle East
FOE
The Hacker News
Grafana GitHub Breach Exposes Source Code via TanStack npm Attack
FOE
Bleeping Computer
GitHub investigates internal repositories breach claimed by TeamPCP
FOE
The Hacker News
GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories
FRIEND
Dark Reading
What It'll Take to Make AI BOMs Usable in a Modern Security Program
FOE
Risky Business News
Risky Bulletin: Microsoft takes down MSaaS used by ransomware gangs
FOE
CSO Online
Microsoft disrupts malware code-signing service used by ransomware gangs
FOE
SecurityWeek
Verizon DBIR 2026: Vulnerability Exploitation Overtakes Credential Theft as Top Breach Vector
FRIEND
Sophos News
Sophos Firewall and Synchronized Security
FOE
Sophos News
GitHub internal repositories breached
FOE
CISA KEV
CVE-2026-45498: Microsoft Defender Denial of Service Vulnerability
FOE
CISA KEV
CVE-2026-41091: Microsoft Defender Link Following Vulnerability
FOE
CISA KEV
CVE-2009-3459: Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability
FOE
CISA KEV
CVE-2009-1537: Microsoft DirectX NULL Byte Overwrite Vulnerability
FOE
CISA KEV
CVE-2008-4250: Microsoft Windows Buffer Overflow Vulnerability
FOE
CISA KEV
CVE-2010-0806: Microsoft Internet Explorer Use-After-Free Vulnerability
FOE
Bleeping Computer
Max-severity flaw in ChromaDB for AI apps allows server hijacking
FRIEND
Dark Reading
What Will Make AI BOMs Real?
FOE
The Register (Security)
Microsoft shuts down illegal code-signing operation used by ransomware crims to mask their malware
FOE
Dark Reading
Verizon DBIR: Enterprises Face a Dangerous Vulnerability Glut
FOE
Bleeping Computer
Cybercrime service disrupted for abusing Microsoft platform to sign malware
FOE
Dark Reading
Windows Zero-Day Barrage Continues After Patch Tuesday
FOE
EFF Deeplinks
Microsoft Took a Step Toward Human Rights Accountability. Google and Amazon (and Others) Should Pay Attention!
FOE
CSO Online
Contractor’s public GitHub account exposed GovCloud and CISA credentials
FRIEND
Bleeping Computer
Discord rolls out end-to-end encryption on voice, video calls
FRIEND
Dark Reading
[Virtual Event] Anatomy of a Data Breach: What to Do if it Happens to You
FOE
Dark Reading
CISA Exposes Secrets, Credentials in 'Private' Repo
FOE
Dark Reading
Stealer Spoofs Google, Microsoft & Apple, Then Backdoors macOS
FOE
Bleeping Computer
FBI: Americans lost over $388 million to scams using crypto ATMs in 2025
FOE
Bleeping Computer
Microsoft Self-Service Password Reset abused in Azure data theft attacks
FOE
CSO Online
AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks
FOE
Ars Technica (Security)
In stunning display of stupid, secret CISA credentials found in public GitHub repo
FOE
BrightTALK InfoSec
AI Did It: Who is Liable for AI Failures in Cybersecurity?
FOE
The Register (Security)
America's top cyber-defense agency left a GitHub repo open with passwords, keys, tokens – and incredibly obvious filenames
FOE
The Register (Security)
America's top cyber-defense agency left a GitHub repo open with with passwords, keys, tokens – and incredibly obvious filenames
FOE
The Hacker News
Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps
FRIEND
Bleeping Computer
Microsoft plans to improve Windows 11 driver quality in 2026
FOE
SecurityWeek
Drupal to Patch Highly Critical Vulnerability at Risk of Quick Exploitation
FOE
EPIC
EPIC Joins Bipartisan Coalition Calling on State AGs to Hold Apple, Google Accountable for Platforming ‘Nudify’ Apps
FOE
Bleeping Computer
Microsoft blames macOS update for undismissible Teams location prompts
FOE
SecurityWeek
Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tempest’
FOE
The Register (Security)
Clear your calendar, Drupal user: You have a critically urgent patch to install
FOE
The Register (Security)
Clear your calendar, Drupal user: You have a critically urgent patch to install
FRIEND
CSO Online
GitHub scales back bug bounties, reminds users security is their responsibility too
FOE
EFF Deeplinks
Your Privacy Shouldn't Be A Corporate Decision
FRIEND
Professor Messer
Today’s N10-009 CompTIA Network+ Pop Quiz: It comes in many different colors
FOE
The Hacker News
DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability
FOE
Bleeping Computer
New Shai-Hulud malware wave compromises 600 npm packages
FOE
Bleeping Computer
7-Eleven confirms data breach claimed by the ShinyHunters gang
FOE
Bleeping Computer
Critical Microsoft Vulnerabilities Doubled: From Exposure to Escalation
FOE
Dark Reading
Looking Back, Looking Forward: Digesting a Dynamic Bouillabaisse of Cyber Evolution
FOE
Sophos News
WantToCry ransomware remotely encrypts files
FOE
SecurityWeek
Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks
FOE
CSO Online
Internet Explorer may be dead, but its ghost still runs malware
FOE
SecurityWeek
Unpatched ChromaDB Vulnerability Can Lead to Server Takeover
FRIEND
Bleeping Computer
Webinar: The hidden bottlenecks in network incident response
FRIEND
Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: Trailers for sale or rent
FOE
CISA Alerts
ZKTeco CCTV Cameras
FOE
CISA Alerts
Siemens RUGGEDCOM APE1808 Devices
FOE
CISA Alerts
Kieback & Peter DDC Building Controllers
FOE
CISA Alerts
ABB CoreSense HM and CoreSense M10
FOE
CISA Alerts
ScadaBR
FOE
SecurityWeek
B1ack’s Stash Marketplace Gives Away 4.6 Million Stolen Credit Cards
FOE
The Hacker News
The New Phishing Click: How OAuth Consent Bypasses MFA
FRIEND
SecurityWeek
Cyber Resilience is the New Business Continuity Plan
FOE
Bleeping Computer
Microsoft confirms patching issues in restricted Windows networks
FRIEND
Schneier on Security
Laurie Anderson Is Quoting Me
FOE
The Hacker News
Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare
FRIEND
SecurityWeek
201 Arrested in Crackdown on Cybercrime in Middle East, North Africa
FOE
SecurityWeek
PoC Released for DirtyDecrypt Linux Kernel Vulnerability
FOE
The Hacker News
SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access
FRIEND
CSO Online
7 tips for accelerating cyber incident recovery
FOE
The Hacker News
Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer
FOE
SecurityWeek
Critical Vulnerability Exposes Industrial Robot Fleets to Hacking
FOE
The Hacker News
GitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD Credentials
FOE
The Hacker News
Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
FRIEND
CSO Online
Schwachstellen managen: Die besten Vulnerability-Management-Tools
FRIEND
CSO Online
Security-Infotainment: Die besten Hacker-Dokus
FOE
Sophos News
WantToCry ransomware remotely encrypts files
FOE
The Register (Security)
Do fear the Reaper - stealer swipes macOS users' passwords, wallets, then backdoors them
FOE
Bleeping Computer
INTERPOL ‘Operation Ramz’ seizes 53 malware, phishing servers
FOE
The Register (Security)
Shai-Hulud copycat worm infects yet another npm package
FRIEND
Dark Reading
Is 2026 the Year AI Bills of Materials Get Real?
FOE
Dark Reading
Microsoft Exchange Zero-Day Under Attack, No Patch Available
FOE
Bleeping Computer
SHub macOS infostealer variant spoofs Apple security updates
FOE
Dark Reading
'Claw Chain' Vulnerabilities Threaten OpenClaw Deployments
FOE
Krebs on Security
CISA Admin Leaked AWS GovCloud Keys on Github
FOE
CSO Online
Microsoft May security patch fails for some due to boot partition size glitch
FOE
SANS Internet Storm Center
TeamPCP Supply Chain Campaign: Activity Through 2026-05-17, (Mon, May 18th)
FRIEND
BrightTALK InfoSec
Transform SBOM from Compliance Burden to Strategic Security Intelligence
FOE
Dark Reading
Shai-Hulud Worm Clones Spread After Code Release
FOE
Bleeping Computer
5 Steps to Managing Shadow AI Tools Without Slowing Down Employees
FRIEND
EFF Deeplinks
We Updated Our Privacy Policy. Here's What Changed and Why.
FRIEND
BrightTALK InfoSec
From Axios to Trivy: Stopping the Next Ecosystem-Scale Supply Chain Breach
FOE
Bleeping Computer
Leaked Shai-Hulud malware fuels new npm infostealer campaign
FRIEND
The Hacker News
INTERPOL Operation Ramz Disrupts MENA Cybercrime Networks with 201 Arrests
FOE
EFF Deeplinks
We Must Not Normalize Digital Surveillance Abuses. EFF’s New Guide Underlines Concrete Steps to Fight Back.
