notice: please create a custom view template for the cybersec class view-cybersec.html
Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels
{
"priority": "HIGH",
"cve": "N/A",
"target": "South Korean military and corporate entities",
"threat_actor": "Kimsuky (aka Velvet Chollima)",
"patch_ready": false,
"insight": "Kimsuky deployed HTTPSpy, HelloDoor, and VS Code Tunnels in cyber attacks on South Korean entities."
}
7:10 am, May 29, 2026
guid
https://thehackernews.com/2026/05/kimsuky-deploys-httpspy-expands-arsenal.html
source_url
https://thehackernews.com/2026/05/kimsuky-deploys-httpspy-expands-arsenal.html
id: 1290
uid: cgosY
insdate: 2026-05-29 07:10:07
title: Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels
additional: {
"priority": "HIGH",
"cve": "N/A",
"target": "South Korean military and corporate entities",
"threat_actor": "Kimsuky (aka Velvet Chollima)",
"patch_ready": false,
"insight": "Kimsuky deployed HTTPSpy, HelloDoor, and VS Code Tunnels in cyber attacks on South Korean entities."
}
category: Cybersecurity
md5:
guid: https://thehackernews.com/2026/05/kimsuky-deploys-httpspy-expands-arsenal.html
source_url: https://thehackernews.com/2026/05/kimsuky-deploys-httpspy-expands-arsenal.html
updated:
image:
author_name:
author_link:
uid: cgosY
insdate: 2026-05-29 07:10:07
title: Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels
additional: {
"priority": "HIGH",
"cve": "N/A",
"target": "South Korean military and corporate entities",
"threat_actor": "Kimsuky (aka Velvet Chollima)",
"patch_ready": false,
"insight": "Kimsuky deployed HTTPSpy, HelloDoor, and VS Code Tunnels in cyber attacks on South Korean entities."
}
category: Cybersecurity
md5:
guid: https://thehackernews.com/2026/05/kimsuky-deploys-httpspy-expands-arsenal.html
source_url: https://thehackernews.com/2026/05/kimsuky-deploys-httpspy-expands-arsenal.html
updated:
image:
author_name:
author_link:
Add Comment
AI Testing
Page Views
This page has been viewed 1 times.
Search cybersec
Category List cybersec
- Cybersecurity
- $13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims
- $285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation
- [GUEST DIARY] Tearing apart website fraud to see how it works., (Wed, May 13th)
- [Guest Diary] New Malware Libraries means New Signatures, (Fri, May 15th)
- [Guest Diary] Beyond Cryptojacking: Telegram tdata as a Credential Harvesting Vector, Lessons from a Honeypot Incident, (Wed, Apr 22nd)
- [Guest Diary] Compromised DVRs and Finding Them in the Wild, (Thu, Apr 16th)
- 'NoVoice' Android malware on Google Play infected 2.3 million devices
- /proxy/ URL scans with IP addresses, (Mon, Mar 16th)
- 108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users
- 13-year-old bug in ActiveMQ lets hackers remotely execute commands
- 149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict
- 15-year-old detained over French govt agency data breach
- 18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE
- 18-year-old NGINX vulnerability allows DoS, potential RCE
- 2026 Browser Data Reveals Major Enterprise Security Blind Spots
- 2026: The Year of AI-Assisted Attacks
- 22 BRIDGE:BREAK Flaws Expose 20,000 Lantronix and Silex Serial-to-IP Converters
- 22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters
- 26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases
- 3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming)
- 3 SOC Process Fixes That Unlock Tier 1 Productivity
- 3 SOC Steps that Shut Down Incident Risks Early
- 30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign
- 36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants
- 5 Learnings from the First-Ever Gartner Market Guide for Guardian Agents
- 5 Places where Mature SOCs Keep MTTR Fast and Others Waste Time
- 5 Steps to Managing Shadow AI Tools Without Slowing Down Employees
- 5 Ways Zero Trust Maximizes Identity Security
- 54 EDR Killers Use BYOVD to Exploit 34 Signed Vulnerable Drivers and Disable Security
- 54 EDR Killers Use BYOVD to Exploit 35 Signed Vulnerable Drivers and Disable Security
- 7 Ways to Prevent Privilege Escalation via Password Resets
- 7-Eleven confirms data breach claimed by the ShinyHunters gang
- 7-Eleven data breach exposes personal information of 185,000 people
- 73 Seconds to Breach, 24 Hours to Patch: The Case for Autonomous Validation
- 9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors
- 9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros
- A .WAV With A Payload, (Tue, Apr 21st)
- A Little Bit Pivoting: What Web Shells are Attackers Looking for?, (Tue, Apr 7th)
- A React-based phishing page with credential exfiltration via EmailJS, (Fri, Mar 13th)
- ADT confirms data breach after ShinyHunters leak threat
- AI Agents: The Next Wave Identity Dark Matter - Powerful, Invisible, and Unmanaged
- AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites
- AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE
- AI is Everywhere, But CISOs are Still Securing It with Yesterday's Skills and Tools, Study Finds
- AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud
- AI-generated Slopoly malware used in Interlock ransomware attack
- APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies
- APT28 Uses BEARDSHELL and COVENANT Malware to Spy on Ukrainian Military
- APT28 hackers deploy customized variant of Covenant open-source tool
- APT28-Linked Campaign Deploys BadPaw Loader and MeowMeow Backdoor in Ukraine
- APT41-Linked Silver Dragon Targets Governments Using Cobalt Strike and Google Drive C2
- Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover
- Actively exploited Apache ActiveMQ flaw impacts 6,400 servers
- Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621
- Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025
- Adobe rolls out emergency fix for Acrobat, Reader zero-day flaw
- Adversaries Exploit Vacant Homes to Intercept Mail in Hybrid Cybercrime
- After Mythos: New Playbooks For a Zero-Window Era
- Agent AI is Coming. Are You Ready?
- Agentic GRC: Teams Get the Tech. The Mindset Shift Is What's Missing.
- AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion
- Ajax football club hack exposed fan data, enabled ticket hijack
- Alabama man pleads guilty to hacking, extorting hundreds of women
- Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada
- Alleged Silk Typhoon hacker extradited to US for cyberespionage
- Amazon SES increasingly abused in phishing to evade detection
- Amazon: Drone strikes damaged AWS data centers in Middle East
- American utility firm Itron discloses breach of internal IT network
- Americans sentenced for running 'laptop farms' for North Korea
- An Adaptive Cyber Analytics UI for Web Honeypot Logs [Guest Diary], (Wed, May 6th)
- An Example of Stack String in High Level Language, (Sat, May 23rd)
- Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)
- Analysis of a Year of Files Uploaded to DShield Sensors, (Wed, May 27th)
- Analysis of one billion CISA KEV remediation records exposes limits of human-scale security
- Analyzing "Zombie Zip" Files (CVE-2026-0866), (Wed, Mar 11th)
- Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse
- Android 17 to expand banking scam call and privacy protections
- Android Adds Intrusion Logging for Sophisticated Spyware Forensics
- Android Developer Verification Rollout Begins Ahead of September Enforcement
- Android gets patches for Qualcomm zero-day exploited in attacks
- Another Universal Linux Local Privilege Escalation (LPE) Vulnerability: Dirty Frag, (Fri, May 8th)
- Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model
- Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain
- Anthropic confirms Claude Mythos-class models will roll out to the public
- Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems
- Anthropic’s restricted Claude Mythos model may be coming to Claude Code
- Anti-DDoS Firm Heaped Attacks on Brazilian ISPs
- Anti-piracy coalition takes down AnimePlay app with 5 million users
- Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation
- Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit
- Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS
- Apple Fixes iOS Flaw That Let FBI Recover Deleted Signal Messages
- Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit
- Apple Patches (almost) everything again. March 2026 edition., (Wed, Mar 25th)
- Apple Patches Everything, (Mon, May 11th)
- Apple Patches Exploited Notification Flaw, (Thu, Apr 23rd)
- Apple Patches iOS Flaw That Stored Deleted Signal Notifications in FBI Forensic Case
- Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits
- Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks
- Apple account change alerts abused to send phishing emails
- Apple adds macOS Terminal warning to block ClickFix attacks
- Apple blocked over $11 billion in App Store fraud in 6 years
- Apple expands iOS 18 updates to more iPhones to block DarkSword attacks
- Apple fixes bug that let the FBI recover deleted Signal messages
- Apple fixes iOS bug that retained deleted notification data
- Apple patches older iPhones and iPads against Coruna exploits
- Apple pushes first Background Security Improvements update to fix WebKit flaw
- Application Control Bypass for Data Exfiltration, (Tue, Mar 31st)
- AppsFlyer Web SDK hijacked to spread crypto-stealing JavaScript code
- April KB5083769 Windows 11 update causes backup software failures
- April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More
- Attackers Don't Just Send Phishing Emails. They Weaponize Your SOC's Workload
- Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit
- Attempts to Exploit Exposed "Vite" Installs (CVE-2025-30208), (Thu, Apr 2nd)
- Aura confirms data breach exposing 900,000 marketing contacts
- Australia warns of ClickFix attacks pushing Vidar Stealer malware
- Authorities Disrupt SocksEscort Proxy Botnet Exploiting 369,000 IPs Across 163 Countries
- Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins
- Avada Builder WordPress plugin flaws allow site credential theft
- Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account
- Axios npm hack used fake Teams error fix to hijack maintainer account
- Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation
- BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks
- BTMOB Android malware service generates custom phishing payloads
- Backdoored PyTorch Lightning package drops credential stealer
- Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers
- Backdoored Telnyx PyPI package pushes malware hidden in WAV audio
- Bearlyfy Hits 70+ Russian Firms with Custom GenieLocker Ransomware
- Bearlyfy Hits Russian Firms with Custom GenieLocker Ransomware
- Betterleaks, a new open-source secrets scanner to replace Gitleaks
- Bing AI promoted fake OpenClaw GitHub repo pushing info-stealing malware
- Bitrefill blames North Korean Lazarus group for cyberattack
- Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region
- Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign
- Bitwarden CLI npm package compromised to steal developer credentials
- Bitwarden adds support for passkey login on Windows 11
- Block the Prompt, Not the Work: The End of "Doctor No"
- Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign
- Bridging the AI Agent Authority Gap: Continuous Observability as the Decision Engine
- British Scattered Spider hacker pleads guilty to crypto theft charges
- Broken VECT 2.0 ransomware acts as a data wiper for large files
- Browser Extensions Are the New AI Consumption Channel That No One Is Talking About
- Bruteforce Scans for CrushFTP , (Tue, Mar 3rd)
- Bubble AI app builder abused to steal Microsoft account credentials
- Building a High-Impact Tier 1: The 3 Steps CISOs Must Follow
- CERT-EU: European Commission hack exposes data of 30 EU entities
- CERT-In Mandates 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks
- CERT-In Recommends 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks
- CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails
- CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline
- CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software
- CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines
- CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV
- CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV
- CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog
- CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation
- CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits
- CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV
- CISA Admin Leaked AWS GovCloud Keys on Github
- CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths
- CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed
- CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026
- CISA Flags SolarWinds, Ivanti, and Workspace One Vulnerabilities as Actively Exploited
- CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks
- CISA flags Apache ActiveMQ flaw as actively exploited in attacks
- CISA flags VMware Aria Operations RCE flaw as exploited in attacks
- CISA flags Windows Task Host vulnerability as exploited in attacks
- CISA flags Wing FTP Server flaw as actively exploited in attacks
- CISA flags new SD-WAN flaw as actively exploited in attacks
- CISA gives feds 4 days to patch actively exploited cPanel plugin flaw
- CISA gives feds four days to patch Ivanti flaw exploited as zero-day
- CISA orders feds to patch BlueHammer flaw exploited as zero-day
- CISA orders feds to patch DarkSword iOS flaws exploited attacks
- CISA orders feds to patch Fortinet flaw exploited in attacks by Friday
- CISA orders feds to patch Windows flaw exploited as zero-day
- CISA orders feds to patch Zimbra XSS flaw exploited in attacks
- CISA orders feds to patch actively exploited Citrix flaw by Thursday
- CISA orders feds to patch actively exploited Drupal vulnerability
- CISA orders feds to patch exploited Fortinet EMS flaw by Friday
- CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday
- CISA orders feds to patch max-severity Cisco flaw by Sunday
- CISA orders feds to patch n8n RCE flaw exploited in attacks
- CISA says ‘Copy Fail’ flaw now exploited to root Linux systems
- CISA urges US orgs to secure Microsoft Intune systems after Stryker breach
- CISA warns feds to patch iOS flaws exploited in crypto-theft attacks
- CISA warns of Apple flaws exploited in spyware, crypto-theft attacks
- CISA: New Langflow flaw actively exploited to hijack AI workflows
- CISA: Recently patched Ivanti EPM flaw now actively exploited
- CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads
- CPUID hacked to deliver malware via CPU-Z, HWMonitor downloads
- California AG sues 23andMe over 2023 breach exposing health data
- Can the Security Platform Finally Deliver for the Mid-Market?
- Can you enforce strong Active Directory password rules without frustrating users?
