New Fragnesia kernel flaw lets unprivileged local users escalate to root on Linux systems This article has been indexed from www.infosecurity-magazine.com Read the original article: New Fragnesia Flaw Hands Linux Local Users Root Access
Cyber Briefing: 2026.05.14
Attackers are leveraging legacy proxy tools for persistent access in a landscape where critical infrastructure and healthcare remain highly vulnerable to third-party supply chain failures and evolving This article has been indexed from CyberMaterial Read the original article: Cyber Briefing:…
FamousSparrow Targeted Oil and Gas Industry via MS Exchange Server Exploit
Bitdefender Labs reveals how the China-linked FamousSparrow hacking group targeted an Azerbaijani energy firm using ProxyNotShell, Deed RAT,… This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: FamousSparrow Targeted Oil…
Chinese APT Exploits Microsoft Exchange to Breach Energy Sector Network
Chinese state-aligned hackers compromised a Microsoft Exchange server at a major energy firm. They repeatedly reused that same entry point to run a months‑long espionage operation, deploying the Deed RAT and Terndoor backdoors to maintain deep access across the network.…
Palo Alto PAN-OS 0-Day Exploited to Execute Arbitrary Code With Root Privileges on Firewalls
A critical vulnerability in Palo Alto Networks PAN-OS is putting enterprise firewalls at risk, allowing unauthenticated attackers to execute arbitrary code with root privileges. Tracked as CVE-2026-0300, the flaw affects the User-ID Authentication Portal (Captive Portal) and has already seen…
Hackers Abuse Legitimate HWMonitor Binary to Load Malicious DLL Payload
Hackers are once again turning familiar tools against the very users who trust them. A new attack campaign has been discovered in which threat actors weaponized HWMonitor, a widely used hardware monitoring utility developed by CPUID, to silently deliver a…
Critical GitLab Vulnerabilities Enables XSS and Unauthenticated DoS Attacks
Threat actors are constantly hunting for infrastructure weaknesses, and a newly discovered batch of vulnerabilities in GitLab just handed them a dangerous roadmap. On May 13, 2026, GitLab rolled out emergency security updates to address multiple high-severity flaws. These bugs…
Chinese APTs Expand Targets, Update Backdoors in Recent Campaigns
Salt Typhoon has hit an energy entity in Azerbaijan. Twill Typhoon has targeted Asian entities with an updated RAT. The post Chinese APTs Expand Targets, Update Backdoors in Recent Campaigns appeared first on SecurityWeek. This article has been indexed from…
Cofense adds AI-powered campaign detection to stop phishing attacks
Cofense has announced new advancements to its Phishing Defense Platform aimed at improving detection and response to AI-powered phishing attacks. The updates include AI-driven phishing detection, enhanced triage automation, and AI-assisted training campaign creation designed to strengthen protection across the…
Foxconn confirms factory attacks, BitLocker zero-day accesses protected drives, MDASH patches Windows flaws
Foxconn confirms North American factory attack BitLocker zero-day accesses protected drives MDASH patches 16 Windows flaws Get the show notes here: https://cisoseries.com/cybersecurity-news-foxconn-factory-attacks-bitlocker-zero-day-accesses-protected-drives-mdash-patches-windows-flaws/↗ Huge thanks to our episode sponsor, Doppel Social engineering attacks look trustworthy — a routine request, an internal…
Canadian Telecom Providers Face Cyber Threats
Canadian telecommunications companies are facing an escalating wave of cyber threats that target both their infrastructure and customer data. This article has been indexed from CyberMaterial Read the original article: Canadian Telecom Providers Face Cyber Threats
Atrium Health, Interim HealthCare Hit by Vendor Breaches
Two healthcare organizations have disclosed significant data breaches originating from compromised third-party vendors, highlighting ongoing risks in the healthcare supply chain. This article has been indexed from CyberMaterial Read the original article: Atrium Health, Interim HealthCare Hit by Vendor Breaches
CISA releases AI SBOM guidance for supply-chain oversight
The US Cybersecurity and Infrastructure Security Agency (CISA) and its G7 partners have published guidance defining minimum elements for AI software bills of materials, a framework that extends traditional SBOM practices to cover the unique components of AI systems. This…
UK Cyber Sector Grows to £14.7bn as Resilience Bill Advances
The UK government reported that its cybersecurity sector generated £14.7 billion ($19.9 billion) in revenue during the past year, contributing £9.1 billion to the national economy in gross value added, a 17% annual increase. This article has been indexed from…
Cisco cuts 4,000 jobs, prioritizes AI and security
Cisco Systems will eliminate up to 4,000 positions globally beginning May 14, 2026, representing roughly 5% of its total workforce. This article has been indexed from CyberMaterial Read the original article: Cisco cuts 4,000 jobs, prioritizes AI and security
Critical Exim Mailer Flaw Enables Remote Code Execution Attacks
A newly disclosed vulnerability in the widely used Exim mail transfer agent exposes thousands of internet-facing mail servers to unauthenticated remote code execution, threatening core email infrastructure across Linux and Unix-like systems. Tracked as CVE-2026-45185 and nicknamed “Dead.Letter,” the bug…
New Malware Framework Enables Screen Control and UAC Bypass
A sophisticated malware framework capable of screen control, browser artifact access, and User Account Control (UAC) bypass, highlighting how attackers are increasingly adapting open-source tools for real-world intrusions. The attack chain revealed a carefully staged operation designed to blend into…
How AI Hallucinations Are Creating Real Security Risks
AI hallucinations are introducing serious security risks into critical infrastructure decision-making by exploiting human trust through highly confident yet incorrect outputs. When an AI model lacks certainty, it doesn’t have a mechanism to recognize that. Instead, it generates the most…
PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure
Threat actors have been observed attempting to exploit a recently disclosed security vulnerability in PraisonAI, an open-source multi-agent orchestration framework, within four hours of public disclosure. The vulnerability in question is CVE-2026-44338 (CVSS score: 7.3), a case of missing authentication…
Canon MailSuite Security Flaw Allows Attackers to Execute Code Remotely
Canon has disclosed a critical security vulnerability in its GUARDIANWALL MailSuite product that could allow attackers to execute arbitrary code remotely, raising serious concerns for organizations relying on the platform for email security. The issue, officially announced on May 13,…
Kimsuky targets organizations with PebbleDash-based tools
Kaspersky researchers analyze a range of new PebbleDash-based tools used in recent Kimsuky campaigns and reveal their connection to the AppleSeed malware cluster. This article has been indexed from Securelist Read the original article: Kimsuky targets organizations with PebbleDash-based tools
How Dangerous Is Anthropic’s Mythos AI?
Last month, Anthropic made a remarkable announcement about its new model, Claude Mythos Preview: it was so good at finding security vulnerabilities in software that the company would not release it to the general public. Instead, it would only be…
What to do when your AI’s guardrails fail
I want to talk about the Microsoft 365 Copilot bug. Not because it was exceptional, but because what it exposed should change how every organization architects AI governance. For weeks at the beginning of the year, Microsoft 365 Copilot read…
OpenAI Hit with Class-Action Privacy Lawsuit for Sharing ChatGPT Data with Google and Meta
OpenAI Global LLC is facing a new class‑action complaint in the Southern District of California that accuses the company of quietly wiring its ChatGPT web interface with Meta’s Facebook Pixel and Google Analytics, turning highly sensitive chatbot conversations into monetizable…