FOE
CSO Online
AI cyberattackers are getting better faster
FOE
The Register (Security)
Linux kernel flaw opens root-only files to unprivileged users
FOE
Dark Reading
Fuel Tank Breaches Expand Scope of Iran's Cyber Offensive
FOE
The Register (Security)
TanStack weighs invitation-only pull requests after supply chain attack
FOE
The Hacker News
⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More
FOE
Bleeping Computer
Grafana says stolen GitHub token let hackers steal codebase
FOE
Ars Technica (Security)
Bug bounty businesses bombarded with AI slop
FOE
The Register (Security)
NGINX Rift attackers waste no time targeting exposed servers
FOE
The Hacker News
How to Reduce Phishing Exposure Before It Turns into Business Disruption
FOE
SecurityWeek
Millions Impacted Across Several US Healthcare Data Breaches
FOE
CSO Online
New image-based prompt injection attack targets multimodal AI models
FOE
The Register (Security)
Poland directs officials to ditch Signal in favor of 'secure' state-developed alternative
FOE
SecurityWeek
‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor Delivery
FOE
CSO Online
‘Patched’ Windows bug resurfaces 6 years later as working SYSTEM-level exploit
FRIEND
Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: I can see it much better
FOE
Dark Reading
Boulevard of Broken Dreams: 2 Decades of Cyber Fails
FOE
SecurityWeek
7-Eleven Data Breach Confirmed After ShinyHunters Ransom Demand
FOE
The Hacker News
Developer Workstations Are Now Part of the Software Supply Chain
FOE
Schneier on Security
Zero-Day Exploit Against Windows BitLocker
FOE
The Hacker News
Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws
FOE
SecurityWeek
Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE
FOE
The Register (Security)
Mozilla warns UK: Breaking VPNs will not magically fix Britain's age-check mess
FOE
SecurityWeek
First Shai-Hulud Worm Clones Emerge
FRIEND
CSO Online
Why the best security investment a board can make in 2026 isn’t another tool
FOE
CSO Online
AI coding is fueling a secrets-sprawl crisis few CISOs are containing
FOE
The Hacker News
Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
FOE
SecurityWeek
Grafana Confirms Breach After Hackers Claim They Stole Data
FOE
Bleeping Computer
Microsoft confirms Windows 11 security update install issues
FOE
SecurityWeek
Exploitation of Critical NGINX Vulnerability Begins
FOE
Bleeping Computer
Exploit available for new DirtyDecrypt Linux root escalation flaw
FOE
The Hacker News
Pre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons Simulations
FOE
The Register (Security)
Grafana Labs admits all its codebase are belong to someone who popped its GitHub account
FOE
Bleeping Computer
Hackers earn $1,298,250 for 47 zero-days at Pwn2Own Berlin 2026
FOE
Risky Business News
Risky Bulletin: Indonesia emerges as a new hub for cyber scams
FOE
The Hacker News
MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems
FOE
SecurityWeek
Hackers Earn $1.3 Million at Pwn2Own Berlin 2026
FOE
Dark Reading
Can Laws Stop Deepfakes? South Korea Aims to Find Out
FOE
The Register (Security)
Linus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable’
FOE
Bleeping Computer
New Windows 'MiniPlasma' zero-day exploit gives SYSTEM access, PoC released
FOE
Bleeping Computer
Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing
FOE
The Hacker News
NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE
FOE
The Hacker News
Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt
FOE
Bleeping Computer
Microsoft rejects critical Azure vulnerability report, no CVE issued
FOE
The Hacker News
Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming
FOE
Bleeping Computer
Russian hackers turn Kazuar backdoor into modular P2P botnet
FOE
SecurityWeek
PoC Code Published for Critical NGINX Vulnerability
FOE
Dark Reading
The Boring Stuff is Dangerous Now
FOE
CSO Online
Expired domain leads to supply chain attack on node-ipc npm package
FOE
CSO Online
Exchange Server zero-day vulnerability can be triggered by opening a malicious email
FOE
Bleeping Computer
Funnel Builder WordPress plugin bug exploited to steal credit cards
FOE
Bleeping Computer
Microsoft Exchange, Windows 11 hacked on second day of Pwn2Own
FOE
Bleeping Computer
Popular node-ipc npm package compromised to steal credentials
FOE
The Hacker News
Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access
FOE
EPIC
EPIC Testifies in Support of Bill to Protect New Jersey Consumers From Surveillance Pricing
FOE
Bleeping Computer
Avada Builder WordPress plugin flaws allow site credential theft
FOE
SecurityWeek
In Other News: Big Tech vs Canada Encryption Bill, Cisco’s Free AI Security Spec, Audi App Flaws
FRIEND
Bleeping Computer
Microsoft backpedals: Edge to stop loading passwords into memory
FOE
Bleeping Computer
Inside the REMUS Infostealer: Session Theft, MaaS, and Rapid Evolution
FOE
BrightTALK InfoSec
Beyond the Air Gap: Securing Industrial Systems Against Invisible AI Threats
FOE
The Hacker News
Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence
FRIEND
Bleeping Computer
Microsoft to automatically roll back faulty Windows drivers
FOE
Privacy International
Privacy International’s submission to the UN High Commissioner for Human Rights on the protection of human rights defenders in the digital age
FOE
SecurityWeek
Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild
FRIEND
Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: Almost time for shift change
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FRIEND
Dark Reading
Cyber Pioneers Ponder Past as Prologue
FOE
CSO Online
Cisco warns of an actively exploited SD-WAN flaw with max severity
FOE
The Intercept (Privacy)
How Trump’s New Counterterrorism Strategy Puts You at Risk
FOE
SecurityWeek
American Lending Center Data Breach Affects 123,000 Individuals
FOE
Schneier on Security
Bypassing On-Camera Age-Verification Checks
FOE
The Hacker News
What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface
FOE
The Hacker News
TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates
FOE
Privacy International
Collateral Damage: Grok AI and the Human Cost of Generative AI
FOE
SecurityWeek
OpenAI Hit by TanStack Supply Chain Attack
FOE
The Register (Security)
OpenAI caught in TanStack npm supply chain chaos after employee devices compromised
FOE
CSO Online
Autonomous systems are finally working. Security is next
FOE
SecurityWeek
TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code
FOE
Bleeping Computer
Microsoft warns of Exchange zero-day flaw exploited in attacks
FOE
CSO Online
EU’s Cyber Resiliency Act will put IT leaders to the test
FOE
CSO Online
The economics of ransomware 3.0
FOE
The Register (Security)
MPs want social media treated more like unsafe toys than harmless apps
FOE
SecurityWeek
Chrome 148 Update Patches Critical Vulnerabilities
FOE
SANS Internet Storm Center
[Guest Diary] New Malware Libraries means New Signatures, (Fri, May 15th)
FOE
SecurityWeek
Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026
FOE
The Hacker News
On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email
FOE
The Hacker News
CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits
FOE
Risky Business News
Risky Bulletin: Shai-Hulud goes open-source
FOE
Dark Reading
Taiwan Incident Highlights Cybersecurity Gaps in Rail Systems
FOE
CISA KEV
CVE-2026-42897: Microsoft Exchange Server Cross-Site Scripting Vulnerability
FOE
CSO Online
AI agent finds 18-year-old remote code execution flaw in Nginx
FOE
Bleeping Computer
TeamPCP hackers advertise Mistral AI code repos for sale
FOE
The Register (Security)
Nobody believes the 'criminals and scumbags' who hacked Canvas really deleted stolen student data
FOE
Bleeping Computer
Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin
FRIEND
Dark Reading
SecurityScorecard Snags Driftnet to Level Up Threat Intelligence
FOE
CSO Online
Meet Fragnesia, the third Linux kernel vulnerability in a month
FOE
Dark Reading
Maximum Severity Cisco SD-WAN Bug Exploited in the Wild
FOE
Dark Reading
Congress Puts Heat on Instructure After Canvas Outage
FOE
Bleeping Computer
Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks
FOE
EPIC
Colorado Legislature Again Amends Landmark AI Law
FOE
Bleeping Computer
OpenAI confirms security breach in TanStack supply chain attack
FOE
Bleeping Computer
Windows 11 and Microsoft Edge hacked at Pwn2Own Berlin 2026
FOE
Ars Technica (Security)
Zero-day exploit completely defeats default Windows 11 BitLocker protections
FOE
The Hacker News
Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access
FOE
The Hacker News
Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets
FOE
Dark Reading
'FrostyNeighbor' APT Carefully Targets Govt Orgs in Poland, Ukraine
FOE
The Hacker News
ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories
FRIEND
Schneier on Security
Upcoming Speaking Engagements
FOE
Bleeping Computer
18-year-old NGINX vulnerability allows DoS, potential RCE
FOE
Bleeping Computer
Cyber-Enabled Cargo Crime: How Cybercrime Tradecraft is Used to Steal Freight
FRIEND
Professor Messer
Today’s SY0-701 CompTIA Security+ Pop Quiz: A lottery ticket and some gum
FOE
The Hacker News
Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike
FRIEND
SecurityWeek
Enhancing Data Center Security Without Sacrificing Performance
FOE
SecurityWeek
New Linux Kernel Vulnerability Fragnesia Allows Root Privilege Escalation
FOE
Dark Reading
AI Drives Cybersecurity Investments, Widening 'Valley of Death'
FRIEND
SecurityWeek
Mythos Proves Potent in Vulnerability Discovery, Less Convincing Elsewhere
FOE
CSO Online
FlowerStorm phishing gang adopts virtual-machine obfuscation to evade email defenses
FRIEND
SecurityWeek
Akamai to Acquire AI and Browser Security Firm LayerX for $205 Million
FOE
Bleeping Computer
KongTuke hackers now use Microsoft Teams for corporate breaches
FOE
SecurityWeek
Chinese APTs Expand Targets, Update Backdoors in Recent Campaigns
FRIEND
Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: We could use an upgrade
FOE
CISA Alerts
Siemens Ruggedcom Rox
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
CISA Alerts
Siemens Ruggedcom Rox
FOE
CISA Alerts
Siemens Ruggedcom Rox
FOE
CISA Alerts
Siemens SIMATIC
FOE
CISA Alerts
Universal Robots Polyscope 5
FOE
CISA Alerts
Siemens Simcenter Femap
FOE
CISA Alerts
Siemens gWAP
FOE
CISA Alerts
Siemens SENTRON 7KT PAC1261 Data Manager
FOE
CISA Alerts
Siemens Siemens ROS#
FOE
CISA Alerts
Siemens Opcenter RDnL
FOE
CISA Alerts
Siemens Solid Edge
FOE
CISA Alerts
Siemens Teamcenter
FOE
CISA Alerts
Siemens SIPROTEC 5
FOE
CISA Alerts
Siemens Industrial Devices
FOE
CISA Alerts
Siemens SIMATIC S7 PLC Web Server
FOE
CISA Alerts
Siemens Ruggedcom Rox
FOE
CISA Alerts
Siemens SIMATIC
FOE
Dark Reading
Foxconn Attack Highlights Manufacturing's Cyber Crisis
FOE
The Hacker News
PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure
FOE
CSO Online
PraisonAI vulnerability gets scanned within 4 hours of disclosure
FOE
The Hacker News
How AI Hallucinations Are Creating Real Security Risks
FOE
The Register (Security)
Cops arrest man suspected of being Dream Market kingpin
FRIEND
SecurityWeek
G7 Countries Release AI SBOM Guidance
FOE
Schneier on Security
How Dangerous Is Anthropic’s Mythos AI?
