7/2/2026

Germany Seeks Powers for Spies To Hack and Disrupt Attackers

Launch of UK’s National Cyber Action Plan Delayed Amid Labour Leadership Crisis

Supreme Court Decision Threatens EU-U.S. Data Transfer Agreement

SpaceX Showed Investors Prototype of Elon Musk’s New AI Device

Musk Denies Report That SpaceX Showed AI Handset Prototype Before IPO

Dev Says Google Warned Him About Account Hijack – Then Charged Him $11,000 Anyway

Google Loses Final Appeal To Overturn €4.1 Billion EU Fine

Google Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices

Krebs: FBI Seizes NetNut Proxy Platform, Popa Botnet

Startup Sues Palo Alto Networks’ Koi Security, Saying an AI-Hallucinated Report Falsely Linked It To Chinese Espionage

Safe Events Start With Threat Intel & Digital Security

When Too Much Security Data Became the Risk
AdaptHealth Investigates Cybersecurity Incident Involving Patient Data

Medtronic Notifies Customers Impacted by ShinyHunters Data Breach

St. Paul Data Breach: 12,484 Residents, Employees Notified After July 2025 Cyberattack

Cybercriminals Pose as Interpol in Phishing Emails to Infect Victims With Ransomware

AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack

Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials

Opera Rolls Out Paste Protect Feature To Fight ClickFix Attacks

ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API

SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation

Cisco Finally Confirms Attackers Exploiting Unified CM Flaw

Researcher Behind ‘Exploitarium’ Explains Release of Undisclosed Zero-Day Exploits

7/1/2026

DHS Confirms Hackers Breached HSIN Info-Sharing Platform

U.S. Removes Curbs on Anthropic’s Latest Fable and Mythos AI Models

Cyber Insurers Focus on Speed as AI Rewrites Security

Phantom Squatting Uses AI-Hallucinated Domains for Phishing and Malware

Claude Helped a Hacker Find a Way To Issue Tickets to Almost Every U.S. Music Festival

Suspected Member of “Scattered Spider” Hacking Group Extradited to U.S. From Finland

Amazon Fined $2.25M for Withholding Evidence From Fraud Victims

An Artificial Cell With a Full Lifecycle Has Been Created for the First Time

Progress Kemp LoadMaster Pre-Auth RCE Flaw Faces Active Exploitation Attempts

Unpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes Clusters

Critical Cursor Flaws Could Let Prompt Injection Escape Sandbox and Run Commands

Adobe Patches 7 CVSS 10.0 Flaws in ColdFusion and Campaign Classic

Citrix Patches Six NetScaler Flaws Allowing File Read and Denial-of-Service
Kubota Says Hackers Had Month-Long Access To Network Systems

Dental Implant Manufacturer Park Dental Research Corporation Hit With Ransomware Attack

Japanese Insurer, Brewer, Manufacturer and Telecom Disclose Cyber Breaches

Over 900 Oracle E-Business Instances Exposed To Ongoing Attacks

Brazilian Banking Trojan Ousaban Targets Spain and Portugal

Veil#Drop Fileless Malware Abuses Google Blogspot to Deploy Infostealer in Memory

Azure CLI Password Spray Hits at Least 78 Microsoft Accounts in 81M+ Attempts

SEO-Poisoned Software Sites Abuse ScreenConnect to Deploy AsyncRAT

FortiBleed Credential-Theft Campaign Linked to Lynx Ransomware

New ChocoPoC Malware Targets Researchers via Trojanized PoC Exploits

EvilTokens Device-Code Phishing Kit Totally More Evil Than We All Thought

AI-Generated Browser Ransomware Abuses Chromium API on Windows and Android

Researcher Analyzes 3,000 Live ClickFix Payloads, Exposing API-Driven Malware Delivery

6/30/2026

U.S. Is Working on Ban Targeting Chinese Energy Inverters

Anthropic To Restore Claude Fable Access on Wednesday

Microsoft Warns Poisoned MCP Tool Descriptions Can Make AI Agents Leak Data

New BioShocking Attack Manipulates AI Browser Into Data Theft

AI-Generated Workflows Are a Silent Security Disaster

Palo Alto, CrowdStrike Both Have Best Quarter Ever as AI Threats Bolster Cyber Demand

Infosec Professionals Sour on Automated Pentesting Tools

Microsoft Adds Smarter Bot Protection to Teams Meetings

Microsoft Accelerates Quantum-Safe Roadmap as Risks Grow

Huntress CEO Says Threat Hunter Used ‘Poor Judgment’ in Alerting Ransomware Crim About Law Enforcement Probe

House Passes Kids’ Online Safety Bill, but Senate Approval Unlikely

CIA Chief Highlights Major Shifts in Agency’s Tech Approach

Kali Linux 2026.2 Released with 9 New Tools, NetHunter Updates
Blackfield Ransomware Asks Nidec Corporation for $2 Million Ransom

Insurance Giant Aflac Discloses Data Breach After Subsidiary Hack

Hackers Leverage Blockchain to Hit Japan’s Hotels Through Booking.com Phishing

RustDuck Botnet Rebuilds in Rust to Hijack Routers and Servers for DDoS

ClickFix Now Cybercriminals’ Favorite Malware Delivery Technique

AirDrop and Quick Share Flaws Let Nearby Attackers Trigger Crashes and Bypass Checks

282 iOS AI Apps Leak API Keys and Open AI Proxy Access in Network Traffic Study

Malicious PyPi Packages Give Hackers Control of Telegram Bot Servers

Silent Swap Crypto Clipper Uses Fake Google Notes Extension to Replace Wallet Addresses

CISA: Windows BlueHammer Flaw Now Exploited by Ransomware Gangs

Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints

GuardFall Exposes Open-Source AI Coding Agents to Decades-Old Shell Injection Risks

6/29/2026

Gamaredon Expands Ukraine Attacks with New Malware and Cloud Service Abuse

Four Years Into Ukraine Invasion, Russia Turns Influence-Ops Back to U.S. and Europe

Ukraine To Use Seized Crypto From Cybercrime Group To Buy War Bonds

Mustang Panda Uses Zoho WorkDrive as Command Channel in Indian Government Attacks

China’s Z.ai Claims It Can Match Mythos on Cybersecurity

Apple Says It Is Releasing Updates Early in Response To AI Cybersecurity Concerns

Meta Contractors Posed as Teens to Prompt Rival Chatbots About Suicide, Sex, and Drugs

Security Researchers Tricked Llms Into Giving Them Cocaine Recipes by Abusing Role Models for Prompt Injection

Top Google Security Staff Warn Search Data Could Be Hacked if EU Rules Change

WhatsApp is Finally Getting Usernames to Help Keep Phone Numbers Private

U.S. Offers $10 Million for Hackers Targeting WhatsApp, Signal Users

U.S. Seizes Hundreds of FIFA World Cup Illegal Streaming Domains

Trump Signs Memo Making It Easier for Americans To Fix Own Vehicles
Iran Cyberattacks on Israel Surged in 2026, Israeli Cyber Chief Says

U.S. Federal Insurance Regulator Confirms Data Breach Via Oracle Flaw

Nissan Discloses Employee Data Breach Linked to Oracle Zero-Day Attacks

NAIC Says Public Data Stolen in ShinyHunters’ PeopleSoft Breach

Telegram-Based Millenium RAT Campaign Infects 60,000 Devices

236,000 DCloud Uni-App Sites Used in Crypto Scams, Phishing, and Wallet Drainers

Critical SimpleHelp Flaw Exploited To Deploy New Stealer Malware

Hackers Now Exploit Critical Oracle E-Business Flaw in Attacks

Microsoft Removes 119 Edge Extensions That Hid Malware in Images and Fonts

Malicious Perplexity Chrome Extension Intercepted Searches and Address Bar Input

Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer

Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw

Microsoft Extends Windows Server 2022 Hotpatching Until October 2027

Justices Rule That Cellphone Location Histories Are Protected by the Fourth Amendment

6/26-28/2026

China-Linked Hackers Strike Asian Critical Infrastructure with TinyRCT Backdoor

Google Details Turla’s New STOCKSTAY Backdoor Used in Ukraine Espionage Attacks

Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials

FBI Warns Russian Intelligence Hackers Target Signal Backup Recovery Keys

Even the Secret Service Won’t Use Company-Issued Phones

The Pentagon Is Looking Into the Dialog Data Exposure for Unmasking National Security Officials

China Has Matched Anthropic in Cybersecurity, Resetting AI Race

U.S. Allows Anthropic To Release Mythos AI To ‘Trusted’ U.S. Organizations

OpenAI Limits New AI Models To ‘Trusted Partners’ at Request of U.S. Government

The Three Chatbot Behaviors That Can Drive Humans to Delusional Thinking

Montenegro Police, FBI Arrest Iranian Wanted by Us for Hacking

Russia Accuses Apple of ‘Political Censorship’ After VK Apps Removed From App Store

FCC Votes To Toughen Rules in Bid To Better Protect Undersea Cables
Russian Hackers Were Behind $2.5B Hack of Jaguar Land Rover

Apple Supplier Tata Tightens Internal Controls After Data Breach

Polymarket Customers Lose $3 Million in Supply-Chain Attack

Data Breach Exposes up to 14.2 Million Email Logins at Six ISPs

Cybersecurity Firms Targeted by Fraudulent OpenAI Organization Invites

Clean GitHub Repo Tricks AI Coding Agents Into Running Malware

Microsoft Warns of Photo ZIP Phishing Campaign Targeting Hotels with Node.js Implant

New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks

Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack

New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets

CISA Sets Urgent Deadline To Fix Cisco Flaw Exploited in Attacks

CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue

New Linux pedit COW Exploit Enables Root Access by Poisoning Cached Binaries

Amazon Q Developer Flaw Could Let Malicious Repos Run Code via MCP Configs

6/25/2026

Ukraine’s State Postal Operator Reports App Disruption After Cyberattack

Russia Used Cellebrite Phone-Hacking Tool to Crack Down on Dissident After Firm Cut Off Country

