Cybersecurity News from Across the Internet
When patching isn’t fast enough, NDR helps contain the next era of threats. If you’ve been tracking advancements in AI, you know the exploit window, the short buffer that organizations relied on to patch and protect after a vulnerability disclosure, is closing fast. Anthropic’s new model, Claude Mythos, and its Project Glasswing, showed that finding … Read More “After Mythos: New Playbooks For a Zero-Window Era – The Hacker News” »
A Chinese national accused of being a member of the Silk Typhoon hacking group has been extradited to the U.S. from Italy. Xu Zewei, 34, was arrested in July 2025 by Italian authorities for his alleged links to the Chinese state-sponsored threat group and for orchestrating cyber attacks against American organizations and government agencies between … Read More “Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks – The Hacker News” »
A 21-year-old man suspected of conducting approximately 100 data breaches since late 2025 – including a hack of the French Ministry of National Education that exposed records on almost a quarter of a million employees – has been arrested at his home in western France. Read more in my article on the Hot for Security … Read More “French police arrest 21-year-old “HexDex” hacker over 100 alleged data breaches – GRAHAM CLULEY” »
Arctic Wolf attributed this large-scale spear-phishing campaign to BlueNoroff, a financially motivated subgroup of the Lazarus Group – Read More –
The National Cyber Security Centre has warned against measuring SOCs with ticket-based metrics – Read More –
Microsoft on Monday revised its advisory for a now-patched, high-severity security flaw impacting Windows Shell to acknowledge that it has been actively exploited in the wild. The vulnerability in question is CVE-2026-32202 (CVSS score: 4.3), a spoofing vulnerability that could allow an attacker to access sensitive information. It was addressed as part of its Patch … Read More “Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202 – The Hacker News” »
An administrative role meant for artificial intelligence (AI) agents within Microsoft Entra ID could enable privilege escalation and identity takeover attacks, according to new findings from Silverfort. Agent ID Administrator is a privileged built-in role introduced by Microsoft as part of its agent identity platform to handle all aspects of an AI agent’s identity lifecycle … Read More “Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover – The Hacker News” »
U.S. states issued $3.45 billion in privacy-related fines to companies in 2025, a total larger than the last five years combined, according to research and advisory firm Gartner. The increase is partly driven in part by stronger, more established privacy laws in states like California, new interstate partnerships built around enforcing laws across state lines, … Read More “U.S. companies hit with record fines for privacy in 2025 – CyberScoop” »
The cybersecurity landscape is approaching a structural shift. Encryption has traditionally been based on computational infeasible mathematical problems that… The post Post-Quantum HSM: protect keys now appeared first on JISA Softech Pvt Ltd. – Read More – JISA Softech Pvt Ltd
A Chinese national allegedly involved in a massive, pandemic-era attack spree that compromised nearly 13,000 U.S. organizations was extradited from Italy to the United States and formally charged in federal court, the Justice Department said Monday. Xu Zewei and his co-conspirators are accused of exploiting a string of zero-day vulnerabilities in Microsoft Exchange Server to … Read More “Chinese national extradited to US for pandemic-era Silk Typhoon attacks – CyberScoop” »
Supreme Court justices lobbed sharp questions at both sides about the constitutionality of geofence warrants during oral arguments Monday in a case that could have broader implications for law enforcement collection of Americans’ data. Chatrie v. The United States stems from the 2019 conviction of Okello Chatrie in a bank robbery, where authorities obtained location … Read More “Supreme Court justices skeptically question both sides in geofence surveillance case – CyberScoop” »
LayerX research finds 82 Chrome extensions collecting and selling user data, affecting at least 6.5 million users through disclosed but concerning practices. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
ShinyHunters has leaked data linked to Udemy, Zara, and 7-Eleven, with claims of exposed Salesforce records and cloud-based systems. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
A bipartisan pair of senators want a company that operates a tip line for anonymously reporting school safety concerns to answer questions about hackers compromising sensitive student information. Sens. Maggie Hassan, D-N.H., and Jim Banks, R-Ind., announced on Monday they’d sent a letter to the firm, Navigate360, about last month’s incident. “We write to express … Read More “Senators seek answers about hackers obtaining sensitive student data from ostensibly anonymous tip line – CyberScoop” »
Everything is dumb again. This week feels broken in a very familiar way. Old tricks are back. New tools are doing shady crap. Supply chains got hit. Fake help desks worked. Weird research showed how easy some attacks still are. Most of it feels like stuff we should have fixed years ago. Bad extensions. Stolen … Read More “⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More – The Hacker News” »
