Apple and Google have begun rolling out end-to-end encrypted Rich Communication Services (RCS) messaging in beta, marking a significant shift in cross-platform mobile security. This article has been indexed from CyberMaterial Read the original article: Apple, Google enable E2EE RCS…
California Settles $12.75M CCPA Case Against GM
General Motors has agreed to pay $12.75 million to settle allegations that it illegally collected and sold personal data from California drivers without proper consent, in what California Attorney General Rob Bonta calls the largest penalty under the California Consumer…
Open WebUI File Upload Vulnerability Enables 1-Click RCE Attack
A critical, unpatched vulnerability is actively threatening Open WebUI users, turning a simple profile picture upload into a gateway for complete system compromise. Security researchers have publicly disclosed a severe stored Cross-Site Scripting (XSS) flaw that enables 1-click Remote Code…
Hackers Hijack Microsoft Teams Accounts to Spread ModeloRAT Malware
Hackers are now abusing hijacked Microsoft Teams accounts and fake IT helpdesk chats to push a new, undocumented version of the Python‑based ModeloRAT into corporate environments. Instead, they use compromised or newly created Microsoft Teams accounts that impersonate internal IT…
Copy.Fail Linux Vulnerability
This is the worst Linux vulnerability in years. TL;DR copy.fail is a Linux kernel local privilege escalation, not a browser or clipboard attack. Disclosed by Theori on 29 April 2026 with a working PoC. It abuses the kernel crypto API…
WorkNest Launches WorkNest Secure to Expand Cybersecurity and Compliance Services
WorkNest Secure has launched a new cybersecurity and compliance division aimed at helping organizations strengthen security, manage risk, and meet growing regulatory demands. The new division, called WorkNest Secure, brings together the cyber, information security, and data protection capabilities of…
Claude’s Chrome Extension Vulnerability Allows Malicious Extensions to Steal Gmail and Drive Data
Researchers have exposed a catastrophic vulnerability hiding inside the “Claude in Chrome” extension. By weaponizing an otherwise harmless, zero-permission extension, invisible attackers can completely hijack the trusted AI assistant. Transform it into a malicious puppet that silently pillages private Gmail…
MistralAI PyPI Package Compromised to Inject Malicious Code – Microsoft Warns
A popular AI development library has been turned into a weapon. The mistralai PyPI package, version 2.4.6, was found to contain malicious code secretly injected by attackers, putting developers and organizations worldwide at serious risk. The compromise affects anyone who…
Claude Mythos Finds Only One Curl Vulnerability; Experts Divided on What It Really Means
Curl’s lead developer says Mythos claims are marketing, but many in the industry believe the results stem from Curl’s robust security. The post Claude Mythos Finds Only One Curl Vulnerability; Experts Divided on What It Really Means appeared first on…
Six new dnsmasq vulnerabilities open the door to DNS cache poisoning, local root
Recent disclosures have revealed that open-source networking tool dnsmasq is grappling with a serious set of vulnerabilities. The problems span memory safety and input validation, with researchers identifying heap buffer overflows, heap corruption, and code execution bugs among the issues.…
Citrix moves secure access to a flexible, credit-based consumption model
Citrix has introduced Citrix Platform Flex, a secure access platform that combines software, management, and infrastructure to deliver managed desktops, enterprise browsing, and zero-trust access in a single offering. Built around workforce personas, Platform Flex replaces one-size-fits-all licensing with a…
Why Agentic AI Is Security’s Next Blind Spot
Agentic AI is already running in production environments across many organizations today. It is executing tasks, consuming data, and taking actions — most likely without meaningful involvement from the security team. The industry conversation has largely framed this as a…
AI Will Absorb 99.98% of SOC Triage Within a Year, as 79% of IT teams brace for AI-driven workload shift
COPENHAGEN, DENMARK, 12 May 2026 — Heimdal’s managed SOC processes three million alerts a month. In the year ahead, fewer than 500 of those, less than 0.02%, are expected to need a human analyst. That’s the forecast from Heimdal founder…
Is The SOC Obsolete, And We Just Haven’t Admitted It Yet?
Many AI-first enterprises have already embraced sovereign architectures for general AI initiatives; cybersecurity—and the SOC—should be next. The post Is The SOC Obsolete, And We Just Haven’t Admitted It Yet? appeared first on SecurityWeek. This article has been indexed from…
WannaCry, the ransomware attack that changed the history of cybersecurity
WannaCry showed how unpatched flaws and leaked cyber tools can cripple global systems, reshaping cybersecurity defenses worldwide. In memory of the day the digital world was shaken, but learned to fight back. The WannaCry ransomware attack represents one of the…
TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack
Over 400 malicious versions of 170 packages were published as part of the new Mini Shai-Hulud campaign. The post TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Škoda confirms unauthorized access to its online shop
Car manufacturer Škoda discovered that attackers had exploited a vulnerability in its online shop software and gained temporary unauthorized access to the system. What happened? After discovering the incident, the company took the shop offline as a precautionary measure, fixed…
IT Security News Hourly Summary 2026-05-12 12h : 11 posts
11 posts were published in the last hour 10:3 : State-sponsored actors, better known as the friends you don’t want 10:3 : North Korea Hackers Abuse Git Hooks to Deploy Cross-Platform Malware 10:3 : 1 in 8 employees have sold…
State-sponsored actors, better known as the friends you don’t want
Responding to a state-sponsored threat is nothing like responding to ransomware, and the differences can make or break the outcome. Learn why your IR plan might need revisiting, and the factors you should consider. This article has been indexed from Cisco Talos Blog…
North Korea Hackers Abuse Git Hooks to Deploy Cross-Platform Malware
North Korean threat actors have introduced a stealthy new delivery mechanism in their ongoing “Contagious Interview” campaign, shifting tactics to abuse Git hooks for malware execution. The attack begins with a familiar social engineering lure. Victims, often developers targeted through…
1 in 8 employees have sold company logins or know someone who has
Cifas just published research that should bother anyone who runs a business, or buys from one. This article has been indexed from Malwarebytes Read the original article: 1 in 8 employees have sold company logins or know someone who has
Apple, Google drag cross-platform texting into the encrypted age
After years of stopping dead at the green bubble border, iPhone and Android users can finally send E2EE messages without relying on third-party apps This article has been indexed from www.theregister.com – Articles Read the original article: Apple, Google drag…
Cline AI Agent Flaw Allows Attackers to Launch RCE Attacks
A critical security vulnerability in the Cline AI coding assistant’s kanban package exposes developers to remote code execution, data theft, and denial-of-service attacks by simply visiting a malicious website. Security researcher Sagilayani disclosed CVE-2026-44211 on GitHub four days ago, revealing…
Cushman & Wakefield – 310,431 breached accounts
In May 2026, the real estate services firm Cushman & Wakefield was the target of a “pay or leak” extortion campaign by the ShinyHunters group. Following the threat, the group publicly published data they alleged had been obtained from the…