FOE
SecurityWeek
F5 Patches Over 50 Vulnerabilities
FOE
Bleeping Computer
Dell confirms its SupportAssist software causes Windows BSOD crashes
FOE
The Register (Security)
Dirty Frag gets a sequel as Fragnesia hands Linux attackers root-level access
FOE
SecurityWeek
Hackers Targeted PraisonAI Vulnerability Hours After Disclosure
FOE
The Hacker News
Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation
FRIEND
CSO Online
What CISOs need to land a board role
FOE
Bleeping Computer
US charges suspected Dream Market admin arrested in Germany
FOE
SecurityWeek
High-Severity Vulnerability Patched in VMware Fusion
FOE
Bleeping Computer
New Fragnesia Linux flaw lets attackers gain root privileges
FOE
SecurityWeek
Researcher Drops YellowKey, GreenPlasma Windows Zero-Days
FOE
The Hacker News
New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption
FOE
The Register (Security)
To gain root access at this company, all an intruder had to do was ask nicely
FOE
The Register (Security)
To gain root access at this company, all an intruder had to do was ask nicely
FOE
The Register (Security)
AI models are getting better at replacing cybersecurity pros on certain tasks
FRIEND
SANS Internet Storm Center
Simple bypass of the link preview function in Outlook Junk folder, (Thu, May 14th)
FOE
The Hacker News
18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE
FOE
Risky Business News
Srsly Risky Biz: The AI Regulation Knife Fight
FRIEND
The Register (Security)
Cisco to fire 4,000 staff and generously give them free training – on Cisco
FOE
CISA KEV
CVE-2026-20182: Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
FOE
Sophos News
Why AMOS matters: The macOS malware stealing data at scale
FOE
The Register (Security)
Welcome to the vulnpocalypse, as vendors use AI to find bugs and patches multiply like rabbits
FOE
CSO Online
Fired employee sought AI help to hide deletion of hosting firm’s customer data
FOE
The Register (Security)
AWS to Quick admins: The access control didn't work, but you weren't using it anyway, so what's the problem?
FOE
The Register (Security)
AWS to Quick admins: The access control didn't work, but you weren't using it anyway, so what's the problem?
FOE
Bleeping Computer
West Pharmaceutical says hackers stole data, encrypted systems
FRIEND
Professor Messer
Professor Messer’s N10-009 Network+ Study Group – May 2026
FOE
Bleeping Computer
Iranian hackers targeted major South Korean electronics maker
FOE
Dark Reading
Checkbox Assessments Aren't Fit to Measure to Risk
FOE
Sophos News
May’s Patch Tuesday hauls out 132 CVEs
FOE
Dark Reading
Attackers Weaponize RubyGems for Data Dead Drops
FOE
CSO Online
Fortinet fixes two critical RCE flaws in FortiAuthenticator and FortiSandbox
FOE
Dark Reading
Tables Turn on 'The Gentlemen' RaaS Gang With Data Leak
FOE
Bleeping Computer
New critical Exim mailer flaw allows remote code execution
FOE
The Register (Security)
Bug hunter tracks down three massive MCP flaws and one vendor won't fix theirs
FRIEND
Dark Reading
Dark Reading Celebrates 20 Years as a Leading Authority on Cybersecurity, Highlighting the People, Events, Ideas, and Technologies Shaping the Modern Risk Landscape
FOE
SecurityWeek
Foxconn Confirms North American Factories Hit by Cyberattack
FRIEND
EFF Deeplinks
Help EFF Solve an Issue That's Bigger than Creepy Ads
FRIEND
EFF Deeplinks
The Science is Not Settled: How Weak Evidence is Fueling a National Push to Ban Social Media for Youth
FOE
Bleeping Computer
Windows BitLocker zero-day gives access to protected drives, PoC released
FOE
The Register (Security)
Mystery Microsoft bug leaker keeps the zero-days coming
FRIEND
SecurityWeek
Microsoft, Palo Alto Networks Find Many Vulnerabilities by Using AI on Their Own Code
FRIEND
Bleeping Computer
Webinar tomorrow: Why security alone won't stop modern attacks
FOE
Bleeping Computer
Microsoft fixes BitLocker recovery issue only for Windows 11 users
FRIEND
SecurityWeek
Sweet Security Launches Agentic AI Red Teaming to Counter ‘Mythos Moment’
FOE
Bleeping Computer
Microsoft fixes Windows Autopatch bug installing restricted drivers
FOE
Black Hills Information Security
How to Identify and Exploit New Vulnerabilities
FRIEND
The Hacker News
Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday
FOE
CSO Online
What happens when China’s AI catches up to Mythos?