Major Increase in Ransomware Attacks Targeting Europe, Warns New Report

British Police Built a Sprawling Crime-Prediction Machine. Some Results Couldn’t Be Trusted

Teens Who Hacked TfL Were Known to Police Years Before Cyber-Attack

Poland Busts SIM-Swapping Gang Tied to Millions in Crypto Theft

Ex-Huntress Analyst Claims Company Insider Fed Info to a Ransomware Crim. Social Media Drama Ensues

PirloTV Sports Piracy Network Disrupted as 44 Domains Seized

Do CISOs Need a Code of Ethics?
Hacked Klue Says Criminals Are Deleting Stolen Customer Data, but Now Other Hackers Are Making Threats

Another Russian Dairy Company Reportedly Disrupted by Cyberattack

Twenty Million U.S. IP Connections Used by Proxy Services

Bluekit Phishing Kit Adopts Browser-In-The-Middle for Login Theft

Order-Tracking App Shop Abused to Push Callback Phishing Attacks

Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability

New Gaslight macOS Malware Uses Prompt Injection to Disrupt AI-Assisted Analysis

Microsoft Quietly Extends Free Windows 10 ESU Support to October 2027

DHS Chief Says President Has Met With Potential Cisa Nominee; Agency Plans to Hire 600

6/24/2026

Iran-Linked MuddyWater Poses as Ransomware Gang to Mask Cyber Espionage

STT, Tata Delhi Data Centre Fire Leaves Clients Fearing Decades of Data Lost; Google Hit

Microsoft’s Quantum Computing Technology Called Into Question, Again

German Rail Services Resume After Wireless Communications Outage

UK’s Museums and Galleries Left Vulnerable to Cyber-Attack and Theft, MPs Warn

Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered

DraftKings Hacker ‘Snoopy’ Sentenced to 18 Months in Prison
KDDI Breach Affects Six Japanese ISPs, Exposes 14.2 Email Credentials

Stealthy Mistic Backdoor Linked to Ransomware Access Broker KongTuke

Malicious Edge Extension Abuses Native Messaging as Bridge to Malware

Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks

CISA Warns of Max Severity Ubiquiti Flaws Exploited in Attacks

Critical Lantronix EDS5000 Flaw Is Being Actively Exploited

Mandiant Reveals How Cisco SD-WAN Zero-Day Attacks Gained Root Access

6/23/2026

Iran Says Card-Based Banking Hit by Cyberattack on Three Lenders

Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents

OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws

NSA Lost Access to Powerful A.I. Model Amid Anthropic Dispute

GitHub Updates Actions/Checkout to Block Common Pwn Request Attack Patterns

GTA 6 Scams Emerge as Pre-Orders Open

Feds Seize Alleged Cyber-Scam Infrastructure Connected to Southeast Asian Company

Compromise Kids Online Safety Bill Unveiled by House Leaders, With Key Omission
Password Manager Maker LastPass Says Hackers Stole Customer Support Case Data During Klue Breach

Tata Electronics Confirms Cyberattack as Hackers Leak Data

India’s Bajaj Auto Says Ransomware Attack Hits Systems

Healthtech Firm Xolis Suffers Data Breach Impacting 1.4 Million People

Dialog Claims It Was Hacked. A Misconfigured Website Left Its Members Exposed

New macOS ClickFix Attack Silently Mounts DMGs to Push Infostealer

Lookalike npm Package Hides a Multi-Stage Windows RAT

WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool

Cisco Unified CM Flaw CVE-2026-20230 Now Exploited in Attacks

6/22/2026

‘Five Eyes’ Intelligence Alliance Warns That New AI Models Pose Urgent Cyber Risk

OpenAI Launches Full-Scale Effort to Patch Open-Source Bugs as It Takes on Anthropic’s Mythos

INTERPOL Warns Phishing, Ransomware, and AI Scams Are Rising Across Asia-Pacific

How 100 Romanian Hospitals Switched to Pen and Paper to Defeat a National Cyber-Attack

World Cup Scams Are Getting Harder to Spot

Two Men Plead Guilty Over £39M TfL Cyber Attack

Teenager Who Hacked TfL Wanted in U.S. After £87M Cyber-Scam

Canada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices

Fatal Tesla Crash Into Texas Home Now Under Federal Safety Investigation

Trump Signs Orders Calling for Powerful Quantum Computer, Targeting 2028
Suspected Cyberattack Triggers False Emergency Alerts Across Parts of Brazil

India’s Tata Electronics Hit by Cyber Breach Claiming to Expose Apple, Tesla Trade Secrets

Klue Hack Results in Data Breach at Several Cybersecurity Firms

JaredFromSubway MEV Bot Hacked in $15 Million Crypto Theft

New OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealer

WhatsApp Phishing Attack Uses Fake Business Docs to Hack PCs

FortiBleed Campaign Used Custom FortiGate Sniffer to Steal Credentials

Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants

29-Year-Old Squid Proxy Bug ‘Squidbleed’ Can Leak Cleartext HTTP Requests

FFmpeg Fixes PixelSmash Flaw in Widely Used Video Decoder

Microsoft Fixes AutoGen Studio Flaw That Enabled Code Execution

6/19-21/2026

Microsoft Links Mastra AI Supply Chain Attack to North Korean Hackers

White House Delays Release of U.S. Voting Machine Study

Early Users of Anthropic’s Mythos Still Have Access After U.S. Order

AWS Unveils ‘Continuum,’ an AI-Powered Vulnerability Management Platform

Why Amazon Hates ‘Human-In-The-Loop’ AI Governance

The Classic Movie That Was Nearly Destroyed by a Single Line of Code

New York Man Charged After Harassing Georgia College Student With AI-Generated Nudes

UK’s Information Commissioner Resigns Over ‘Inappropriate Humour’

A Critical Deadline Is Approaching for Windows and Linux Security

Unpatchable ‘usbliter8’ Exploit Breaks Apple A12 and A13 SecureROM Boot Chain
Hackers Publish Knicks and Madison Square Garden Data Online

Mount Royal University (AB) Site Down Due to Cyber Attack

Acworth (GA) Computer Networks Targeted in Early June Cyberattack

AryStinger Botnet Infected Thousands of D-Link Routers Worldwide

Klue OAuth Breach Victim List Grows as Icarus Hackers Claim Attack

New Prinz Eugen Ransomware Prioritizes Recent Files for Encryption

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys

CISA: Splunk Enterprise Flaw Actively Exploited, Patch by Sunday

CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices

6/18/2026

Bulgaria Allowed Surveillance Tech Firm to Sell Products to Repressive Regimes

How Hackers Found a Back Door Into the American Living Room

The Midterms Are Going to Be a Data Security Nightmare

Krebs: ‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm

Israeli Cyber Startup Dream Raises $260 Million, Valued at $3 Billion

Accenture Takes Majority Stake in Cyber Company Dragos

Cybercriminals Are Worried About AI Taking Their Jobs Too

The Hacker Sent by Anthropic to Calm the Government’s Nerves About AI Safety

Leak Confirms OpenAI Is Testing a ChatGPT for Science Subscription

How the Peter Thiel-Linked Dialog Club Secretly Ranks Its Members

Telegram Admits It Couldn’t Police Exam-Leak Channels, India Tells Court

How to Watch the Knicks Parade on NYC Traffic Surveillance Cameras

UK Social Media Ban for Minors Has Privacy Experts Worried

Police Cleans Nearly 15,000 SocGholish-Infected Sites Tied to Evil Corp

FIFA Bug Exposes World Cup Streams to Remote Takeover
Nintendo Confirms Data Stolen in WebMD Subsidiary TinyPulse Cyberattack

Texas Government Data Breach Allowed Hackers to Steal 3 Million Driver’s Licenses and Passports

University of Nottingham Confirms It Received No Ransom Request Following Cyber Attack

Australian Sugar Producer Mackay Sugar Works to Restore Operations as Ransomware Group Claims Attack

Gentlemen Ransomware Uses Multiple EDR Killers to Disable Defenses

Klue OAuth breach linked to ‘Icarus’ Salesforce data theft attacks

Microsoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2

Fake GitHub Stars and AI Videos Mask a Crypto Clipper

LATAM Infrastructure Hit by Fortinet and Ivanti Exploits

ShapedPlugin Update Flow Hacked to Infect WordPress Sites

F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution

Apple Fixes Beats Studio Buds Flaw That Let Hackers Spy on Conversations

Microsoft Fixes Issue Causing Windows Server 2016 Security Update Failures

6/17/2026

North Korean Hiring Fraud Runs on AI and US Laptop Farms

Hostile States Behind Three-Quarters of Attacks on Britain’s Critical Infrastructure, Cyber Chief Warns

EU Security Experts to Support Ukrainian Organizations in Case of Cyber-Attacks

CISA Now Has Full Mythos Preview Access, People Familiar Say

At G7, Macron Says He Expects Progress on Broadening Access to Anthropic’s Mythos

In U.S., EU Mutual Interest for Europe to Use Best AI Models, von Der Leyen Says

Sensitive Enterprise Data Uploads to AI Models Double in a Year

AI Threats and Alert Fatigue Challenge Cybersecurity Teams

Cyber Warfare Firm Twenty Valued at $1 Billion in Latest Funding Round

Amazon AI Exec Predicts First ‘Commercially Useful’ Quantum Computers in 5-7 Years

Former School IT Worker Sentenced for Hacking Saydel Community School District (IA)

India’s Telegram Ban Hit the UAE Too. Here’s How to Get Around It
Kodak Confirms Data Breach Claimed by ShinyHunters Extortion Gang

Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline

Helpdesk Scammers Are Making House Calls to Make Their Lies Feel More Real

FortiBleed Leak Exposes Fortinet VPN Credentials For 73,000 Devices

Serverless Phishing Kit on GitHub Targets Mexican Banks

GitHub Dismissed Security Reports on Flaws Now Exploited by Supply-Chain Worm, Researchers Say

Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments

144 Mastra npm Packages Compromised via Hijacked Contributor Account

CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution

Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development

Google to Use UK and EU User IP Addresses for Ad Measurement & Personalization

6/16/2026

China-Linked SprySOCKS Backdoor Expands From Linux to Windows

Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware

Estonia to Quarantine Emails Sent From Russian .ru Domain Before They Reach Government Officials

G7 Leaders Discuss ‘Trusted Partners’ Access to Cutting-Edge U.S. AI Models

‘Dangerous’ AI Models Are Coming No Matter What

SoftBank Launches Cybersecurity Product Based on OpenAI Models

Chainguard, JPMorgan, BNY Team Up to Secure Open Source from AI Threats

Python Dev Saved From Disaster by intuition…and AI

Assume You Will Be Hacked

SpaceX to Acquire AI Coding Startup Cursor for $60B in Stock, Days After Blockbuster IPO

Cyber Startup Ent Raises $100 Million in Seed Funding

Leak Exposes Members of Peter Thiel’s Secretive ‘Dialog’ Society

France to Stop Certifying Products Without Quantum-Safe Encryption
DragonForce Ransomware Exploited Microsoft Teams to Hide in Attack Against Major Company

Cardiac Monitor Maker iRhythm Security Skips a Beat as Data Thieves Go for the Jugular

ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures

Rokarolla Android Trojan Combines Banking Fraud With Device Surveillance

Malicious JetBrains Marketplace Plugins Steal AI API Keys From Developers

CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation

Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting

Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week

UK to Require ID or Face Scan Before You Can Make Social Media Accounts

FTC Warns of Record $3.5 Billion Losses to Imposter Scams in 2025, Tripling since 2020

India Temporarily Blocks Telegram Over Medical Exam Cheating Fears

6/15/2026

Israel Is Alarmed by Trump’s Deal With Iran

Chinese Hackers Abused Google Workspace Rules to Steal Research and Defense Emails

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels

Belarus-Linked Hackers Target Gmail Accounts of Polish Public Figures and Their Families

Cyber Leaders Urge U.S. to Lift Curbs on Anthropic’s Security Models

U.S. Saw Risk of Anthropic Models Being Diverted to Foreign Military Intelligence

Meta Tapped a Pentagon Supplier to Prototype Face Recognition for Its Glasses

Adriatic Port Cyber-Attack by Anubis Sparks Warning Over Maritime Security Risks

Finland Brings Charges Against Cargo Ship Officers for Cutting Submarine Cables

FBI: Fraudsters Use Couriers to Steal Money in Crypto Scams

DOJ Seizes CFAKE, SOCFAKE Deepfake Nude Sites Under TAKE IT DOWN Act
Cyberattack on Russian Tech Firm Astral Disrupts Business, Government Services for Week

Infinite Campus Data Breach Affects 137,000 School Staff Accounts

Council of Europe Investigates ShinyHunters Data Breach Claims

Attackers Hijack Popular WordPress Plugins to Deploy Backdoors

152 Chrome Wallpaper Extensions with 105K Installs Linked to Adware and Fake Traffic

LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers

SimpleHelp Bug Lets Hackers Create Rogue Remote Support Accounts

One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes

Cisco Fixes SD-WAN vManage Flaw Exploited in Zero-Day Attacks

UK Government Finds 400+ Vulnerabilities in AI Hackathons

UK to Ban Social Media Access for Children Under 16

6/12-14/2026

U.S. and Iran Say They Have Reached a Deal to Stop Fighting

China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade

U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals

Anthropic Halts Access to Top AI Models After U.S. Ban on Foreign Use

Amazon CEO’s Talks With U.S. Officials Triggered Crackdown on Anthropic Models

Claude Fable 5 Doesn’t Change the Mythos Security Story

Anthropic Flies Staff to D.C. To Clean Up White House Fight

The FCC Wants to Kill Burner Phones

Chinese Connected-Car Software Ban Shows Cracks

FBI Disrupts Massive AI-Powered Phishing Service Using a Million URLs

Google Sues Chinese Smishing Network Accused of Using Gemini AI in Phishing

The FBI Built a Small Town to Simulate Cyberattacks

Fired IT Worker Jailed for 21 Months After Sabotaging Old School District

Ukrainian National Pleads Guilty to Role in Conti Ransomware Operation
Over 73,000 French Gov’t Employees Affected in Tchap Messenger Breach

Plymouth Council Exposes Hundreds in Latest Local Government Email Gaffe

Maine Disables Data Breach Notification Portal After Fake Disclosures

Murray County (GA) Restores Systems After Ransomware Attack, Pays $200,000 Fee

Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit

LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution

Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication

CISA Orders Feds to Patch Actively Exploited Ivanti Flaw by Sunday

phpBB Forum Fixes Auth Bypass Bug Lurking For a Decade

Microsoft Has Mostly Repaired Flaw in Surface Hardware That Allowed Unprotected Devices to Be Bricked by a Single Packet

NanoClaw Now Armed with JFrog for Safer Packages

Bankruptcy Admin Approves Settlement Fund of $47 Million for 23andMe Data Breach Victims

Major U.S. Surveillance Program Poised to Lapse After Legislative Deadlock

6/11/2026

Cyber Force Not Included in Senate Defense Policy Roadmap

Trump Nominates U.S. Attorney Jay Clayton to Be Director of National Intelligence

Extortion-Only Attacks Increase, With Data Theft Dominating Ransomware Claims

VRChat Says Somebody Faked a Breach Notice With the Maine AG’s Office

Signal Alums Reveal ‘Encrypted Spaces,’ a System for Making Private Collaboration Apps

OpenAI to Acquire Ona to Support Its AI Coding Assistant, Codex

New “Agentjacking” Attacks Could Hijack AI Coding Agents

New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets

Grok Is Still Hosting Sexualized Deepfakes of Famous Women

Korea Fines E-Commerce Giant Coupang $400M Over Data Breach Affecting Millions

Interpol Dismantles SniperDz Phishing-as-a-Service Platform

Authorities Dismantle ‘AudiA6’ Ransomware Crypto-Laundering Service

Hacker Linked to Void Blizzard Faces Charges Over Cyberespionage Campaign

The Invisible Battlefield: How Cyberwar Is Reshaping Everyday Life
Google Says ShinyHunters Hackers Targeting Education Sector via Oracle Exploit

University of Nottingham Confirms Cyber Incident as ShinyHunters Group Claims Data Theft

Oracle Warns of Security Bug That Hackers Abused to Breach 100+ Companies

Oracle Mitigates PeopleSoft Zero-Day Exploited in Data Theft Attacks

The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm

Japanese Energy Firm Loses Drive With Data of 10.9 Million Clients

Novo Nordisk Flags Patient Data Breach From Some Clinical Trials in Cyberattack

OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack

Drug Sites Hijacked Spotify’s Search Ranking Through Fake Podcasts

Cybercriminals Use Fake AI Guides and Dev Tools to Spread AsyncRAT Malware

Max Severity Ivanti Sentry Vulnerability Now Exploited in Attacks

New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files

CISA Orders Agencies to Patch by Risk, Not Severity

6/10/2026

China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance

China-Linked JDY Botnet Expands Targeting of U.S. Military Networks

UK Weakens Proposed Telecoms Defenses Against Chinese Hackers After Industry Pushback

North Koreans Behind Nearly Half of U.S. Tech Industry Hacks, Says CrowdStrike

CISA Tells U.S. Agencies to Fix Security Bugs in as Little as 3 Days Thanks to AI Threats

AI Shifts Cyber’s Hardest Problem From Finding Flaws to Fixing Them

Microsoft Restricts Claude Fable for Employees Over Data Retention Concerns

AI Coding Adoption Hits 97% but Governance Lags Behind

Krebs: Who Runs the Ransomware Group ‘The Gentlemen?’

Valve Is Phasing Out Physical Steam Gift Cards Due to Scammers

GitHub Announces npm Security Changes to Tackle Supply-Chain Attacks

The ‘Miasma’ Worm Source Code Briefly Leaked on GitHub

Wrongful Arrest Exposes Failures in One of the Oldest Police Face-Recognition Tools in the U.S.