- Canada arrests three for operating “SMS blaster” device in Toronto
- Canadian retail giant Loblaw notifies customers of data breach
- Canvas Breach Disrupts Schools & Colleges Nationwide
- Canvas login portals hacked in mass ShinyHunters extortion campaign
- Carnival Cruise confirms data breach affecting nearly 6 million people
- Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures
- Charter Communications data breach affects 4.9 million accounts
- Charter confirms data breach after ShinyHunters extortion threat
- ChatGPT rolls out new $100 Pro subscription to challenge Claude
- ChatGPT share links abused to host fake outage pages to deliver malware
- ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface
- Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack
- Checkmarx confirms LAPSUS$ hackers leaked its stolen GitHub data
- China's Apple App Store infiltrated by crypto-stealing wallet apps
- China-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go Backdoors
- China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists
- China-Linked Hackers Use TernDoor, PeerTime, BruteEntry in South American Telecom Attacks
- China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks
- China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware
- China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing
- China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions
- Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware
- Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks
- Chinese hackers target telcos with new Linux, Windows malware
- Chinese state hackers target telcos with new malware toolkit
- Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft
- Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access
- Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities
- Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise
- Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access
- Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution
- Cisco flags more SD-WAN flaws as actively exploited in attacks
- Cisco says critical Webex Services flaw requires customer action
- Cisco source code stolen in Trivy-linked dev environment breach
- Cisco warns of max severity Secure FMC flaws giving root access
- Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks
- Citizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data
- Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug
- Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks
- Citrix urges admins to patch NetScaler flaws as soon as possible
- Claude AI finds Vim, Emacs RCE bugs that trigger on file open
- Claude Code Security and Magecart: Getting the Threat Model Right
- Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms
- Claude Code leak used to push infostealer malware on GitHub
- Claude Code source code accidentally leaked in NPM package
- Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website
- Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software
- Cleartext Passwords in MS Edge? In 2026?, (Mon, May 4th)
- ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers
- CloudZ malware abuses Microsoft Phone Link to steal SMS and OTPs
- Cognizant TriZetto breach exposes health data of 3.4 million patients
- Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape
- Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer
- Compromised Site Management Panels are a Hot Item in Cybercrime Markets
- ConnectWise patches new flaw allowing ScreenConnect hijacking
- ConsentFix v3 attacks target Azure with automated OAuth abuse
- Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1
- Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in New Mass Attacks
- Coruna iOS exploit framework linked to Triangulation attacks
- Cosmetics giant Rituals discloses data breach affecting customers
- Criminal IP and Securonix ThreatQ Collaborate to Enhance Threat Intelligence Operations
- Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE
- Critical Cisco IMC auth bypass gives attackers Admin access
- Critical Citrix NetScaler memory flaw actively exploited in attacks
- Critical Fortinet Forticlient EMS flaw now exploited in attacks
- Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code
- Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure
- Critical Marimo pre-auth RCE flaw now under active exploitation
- Critical Microsoft SharePoint flaw now exploited in attacks
- Critical Microsoft Vulnerabilities Doubled: From Exposure to Escalation
- Critical Nginx UI auth bypass flaw now actively exploited in the wild
- Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE
- Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE
- Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23
- Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately
- Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks
- Critical cPanel and WHM bug exploited as a zero-day, PoC now available
- Critical flaw in Protobuf library enables JavaScript code execution
- Critical flaw in wolfSSL library enables forged certificate use
- Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials
- Critical vm2 sandbox bug lets attackers execute code on hosts
- Critrical cPanel flaw mass-exploited in "Sorry" ransomware attacks
- Cross-Platform NPM Stealer, (Fri, May 22nd)
- Crunchyroll probes breach after hacker claims to steal 6.8M users' data
- Crypto gang member gets 6.5 years for role in $230 million heist
- Crypto-exchange Kraken extorted by hackers after insider breach
- Cyber-Enabled Cargo Crime: How Cybercrime Tradecraft is Used to Steal Freight
- CyberStrikeAI tool adopted by hackers for AI-powered attacks
- Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks
- Cybercrime service disrupted for abusing Microsoft platform to sign malware
- DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware
- DAEMON Tools devs confirm breach, release malware-free version
- DAEMON Tools trojanized in supply-chain attack to deploy backdoor
- DORA and operational resilience: Credential management as a financial risk control
- DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea
- DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage
- DShield (Cowrie) Honeypot Stats and When Sessions Disconnect, (Mon, Mar 30th)
- DShield Honeypot Update, (Mon, May 4th)
- Danger of Libredtail [Guest Diary], (Wed, Apr 29th)
- DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover
- Data breach at edtech giant McGraw Hill affects 13.5 million accounts
- Day Zero Readiness: The Operational Gaps That Break Incident Response
- DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials
- Deepfake Voice Attacks are Outpacing Defenses: What Security Leaders Should Know
- Dell confirms its SupportAssist software causes Windows BSOD crashes
- Detecting IP KVMs, (Tue, Mar 24th)
- Deterministic + Agentic AI: The Architecture Exposure Validation Requires
- Developer Workstations Are Now Part of the Software Supply Chain
- Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse
- Device code phishing attacks surge 37x as new kits spread online
- Die Linke German political party confirms data stolen by Qilin ransomware
- Differentiating Between a Targeted Intrusion and an Automated Opportunistic Scanning [Guest Diary], (Wed, Mar 4th)
- DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability
- Discord rolls out end-to-end encryption on voice, video calls
- Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit
- DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks
- Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access
- Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices
- Drift $280M crypto theft linked to 6-month in-person operation
- Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK
- Drift loses $280 million North Korean hackers seize Security Council powers
- Drift loses $280 million as hackers seize Security Council powers
- Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV
- Drupal critical update to fix bug with high exploitation risk
- Drupal to Release Urgent Core Security Updates on May 20, Sites Told to Prepare
- Drupal: Critical SQL injection flaw now targeted in attacks
- Dust Specter Targets Iraqi Officials with New SPLITDROP and GHOSTFORM Malware
- Dutch Finance Ministry takes treasury banking portal offline after breach
- Dutch Ministry of Finance discloses breach affecting employees
- Dutch Police discloses security breach after phishing attack
- Dutch govt disrupts malware botnet with 17 million infected devices