FRIEND
SecurityWeek
Webinar Today: ROI for Cyber-Physical Security Programs
FOE
Dark Reading
LatAm Vibe Hackers Generate Custom Hacking Tools on the Fly
FOE
Dark Reading
China's 'FamousSparrow' APT Nests in South Caucasus Energy Firm
FOE
The Hacker News
Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation
FOE
Bleeping Computer
Foxconn confirms cyberattack claimed by Nitrogen ransomware gang
FOE
Bleeping Computer
73 Seconds to Breach, 24 Hours to Patch: The Case for Autonomous Validation
FRIEND
CSO Online
Microsoft’s new AI system finds 16 Windows flaws, including four critical RCEs
FOE
SecurityWeek
Government to Scrutinize Instructure Over Canvas Disruption, Data Breach
FRIEND
CSO Online
Palo Alto bets on identity security for autonomous AI with Idira launch
FRIEND
Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: I need my clipboard
FOE
Bleeping Computer
Microsoft says some users can't install Office on Windows 365 devices
FRIEND
The Hacker News
[Webinar] Why Your AppSec Tools Miss the "Lethal Path" (and How to Fix It)
FOE
CSO Online
ClickFix finds a backup plan in PySoxy proxy chains
FOE
The Hacker News
Most Remediation Programs Never Confirm the Fix Actually Worked
FOE
SecurityWeek
716,000 Impacted by OpenLoop Health Data Breach
FOE
Schneier on Security
OpenAI’s GPT-5.5 is as Good as Mythos at Finding Security Vulnerabilities
FRIEND
CSO Online
CISA’s AI SBOM guidance pushes software supply-chain oversight into new territory
FOE
The Hacker News
Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws
FOE
SecurityWeek
Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises
FOE
SecurityWeek
Fortinet, Ivanti Patch Critical Vulnerabilities
FRIEND
CSO Online
2026 CSO Award winners showcase business-enabling cyber innovation
FOE
SecurityWeek
Chipmaker Patch Tuesday: Intel and AMD Patch 70 Vulnerabilities
FOE
The Hacker News
GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data
FOE
CSO Online
Google entdeckt erstmals KI-basierten Zero-Day-Exploit
FOE
SecurityWeek
Hundreds of Malicious Packages Force RubyGems to Suspend Registrations
FRIEND
OWASP Blog
Juice Shop v20.0.0 — a fresh squeeze of features, now with AI
FOE
Google Project Zero
A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens
FRIEND
The Hacker News
Android Adds Intrusion Logging for Sophisticated Spyware Forensics
FOE
SecurityWeek
ICS Patch Tuesday: New Security Advisories From Siemens, Schneider, CISA
FOE
SANS Internet Storm Center
[GUEST DIARY] Tearing apart website fraud to see how it works., (Wed, May 13th)
FOE
The Register (Security)
Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub
FOE
Risky Business News
Risky Bulletin: RubyGems disables sign-ups after attack on staff
FRIEND
CSO Online
Der Kaufratgeber für Breach & Attack Simulation Tools
FRIEND
The Register (Security)
Vietnam to develop domestic cloud so it can ditch risky overseas operators for government workloads
FRIEND
SANS Internet Storm Center
Proxying the Unproxyable? Sending EXE traffic to a Proxy, (Wed, May 13th)
FOE
CSO Online
May Patch Tuesday roundup: Critical holes in Windows Netlogon, DNS, and SAP S/4HANA
FOE
Sophos News
May’s Patch Tuesday hauls out 132 CVEs
FOE
The Register (Security)
Doozy of a Patch Tuesday includes 30 critical Microsoft CVEs
FOE
Bleeping Computer
US govt seeks Instructure testimony on massive Canvas cyberattack
FOE
EFF Deeplinks
Broken Promises: RIP Instagram’s End-to-End Encrypted DMs
FOE
The Register (Security)
Foxconn confirms cyberattack after ransomware crew claims it stole confidential Apple, Nvidia files
FRIEND
Krebs on Security
Patch Tuesday, May 2026 Edition
FRIEND
Dark Reading
It's Patch Tuesday for Microsoft and Not a Zero-Day In Sight
FOE
Bleeping Computer
UK fines water supplier $1.3M for exposing data of 664k customers
FRIEND
Bleeping Computer
Webinar: Fixing the gaps in network incident response
FRIEND
Bleeping Computer
Signal adds security warnings for social engineering, phishing attacks
FRIEND
Bleeping Computer
Microsoft releases Windows 10 KB5087544 extended security update
FRIEND
SANS Internet Storm Center
Microsoft May 2026 Patch Tuesday, (Tue, May 12th)
FOE
Bleeping Computer
Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator
FRIEND
Bleeping Computer
Windows 11 KB5089549 & KB5087420 cumulative updates released
FRIEND
Bleeping Computer
Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-days
FOE
SecurityWeek
Microsoft Patches 137 Vulnerabilities
FOE
Sophos News
Inside the lethal trifecta: Blast radius reduction in AI agent deployments
FRIEND
SecurityWeek
Exaforce Raises $125 Million for Agentic SOC Platform
FOE
CSO Online
Mistral AI SDK, TanStack Router hit in npm software supply chain attack
FOE
Bleeping Computer
Škoda warns of customer data breach after online shop hack
FRIEND
Bleeping Computer
Android 17 to expand banking scam call and privacy protections
FRIEND
EFF Deeplinks
Victory! End-to-End Encrypted RCS Comes to Apple and Android Chats
FOE
SecurityWeek
Adobe Patches 52 Vulnerabilities in 10 Products
FOE
The Hacker News
New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution
FOE
EFF Deeplinks
EFF Launches New Offline Campaign for Saudi Wikipedian Osama Khalid
FRIEND
BrightTALK InfoSec
Closing the Resilience Gap: Security Architecture for Modern Threats
FRIEND
BrightTALK InfoSec
Red Teaming AI: A CISO's Guide to Proactive Defense
FOE
EFF Deeplinks
A Hackers Guide to Circumventing Internet Shutdowns
FRIEND
SecurityWeek
White Circle Raises $11 Million for AI Control Platform
FRIEND
Professor Messer
Today’s N10-009 CompTIA Network+ Pop Quiz: I’m looking for something in chartreuse
FOE
The Register (Security)
US bank reports itself after slinging customer data at 'unauthorized AI app'
FOE
The Hacker News
RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded
FOE
SecurityWeek
BWH Hotels Says Hackers Had Access to Reservation Data for 6 Months
FOE
Dark Reading
Hugging Face Packages Weaponized With a Single File Tweak
FOE
SecurityWeek
Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware
FOE
SecurityWeek
Deal Reached With Hackers to Delete Data Stolen From the Canvas Educational Platform
FRIEND
CSO Online
OpenAI introduces Daybreak cyber platform, takes on Anthropic Mythos
FRIEND
Sophos News
Sophos Leader KuppingerCole MDR 2026
FOE
Sophos News
Sophos ChatGPT Cyber
FOE
SecurityWeek
West Pharmaceutical Services Hit by Disruptive Ransomware Attack
FOE
The Hacker News
New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots
FOE
SecurityWeek
Apple Patches Dozens of Vulnerabilities in macOS, iOS
FOE
SecurityWeek
SAP Patches Critical S/4HANA, Commerce Vulnerabilities
FRIEND
Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: The clarity could be improved
FOE
CISA Alerts
Fuji Electric Tellus
FOE
CISA Alerts
ABB AC500 V3 Stack Buffer Overflow in Cryptographic Message Syntax
FOE
CISA Alerts
ABB Automation Builder Gateway for Windows
FOE
CISA Alerts
Subnet Solutions PowerSYSTEM Center
FOE
CISA Alerts
ABB AC500 V3 Multiple Vulnerabilities
FOE
CISA Alerts
ABB WebPro SNMP Card PowerValue Multiple Vulnerabilities
FRIEND
CISA Alerts
Software Bill of Materials for AI - Minimum Elements
FOE
The Register (Security)
Cache-poisoning caper turns TanStack npm packages toxic
FRIEND
Dark Reading
20 Leaders Who Built the CISO Era: 2 Decades of Change
FOE
The Hacker News
Webinar: What the Riskiest SOC Alerts Go Unanswered - and How Radiant Security Can Help
FOE
CSO Online
Fake Claude Code takes the IElevator to your browser secrets
FOE
Bleeping Computer
Shai Hulud attack ships signed malicious TanStack, Mistral npm packages
FRIEND
SecurityWeek
Claude Mythos Finds Only One Curl Vulnerability; Experts Divided on What It Really Means
FOE
Dark Reading
Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply Chain
FOE
Schneier on Security
Copy.Fail Linux Vulnerability
FOE
Bleeping Computer
SAP fixes critical vulnerabilities in Commerce Cloud and S/4HANA
FOE
SecurityWeek
Is The SOC Obsolete, And We Just Haven’t Admitted It Yet?