Over a Quarter of Identity Crime Victims Hit by Multiple Incidents, ITRC Data Shows
Oracle PeopleSoft Servers Hacked in ShinyHunters Data Theft Attacks

Nearly a Million Passports and Photo IDs Were Left Unprotected on the Public Internet

University of Nottingham Student Data Hacked

Cyber Attack Partially Closes Great Marlow School in Buckinghamshire

Cyberattack Shuts Down Major Australian Sugar Mills, Disrupting Harvest

Fake Software Tutorials on TikTok Spread Vidar Stealer

New SilabRAT Trojan Hijacks Sessions to Steal Crypto

CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE

Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities

Microsoft Patches YellowKey, GreenPlasma, MiniPlasma Zero-Days

Microsoft Patches Exchange Server Zero-Day Exploited in Attacks

Angry Bug Hunter With Microsoft Beef Drops New Windows 0-Day

6/9/2026

WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine

Hackers Pose as Women Seeking Romance to Spy on Russian Soldiers

Iran Signed a Ceasefire — Its Hackers Didn’t

Chinese Hackers Pose Biggest Espionage Threat to Tech Firms, CrowdStrike Says

Anthropic Offers Mythos Upgrade for Cyber Partners and a ‘Safe’ Version for the Rest of You

OpenClaw AI Agent Found Falling for Phishing Attacks, Spills User Data

Meta to Use Off-Site Business Data for Feed and AI Personalization

Signal Says UK Plan to Scan Devices for Nude Images ‘Endangers Us All’

Microsoft Defender ‘RoguePlanet’ Zero-Day Grants SYSTEM Privileges

Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues

CISA to Transform How It Assesses Cyber Vulnerabilities and Risks, Andersen Says

AI Is Making Patch Tuesday (Kinda) Fun Again
French Gov’t Messaging Service Breached in Account Hijacking Attack

ServiceNow Discloses Security Incident Exposing Customer Data

New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing

Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

Critical phpBB Flaw Lets Attackers Hijack Any Account with One Request

Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code

LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE

Google Releases Patch for Chrome Vulnerability Exploited in the Wild

SAP Fixes Critical Flaws in NetWeaver and Commerce Cloud

Krebs: A Record-Breaking Patch Tuesday for June 2026

Microsoft Releases Windows 10 KB5094127 Extended Security Update

6/8/2026

VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances

North Korean Hackers Use Fake Coding Tasks to Steal Crypto

Russia Upgrades Rules for Its Digital Spy System to Better Track Citizens Online

Armenia’s Pro-Europe Party Wins Election Despite Russia-Linked Disinformation

Hackers Likely Hijacked Over 20,000 Instagram Accounts With Meta’s AI Chatbot

Meta Blocks NSO Group’s New WhatsApp Phishing Attack, Files Contempt Order

Meta Deletes Face-Recognition System From Its Smart Glasses App After Wired Report

New Apple Feature Automatically Changes Your Compromised Passwords

Two-Thirds of Open Source Community Unaware of Cyber Resilience Act

‘Talk to My AI Twin’: Busy Executives Have a New Productivity Hack

UK Gives Big Tech 3 Months to Create Device Controls to Block Nude Images of Kids
SoFi Confirms Third-Party Data Breach at Hong Kong Subsidiary

Evanston Township: Ransomware Sends Illinois High School on an Early Summer Vacation

Microsoft’s Open Source Tools Were Hacked to Steal Passwords of AI Developers

Qilin Ransomware Claims Hack of Major New York/New Jersey Shipping Association

UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign

New Shai-Hulud Attack Trojanizes 19 Science-Focused PyPI Packages

NFCShare Android Malware Spreads via Fake Banking App Updates on GitHub

Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups

One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public

Critical UniFi OS Bug Lets Hackers Gain Root Without Authentication

Gogs Patches Critical Zero-Day Enabling Remote Code Execution

6/5-7/2026

New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework

Chinese APT UNC5221 Deploys New Malware to Keep Access to Hacked Networks

U.S. Says It Will Speed Development and Use of AI for National Security

White House AI Policy Adviser Krishnan to Leave Position

Trump Says His Team Will ‘Look Into’ U.S. Taking Stake in AI Companies

Security Chiefs Unfazed by Federal AI Oversight

Blacklisted AI Company Anthropic, White House Ease Tensions Ahead of IPO

Anthropic Urges AI Labs to Pause Development, Warns Humans Risk Losing Control

Eight Legal Questions for Your AI Company

Hands on With Intelligent Terminal, an AI-Powered Windows Terminal

New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration

Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI

AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs

EU Unveils Tech Sovereignty Package to Cut Reliance on U.S., Chinese Suppliers

Apple Removes Russia’s State-Backed Messaging App Max From Its Store
Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps

Suspicious Polyfill Login Prompts Pop Up on Toshiba, Muji Websites

Silent Ransom Group Targets Law Firms With Fake IT Support Calls

World Food Programme Breach Exposes Data of 600K Vulnerable Gazan Families

Council in UK’s City of York Outs Hundreds of Disabled Residents With a Single Email Blunder

Oxford Uni Student Data Pwned Yet Again – This Time via Career Platform Breach

Over 900 U.S. Gas Station Tank Gauge Systems Exposed to Attacks

PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network

CoXMO Botnet Spreads via DD-WRT Router Flaw, Kills Rival Malware

Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack

Cisco Catalyst SD-WAN Manager CVE-2026-20245 Flaw Actively Exploited – No Patch Available

CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog

The $100 Million Crypto “Looksmaxxing” Boom: How Chinese Cartel Suppliers Pivoted to the Gray-Market Peptide Ecosyste

Dark Web Nemesis Market Vendor Gets 26 Years for Selling Drugs

4 Critical Threats Where Attackers Have the Advantage

6/4/2026

Five Eyes Warn Chinese Spies Are Using Job Sites to Recruit Insiders

Russia Seeks to Label Two Anti-Kremlin Hacker Groups as ‘Extremist’

Trump Considers Palantir Exec Shyam Sankar to Lead CISA

CISA Directive for AI Executive Order to Be Released This Week, Andersen Says

Meta Silently Added Face-Recognition Code for Its Smart Glasses to Millions of Phones

Hackers Spied on a Stock Exchange Executive’s Outlook Mailbox for Five Months

Pink Is the Latest Goon Squad to Use Fake Helpdesk Calls to Steal Creds

Police Dismantles Fake ID Marketplace Used by Migrant Smugglers

DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets

FTC Considers Setting Aside or Modifying $150 Million Privacy Penalty Against X

Supreme Court Rules FCC Fines Punishing Telecom Giants for Sharing Location Data Were Legal
UN Food Agency Discloses Breach Affecting 600,000 Gaza Households

DentaQuest Data Breach Exposed Info of 2.6 Million Accounts

My SSN Was Exposed in a Breach at Columbia—A School I Have No Connection With

Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS

FlutterShell Backdoor Spreads to macOS via Malicious Google and YouTube Ads

Credit Card Theft Campaign Abuses Stripe to Host Stolen Payment Info

Hola Browser for Windows Compromised to Deliver Cryptominer

New IronWorm Malware Hits 36 Packages in npm Supply-Chain Attack

Everest Forms Pro Vulnerability Allows Remote Code Execution on WordPress Sites

Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories

Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public

6/3/2026

Chinese Hackers Use New Atlas RAT Malware in European Cyberattacks

New Cyber Force Would Cost up to $11 Billion to Start, Commission Says

DHS Chief Signals Efforts to Reshape CISA

White House Unveils Pared-Back AI Executive Order

OpenAI’s Altman to Urge U.S. Lawmakers Not to Require AI Model Approvals

OpenAI Upgrades GPT-5.5, as It Plans to Retire Legacy ChatGPT Models

xAI Asks Court to Strip Alleged Grok Deepfake Nudes Victims of Anonymity

Teaching AI Agents to Ask Better Questions by Playing “Battleship”

AI as a Security Enabler, Not Role-Replacer

CrowdStrike Narrowly Beats Estimates on AI Tailwinds, but Stock Falls 10%

Police Dismantles 9 Crime Groups in Illegal Streaming Crackdown

The U.S. Sanctions Nobitex Crypto Exchange Used by Ransomware

The Worst Hacks and Breaches of 2026 (So Far)

Cyber Insurance Rates Are Dropping, but Exclusions Widen
Ultrahuman Says Hackers Accessed Customers’ Wellness Data via Internal Tool

Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content

WhatsApp, Slack Notifications Could Hijack Google Gemini on Android

Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT

One-Click GitHub Dev Attack Lets Attackers Steal Full GitHub OAuth Tokens

Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag

CISA Warns of Cyberattacks Targeting Fuel Tank Monitoring Systems

CISA Warns of Active Attacks Exploiting Android, Linux Bugs

New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

Acer Working to Patch Max Severity Zero-Days in Wave 7 Routers

Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes

Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)

6/2/2026

Trump Signs Executive Order to Review AI Models Before They’re Released

Anthropic Scales Claude Mythos to Critical Infrastructure in 15+ Countries

Turncoat AI Agents Emerge as the New Inside Hackers

Microsoft Reveals New Quantum Chip Made With AI, Says It Will Have Systems by 2029

Palo Alto Networks Tops Earnings as AI Fuels Cybersecurity Urgency

Beyond Assume-Breach: How AI-Native Security Will Reshape Enterprise Defense

Hong Kong Securities Regulator Warns Licensed Firms of AI-Driven Cyber Threats

Android Is Fighting Phone Scams With a New Feature to Prove Who’s Calling
Russian Spy Agency Says Foreign Spies Turned Officials’ Smartphones Into Surveillance Devices

Dingbat Criminal Breaks the ‘First and Second Rule of Ransomware Club’

Las Vegas Local Casino Operator Station Casinos Victim of Cyberattack

AI-Built Ransomware Toolkit Automates EDR Evasion, AD Discovery

Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation

Critical Kirki Flaw Exploited to Hijack WordPress Admin Accounts

Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited

Hackers More Focused on Misleading Voters Than Ballot Tampering

6/1/2026

U.S. And Iran Trade Strikes Amid Talks to End War

China-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic & Taiwan

FSB Group Gamaredon Hides Worm in Windows Data Streams

Unknown Hacker Group Targeted Russian Maritime Universities, Diplomats for Nearly Two Years

Krebs: Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts

Obama’s Old Instagram Account Was Reportedly Hacked Over the Weekend

Websites Can Now Spy on You Through Your Hard Drive

The Romance Scammer Who Made a Small Fortune Posing as a WWE Superstar

Spain Arrests Doxer Leaking Sensitive Data of Gov’t Employees

Florida Sues OpenAI and CEO Sam Altman, Claiming Company Concealed Serious Risks of ChatGPT

Anthropic Files to Go Public in Blockbuster Year for IPOs

NSA Selects New Leads for Key Cybersecurity Posts
Afghan Finance Officials Targeted by Suspected Pakistani Cyberespionage Campaign

