Cybersecurity News from Across the Internet
President Donald Trump said he would postpone the release of an executive order that would set up a 90-day testing and vetting regime for frontier AI models, hours before the White House was set to publicly announce the signing. Speaking to reporters in the Oval Office Thursday, Trump said he opted to delay the order … Read More “Trump postpones executive order focused on AI security – CyberScoop” »
President Donald Trump said he would postpone the release of an executive order that would set up a 90-day testing and vetting regime for frontier AI models, hours before the White House was set to publicly announce the signing. Speaking to reporters in the Oval Office Thursday, Trump said he opted to delay the order … Read More “Trump postpones executive order focused on AI security – CyberScoop” »
Deleted Google API Keys remain active for up to 23 minutes after deletion, exposing GCP, Gemini, BigQuery, and Maps data to attackers. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Securing some of the open-source technology that serves as the backbone for all modern digital infrastructure is going to require some “hard decisions” amid a wave of malware attacks, the leader of the Cybersecurity and Infrastructure Security Agency said Thursday. “The open-source community is one that I’m particularly worried about when we start to think … Read More “CISA chief frets about open-source vulnerabilities, delayed security improvements – CyberScoop” »
For almost 20 years, stolen credentials have been the most common route for attackers into organizations, according to the Verizon Data Breach Investigations Report (DBIR). But that’s no longer the case. Read more in my article on the Fortra blog. – Read More – GRAHAM CLULEY
European authorities took down a prominent virtual private network service and arrested the alleged administrator behind an operation that cybercriminals used to steal data, commit fraud and ransomware attacks, Europol said Thursday. First VPN, which was promoted on Russian-speaking cybercrime forums, gained popularity for providing services that allowed users to hide their infrastructure and identities. … Read More “European authorities take down prolific cybercrime VPN service – CyberScoop” »
Cybersecurity researchers have disclosed details of a new Linux malware dubbed Showboat that has been put to use in a campaign targeting a telecommunications provider in the Middle East since at least mid-2022. “Showboat is a modular post-exploitation framework designed for Linux systems, capable of spawning a remote shell, transferring files, and functioning as a … Read More “Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor – The Hacker News” »
A threat actor compromised an Nx developer and posed as a legitimate maintainer to publish a malicious extension on Visual Studio Marketplace – Read More –
First VPN, a service used by ransomware actors and fraudsters, was dismantled by Europol – Read More –
This week starts small. A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking in. They are using the parts we already trust. That is what makes it worrying. … Read More “ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories – The Hacker News” »
Europol has seized First VPN, a service used by ransomware gangs, arrested its administrator and gained access to data linked to thousands of users. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Cybersecurity researchers expose a 10-month global Android malware campaign using fake apps to secretly charge users through premium SMS bills. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
AI risks threaten to permeate supply chains through unvetted code and unaudited suppliers – Read More –
Despite Internet Explorer’s retirement, hackers are abusing the legacy MSHTA utility in stealthy fileless malware attacks targeting Windows users. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild. The former, tracked as CVE-2026-41091, is rated 7.8 on the CVSS scoring system. Successful exploitation of the flaw could allow an attacker to gain SYSTEM privileges. “Improper link resolution before file access (‘link following’) … Read More “Microsoft Warns of Two Actively Exploited Defender Vulnerabilities – The Hacker News” »
Qualys finds nine-year-old Linux ptrace flaw exposing SSH keys and password hashes locally – Read More –
There’s this old proverb that’s stuck with me over the years: “Dig the well before you are thirsty.” It really means you should prepare for the crisis before it arrives. In cybersecurity, it’s a mentality that’s long underpinned investment, strategy and board-level conversations. And by many measures, organizations appear to have already ‘dug’ that well. … Read More “The readiness paradox: Why a false sense of cyber confidence is becoming a liability – CyberScoop” »