- Dutch govt warns of Signal, WhatsApp account hijacking attacks
- Dutch police arrests suspect linked to Ajax football club hack
- EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security
- EU court adviser says banks must immediately refund phishing victims
- Edu tech firm Instructure discloses cyber incident, probes impact
- Encrypted Client Hello: Ready for Prime Time?, (Mon, Mar 9th)
- EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallet Installs
- EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets
- England Hockey investigating ransomware data breach
- Ericsson US discloses data breach after service provider hack
- EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades
- Eurail says December data breach impacts 300,000 individuals
- Europe sanctions Chinese and Iranian firms for cyberattacks
- European Commission confirms data breach after Europa.eu hack
- European Commission investigating breach after Amazon cloud account hack
- European Commission investigating breach after Amazon cloud hack
- European Gym giant Basic-Fit data breach affects 1 million members
- European police dismantles €50 million crypto investment fraud ring
- Europol-Led Operation Takes Down Tycoon 2FA Phishing-as-a-Service Linked to 64,000 Attacks
- Europol-coordinated action disrupts Tycoon2FA phishing platform
- Evolution of Ransomware: Multi-Extortion Ransomware Attacks
- Ex-data analyst stole company data in $2.5M extortion scheme
- Exploit available for new DirtyDecrypt Linux root escalation flaw
- Exploit released for new PinTheft Arch Linux root escalation flaw
- FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks
- FBI and Europol Seize LeakBase Forum Used to Trade Stolen Credentials
- FBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud Attempts
- FBI arrests suspect linked to $46M crypto theft from US Marshals
- FBI confirms hack of Director Patel's personal email inbox
- FBI investigates breach of surveillance and wiretap systems
- FBI links Signal phishing attacks to Russian intelligence services
- FBI links cybercriminals to sharp surge in cargo theft attacks
- FBI seeks victims of Steam games used to spread malware
- FBI seizes Handala data leak site after Stryker cyberattack
- FBI seizes LeakBase cybercrime forum, data of 142,000 members
- FBI takedown of W3LL phishing service leads to developer arrest
- FBI warns against using Chinese mobile apps due to privacy risks
- FBI warns of Handala hackers using Telegram in malware attacks
- FBI warns of Kali365 phishing service targeting Microsoft 365 accounts
- FBI warns of fake FIFA websites running World Cup fraud schemes
- FBI warns of in-person data theft attacks from extortion gang
- FBI warns of phishing attacks impersonating US city, county officials
- FBI: Americans lost a record $21 billion to cybercrime last year
- FBI: Americans lost over $388 million to scams using crypto ATMs in 2025
- FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns
- FCC bans new routers made outside the USA over security risks
- FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches
- FTC to ban data broker Kochava from selling Americans’ location data
- FTC: Americans lost over $2.1 billion to social media scams in 2025
- Facebook accounts unavailable in worldwide outage
- Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud
- Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads
- Fake Claude AI website delivers new 'Beagle' Windows malware
- Fake Claude Code install guides push infostealers in InstallFix attacks
- Fake Google Security site uses PWA app to steal credentials, MFA codes
- Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux
- Fake LastPass support email threads try to steal vault passwords
- Fake Ledger Live app on Apple’s App Store stole $9.5M in crypto
- Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads
- Fake OpenAI repository on Hugging Face pushes infostealer malware
- Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations
- Fake VS Code alerts on GitHub spread malware to developers
- Fake enterprise VPN downloads used to steal company credentials
- Fake enterprise VPN sites used to steal company credentials
- Feds Disrupt IoT Botnets Behind Huge DDoS Attacks
- File read flaw in Smart Slider plugin impacts 500K WordPress sites
- Firefox now has a free built-in VPN with 50GB monthly data limit
- Firestarter malware survives Cisco firewall updates, security patches
- First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups
- Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets
- Flipper One project needs community help to build open Linux platform
- Florida woman imprisoned for massive Microsoft license fraud scheme
- Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed
- Former US execs plead guilty to aiding tech support scammers
- Former govt contractor convicted for wiping dozens of federal databases
- Former ransomware negotiator pleads guilty to BlackCat attacks
- FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials
- Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS
- Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator
- Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
- Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence
- Foxconn confirms cyberattack claimed by Nitrogen ransomware gang
- French govt agency confirms breach as hacker offers to sell data
- From $5 Attacks to Botnet-Powered Platforms: Inside the DDoS-as-a- Service Market
- From VMware to what’s next: Protecting data during hypervisor migration
- Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming
- Funnel Builder WordPress plugin bug exploited to steal credit cards
- GIGABYTE Control Center vulnerable to arbitrary file write flaw
- GM agrees to $12.75M California settlement over sale of drivers’ data
- GPU mining malware spreads via SEO poisoning, AI chatbots
- GSocket Backdoor Delivered Through Bash Script, (Fri, Mar 20th)
- GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data
- German authorities identify REvil and GandCrab ransomware bosses
- German authorities identify REvil and GangCrab ransomware bosses
- Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
- Ghanain man pleads guilty to role in $100 million fraud ring
- Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks
- Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign
- Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials
- Ghostwriter Targets Ukraine Government Entities with Prometheus Phishing Malware
- Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike
- GitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD Credentials
- GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos
- GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension
- GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories
- GitHub adds AI-powered bug detection to expand security coverage
- GitHub confirms breach of 3,800 repos via malicious VSCode extension
- GitHub fixes RCE flaw that gave access to millions of private repos
- GitHub investigates internal repositories breach claimed by TeamPCP
- GitHub links repo breach to TanStack npm supply-chain attack
- Gitea Vulnerability Exposes Private Container Images without Authentication
- GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos
- GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs
- GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure
- GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data
- GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers
- GlassWorm malware attacks return via 73 OpenVSX "sleeper" extensions
- GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX
- Glassworm botnet disrupted after resilient C2 infrastructure takedown
- Global Crackdown Arrests 276, Shuts 9 Crypto Scam Centers, Seizes $701M
- Going the Extra Mile: Travel Rewards Turn into Underground Currency.
- Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams
- Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security
- Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069
- Google Blocks 8.3B Policy-Violating Ads in 2025, Launches Android 17 Privacy Overhaul
- Google Chrome adds infostealer protection against session cookie theft
- Google Chrome adds session cookie theft protection for all users
- Google Chrome shifts to two-week release cycle for increased stability
- Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited
- Google Develops Merkle Tree Certificates to Enable Quantum-Resistant HTTPS in Chrome