Dashlane Password Manager Users Locked Out by Brute Force Attacks

Grand Theft Auto V Cheat Service Gets Hacked, Exposing Thousands of Gamers

Hackers Hijack Thousands of Sites for ClickFix and FakeUpdate Attacks

WordPress Malware Campaign Hides Payloads in Steam Profiles

OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack

Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm

Critical Windows Netlogon RCE Flaw Now Exploited in Attacks

Critical Flowise Flaw Gives Attackers Full Server Control

Microsoft Fixes KB5089549 Windows Security Update Install Issues

Inspector General Finds NIST Mistakes Have Made Vulnerability Database Ineffective

Microsoft Says It Will Not Pursue Security Researchers After Zero-Day Backlash

5/29-31/2026

Chinese Hackers Exploit Iran War to Target Maritime and Energy Companies

Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels

United Flight Forced to Turn Around Because of a Bluetooth Speaker Name

Anthropic Confirms Claude Mythos-Class Models Will Roll Out to the Public

UK Banks Still Lack Access to Mythos AI Model, BoE’s Bailey Says

Dutch Authorities Dismantle Botnet Linked to 17 Million Infected Devices

Man Sent to Prison for Selling Data of 7 Millions Elderly Americans

U.S. Charges Google Security Engineer With Polymarket Insider Trading

California Attorney General Sues 23andMe Successor for 2023 Data Breach

Google Chrome Adds Session Cookie Theft Protection for All Users
Charter Communications Data Breach Affects 4.9 Million Accounts

Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets

Lone Attacker Published 14 Malicious npm Packages Mimicking Popular OpenSearch, Elasticsearch Libraries

Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit

AI-Generated npm Malware Leaks Its Own GitHub Token

ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface

PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation

WP Maps Pro Bug Exploited to Create Admin Accounts on WordPress Sites

New CIFSwitch Linux Flaw Gives Root on Multiple Distributions

Name That Toon: Mark of (Cybersecurity) Progress

5/28/2026

The Pentagon Knew Enemies Could Track Troops’ Phones for Years. Now They Are

Russia Conducting Daily Attacks on UK ‘From Seabed to Cyberspace,’ Spy Chief Warns

China’s DJI Says Its Drones Not a Risk, Urges U.S. to Lift Ban on New Models

GreyVibe Hackers Use ChatGPT, Gemini to Power Cyberattacks

Japan’s Major Banks to Use OpenAI’s New Model to Thwart Cyberattacks, Nikkei Reports

Anthropic Tops OpenAI as Most Valuable AI Startup, Nears $1 Trillion Valuation in Latest Round

Cyber Threats Top CEO Business Fears

Snowflake Buys Natoma to Help Freeze Out Rogue Agents

Canadian Man Gets 33 Years for Using Social Media to Coerce U.S. Children Into Sending Sexual Content
A Security Lapse at Prison Pay Phone Service Pay Tel Publicly Exposed Over 300K Callers’ Driver’s Licenses

Scammers Are Using Your Real Hotel Reservations to Trick You With Spear-Phishing Attacks

Attackers Move Past Typosquatting to Realistic and Plausible Package Impersonation

New Threat Actor Jinx-0164 Targets Crypto Developers on macOS

Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer

Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code

Microsoft Condemns “Uncoordinated” Zero Day Disclosures

2 Pittsburgh-Area Men Plead Guilty in Scheme to Hack Snapchat Accounts and Steal Explicit Photos

5/27/2026

UK, Poland to Sign Defence Treaty to Tackle Russian Threats

UK Spy Chief: Time Is Running Out for the West to Confront Threats From Russia and China

Spain Wants EU States to Retain Say in Barring Foreign Telco Providers

Champion Ethical Hacker Warns AI Tools Like Mythos Will Make Competing Harder

Yes, AI Can Make Mistakes. AI Can Find Them, Too.

China Wants Its Companies to Embrace AI—Without Firing Workers

68% of UK Firms Plan to Increase Cyber Spending as AI Risks Rise

Amazon Strikes $6 Billion Deal With Snowflake for Agentic Computing Chips

Infosecurity Europe: Why Burnout in Cybersecurity Demands Risk-Based Response

Too Much Work to Do? Have Your Digital Twin Handle It

Bosses Blinded by Confidence About Shadow AI Use by Workers

AI Expands From Multibillion-Dollar Enterprises to Main Street

Rudd Orders Cyber Command Reviews as Pentagon Presses Reform Agenda

CrowdStrike, Google Take Down Glassworm Botnet
UK Visa Portal Exposed Thousands of Applicants’ Passports and Selfies — Then Called the Lawyers on Us

Cruise Operator Carnival Discloses Personal Data Breach

Thousands of Fake FIFA Domains Target World Cup Fans

AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites

FBI Warns of In-Person Data Theft Attacks From Silent Ransom Group Extortion Gang

PureLogs Variant Steals Data via Purchase Order Lures

Grandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android Users

Malicious npm Package Stole Files From Claude AI User Directory via GitHub

Gitea Vulnerability Exposes Private Container Images without Authentication

CISA Gives Feds 4 Days to Patch Actively Exploited Cpanel Plugin Flaw

Dutch Police Arrests Suspect Linked to Ajax Football Club Hack

Romanian National Sentenced to More Than 4 Years for Hacking Oregon Government Systems

Some Eligible for up to $3,500 in Krispy Kreme Data Breach Settlement

5/26/2026

Chinese Threat Actors Ditch Static Phishing Pages for Live Credential Interception

MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries

MiniFast & MiniJunk: Iran-Linked Hackers Target U.S. Aviation with Phishing and SEO Poisoning Campaign

Iranian Hackers Responsible for Los Angeles Transit System Breach, Israeli Researchers Say

U.S. Law Enforcement Warns of ‘Anti-Tech Extremism’ as AI Hatred Grows

Hackers Are Quickly Learning to Exploit Chatbot ‘Personalities’

BadHost: Millions of AI Agents Imperiled by Critical Vulnerability in Open Source Package

In the AI Age, Firms Chase Growth but With Fewer Workers

Law Firm Wiley Rein Hit With Class Action Over Data Breach Tied to Chinese Hackers

Dutch Authorities Arrest Men Suspected of Providing Infrastructure for Russian Cyber Operations
Lithuania Investigates Theft of 600,000 State Registry Records by Foreign Actor

MyPillow Must Decide Whether to Be Firm or Soft as Ransomware Crims Demand Pay

Charter Confirms Data Breach After ShinyHunters Extortion Threat

7-Eleven Data Breach Exposes Personal Information of 185,000 People

BTMOB Android RAT Spreads Through No-Code Builder Tooling

KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike

Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions

CISA Orders Feds to Patch Actively Exploited Drupal Vulnerability

CERT-IN Recommends 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks

Microsoft Defender Can Now Automatically Isolate Hacked Endpoints

Kremlin Appoints Cyber Executive With Alleged GRU Ties to Security Council Role

5/22-25/2026

U.S. Forces Conduct Strikes in Iran, Central Command Says

Iran’s President Orders Reopening of International Internet Access, State Media Reports

Iran Moved Billions Through Binance to Fund Regime—Continuing Into This Month

The AI Era Is Creating a Bug Hunting Arms Race

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

Anthropic to Release Mythos-Class Models to the Public

One Job That Is Growing in the AI Era? Cybersecurity Experts.

CISA to Allow Researchers to Report Vulnerabilities to Exploited Bugs Catalog

Cyber Officials Brace for Lax AI Oversight

Krebs: Lawmakers Demand Answers as CISA Tries to Contain Data Leak

Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware

Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms

Krebs: Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks

Italy Disrupts CINEMAGOAL Piracy App that Stole Streaming Auth Codes

Why the Supreme Court’s Chatrie Case Could Change the Meaning of Privacy in America

Meta Settles School District Lawsuit Claiming Addictive Design Harmed Students’ Mental Health
Trump Mobile Confirms It Exposed Customers’ Personal Data, Including Phone Numbers and Home Addresses

Hackers Steal Patient and Billing Data From German Hospitals via Third-Party Provider

Fake Streams, Counterfeit Merch and Other Scams: How Fraudsters Target F1 Fans

Fake Gemini and Claude Code Sites Spread Infostealers Through SEO Poisoning

FBI Warns ‘Kali365’ Phishing Kit Hijacks Microsoft 365 OAuth Tokens

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV

Ubiquiti Patches Three Max Severity UniFi OS Vulnerabilities

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

5/21/2026

Chinese Hackers Target Telcos With New Linux, Windows Malware

Xi and Putin Pledge Closer Cooperation on AI, Cyberspace and Satellite Systems

Trump Cancels Signing of AI Executive Order

States Push Federal Government for More Cybersecurity Support

TeamPCP Is Poisoning Open Source Code at an Unprecedented Scale

JPMorgan Rolls Out AI Tools in Investment Banking Globally, Senior Banker Says

OpenAI Is Preparing to File for an IPO Very Soon

SpaceX Confirms Plans for an IPO That Could Make Elon Musk a Trillionaire

The EU Is Going Through a Trump-Fueled Breakup With Big Tech

‘Creepy’ Listening Tool for Targeted Ads Didn’t Actually Work, FTC Says

Cybercriminal VPN Dismantled in Europol Crackdown

Apple Blocked Over $11 Billion in App Store Fraud in 6 Years

Two Americans Plead Guilty to Assisting India-Based Tech Support Scam Centers

Krebs: Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada

UK Plans for Cybercrime Law Reform Would Protect Almost No One, Experts Warn
Minecraft-Streaming Gran Swatted While Raising Cash for Grandson’s Cancer Care

GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension

GitHub Links Repo Breach to TanStack Npm Supply-Chain Attack

Showboat Linux Malware Hits Middle East Telecom with SOCKS5 Proxy Backdoor

Security Researcher: Google API Keys Remain Active After Deletion For 23 Minutes

Microsoft Warns of Two Actively Exploited Defender Vulnerabilities

Nvidia Urges Users to Update GPU Drivers Due to Security Vulnerabilities

Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks

Max Severity Cisco Secure Workload Flaw Gives Site Admin Privileges

9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros

Google Accidentally Exposed Details of Unfixed Chromium Flaw

Three-Quarters of Firms Knowingly Ship Vulnerable Code

HackerOne Takes an Axe to Its Bug Bounty Rewards

Tech Giants Promise British Regulator They Will Tweak Platforms to Protect Kids Online