FOE
The Hacker News
Why Agentic AI Is Security's Next Blind Spot
FOE
CSO Online
cPanel flaw exposes enterprises to hosting supply-chain risks
FOE
SecurityWeek
TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack
FOE
CSO Online
Developer workstations are the new beachhead
FRIEND
The Register (Security)
Apple, Google drag cross-platform texting into the encrypted age
FOE
Bleeping Computer
Instructure reaches 'agreement' with ShinyHunters to stop data leak
FRIEND
CSO Online
CISOs step into the AI spotlight
FOE
CSO Online
Why patching SLAs should be the floor, not the strategy
FOE
The Hacker News
Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages
FOE
The Hacker News
Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak
FRIEND
The Hacker News
OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation
FOE
The Register (Security)
Japan’s PM orders cybersecurity review to stop Mythos going full CyberZilla
FRIEND
The Hacker News
iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android
FRIEND
CSO Online
Cybersicherheitsvorschriften: So erfüllen Sie Ihre Compliance-Anforderungen
FRIEND
CSO Online
Customer Identity & Access Management: Die besten CIAM-Tools
FRIEND
CSO Online
Linux kernel maintainers suggest a ‘kill switch’ to protect systems until a zero-day vulnerability is patched
FRIEND
Professor Messer
Professor Messer’s CompTIA A+ 220-1202 Study Group – May 2026
FOE
Sophos News
Inside the lethal trifecta: Blast radius reduction in AI agent deployments
FRIEND
Sophos News
Sophos Endpoint in action: Blocking a novel supply chain attack
FOE
Sophos News
The State of Identity Security 2026: Identity is the new perimeter
FOE
The Register (Security)
Double Canvas breach acknowledged as ShinyHunters sets new pay-or-leak deadline
FRIEND
Bleeping Computer
GM agrees to $12.75M California settlement over sale of drivers’ data
FOE
Ars Technica (Security)
Linux bitten by second severe vulnerability in as many weeks
FRIEND
SANS Internet Storm Center
Apple Patches Everything, (Mon, May 11th)
FOE
Bleeping Computer
Official CheckMarx Jenkins package compromised with infostealer
FOE
Bleeping Computer
New GhostLock tool abuses Windows API to block file access
FOE
Dark Reading
FCC Softens Ban on Foreign-Made Routers
FOE
The Register (Security)
Cookie thieves caught stealing dev secrets via fake Claude Code installers
FOE
Sophos News
Sophos State of Identity Security 2026
FOE
EFF Deeplinks
Canada’s Bill C-22 Is a Repackaged Version of Last Year’s Surveillance Nightmare
FOE
EFF Deeplinks
EFF to Fourth Circuit: Electronic Device Searches at the Border Require a Warrant
FRIEND
BrightTALK InfoSec
The CISO's Playbook: Turning AI Governance Into Boardroom Currency
FRIEND
Dark Reading
Tech Can't Stop These Threats — Your People Can
FOE
The Hacker News
TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack
FOE
The Hacker News
cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor
FOE
EFF Deeplinks
EFF Stands in Solidarity With RightsCon and the Global Digital Rights Community
FRIEND
SecurityWeek
Frame Security Emerges From Stealth With $50M for Awareness and Training Platform
FOE
The Register (Security)
Anthropic’s bug-hunting Mythos was greatest marketing stunt ever, says cURL creator
FRIEND
CSO Online
Entries now open for the 2026 CSO30 Australia Awards
FOE
The Hacker News
Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation
FOE
Bleeping Computer
Instructure confirms hackers used Canvas flaw to deface portals
FOE
Dark Reading
'Dirty Frag' Exploit Poised to Blow Up on Enterprise Linux Distros
FOE
Sophos News
Why AMOS matters: The macOS malware stealing data at scale
FOE
The Register (Security)
BWH Hotels guests warned after reservation data checks out with cybercrooks
FRIEND
SANS Internet Storm Center
Why we use CAPTCHAs, (Mon, May 11th)
FRIEND
SecurityWeek
Build Application Firewalls Aim to Stop the Next Supply Chain Attack
FRIEND
Sophos News
Sophos Ransomware AI
FOE
Bleeping Computer
Why Changing Passwords Doesn’t End an Active Directory Breach
FRIEND
CSO Online
Lyrie.ai Joins First Batch of Anthropic’s Cyber Verification Program
FOE
SecurityWeek
Google Detects First AI-Generated Zero-Day Exploit
FOE
Bleeping Computer
Google: Hackers used AI to develop zero-day exploit for web admin tool
FOE
Dark Reading
Hackers Use AI for Exploit Development, Attack Automation
FOE
CSO Online
Google discovers weaponized zero-day exploits created with AI
FOE
The Hacker News
⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
FRIEND
Bleeping Computer
Webinar this week: Prevention alone is not enough against modern attacks
FOE
CSO Online
Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads
FOE
The Register (Security)
Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotaged
FOE
CSO Online
New ‘Dirty Frag’ exploit targets Linux kernel for root access
FRIEND
Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: Don’t sneak off
FOE
Dark Reading
Cyber Espionage Group Targets Aviation Firms to Steal Map Data
FOE
SecurityWeek
Skoda Data Breach Hits Online Shop Customers
FRIEND
The Hacker News
Your Purple Team Isn't Purple — It's Just Red and Blue in the Same Room
FRIEND
SecurityWeek
Cloudflare Lays Off 1,100 Employees in AI-Driven Restructuring
FOE
Schneier on Security
LLMs and Text-in-Text Steganography
FOE
SecurityWeek
SailPoint Discloses GitHub Repository Hack
FOE
CSO Online
AI security is repeating endpoint security’s biggest mistake
FOE
SecurityWeek
Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack
FOE
Bleeping Computer
TrickMo Android banker adopts TON blockchain for covert comms
FRIEND
CSO Online
8 guiding principles for reskilling the SOC for agentic AI
FOE
CSO Online
1,800+ MCP servers exposed without authentication: How zero trust can secure the AI agent revolution
FOE
SecurityWeek
Canvas System Is Online After a Cyberattack Disrupted Thousands of Schools
FOE
The Register (Security)
Taiwan's train cyber-trauma reveals a global system that’s coming off the tracks
FOE
SecurityWeek
New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks
FOE
SecurityWeek
Resurrected ‘Crimenetwork’ Marketplace Taken Down, Administrator Arrested
FOE
The Hacker News
Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads
FRIEND
OWASP Blog
Welcome to the Google Summer of Code 2026!
FOE
SecurityWeek
Over 500 Organizations Hit in Years-Long Phishing Campaign
FOE
Risky Business News
Risky Bulletin: FCC relaxes foreign router ban to allow for security updates
FOE
Sophos News
Ransomware: AI changes the writer. It doesn't change the math.
FRIEND
Sophos News
GPT-5.5-Cyber is here. What it means for defenders operating at the frontier.
FRIEND
SANS Internet Storm Center
YARA-X 1.16.0 Release, (Sun, May 10th)
FOE
Bleeping Computer
Hackers abuse Google ads, Claude.ai chats to push Mac malware
FOE
Bleeping Computer
Police shut down reboot of Crimenetwork marketplace, arrest admin
FOE
The Hacker News
Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak
FOE
Bleeping Computer
JDownloader site hacked to replace installers with Python RAT malware
FOE
Bleeping Computer
Fake OpenAI repository on Hugging Face pushes infostealer malware
FOE
The Hacker News
cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now
FOE
EFF Deeplinks
Congress Narrowed the GUARD Act, But Serious Problems Remain
FRIEND
Professor Messer
Professor Messer’s 220-1201 CompTIA A+ Study Group – May 2026
FOE
CSO Online
Five new holes, one exploited, found in Ivanti Endpoint Manager Mobile
FOE
Dark Reading
ShinyHunters Claims Second Attack Against Instructure
FOE
Ars Technica (Security)
Chaos erupts as cyberattack disrupts learning platform Canvas amid finals
FOE
The Hacker News
TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms
FOE
The Register (Security)
Worm rubs out competitor's malware, then takes control
FRIEND
EFF Deeplinks
Free Signal Guide
FOE
Bleeping Computer
NVIDIA confirms GeForce NOW data breach affecting Armenian users
FRIEND
BrightTALK InfoSec
Harmonizing AI Governance and Cybersecurity Operations
FOE
The Hacker News
Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads
FOE
SecurityWeek
In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner
FRIEND
Bleeping Computer
Why More Analysts Won’t Solve Your SOC’s Alert Problem
FOE
The Register (Security)
'Dirty Frag' Linux flaw one-ups CopyFail with no patches and public root exploit
FOE
Bleeping Computer
Trellix source code breach claimed by RansomHouse hackers
FOE
The Register (Security)
Meta U-turns on encryption push for Instagram as DMs go plaintext
FOE
Bleeping Computer
CISA gives feds four days to patch Ivanti flaw exploited as zero-day
FRIEND
Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: Or any other color
FOE
Dark Reading
Shifting Budget Dynamics for Identity Security and AI Agents
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
SecurityWeek
Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants
FOE
CSO Online
Claude in Chrome is taking orders from the wrong extensions
FOE
SecurityWeek
AI Firm Braintrust Prompts API Key Rotation After Data Breach
FOE
The Hacker News
Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise
FOE
The Register (Security)
Hackers ate my homework: Educational SaaS Canvas down after cyberattack
FOE
SecurityWeek
Cyberattack Hits Canvas System Used by Thousands of Schools as Finals Loom
FOE
Bleeping Computer
Zara data breach exposed personal information of 197,000 people
FOE
The Hacker News
One Missed Threat Per Week: What 25M Alerts Reveal About Low-Severity Risk
FOE
CSO Online
Your CTEM program is probably ignoring MCP. Here’s how to fix it
FOE
CSO Online
Pen tests show AI security flaws far more severe than legacy software bugs
FOE
CSO Online
Your refresh plan has a CVE blind spot
FOE
Bleeping Computer
Former govt contractor convicted for wiping dozens of federal databases
FOE
The Hacker News
New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials
FOE
SecurityWeek
‘PCPJack’ Worm Removes TeamPCP Infections, Steals Credentials
FOE
SecurityWeek
Ransomware Group Takes Credit for Trellix Hack
FOE
SANS Internet Storm Center
Another Universal Linux Local Privilege Escalation (LPE) Vulnerability: Dirty Frag, (Fri, May 8th)
FOE
Bleeping Computer
New Linux 'Dirty Frag' zero-day gives root on all major distros
FOE
SecurityWeek
Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover
FOE
SecurityWeek
Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks
FOE
The Hacker News
Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions
FOE
Krebs on Security
Canvas Breach Disrupts Schools & Colleges Nationwide
FOE
Risky Business News
Risky Bulletin: Google patches Android remote takeover bug
FOE
CSO Online
Palo Alto Networks firewall flaw has been exploited for several weeks
FRIEND
CSO Online
Become a millionaire by bug hunting on Android
FOE
CSO Online
13 new critical holes in JavaScript sandbox allow execution of arbitrary code
FRIEND
Sophos News
Sophos named a Leader in the KuppingerCole Analysts Leadership Compass for Managed Detection and Response 2026
FOE
CISA KEV
CVE-2026-42208: BerriAI LiteLLM SQL Injection Vulnerability
FRIEND
The Register (Security)
Mozilla boasts Mythos boosted Firefox bug cull
FOE
Bleeping Computer
Canvas login portals hacked in mass ShinyHunters extortion campaign
FOE
Bleeping Computer
New TCLBanker malware self-spreads over WhatsApp and Outlook
FOE
CSO Online
Ollama vulnerability highlights danger of AI frameworks with unrestricted access
FOE
Dark Reading
After Replacing TeamPCP Malware, 'PCPJack' Steals Cloud Secrets
FOE
CSO Online
LinkedIn illegally blocking free accounts from seeing ‘who’s viewed your profile’ data, group alleges
FOE
The Register (Security)
Anthropic response to 1-click pwn: Shouldn't have clicked 'ok'
FRIEND
Ars Technica (Security)
Mozilla says 271 vulnerabilities found by Mythos have "almost no false positives"
FOE
SecurityWeek
Worries About AI’s Risks to Humanity Loom Over the Trial Pitting Musk Against OpenAI’s Leaders
FOE
Bleeping Computer
New PCPJack worm steals credentials, cleans TeamPCP infections
FOE
Bleeping Computer
Australia warns of ClickFix attacks pushing Vidar Stealer malware
FOE
The Hacker News
Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access
FOE
The Hacker News
PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems
FRIEND
Dark Reading
Has CISA Finally Found Its New Leader in Tom Parker?
