A Qilin ransomware affiliate is believed to be exploiting CVE-2026-50751, an authentication bypass vulnerability in Check Point VPN Remote Access and Mobile Access, the company announced on Monday. About CVE-2026-50751 Check Point Remote Access VPN enables and secures connections between…
Prompt Injection Remains Unsolved Architectural Problem
Prompt injection continues to pose a fundamental security challenge for AI systems that researchers have yet to solve at the architectural level, according to Ariel Fogel, an AI security researcher at Pillar Security who presented at Infosecurity Europe 2026. This…
VerdantBamboo Deploys BSD BRICKSTORM on Linux
Cybersecurity researchers at Volexity have identified a new campaign by the China-nexus threat group VerdantBamboo, which has adapted its toolset to target Linux and BSD systems with multiple malware families. This article has been indexed from CyberMaterial Read the original…
Meta AI Tool Flaw Exposed 20K+ Instagram Accounts
Meta disclosed that a critical flaw in its AI-assisted Instagram account recovery tool exposed more than 20,000 user accounts to takeover attacks over a seven-week period in 2026. This article has been indexed from CyberMaterial Read the original article: Meta…
Samsung One UI 9 Adds Lockdown Mode to Power Menu
Samsung has introduced a new security feature in the One UI 9 beta that places Lockdown mode directly in the power menu, making it more accessible to Galaxy phone users. This article has been indexed from CyberMaterial Read the original…
Open Source Community Unprepared for EU CRA Deadline
The open source community faces widespread unpreparedness for the European Union’s Cyber Resilience Act (CRA) deadline in December 2027, according to a new report from the Open Source Security Foundation (OpenSSF). This article has been indexed from CyberMaterial Read the…
Instagram Recovery Tool Bug Exposed 20,225 Accounts to Password Reset Abuse
Meta says an Instagram recovery tool bug allowed attackers to abuse password resets, affecting 20,225 accounts and exposing users without 2FA to account takeover risk. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More…
Google Fixes 429 Chrome Vulnerabilities, Including 22 Critical Bugs
Google has released Chrome 149 to the stable channel, addressing a significant batch of 429 security vulnerabilities across Windows, macOS, and Linux, including 22 critical flaws that could enable remote code execution, memory corruption, and sandbox escapes. The update, version…
RidgeBot 7.0 automates Active Directory attack simulations for security validation
Ridge Security has announced the release of RidgeBot 7.0, an update to its automated security validation platform that introduces automated Windows Active Directory penetration testing capabilities. The new version enables organizations to conduct end-to-end domain compromise simulations, helping security teams…
OWASP Unveils AI Security Report Highlighting New Tools for Security Teams
OWASP has released a new edition of its AI security report, “State of Agentic AI Security and Governance v2.01,” giving security teams a concrete playbook for defending autonomous AI agents and the expanding ecosystem of tools they rely on. Positioned…
UNC3753 Escalates: From Vishing Calls to Physical Office Intrusions at US Legal and Financial Firms
UNC3753 phones staff posing as IT, hijacks screen sessions, steals sensitive legal files, and now sends operatives physically into offices to plug in USB drives. Google Mandiant and the Google Threat Intelligence Group published a detailed report documenting an active…
Anthropic’s Project Glasswing Update
In April, Anthropic initated Project Glasswing. The idea was to let companies use their new model to find and fix vulnerabilities in their own software. It was a fantastic PR move, and so many press outlets have uncritically parroted Anthropic’s…
Pirated PC games are delivering password-stealing malware
Cybercriminals are hiding malware in cracked and repacked games, infecting more than 400,000 devices worldwide. This article has been indexed from Malwarebytes Read the original article: Pirated PC games are delivering password-stealing malware
174,000 Impacted by Lansing Community College Data Breach
Hackers accessed personal information stored on certain Lansing Community College systems in February 2025. The post 174,000 Impacted by Lansing Community College Data Breach appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: 174,000…
ConnectSecure’s Patch 360 gives MSPs control over patch testing and deployment
ConnectSecure has announced the launch of Patch 360, a patch management solution built for managed service providers (MSPs) to reduce deployment risk while accelerating vulnerability remediation. Patch management has long followed a “deploy-and-hope” model, with teams addressing critical issues only…
Internet Explorer WebBrowser Control Abuse Lets Attackers Convert Clicks Into RCE
Internet Explorer’s legacy WebBrowser control can be abused to turn seemingly harmless user clicks into full remote code execution (RCE), even on systems that no longer use Internet Explorer as a standalone browser. Although Microsoft officially ended support for IE,…
Security Advisory – Action Required – Active Exploitation of Check Point VPN Authentication Bypass (CVE-2026-50751)
Check Point Research has identified active exploitation of CVE-2026-50751, a critical authentication bypass vulnerability affecting Check Point Remote Access VPN and Mobile Access deployments configured to use the deprecated IKEv1 key exchange protocol. By exploiting a logic flaw in certificate…
Internet Explorer WebBrowser Control Attack Chain Turns Clicks Into RCE
Internet Explorer’s legacy WebBrowser control can still be abused to turn a single user click into full remote code execution (RCE) on Windows systems, even though the browser is officially retired. PT Security observed that by exploiting IE’s zone model,…
Silent Ransom Group Uses DNS Fast Flux in Attacks
Focusing on hacking law firms in the US, the ransomware group relies on fast flux to hide its C&C infrastructure. The post Silent Ransom Group Uses DNS Fast Flux in Attacks appeared first on SecurityWeek. This article has been indexed…
VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances
A China-nexus cyber espionage group has been observed deploying a BSD variant of a known backdoor called BRICKSTORM, as well as two other malware families codenamed PLENET (aka GRIMBOLT) and AGENTPSD to target Linux systems. The activity has been attributed…
Instagram Glitch Reportedly Exposed Contact Info of Zuckerberg and Other Users
Instagram glitch exposed Mark Zuckerberg’s email addresses and phone number, plus contact details of other top users, through a password reset flaw. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original…
China-Linked OP-512 Targets IIS Servers With Unique Web Shell Framework
A suspected China-linked espionage cluster dubbed OP-512 after rapidly correlating many low-fidelity events into a single high-priority incident that human analysts then validated. OP-512 compromised an Internet Information Services (IIS) server and deployed a custom web shell framework built to…
Meta AI Recovery Tool Flaw Exposed 20,000+ Instagram Accounts
A flaw in Meta’s AI-powered Instagram recovery tool exposed over 20,000 accounts, letting attackers reset passwords and take over profiles. Meta’s High Touch Support tool, known as HTS, was designed to help Instagram users recover locked accounts: you provide an…
CISA: Patch actively exploited SolarWinds Serv-U DoS vulnerability (CVE-2026-28318)
A vulnerability (CVE-2026-28318) that can be exploited to crash SolarWinds Serv-U file transfer servers is being leveraged by attackers in the wild, the US Cybersecurity and Infrastructure Security Agency (CISA) confirmed on Friday. The agency has ordered US federal civilian…