Penetration testing has usually required weeks of manual work, specialized tooling, and teams with narrow skill sets. Lyrie, an open-source autonomous security agent built by OTT Cybersecurity, compresses that process into a command line tool and publishes the entire codebase.…
Malicious npm Packages Steal SSH Keys, Cloud Credentials, and Crypto Wallets
A new supply chain attack campaign targeting developers has surfaced in the npm ecosystem, with four malicious packages discovered stealing sensitive data, including SSH keys, cloud credentials, and cryptocurrency wallets. The campaign, identified by OX Security within the past 24…
Researchers Build First Public Apple M5 macOS Kernel Exploit with Mythos Preview
Security researchers have unveiled the first publicly known macOS kernel memory corruption exploit targeting Apple’s latest M5 silicon, marking a significant moment for both offensive security and Apple’s next-generation defenses. The exploit, developed in collaboration with Mythos Preview, reportedly bypasses…
Grafana Labs Confirms Security Incident Involving GitHub Codebase Access
Grafana Labs has confirmed a security incident involving unauthorized access to its internal GitHub environment, after a threat actor obtained a compromised access token and downloaded portions of the company’s codebase. The disclosure, made via an official statement on May…
AI shrinks vulnerability exploitation window to hours
Time has become organizations’ biggest vulnerability because the gap between vulnerability discovery and exploitation has narrowed to hours, according to Synack’s 2026 State of Vulnerabilities Report. Total vulnerabilities by severity (2022-2025) (Source: Synack) AI expands the attack surface Agentic AI…
Claude Code Vulnerability Allows Attackers to Run Commands Through Crafted Deeplinks
A recently disclosed flaw in Claude Code allowed attackers to execute arbitrary system commands using a single crafted deeplink URL, turning a convenience feature into a remote code execution (RCE) vector. The issue, documented by security researcher Joernchen, has been…
Product showcase: McAfee + ChatGPT integration turns doubt into a scam check
McAfee + ChatGPT integration brings real-time scam detection in conversations and gives users an easier way to verify suspicious content before clicking or responding. It is available to anyone, without requiring a McAfee or ChatGPT subscription. It combines conversational AI…
Claude Code RCE Flaw Lets Attackers Execute Commands via Malicious Deeplinks
A critical remote code execution (RCE) vulnerability has been discovered in Anthropic’s Claude Code CLI tool, allowing attackers to execute arbitrary commands on a victim’s machine by tricking them into clicking a specially crafted deeplink. The flaw, now patched in…
Fast16 Malware Manipulated Nuclear Weapons Simulation Data to Sabotage Test Results
Fast16 malware has been reclassified as a precision tool engineered not to disrupt nuclear warheads directly, but to quietly falsify the outcome of nuclear weapons test simulations and stall weapons development. Rather than causing kinetic damage, Fast16’s purpose was psychological…
Critical WordPress Plugin Vulnerability Exposes Websites to Authentication Bypass Attacks
A critical vulnerability in a widely used WordPress plugin has exposed over 200,000 websites to full account takeover, raising urgent concerns across the security community. Discovered on May 8, 2026, by Wordfence’s AI-powered PRISM threat intelligence platform, the flaw affects…
Hackers Earn $1.3 Million at Pwn2Own Berlin 2026
Participants demonstrated exploits for Windows, Linux, VMware, Nvidia, and AI products. The post Hackers Earn $1.3 Million at Pwn2Own Berlin 2026 appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Hackers Earn $1.3 Million…
When ransomware hits, confidence doesn’t restore endpoints
Ransomware, supply chain vulnerabilities, insider threats, compliance failures, and software disruptions remain major concerns for security leaders, according to The Ransomware Reality: Zero Days to Recover report by Absolute Security. How CISOs currently ensure endpoint resilience against ransomware (overall, %)…
IT Security News Hourly Summary 2026-05-18 06h : 1 posts
1 posts were published in the last hour 4:2 : Election Commission Says ECINET Withstood Over 68 Lakh Cyberattack Attempts During Poll Counting
Election Commission Says ECINET Withstood Over 68 Lakh Cyberattack Attempts During Poll Counting
The Election Commission of India (ECI) said its digital election infrastructure faced more than 68 lakh malicious online hits on the day votes were counted for the recently concluded Assembly elections, with attempts originating from both domestic and overseas…
AI is distorting the Holocaust (Lock and Code S07E10)
This week on the Lock and Code podcast, we speak with Clara Mansfeld about how AI-generated imagery is warping the history of the Holocaust. This article has been indexed from Malwarebytes Read the original article: AI is distorting the Holocaust…
Linus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable’
Multiple researchers using the same tools to find the same bugs are creating ‘unnecessary pain and pointless work’ This article has been indexed from www.theregister.com – Articles Read the original article: Linus Torvalds says AI-powered bug hunters have made Linux…
Closing the Gap: The Regulatory and Structural Maturation of Digital Assets
Digital assets are reshaping global finance as institutions adopt regulated crypto infrastructure, stablecoins, and tokenized assets. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: Closing the Gap: The Regulatory…
Debian 13.5 point release lands with security fixes, bug patches
Debian 13.5 is the fifth point release for the stable distribution “trixie.” The update folds in roughly 100 Debian Security Advisories and corrections for more than 130 source packages, covering everything from the Linux kernel and Apache HTTP Server to…
IT Security News Hourly Summary 2026-05-18 00h : 2 posts
2 posts were published in the last hour 21:58 : IT Security News Weekly Summary 20 21:55 : IT Security News Daily Summary 2026-05-17
IT Security News Weekly Summary 20
210 posts were published in the last hour 21:55 : IT Security News Daily Summary 2026-05-17 16:32 : Ubuntu DDoS Attack Disrupts Installs Updates and Canonical Infrastructure 16:32 : Quasar Linux Malware Targets Developers in Stealthy Supply Chain Attack 15:2…
IT Security News Daily Summary 2026-05-17
23 posts were published in the last hour 16:32 : Ubuntu DDoS Attack Disrupts Installs Updates and Canonical Infrastructure 16:32 : Quasar Linux Malware Targets Developers in Stealthy Supply Chain Attack 15:2 : NGINX CVE-2026-42945 Exploited in the Wild, Causing…
Ubuntu DDoS Attack Disrupts Installs Updates and Canonical Infrastructure
A wave of traffic overwhelmed systems, briefly halting downloads, patches, and web resources managed by Canonical – the team responsible for Ubuntu Linux. Outages stretched nearly twenty-four hours, blocking access to essential tools during the incident. Midway through the…
Quasar Linux Malware Targets Developers in Stealthy Supply Chain Attack
A newly discovered Linux implant called Quasar Linux, or QLNX, is a serious threat because it goes after the people and systems that build software. Instead of behaving like ordinary malware, it is designed to quietly take root in…
NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE
A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public disclosure, according to VulnCheck. The vulnerability, tracked as CVE-2026-42945 (CVSS score: 9.2), is a heap buffer overflow…