FOE
The Register (Security)
60% of MD5 password hashes are crackable in under an hour
FRIEND
BrightTALK InfoSec
Application Security for the New Age: From Reactive to Proactive
FRIEND
BrightTALK InfoSec
The Autonomous Pipeline: Embedding Zero-Trust Guardrails with Kyverno
FRIEND
EPIC
EPIC Encourages CalPrivacy to Enact Independent Testing and Inspection Requirements for Data Broker Audits
FOE
SecurityWeek
Palo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking
FOE
Bleeping Computer
Ivanti warns of new EPMM flaw exploited in zero-day attacks
FRIEND
Professor Messer
Today’s SY0-701 CompTIA Security+ Pop Quiz: What could go wrong
FRIEND
SecurityWeek
Boost Security Raises $4 Million for SDLC Defense Platform
FOE
SecurityWeek
Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking
FRIEND
SecurityWeek
Chrome 148 Rolls Out With 127 Security Fixes
FOE
Bleeping Computer
The Browser Is Breaking Your DLP: How Data Slips Past Modern Controls
FRIEND
The Hacker News
One Click, Total Shutdown: The "Patient Zero" Webinar on Killing Stealth Breaches
FOE
SecurityWeek
Attackers Could Exploit AI Vision Models Using Imperceptible Image Changes
FOE
Bleeping Computer
Americans sentenced for running 'laptop farms' for North Korea
FOE
The Hacker News
PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage
FOE
SecurityWeek
Vendor Says Daemon Tools Supply Chain Attack Contained
FRIEND
Dark Reading
World's First AI-Driven Cyberattack Couldn't Breach OT Systems
FOE
Dark Reading
'TrustFall' Convention Exposes Claude Code Execution Risk
FOE
SecurityWeek
AI Coding Agents Could Fuel Next Supply Chain Crisis
FOE
Bleeping Computer
Crypto gang member gets 6.5 years for role in $230 million heist
FRIEND
CSO Online
Bots in translation: Can AI really fix SIEM rule sprawl across vendors?
FRIEND
Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: It’s a 50,000 mile network
FRIEND
Bleeping Computer
Webinar: Why modern attacks require both security and recovery
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
CISA Alerts
MAXHUB Pivot Client Application
FRIEND
SecurityWeek
Webinar Today: Securing Identity Across Humans, Machines and AI
FOE
The Hacker News
ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories
FOE
SecurityWeek
Cisco Patches High-Severity Vulnerabilities in Enterprise Products
FOE
CSO Online
Critical Palo Alto Networks software bug hits exposed firewalls
FOE
Schneier on Security
Smart Glasses for the Authorities
FOE
Bleeping Computer
Palo Alto Networks firewall zero-day exploited for nearly a month
FOE
The Hacker News
Day Zero Readiness: The Operational Gaps That Break Incident Response
FOE
SecurityWeek
Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack
FOE
Bleeping Computer
Fake Claude AI website delivers new 'Beagle' Windows malware
FOE
The Hacker News
PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux
FRIEND
CSO Online
CISOs: Align cyber risk communication with boardroom psychology
FOE
SecurityWeek
Claude AI Guided Hackers Toward OT Assets During Water Utility Intrusion
FRIEND
CSO Online
Ten years later, has the GDPR fulfilled its purpose?
FOE
The Hacker News
vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution
FOE
Risky Business News
Srsly Risky Biz: After Mythos, US Government Weighs AI Model Regulation
FRIEND
CSO Online
US government agency to safety test frontier AI models before release
FRIEND
SANS Internet Storm Center
An Adaptive Cyber Analytics UI for Web Honeypot Logs [Guest Diary], (Wed, May 6th)
FOE
CISA KEV
CVE-2026-6973: Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability
FRIEND
Sophos News
How AI-accelerated threat discovery is reshaping network security
FOE
Sophos News
Donuts and Beagles: Fake Claude site spreads backdoor
FRIEND
EFF Deeplinks
Milestone 1.0.0 Release of APK Downloader `apkeep` Powers Research on Android Apps
FOE
Bleeping Computer
Hackers abuse Google ads for GoDaddy ManageWP login phishing
FOE
Dark Reading
Yet Another Way to Bypass Google Chrome's Encryption Protection
FOE
Dark Reading
Instructure Breach Exposes Schools' Vendor Dependence
FOE
The Hacker News
Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks
FOE
Bleeping Computer
Critical vm2 sandbox bug lets attackers execute code on hosts
FOE
The Register (Security)
Arctic Wolf kicks 250 employees out of the pack to save money for AI
FOE
Bleeping Computer
New Cisco DoS flaw requires manual reboot to revive devices
FOE
The Register (Security)
1 in 8 employees totally cool with selling work credentials
FOE
CSO Online
Iranian state-backed spies pose as ransomware slingers in false flag attacks
FOE
Bleeping Computer
DAEMON Tools devs confirm breach, release malware-free version
FOE
EPIC
EPIC, CDT Urge HUD to Abandon Proposed AI Tool That Would Use Sensitive Data
FOE
EFF Deeplinks
👎 California's Terrible, No Good, Very Bad Social Media Ban | EFFector 38.9
FOE
The Register (Security)
Iran cybersnoops still LARPing as ransomware crooks in espionage ops
FOE
SecurityWeek
Autonomous Offensive Security Firm XBOW Raises $35 Million
FOE
EFF Deeplinks
The SECURE Data Act is Not a Serious Piece of Privacy Legislation
FOE
Bleeping Computer
Why ransomware attacks succeed even when backups exist
FRIEND
Black Hills Information Security
Swapper – A Pure Regex Match/Replace Burp Extension
FRIEND
SecurityWeek
Herd Security Raises $3 Million for AI-Powered Training Platform
FRIEND
TCM Security Blog
AI Tools and Certification Exams: What’s Changing and Why
FOE
The Register (Security)
UK age-gating plans risk breaking the internet, privacy groups warn
FOE
Bleeping Computer
MuddyWater hackers use Chaos ransomware as a decoy in attacks
FOE
The Hacker News
MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack
FOE
SecurityWeek
Iranian APT Intrusion Masquerades as Chaos Ransomware Attack
FRIEND
Bleeping Computer
Webinar: Why network incidents escalate and how to fix response gaps
FRIEND
The Hacker News
The Hacker News Launches 'Cybersecurity Stars Awards 2026' — Submissions Now Open
FRIEND
Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: It’s not that private
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
Dark Reading
From Stuxnet to ChatGPT: 20 News Events That Shaped Cyber
FOE
SecurityWeek
Romanian Extradited to US for Role in Hacking Scheme 17 Years Ago
FOE
CSO Online
New malware turns Linux systems into P2P attack networks
FOE
The Hacker News
Your AI Agents Are Already Inside the Perimeter. Do You Know What They're Doing?
