Linux local privilege escalation bugs remain especially dangerous when they turn a limited foothold into full root access. The CVE-2026-43500 vulnerability is the RxRPC half of the Dirty Frag exploit chain, which Microsoft says is already linked to limited in-the-wild post-compromise abuse, while Qualys describes it as a page-cache write issue that can let an…
Category: AI
AI, Apps, Compliance, Global Security News, Network Security
Complimentary virtual training: Get hands-on with AWS Security Services
If you’re looking to strengthen your organization’s security posture on Amazon Web Services (AWS) but aren’t sure where to start, then we’re here to help. Security Activation Days are complimentary, virtual, hands-on workshops designed to help you get practical experience with AWS security services in a single session. What to expect Each Security Activation Day…
AI, Exploits, Global Security News
cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor
A threat actor named Mr_Rot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor codenamed Filemanager on compromised environments. The attack exploits CVE-2026-41940, a vulnerability impacting cPanel and WebHost Manager (WHM) that could result in an authentication bypass and allow remote attackers to gain elevated control of…
AI, Cybersecurity, Exploits, Global Security News, Government & Policy
News Alert: Lyrie.ai joins Anthropic verification program, unveils protocol for securing AI agents
DUBAI, United Arab Emirates, May 11, 2026, CyberNewswire—Dubai-founded OTT Cybersecurity LLC today announced acceptance into Anthropic’s Cyber Verification Program and unveiled the Agent Trust Protocol (ATP), an open cryptographic standard for AI agent identity, scope and action verification slated for IETF submission. OTT Cybersecurity LLC, the company behind Lyrie.ai, today announced two milestones that together…
AI, Compliance, Exploits, Global Security News, Risk Management
How Can SMBs Keep Up With AI Governance?
As artificial intelligence (AI) adoption accelerates across organizations, security leaders are struggling to keep governance frameworks aligned with how quickly employees are integrating AI into daily workflows. According to Matt Warner, CEO and co-founder of Blumira, small and mid-sized business (SMB) organizations are facing growing pressure to enable AI innovation while simultaneously maintaining governance, compliance,…
AI, Cybersecurity, Global Security News
Entries now open for the 2026 CSO30 Australia Awards
Nominations are now open for the 2026 CSO30 Australia Awards, celebrating the country’s most effective and influential cybersecurity leaders. The CSO30 Awards will once again be held alongside the CIO50 Awards, bringing together Australia’s leading technology and security executives for a flagship industry event on 22 September in Sydney. Part of Foundry’s prestigious global awards…
AI, Global Security News
Red Hat extends open source technology into space
Red Hat and Voyager Technologies announced the successful deployment of Red Hat Enterprise Linux 10.1 and Red Hat Universal Base Image (UBI) to Voyager’s LEOcloud Space Edge IaaS Micro Datacenter aboard the International Space Station (ISS). This collaboration extends a container-optimized, enterprise Linux platform into orbit, providing a more consistent and hardened operating foundation for…
AI, Global Security News
Microsoft CEO Takes Stand in Third Week of Elon Musk Megatrial Against OpenAI
Satya Nadella is expected to testify about Microsoft’s partnership with OpenAI and the company’s support of Sam Altman.
AI, Exploits, Global Security News
Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation
Google on Monday disclosed that it identified an unknown threat actor using a zero-day exploit that it said was likely developed with an artificial intelligence (AI) system, marking the first time the technology has been put to use in the wild in a malicious context for vulnerability discovery and exploit generation. The activity is said…
AI, Apps, Compliance, Cybersecurity, Data Breaches, Global Security News, Risk Management
Breach Secure Now Helps MSPs Secure SMB AI Use
Breach Secure Now is launching its AI Risk to Adoption Program, a new channel-focused offering designed to help managed service providers guide small and midsize businesses from unmanaged AI use toward secure, structured adoption. Art Gross, founder and CEO of Breach Secure Now (BSN), said MSPs are well-positioned to lead those conversations because AI risk…
AI, Compliance, Global Security News, Network Security
TD SYNNEX Adds BCM One Voice and UCaaS Services
TD SYNNEX is adding more communications firepower to its partner ecosystem through a new partnership with BCM One, bringing voice, network services, and white-label UCaaS into the mix. Through the agreement, partners can now offer Pure IP’s global voice and network services alongside SkySwitch’s white-label UCaaS platform. It makes it much easier to integrate communications…
AI, Exploits, Global Security News, Risk Management
Apple needs to fix admin authentication in ABM
Apple’s platforms are secure by design, but when it comes to authentication, the company seems to be protecting employees more than it protects IT admins. It’s an attack vector just waiting to be exploited — if it hasn’t been already. As noted first by Six Colors, the problem is that administrator and People Manager accounts on Apple Business…
AI, Data Breaches, Global Security News, malware, Network Security
Poor security left hackers inside water company network for nearly two years
The UK’s data protection regulator, the Information Commissioner’s Office (ICO), fined South Staffordshire Water’s parent company £963,900 over security failures linked to a cyberattack that exposed the personal data of 633,887 people. According to the ICO, the South Staffordshire breach began in September 2020 with a phishing email that tricked an employee into opening a…
AI, Exploits, Global Security News
‘Dirty Frag’ Exploit Poised to Blow Up on Enterprise Linux Distros
The privilege escalation vulnerability, which is similar to other Linux flaws like Copy Fail and Dirty Pipe, may already be under limited exploitation.
