A newly analyzed ransomware strain, “The Gentlemen,” is raising concern among security researchers due to its ability to combine strong encryption with aggressive lateral movement. What makes this threat particularly dangerous is its use of SYSTEM-level scheduled tasks to encrypt…
Securing and Governing AI Agents At Scale Through A Unified AI Gateway
Palo Alto Networks acquires Portkey, integrating its AI Gateway into Prisma AIRS. Get the unified control plane to securely govern and operationalize autonomous AI agents. The post Securing and Governing AI Agents At Scale Through A Unified AI Gateway appeared…
IT Security News Hourly Summary 2026-05-29 15h : 16 posts
16 posts were published in the last hour 13:3 : Oracle Critical Security Update – Patch for 35 New Vulnerabilities Across Products 13:2 : Legitimate-Looking Codex Remote UI Steals OpenAI Codex Authentication Tokens 13:2 : Hackers Use Fake Adobe Document…
Oracle Critical Security Update – Patch for 35 New Vulnerabilities Across Products
Oracle has rolled out its first Critical Security Patch Update (CSPU), delivering 35 new security fixes for serious vulnerabilities across several major product lines, including Oracle Database, Oracle REST Data Services, Oracle Communications Unified Assurance, Oracle E‑Business Suite, and Oracle…
Legitimate-Looking Codex Remote UI Steals OpenAI Codex Authentication Tokens
A polished, fully functional npm package has been caught secretly stealing OpenAI Codex authentication tokens from developers who trusted it. The package, named codexui-android, presented itself as a remote web UI for OpenAI Codex with no obvious signs of being…
Hackers Use Fake Adobe Document Cloud Pages to Deliver ScreenConnect Malware
A sophisticated phishing campaign is actively targeting financial organizations by using fake Adobe Document Cloud pages to silently install ScreenConnect remote access malware on victim machines. The operation is well-structured, deceptive, and difficult to detect because it blends into everyday…
Dutch cops wrest 17M devices from mystery botnet’s clutches
Hosting provider pulled the plug after police traced 200 servers to the Netherlands This article has been indexed from www.theregister.com – Articles Read the original article: Dutch cops wrest 17M devices from mystery botnet’s clutches
Gogs Zero-Day Exposes Servers to Remote Code Execution
The critical-severity issue, assigned a CVSS score of 9.4, is an argument injection flaw that can be exploited by authenticated attackers via pull requests with malicious branch names. The post Gogs Zero-Day Exposes Servers to Remote Code Execution appeared first…
Silent Ransom Group Uses In-Person IT Impersonation to Breach Systems
Threat actors from the Silent Ransom Group, aka Luna Moth, are escalating attacks by impersonating IT staff in phone calls and even showing up in person to gain direct access to victim systems This article has been indexed from www.infosecurity-magazine.com…
CyCOS Expands UK SME Cybersecurity Support
A UK pilot program designed to provide peer-led cybersecurity support to small and medium enterprises is preparing for significant expansion. This article has been indexed from CyberMaterial Read the original article: CyCOS Expands UK SME Cybersecurity Support
JINX-0164 Uses LinkedIn Lures to Deploy Custom macOS Malware
A newly identified threat actor tracked as JINX-0164 is targeting cryptocurrency organizations through sophisticated LinkedIn-based social engineering campaigns. The financially motivated group has been active since at least mid-2025. It is leveraging custom macOS malware, credential theft, and CI/CD pipeline…
DIL Observatory: when the World Escalates, the Underground Responds
Digital Intelligence Lab (DIL) launches an observatory for reading cyber events as what they actually are: signals of a broader social and geopolitical reality. The timing rarely lies, and the connection between real-world events and cyber activity is no longer…
Signal users targeted in backup-stealing phishing attacks
Cybercriminals are impersonating Signal Support to steal backup recovery keys, giving them access to victims’ entire message archives. This article has been indexed from Malwarebytes Read the original article: Signal users targeted in backup-stealing phishing attacks
New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks
A previously undocumented threat actor dubbed GREYVIBE has been attributed to ongoing and persistent attacks targeting Ukraine and Ukraine-related entities since at least August 2025. GREYVIBE, per WithSecure, is assessed to be a Russian-speaking group operating broadly in the Russian…
Typosquatted npm Packages Steal Cloud Secrets
A supply chain attack targeting the npm ecosystem has been discovered, with malicious actors deploying typosquatted packages designed to steal sensitive credentials from developers. This article has been indexed from CyberMaterial Read the original article: Typosquatted npm Packages Steal Cloud…
Trusted Dev Tools Abused in Supply Chain Attacks
Cybersecurity authorities are warning of an escalating threat to software development environments as attackers increasingly abuse trusted developer tools to breach supply chains. This article has been indexed from CyberMaterial Read the original article: Trusted Dev Tools Abused in Supply…
Iranian Hackers Hit LA Transit Network
A cyberattack that disrupted Los Angeles public transit systems in March 2024 has been linked to Iranian intelligence services, according to research published by Tel Aviv-based cybersecurity firm Gambit Security. This article has been indexed from CyberMaterial Read the original…
Email Deliverability Tools Market Growth
Email deliverability has become a critical infrastructure challenge as global inbox placement rates fell to 83.5% in 2024, according to Validity’s annual benchmark. This article has been indexed from CyberMaterial Read the original article: Email Deliverability Tools Market Growth
Google engineer charged with insider trading
Federal authorities have charged a Google security engineer with insider trading after the individual allegedly used confidential company information to win approximately $1.2 million on Polymarket, a decentralized prediction market platform that operates using cryptocurrency. This article has been indexed…
GREYVIBE Threat Actors Use ChatGPT and Google Gemini to Scale Cyberattack Operations
Threat actors are increasingly turning to generative AI tools such as ChatGPT and Google Gemini to accelerate cyberattack operations, lowering technical barriers and reshaping modern threat landscapes. A recent report by WithSecure highlights a Russia-linked threat group, tracked as GREYVIBE,…
Russia-linked threat group put ChatGPT to work from lure to payload
Researchers say ‘GREYVIBE’ crew used AI tools throughout a campaign targeting Ukrainian military and government This article has been indexed from www.theregister.com – Articles Read the original article: Russia-linked threat group put ChatGPT to work from lure to payload
ChatGPT blindly trusts browser content, turning the page into a payload
You and me go ChatGPhish-ing in the dark This article has been indexed from www.theregister.com – Articles Read the original article: ChatGPT blindly trusts browser content, turning the page into a payload
New infostealer reaches enterprise devices through FortiClient EMS vulnerability
Attackers are delivering a broad-spectrum infostealer to enterprise computers by exploiting a known vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS). “The [malicious] payload was presented as a Fortinet endpoint update and executed through FortiClient-managed VPN scripting workflows,” Arctic Wold…
Malicious NuGet Package Disguised as Sicoob SDK Exfiltrates Banking Passwords
A newly discovered malicious NuGet package disguised as a legitimate Sicoob software development kit (SDK) has been caught exfiltrating sensitive banking credentials, highlighting a dangerous evolution in software supply chain attacks. Security researchers from Socket revealed that the package, published…