Consider a cached access key on a single Windows machine. It got there the way most cached credentials do – a user logged in, and the key stored itself automatically. Standard AWS behavior. No one misconfigured anything or violated a policy. Yet that single key, which was easily accessible to a minor-league attacker, could have … Read More “When Identity is the Attack Path – The Hacker News” »
As the AI universe expands, so have the cybercriminals that use AI for hacking. Recent reports are showing that bank attacks using AI has increased over 400%, with savvy criminals staying ahead of anti-fraud measures. Another report for 2025 has identified 1,243 financial brands as their main targets in 90 countries and 34 active malware … Read More “Hackers Stealing Bank Accounts from iPhone and Android Users Using AI – Da Vinci Cybersecurity: Leading Cyber Security Services in South Africa.” »
Cybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained undetected for nine years. The vulnerability, tracked as CVE-2026-46333 (CVSS score: 5.5), is a case of improper privilege management that could permit an unprivileged local user to disclose sensitive files and execute arbitrary commands as root on default installations of several … Read More “9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros – The Hacker News” »
Grafana Labs has confirmed a recent data breach was caused by the TanStack supply chain attack – Read More –
Drupal has released security updates for a “highly critical” security vulnerability in Drupal Core that could be exploited by attackers to achieve remote code execution, privilege escalation, or information disclosure. The vulnerability, now tracked as CVE-2026-9082, carries a CVSS score of 6.5 out of 10.0, per CVE.org. Drupal said the vulnerability resides in a database … Read More “Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks – The Hacker News” »
GitHub on Wednesday officially confirmed that the breach of its internal repositories was the result of a compromise of an employee device involving a poisoned version of the Nx Console Microsoft Visual Studio Code (VS Code) extension. The development comes as the Nx team revealed that the extension, nrwl.angular-console, was breached after one of its … Read More “GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension – The Hacker News” »
A 23-year-old radio enthusiast spent £300 on a piece of kit from the internet, and used it to bring four packed high-speed trains to a screeching halt. His defence in court? Possibly the most creative excuse we’ve heard all year. Meanwhile, owners of $4,000 robot lawnmowers are discovering that their gadget can be hijacked over … Read More “Smashing Security podcast #468: High-speed train hacks and homicidal lawnmowers – GRAHAM CLULEY” »
On Wednesday, Microsoft released two new red teaming tools—Rampart and Clarity—,meant to help developers design more secure agentic software and assist incident responders in the face of ongoing breaches. Rampart is built on top of PyRIT, an existing open automation framework Microsoft developed for red teaming generative AI systems. But while PyRIT scans already-built systems … Read More “Meet Rampart and Clarity, Microsoft’s new red team combo AI agents – CyberScoop” »
Microsoft has unveiled two new open-source tools called RAMPART and Clarity to assist developers in better testing the security of artificial intelligence (AI) agents. RAMPART, short for Risk Assessment and Measurement Platform for Agentic Red Teaming, functions as a Pytest-native safety and security testing framework for writing and running safety and security tests for AI … Read More “Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development – The Hacker News” »
GitHub Breach: TeamPCP stole 3,800 internal repositories through a malicious VS Code extension and is now selling the data online for $95,000. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Microsoft on Tuesday said it disrupted a malware-signing-as-a-service (MSaaS) operation that weaponized the company’s Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of machines and networks across the world. The tech giant attributed the activity to a threat actor it calls Fox Tempest, which it said offered the … Read More “Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks – The Hacker News” »
GitHub said late Tuesday that internal repositories were exfiltrated after an employee device was compromised through a poisoned Visual Studio Code extension, an incident that underscores the growing risks facing software development platforms and the ecosystems built around third-party developer tools. The Microsoft-owned company said in posts on X that it detected and contained the … Read More “GitHub says internal repositories were impacted in poisoned VS Code extension attack – CyberScoop” »
Before indicators, before oscillators, before anything that requires a formula – the market communicates through price structure. Peaks… – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Mini Shai-Hulud worm hits Alibaba AntV ecosystem in largest npm supply chain wave to date – Read More –