AI, Compliance, Global Security News
SAS Execs: AI Adoption is a Human and Organizational Challenge
AI adoption is more than a technical transformation, and organizations have been underestimating the human side of AI implementation, including employee fears, organizational culture, communication breakdowns, and trust. The human angle of AI adoption for organizations was a major talking point during SAS Innovate 2026. At the conference, Channel Insider sat down with both Kristi…
AI, Global Security News
Rushed Patches Follow Broken Embargo on New Linux Kernel Vulnerabilities
Two new high-severity vulnerabilities, dubbed ’Dirty Frag’ when chained, have been found in the Linux kernel, affecting most Linux distributions
AI, Global Security News, privacy
Why we use CAPTCHAs, (Mon, May 11th)
A few months ago, I implemented Cloudflare’s Turnstile CAPTCHA on some pages. The reason for implementing these CAPTCHAs is obvious: Bots make up a large percentage of traffic and affect site performance. So I figured it was a good time to look back and see how effective these CAPTCHA are. The quick number: Out of…
AI, china, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
Google warns artificial intelligence is accelerating cyberattacks and zero-day exploits
Google says hackers now use AI to create exploits, automate attacks, evade defenses, and target AI supply chains at scale. Artificial intelligence is rapidly changing the cyber threat landscape, and a new report from the Google Cloud Threat Intelligence team highlights how attackers already use AI to improve vulnerability exploitation and gain initial access to…
AI, Global Security News
Why Changing Passwords Doesn’t End an Active Directory Breach
Resetting a password doesn’t always remove attackers from Active Directory. Specops Software explains how cached credentials and Kerberos tickets can keep attackers authenticated after a reset. […]
AI, Cybersecurity, Exploits, Global Security News, Government & Policy, Risk Management
Lyrie.ai Joins First Batch of Anthropic’s Cyber Verification Program
Dubai-founded OTT Cybersecurity LLC also unveils the Agent Trust Protocol (ATP), the first open cryptographic standard for AI agent identity, scope, and action verification — slated for IETF submission. OTT Cybersecurity LLC, the company behind Lyrie.ai, today announced two milestones that together position the company as foundational infrastructure for the agentic AI era: acceptance into…
AI, Exploits, Global Security News
Google: Hackers used AI to develop zero-day exploit for web admin tool
Researchers at Google Threat Intelligence Group (GTIG) say that a zero-day exploit targeting a popular open-source web administration tool was likely generated using AI. […]
AI, Apps, Exploits, Global Security News
Google researchers uncover criminal zero-day exploit likely built with AI
Google’s threat intelligence researchers have linked a zero-day exploit to AI-assisted development by a criminal group. The exploit targeted a popular open-source web-based system administration tool. It allowed attackers to bypass two-factor authentication once they had valid user credentials. The flaw stemmed from a semantic logic error, a case where a developer hardcoded a trust…
AI, Global Security News
Hackers Observed Using AI to Develop Zero-Day for the First Time
Google Threat Intelligence Group details how cybercriminals attempted to launch a campaign based around an AI-developed Zero-Day targeting open-source software
AI, Exploits, Global Security News
Hackers Use AI for Exploit Development, Attack Automation
Cyber adversaries have long used AI, but now attackers are using large language models to develop exploits and orchestrate complex attacks.
