The security flaw allowed attackers to pull private container images, exposing source code, credentials, and infrastructure. The post Gitea Vulnerability Exposed 30,000 Deployments to Attacks appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
New Threat Actor Jinx-0164 Targets Crypto Developers on macOS
New actor Jinx-0164 hit crypto developers with fake recruiter lures and macOS malware This article has been indexed from www.infosecurity-magazine.com Read the original article: New Threat Actor Jinx-0164 Targets Crypto Developers on macOS
VaultJacking Attack Exposes Google Password Vaults via Single PIN
A newly disclosed phishing technique dubbed “VaultJacking” is raising serious concerns across the cybersecurity community after researchers demonstrated how a single captured Google Password Manager (GPM) PIN can expose an entire user credential vault. The attack shows that even passkeys…
Fake ChatGPT download site infects Windows and Mac users with malware
Searching for ChatGPT? This fake download site serves malware to both Windows and Mac users, using separate payloads tailored to each platform. This article has been indexed from Malwarebytes Read the original article: Fake ChatGPT download site infects Windows and…
2026 World Cup: Discussing The World’s Biggest Game’s Attack Surface
The 2026 World Cup presents major cyber risks from ransomware groups, state-aligned actors, and other groups targeting critical infrastructure. Learn more here. The post 2026 World Cup: Discussing The World’s Biggest Game’s Attack Surface appeared first on Unit 42. This…
AI-Generated npm Malware Leaks Hacker’s Private GitHub Token
A newly discovered malicious npm package is drawing attention across the cybersecurity community after inadvertently exposing its own operator’s private GitHub token. Identified by OX Security researchers, the package, named mouse5212-super-formatter, operates as an infostealer that silently exfiltrates sensitive files from…
Gitea Container Registry Vulnerability Could Lead to Private Image Exposure
A critical vulnerability, tracked as CVE-2026-27771, has been discovered in Gitea’s built-in container registry, allowing unauthenticated remote attackers to access private container images without credentials. This flaw poses a serious risk as it can expose sensitive application data, including source…
Top 10 Best Mobile Application Security Testing (MAST) Tools in 2026
As mobile usage continues to dominate the digital landscape, securing mobile applications has never been more critical. The year 2026 brings new challenges to the table: sophisticated AI-driven cyberattacks, complex vulnerabilities, and the rapid evolution of continuous integration workflows. For…
Scammers Are Using Your Real Hotel Reservations to Trick You With Spear-Phishing Attacks
Customer data from more than 350 hotels around the world may have been accessed as part of realistic reservation-hijacking scams. This article has been indexed from Security Latest Read the original article: Scammers Are Using Your Real Hotel Reservations to…
U.S. CISA adds LiteSpeed cPanel Plugin flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds LiteSpeed cPanel Plugin flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the LiteSpeed cPanel Plugin flaw CVE-2026-48172 to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2026-48172…
Microsoft’s new cloud PCs place AI agents under enterprise controls
Microsoft’s Windows 365 for Agents, a cloud PC platform for agentic workloads, runs AI agents in secure environments. Organizations can direct agents with natural language to interact with applications, browsers, files, and enterprise systems. The platform is available in public…
GCHQ Chief Urges Action as AI Reshapes Cyber Threats
GCHQ director urges urgent business cyber action as AI and quantum reshape the threat This article has been indexed from www.infosecurity-magazine.com Read the original article: GCHQ Chief Urges Action as AI Reshapes Cyber Threats
Infosecurity Europe: Cybersecurity Staff Prefer CISOs With Real Attack Response Experience, Study Reveals
ISC2 survey of cybersecurity professionals suggests that staff want their information security leaders to have experienced reacting to a significant cyber incident This article has been indexed from www.infosecurity-magazine.com Read the original article: Infosecurity Europe: Cybersecurity Staff Prefer CISOs With…
DICOM, Pydicom, GDCM, and Orthanc: A technical tour of what really happens in the heap
This white paper presents a concrete case study demonstrating the creation of a heap overflow vulnerability through the exploitation of the DICOM file format. This article has been indexed from Cisco Talos Blog Read the original article: DICOM, Pydicom, GDCM,…
Critical Notepad++ Flaw Could Enable Remote Code Execution Attacks
Notepad++ has released version 8.9.6.1 to address multiple security vulnerabilities, including critical flaws that could allow arbitrary code execution under specific conditions. The update, published on May 26, 2026, patches three vulnerabilities tracked as CVE-2026-48770, CVE-2026-48778, and CVE-2026-48800. These issues…
Critical Notepad++ Vulnerabilities Allow Attackers to Execute Arbitrary Code
Notepad++, one of the most widely used open-source text editors for Windows, has released an urgent security update addressing three vulnerabilities, including two arbitrary code execution flaws that could allow attackers to silently run malicious programs on a victim’s machine.…
IT Security News Hourly Summary 2026-05-28 12h : 6 posts
6 posts were published in the last hour 10:5 : Microsoft Warns Public Release of Zero-Day Details Before Vendor Coordination 10:4 : Veeam Backup & Replication Tool Vulnerability Enables Privilege Escalation Attacks 10:4 : Google Unveils AI Threat Defense Platform…
Microsoft Warns Public Release of Zero-Day Details Before Vendor Coordination
Microsoft has issued a strong warning after multiple zero-day vulnerabilities were publicly disclosed without prior coordination, raising concerns about increased risk to users and enterprise environments. The company stated that recent disclosures exposed critical security flaws before patches were available,…
Veeam Backup & Replication Tool Vulnerability Enables Privilege Escalation Attacks
Veeam has addressed a high-severity vulnerability in its Backup & Replication platform that could enable attackers to escalate privileges and gain deeper access to enterprise systems. The issue impacts Veeam Backup & Replication version 13.0.1.2067 and all earlier version 13…
Google Unveils AI Threat Defense Platform to Fight AI-Powered Cyberattacks
New AI Threat Defense platform combines capabilities from Mandiant, Wiz and Gemini to help customers fight AI with AI. The post Google Unveils AI Threat Defense Platform to Fight AI-Powered Cyberattacks appeared first on SecurityWeek. This article has been indexed…
A single typo could derail your World Cup plans
Cybercriminals are spoofing Fédération Internationale de Football Association (FIFA) websites ahead of the 2026 FIFA World Cup, the FBI warns. The attackers are registering lookalike domains with small spelling changes or different domain endings to impersonate FIFA websites and services.…
ClearFake Abuses BSC Testnet Contracts for Resilient C2 Operations
Threat actors behind the ClearFake campaign have adopted a novel and highly resilient command-and-control (C2) architecture by leveraging BNB Smart Chain (BSC) testnet smart contracts, creating an infrastructure that is effectively immune to traditional takedown efforts. Unlike conventional malware campaigns…
Oil shipments, drone makers, and a poisoned code library targeted in recent APT campaigns
Geopolitical pressure drove much of the state-sponsored cyber activity recorded between October 2025 and March 2026, according to ESET’s latest APT Activity Report. Espionage groups aligned with China, North Korea, Russia, and Iran adjusted their targets to match the economic…
JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware
A new campaign orchestrated by a previously undocumented threat actor has targeted cryptocurrency organizations with an aim to facilitate digital asset theft using recruitment-themed social engineering and bespoke macOS malware. “These campaigns leveraged sophisticated social engineering techniques, custom macOS malware,…