AttackFeed by Joe Wagner

An anonymous cybersecurity researcher who disclosed three Microsoft Defender vulnerabilities has returned with two more zero-days involving a BitLocker bypass and a privilege escalation impacting Windows Collaborative Translation Framework (CTFMON). The security defects have been codenamed YellowKey and GreenPlasma, respectively, by the researcher, who goes by the online aliases Chaotic Eclipse  – Read More  – … Read More “Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation  – The Hacker News” »

Pay up, or we’ll pay someone to pay you a visit. Cybercrime gangs are increasingly turning to real-world threats – and even hiring local muscle to deliver the message. Read more in my article on the Hot for Security blog.  – Read More  – GRAHAM CLULEY 

Details have emerged about a new variant of the recent Dirty Frag Linux local privilege escalation (LPE) vulnerability that allows local attackers to gain root access, making it the third such bug to be identified in the kernel within a span of two weeks. Codenamed Fragnesia, the security vulnerability is tracked as CVE-2026-46300 (CVSS score: … Read More “New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption  – The Hacker News” »

Welcome to Day One of Pwn2Own Berlin 2026! Today, 22 entries take the Pwn2Own stage to target AI Databases, Coding Agents, Local Inferences, and a separate category for NVIDIA products, as the world’s top security researchers push technology to its limits. Exploits, surprises, and breakthrough discoveries are unfolding. Follow the action live! We’ll be posting … Read More “Pwn2Own Berlin 2026 – Day One Results  – Zero Day Initiative – Blog” »

Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open, including a critical flaw that remained undetected for 18 years. The vulnerability, discovered by depthfirst, is a heap buffer overflow issue impacting ngx_http_rewrite_module (CVE-2026-42945, CVSS v4 score: 9.2) that could allow an attacker to achieve remote code execution or cause a  – … Read More “18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE  – The Hacker News” »

TeamPCP claims to be selling alleged Mistral AI repositories on a hacker forum after the Mini Shai-Hulud attack targeted npm and PyPI ecosystems.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Welcome to the largest educational data breach in history – affecting nearly 9,000 institutions, every Ivy League university, and 30 million students mid-finals. When Canvas’s parent company refused to pay and announced they had deployed “security patches” instead, the hackers were less than impressed. So they came back through the cat flap. Meanwhile, a famous … Read More “Smashing Security podcast #467: How ShinyHunters hacked the world’s biggest universities  – GRAHAM CLULEY” »

Instructure has reached an agreement with the ShinyHunters group to return and destroy stolen Canvas data, protecting millions of student records from a public leak.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

The House Homeland Security Committee is digging into Anthropic’s AI model Mythos in a series of briefings and hearings, as questions proliferate on whether and how the federal government will make use of the technology touted for its ability to autonomously uncover cyber vulnerabilities. Wednesday brought a closed-door briefing for the House Homeland Security Committee … Read More “Closed briefing sets stage for House hearing on Anthropic’s Mythos and cyber risks  – CyberScoop” »

Two of the most advanced artificial intelligence models — Anthropic’s Claude Mythos Preview and OpenAI’s GPT-5.5 — have significantly surpassed the already-accelerating pace at which AI systems are completing autonomous cybersecurity tasks, according to separate findings published Wednesday by the United Kingdom’s AI Security Institute (AISI) and Palo Alto Networks. The AISI, which conducts pre-deployment … Read More “Researchers say AI just broke every benchmark for autonomous cyber capability  – CyberScoop” »

The Trump administration released a legal opinion outlining the legal rationale behind its nationwide voter data collection efforts, justifying  an aggressive federal role in vetting voter eligibility, a position courts have repeatedly rejected in related litigation. The memo, released Tuesday by the Department of Justice Office of Legal Counsel, concedes that while election administration is … Read More “DOJ releases legal rationale for nationwide voter data collection  – CyberScoop” »