AI, Cybersecurity, Exploits, Global Security News
Google spotted an AI-developed zero-day before attackers could use it
Google researchers found a zero-day exploit developed by artificial intelligence and alerted the susceptible vendor to the imminent threat before a well-known cybercrime group initiated a mass-exploitation campaign, the company said in a report released Monday. The averted disaster probably isn’t the first time attackers used AI to build a zero-day, but it is the…
AI, Apps, china, Exploits, Global Security News, Government & Policy, malware, Network Security
Google discovers weaponized zero-day exploits created with AI
The Google Threat Intelligence Group (GTIG) today released evidence of a zero-day exploit developed by a cybercriminal group with the help of AI. It marks the first time the security research group has identified what it believes to be an AI-crafted zero-day exploit in the wild. While evidence of threat actors using AI models for…
AI, Compliance, Cybersecurity, Global Security News, Network Security, Risk Management
April 2026 M&A Recap: Key Acquisitions Made to Expand Services
The mergers and acquisitions (M&A) space in the channel has continued to grow at the beginning of Q2 for 2026. Among the acquisitions are organizations acquiring parts of other enterprises, and we also have a merger that will help the joint company grow globally. Check out a few of April’s M&A moves in the channel…
AI, Cybersecurity, Global Security News, Network Security
Virtuozzo Targets AI Infrastructure Costs With New Platform
As companies race to build AI services without drowning in infrastructure costs, Virtuozzo says it wants to make the process leaner, faster, and far less complicated. The infrastructure software company on Monday unveiled its new vision for AI infrastructure, introducing what it calls a fully integrated system designed to help businesses run AI workloads more…
AI, Compliance, Global Security News
Alation AI Governance creates a system of record for AI oversight
Alation has introduced Alation AI Governance, a new offering that gives enterprises the system of record they are missing for AI compliance. Enterprises are deploying AI models, agents, and tools faster than they can govern them. As a result, when a board or regulator asks about compliance, most Chief Data Officers (CDOs) and their teams…
AI, Global Security News, Risk Management
Linux developers weigh emergency “killswitch” for vulnerable kernel functions
Linux kernel developers are reviewing a proposal for an emergency risk mitigation mechanism (“Killswitch”) that would allow administrators to disable vulnerable kernel functions at runtime. The proposal, submitted by Linux kernel developer/maintainer Sasha Levin, arrives in the wake of the public disclosure of two privilege escalation vulnerabilities affecting the Linux kernel. What prompted the proposal…
AI, Apps, Endpoint, Global Security News
SailPoint Agentic Fabric expands identity governance to autonomous AI agents
SailPoint has introduced SailPoint Agentic Fabric, a new platform designed to help enterprises secure AI agents and other non-human identities at scale. As organizations deploy autonomous AI agents across cloud environments, applications, and endpoints, they face a growing governance gap. Unlike traditional users, AI agents can act at machine speed, often without clear ownership, oversight,…
AI, Global Security News
⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
Rough Monday. Somebody poisoned a trusted download again, somebody else turned cloud servers into public housing, and a few crews are still getting into boxes with bugs that should’ve died years ago — the same old holes, same lazy access paths, same “how the hell is this still open” feeling. One report this week basically…
AI, Europe, Global Security News, Network Security
Police take down relaunched criminal marketplace with 22,000 users, €3.6 million in revenue
German authorities shut down a relaunched version of the criminal marketplace Crimenetwork and arrested its suspected operator. The domain seizure notice (Source: BKA) A special unit of the Spanish National Police arrested the suspected 35-year-old German operator at his residence in Mallorca under a European Arrest Warrant. The suspect is accused of operating criminal trading…
AI, Apps, Compliance, Cybersecurity, Global Security News, malware, Network Security, privacy, Risk Management
Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads
A malicious Hugging Face repository posing as an OpenAI release delivered infostealer malware to Windows systems and logged 244,000 downloads before being removed, raising fresh concerns about how enterprises source and validate AI models from public repositories. The repository, named Open-OSS/privacy-filter, impersonated OpenAI’s legitimate Privacy Filter release, copied its model card almost word-for-word, and included…
AI, Global Security News, Government & Policy
No hire, no fire: Employers get picky on tech skills amid AI disruption
The current “no-hire-no-fire” environment in the workplace has slowed the pace of tech hiring in the US, but companies have seen one benefit — the selection of job candidates is easier. Many employers have become clearer about the qualifications they’re seeking in new hires: they’re focused less on people who can service large stacks of…
AI, Cybersecurity, Data Breaches, Exploits, Global Security News, Government & Policy
Lyrie.ai Deploys Real-Time Zero-Day Tracking Across Global Enterprise Infrastructure
OTT Cybersecurity LLC, the company behind Lyrie.ai, today announced several milestones that together position the company as foundational security infrastructure for the agentic AI era: the deployment of a real-time zero-day tracking and disclosure system designed to notify affected organizations of active exploit activity; acceptance into Anthropic’s Cyber Verification Program (CVP); and the public release…
AI, Global Security News
Lyrie.ai Joins First Batch of Anthropic’s Cyber Verification Program
Dubai, UAE, 11th May 2026, CyberNewswire
AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
New ‘Dirty Frag’ exploit targets Linux kernel for root access
A newly disclosed Linux privilege escalation issue dubbed “Dirty Frag” is giving attackers a cleaner path to post-compromise escalation to root privileges. According to Microsoft, a couple of vulnerabilities constituting the issue, affecting Linux kernel networking and memory-fragment handling components, are already seeing active exploitation in the wild. The exploitation attempts look indistinguishable from the…
AI, Global Security News
Cyber Espionage Group Targets Aviation Firms to Steal Map Data
The campaign quietly compromises aerospace and drone operators to exfiltrate GIS files, terrain models, and GPS data and gain a clear picture of adversaries’ world view.