- Google Drive ransomware detection now on by default for paying users
- Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution
- Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8
- Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution
- Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows
- Google accidentally exposed details of unfixed Chromium flaw
- Google adds ‘Advanced Flow’ for safe APK sideloading on Android
- Google expands Gemini AI use to fight malicious ads on its platform
- Google fixes fourth Chrome zero-day exploited in attacks in 2026
- Google fixes two new Chrome zero-days exploited in attacks
- Google now allows you to change your @gmail.com address
- Google now offers up to $1.5 million for some Android exploits
- Google paid $17.1 million for vulnerability reports in 2025
- Google rolls out Gmail end-to-end encryption on mobile devices
- Google says 90 zero-days were exploited in attacks last year
- Google's Android Apps Get Public Verification to Stop Supply Chain Attacks
- Google: Cloud attacks exploit flaws more than weak credentials
- Google: Hackers used AI to develop zero-day exploit for web admin tool
- Google: New UNC6783 hackers steal corporate Zendesk support tickets
- Grafana GitHub Breach Exposes Source Code via TanStack npm Attack
- Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt
- Grafana breach caused by missed token rotation after TanStack attack
- Grafana says stolen GitHub token let hackers steal codebase
- Grandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android Users
- GreyVibe hackers use ChatGPT, Gemini to power cyberattacks
- Grinex exchange blames "Western intelligence" for $13.7M crypto hack
- HPE warns of critical AOS-CX flaw allowing admin password resets
- HTTP Requests with X-Vercel-Set-Bypass-Cookie Header, (Tue, Apr 28th)
- Hacker charged with stealing $53 million from Uranium crypto exchange
- Hacker mass-mails HungerRush extortion emails to restaurant patrons
- HackerOne discloses employee data breach after Navia hack
- Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems
- Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials
- Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner
- Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation
- Hackers abuse .arpa DNS and ipv6 to evade phishing defenses
- Hackers abuse Google ads for GoDaddy ManageWP login phishing
- Hackers abuse Google ads, Claude.ai chats to push Mac malware
- Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw
- Hackers arrested for hijacking and selling 610,000 Roblox accounts
- Hackers bypass SonicWall VPN MFA due to incomplete patching
- Hackers compromise Axios npm package to drop cross-platform malware
- Hackers earn $1,298,250 for 47 zero-days at Pwn2Own Berlin 2026
- Hackers exploit FortiClient EMS flaw to push infostealer malware
- Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face
- Hackers exploit RCE flaws in Qinglong task scheduler for cryptomining
- Hackers exploit React2Shell in automated credential theft campaign
- Hackers exploit TrueConf zero-day to push malicious software updates
- Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin
- Hackers exploit critical flaw in Ninja Forms WordPress plugin
- Hackers exploit file upload bug in Breeze Cache WordPress plugin
- Hackers exploiting Acrobat Reader zero-day flaw since December
- Hackers now exploit critical F5 BIG-IP flaw in attacks, patch now
- Hackers steal $3.6 million from crypto ATM giant Bitcoin Depot
- Hackers use pixel-large SVG trick to hide credit card stealer
- Handling the CVE Flood With EPSS, (Mon, Apr 20th)
- Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API
- Healthcare IT solutions provider ChipSoft hit by ransomware attack
- Healthcare tech firm CareCloud says hackers stole patient data
- Hidden Passenger? How Taboola Routes Logged-In Banking Sessions to Temu
- Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks
- Hikvision and Rockwell Automation CVSS 9.8 Flaws Added to CISA KEV Catalog
- Hims & Hers warns of data breach after Zendesk support ticket breach
- Hive0163 Uses AI-Assisted Slopoly Malware for Persistent Access in Ransomware Attacks
- Home security giant ADT data breach affects 5.5 million people
- How AI Assistants are Moving the Security Goalposts
- How AI Hallucinations Are Creating Real Security Risks
- How CISOs Can Survive the Era of Geopolitical Cyberattacks
- How Ceros Gives Security Teams Visibility and Control in Claude Code
- How Deepfakes and Injection Attacks Are Breaking Identity Verification
- How LiteLLM Turned Developer Machines Into Credential Vaults for Attackers
- How SIEM helps MSPs reduce noise and stop threats faster
- How Varonis Atlas integrates Claude Compliance API for AI governance
- How a Brute Force Attack Unmasked a Ransomware Infrastructure Network
- How often are redirects used in phishing in 2026?, (Mon, Apr 6th)
- How to Categorize AI Agents and Prioritize Risk
- How to Evaluate AI SOC Agents: 7 Questions Gartner Says You Should Be Asking
- How to Reduce Phishing Exposure Before It Turns into Business Disruption
- How to Scale Phishing Detection in Your SOC: 3 Steps for CISOs
- How to Stop AI Data Leaks: A Webinar Guide to Auditing Modern Agentic Workflows
- INTERPOL Dismantles 45,000 Malicious IPs, Arrests 94 in Global Cybercrime
- INTERPOL Operation Ramz Disrupts MENA Cybercrime Networks with 201 Arrests
- INTERPOL ‘Operation Ramz’ seizes 53 malware, phishing servers
- IPv4 Mapped IPv6 Addresses, (Tue, Mar 17th)
- ISC Stormcast For Friday, April 17th, 2026 https://isc.sans.edu/podcastdetail/9896, (Fri, Apr 17th)
- ISC Stormcast For Friday, April 24th, 2026 https://isc.sans.edu/podcastdetail/9906, (Fri, Apr 24th)
- ISC Stormcast For Friday, April 3rd, 2026 https://isc.sans.edu/podcastdetail/9878, (Fri, Apr 3rd)
- ISC Stormcast For Friday, March 13th, 2026 https://isc.sans.edu/podcastdetail/9848, (Fri, Mar 13th)
- ISC Stormcast For Friday, March 20th, 2026 https://isc.sans.edu/podcastdetail/9858, (Fri, Mar 20th)
- ISC Stormcast For Friday, March 27th, 2026 https://isc.sans.edu/podcastdetail/9868, (Fri, Mar 27th)
- ISC Stormcast For Friday, March 6th, 2026 https://isc.sans.edu/podcastdetail/9838, (Fri, Mar 6th)
- ISC Stormcast For Friday, May 15th, 2026 https://isc.sans.edu/podcastdetail/9934, (Fri, May 15th)
- ISC Stormcast For Friday, May 1st, 2026 https://isc.sans.edu/podcastdetail/9914, (Fri, May 1st)
- ISC Stormcast For Friday, May 22nd, 2026 https://isc.sans.edu/podcastdetail/9942, (Fri, May 22nd)
- ISC Stormcast For Friday, May 29th, 2026 https://isc.sans.edu/podcastdetail/9950, (Fri, May 29th)
- ISC Stormcast For Friday, May 8th, 2026 https://isc.sans.edu/podcastdetail/9924, (Fri, May 8th)
- ISC Stormcast For Monday, April 13th, 2026 https://isc.sans.edu/podcastdetail/9888, (Mon, Apr 13th)
- ISC Stormcast For Monday, April 20th, 2026 https://isc.sans.edu/podcastdetail/9898, (Mon, Apr 20th)
- ISC Stormcast For Monday, April 6th, 2026 https://isc.sans.edu/podcastdetail/9880, (Mon, Apr 6th)
- ISC Stormcast For Monday, March 16th, 2026 https://isc.sans.edu/podcastdetail/9850, (Mon, Mar 16th)
- ISC Stormcast For Monday, March 23rd, 2026 https://isc.sans.edu/podcastdetail/9860, (Mon, Mar 23rd)
- ISC Stormcast For Monday, March 30th, 2026 https://isc.sans.edu/podcastdetail/9870, (Mon, Mar 30th)
- ISC Stormcast For Monday, March 9th, 2026 https://isc.sans.edu/podcastdetail/9840, (Mon, Mar 9th)
- ISC Stormcast For Monday, May 11th, 2026 https://isc.sans.edu/podcastdetail/9926, (Mon, May 11th)
- ISC Stormcast For Monday, May 4th, 2026 https://isc.sans.edu/podcastdetail/9916, (Mon, May 4th)
- ISC Stormcast For Thursday, April 16th, 2026 https://isc.sans.edu/podcastdetail/9894, (Thu, Apr 16th)
- ISC Stormcast For Thursday, April 23rd, 2026 https://isc.sans.edu/podcastdetail/9904, (Thu, Apr 23rd)
- ISC Stormcast For Thursday, April 2nd, 2026 https://isc.sans.edu/podcastdetail/9876, (Thu, Apr 2nd)
- ISC Stormcast For Thursday, April 30th, 2026 https://isc.sans.edu/podcastdetail/9912, (Thu, Apr 30th)
- ISC Stormcast For Thursday, April 9th, 2026 https://isc.sans.edu/podcastdetail/9886, (Thu, Apr 9th)
- ISC Stormcast For Thursday, March 12th, 2026 https://isc.sans.edu/podcastdetail/9846, (Thu, Mar 12th)
- ISC Stormcast For Thursday, March 19th, 2026 https://isc.sans.edu/podcastdetail/9856, (Thu, Mar 19th)
- ISC Stormcast For Thursday, March 26th, 2026 https://isc.sans.edu/podcastdetail/9866, (Thu, Mar 26th)
- ISC Stormcast For Thursday, March 5th, 2026 https://isc.sans.edu/podcastdetail/9836, (Thu, Mar 5th)
