High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1Panel-dev–MaxKB MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.0, MaxKB’s webhook trigger endpoint (/api/trigger/v1/webhook/{trigger_id}) is accessible without authentication. The WebhookAuth class unconditionally returns (None, {}), which…
Meta tries to get ahead of scammers before the World Cup begins
Football fans are counting down the days until the FIFA World Cup begins, and scammers are doing the same. Last week, the FBI warned that cybercriminals are spoofing FIFA websites to steal personal information, sell fake tickets, and promote fraudulent…
Multiple Red Hat Cloud Services npm Packages Compromised to Deploy Credential-Stealing Malware
A significant supply chain attack on June 1, 2026, targeting over 30 official packages under the @redhat-cloud-services npm scope. The campaign, dubbed “Miasma: The Spreading Blight,” is a new variant of the Mini Shai-Hulud malware family a sophisticated credential-stealing worm…
SmartApeSG Campaign Uses ClickFix Scripts to Infect Windows Hosts With RAT Malware
A well-known social engineering campaign called SmartApeSG is back in the spotlight, this time using ClickFix scripts to quietly plant remote access malware on Windows computers. The campaign lures victims through fake verification pages that trick them into running a…
Attackers Abuse Docker and Kubernetes Misconfigurations to Compromise Host Systems
Attackers are actively exploiting misconfigurations in Docker and Kubernetes environments to break out of containers and take full control of the underlying host systems. What was once a niche concern has grown into a serious and escalating threat, with attackers…
Microsoft Office for the Web and Teams Hit by File Access Outage
Microsoft experienced a service disruption affecting users’ ability to open files through Office for the Web and Microsoft Teams, with the company confirming resolution after investigating elevated error rates across its online productivity platform. The incident, tracked internally under MO1329446…
Spring 2026 SOC 1, 2, and 3 reports are now available with 188 services in scope
Amazon Web Services (AWS) is pleased to announce that the Spring 2026 System and Organization Controls (SOC) 1, 2, and 3 reports are now available. The reports cover 188 services over the 12-month period from April 1, 2025–March 31, 2026,…
IT Security News Hourly Summary 2026-06-01 18h : 13 posts
13 posts were published in the last hour 16:3 : Unauthenticated Privilege Escalation Vulnerability Patched in Kirki WordPress Plugin 16:3 : TeamPCP’s Supply Chain Campaign Raises Fresh Concerns Over Open-Source Software Security 16:3 : Bengaluru Developer’s Viral AI Tool Shows…
Unauthenticated Privilege Escalation Vulnerability Patched in Kirki WordPress Plugin
On May 4th, 2026, we received a submission for an Unauthenticated Privilege Escalation vulnerability in the Kirki WordPress plugin. Although the plugin has more than 500,000 active installations, we estimate that only around 150,000 sites are using a vulnerable version,…
TeamPCP’s Supply Chain Campaign Raises Fresh Concerns Over Open-Source Software Security
A cybercrime group known as TeamPCP has been linked to an expanding series of software supply chain attacks that researchers say have affected hundreds of organizations, with GitHub becoming the latest high-profile name connected to the campaign. GitHub recently…
Bengaluru Developer’s Viral AI Tool Shows the Power of One Click Decisions
As artificial intelligence continues to transform software development workflows and corporate staffing strategies, discussions regarding automation-driven job displacement have gained increasing prominence across the technology sector. Against this backdrop, a Bengaluru software engineer has captured widespread attention online with…
Media Regulators Call Out Youtube, TikTok for Ignoring Child Safety
According to a report by Ofcom, YouTube and TikTok have failed to implement steps to safeguard British children from harmful online content. Data suggests widespread exposure to underage kids on these platforms. TikTok, YouTube ignoring child safety Ofcom media regulators…
MAPO Token Crashes 96% After Cross-Chain Bridge Exploit Triggers Massive Unauthorized Mint
A major shock hit cryptocurrency markets when the MAPO token crashed nearly 96% after a vulnerability in the Butter Network cross-chain bridge was exploited. The attacker created an enormous number of unauthorized tokens, flooding the market with supply far…
CLARITY Act Explained: How the 2025 U.S. Crypto Bill Ends a Decade of Regulatory Chaos
For over a decade, the U.S. cryptocurrency industry has faced crippling regulatory uncertainty, with the SEC and CFTC locked in a bureaucratic tug-of-war over jurisdiction. The CLARITY Act (Digital Asset Market Clarity Act of 2025) is Washington’s most serious…
Pwn2Own Berlin 2026: On the Ground With TrendAI™ ZDI’s Biggest AI Showdown Yet
47 zero-days fell at Pwn2Own Berlin 2026 for US$1,298,250 in payouts. TrendAI™ was on the ground all three days — here’s what we saw. This article has been indexed from Trend Micro Research, News and Perspectives Read the original article:…
IT Security Guru picks for Infosecurity Europe 2026
With Infosecurity Europe kicking off tomorrow, many of us will be fine tuning our schedules and prepping for the festivities to kick off. The Gurus have been busy collecting a selection of unmissable events to help you plan your trip…
Fake BlueWallet steals passwords, accounts, and crypto from Macs
A fake BlueWallet download tricks Mac users into running malware that steals passwords, crypto wallets, and clipboard data. This article has been indexed from Malwarebytes Read the original article: Fake BlueWallet steals passwords, accounts, and crypto from Macs
Critical Windows Netlogon Vulnerability in Attackers’ Crosshairs
Organizations are advised to patch CVE-2026-41089 as soon as possible, given its severity, the potential ongoing exploitation. The post Critical Windows Netlogon Vulnerability in Attackers’ Crosshairs appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
NetQuest expands NetworkLens to detect threats hidden in network management traffic
NetQuest announced an expansion of its NetworkLens enriched dataset portfolio. The new network telemetry datasets deliver detailed traffic characteristics of network management transactions, giving security teams the granular, AI-ready intelligence needed to detect threats hidden within the protocols used to…
CISA adds critical Palo Alto Networks firewall flaw to KEV as company, researchers warn of exploitation
The vulnerability in a vital defensive technology “poses significant risks” to federal networks, CISA said. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: CISA adds critical Palo Alto Networks firewall flaw to KEV…
Without strong governance, companies put credit ratings at risk in AI era
A new report from S&P Global provides a blueprint for how companies can adapt to the changing threat environment. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Without strong governance, companies put credit…
RaccoonLine Publishes 2026 dVPN Buyer’s Guide for Privacy-Focused Users
Roma, Італія, 1st June 2026, CyberNewswire This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: RaccoonLine Publishes 2026 dVPN Buyer’s Guide for Privacy-Focused Users
Ransomware Operators Keep Business Hours. The Data Proves It
16,699 ransomware leak posts over 2 years show 84% drop Monday–Friday, peak at European afternoon hours. October spikes yearly. Someone analyzed 16,699 ransomware leak-site posts across 200 groups over two years and asked the question most threat intelligence reports dance…
GTA cheat service Atlas Menu hacked as attacker alleges screenshot spying
A database containing 64,000 user records was published to GitHub after an attacker claimed to have compromised all Atlas systems This article has been indexed from www.theregister.com – Articles Read the original article: GTA cheat service Atlas Menu hacked as…