Checkmarx has disclosed that its ongoing investigation tied to the supply chain security incident has revealed that a cybercriminal group published data related to the company on the dark web. “Based on current evidence, we believe this data originated from Checkmarx’s GitHub repository, and that access to that repository was facilitated through the initial supply … Read More “Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack – The Hacker News” »
US sanctions target Cambodian scam networks tied to crypto fraud and trafficking – Read More –
UNC6692 hackers exploit Microsoft Teams with fake IT alerts to deploy SNOW malware, steal credentials, and breach corporate networks in advanced attacks. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Researchers warn that BlackFile, an extortion group likely associated with The Com, continues to impersonate IT support in voice-phishing and social engineering attacks that have impacted organizations in multiple industries, including healthcare, technology, transportation, logistics, wholesale and retail. Attackers have been actively targeting organizations in the retail and hospitality industry since February, according to Unit … Read More “BlackFile actively extorting data-theft victims in retail and hospitality sector – CyberScoop” »
Dozens of browser extensions openly sell user data via privacy policy disclosures – Read More –
Itron confirmed a cyber incident but does not believe it is likely to have a material impact on the company – Read More –
Cybersecurity researchers have flagged dozens of Microsoft Visual Studio Code (VS Code) extensions on the Open VSX repository that are linked to a persistent information-stealing campaign dubbed GlassWorm. The cluster of 73 extensions has been identified as cloned versions of their legitimate counterparts. Of these, six have been confirmed to be malicious, with the remaining … Read More “Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware – The Hacker News” »
A pro-Ukrainian hacktivist group called PhantomCore has been attributed to attacks actively targeting servers running TrueConf video conferencing software in Russia since September 2025. That’s according to a report published by Positive Technologies, which found the threat actors to be leveraging an exploit chain comprising three vulnerabilities to execute commands remotely on susceptible – Read … Read More “PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks – The Hacker News” »
Anthropic’s Claude Mythos Preview has dominated security discussions since its April 7 announcement. Early reporting describes a powerful cybersecurity-focused AI system capable of identifying vulnerabilities at scale and raising serious questions about how quickly organizations can validate, prioritize, and remediate what it finds. The debate that followed has mostly focused on the right – Read … Read More “Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren’t Ready for the Remediation Side – The Hacker News” »
A new report by global technology recruitment firm, Harvey Nash, found that three quarters of cybersecurity staff are pessimistic on pay and half are looking for a new job – Read More –
New version of Vidar infostealer spreads via fake CAPTCHAs, hides in JPEG and TXT files, uses fileless attacks and steals browser, crypto wallet data. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Cybersecurity researchers have disclosed details of a telecommunications fraud campaign that uses fake CAPTCHA verification tricks to dupe unsuspecting users into sending international text messages that incur charges on their mobile bills, generating illicit revenue for the threat actors who lease the phone numbers. According to a new report published by Infoblox, the operation is … Read More “Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud – The Hacker News” »
Researchers uncover a new data theft and extortion group dubbed “BlackFile” – Read More –
The “fast16” malware may have been used to target Iran’s nuclear program prior to Stuxnet – Read More –
Poor metrics can render a well-intentioned security operation centre entirely ineffective. – Read More – All Feed
Microsoft Entra Agent ID flaw allowed privilege escalation and tenant takeover via Service Principal abuse, now fully patched by Microsoft. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Research from Infoblox reveals a massive Click2SMS fraud scheme using fake CAPTCHAs and back button hijacking to trick victims into sending costly international texts. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Cybersecurity researchers have discovered a new Lua-based malware created years before the notorious Stuxnet worm that aimed to sabotage Iran’s nuclear program by destroying uranium enrichment centrifuges. According to a new report published by SentinelOne, the previously undocumented cyber sabotage framework dates back to 2005, primarily targeting high-precision calculation software to tamper – Read More … Read More “Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software – The Hacker News” »
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added four vulnerabilities impacting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X series routers to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is below – CVE-2024-57726 (CVSS score: 9.9) – A missing authorization vulnerability in – Read … Read More “CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline – The Hacker News” »
Fake CAPTCHA ClickFix attack tricks users into running malicious commands, using cmdkey and regsvr32 to maintain persistence and avoid detection on Windows – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