AI, Exploits, Global Security News, Network Security
Your Purple Team Isn’t Purple — It’s Just Red and Blue in the Same Room
Defending a network at 2 am looks a lot like this: an analyst copy-pasting a hash from a PDF into a SIEM query. A red team script is being rewritten by hand so the blue team can use it. A patch waiting on a change-approval window that’s longer than the exploitation window itself. Nobody in…
AI, Global Security News, Network Security, Russia
Crimenetwork returns after takedown, dismantled again by German authorities
German police shut down a revived Crimenetwork marketplace with 22,000 users and 100+ sellers months after the original takedown. German police dismantled a resurrected version of the German-language cybercrime marketplace Crimenetwork, just months after the original platform was taken down. The second iteration of the site had already attracted more than 22,000 users and over…
AI, Global Security News
Hackers Exploit Vercel GenAI to Mass-Produce Convincing Phishing Sites
Hackers are abusing Vercel GenAI to create convincing phishing sites that mimic major brands, including Microsoft, Adidas, and Nike, making scams harder to detect.
AI, Global Security News, Risk Management
The questionnaire-based TPRM model is broken, and TrustCloud has a fix
TrustCloud announced a new version of TrustLens, its third party risk management (TPRM) solution. The new TrustLens agentic AI capabilities focus on delivering four requirements every CISO wants in their TPRM program: speed, accuracy, coverage, and proactive risk mitigation. In the latest TrustLens deployments, a Global 2000 life sciences customer leveraged the TPRM AI agent…
AI, Global Security News
ShinyHunters Escalates Canvas Extortion with School by School Ransom Campaign
ShinyHunters has escalated its Canvas extortion campaign, defacing hundreds of school login pages and threatening to leak stolen data unless institutions negotiate
AI, Apps, Endpoint, Global Security News, malware, Network Security, Risk Management
AI security is repeating endpoint security’s biggest mistake
The security industry is experiencing déjà vu, and most teams haven’t recognized it yet. If you were in the trenches during the early 2000s, you remember the antivirus arms race. IT teams buried under signature updates. Configuration baselines checked obsessively. Patch cycles treated as the primary defense. Meanwhile, attackers pivoted. They wrote malware that matched…
AI, Compliance, Cybersecurity, Funding, Global Security News, Government & Policy, malware, Risk Management, Russia, Venture
The missing cybersecurity leader in small business
The average cyberattack costs for a small- or medium-size business is more than $250,000. The salary for a chief information security officer (CISO) is about the same, pulling in between $250,000 and $400,000, according to the annual 2026 CISO Report from Sophos and Cybersecurity Ventures. Small- and medium-size businesses (SMBs) know they cannot afford the…
AI, Global Security News
AI’s Next Phase Plays Into TSMC’s Hands
With a supply squeeze deepening, Taiwan’s chip-making juggernaut stands to gain.
