<p>Following a massive cyberattack on its popular Canvas learning management system, education software provider Instructure said it had struck a deal with malicious hackers to recover its stolen data. Instructure did not disclose the terms of the deal, but experts…
Pwn2Own Berlin 2026, Day Two: $385,750 more, Microsoft Exchange falls, and the running total crosses $900K
Day two of Pwn2Own Berlin 2026 saw $385,750 earned for 15 zero-days, bringing the total to $908,750 and 39 vulnerabilities over two days. During the second day of Pwn2Own Berlin 2026, security researchers earned $385,750 after successfully demonstrating 15 unique…
IT Security News Hourly Summary 2026-05-16 00h : 2 posts
2 posts were published in the last hour 21:55 : IT Security News Daily Summary 2026-05-15 21:32 : The Department of Know: GemStuffer attack, AI SBOMs, and AI-created zero-days
IT Security News Daily Summary 2026-05-15
133 posts were published in the last hour 21:32 : The Department of Know: GemStuffer attack, AI SBOMs, and AI-created zero-days 21:2 : The Next Cybersecurity Challenge May Be Verifying AI Agents 19:5 : IT Security News Hourly Summary 2026-05-15…
The Department of Know: GemStuffer attack, AI SBOMs, and AI-created zero-days
This week’s Department of Know is hosted by Rich Stroffolino, with guests Gary Chan, CISO, SSM Health and Peter Liebert, CISO, Salesloft. Missed the live show? Check it out on YouTube. The Department of Know is live every Friday at 4:00 p.m. ET. Join us each…
The Next Cybersecurity Challenge May Be Verifying AI Agents
AI agents are reshaping cybersecurity. Learn why verification, trusted identity standards, and runtime controls are now essential. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: The Next Cybersecurity Challenge…
IT Security News Hourly Summary 2026-05-15 21h : 4 posts
4 posts were published in the last hour 19:2 : Two Unpatched Windows Exploits Target BitLocker, SYSTEM Access 19:2 : OpenAI Warns Mac Users to Update Apps After Supply-Chain Attack 19:2 : A hotel check-in system left a million passports…
Two Unpatched Windows Exploits Target BitLocker, SYSTEM Access
Two unpatched Windows exploit PoCs target BitLocker protections and privilege controls after Microsoft’s May Patch Tuesday security update. The post Two Unpatched Windows Exploits Target BitLocker, SYSTEM Access appeared first on TechRepublic. This article has been indexed from Security Archives…
OpenAI Warns Mac Users to Update Apps After Supply-Chain Attack
OpenAI says Mac users must update ChatGPT, Codex, and Atlas apps by June 12 after an npm supply-chain attack exposed signing certificates. The post OpenAI Warns Mac Users to Update Apps After Supply-Chain Attack appeared first on TechRepublic. This article…
A hotel check-in system left a million passports and driver’s licenses open for anyone to see
The tech company that maintains the hotel check-in system set its cloud storage to public, allowing anyone to access customers’ data without a password. This article has been indexed from Security News | TechCrunch Read the original article: A hotel…
Reducing CVE fatigue with Red Hat Hardened Images and Anchore
If you ship software in containers, you know the vulnerability treadmill: Scanners surface a flood of CVEs, backlogs swell, and teams chase patch velocity as if it were the core business of the company (as opposed to serving customers and…
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-42897 Microsoft Exchange Server Cross-Site Scripting Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and…
The AWS AI Security Framework: Securing AI with the right controls, at the right layers, at the right phases
TL;DR for busy executives The AWS AI Security Framework helps security leaders move fast and stay secure with AI. Security compounds from day 1 as workloads evolve from prototype to production to scale. Assess first. Request a no-cost SHIP engagement…
Welcome to BlackFile: Inside a Vishing Extortion Operation
Written by: Austin Larsen, Tyler McLellan, Genevieve Stark, Dan Ebreo Introduction Google Threat Intelligence Group (GTIG) has continued to track an expansive extortion campaign by UNC6671, a threat actor operating under the “BlackFile” brand, that targets organizations via sophisticated voice…
Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access
The Russian state-sponsored hacking group known as Turla has transformed its custom backdoor Kazuar into a modular peer-to-peer (P2P) botnet that’s engineered for stealth and persistent access to compromised hosts. Turla, per the U.S. Cybersecurity and Infrastructure Security Agency (CISA),…
Hackers Use PyInstaller and AMSI Patching to Deliver XWorm RAT v7.4
Hackers are hiding XWorm malware in PyInstaller files to bypass Windows security, steal data and remotely control devices through ads. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: Hackers…
Attackers exploit critical flaw in Cisco Catalyst SD-WAN Controller
Researchers discovered the authentication bypass vulnerability while investigating a prior issue in the same service. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Attackers exploit critical flaw in Cisco Catalyst SD-WAN Controller
IT Security News Hourly Summary 2026-05-15 18h : 12 posts
12 posts were published in the last hour 16:3 : Mini Shai-Hulud: The Worm Returns and Goes Public 16:3 : RaccoonLine Publishes Analysis of VPN Data Disclosure Risks and the Shift Toward Decentralized Routing 16:3 : US orders travelers on…
Mini Shai-Hulud: The Worm Returns and Goes Public
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: Mini Shai-Hulud: The Worm Returns and Goes Public
RaccoonLine Publishes Analysis of VPN Data Disclosure Risks and the Shift Toward Decentralized Routing
Rome, Italy, 15th May 2026, CyberNewswire RaccoonLine Publishes Analysis of VPN Data Disclosure Risks and the Shift Toward Decentralized Routing on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses. This article has been indexed from…
US orders travelers on Air Force One to throw away gifts, pins, and burner phones after China trip
People who travelled to Beijing for a summit between the United States and China had to throw away items they received during the trip before boarding Air Force One, presumably for security reasons. This article has been indexed from Security…
PureLogs: Delivery via PawsRunner Steganography
FortiGuard Labs has analyzed a steganography-based malware campaign that uses PawsRunner to deliver the PureLogs infostealer, highlighting evolving delivery methods and detection strategies. This article has been indexed from FortiGuard Labs Threat Research Read the original article: PureLogs: Delivery…
Microsoft Edge, Windows 11 and LiteLLM Hacked in Pwn2Own Berlin 2026
Pwn2Own Berlin 2026 opened with a surge of zero-day exploits targeting modern browsers, operating systems, and emerging AI platforms. On Day One alone, security researchers successfully hacked Microsoft Edge, Windows 11, and LiteLLM, earning a total of $523,000 for 24…
Hackers Abuse OAuth Device Authorization Flow to Steal Microsoft 365 Tokens
Hackers are exploiting a little-known feature of Microsoft’s authentication system to steal account credentials at scale. Device code phishing campaigns now target organizations worldwide by manipulating the OAuth device authorization flow, turning a security feature into a major vulnerability. This…