A well-known botnet is now targeting cloud environments in a more calculated way than before. P2PInfect, a Rust-written peer-to-peer malware active since mid-2023, has been observed compromising Kubernetes clusters by breaking into Redis instances left exposed to the internet. The…
Flipper Unveils New Flipper One Modular Linux Cyberdeck
Flipper Devices has unveiled Flipper One, a modular Linux cyberdeck aimed at becoming a fully open, mainline-first ARM platform for hackers, researchers, and makers The company says the new device is not a successor to Flipper Zero, but a separate…
GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise
GitHub CISO Alexis Wales has named the malicious VS Code extension behind the breach they suffered at the hands of the threat group TeamPCP: Nx Console, a popular developer tool with 2.2 million installs. A malicious version of the otherwise…
Secure Identity at the Edge: Akamai Partners with Auth0
The Akamai and Auth0 partnership secures identity at the edge by combining edge intelligence and adaptive authentication to stop fraud and enhance user trust. This article has been indexed from Blog Read the original article: Secure Identity at the Edge:…
ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories
This week starts small. A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking…
IT Security News Hourly Summary 2026-05-21 15h : 5 posts
5 posts were published in the last hour 13:2 : Europol Seizes First VPN Used by Ransomware Gangs, Arrests Administrator 13:2 : Three-Quarters of Firms Knowingly Ship Vulnerable Code 12:32 : Apache OFBiz RCE Flaw Abuses Password-Change Restrictions for Authentication…
Europol Seizes First VPN Used by Ransomware Gangs, Arrests Administrator
Europol has seized First VPN, a service used by ransomware gangs, arrested its administrator and gained access to data linked to thousands of users. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read…
Three-Quarters of Firms Knowingly Ship Vulnerable Code
AI risks threaten to permeate supply chains through unvetted code and unaudited suppliers This article has been indexed from www.infosecurity-magazine.com Read the original article: Three-Quarters of Firms Knowingly Ship Vulnerable Code
Apache OFBiz RCE Flaw Abuses Password-Change Restrictions for Authentication Bypass
A critical authentication bypass vulnerability in Apache OFBiz allows attackers to hijack forced password-change flows and achieve remote code execution (RCE) via a single HTTP request, affecting all versions before 24.09.06. Apache OFBiz RCE Flaw Apache OFBiz is an open-source…
Attackers spill plaintext passwords of 46k Myspace93 users after 2021 breach
Leakage blamed on treacherous friends exposed unencrypted credentials, email addresses This article has been indexed from www.theregister.com – Articles Read the original article: Attackers spill plaintext passwords of 46k Myspace93 users after 2021 breach
Cisco Patches Critical Vulnerability in Secure Workload
Insufficient validation and authentication in the Secure Workload’s REST APIs provide remote attackers with Site Admin privileges. The post Cisco Patches Critical Vulnerability in Secure Workload appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Android Malware Spotted Subscribing Victims to Paid Services Without Consent
Cybersecurity researchers expose a 10-month global Android malware campaign using fake apps to secretly charge users through premium SMS bills. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: Android…
Scammers are abusing an internal Microsoft account to send spam links
The loophole allows spammers and scammers to send emails from a legitimate Microsoft email address typically used for sending genuine account alerts. This article has been indexed from Security News | TechCrunch Read the original article: Scammers are abusing an…
Proton Launches Credential Tokens to Tackle AI Agent Security Gap
A growing tension sits at the heart of enterprise AI deployments: organisations want agents to act autonomously, yet handing over passwords and API keys to automated systems represents a significant and largely unresolved security risk. Proton is now attempting to…
GitHub Internal Repositories Breached Via Weaponized VS Code Extension
GitHub confirmed a significant security breach on May 18, 2026, after attackers leveraged a weaponized Visual Studio Code extension to compromise an employee’s device and exfiltrate data from the company’s internal source code repositories. The attack was detected and contained…
Ocean Emerges From Stealth With $28M for Agentic Email Security Platform
The company has developed a platform that uses specialized AI agents to inspect every incoming message. The post Ocean Emerges From Stealth With $28M for Agentic Email Security Platform appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Microsoft Warns of Two Actively Exploited Defender Vulnerabilities
Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild. The former, tracked as CVE-2026-41091, is rated 7.8 on the CVSS scoring system. Successful exploitation of the flaw could…
Nine-Year-Old Linux Kernel Flaw Leaks SSH Keys and Password Hashes
Qualys finds nine-year-old Linux ptrace flaw exposing SSH keys and password hashes locally This article has been indexed from www.infosecurity-magazine.com Read the original article: Nine-Year-Old Linux Kernel Flaw Leaks SSH Keys and Password Hashes
Discord Enables End-to-End Encryption by Default Across Voice and Video Features
Discord has officially enabled end-to-end encryption (E2EE) by default for all voice and video communications across its platform, marking a significant shift in user privacy and secure communications. The announcement, made on May 18, 2026, confirms that every voice and…
Microsoft Defender Zero-Day Vulnerabilities Actively Exploited in the Wild
Microsoft has disclosed two new zero-day vulnerabilities in Microsoft Defender that are actively being exploited in the wild, raising concerns among security professionals and enterprise users. The vulnerabilities, tracked as CVE-2026-41091 and CVE-2026-45498, were officially released on May 19, 2026,…
Industry Reacts to Verizon DBIR 2026 as Vulnerability Exploitation Takes Top Spot
The 2026 Verizon Data Breach Investigations Report (DBIR) has sparked widespread industry reaction, with security leaders warning that AI-enabled attacks, vulnerability exploitation, and third-party risk are reshaping the threat landscape faster than many organisations can respond. For the first time…
TikTok, YouTube, and Roblox face scrutiny, but age gates won’t fix child safety
Ofcom says TikTok and YouTube are “not safe enough” for children, but simply adding stricter age checks is not the answer. This article has been indexed from Malwarebytes Read the original article: TikTok, YouTube, and Roblox face scrutiny, but age…
Cisco serves up yet another perfect 10 bug with Secure Workload admin flaw
Switchzilla says attackers could access sensitive data and make configuration changes across tenant boundaries through vulnerable internal APIs This article has been indexed from www.theregister.com – Articles Read the original article: Cisco serves up yet another perfect 10 bug with…
Apple Rejected 2 Million App Store Submissions in 2025 for Security and Fraud Prevention
The company blocked over 1.1 billion accounts and $2.2 billion in potentially fraudulent transactions. The post Apple Rejected 2 Million App Store Submissions in 2025 for Security and Fraud Prevention appeared first on SecurityWeek. This article has been indexed from…