The Trump administration released a legal opinion outlining the legal rationale behind its nationwide voter data collection efforts, justifying  an aggressive federal role in vetting voter eligibility, a position courts have repeatedly rejected in related litigation. The memo, released Tuesday by the Department of Justice Office of Legal Counsel, concedes that while election administration is … Read More “DOJ releases legal rationale for nationwide voter data collection  – CyberScoop” »

Today’s enterprise executives are navigating a complex landscape of AI-driven challenges, but none is more urgent than the rapid escalation of AI-generated fraud. Fraudsters are weaponizing generative AI to automate impersonation and mass-produce synthetic identities at a scale and pace that is rendering enterprises’ long-standing defenses obsolete. This is no longer a slow-moving game of … Read More “Weaponized AI: The new frontier of fraud and identity spoofing  – CyberScoop” »

Research reveals that TeamPCP hijacked OIDC tokens to poison hundreds of TanStack, Mistral AI, and UiPath packages with the self-propagating Mini Shai-Hulud worm.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Willkommen! (Welcome!) Pwn2Own Berlin 2026 has arrived at OffensiveCon, and the world’s top security researchers are ready. This year’s enterprise-focused competition features AI Databases, Coding Agents, Local Inferences, and a separate category for NVIDIA products. Earlier today, we held the random draw to determine attempt order. Below is the official schedule. All times are Berlin … Read More “Pwn2Own Berlin 2026: The Full Schedule  – Zero Day Initiative – Blog” »

OpenAI has unveiled Daybreak, a cybersecurity initiative that combines the company’s large language models with its Codex agentic framework to help organizations identify, patch, and validate software vulnerabilities across the development lifecycle. The platform is built around three model tiers: GPT-5.5 for general-purpose use, GPT-5.5 with Trusted Access for Cyber for verified defensive security workflows, … Read More “Daybreak is OpenAI’s answer to the AI arms race in cybersecurity  – CyberScoop” »

A Slovakian administrator tied to the dark web Kingdom Market received a 16 year US prison sentence for drug trafficking and cybercrime activity.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

A threat actor with affiliations to China has been linked to a “multi-wave intrusion” targeting an unnamed Azerbaijani oil and gas company between late December 2025 and late February 2026, marking an expansion of its targeting. The activity has been attributed by Bitdefender with moderate-to-high confidence to a hacking group known as FamousSparrow (aka UAT-9244), … Read More “Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation  – The Hacker News” »

Microsoft has unveiled a new multi-model artificial intelligence (AI)-driven system called MDASH to facilitate vulnerability discovery and remediation at scale, adding that it’s being tested by some customers as part of a limited private preview. MDASH, short for multi-model agentic scanning harness, is designed as a model-agnostic system that uses bespoke AI agents for different … Read More “Microsoft’s MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday  – The Hacker News” »

Microsoft on Tuesday released patches for 138 security vulnerabilities spanning its product portfolio, although none of them have been listed as publicly known or under active attack. Of the 138 flaws, 30 are rated Critical, 104 are rated Important, three are rated Moderate, and one is rated Low in severity. As many as 61 vulnerabilities … Read More “Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws  – The Hacker News” »

Security teams have never had better visibility into their environments and never been worse at confirming what they fix stays fixed. Mandiant’s M-Trends 2026 report puts the mean time to exploit at an estimated negative seven days. The Verizon 2025 DBIR puts median time to remediate edge device vulnerabilities at 32 days. These numbers have … Read More “Most Remediation Programs Never Confirm the Fix Actually Worked  – The Hacker News” »

TL;DR: Stop chasing thousands of “toast” alerts. Join experts from Wiz and Okta/GitLab to learn how hackers connect tiny flaws to build a “Lethal Chain” to your data—and how to break it. Register for the Strategic Briefing Here. Most security tools work like a smoke alarm that goes off every time you burn a piece … Read More “[Webinar] Why Your AppSec Tools Miss the “Lethal Path” (and How to Fix It)  – The Hacker News” »