- ISC Stormcast For Thursday, May 14th, 2026 https://isc.sans.edu/podcastdetail/9932, (Thu, May 14th)
- ISC Stormcast For Thursday, May 21st, 2026 https://isc.sans.edu/podcastdetail/9940, (Thu, May 21st)
- ISC Stormcast For Thursday, May 28th, 2026 https://isc.sans.edu/podcastdetail/9948, (Thu, May 28th)
- ISC Stormcast For Thursday, May 7th, 2026 https://isc.sans.edu/podcastdetail/9922, (Thu, May 7th)
- ISC Stormcast For Tuesday, April 14th, 2026 https://isc.sans.edu/podcastdetail/9890, (Tue, Apr 14th)
- ISC Stormcast For Tuesday, April 21st, 2026 https://isc.sans.edu/podcastdetail/9900, (Tue, Apr 21st)
- ISC Stormcast For Tuesday, April 28th, 2026 https://isc.sans.edu/podcastdetail/9908, (Tue, Apr 28th)
- ISC Stormcast For Tuesday, April 7th, 2026 https://isc.sans.edu/podcastdetail/9882, (Tue, Apr 7th)
- ISC Stormcast For Tuesday, March 10th, 2026 https://isc.sans.edu/podcastdetail/9842, (Tue, Mar 10th)
- ISC Stormcast For Tuesday, March 17th, 2026 https://isc.sans.edu/podcastdetail/9852, (Tue, Mar 17th)
- ISC Stormcast For Tuesday, March 24th, 2026 https://isc.sans.edu/podcastdetail/9862, (Tue, Mar 24th)
- ISC Stormcast For Tuesday, March 31st, 2026 https://isc.sans.edu/podcastdetail/9872, (Tue, Mar 31st)
- ISC Stormcast For Tuesday, March 3rd, 2026 https://isc.sans.edu/podcastdetail/9832, (Tue, Mar 3rd)
- ISC Stormcast For Tuesday, May 12th, 2026 https://isc.sans.edu/podcastdetail/9928, (Tue, May 12th)
- ISC Stormcast For Tuesday, May 19th, 2026 https://isc.sans.edu/podcastdetail/9936, (Tue, May 19th)
- ISC Stormcast For Tuesday, May 26th, 2026 https://isc.sans.edu/podcastdetail/9944, (Tue, May 26th)
- ISC Stormcast For Tuesday, May 5th, 2026 https://isc.sans.edu/podcastdetail/9918, (Tue, May 5th)
- ISC Stormcast For Wednesday, April 15th, 2026 https://isc.sans.edu/podcastdetail/9892, (Wed, Apr 15th)
- ISC Stormcast For Wednesday, April 1st, 2026 https://isc.sans.edu/podcastdetail/9874, (Wed, Apr 1st)
- ISC Stormcast For Wednesday, April 22nd, 2026 https://isc.sans.edu/podcastdetail/9902, (Wed, Apr 22nd)
- ISC Stormcast For Wednesday, April 29th, 2026 https://isc.sans.edu/podcastdetail/9910, (Wed, Apr 29th)
- ISC Stormcast For Wednesday, April 8th, 2026 https://isc.sans.edu/podcastdetail/9884, (Wed, Apr 8th)
- ISC Stormcast For Wednesday, March 11th, 2026 https://isc.sans.edu/podcastdetail/9844, (Wed, Mar 11th)
- ISC Stormcast For Wednesday, March 18th, 2026 https://isc.sans.edu/podcastdetail/9854, (Wed, Mar 18th)
- ISC Stormcast For Wednesday, March 25th, 2026 https://isc.sans.edu/podcastdetail/9864, (Wed, Mar 25th)
- ISC Stormcast For Wednesday, March 4th, 2026 https://isc.sans.edu/podcastdetail/9834, (Wed, Mar 4th)
- ISC Stormcast For Wednesday, May 13th, 2026 https://isc.sans.edu/podcastdetail/9930, (Wed, May 13th)
- ISC Stormcast For Wednesday, May 20th, 2026 https://isc.sans.edu/podcastdetail/9938, (Wed, May 20th)
- ISC Stormcast For Wednesday, May 27th, 2026 https://isc.sans.edu/podcastdetail/9946, (Wed, May 27th)
- ISC Stormcast For Wednesday, May 6th, 2026 https://isc.sans.edu/podcastdetail/9920, (Wed, May 6th)
- Identity Alone Isn't Enough: Why Device Security Has to Share the Load
- Infinite Campus warns of breach after ShinyHunters claims data theft
- Inside Caller-as-a-Service Fraud: The Scam Economy Has a Hiring Process
- Inside a Crypto Drainer: How to Spot it Before it Empties Your Wallet
- Inside a Modern Fraud Attack: From Bot Signups to Account Takeovers
- Inside an OPSEC Playbook: How Threat Actors Evade Detection
- Inside an Underground Guide: How Threat Actors Vet Stolen Credit Card Shops
- Inside the REMUS Infostealer: Session Theft, MaaS, and Rapid Evolution
- Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak
- Instructure confirms data breach, ShinyHunters claims attack
- Instructure confirms hackers used Canvas flaw to deface portals
- Instructure hacker claims data theft from 8,800 schools, universities
- Instructure reaches 'agreement' with ShinyHunters to stop data leak
- Interesting Message Stored in Cowrie Logs, (Wed, Mar 18th)
- Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access
- International joint action disrupts world’s largest DDoS botnets
- Investigating a New Click-Fix Variant
- Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker
- Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack
- Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs
- Iran-Linked MuddyWater Hackers Target U.S. Networks With New Dindoor Backdoor
- Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations
- Iranian Hackers Deploy MiniFast and MiniJunk V2 via Phishing and SEO Poisoning
- Iranian hackers targeted major South Korean electronics maker
- Is a $30,000 GPU Good at Password Cracking?
- Italy disrupts CINEMAGOAL piracy app that stole streaming auth codes
- Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access
- Ivanti warns of new EPMM flaw exploited in zero-day attacks
- Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws
- JDownloader site hacked to replace installers with Python RAT malware
- JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware
- JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025
- KadNap Malware Infects 14,000+ Edge Devices to Power Stealth Proxy Botnet
- Kali Linux 2026.1 released with 8 new tools, new BackTrack mode
- Karakurt extortion gang ‘cold case’ negotiator gets 8.5 years in prison
- KelpDAO suffers $290 million heist tied to Lazarus hackers
- Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels
- Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks
- KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike
- KnowledgeDeliver flaw exploited as a zero-day to install web shells
- KongTuke hackers now use Microsoft Teams for corporate breaches
- Konni Deploys EndRAT Through Phishing, Uses KakaoTalk to Propagate Malware
- Kyber ransomware gang toys with post-quantum encryption on Windows
- LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure
- LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks
- Laravel Lang packages hijacked to deploy credential-stealing malware
- Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer
- Lawmakers Demand Answers as CISA Tries to Contain Data Leak
- Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms
- LeakBase Admin Arrested in Russia Over Massive Stolen Credential Marketplace
- LeakNet Ransomware Uses ClickFix via Hacked Sites, Deploys Deno In-Memory Loader
- LeakNet ransomware uses ClickFix and Deno runtime for stealthy attacks
- LeakNet ransomware uses ClickFix, Deno runtime in stealthy attacks
- Leaked Shai-Hulud malware fuels new npm infostealer campaign
- Learning from the Vercel breach: Shadow AI & OAuth sprawl
- LexisNexis confirms data breach as hackers leak stolen files
- LinkedIn secretely scans for 6,000+ Chrome extensions, collects data
- LinkedIn secretly scans for 6,000+ Chrome extensions, collects data
- Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions
- LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure
- LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root
- Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack
- Lumma Stealer infection with Sectop RAT (ArechClient2), (Fri, Apr 17th)
- MFA Prompt Bombing: Why Your Second Factor Isn't Saving You
- Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover
- Mail2Shell zero-click attack lets hackers hijack FreeScout mail servers
- Making Vulnerable Drivers Exploitable Without Hardware - The BYOVD Perspective
- Malicious Ad for Homebrew Leads to MacSync Stealer, (Fri, May 1st)
- Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain
- Malicious Script That Gets Rid of ADS, (Wed, Apr 1st)
- Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets
- Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials
- Malicious npm Package Stole Files From Claude AI User Directory via GitHub
- Man admits to locking thousands of Windows devices in extortion plot
- Man gets 30 months for selling thousands of hacked DraftKings accounts
- Man sent to prison for selling data of 7 millions elderly Americans
- Manager of botnet used in ransomware attacks gets 2 years in prison
- Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure
- Marquis: Ransomware gang stole data of 672K people in cyberattack
- Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices
- Masters of Imitation: How Hackers and Art Forgers Perfect the Art of Deception
- Max severity Cisco Secure Workload flaw gives Site Admin privileges
- Max severity Flowise RCE vulnerability now exploited in attacks
