Security researchers at Theori have disclosed a high-severity local privilege escalation (LPE) vulnerability (CVE-2026-31431) in the Linux kernel. The flaw, nicknamed “Copy Fail”, has affected virtually every major Linux distribution shipped since 2017, and a working proof-of-concept (PoC) exploit is…
Met Police face criticism for using AI to spy on their own officers
London police officers have been warned by the Metropolitan Police Federation to watch their backs after the force deployed controversial AI software to investigate misconduct. The staff association, representing more than 30,000 officers in London, reported it had not been…
Vidar Rises to Top of Chaotic Infostealer Market
Vidar, a credential-stealing malware that has been active since 2018, has recently ascended to the top of the infostealer market. This article has been indexed from CyberMaterial Read the original article: Vidar Rises to Top of Chaotic Infostealer Market
PromptMink Malware Targets Crypto Trading Agents
A sophisticated malware campaign known as PromptMink has emerged, targeting the software development community, particularly those involved with autonomous crypto trading projects. This article has been indexed from CyberMaterial Read the original article: PromptMink Malware Targets Crypto Trading Agents
Feuding Ransomware Groups Leak Each Other’s Data
A recent feud between two ransomware groups, 0APT and KryBit, has led to the exposure of sensitive data from both parties. This article has been indexed from CyberMaterial Read the original article: Feuding Ransomware Groups Leak Each Other’s Data
Sandhills Medical Ransomware Breach
Sandhills Medical has recently disclosed a significant data breach that occurred nearly a year ago, affecting approximately 170,000 individuals. This article has been indexed from CyberMaterial Read the original article: Sandhills Medical Ransomware Breach
OpenAI Cyber Defense Roadmap Released
OpenAI has unveiled a new cyber defense roadmap titled ‘Cybersecurity in the Intelligence Age’, aimed at equipping security professionals with AI-powered tools to stay ahead of cyber threats. This article has been indexed from CyberMaterial Read the original article: OpenAI…
Nearly half of UK businesses pwned last year as phishing keeps doing the job like it’s 2005
Turns out the real problem is not AI but staff still clicking on dodgy emails from ‘IT support’ Nearly half of UK businesses are still getting breached, and in many cases, the attacker’s big breakthrough is an employee clicking “sure,…
EnOcean SmartServer Flaws Expose Buildings to Remote Hacking
Claroty researchers discovered two vulnerabilities that can be exploited for security bypass and remote code execution. The post EnOcean SmartServer Flaws Expose Buildings to Remote Hacking appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Benchmarking AI Pentesting Tools: A Practical Comparison
We benchmarked 4 AI pentesting tools: Escape, Shannon, Strix, PentAGI, and Claude against a modern vulnerable application. Learn more about their detection rates, false positive rates, and scanning speed. The post Benchmarking AI Pentesting Tools: A Practical Comparison appeared first…
What type of ‘C2 on a sleep cycle’ do they leave behind? Novel Chinese spy group found in critical networks in Poland, Asia
Just in time for the Trump-Xi summit Exclusive A novel China-linked threat group infiltrated more than a dozen critical networks in Poland, Asian countries, and possibly beyond, beginning in December 2024 and with activity uncovered as recently as this month.……
Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months
The authentication bypass flaw allows attackers to gain administrative access to vulnerable servers. The post Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
Hackers Use Hidden QEMU Linux VMs to Evade Windows Security and Launch Stealth Attacks
Cybersecurity experts have uncovered a stealthy tactic where attackers bypass Windows defenses by running concealed Linux virtual machines using QEMU. Researchers warn that these hidden environments allow threat actors to maintain persistent access, steal sensitive data, and even deploy…
OpenAI Unveils Cyber Defense Roadmap Focused on AI-Powered Security
OpenAI has released a comprehensive cyber defense roadmap titled “Cybersecurity in the Intelligence Age” to responsibly equip defenders with AI-powered security tools faster than malicious actors can adapt. Spearheaded by Sasha Baker in April 2026, the action plan outlines five…
PoC Disclosed for Critical Root ASUSTOR ADM RCE Flaw
A critical vulnerability, tracked as CVE-2026-6644, has been uncovered in ASUSTOR’s ADM (ASUSTOR Data Master) operating system. Specifically, the flaw exists within the PPTP VPN Client feature. Carrying a CVSS v4.0 score of 9.4, this OS command injection vulnerability allows…
Fast16 Malware
Researchers have reverse-engineered a piece of malware named Fast16. It’s almost certainly state-sponsored, probably US in origin, and was deployed against Iran years before Stuxnet: “…the Fast16 malware was designed to carry out the most subtle form of sabotage ever…
Bug of the year (so far): Nasty cPanel vulnerability probably exploited as a 0-day
Emergency patches out now for those managing the millions of domains assumed to be affected Emergency patches are available for a critical vulnerability in cPanel and WHM that allows attackers to bypass authentication and gain root access to servers managed…
‘Copy Fail’ Logic Flaw in Linux Kernel Enables System Takeover
Affecting the kernel’s authencesn cryptographic template, the vulnerability was introduced in 2017 and impacts all distributions. The post ‘Copy Fail’ Logic Flaw in Linux Kernel Enables System Takeover appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Australian Regulator Warns Banks Over AI Risks
Australian financial stability regulator warns financial organisations need to do more to keep up with risks from advanced AI tools This article has been indexed from Silicon UK Read the original article: Australian Regulator Warns Banks Over AI Risks
Exposed Data Illustrates the Nightmare Scenario for a Stalkerware Victim
Extremely sensitive personal data from a European celebrity that appears to have been compiled using spyware was publicly accessible until a researcher flagged the exposure. This article has been indexed from Security Latest Read the original article: Exposed Data Illustrates…
Meta accused of violating DSA by failing to safeguard minors
The European Commission accuses Meta of failing to protect children, allowing users under 13 on Instagram and Facebook, in breach of the DSA rules. The European Commission has accused Meta of violating child safety rules. Instagram and Facebook allegedly failed…
CVE MCP Server Turns Claude Into a Fully Capable Security Analyst With 27 Tools Across 21 APIs
A new open-source project called CVE MCP Server is redefining how security teams triage vulnerabilities, transforming Anthropic’s Claude AI into a fully capable security analyst by giving it direct, correlated access to 27 intelligence tools spanning 21 external APIs all…
OpenAI Releases 5-Point Action Plan to Strengthen AI-Powered Cyber Defense
OpenAI has published a comprehensive cybersecurity action plan titled “Cybersecurity in the Intelligence Age: An Action Plan for Democratizing AI-Powered Cyber Defense,” outlining a five-pillar strategy to equip trusted defenders with advanced AI capabilities while preventing adversarial misuse. Artificial intelligence…
Europol Busts Albanian Scam Call Centers in Major Online Fraud Case
European police arrested 10 suspects after dismantling Albanian scam call centers linked to a €50m ($58m) online investment fraud operation This article has been indexed from www.infosecurity-magazine.com Read the original article: Europol Busts Albanian Scam Call Centers in Major Online…