AI, Global Security News, Risk Management
The scam economy has found its AI upgrade
Scam attempts continue to reach consumers via email, text messages, social media, online advertising, and phone calls. The volume of exposure has remained stable over the past year, with more than half of consumers encountering scam attempts at least monthly, according to the F-Secure Scam Intelligence & Impacts Report 2026. Most common channels for scam…
AI, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security, Risk Management
U.S. CISA adds a flaw in BerriAI LiteLLM to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in BerriAI LiteLLM to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in BerriAI LiteLLM, tracked as CVE-2026-42208 (CVSS score of 9.3), to its Known Exploited Vulnerabilities (KEV) catalog. At the end of April, attackers rapidly exploited the critical…
AI, Europe, Global Security News, malware, Network Security
TrickMo Android banker adopts TON blockchain for covert comms
A new variant of the TrickMo Android banking malware, delivered in campaigns targeting users across Europe, introduces new commands and uses The Open Network (TON) for stealthy command-and-control communications. […]
AI, Compliance, Cybersecurity, Global Security News, Risk Management
8 guiding principles for reskilling the SOC for agentic AI
At DXC Technology, global CISO Mike Baker has established one of the largest agentic security operation centers (SOCs) in the world. To upskill the workforce as part of this journey, he embedded experts from agentic SOC vendor 7AI within his security teams. When Damon McDougald, global cybersecurity services lead at Accenture, wanted to retrain his…
AI, Global Security News
Zara Data Breach Impacts Nearly 200,000 Customers
ShinyHunters gets away with emails and other data on 200,000 Zara customers
AI, Cloud Security, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management
1,800+ MCP servers exposed without authentication: How zero trust can secure the AI agent revolution
We find ourselves teetering upon a precipice of our own unwitting construction, and the vertiginous depth of our collective negligence ought to give every security practitioner profound pause. In our headlong rush to deploy AI agents across enterprise environments, we have erected an infrastructure so thoroughly unfortified that it beggars belief. The Model Context Protocol,…
AI, Cybersecurity, Exploits, Global Security News, Government & Policy, Risk Management
Lyrie.ai Joins First Batch of Anthropic’s Cyber Verification Program
Dubai, UAE, May 7th, 2026, CyberNewsWire This article was provided by CyberNewswire and does not represent the editorial content of eSecurityPlanet. Dubai-founded OTT Cybersecurity LLC has unveiled the Agent Trust Protocol (ATP), the first open cryptographic standard for AI agent identity, scope, and action verification — slated for IETF submission. OTT Cybersecurity LLC, the company…
AI, Global Security News, privacy
Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads
A malicious Hugging Face repository managed to take a spot in the platform’s trending list by impersonating OpenAI’s Privacy Filter open-weight model to deliver a Rust-based information stealer to Windows users. The project, named Open-OSS/privacy-filter, masqueraded as its legitimate counterpart, released by OpenAI late last month (openai/privacy-filter), including copying the entire
AI, Compliance, Global Security News, Government & Policy, privacy
Instagram removed end-to-end encryption for DMs. What should users do?
Instagram removes direct messages (DM) end-to-end encryption May 8, 2026, letting Meta access chats. Users should download backups amid privacy concerns and U.S. law pressure. Starting May 8, 2026, Instagram users who previously enabled end-to-end encryption in direct messages will lose that protection, marking a significant shift in how private conversations are handled on the…
AI, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Risk Management
AI Agents Are Creating a New Cybersecurity Blind Spot
The cybersecurity industry has spent years focusing on visibility. Dashboards expanded. Detection tooling improved. Telemetry volumes exploded. Yet one of the biggest emerging risks in 2026 is not hidden malware or an unknown zero-day. It is the rapid deployment of AI agents that organisations barely understand, cannot fully inventory, and often cannot meaningfully govern. AI…
AI, Endpoint, Global Security News
Rustinel: Open-source endpoint detection for Windows and Linux
Open-source endpoint detection has long been split between Windows-focused tools built around Sysmon and Linux tools built around eBPF or auditd. Defenders running mixed environments have had to stitch together separate pipelines, separate rule sets, and separate maintenance burdens. Rustinel, a Rust-based endpoint agent, is an attempt to collapse that work into a single codebase.…
AI, Cybersecurity, Data Security, Global Security News, Network Security
Review: Foundations of Cybersecurity, 2nd edition
Jason Andress has refreshed his introductory security text for No Starch Press. He writes in the introduction that the term security now extends past data center servers to cloud resources, mobile devices, the Internet of Things, and AI. About the author Jason Andress is an experienced security professional with 15+ years in the industry. He…
AI, Cybersecurity, Global Security News
Security teams are turning to AI to survive alert overload
The World Economic Forum white paper “Empowering Defenders: AI for Cybersecurity” identified AI as the biggest driver of change in cybersecurity for 94% of survey respondents. The paper found that 77% of organizations already use AI in cybersecurity, with much of the activity focused on phishing detection, anomaly monitoring, vulnerability management and incident response. “AI…
AI, Global Security News
How a Job at OpenAI Became the Greatest Lottery Ticket of the AI Boom
Employees waited two years to sell their shares. Then, the company let them unload $30 million.
