Remote Sunrise Helper for Windows 2026.14 - Remote Code Execution
Remote Sunrise Helper for Windows 2026.14 - Remote Code Execution.. local exploit for Windows platform
Read Full Article
Cyber News
Articles
Practical cybersecurity intelligence for defenders.
CVE & Security Advisories
Latest vulnerability advisories from CISA, NVD, and security feeds →
Cyber News
Apache HTTP Server 2.4.66 - 'mod_http2' Double-Free Denial of Service
Apache HTTP Server 2.4.66 - 'mod_http2' Double-Free Denial of Service. CVE-2026-23918 . webapps exploit for Multiple platform
Read Full Article
Cyber News
Linux Kernel 6.8 - Local Privilege Escalation
Linux Kernel 6.8 - Local Privilege Escalation.. local exploit for Linux platform
Read Full Article
Cyber News
Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday
Microsoft has unveiled a new multi-model artificial intelligence (AI)-driven system called MDASH to facilitate vulnerability discovery and remediation at scale, adding that it's being tested by some customers as part of a limited private preview. MDASH, short for multi-model agentic scanning harness, is designed as a model-agnostic system that uses bespoke AI agents for different vulnerability
Read Full Article
Cyber News
Webinar Today: ROI for Cyber-Physical Security Programs
This webinar will help OT security teams and asset owners stop being cost centers and start being resilience drivers. The post Webinar Today: ROI for Cyber-Physical Security Programs appeared first on SecurityWeek.
Read Full Article📰
Cyber News
LatAm Vibe Hackers Generate Custom Hacking Tools on the Fly
In the latest evolution of automated cyberattacks, two threat campaigns heavily leveraged AI agents to support attacks against entities in Mexico and Brazil.
Read Full Article
Cyber News
Patch Tuesday, May 2026 Edition
Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month with some of the more widely-used software makers -- including Apple, Google, Microsoft, Mozilla and Oracle -- fixing near record volumes of security bugs, and/or quickening the tempo of their patch releases.
Read Full Article
Cyber News
Police shut down reboot of Crimenetwork marketplace, arrest admin
German authorities have shut down a relaunch version of the criminal marketplace 'Crimenetwork' that generated more than 3.6 million euros, and arrested its operator. [...]
Read Full Article
Cyber News
CISA gives feds four days to patch Ivanti flaw exploited as zero-day
CISA has given U.S. federal agencies four days to secure their networks against a high-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) exploited in zero-day attacks.
Read Full Article
Cyber News
Zara data breach exposed personal information of 197,000 people
Hackers who gained access to the databases of Spanish fast-fashion retailer Zara stole data belonging to more than 197,000 customers, according to data breach notification service Have I Been Pwned.
Read Full Article
Cyber News
New Linux 'Dirty Frag' zero-day gives root on all major distros
A new Linux zero-day vulnerability, named Dirty Frag, allows local attackers to gain root privileges on most major Linux distributions with a single command.
Read Full Article
Cyber News
Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise
A previously undocumented Linux implant codenamed Quasar Linux RAT (QLNX) is targeting developers' systems to establish a silent foothold as well as facilitate a broad range of post-compromise functionality, such as credential harvesting, keylogging, file manipulation, clipboard monitoring, and network tunneling. "QLNX targets developers and DevOps credentials across the software supply chain,"
Read Full Article
Cyber News
TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms
Threat hunters have flagged a previously undocumented Brazilian banking trojan dubbed TCLBANKER that's capable of targeting 59 banking, fintech, and cryptocurrency platforms. The activity is being tracked by Elastic Security Labs under the moniker REF3076. The malware family is assessed to be a major update of the Maverick, which is known to leverage a worm called SORVEPOTEL to spread via
Read Full Article
Cyber News
Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads
Cybersecurity researchers have discovered fraudulent apps on the official Google Play Store for Android that falsely claimed to offer access to call histories for any phone number, only to trick users into joining a subscription that provided fake data and incurred financial loss. The 28 apps have collectively racked up more than 7.3 million downloads, with one of them alone accounting for over
Read Full Article
Cyber News
Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants
The hackers gained the ability to modify equipment operational parameters, creating a direct risk to the public water supply. The post Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants appeared first on SecurityWeek.
Read Full Article
Cyber News
Ivanti warns of new EPMM flaw exploited in zero-day attacks
Ivanti warned customers today to patch a high-severity remote code execution vulnerability in Endpoint Manager Mobile (EPMM) exploited in zero-day attacks.
Read Full Article
Cyber News
The Browser Is Breaking Your DLP: How Data Slips Past Modern Controls
Your security controls aren't failing, they're missing where most of today's work actually happens. Keep Aware shows how browser activity like copy/paste and AI prompts bypass traditional protections. [...]
Read Full Article
Cyber News
Palo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking
The cybersecurity firm has not explicitly accused China of being behind the attack, but the evidence suggests it was. The post Palo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking.
Read Full Article
Cyber News
Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking
Mitiga researchers say attackers can silently redirect Claude Code MCP traffic, intercept OAuth tokens, and maintain persistent access to connected SaaS platforms.
Read Full Article
Cyber News
Chrome 148 Rolls Out With 127 Security Fixes
The fresh browser update resolves critical-severity integer overflow and use-after-free vulnerabilities.
Read Full Article
Cyber News
Trellix discloses data breach after source code repository hack
Cybersecurity firm Trellix disclosed a data breach after attackers gained access to "a portion" of its source code repository. [...]
Read Full Article
Cyber News
CISA says ‘Copy Fail’ flaw now exploited to root Linux systems
CISA has warned that threat actors have started exploiting the "Copy Fail" Linux security vulnerability in the wild, one day after Theori researchers disclosed it and shared a proof-of-concept (PoC) exploit.
Read Full Article
Cyber News
2026: The Year of AI-Assisted Attacks
On December 4, 2025, a 17-year-old was arrested in Osaka under Japan’s Unauthorized Access Prohibition Act. The young man had run malicious code to extract the personal data of over 7 million users of Kaikatsu Club, Japan's largest internet cafe chain. When asked, the young man shared his motivation for the hack: he wanted to buy Pokémon cards. In a sense, this is a fairly conventional story.
Read Full Article
Cyber News
DigiCert Revokes Certificates After Support Portal Hack
Hackers delivered malware via a customer chat channel, infected an analyst’s system, and accessed the internal support portal.
Read Full Article
Cyber News
Exploitation of ‘Copy Fail’ Linux Vulnerability Begins
CISA has added the bug to its KEV list, and Microsoft has observed limited exploitation, mainly associated with PoC testing.
Read Full Article
Cyber News
OpenAI Rolls Out Advanced Security for ChatGPT Accounts
Advanced Account Security provides stronger login methods, more secure account recovery, shorter sessions, and training exclusion. The post OpenAI Rolls Out Advanced Security for ChatGPT Accounts.
Read Full Article