Premium Deception campaign uses 250 Android apps to silently sign victims up to paid services – Read More –
New Industry Data Just Released Suggests Not. On May 19th, 2026, Orchid Security released the results of our Identity Gap: Snapshot 2026. Among the findings, “identity dark matter” (the unseen, unmanaged elements of identity) now overshadows the visible elements 57% vs. 43%. And it couldn’t have occurred at a worse time, with enterprises embracing Agent … Read More “Agent AI is Coming. Are You Ready? – The Hacker News” »
Verizon DBIR 2026 reveals software vulnerabilities overtook stolen passwords in cyberattacks, with AI helping hackers exploit flaws within hours. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Cybersecurity researchers have flagged fresh activity from a China-aligned threat actor known as Webworm in 2025, deploying custom backdoors that employ Discord and Microsoft Graph API for command-and-control (C2 or C&C) communications. Webworm, first publicly documented by Broadcom-owned Symantec in September 2022, is assessed to be active since at least 2022, targeting government agencies – … Read More “Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API – The Hacker News” »
Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
Banana RAT malware hidden in fake invoices and security update screens targets customers at 16 Brazilian banks stealing data with QR fraud. – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
AI-generated lookalike domains are now embedded inside the third-party scripts running on your web properties. Here’s why your current stack can’t see them, and what detection actually requires. Download the CISO Expert Guide to Typosquatting in the AI Era → TL;DR Typosquatting is no longer a user problem. Attackers now embed lookalike domains inside legitimate … Read More “Typosquatting Is No Longer a User Problem. It’s a Supply Chain Problem – The Hacker News” »
The prolific threat group TeamPCP has claimed a hack into GitHub’s internal repositories – Read More –
China-linked Webworm APT expands beyond Asia, targeting European government organizations and refining its cyber espionage tactics, according to ESET research – Read More –
Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week. The zero-day flaw, now tracked as CVE-2026-45585, carries a CVSS score of 6.8. It has been described as a BitLocker security feature bypass. “Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred … Read More “Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit – The Hacker News” »
Barracuda reveals new CypherLoc scareware has featured in nearly three million attacks – Read More –
Having receive a ransom payment for its attack on Canvas, ShinyHunters and other extortion gangs are only likely to be further incentivised to launch similar attacks in future. Read more in my article on the Hot for Security blog. – Read More – GRAHAM CLULEY
Verizon DBIR finds 31% of data breaches began with software flaws last year – Read More –
The threat landscape is changing, and what was once the most robust cybersecurity is now falling short. You might… The post Zero Trust Meets Quantum Cryptography: Building an Unbreakable Security Architecture appeared first on JISA Softech Pvt Ltd. – Read More – JISA Softech Pvt Ltd
Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations. Successful exploitation of the most severe of these … Read More “Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution – Cyber Security Advisories – MS-ISAC” »
Grafana Labs, on May 19, 2026, said an investigation into its recent breach found no evidence of customer production systems or operations being compromised. It said the scope of the incident is limited to the Grafana Labs GitHub environment, which includes public and private source code along with internal GitHub repositories. “After the initial assessment, … Read More “Grafana GitHub Breach Exposes Source Code via TanStack npm Attack – The Hacker News” »
GitHub on Tuesday said it’s investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform’s source code and internal organizations for sale on a cybercrime forum. “While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ … Read More “GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories – The Hacker News” »
Congressional Democrats want answers from the Cybersecurity and Infrastructure Security Agency about the reported public exposure of sensitive agency credential data on GitHub in an incident that the security researcher who discovered it called one of the worst leaks he’s ever seen. Other security professionals also voiced concern Tuesday about the leak and the potential … Read More “CISA credential leak raises alarms, and Capitol Hill demands answers – CyberScoop” »
AI agent security starts with a simple fact: the more authority an agent has, the tighter its access… – Read More – Hackread – Cybersecurity News, Data Breaches, AI and More