AI, Cybersecurity, Data Breaches, Global Security News, Government & Policy, Risk Management
Welcoming the Costa Rican Government to Have I Been Pwned
Today, we welcome the 42nd government onboarded to Have I Been Pwned’s free gov service: Costa Rica. The CSIRT of the Government of Costa Rica now has access to monitor government domains against the data in HIBP. This enables their national cybersecurity incident response team to identify exposure of government email addresses in data breach,…
AI, Endpoint, Global Security News, malware
Ransomware: AI changes the writer. It doesn’t change the math.
Why most endpoint protection still treats ransomware as just another piece of malware, and what changes when you watch the data instead of the attacker. Categories: Products & Services Tags: Ransomware, Endpoint, Sophos Endpoint, EDR, AI, artificial intelligence
AI, Endpoint, Global Security News
GPT-5.5-Cyber is here. What it means for defenders operating at the frontier.
OpenAI’s May 7 release of GPT-5.5 and the limited preview of GPT-5.5-Cyber put frontier AI in verified defenders’ hands. As a member of the Trusted Access for Cyber program, Sophos is using these models to sharpen what we already operate: an agentic SOC that resolves more than half of cases without a human, and an…
AI, Global Security News, Government & Policy
Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America
TrendAI™ Research has identified two emerging threat campaigns—SHADOW-AETHER-040 and SHADOW-AETHER-064—that use agentic AI to drive intrusion operations against government and financial organizations in Latin America, marking these among the first cases we have observed of AI agents executing attacks from initial access to data exfiltration.
AI, Global Security News
Weekly Update 503
Well, it’s the day before the Instructure “pay or leak” deadline (at least by my Aussie watch), and the company remains removed from the ShinyHunters website. In its place sits a press statement that amounts to “we’re not making any statements”. So did they pay? And if so, what lofty figure would an incident of…
AI, Global Security News
Two US Men Jailed for Helping North Korean Hackers Infiltrate US Firms
Matthew Knoot and Erick Prince have been jailed for 18 months each for helping North Korean hackers infiltrate US firms through remote laptop farms.
AI, Global Security News, malware
Hackers abuse Google ads, Claude.ai chats to push Mac malware
Attackers are abusing Google Ads and legitimate Claude.ai shared chats in an active malvertising campaign. Users searching for “Claude mac download” may come across sponsored search results that list claude.ai as the target website, but lead to instructions that install malware on their Mac. […]
AI, Global Security News
AI Can’t Agree on Which Jobs AI Might Destroy
Economists asked ChatGPT, Gemini and Claude which jobs were most exposed to AI. Many times, the answers varied widely.
AI, Cybersecurity, Exploits, Global Security News, Risk Management
New cPanel vulnerabilities could allow file access and remote code execution
cPanel fixed three flaws that could allow file reads, code execution, and privilege escalation. No active exploitation has been reported yet. cPanel has released security updates to fix three vulnerabilities affecting cPanel & WHM that could allow attackers to read files, execute code, or escalate privileges on vulnerable systems. Below are the descriptions for these…
AI, Global Security News
A Blunt Judge and Two Star Litigators: The Legal Players in Musk’s OpenAI Suit
The trial features a jurist known for straight talk and lawyers who have worked on milestone cases.
AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, malware
Official JDownloader site served malware to Windows and Linux users between May 6 and May 7
JDownloader website was hacked to distribute malicious Windows and Linux installers carrying a Python RAT between May 6–7, 2026. JDownloader official website was compromised in a supply chain attack that replaced legitimate Windows and Linux installers with malicious files between May 6 and May 7, 2026. JDownloader is a free, open-source download management application designed…
AI, Global Security News, malware
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 96
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter CloudZ RAT potentially steals OTP messages using Pheno plugin Backdoored PyTorch Lightning package drops credential stealer A rigged game: ScarCruft compromises gaming platform in a supply-chain attack Muddying the Tracks: The State-Sponsored Shadow Behind…
AI, APAC, Cybersecurity, Data Breaches, Endpoint, Europe, Exploits, Global Security News, Government & Policy, malware, Network Security, Risk Management, Russia
Security Affairs newsletter Round 576 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Quasar Linux RAT (QLNX): A Fileless Linux Implant Built for Stealth and Persistence Braintrust security incident…
AI, Data Breaches, Exploits, Global Security News
Week in review: cPanel vulnerability actively exploited, DigiCert breach, LinkedIn job scams
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Your work apps are quietly handing 19 data points to someone Office work in 2026 relies on mobile apps used alongside personal tools like banking and messaging. Ten widely used workplace apps, including Gmail, Microsoft Teams, Zoom, Slack, and Notion,…
AI, Global Security News
For Palantir, AI Is a Product, a Punching Bag—and a Problem
As Chief Executive Alex Karp derides “slop,” investors and some employees see a real threat of the company ceding business to AI models.
