The hackers gained the ability to modify equipment operational parameters, creating a direct risk to the public water supply. The post Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants appeared first on SecurityWeek. This article has been…
Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise
A previously undocumented Linux implant codenamed Quasar Linux RAT (QLNX) is targeting developers’ systems to establish a silent foothold as well as facilitate a broad range of post-compromise functionality, such as credential harvesting, keylogging, file manipulation, clipboard monitoring, and network…
AI Firm Braintrust Prompts API Key Rotation After Data Breach
Hackers accessed one of the company’s AWS accounts and compromised AI provider secrets stored in Braintrust. The post AI Firm Braintrust Prompts API Key Rotation After Data Breach appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Cline Kanban WebSocket Vulnerability Enables Malicious Sites to Take Over AI Coding Agents
Cline, a widely adopted open-source AI coding agent, has recently patched a severe vulnerability in its local Kanban server. Trusted by developers with deep access to source code, cloud credentials, and terminals, Cline automates complex coding tasks. However, researchers from…
Fake OpenClaw Installer Targets Crypto Wallets and Password Managers
Hackers are abusing a fake OpenClaw installer to deploy a modular Rust-based infostealer framework dubbed Hologram, aimed at harvesting credentials from more than 250 crypto wallet and password manager browser extensions while hiding behind trusted cloud and messaging services. The site…
Mozilla Patches 423 Firefox Vulnerabilities with Claude Mythos and Other AI Models
Mozilla has fixed a total of 423 Firefox security bugs in April 2026 alone, a figure nearly 20 times higher than its monthly average of about 21 bugs throughout 2025, driven by a groundbreaking agentic AI pipeline built around Anthropic’s…
New NWHStealer Delivery Chain Uses Bun Loader, Anti-VM Checks, and Encrypted C2
A new and evolving threat has caught the attention of cybersecurity researchers worldwide. A Windows-based information stealer known as NWHStealer has resurfaced with a more sophisticated delivery chain, now using the Bun JavaScript runtime as part of its infection process.…
New PCPJack Worm Targets Docker, Kubernetes, Redis, and MongoDB for Credential Theft
A sophisticated new malware framework called PCPJack has been found actively targeting cloud environments across the internet, hunting for exposed services and stripping away credentials at scale. The worm zeroes in on Docker, Kubernetes, Redis, and MongoDB deployments, turning misconfigured…
Meta fights Ofcom over how many billions count as billions
Social media biz says watchdog’s fine formula is ‘disproportionate’ and should stop counting global revenue This article has been indexed from www.theregister.com – Articles Read the original article: Meta fights Ofcom over how many billions count as billions
Hackers ate my homework: Educational SaaS Canvas down after cyberattack
ShinyHunters takes the credit and gives developer an F for security This article has been indexed from www.theregister.com – Articles Read the original article: Hackers ate my homework: Educational SaaS Canvas down after cyberattack
Cyberattack Hits Canvas System Used by Thousands of Schools as Finals Loom
A system that thousands of schools and universities use went offline due to a cyberattack, creating chaos as students tried to study for finals. The post Cyberattack Hits Canvas System Used by Thousands of Schools as Finals Loom appeared first…
Ivanti EPMM vulnerability exploited in zero-day attacks (CVE-2026-6973)
Ivanti has released fixes for 5 high-severity vulnerabilities in its Endpoint Manager Mobile (EPMM) solution, one of which (CVE-2026-6973) has being exploited as a zero-day by attackers. “We are aware of a very limited number of customers exploited with CVE-2026-6973,”…
New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials
Cybersecurity researchers have disclosed details of a new Linux backdoor named PamDOORa that’s being advertised on the Rehub Russian cybercrime forum for $1,600 by a threat actor called “darkworm.” The backdoor is designed as a Pluggable Authentication Module (PAM)-based post-exploitation…
One Missed Threat Per Week: What 25M Alerts Reveal About Low-Severity Risk
The dark secret of enterprise security operations is that defenders have quietly institutionalized the practice of not looking. This is not just anecdotal, but rather backed by a recent report investigating more than 25 million security alerts, including informational and…
Australian Cyber Security Centre Issues Alert Over ClickFix Attacks
ACSC warns over a campaign targeting organizations which uses ClickFix to deliver Vidar infostealer malware This article has been indexed from www.infosecurity-magazine.com Read the original article: Australian Cyber Security Centre Issues Alert Over ClickFix Attacks
Pentest-Tools.com Releases Free Scanner for CVE-2026-41940 as cPanel Authentication Bypass Enters Its Third Week of Active Exploitation
Pentest-Tools.com has released a free, no-login scanner for CVE-2026-41940, the critical authentication bypass affecting cPanel & WHM and WP Squared that has been actively exploited in the wild since at least February 2026. The vulnerability, rated CVSS 9.8 Critical and…
16-30 April 2026 Cyber Attacks Timeline
In the second timeline of April 2026 I collected 108 events, corresponding to an average of 7.2 events per day, a number that confirms a growing trend, driven by the increasing number of supply chain attacks, compared to the previous…
Google is turning Android Studio into a policy watchdog
Google has expanded Play Policy Insights in Android Studio to help developers catch policy issues while coding, including warnings for common problems such as missing login credentials. Later this year, developers who connect their Play developer account directly to Android…
IT Security News Hourly Summary 2026-05-08 12h : 11 posts
11 posts were published in the last hour 10:4 : ZiChatBot Malware Abuses Zulip APIs for Stealthy C2 Operations 10:4 : Helping North Korean IT remote workers is becoming a fast track to prison 9:32 : Fake Moustache Fools Age…
ZiChatBot Malware Abuses Zulip APIs for Stealthy C2 Operations
A new cross‑platform malware family, dubbed ZiChatBot, that abuses the trusted Python Package Index (PyPI) ecosystem and the Zulip team chat platform to run a stealthy command‑and‑control (C2) channel. During routine threat hunting, analysts observed a series of malicious wheel packages…
Helping North Korean IT remote workers is becoming a fast track to prison
Two U.S. nationals were sentenced to 18 months in prison for operating “laptop farms” that helped North Korean IT workers gain employment at nearly 70 American companies, generating more than $1.2 million for Pyongyang’s government. Although Matthew Issac Knoot of…
Fake Moustache Fools Age Checks, Sparks Online Safety Act Fears
A critical gaps in age verification systems introduced under the Online Safety Act, with children easily bypassing safeguards using simple tricks including drawing fake facial hair to appear older on camera. The Online Safety Act, which came into force in…
Hackers Use Morse Code to Trick Grok and Bankrbot, Steal $200K in Crypto Tokens
Threat actors have successfully executed a novel prompt injection attack against artificial intelligence agents, draining approximately $200,000 in cryptocurrency. By using Morse code to bypass standard AI safety filters, an attacker tricked the Grok AI model and an autonomous wallet…
Critical Vulnerability in Rancher Fleet Enables Full Cluster-Admin Privileges
The SUSE Rancher Security team disclosed a critical vulnerability tracked as CVE-2026-41050. This severe flaw affects Rancher Fleet, a popular GitOps tool for managing Kubernetes clusters at scale. The vulnerability completely breaks the platform’s core multi-tenant isolation mechanism, allowing malicious…