5/20/2026

China-Linked Webworm APT Evolves Tactics, Expands to European Targets

Ukraine Says Russia Is Deploying AI-Powered Malware on the Battlefield

Senator Presses CISA for Answers About Alleged Github Repository Leak

Verizon DBIR: Vulnerability Exploits Overtake Credentials as Top Access Vector

Fears of Unfettered Hacking Spurred by Anthropic’s Mythos AI Model Overstated

Data Brokers’ and AI Firms’ Opt-Out Forms Are Built to Fail, Report Finds

A Bipartisan Amendment Would End Police License Plate Tracking Nationwide

A New York Cop Got Injured at a Boxing Match. Now Madison Square Garden Is Banning His Lawyer

London’s Police Asked Big Tech for Comms Data Over 700,000 Times Last Year

Ukraine Identifies Infostealer Operator Tied to 28,000 Stolen Accounts
GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos

GitHub Investigates Internal Repositories Breach Claimed by TeamPCP

Grafana GitHub Breach Exposes Source Code via TanStack npm Attack

7-Eleven Confirms Breach After ShinyHunters Claims

Trump Mobile Site Reportedly Exposing Customers’ Private Data

Delano Becomes Latest Minnesota School District Hit by Ransomware Attack

Aurora (IL) Investigating Recent Cyber Attack

Researchers Warn CypherLoc Scareware Has Targeted Millions of Users

Hackers Bypass SonicWall VPN MFA Due to Incomplete Patching

Exploit Released for New PinTheft Arch Linux Root Escalation Flaw

Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit

5/19/2026

Huawei Zero-Day Attack Behind Last Year’s Crash of Luxembourg’s Entire Telecoms Network

U.S. Lawmakers Seek to Undercut Chinese AI and Tech Sales Abroad

AI-Related Data Breaches Surpass Stolen Credentials in Cyber Incidents, Verizon Report Says

AI Raises the Bar on Vulnerability Awareness and Secure-by-Design Software

U.S. Software Stocks Rebound, Seeking to Loosen AI’s Grip

You Can Get Some of Your Nudes Removed From the Internet Under a New U.S. Law

UK Regulator to Require Tech Firms to Tackle Deepfakes, Non-Consensual Intimate Images

FBI: Americans Lost Over $388 Million to Scams Using Crypto ATMs in 2025

Microsoft Takes Down Fox Tempest for Providing Ransomware-Enabling Signing Tool

Discord Rolls Out End-To-End Encryption on Voice, Video Calls
Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps

Microsoft Self-Service Password Reset Abused in Azure Data Theft Attacks

Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account

Shai-Hulud Keeps Burrowing: 314 npm Packages Infected After Another Account Compromise

New Shai-Hulud Malware Wave Compromises 600 npm Packages

Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials

Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer

SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access

Max-Severity Flaw in ChromaDB for AI Apps Allows Server Hijacking

Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare

5/18/2026

Pre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons Simulations

Krebs: CISA Admin Leaked AWS GovCloud Keys on Github

Anthropic to Let Partners Share Mythos Cybersecurity Findings With Others

Mythos Rewires the Bug-Bounty Industry

Linus Torvalds Says Linux Security List Is Becoming ‘Unmanageable’ Due to AI Bug Reports

Experts Warn of Privacy Risks as AI Firms Looks to Connect to Financial Accounts

Google and Blackstone to Create New AI Cloud Company

Jury Dismisses All Claims in Elon Musk’s Lawsuit Against OpenAI CEO Sam Altman

Interpol Launches Sweeping Cybercrime Crackdown in MENA Region
NYC Health + Hospitals Says Hackers Stole Medical Data and Fingerprints During Breach Affecting at Least 1.8 Million People

Do Fear the Reaper – Stealer Swipes macOS Users’ Passwords, Wallets, Then Backdoors Them

Shai-Hulud Copycat Worm Infects Yet Another Npm Package

Exploit Available for New DirtyDecrypt Linux Root Escalation Flaw

MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems

Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws

Security Researchers Find 47 Zero-Days at Pwn2Own Berlin

Microsoft Confirms Windows 11 Security Update Install Issues

5/15-17/2026

Hackers Have Breached Tank Readers at U.S. Gas Stations; Officials Suspect Iran Is Responsible

China-Linked Hackers Deploy New TencShell Malware Against Global Manufacturer

Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access

Fired Hacker Twins Forget to End Teams Recording, Capture Own Crimes

Microsoft Backpedals: Edge to Stop Loading Passwords Into Memory

Microsoft Reports Severe Zero-Day Flaw in On-Prem Exchange Servers

Microsoft Rejects Critical Azure Vulnerability Report, No CVE Issued

Microsoft Exchange, Windows 11 Hacked on Second Day of Pwn2Own

Your 401(K) Is the New Identity Theft Target
More than $10 Million Stolen From Crypto Platform THORChain

Gremlin Stealer Evolves into Modular Threat with Advanced Evasion Capabilities

Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt

Popular node-ipc npm Package Compromised to Steal Credentials

Tycoon2FA Hijacks Microsoft 365 Accounts via Device-Code phishing

CISA Orders All Federal Agencies to Patch Exploited Bug in Cisco SD-WAN Systems by Sunday

NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming

Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence

5/14/2026

ODNI Taps Officials to Coordinate Response to Foreign Election Threats

Mustang Panda Linked to Updated FDMTP Backdoor in Asia-Pacific Espionage Campaign

Iranian MuddyWater Hackers Targeted Major South Korean Electronics Maker

Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike

Bank of Spain Calls for Access to Advanced AI Tools, Flags Cyber Risks

Apple’s Security Has Been Tough to Crack. Mythos Helped Find a Way In.

Your iPhone Gets Stolen. Then the Hacking Begins

Connected Cars Generate Data Enticing to Automakers and Hackers Alike

Nobody Believes the ‘Criminals and Scumbags’ Who Hacked Canvas Really Deleted Stolen Student Data

To Gain Root Access at This Company, All an Intruder Had to Do Was Ask Nicely

AI Models Are Getting Better at Replacing Cybersecurity Pros on Certain Tasks
OpenAI Confirms Security Breach in TanStack Supply Chain Attack

TeamPCP Hackers Advertise Mistral AI Code Repos for Sale

Foxconn Factories Resume Operations After Ransomware Attack

Surfside Beach (SC) Loses Over $500K in Cyber Scam, State Authorities Investigating

KongTuke Hackers Now Use Microsoft Teams for Corporate Breaches

Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets

Hackers Exploit Auth Bypass Flaw in Burst Statistics WordPress Plugin

Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access

PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure

New Fragnesia Flaw Hands Linux Local Users Root Access

18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE

Windows 11 and Microsoft Edge Hacked at Pwn2Own Berlin 2026

5/13/2026

Tech Rivalry, Distrust Sap Summit Hopes for Trump-Xi AI Push

China ‘Very Disappointed’ With Europe’s Planned Investment Restrictions, Diplomat Says

Vietnam to Develop Domestic Cloud So It Can Ditch Risky Overseas Operators for Government Workloads

Android Adds Intrusion Logging for Sophisticated Spyware Forensics

WhatsApp Adds Meta AI Chats That Are Built to Be Fully Private

AI-Driven Cyberattacks Will Start to Be the ‘New Norm’ in Months, Palo Alto Warns

Ransomware: Over Half of CISOs Would Consider Paying Ransom to Hackers

UK Moves to Shield Security Researchers in Cybercrime Law Overhaul

DHS Plans Experiment Running ‘Reconnaissance’ Drones Along the U.S.-Canada Border

Alleged Dream Market Admin Arrested in Germany After U.S. Indictment
Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation

GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data

Foxconn Confirms Cyberattack Claimed by Nitrogen Ransomware Gang

Avada Builder Flaws Expose One Million WordPress Sites

Microsoft Fixes BitLocker Recovery Issue Only for Windows 11 Users

Windows BitLocker Zero-Day Gives Access to Protected Drives, PoC Released

Microsoft Fixes Windows Autopatch Bug Installing Restricted Drivers

Microsoft’s MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday

Microsoft on Pace to Break Annual Vulnerability Record as AI-Driven Patch Wave Takes Hold

European Commission Head Pushes Creation of New Law Delaying Teens’ Social Media Access

5/12/2026

European Countries Are Exporting Surveillance Tech to Countries With Poor Human Rights Records, Report Says

Trump and XI Appear Intent on Keeping Iran War From Overshadowing China Summit

Iran Is Using Tiny ‘Mosquito’ Boats to Shut Down the Strait of Hormuz

Pentagon Deploys Anthropic’s Mythos to Patch Cyber Gaps While Planning to Ditch Firm

Anthropic’s Mythos Sends U.S. Banks Rushing to Plug Cyber Holes

OpenAI Just Released Its Answer to Claude Mythos

Honest: How AI Killed a 133-Year-Old Princeton Tradition

iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android

Android 17 to Expand Banking Scam Call and Privacy Protections

Signal Adds Security Warnings for Social Engineering, Phishing Attacks

Airbit Crypto Ponzi Victims Can Now Claim Slice of $400M Asset Haul

Congressman Launches Inquiry Into How Food Retailers Use Surveillance Pricing

20 Leaders Who Built the CISO Era: 2 Decades of Change
Foxconn Ransomware Attack Shows Nothing Is Safe Forever

Canvas Owner Reaches ‘Agreement’ With Hackers to Secure Stolen Data

Congress Investigates Canvas Breach as Company Pays Ransom

ŠKoda Warns of Customer Data Breach After Online Shop Hack

FleetWave Outage Takes Another Turn. Chevin Confirms Crooks Accessed Customer Data

West Pharmaceutical Warns of Ransomware Attack Impacting Business Operations

Attackers Combine ClickFix With PySoxy Proxying to Maintain Persistence

Mini Shai-Hulud Hits TanStack npm Packages

RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded

New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution

Fortinet Warns of Critical RCE Flaws in FortiSandbox and FortiAuthenticator

SAP Fixes Critical Vulnerabilities in Commerce Cloud and S/4HANA

Microsoft Releases Windows 10 KB5087544 Extended Security Update

Krebs: Patch Tuesday, May 2026 Edition

5/11/2026

Trump’s Complaints About Iran War Leaks Prompt Aggressive DOJ Investigations

The U.A.E. Has Been Secretly Carrying Out Attacks on Iran

UK Water Company Allowed Hackers to Lurk Undetected for Nearly Two Years, Regulator Finds

U.S.: FCC Relaxes Foreign-Made Router Ban to Allow for Security Updates

Google Says Criminals Used AI-Built Zero-Day in Planned Mass Hack Spree

Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation

Britain’s Bank Regulator Expects ‘Quite Significant Disruption’ From Latest AI Models

I Asked ChatGPT to Manage a Stock Portfolio. Here’s How It Did.