The latest attempt to re-up a controversial expiring surveillance law has failed to placate vocal critics on both the left and right of the political spectrum. Two House votes failed last week to extend the spying powers under Section 702 of the Foreign Intelligence Surveillance Act (FISA) for 18 months without changes, leading to Congress … Read More “Latest spy power reauthorization bill leaves critics unimpressed – CyberScoop” »
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed federal civilian agency’s Cisco Firepower device running Adaptive Security Appliance (ASA) software was compromised in September 2025 with malware called FIRESTARTER. FIRESTARTER, per CISA and the U.K.’s National Cyber Security Centre (NCSC), is assessed to be a backdoor designed for remote access … Read More “FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches – The Hacker News” »
GitGuardian uncovers TeamPCP attack on Bitwarden CLI, abusing GitHub Dependabot to spread Shai-Hulud and poison AI coding tools. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
The Office of Inspector General (OIG) of the U.S. National Aeronautics and Space Administration (NASA) has revealed how a Chinese national posed as a U.S. researcher as part of a spear-phishing campaign to obtain sensitive information from the space agency, as well as from government entities, universities, and private companies, in violation of export control … Read More “NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software – The Hacker News” »
UK government Minister confirms that breached health records of UK Biobank volunteers were up for sale on Chinese ecommerce platforms before being removed – Read More –
Cybersecurity researchers have discovered a set of malicious apps on the Apple App Store that impersonate popular cryptocurrency wallets in an attempt to steal recovery phrases and private keys since at least fall 2025. “Once launched, these apps redirect users to browser pages designed to look similar to the App Store and distribute trojanized versions … Read More “26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases – The Hacker News” »
The AI Agent Authority Gap – From Ungoverned to Delegation As discussed in our previous article, AI agents are exposing a structural gap in enterprise security, but the problem is often framed too narrowly. The issue is not simply that agents are new actors. It is that agents are delegated actors. They do not emerge … Read More “Bridging the AI Agent Authority Gap: Continuous Observability as the Decision Engine – The Hacker News” »
AI tools are not just creating new vulnerabilities, they are reviving old security failures, warned Jurgen Kutscher, VP of Mandiant Consulting – Read More –
French police arrest HexDex hacker, a 20-year-old suspect accused of mass data theft and leaks targeting government, sports groups, and firms. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Chinese-speaking individuals are the target of a new campaign that uses a trojanized version of SumatraPDF reader to deploy the AdaptixC2 Beacon post-exploitation agent and ultimately facilitate the abuse of Microsoft Visual Studio Code (VS Code) tunnels for remote access. Zscaler ThreatLabz, which discovered the campaign last month, has attributed it with high confidence to … Read More “Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2 – The Hacker News” »
A high-severity security flaw in LMDeploy, an open-source toolkit for compressing, deploying, and serving LLMs, has come under active exploitation in the wild less than 13 hours after its public disclosure. The vulnerability, tracked as CVE-2026-33626 (CVSS score: 7.5), relates to a Server-Side Request Forgery (SSRF) vulnerability that could be exploited to access sensitive data. … Read More “LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure – The Hacker News” »
Malicious npm packages spread via worm-like propagation and steal developer credentials – Read More –
Washington’s focus on online retailer Coupang has led to accusations that the Trump administration is tying issues of national security to domestic corporate matters When South Korea’s biggest online retailer revealed last year that a data breach had compromised tens of millions of customer accounts, it appeared to be a corporate crisis. But five months … Read More “How a simple consumer data breach spiralled into a national security crisis in US-South Korea relations – Data and computer security | The Guardian” »
Vercel said the fallout from an attack on its internal systems hit more customers than previously known, as ongoing analysis uncovered additional evidence of compromise. The company, which makes tools and hosts cloud infrastructure for developers, maintains a “small number” of accounts were impacted, but it has yet to share a number or range of … Read More “Vercel attack fallout expands to more customers and third-party systems – CyberScoop” »
A state-sponsored hacking group has implanted a custom backdoor on Cisco network security devices that can survive firmware updates and standard reboots, U.S. and British cybersecurity authorities disclosed Thursday, marking a significant escalation in a campaign that has targeted government and critical infrastructure networks since at least late 2025. The Cybersecurity and Infrastructure Security Agency … Read More “US, UK agencies warn hackers were hiding on Cisco firewalls long after patches were applied – CyberScoop” »
