MoD says StormBreaker will plug gap until homegrown SPEAR 3 integration lands This article has been indexed from www.theregister.com – Articles Read the original article: F-35 software delays leave UK buying time with US glide bombs
Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE
The researcher dropped the MiniPlasma exploit that uses the original proof-of-concept (PoC) code targeting the bug. The post Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
NCSC Publishes Guidance on Securing Agentic AI Use
The UK’s National Cyber Security Centre is helping organizations to understand agentic AI security risks This article has been indexed from www.infosecurity-magazine.com Read the original article: NCSC Publishes Guidance on Securing Agentic AI Use
IT Security News Hourly Summary 2026-05-18 12h : 10 posts
10 posts were published in the last hour 10:3 : An ICE Firearms Trainer Was Involved in At Least 4 Deadly Shootings 10:2 : Mozilla warns UK: Breaking VPNs will not magically fix Britain’s age-check mess 10:2 : First Shai-Hulud…
An ICE Firearms Trainer Was Involved in At Least 4 Deadly Shootings
David Norman, a former Phoenix police officer who’s described himself as “a fucking savage,” now runs a company that provided training to Homeland Security’s Special Response Teams. This article has been indexed from Security Latest Read the original article: An…
Mozilla warns UK: Breaking VPNs will not magically fix Britain’s age-check mess
Firefox maker says the tools are basic security infrastructure, not teenage contraband This article has been indexed from www.theregister.com – Articles Read the original article: Mozilla warns UK: Breaking VPNs will not magically fix Britain’s age-check mess
First Shai-Hulud Worm Clones Emerge
At least one threat actor has adopted the recently released malware source code in attacks against NPM developers. The post First Shai-Hulud Worm Clones Emerge appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
Security Researchers Find 47 Zero-Days at Pwn2Own Berlin
The research community was awarded $1.3m as it found dozens of novel vulnerabilities at Pwn2Own Berlin This article has been indexed from www.infosecurity-magazine.com Read the original article: Security Researchers Find 47 Zero-Days at Pwn2Own Berlin
Microsoft Acknowledges Windows 11 Update Failure Linked to Error 0x800f0922
Microsoft has acknowledged a growing issue affecting Windows 11 users: the May 2026 cumulative update (KB5089549) fails to install, resulting in error code 0x800f0922. The problem is affecting systems running Windows 11 versions 24H2 and 25H2, raising concerns among enterprise…
Hackers Abuse Cloudflare Storage to Exfiltrate Network Files
A sophisticated cyber espionage campaign targeting multiple Malaysian organizations has been uncovered, revealing a highly structured attack chain that blends custom tooling, cloud infrastructure, and stealthy data exfiltration. At the center of the operation is an Azure virtual machine (IP:…
Chaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Windows security fix
MiniPlasma: a Windows SYSTEM privilege escalation believed patched in 2020 (CVE-2020-17103) is still fully working on every patched Windows 11. Once again, security researcher Chaotic Eclipse has released a proof-of-concept exploit for a new Windows privilege escalation zero-day called MiniPlasma,…
Microsoft discloses Exchange zero-day with no patch yet available
Microsoft has disclosed a zero-day vulnerability that affects Exchange Server 2016, 2019, and Subscription Edition. This vulnerability would give bad actors an opportunity to run arbitrary code remotely on the Exchange server. Although Microsoft has not issued any patches for this security vulnerability, they…
OpenAI rotates certificates after TanStack supply chain attack hits employee devices
OpenAI has confirmed that two employee devices were compromised in the recent TanStack npm supply chain attack, prompting the company to rotate code-signing certificates and require macOS users to update their applications by 12 June. In a security advisory published this week, the company…
Attackers accessed, downloaded code from Grafana Labs’ GitHub
A threat actor has managed to access Grafana Labs’ GitHub environment and download the company’s codebase, the open-source observability and data visualization firm announced on Sunday. The breach is significant given Grafana Labs’ widespread use across enterprise engineering and DevOps…
Critical Marimo RCE Flaw Could Let Attackers Execute Malicious Code Remotely
A newly disclosed critical vulnerability in the Marimo Python notebook framework is raising serious alarms across the cybersecurity community, as it allows attackers to execute arbitrary commands remotely, without authentication. Tracked as CVE-2026-39987, the flaw exposes a WebSocket endpoint that can…
Hackers Hide PureLogs Infostealer in PawsRunner Loader
Threat actors are increasingly hiding malware inside seemingly harmless files, and a new campaign shows just how effective this tactic has become. The attack begins with a phishing email carrying a TXZ archive attachment. Disguised as an urgent invoice, the…
An AI-generated phishing attack on myself: How Cybercriminals Use ChatGPT and Similar Tools
A phishing attack that is frighteningly well tailored to me. The tone is right, the context fits, and details from my professional environment are correctly referenced. For a brief moment, everything appears credible. But I ask myself: Where does this…
1 Million WordPress Sites Affected by Avada Builder File Read and SQL Injection Flaws
A widely used WordPress plugin powering over one million websites has been hit by two serious vulnerabilities that could allow attackers to steal sensitive data and access server files. Security researchers warn that the flaws in the Avada Builder plugin could…
CISA Warns of Microsoft Exchange Server Vulnerability Exploited in Attacks
CISA has issued a fresh warning about a newly disclosed Microsoft Exchange Server vulnerability that is already being exploited in real-world attacks, raising concerns for organizations relying on on-premises email infrastructure. The flaw CVE-2026-42897 is a cross-site scripting (XSS) vulnerability affecting…
Grafana Confirms Breach After Hackers Claim They Stole Data
Grafana appears to have been targeted by Coinbase Cartel, a cybercrime group linked to ShinyHunters, Scattered Spider, and Lapsus$. The post Grafana Confirms Breach After Hackers Claim They Stole Data appeared first on SecurityWeek. This article has been indexed from…
201 arrested in INTERPOL disruption of phishing and fraud networks
Operation Ramz, a cybercrime initiative coordinated by INTERPOL across the MENA region, focused on disrupting phishing campaigns, malware activity, and cyber scams that caused substantial financial losses across the region. The operation resulted in the arrest of 201 individuals and…
MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems
Chaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and GreenPlasma, has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day flaw that grants attackers SYSTEM privileges on fully patched Windows systems. Codenamed MiniPlasma, the vulnerability…
Pre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons Simulations
A new analysis of the Lua-based fast16 malware has confirmed that it was a cyber sabotage tool designed to tamper with nuclear weapons testing simulations. According to Broadcom-owned Symantec and Carbon Black teams, the pre-Stuxnet tool was engineered to corrupt…
Bank of England, FCA and Treasury Raise Alarm Over Frontier AI
The UK’s financial authorities have set expectations for the sector on cybersecurity and operational resilience This article has been indexed from www.infosecurity-magazine.com Read the original article: Bank of England, FCA and Treasury Raise Alarm Over Frontier AI