Canadian telecom providers face mounting cyber threats from ransomware, SIM swapping, data breaches, and nation-state attacks targeting critical infrastructure.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Cybersecurity researchers are calling attention to a new campaign dubbed GemStuffer that has targeted the RubyGems repository with more than 150 gems that use the registry as a data exfiltration channel rather than for malware distribution. “The packages do not appear designed for mass developer compromise,” Socket said. “Many have little or no download activity, … Read More “GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data  – The Hacker News” »

Google on Tuesday unveiled a new opt-in Android feature called Intrusion Logging for storing forensic logs to better analyze sophisticated spyware attacks. Intrusion Logging, available as part of Advanced Protection Mode, enables “persistent and privacy-preserving forensics logging to allow for investigation of devices in the event of a suspected compromise,” the company said. The feature, … Read More “Android Adds Intrusion Logging for Sophisticated Spyware Forensics  – The Hacker News” »

ShinyHunters says its shinyhunte.rs domain was suspended after the Canvas LMS attacks, forcing the group to move fully to its dark web (.onion) site.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

A rapidly spreading malware campaign has infected hundreds of software packages across major open-source registries, embedding credential-stealing code into development tools downloaded millions of times a week. The attack, referred to as “mini Shai-Hulud,” targeted prominent software libraries, including TanStack, UiPath, and MistralAI. TanStack’s React Router package alone accounts for more than 12 million weekly … Read More “‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack  – CyberScoop” »

Microsoft addressed another triple-digit batch of vulnerabilities cutting across its various enterprise products, components and underlying systems. Yet despite the high number of defects, the vendor reported no actively exploited zero-days in this month’s Patch Tuesday update. Thirteen of the 137 vulnerabilities Microsoft disclosed were assigned critical CVSS ratings, including a pair of vulnerabilities affecting … Read More “Microsoft addresses 137 vulnerabilities in May’s Patch Tuesday, including 13 rated critical  – CyberScoop” »

A group of international government agencies released guidance Tuesday on what they believe any artificial intelligence “ingredients list” tool should include to make AI more secure. The concept of such a list, known as a “software bill of materials (SBOM),” is to know everything that goes into a particular piece of software so that any … Read More “Major world economies spell out key elements of AI ‘ingredients list’  – CyberScoop” »

Researchers at Ontinue have discovered an undocumented malware campaign targeting developers with fake Claude Code installers to steal browser passwords and cookies.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

I’m currently in Berlin helping set up for Pwn2Own Berlin, but that doesn’t stop Patch Tuesday from coming, and it’s another big one. At least nothing is listed as being in the wild – for now. Take a break from your regularly scheduled activities and let’s take a look at the latest security patches from … Read More “The May 2026 Security Update Review  – Zero Day Initiative – Blog” »

Pwn2Own Berlin 2026 reportedly reached full capacity for the first time, prompting rejected researchers to publicly disclose zero-day exploits targeting Firefox, NVIDIA, and AI platforms.  – Read More  – Hackread – Cybersecurity News, Data Breaches, AI and More 

Exim has released security updates to address a severe security issue affecting certain configurations that could enable memory corruption and potential code execution. Exim is an open-source Mail Transfer Agent (MTA) designed for Unix-like systems to receive, route, and deliver email. The vulnerability, tracked as CVE-2026-45185, aka Dead.Letter, has been described as a use-after-free  – … Read More “New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution  – The Hacker News” »

RubyGems, the standard package manager for the Ruby programming language, has temporarily paused account sign ups following what has been described as a “major malicious attack.” “We’re dealing with a major malicious attack on Ruby Gems right now,” Maciej Mensfeld, senior product manager for software supply chain security at Mend.io, said in a post on … Read More “RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded  – The Hacker News” »

Google launched a feature for Android phones Tuesday for dedicated forensic logs about intrusions from sophisticated attacks like those by spyware vendors, in what design partners at Amnesty International hailed as an important first. The tech giant has been ramping up the new feature, Intrusion Logging, since last year, and has now begun rolling it … Read More “Google and Amnesty International teamed up to make it harder for spyware vendors to hide  – CyberScoop” »