- Max severity Ubiquiti UniFi flaw may allow account takeover
- Max-severity flaw in ChromaDB for AI apps allows server hijacking
- Mazda discloses security breach exposing employee and partner data
- McGraw-Hill confirms data breach following extortion threat
- Medtech giant Stryker fully operational after data-wiping attack
- Medtech giant Stryker offline after Iran-linked wiper malware attack
- Medtronic confirms breach after hackers claim 9 million records theft
- Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows
- MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks
- Meta Disables 150K Accounts Linked to Southeast Asia Scam Centers in Global Crackdown
- Meta adds new WhatsApp, Facebook, and Messenger anti-scam tools
- Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026
- Microsoft 365 Backup to add file-level restore for faster recovery
- Microsoft Access VBA, (Mon, May 25th)
- Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days
- Microsoft Azure Monitor alerts abused for callback phishing attacks
- Microsoft Azure Monitor alerts abused in callback phishing campaigns
- Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202
- Microsoft Defender can now automatically isolate hacked endpoints
- Microsoft Defender wrongly flags DigiCert certs as Trojan:Win32/Cerdigent.A!dha
- Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers
- Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries
- Microsoft Exchange Online outage blocks access to mailboxes
- Microsoft Exchange Online service change causes email access issues
- Microsoft Exchange, Windows 11 hacked on second day of Pwn2Own
- Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities
- Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws
- Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-days
- Microsoft May 2026 Patch Tuesday, (Tue, May 12th)
- Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development
- Microsoft Patch Tuesday April 2026., (Tue, Apr 14th)
- Microsoft Patch Tuesday March 2026, (Tue, Mar 10th)
- Microsoft Patch Tuesday, March 2026 Edition
- Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws
- Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days
- Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug
- Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover
- Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions
- Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit
- Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer
- Microsoft Self-Service Password Reset abused in Azure data theft attacks
- Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal
- Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks
- Microsoft Teams phishing targets employees with A0Backdoor malware
- Microsoft Teams phishing targets employees with backdoors
- Microsoft Teams right-click paste broken by Edge update bug
- Microsoft Teams to get efficiency mode on PCs with limited resources
- Microsoft Teams will tag third-party bots trying to join meetings
- Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware
- Microsoft Warns OAuth Redirect Abuse Delivers Malware to Government Targets
- Microsoft Warns of Two Actively Exploited Defender Vulnerabilities
- Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass
- Microsoft adds Windows protections for malicious Remote Desktop files
- Microsoft asks iPhone users to reauthenticate after Outlook outage
- Microsoft backpedals: Edge to stop loading passwords into memory
- Microsoft blames macOS update for undismissible Teams location prompts
- Microsoft brings phishing-resistant Windows sign-ins via Entra passkeys
- Microsoft confirms April Windows updates cause backup failures
- Microsoft confirms Windows 11 security update install issues
- Microsoft confirms patching issues in restricted Windows networks
- Microsoft fixes BitLocker recovery issue only for Windows 11 users
- Microsoft fixes Classic Outlook bug causing email delivery issues
- Microsoft fixes Outlook Classic crashes caused by Teams Meeting add-in
- Microsoft fixes Remote Desktop warnings displaying incorrectly
- Microsoft fixes Windows Autopatch bug installing restricted drivers
- Microsoft fixes bug behind Windows Server 2025 automatic upgrades
- Microsoft fixes bug causing Classic Outlook sync issues with Gmail
- Microsoft investigates classic Outlook sync and connection issues
- Microsoft links Classic Outlook issue to email delivery problems
- Microsoft links Medusa ransomware affiliate to zero-day attacks
- Microsoft now force upgrades unmanaged Windows 11 24H2 PCs
- Microsoft now lets admins choose pre-installed Store apps to uninstall
- Microsoft now lets admins uninstall Copilot on enterprise devices
- Microsoft pays $2.3M for cloud and AI flaws at Zero Day Quest
- Microsoft plans to improve Windows 11 driver quality in 2026
- Microsoft pulls KB5079391 Windows update over install issues
- Microsoft pulls Samsung app blocking Windows C: drive from Store
- Microsoft pulls service update causing Teams launch failures
- Microsoft rejects critical Azure vulnerability report, no CVE issued
- Microsoft releases Windows 10 KB5078885 extended security update
- Microsoft releases Windows 10 KB5082200 extended security update
- Microsoft releases Windows 10 KB5087544 extended security update
- Microsoft releases Windows 11 OOB hotpatch to fix RRAS RCE flaw
- Microsoft releases emergency patches for critical ASP.NET flaw
- Microsoft releases emergency updates to fix Windows Server issues
- Microsoft removes Support and Recovery Assistant from Windows
- Microsoft rolls out fast-track to reinstate Windows hardware dev accounts
- Microsoft rolls out fix for broken Windows Start Menu search
- Microsoft rolls out revamped Windows Insider Program
- Microsoft says Outlook.com outage is causing sign‑in failures
- Microsoft says backend change broke Teams Free chat and calls
- Microsoft says some users can't install Office on Windows 365 devices
- Microsoft shares fix for Windows C: drive access issues on Samsung PCs
- Microsoft shares mitigation for YellowKey Windows zero-day
- Microsoft still working to fix Exchange Online mailbox access issues
- Microsoft still working to fix Windows Explorer white flashes
- Microsoft stops force-installing the Microsoft 365 Copilot app
- Microsoft suspends dev accounts for high-profile open source projects
- Microsoft testing adjustable taskbar, Start menu in Windows 11
- Microsoft tests Windows Explorer speed, performance improvements
- Microsoft tests modern Windows Run, says it's faster than legacy dialog
- Microsoft to automatically roll back faulty Windows drivers
- Microsoft to deprecate legacy TLS in Exchange Online starting July
- Microsoft to enable Windows hotpatch security updates by default
- Microsoft to roll out Entra passkeys on Windows in late April
- Microsoft traces Universal Print issues to Graph API code change
- Microsoft warns of Exchange zero-day flaw exploited in attacks
- Microsoft warns of new Defender zero-days exploited in attacks
- Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday
- Microsoft: April Windows Server 2025 update may fail to install
- Microsoft: April updates trigger BitLocker key prompts on some servers
- Microsoft: Canadian employees targeted in payroll pirate attacks
- Microsoft: Domain Controller lookup may fail on Windows Server 2016
- Microsoft: Enabling Teams Meeting add-in breaks Outlook Classic
- Microsoft: Hackers abuse OAuth error flows to spread malware
- Microsoft: Hackers abusing AI at every stage of cyberattacks
- Microsoft: March Windows updates break Teams, OneDrive sign-ins
- Microsoft: New Remote Desktop warnings may display incorrectly
- Microsoft: Some Teams users can’t join meetings after Edge update
- Microsoft: Some Windows servers enter reboot loops after April patches
- Microsoft: Teams increasingly abused in helpdesk impersonation attacks
- Microsoft: Windows 11 users can't access C: drive on some Samsung PCs
- Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
- Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages
- MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems
- Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet
- Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks
- Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads
- Mississippi medical center reopens clinics hit by ransomware attack
- Money launderer linked to $230M crypto heist gets 70 months in prison
- More Honeypot Fingerprinting Scans, (Wed, Apr 8th)
- Most "AI SOCs" Are Just Faster Triage. That's Not Enough.