FOE
Schneier on Security
Rowhammer Attack Against NVIDIA Chips
FOE
Dark Reading
Attacks Abuse Windows Phone Link to Steal Texts & Bypass 2FA
FRIEND
SecurityWeek
CISA: Critical Infrastructure Must Master Isolation, Recovery
FOE
SecurityWeek
Sophisticated Quasar Linux RAT Targets Software Developers
FOE
Bleeping Computer
Palo Alto Networks warns of firewall RCE zero-day exploited in attacks
FRIEND
The Hacker News
Google's Android Apps Get Public Verification to Stop Supply Chain Attacks
FOE
CSO Online
Poisoned truth: The quiet security threat inside enterprise AI
FRIEND
CSO Online
Train like you fight: Why cyber operations teams need no-notice drills
FOE
The Hacker News
Windows Phone Link Exploited by CloudZ RAT to Steal Credentials and OTPs
FOE
SecurityWeek
Government, Scientific Entities Hit via Daemon Tools Supply Chain Attack
FRIEND
SecurityWeek
Oracle Debuts Monthly Critical Security Patch Updates
FOE
Risky Business News
Risky Bulletin: Extremely targeted supply chain attack hits DAEMON Tools
FOE
The Hacker News
Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution
FOE
Dark Reading
Middle East Cyber Battle Field Broadens — Especially in UAE
FOE
SecurityWeek
Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls
FRIEND
CSO Online
Die besten DAST- & SAST-Tools
FOE
The Register (Security)
India orders infosec red alert in case Mythos sparks crime spree
FOE
The Register (Security)
India orders infosec red alert in case Mythos sparks crime spree
FOE
CISA KEV
CVE-2026-0300: Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability
FOE
Bleeping Computer
New stealthy Quasar Linux malware targets software developers
FOE
Bleeping Computer
Instructure hacker claims data theft from 8,800 schools, universities
FOE
CSO Online
Supply-chain attacks take aim at your AI coding agents
FOE
Dark Reading
Trellix Source Code Breach Highlights Growing Supply Chain Threats
FRIEND
Dark Reading
Research Hub Bridges Cybersecurity Gap for Under-Resourced Organizations
FOE
CSO Online
Edge browser leaves passwords exposed in plain text, says researcher
FOE
Ars Technica (Security)
Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack
FOE
CSO Online
CISA mulls new three-day remediation deadline for critical flaws
FOE
Bleeping Computer
DAEMON Tools trojanized in supply-chain attack to deploy backdoor
FRIEND
Dark Reading
Why Security Leadership Makes or Breaks a Pen Test
FOE
Bleeping Computer
Student hacked Taiwan high-speed rail to trigger emergency brakes
FRIEND
CSO Online
CISA pushes critical infrastructure operators to prepare to work in isolation
FRIEND
The Register (Security)
ServiceNow clears agents for landing with new AI control tower
FOE
The Hacker News
Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE
FOE
The Hacker News
DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware
FRIEND
CSO Online
Oracle will patch more often to counter AI cybersecurity threat
FOE
The Register (Security)
Attackers are cashing in on fresh 'CopyFail' Linux flaw
FOE
The Register (Security)
Attackers are cashing in on fresh 'CopyFail' Linux flaw
FRIEND
Professor Messer
Today’s N10-009 CompTIA Network+ Pop Quiz: That one clashes with the metal
FOE
Dark Reading
Microsoft Edge Stores Passwords in Process Memory, Posing Enterprise Risk
FOE
SecurityWeek
Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations
FRIEND
Bleeping Computer
FTC to ban data broker Kochava from selling Americans’ location data
FOE
The Hacker News
China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions
FOE
Privacy International
From Big Oil to Big Algorithm: Public Money in Private Models
FRIEND
Bleeping Computer
The EOL Blind Spot in Your CVE Feed: What SCA Tools Miss
FOE
Bleeping Computer
The EOL Blind Spot in Your CVE Feed: What SCA Tools Don't Check.
FRIEND
EPIC
EPIC Urges Support for Chatbot Provider Liability Framework in Illinois
FOE
The Register (Security)
Real estate giant confirms vishing incident as ShinyHunters and Qilin both come knocking
FOE
The Register (Security)
Real estate giant confirms vishing incident as ShinyHunters and Qilin both come knocking
FOE
SecurityWeek
Hacker Conversations: Joey Melo on Hacking AI
FOE
Bleeping Computer
Vimeo data breach exposes personal information of 119,000 people
FOE
SecurityWeek
Critical Bug Could Expose 300,000 Ollama Deployments to Information Theft
FOE
The Register (Security)
ShinyHunters claims dump puts 119K Vimeo emails in the wild
FOE
The Register (Security)
ShinyHunters claims dump puts 119K Vimeo emails in the wild
FRIEND
Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: It might be the new glasses
FOE
CISA Alerts
ABB B&R Automation Studio
FOE
CISA Alerts
Johnson Controls CEM AC2000
FOE
CISA Alerts
ABB B&R PVI
FOE
CISA Alerts
Hitachi Energy PCM600
FOE
CISA Alerts
ABB B&R Automation Runtime
FOE
SecurityWeek
Critical Remote Code Execution Vulnerability Patched in Android
FOE
The Hacker News
The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed
FRIEND
Dark Reading
How the Story of a USB Penetration Test Went Viral
FOE
Dark Reading
How the Story of a USB Penetration Test Went Viral
FOE
The Hacker News
MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks
FOE
CSO Online
AI finds 20-year-old bugs in PostgreSQL and MariaDB
FOE
The Register (Security)
Romance scammers turn sweet talk into £102M payday
FOE
The Register (Security)
Romance scammers turn sweet talk into £102M payday
FRIEND
SANS Internet Storm Center
SSL.com rotates their root certificate today, (Tue, May 5th)
FOE
SANS Internet Storm Center
Cleartext Passwords in MS Edge? In 2026?, (Mon, May 4th)
FRIEND
Bleeping Computer
Google now offers up to $1.5 million for some Android exploits
FOE
SecurityWeek
Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server
FOE
CSO Online
Stealthy malware abuses Microsoft Phone Link to siphon SMS OTPs from enterprise PCs
FOE
SecurityWeek
Karakurt Ransomware Negotiator Sentenced to Prison
FOE
Schneier on Security
DarkSword Malware
FOE
EFF Deeplinks
EFF and 18 Organizations Urge UK Policymakers to Prioritize Addressing the Roots of Online Harm
FOE
The Hacker News
We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is
FOE
Bleeping Computer
Karakurt extortion gang ‘cold case’ negotiator gets 8.5 years in prison
FOE
Bleeping Computer
CloudZ malware abuses Microsoft Phone Link to steal SMS and OTPs
FOE
SecurityWeek
MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs
FOE
The Register (Security)
NHS to close-source hundreds of GitHub repos over AI, security concerns
FOE
The Hacker News
ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows
FOE
Bleeping Computer
ScarCruft hackers push BirdCall Android malware via game platform
FOE
SecurityWeek
WhatsApp Discloses File Spoofing, Arbitrary URL Scheme Vulnerabilities
FRIEND
CSO Online
CISOs step up to the security workforce challenge
FOE
The Intercept (Privacy)
Maker of AI Targeting System for Drones Faces Protests for Shipments to Israeli Military
FOE
CSO Online
Why most zero-trust architectures fail at the traffic layer
FOE
The Register (Security)
Microsoft's bad obsession is showing up in shabby services and slipshod software. Here's proof
FRIEND
Sophos News
Sophos Endpoint Mythos AI
FOE
Sophos News
AI Zero Days Sophos Endpoint
FOE
The Hacker News
Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API
FOE
EFF Deeplinks
Shut Down Turnkey Totalitarianism
FRIEND
OWASP Blog
OWASP Foundation Unveils Its Strategic Plan for a World Without Insecure Software
FOE
The Hacker News
Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries
FRIEND
CSO Online
10 Anzeichen für einen schlechten CSO
FRIEND
The Register (Security)
Singapore boffins get diverse SIEMs singing in harmony with agentic rule translation
FRIEND
The Register (Security)
Singapore boffins get diverse SIEMs singing in harmony with agentic rule translation
FOE
CSO Online
Anthropic Mythos spurs White House to weigh pre-release reviews for high-risk AI models
FRIEND
Sophos News
Introducing the Sophos Security Services Retainer
FOE
Bleeping Computer
Weaver E-cology critical bug exploited in attacks since March
FOE
Dark Reading
Physical Cargo Theft Gets a Boost From Cybercriminals
FOE
Dark Reading
RMM Tools Fuel Stealthy Phishing Campaign
FOE
The Register (Security)
Kids say they can beat age checks by drawing on a fake mustache
FOE
Bleeping Computer
Researchers report Amazon SES abused in phishing to evade detection
FOE
Bleeping Computer
Amazon SES increasingly abused in phishing to evade detection
FOE
EPIC
America needs a strong privacy law. The SECURE Data Act isn’t it.