Cyber-Crime Increasingly Coming With Threats of Physical Violence

Texas Sues Netflix Over Alleged Data Practices That Create ‘Surveillance Machinery’ Without User Consent
TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack

BWH Hotels Guests Warned After Reservation Data Checks Out With Cybercrooks

A Million Baby Monitors and Security Cameras Were Easily Viewable by Hackers

Education Tech Giant Instructure Confirms Hackers Used Canvas Flaw to Deface Portals

TrickMo Variant Routes Android Trojan Traffic Through TON

New GhostLock Tool Abuses Windows API to Block File Access

cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor

Rushed Patches Follow Broken Embargo on New Linux Kernel Vulnerabilities

Anthropic’s Bug-Hunting Mythos Was Greatest Marketing Stunt Ever, Says cURL Creator

Tech & Security Controls Can’t Stop These Threats — Only Your People Can

5/8-10/2026

Pro-Ukraine BO Team and Head Mare Hackers Appear to Team Up in Attacks Against Russia

Operation Epic Fury Exposes Security Detection Gaps in Oil and Gas Sector

Krebs: Canvas Breach Disrupts Schools & Colleges Nationwide

The Canvas Hack Is a New Kind of Ransomware Debacle

Disrupts Final Exams

Meet Rassvet, Russia’s Answer to Starlink

Worm Rubs Out Competitor’s Malware, Then Takes Control

Former Gov’t Contractor Convicted for Wiping Dozens of Federal Databases

Kingdom Market Administrator Given 16-Year Sentence

Police Shut Down Reboot of Crimenetwork Marketplace, Arrest Admin

Meta U-Turns on Encryption Push for Instagram as DMs Go Plaintext

GM to Pay Over $12 Million in California Privacy Settlement Involving Driver Data

Has CISA Finally Found Its New Leader in Tom Parker?

JD Vance Holds AI Wake-Up Call With Tech CEOs After Hacking Powers Unleashed

How the Story of a USB Penetration Test Went Viral
AWS Data Center Outage Hits Trading on Fanduel, Coinbase — Recovery to Take Hours

Zara Data Breach Exposed Personal Information of 197,000 People

NVIDIA Confirms GeForce NOW Data Breach Affecting Armenian Users

New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials

TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms

JDownloader Site Hacked to Replace Installers with Python RAT Malware

Hackers Abuse Google Ads, Claude.ai Chats to Push Mac Malware

Fake OpenAI Repository on Hugging Face Pushes Infostealer Malware

Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads

Dirty Frag Vulnerability Made Public Early: Root Privilege on All Distributions

Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions

Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak

cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now

CISA Gives Feds Four Days to Patch Ivanti Flaw Exploited as Zero-Day

5/7/2026

Polish Intelligence Warns Hackers Attacked Water Treatment Control Systems

OpenAI and Anthropic LLMs Used in Critical Infrastructure Cyber-Attack, Warns Dragos

Thousands of Vibe-Coded Apps Expose Corporate and Personal Data on the Open Web

Cline Kanban Flaw Lets Websites Hijack AI Coding Agents

Anthropic Response to 1-Click Pwn: Shouldn’t Have Clicked ‘Ok’

You Can Disable Gemini in Chrome if It’s Freaking You Out

EU Countries, Lawmakers Clinch Provisional Deal on Watered-Down AI Rules

A Hacker Ran Me Over With a Robot Lawn Mower

Legacy Security Tools Are Failing Data Protection, Capital One Software Report Finds

Fake IT Workers Rented Laptops to Nork Scammers, Got Prison Time

$250M Crypto-Robbing Gang’s Dirty Work Guy Sentenced to 6.5 Years Behind Bars

North Carolina Man Pleads Guilty to Doxxing Supreme Court Justices
Hackers Deface Canvas School Login Pages After Claiming Another Instructure Hack

Massive Cyber Attack Hits Entire San Diego Community College District

Australia Warns of ClickFix Attacks Pushing Vidar Stealer Malware

Researchers Spot Uptick in Use of Vercel for Phishing Campaigns

Fake Claude AI Site Drops Beagle Backdoor on Windows Users

PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux

PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems

PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage

Palo Alto Networks Firewall Zero-Day Exploited for Nearly a Month

Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access

Argentina to Expel Russian Citizen Suspected of Running Disinformation Network in Latin America

5/6/2026

Iran-Linked APT MuddyWater Posed as Chaos Ransomware Member in Espionage Campaign

EU Plan to Phase Out Chinese Tech Could Cost Bloc Over $400 Billion, Chinese Study Says

Security Cameras Are Failing Spectacularly at Common Sense

Hackers Hate AI Slop Even More Than You Do

One in Eight Workers Has Sold Their Corporate Logins

CISA Urges Critical Infrastructure Providers to Make Plans to Remain Operational if hit by Cyber-Attack

Google’s Android Apps Get Public Verification to Stop Supply Chain Attacks
DAEMON Tools Devs Confirm Breach, Release Malware-Free Version

New Stealthy Quasar Linux Malware Targets Software Developers

Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks

Hackers Abuse Google Ads for GoDaddy ManageWP Login Phishing

Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution

Critical vm2 Sandbox Bug Lets Attackers Execute Code on Hosts

New Cisco DoS Flaw Requires Manual Reboot to Revive Devices

5/5/2026

China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions

North Korean APT ScarCruft Targets Yanbian Gamers via Trojanized Platform

Small Defense Firms Lack Network Data to Stop Nation-State Hackers, Analyst Says

States Concerned Over Access to Frontier AI Model Pilots

AI Adoption Outpaces Safety Policies, Leaving Organizations Exposed to Cyber Risk

Researchers Gaslit Claude Into Giving Instructions to Build Explosives

Student Hacked Taiwan High-Speed Rail to Trigger Emergency Brakes

Karakurt Extortion Gang ‘Cold Case’ Negotiator Gets 8.5 Years in Prison

Romance Scammers Turn Sweet Talk Into £102M Payday

FTC to Ban Data Broker Kochava From Selling Americans’ Location Data

Australia Launches Cyber Review Board Modeled on Version Disbanded in U.S.
Real Estate Giant Cushman & Wakefield Confirms Vishing Incident as ShinyHunters and Qilin Both Come Knocking

ShinyHunters Claims Dump Puts 119K Vimeo Emails in the Wild

Instructure Hacker Claims Data Theft From 8,800 Schools, Universities

Microsoft Flags Mass Phishing Campaign Using Fake Compliance Emails

CloudZ Malware Abuses Microsoft Phone Link to Steal SMS and OTPs

DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware

MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks

Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE

Google Now Offers up to $1.5 Million for Some Android Exploits

German Officials Advance Legislation That Would Expand Law Enforcement Use of Surveillance Technology

5/4/2026

Itron Hackers Accessed Critical Infrastructure Operators

Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia

If the Vote You Rocked, Your Personal Info Can Be Grokked

EU Recommends Member States to Not Use Huwaei, ZTE in Connectivity Infrastructure

White House Considers Vetting AI Models Before They Are Released

ChatGPT Wrestles With Its Most Chilling Conversation: How Do I Plan an Attack?

