4 posts were published in the last hour 16:2 : Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit 16:2 : CISA urges security teams to check for software development compromises 15:32 : Iran-Linked Hackers Targeted US Fuel Tank…
Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit
An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network using a recently disclosed vulnerability. “The attacker compromised an internet-reachable…
CISA urges security teams to check for software development compromises
The agency warned about a wave of attacks targeting credentials and other secrets across critical supply chains. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: CISA urges security teams to check for software…
Iran-Linked Hackers Targeted US Fuel Tank Systems Through Exposed ATG Networks
A cyber incident linked to suspected Iranian hackers targeted U.S. gas station fuel monitoring systems, exposing weaknesses in critical infrastructure. Internet-connected ATG systems lacking password protection reportedly allowed attackers to gain access without stolen credentials. Though designed to track…
AI Vigilante Sting Catches Alleged Paedophile Ex-Teacher in France
A retired French physical education teacher has been placed in custody after an online sting operation exposed what investigators say was a serious attempt to solicit a minor. The case has drawn wide attention because the “girl” he was…
MokN Raises $15 Million for Phish-Back Platform
MokN’s platform deploys realistic decoy access points to lure attackers into revealing compromised credentials, enabling organizations to respond before abuse occurs. The post MokN Raises $15 Million for Phish-Back Platform appeared first on SecurityWeek. This article has been indexed from…
Charter Communications Data Breach Could Impact Nearly 5 Million
The notorious ShinyHunters extortion group leaked over 42 million records allegedly stolen from Charter in April. The post Charter Communications Data Breach Could Impact Nearly 5 Million appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Dutch police disrupts botnet composed of 17 million devices
The Dutch National Police and the country’s National Cyber Security Center (NCSC) have taken offline 200 servers controlling a botnet of 17 million devices, the law enforcement agency announced on Thursday. The investigation was launched after the NCSC received a…
Cyber Briefing: 2026.05.29
Critical infrastructure and developer workflows are under sustained pressure from a combination of high-volume software vulnerabilities, supply chain credential theft, and state-sponsored attacks. This article has been indexed from CyberMaterial Read the original article: Cyber Briefing: 2026.05.29
Final 24 hours to save up to $410 on your TechCrunch Disrupt 2026 ticket
You now have until tonight at 11:59 p.m. PT to lock in Early Bird savings of up to $410 for TechCrunch Disrupt 2026 before prices increase. Join 10,000+ tech leaders in October for one of the most anticipated tech events…
Ransomware Abuses SYSTEM Task to Encrypt Drives with Elevated Privileges
A newly analyzed ransomware strain, “The Gentlemen,” is raising concern among security researchers due to its ability to combine strong encryption with aggressive lateral movement. What makes this threat particularly dangerous is its use of SYSTEM-level scheduled tasks to encrypt…
Securing and Governing AI Agents At Scale Through A Unified AI Gateway
Palo Alto Networks acquires Portkey, integrating its AI Gateway into Prisma AIRS. Get the unified control plane to securely govern and operationalize autonomous AI agents. The post Securing and Governing AI Agents At Scale Through A Unified AI Gateway appeared…
IT Security News Hourly Summary 2026-05-29 15h : 16 posts
16 posts were published in the last hour 13:3 : Oracle Critical Security Update – Patch for 35 New Vulnerabilities Across Products 13:2 : Legitimate-Looking Codex Remote UI Steals OpenAI Codex Authentication Tokens 13:2 : Hackers Use Fake Adobe Document…
Oracle Critical Security Update – Patch for 35 New Vulnerabilities Across Products
Oracle has rolled out its first Critical Security Patch Update (CSPU), delivering 35 new security fixes for serious vulnerabilities across several major product lines, including Oracle Database, Oracle REST Data Services, Oracle Communications Unified Assurance, Oracle E‑Business Suite, and Oracle…
Legitimate-Looking Codex Remote UI Steals OpenAI Codex Authentication Tokens
A polished, fully functional npm package has been caught secretly stealing OpenAI Codex authentication tokens from developers who trusted it. The package, named codexui-android, presented itself as a remote web UI for OpenAI Codex with no obvious signs of being…
Hackers Use Fake Adobe Document Cloud Pages to Deliver ScreenConnect Malware
A sophisticated phishing campaign is actively targeting financial organizations by using fake Adobe Document Cloud pages to silently install ScreenConnect remote access malware on victim machines. The operation is well-structured, deceptive, and difficult to detect because it blends into everyday…
Dutch cops wrest 17M devices from mystery botnet’s clutches
Hosting provider pulled the plug after police traced 200 servers to the Netherlands This article has been indexed from www.theregister.com – Articles Read the original article: Dutch cops wrest 17M devices from mystery botnet’s clutches
Gogs Zero-Day Exposes Servers to Remote Code Execution
The critical-severity issue, assigned a CVSS score of 9.4, is an argument injection flaw that can be exploited by authenticated attackers via pull requests with malicious branch names. The post Gogs Zero-Day Exposes Servers to Remote Code Execution appeared first…
Silent Ransom Group Uses In-Person IT Impersonation to Breach Systems
Threat actors from the Silent Ransom Group, aka Luna Moth, are escalating attacks by impersonating IT staff in phone calls and even showing up in person to gain direct access to victim systems This article has been indexed from www.infosecurity-magazine.com…
CyCOS Expands UK SME Cybersecurity Support
A UK pilot program designed to provide peer-led cybersecurity support to small and medium enterprises is preparing for significant expansion. This article has been indexed from CyberMaterial Read the original article: CyCOS Expands UK SME Cybersecurity Support
JINX-0164 Uses LinkedIn Lures to Deploy Custom macOS Malware
A newly identified threat actor tracked as JINX-0164 is targeting cryptocurrency organizations through sophisticated LinkedIn-based social engineering campaigns. The financially motivated group has been active since at least mid-2025. It is leveraging custom macOS malware, credential theft, and CI/CD pipeline…
DIL Observatory: when the World Escalates, the Underground Responds
Digital Intelligence Lab (DIL) launches an observatory for reading cyber events as what they actually are: signals of a broader social and geopolitical reality. The timing rarely lies, and the connection between real-world events and cyber activity is no longer…
Signal users targeted in backup-stealing phishing attacks
Cybercriminals are impersonating Signal Support to steal backup recovery keys, giving them access to victims’ entire message archives. This article has been indexed from Malwarebytes Read the original article: Signal users targeted in backup-stealing phishing attacks
New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks
A previously undocumented threat actor dubbed GREYVIBE has been attributed to ongoing and persistent attacks targeting Ukraine and Ukraine-related entities since at least August 2025. GREYVIBE, per WithSecure, is assessed to be a Russian-speaking group operating broadly in the Russian…