AI, Global Security News, malware, privacy
Fake OpenAI repository on Hugging Face pushes infostealer malware
A malicious Hugging Face repository that reached the platform’s trending list impersonated OpenAI’s “Privacy Filter” project to deliver information-stealing malware to Windows users. […]
AI, Global Security News, malware, Network Security, Risk Management
Quasar Linux RAT (QLNX): A Fileless Linux Implant Built for Stealth and Persistence
Researchers uncovered QLNX, a Linux RAT targeting developers to steal credentials, log keystrokes, monitor systems, and enable remote access. Security researchers discovered a previously undocumented Linux malware called Quasar Linux RAT (QLNX) that targets developers and DevOps environments. The malicious code can steal credentials, log keystrokes, manipulate files, monitor clipboard activity, and create network tunnels…
AI, Apps, Data Breaches, Global Security News, Risk Management
Braintrust security incident raises concerns over AI supply chain risks
Braintrust warned customers to rotate API keys after hackers breached an AWS account, exposing secrets tied to cloud-based AI models. AI observability startup Braintrust warned customers to rotate API keys after attackers gained unauthorized access to one of the company’s AWS accounts, potentially exposing secrets used to connect to cloud-based AI models. The company said…
AI, Global Security News
The JPMorgan Banker Behind the Sexual-Assault Suit Captivating Wall Street
Chirayu Rana set off a PR crisis inside America’s biggest bank. Now, his claims have gone viral, stoked by AI fakes.
AI, Global Security News
The Secret Diary That Has Spilled Into the Musk vs. OpenAI Feud
The personal journal of OpenAI president Greg Brockman is now a character in the company’s battle with the world’s richest man—and the most human part of a trial between tech billionaires
AI, Cybersecurity, Endpoint, Exploits, Global Security News, Risk Management
Five new holes, one exploited, found in Ivanti Endpoint Manager Mobile
The five new vulnerabilities discovered in Ivanti’s on-premises mobile endpoint management solution are a “classic example of the legacy trap” that CSOs must avoid, says an expert. “Patch today to survive the weekend,” said Robert Enderle of the Enderle Group, “but start planning your exit from legacy MDM as soon as possible.” He was commenting…
AI, Global Security News
Fake macOS Troubleshooting Sites Used to Steal iCloud Data in ClickFix Scam
Microsoft researchers warn of a new ClickFix campaign targeting macOS with fake guides on Medium and Craft to deploy AMOS and SHub Stealer via Terminal commands.
AI, Cybersecurity, Data Breaches, Europe, Exploits, Global Security News, Government & Policy, Risk Management
RansomHouse says it breached Trellix and exposes internal systems
RansomHouse claimed responsibility for the Trellix breach, adding the security firm to its Tor data leak site and sharing screenshots of internal systems. The RansomHouse ransomware group has claimed responsibility for the recent cyberattack on cybersecurity firm Trellix. To support its claims, the gang published screenshots allegedly showing access to internal Trellix services. In early…
AI, Data Breaches, Europe, Exploits, Global Security News, Risk Management, Russia
Cyberattacks on Poland’s Water Plants: A Blueprint for Hybrid Warfare
Poland’s ABW confirmed hackers breached ICS at five water plants, gaining ability to alter equipment settings. Russia-linked APT groups suspected. Poland’s Internal Security Agency (ABW) has published a detailed account of a sustained campaign targeting the country’s water plants, documenting security breaches at five water treatment facilities in 2025. The incidents mark one of the…
AI, Cybersecurity, Exploits, Funding, Global Security News, Government & Policy, Risk Management
Sen. Schumer seeks DHS plan on AI cyber coordination with state, local governments
The Senate’s top Democrat called on the Department of Homeland Security Friday to work closely with state and local governments to defend against artificial intelligence-strengthened hacks. Senate Minority Leader Chuck Schumer, D-N.Y., wrote to DHS Secretary Markwayne Mullin to make sure state, local, tribal and territorial (SLTT) governments aren’t left behind as AI models advance,…
AI, Global Security News
Trump’s Border Spending Spurs Boom in AI-Infused Surveillance
Rapid gains in artificial-intelligence technology are bringing new competitors into the border-security business.