You Have No Idea How Much You Still Use BlackBerry

DHS Demanded Google Surrender Data on Canadian’s Activity, Location Over Anti-ICE Posts

Forbes Preliminarily Agrees to Pay $10 Million to Settle California Wiretapping Lawsuit
Ransomware Group Claims Breach of Pro-Orbán Hungarian Media Firm

Instructure Confirms Data Breach, ShinyHunters Claims Attack

Hanover County Schools Confirms Data Breach Incident

Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools

Amazon SES Increasingly Abused in Phishing to Evade Detection

Backdoored PyTorch Lightning Package Drops Credential Stealer

Weaver E-Cology Critical Bug Exploited in Attacks Since March

Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass

CISA Says ‘Copy Fail’ Flaw Now Exploited to Root Linux Systems

Kids Say They Can Beat Age Checks by Drawing on a Fake Mustache

5/1-3/2026

Ubuntu Infrastructure Has Been Down for More Than a Day

Ubuntu Services Hit by Outages After DDoS Attack

Pro-Iran Crew turns DDoS into Shakedown as Ubuntu.com Stays Down

Cyber Spies Target Russian Aviation Firms to Steal Satellite and GPS Data

U.S. Officials Weigh Cutting Deadlines to Fix Digital Flaws Amid Worries Over AI-Powered Hacking, Sources Say

British Cyber Agency Warns of Looming ‘Patch Wave’ as AI Speeds Flaw Discovery

Brace for the Patch Tsunami: AI Is Unearthing Decades of Buried Code Debt

GPT-5.5 Matches Heavily Hyped Mythos Preview in New Cybersecurity Tests

Senate Judiciary Advances Bill That Would Bar Minors From Interacting With AI Companions

Security Strategies Shift Focus to Cyber Insurance

Two Cybersecurity Professionals Get 4-Year Sentences in BlackCat Ransomware Attacks

Disneyland Now Uses Face Recognition on Visitors
Edu Tech Firm Instructure Discloses Cyber Incident, Probes Impact

Trellix Confirms Source Code Breach With Unauthorized Repository Access

Critrical cPanel Flaw Mass-Exploited in “Sorry” Ransomware Attacks

City of Ardmore (OK) Issues Alert After Ransomware Attack

Ransomware Attack Cripples Adams County (MS) Systems, Officials Say

30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign

Telegram Mini Apps Abused for Crypto Scams, Android Malware Delivery

ConsentFix v3 Attacks Target Azure with Automated OAuth Abuse

Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks

CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV

Microsoft Fixes Remote Desktop Warnings Displaying Incorrectly

Microsoft Defender Wrongly Flags DigiCert Certs as Trojan:Win32/Cerdigent.A!dha

4/30/2026

Trump Signs Bill to Fund DHS After Lengthy Shutdown Over ICE Operations

Trump’s Cyber Ambassador Nominee Advances to Full Senate Vote

FBI Cyber Boss: China’s Hacker-For-Hire Ecosystem ‘Out of Control’

New Bluekit Phishing Service Includes an AI Assistant, 40 Templates

Bot Her Emails: Most Modern Phishing Campaigns Are AI-Enabled

‘It Took Nine Seconds’: Claude AI Agent Deletes Company’s Entire Database, Then Apologises

OpenAI Rolls Out ‘Advanced’ Security Mode for At-Risk Accounts

How Mythos Could Upend the Economics of Hacking

FBI Links Cybercriminals to Sharp Surge in Cargo Theft Attacks

Romanian Leader of Online Swatting Ring Gets 4 Years in Prison

France Investigates 15-Year-Old Over Alleged Hack of National ID Agency

Zambia Cancels Global Digital Freedoms Conference Days Before Start

Congress Punts FISA Renewal to June
Krebs: Anti-DDoS Firm Huge Networks Heaped Attacks on Brazilian ISPs

Moldova’s Health Insurance Agency Reports Possible Data Leak After Cyberattack

Stelia North America Hacked in Ransomware Attack

Dental Practice Software Maker Practice by Numbers Fixes Bug That Exposed Patients’ Medical Records

Sandhills (SC) Medical Data Breach May Have Exposed Info of 78,000+

90,000 Screenshots of One Celebrity’s Phone Were Exposed Online

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials

EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades

Critical cPanel and WHM Bug Exploited as a Zero-Day, PoC Now Available

New Linux ‘Copy Fail’ Vulnerability Enables Root Access on Major Distributions

Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution

4/29/2026

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

U.S., China Partner on Scam Center Takedown in Dubai

Swiss Police Arrest 10 Suspected Members of Nigeria-Linked Crime Group Black Axe

European Police Dismantles €50 Million Crypto Investment Fraud Ring

European Commission Accuses Meta of Breaching Child Safety Rules

Microsoft Says Backend Change Broke Teams Free Chat and Calls

House Approves Spy Program on Second Attempt, Senate Fate Murky

‘New Einstein’ Vows to Find ‘Source Code of Universe’ and Change Everything; Rejects Bezos Job Offer

Parsing Agentic Offensive Security’s Existential Threat
Medtronic Confirms Data Breach After ShinyHunters Claims

Pine Bluff Schools (AR) Lose $3.2M in Cyberattack Scam

Popular WordPress Redirect Plugin Hid Dormant Backdoor for Years

Hackers Exploit RCE Flaws in Qinglong Task Scheduler for Cryptomining

Malicious npm Dependency Linked to AI Assisted Commit Targets Crypto Wallets

SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack

Cursor Extension Flaw Exposes Developer API Keys

Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately

CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV

4/28/2026

China-Linked Hackers Led Phishing Campaigns Targeting Journalists and Activists, Researchers Say

North Korean BlueNoroff Hackers Target Crypto Firms with ClickFix and AI-Made Zoom Lures

Cyber Command, NSA Chief Warns Foreign Adversaries Likely to Target Midterms

The Simple Security Flaws That Exposed Trump to Another Gunman

Attack of the Killer Script Kiddies

After Mythos, Nobody Is Safe From Cybersecurity Threats

The Race Is on to Keep AI Agents From Running Wild With Your Credit Cards

EU Countries, Lawmakers Fail to Reach Deal on Watered-Down AI Rules

Why Sharing a Screenshot Can Get You Jailed in the UAE

Ukrainian Police Detain Hackers Suspected of Stealing Thousands of Roblox Accounts for Resale

U.S. Reportedly Charges Scattered Spider Hacker Arrested in Finland

Ransomware Turf War as 0APT and KryBit Groups Trade Blows

Vidar Rises to Top of Chaotic Infostealer Market

No Metrics Are Better Than Bad Metrics in the SOC, Says NCSC

Electricity Is a Growing Area of Cyber-Risk
Have I Been Pwned Claims Pitney Bowes Hit by 8.2m Email Address Leak

Checkmarx Confirms LAPSUS$ Hackers Leaked its Stolen GitHub Data

Video Service Vimeo Confirms Anodot Breach Exposed User Data

Ameriprise Data Breach Hits 48,000 Customers

Robinhood Account Creation Flaw Abused to Send Phishing Emails

Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign

VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi

Hackers are Exploiting a Critical LiteLLM Pre-Auth SQLi Flaw

Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202

Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover

Microsoft to Deprecate Legacy TLS in Exchange Online Starting July

Microsoft: New Remote Desktop Warnings May Display Incorrectly

4/27/2026

Cole Allen Charged With Attempting to Assassinate Trump

Alleged Silk Typhoon Hacker Extradited to U.S. for Cyberespionage

Money Launderer Linked to $230M Crypto Heist Gets 70 Months in Prison

FTC: Americans Lost Over $2.1 Billion to Social Media Scams in 2025

Tennessee Becomes Second State to Ban Cryptocurrency ATMs Over Scam Concerns

Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren’t Ready for the Remediation Side

Most Cybersecurity Professionals Feel Undervalued and Underpaid

Nearly Half of Cybersecurity Pros Want to Quit – Here’s Why
Medtronic Says Cyberattack on IT Network Has Not Disrupted Operations

Home Security Giant ADT Data Breach Affects 5.5 Million People

Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack

PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks

Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud

PyPi Package With 1.1m Monthly Downloads Hacked to Push Infostealer

Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware

Disinformation Campaign Targeted Tibetan Parliament-In-Exile Elections

4/24-26/2026

Trump Faces Unprecedented Third Assassination Attempt

Officials Identify Suspect in White House Correspondents’ Dinner

Washington Hotel Shooting Raises Questions About Trump Security

Iran’s Cyber Threat May Be Less ‘Shock and Awe’ Than ‘Low and Slow,’ Officials Say

NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software

German Government Suspects Russia of Signal Attack Targeting Politicians

Rogue Ransomware Negotiator Rattles Trust in Outside Data-Breach Responders

Toronto Police Arrest Three in Canada’s First Mobile Sms Blaster Case

Norway’s Prime Minister Proposes Ban on Social Media Access for Young Teens

Microsoft to Roll Out Entra Passkeys on Windows in Late April

Pentagon Grapples With Securing AI as It Moves Toward Autonomous Warfare
American Utility Firm Itron Discloses Breach of Internal IT Network

ShinyHunters Claim They Have Cruise Giant Carnival’s Booty as 7.5m Emails Surface

ADT Confirms Data Breach After ShinyHunters Leak Threat

New BlackFile Extortion Group Linked to Surge of Vishing Attacks

City of Suffolk (VA) Victim of Cybersecurity Attack

Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2

Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software

Over 10,000 Zimbra Servers Vulnerable to Ongoing XSS Attacks

New ‘Pack2TheRoot’ Flaw Gives Hackers Root Linux Access

LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure

CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline

4/23/2026

CISA: U.S. Agency Breached Through Cisco Vulnerability, FIRESTARTER Backdoor Allowed Access Through March

China-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go Backdoors

UK Warns of Chinese Hackers Using Proxy Networks to Evade Detection

UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW Malware

Dev Targeted by Sophisticated Job Scam: ‘I Let My Guard Down, and Ran the Freaking Code’

Anthropic’s Mythos Breach Was Humiliating

‘Zealot’ Shows What AI’s Capable of in Staged Cloud Attack

Google Favors General-Purpose Gemini Models Over Cybersecurity‑Specific AI

UK Regulator Closes Loophole That Allowed Rogue Companies to Track Phone Users’ Location

Surveillance Companies Exploiting Telecom System to Spy on Targets’ Locations, Research Shows

Age Checks Could Turn Internet Into an ID Checkpoint, Complains Proton CEO
Cosmetics Giant Rituals Discloses Data Breach Affecting Customers

Medical Data of 500,000 Britons Put Up for Sale on Chinese Website

Vercel Finds More Compromised Accounts in Context.ai-Linked Breach

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Trigona Ransomware Attacks Use Custom Exfiltration Tool to Steal Data

In a First, Ransomware Family Kyber Is Confirmed to Be Quantum-Safe

Hackers Exploit File Upload Bug in Breeze Cache WordPress Plugin

CISA Orders Feds to Patch BlueHammer Flaw Exploited as Zero-Day

Trump’s Pick for CISA Director Withdraws From Consideration

U.S. Sanctions Cambodian Senator for Millions Earned Through Scam Compounds

House Republicans Unveil Data Privacy Law That Would Override State Protections