- Most Remediation Programs Never Confirm the Fix Actually Worked
- MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries
- MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack
- MuddyWater hackers use Chaos ransomware as a decoy in attacks
- Multi-OS Cyberattacks: How SOCs Close a Critical Risk in 3 Steps
- Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT
- Musician admits to $10M streaming royalty fraud using AI bots
- Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles
- Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren't Ready for the Remediation Side
- N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust
- NAKIVO v11.2: Ransomware Defense, Faster Replication, vSphere 9, and Proxmox VE 9.0 Support
- NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software
- NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE
- NGate Android malware uses HandyPay NFC app to steal card data
- NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs
- NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions
- NIST to stop rating non-priority flaws due to volume increase
- NVIDIA confirms GeForce NOW data breach affecting Armenian users
- Navia discloses data breach impacting 2.7 million people
- Nearly 4,000 US industrial devices exposed to Iranian cyberattacks
- Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks
- Netherlands seizes 800 servers of hosting firm enabling cyberattacks
- New "LeakyLooker" Flaws in Google Looker Studio Could Enable Cross-Tenant SQL Queries
- New 'Zombie ZIP' technique lets malware slip past security tools
- New AI DDoS Attacks Are Smarter. Learn How to Fight Back in This Webinar
- New AI Usage Report: Enterprise AI Risk Is Heavily Concentrated Among a Small Group of AI "Power users"
- New ATHR vishing platform uses AI voice agents for automated attacks
- New AgingFly malware used in attacks on Ukraine govt, hospitals
- New BeatBanker Android malware poses as Starlink app to hijack devices
- New BlackFile extortion group linked to surge of vishing attacks
- New Bluekit phishing service includes an AI assistant, 40 templates
- New Booking.com data breach forces reservation PIN resets
- New Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy
- New Checkmarx supply-chain breach affects KICS analysis tool
- New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel
- New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released
- New Cisco DoS flaw requires manual reboot to revive devices
- New CrystalRAT malware adds RAT, stealer and prankware features
- New EvilTokens service fuels Microsoft device code phishing attacks
- New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution
- New FortiClient EMS flaw exploited in attacks, emergency patch released
- New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption
- New Fragnesia Linux flaw lets attackers gain root privileges
- New GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips
- New GPUBreach attack enables system takeover via GPU rowhammer
- New GhostLock tool abuses Windows API to block file access
- New GoGra malware for Linux uses Microsoft Graph API for comms
- New Gogs zero-day flaw lets hackers get remote code execution
- New GopherWhisper APT group abuses Outlook, Slack, Discord for comms
- New Infinity Stealer malware grabs macOS data via ClickFix lures
- New KB5085516 emergency update fixes Microsoft account sign-in
- New KadNap botnet hijacks ASUS routers to fuel cybercrime proxy network
- New Linux 'Copy Fail' Vulnerability Enables Root Access on Major Distributions
- New Linux 'Dirty Frag' zero-day gives root on all major distros
- New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials
- New Linux ‘Copy Fail’ flaw gives hackers root on major distros
- New Lotus data wiper used against Venezuelan energy, utility firms
- New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges
- New Mirai campaign exploits RCE flaw in EoL D-Link routers
- New PCPJack worm steals credentials, cleans TeamPCP infections
- New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released
- New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data
- New PhantomRaven NPM attack wave steals dev data via 88 packages
- New Progress ShareFile flaws can be chained in pre-auth RCE attacks
- New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials
- New RFP Template for AI Usage Control and AI Governance
- New RoadK1ll WebSocket implant used to pivot on breached networks
- New Russia-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks
- New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks
- New Shai-Hulud malware wave compromises 600 npm packages
- New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images
- New TCLBanker malware self-spreads over WhatsApp and Outlook
- New Torg Grabber infostealer malware targets 728 crypto wallets
- New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots
- New VENOM phishing attacks steal senior executives' Microsoft logins
- New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs
- New Windows 'MiniPlasma' zero-day exploit gives SYSTEM access, PoC released
- New Windows 11 emergency update fixes preview update install issues
- New Windows 11 hotpatch fixes Bluetooth device visibility issue
- New critical Exim mailer flaw allows remote code execution
- New font-rendering trick hides malicious commands from AI tools
- New macOS stealer campaign uses Script Editor in ClickFix attack
- New npm supply-chain attack self-spreads to steal auth tokens
- New stealthy Quasar Linux malware targets software developers
- New ‘BlackSanta’ EDR killer spotted targeting HR departments
- New ‘LucidRook’ malware used in targeted attacks on NGOs, universities
- New ‘Pack2TheRoot’ flaw gives hackers root Linux access
- New ‘Perseus’ Android malware checks user notes for secrets
- New ‘PolyShell’ flaw allows unauthenticated RCE on Magento e-stores
- New “Darksword” iOS exploit used in infostealer attack on iPhones
- Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic
- Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation
- No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks
- Nordstrom's email system abused to send crypto scams to customers
- North Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware
- North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware
- Number Usage in Passwords: Take Two, (Thu, Apr 9th)
- OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs
- Obfuscated JavaScript or Nothing, (Thu, Apr 9th)
- Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks
- Official CheckMarx Jenkins package compromised with infostealer
- Official SAP npm packages compromised to steal credentials
- Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak
- On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email
- One Click, Total Shutdown: The "Patient Zero" Webinar on Killing Stealth Breaches
- One Missed Threat Per Week: What 25M Alerts Reveal About Low-Severity Risk
- Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks
- Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries
- OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues
- OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation
- OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams
- OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability
- OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident
- OpenAI confirms security breach in TanStack supply chain attack
- OpenAI rolls out ChatGPT Library to store your personal files
- OpenAI rotates macOS certs after Axios attack hit code-signing workflow
- OpenAI says ChatGPT ads are not rolling out globally for now
- OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration
- Operation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal Accounts
- Operation PowerOFF identifies 75k DDoS users, takes down 53 domains
- Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager
- Oracle pushes emergency fix for critical Identity Manager RCE flaw
- Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign
- Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks
- Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks
- Over 100 Chrome Web Store extensions steal user accounts, data
- Over 100 Chrome extensions in Web Store target users accounts and data
- Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks
- Over 20,000 crypto fraud victims identified in international crackdown
- PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation
- PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage
- PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems
- PTC warns of imminent threat from critical Windchill, FlexPLM RCE bug
- Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
- Paid AI Accounts Are Now a Hot Underground Commodity
- Paint maker giant AkzoNobel confirms cyberattack on U.S. site
- Palo Alto Networks firewall zero-day exploited for nearly a month
- Palo Alto Networks warns of firewall RCE zero-day exploited in attacks
- Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution
- Patch Tuesday, April 2026 Edition
- Patch Tuesday, May 2026 Edition
- Payouts King ransomware uses QEMU VMs to bypass endpoint security
- PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks
- Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools
- Phobos ransomware admin pleads guilty to wire fraud conspiracy
- Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft
- Poland's nuclear research centre targeted by cyberattack
- Police dismantles 9 crypto scam centers, arrests 276 suspects
- Police dismantles online gambling ring exploiting Ukrainian women
- Police seize “First VPN” service used in ransomware, data theft attacks
- Police shut down reboot of Crimenetwork marketplace, arrest admin
- Police sinkholes 45,000 IP addresses in cybercrime crackdown
- Police take down 373,000 fake CSAM sites in Operation Alice
- PolyShell attacks target 56% of all vulnerable Magento stores
- Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials
- Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens
- Popular LiteLLM PyPI package compromised in TeamPCP supply chain attack
- Popular WordPress redirect plugin hid dormant backdoor for years
- Popular node-ipc npm package compromised to steal credentials
- Possible ACR Stealer From Page Impersonating Claude, (Tue, May 26th)
- PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure
- Pre-Stuxnet Fast16 Malware Tampered with Nuclear Weapons Simulations
- Preparing for the Quantum Era: Post-Quantum Cryptography Webinar for Security Leaders
- Product Walkthrough: How Mesh CSMA Reveals and Breaks Attack Paths to Crown Jewels
- Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass
- Progress warns of critical MOVEit Automation auth bypass flaw
- Project Glasswing Proved AI Can Find the Bugs. Who's Going to Fix Them?
- Proton launches new "Meet" privacy-focused conferencing platform
- Proxying the Unproxyable? Sending EXE traffic to a Proxy, (Wed, May 13th)
- PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux
- PyPI package with 1.1M monthly downloads hacked to push infostealer
- PyTorch Lightning Compromised in PyPI Supply Chain Attack to Steal Credentials
- PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials
- Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools
- Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise
- Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023
- Ransomware gang exploits Cisco flaw in zero-day attacks since January
- Recently leaked Windows zero-days now exploited in attacks
- Reconstructing an Akira Ransomware Kill Chain from Perimeter and Endpoint Logs, (Wed, May 27th)
- Regular Password Resets Aren’t as Safe as You Think
- Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems
- Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push
- Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes
- Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware
- Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners
- Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software
- Residential proxies evaded IP reputation checks in 78% of 4B sessions