AI, Cybersecurity, Global Security News
Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads
Cybersecurity researchers have discovered fraudulent apps on the official Google Play Store for Android that falsely claimed to offer access to call histories for any phone number, only to trick users into joining a subscription that provided fake data and incurred financial loss. The 28 apps have collectively racked up more than 7.3 million downloads,…
AI, Global Security News, Risk Management
Object First Launching Secure, Cloud-Based Fleet Manager
Object First, a ransomware-proof on-prem backup storage organization, is launching Object First Fleet Manager, a secure, cloud-based service to simplify management of distributed Ootbi backup storage deployments for Veeam environments. The offering is now generally available and built for enterprises and service providers with distributed backup storage infrastructures. Oobti users with active support contracts get…
AI, Global Security News
Inside Department 4: Russia’s secret school for hackers
Most universities have a careers fair. At Bauman Moscow State Technical University, however, an elite group of students appear to have something rather more unusual: a direct pipeline into some of the world’s most notorious state-sponsored hacking groups. Read more in my article on the Hot for Security blog.
AI, Apps, Global Security News, Network Security, Risk Management
How Inefficient MSP Service Desks Drive Burnout
As MSP service desk operations become increasingly complex, inefficiency has emerged as a major contributor to technician burnout. Fragmented ticketing systems, overloaded inboxes, and overly complex workflows can demoralize teams and ultimately lead to burnout. At the same time, MSP teams are managing growing ticket volumes and alert fatigue as businesses become more interconnected and…
AI, Global Security News, Network Security
GTT Channel Exec on 2026 Platform Strategy & Market Trends
GTT says growing AI and security demands are pushing enterprise customers to seek simpler technology strategies and closer partner relationships. Sara Seegers, GTT’s channel chief, spoke with Channel Insider about the company’s platform-based approach to technology and how channel partners remain a core face of GTT’s growth strategy. GTT continues to serve partners seeking simplicity …
AI, Exploits, Global Security News
Dirty Frag: Unpatched Linux vulnerability delivers root access
A week after Copy Fail, another Linux local privilege escalation vulnerability dubbed “Dirty Frag” has been revealed, along with a PoC exploit. What is Dirty Frag In effect, Dirty Frag refers to two flaws: A xfrm-ESP Page-Cache Write vulnerability (CVE-2026-43284, aka Copy Fail 2.0), now patched in the Linux kernel, affects the modules supporting one…
AI, Data Breaches, Europe, Exploits, Global Security News, Network Security
Zara Data Breach: 197,000 Customers Exposed in Third-Party Security Incident
Nearly 200,000 Zara customers were exposed in a third-party breach linked to ShinyHunters, revealing emails, purchase history, and support data. Personal data belonging to nearly 197,000 Zara customers has been compromised following a cyberattack on a former technology provider used by Inditex, the Spanish fashion giant behind some of the world’s most recognized retail brands…
AI, Global Security News
Why More Analysts Won’t Solve Your SOC’s Alert Problem
Attackers move faster than overwhelmed SOC teams can realistically investigate alerts. Prophet Security breaks down how AI can help analysts investigate alerts faster and focus on real threats. […]
AI, Compliance, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
Cisco Reveals Security Gaps in Vision Language Models
Vision language models (VLMs) continue to expand the capabilities of artificial intelligence by combining image and text understanding into a single system. However, recent research from Cisco into typographic prompt injection attacks highlights significant weaknesses in how these models interpret and secure visual information. The second installment of Reading Between the Pixels explores how small…
AI, Global Security News
ClaudeBleed Vulnerability Lets Hackers Hijack Claude Chrome Extension to Steal Data
The ClaudeBleed vulnerability allows hackers to bypass Claude for Chrome guardrails to exfiltrate private Google Drive and Gmail data.
AI, Data Breaches, Global Security News
ShinyHunters claims nearly 9,000 schools affected by Canvas data breach
The post ShinyHunters claims nearly 9,000 schools affected by Canvas data breach appeared first on CyberScoop.
AI, Compliance, Endpoint, Exploits, Global Security News, malware
Apple vs. social engineering: Terminal paste trap blocked
Echoing concerns from other security experts, Orange Cyberdefense (OC) recently warned that employees have become the biggest security threat faced by business. Now, in the latest illustration of its ongoing security response, Apple is putting new protections in place in macOS 26.4 that should help – but employee education remains critical as hackers turn to complex, multi-stage, social engineering…
AI, Global Security News
Trellix source code breach claimed by RansomHouse hackers
The attack on the Trellix source code repository disclosed last week has been claimed by the RansomHouse threat group, which leaked a small set of images as proof of the intrusion. […]