FOE
Dark Reading
Exploit Cyber-Frenzy Threatens Millions via Critical cPanel Vulnerability
FRIEND
SecurityWeek
Cisco Moves to Acquire Astrix Security to Tackle Non-Human Identity Risks
FOE
CSO Online
The Winter Games effect: When gold meets DDoS
FOE
EFF Deeplinks
EFF Submission to UK Consultation on Digital ID
FOE
The Hacker News
Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools
FOE
SecurityWeek
Trellix Source Code Repository Breached
FOE
Bleeping Computer
Backdoored PyTorch Lightning package drops credential stealer
FOE
SANS Internet Storm Center
TeamPCP Weekly Analysis: 2026-W18 (2026-04-27 through 2026-05-03), (Mon, May 4th)
FOE
CSO Online
How orphaned applications are quietly fueling your shadow IT problem
FOE
The Hacker News
Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass
FOE
Bleeping Computer
Trellix discloses data breach after source code repository hack
FOE
The Register (Security)
Shadow IT has given way to shadow AI. Enter AI-BOMs
FRIEND
The Register (Security)
Shadow IT has given way to shadow AI. Enter AI-BOMs
FOE
Dark Reading
Silver Fox Springs Tax-Themed Attacks on Orgs in India, Russia
FRIEND
SANS Internet Storm Center
DShield Honeypot Update, (Mon, May 4th)
FOE
The Hacker News
⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More
FOE
Bleeping Computer
They don’t hack, they borrow: How fraudsters target credit unions
FRIEND
SecurityWeek
Cybersecurity M&A Roundup: 33 Deals Announced in April 2026
FOE
SecurityWeek
DigiCert Revokes Certificates After Support Portal Hack
FOE
Bleeping Computer
Progress warns of critical MOVEit Automation auth bypass flaw
FRIEND
Bleeping Computer
Webinar: Why MSPs must rethink security and backup strategies
FRIEND
Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: Too many emojis
FRIEND
EFF Deeplinks
Getting Digital Fairness Right: EFF's Recommendations for the EU's Digital Fairness Act
FOE
The Hacker News
2026: The Year of AI-Assisted Attacks
FOE
The Hacker News
Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia
FOE
CSO Online
Security agencies draw red lines around agentic AI deployments
FOE
Bleeping Computer
CISA says ‘Copy Fail’ flaw now exploited to root Linux systems
FOE
SecurityWeek
Exploitation of ‘Copy Fail’ Linux Vulnerability Begins
FOE
Bleeping Computer
Microsoft confirms April Windows updates cause backup failures
FRIEND
EFF Deeplinks
Getting Digital Fairness Right: EFF's Recommendations for the EU's Digital Fairness Act
FOE
Schneier on Security
Hacking Polymarket
FRIEND
SecurityWeek
OpenAI Rolls Out Advanced Security for ChatGPT Accounts
FOE
The Hacker News
Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks
FOE
The Register (Security)
If the vote you rocked, your personal info can be grokked
FOE
The Register (Security)
If the vote you rocked, your personal info can be grokked
FOE
CSO Online
The fake IT worker problem CISOs can’t ignore
FRIEND
CSO Online
How CISOs should utilize data security posture management to inform risk
FOE
SecurityWeek
Over 40,000 Servers Compromised in Ongoing cPanel Exploitation
FOE
SecurityWeek
Edtech Firm Instructure Discloses Data Breach Amid Hacker Leak Threats
FOE
The Hacker News
Global Crackdown Arrests 276, Shuts 9 Crypto Scam Centers, Seizes $701M
FOE
Risky Business News
Risky Bulletin: DigiCert hacked with a malicious screensaver file
FOE
CSO Online
Was ist ein Botnet?
FOE
The Register (Security)
Five Eyes spook shops warn rapid rollouts of agentic AI are too risky
FOE
The Register (Security)
Five Eyes spook shops warn agentic is too wonky for rapid rollout
FOE
Bleeping Computer
Instructure confirms data breach, ShinyHunters claims attack
FOE
Bleeping Computer
Microsoft Defender wrongly flags DigiCert certs as Trojan:Win32/Cerdigent.A!dha
FRIEND
SANS Internet Storm Center
Wireshark 4.6.5 Released, (Sun, May 3rd)
FOE
SecurityWeek
US Military Reaches Deals With 7 Tech Companies to Use Their AI on Classified Systems
FOE
Bleeping Computer
Telegram Mini Apps abused for crypto scams, Android malware delivery
FOE
The Hacker News
CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV
FOE
Bleeping Computer
Critrical cPanel flaw mass-exploited in "Sorry" ransomware attacks
FOE
Bleeping Computer
ConsentFix v3 attacks target Azure with automated OAuth abuse
FOE
SecurityWeek
New Bluekit Phishing Kit Features AI Assistant
FOE
The Register (Security)
Brace for the patch tsunami: AI is unearthing decades of buried code debt
FOE
The Register (Security)
Brace for the patch tsunami: AI is unearthing decades of buried code debt
FOE
The Hacker News
Trellix Confirms Source Code Breach With Unauthorized Repository Access
FOE
Bleeping Computer
Edu tech firm Instructure discloses cyber incident, probes impact
FOE
CSO Online
AI agents can bypass guardrails and put credentials at risk, Okta study finds
FOE
EPIC
EPIC Urges Representatives to Vote NO on Privacy Invasions at Treasury
FOE
Dark Reading
76% of All Crypto Stolen in 2026 Is Now in North Korea
FOE
CSO Online
Windows shell spoofing vulnerability puts sensitive data at risk
FOE
Ars Technica (Security)
Ubuntu infrastructure has been down for more than a day
FOE
SANS Internet Storm Center
Malicious Ad for Homebrew Leads to MacSync Stealer, (Fri, May 1st)
FOE
The Hacker News
30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign
FOE
Bleeping Computer
15-year-old detained over French govt agency data breach
FOE
Bleeping Computer
Story retracted
FOE
The Intercept (Privacy)
Musk Warns of Killer AI — While He and the Rest of Silicon Valley Cash In on AI That Kills
FOE
Ars Technica (Security)
GPT-5.5 matches heavily hyped Mythos Preview in new cybersecurity tests
FOE
SecurityWeek
In Other News: Scattered Spider Hacker Arrested, SOC Effectiveness Metrics, NSA Tool Vulnerability
FRIEND
EFF Deeplinks
A Bridge to Somewhere: How to Link Your Mastodon, Bluesky, or Other Federated Accounts
FOE
Dark Reading
If AI's So Smart, Why Does It Keep Deleting Production Databases?
FRIEND
SecurityWeek
Google Adjusts Bug Bounties: Chrome Payouts Drop as Android Rewards Rise Amid AI Surge
FOE
The Hacker News
Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks
FRIEND
Bleeping Computer
Criminal IP and Securonix ThreatQ Collaborate to Enhance Threat Intelligence Operations
FOE
The Hacker News
China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists
FOE
The Register (Security)
First reports come in of victims of critical cPanel vuln as 'millions' of sites potentially exposed
FOE
The Register (Security)
First reports come in of victims of critical cPanel vuln as 'millions' of sites potentially exposed
FRIEND
Bleeping Computer
Microsoft fixes Remote Desktop warnings displaying incorrectly
FRIEND
Dark Reading
Name That Toon: Mark of (Security) Progress
FRIEND
Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: I just saw him at the coffee machine
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FRIEND
CISA Alerts
Careful Adoption of Agentic AI Services
FRIEND
Dark Reading
20 Years in Cyber: Dark Reading Marks Milestone With Month of Special Coverage
FOE
The Register (Security)
OpenAI locks GPT-5.5-Cyber behind velvet rope despite slamming Anthropic for doing exactly that
FRIEND
The Register (Security)
OpenAI locks GPT-5.5-Cyber behind velvet rope despite slamming Anthropic for doing exactly that
FOE
SecurityWeek
Two US Security Experts Sentenced to Prison for Helping Ransomware Gang
FOE
Schneier on Security
A Ransomware Negotiator Was Working for a Ransomware Gang
FRIEND
Bleeping Computer
Microsoft now lets admins choose pre-installed Store apps to uninstall
FOE
SecurityWeek
Sophisticated Deep#Door Backdoor Enables Espionage, Disruption
FOE
The Register (Security)
Pro-Iran crew turns DDoS into shakedown as Ubuntu.com stays down
FOE
The Register (Security)
Pro-Iran crew turns DDoS into shakedown as Ubuntu.com stays down
FRIEND
The Hacker News
Top Five Sales Challenges Costing MSPs Cybersecurity Revenue
FRIEND
SecurityWeek
Cisco Releases Open Source Tool for AI Model Provenance
FRIEND
Bleeping Computer
Windows 11 KB5083631 update released with 34 changes and fixes
FOE
CSO Online
Human-centric failures: Why BEC continues to work despite MFA
FOE
The Hacker News
Two Cybersecurity Professionals Get 4-Year Sentences in BlackCat Ransomware Attacks
FOE
The Hacker News
Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft
FRIEND
CSO Online
Just 34% of cyber pros plan to stick with their current employer
FRIEND
CSO Online
Enterprise Spotlight: Transforming software development with AI
FOE
CSO Online
Managing OT risk at scale: Why OT cyber decisions are leadership decisions
FOE
SecurityWeek
Hugging Face, ClawHub Abused for Malware Distribution
FOE
SecurityWeek
FBI Warns of Surge in Hacker-Enabled Cargo Theft
FOE
Bleeping Computer
US ransomware negotiators get 4 years in prison over BlackCat attacks
FOE
SecurityWeek
1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom
FOE
Risky Business News
Risky Bulletin: The mysterious hack of Moldova's healthcare database
FOE
CSO Online
‘Trivial’ exploit can give attackers root access to Linux kernel
FOE
Sophos News
AI finds the vulnerabilities, but exploiting them is a different problem.
FOE
Sophos News
AI just became the world's most dangerous exploit writer. Here's why Sophos Endpoint is built to stop it.
FOE
Sophos News
Proof-of-concept exploit available for Linux 'Copy Fail' vulnerability (CVE-2026-31431)
FOE
CISA KEV
CVE-2026-31431: Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability