Wire | Pwnsy News

389 items

19minZDNet SecurityReMarkable Paper Pure vs. Boox Go 10.3: I used both tablets at work, and it comes down to this 19minZDNet SecurityIs Amazfit's most premium smartwatch worth it? I tested it on the golf course, and it paid off 1hZDNet SecurityTired of AI Overviews? I found 9 Google Search alternatives that showed me links again 2hZDNet SecurityHow I stopped Android Auto from overheating my phone - 8 tricks to try 9hZDNet SecurityHow I get my solar generators storm-ready fast - after years of emergency prep 9hCSO OnlineRussia-aligned crime group Greyvibe extensively uses AI in attacks 10hMicrosoft SecurityMalicious npm packages abuse dependency confusion to profile developer environments 10hZscalerLeadership Lessons from the Banyan Tree 10hCSO OnlineMicrosoft and security researcher’s dueling posts about cybersecurity disclosures get nasty 12hThe Register SecurityLone attacker published 14 malicious npm packages mimicking popular OpenSearch, Elasticsearch libraries 13hSchneier on SecurityFriday Squid Blogging: Another Squid 13hNextgov CyberCyber Force? Senator pushes to create service branch under the Army 13hZDNet SecurityAmazon is selling this 75-inch Hisense TV for over $500 off - and I highly recommend it 13hDark ReadingName That Toon: Mark of (Cybersecurity) Progress 14hEFF DeeplinksOne Step Forward, Two Steps Back: CA's AB 1856 Exempts Open Source But Expands Age-Gating 14hThe Register SecurityICE to keep an eye on your eyes under $25M biometric scanner deal 14hRapid7Metasploit Wrap Up 05/29/2026 15hThe Register SecurityNo fix yet for critical RCE bug in open-source Git service Gogs - exploit module is out 15hBleepingComputerChatGPT share links abused to host fake outage pages to deliver malware 16hCyberScoopTennessee man linked to 764 accused of series of crimes against children dating back to 2022 16hBleepingComputerCalifornia AG sues 23andMe over 2023 breach exposing health data 16hThe Hacker NewsChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface 17hNextgov CyberCommercial location data is being used to target US servicemembers, lawmakers warn 17hTechCrunch SecurityMicrosoft under fire for threatening security researcher with criminal investigation 17hFederal News CyberThe same data that’s out there about you can also be used against you and now it is 17hRapid7Rapid7 Observed Exploitation of PAN-OS GlobalProtect Authentication Bypass Vulnerability (CVE-2026-0257)17hZDNet SecurityAfter using this Windows laptop for work and play, I'm wondering why I still need my PC tower 17hZDNet SecurityOpen-source security is a mess - IBM and Red Hat bet $5 billion and 20,000 engineers can fix it 17hSecurityWeekIn Other News: Trump Mobile Data Breach, FIFA World Cup Phishing, CISA Responds to Supply Chain Attacks 18hThe Register Security23andMe inherits lawsuit over 'disturbing' DNA data breach 18hCSO OnlineDNS-AID will make AI agents easier to discover, says Linux Foundation 18hCyberScoopFederal audit reveals NIST’s NVD is plagued by poor planning and duplication 18hMicrosoft SecurityMicrosoft is named a Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection 18hZDNet SecurityI've used Gemini in Android Auto for 2 months now, and it's transformed my daily drive in 4 ways 18hZDNet SecurityYes, you should remove your data from the internet - and our favorite service is 55% off 18hCitizen LabResearchers Uncover Espionage in Mobile Networks 19hCSO OnlineCertifiably random: Swiss researchers claim perfect random number source 19hCybersecurity DiveCISA urges security teams to check for software development compromises 19hSecurityWeekCharter Communications Data Breach Could Impact Nearly 5 Million 19hFederal News CyberAgencies need to first move slow with their data to then move fast into AI 19hThe Hacker NewsAttackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit 19hSentinelOneThe Good, the Bad and the Ugly in Cybersecurity – Week 22 19hDark ReadingAsia's Cyber Insurance Market Shows Signs of Life 19hSecurityWeekMokN Raises $15 Million for Phish-Back Platform 19hBleepingComputerFrom $5 Attacks to Botnet-Powered Platforms: Inside the DDoS-as-a- Service Market 19hBleepingComputerDutch govt disrupts malware botnet with 17 million infected devices 20hTechCrunch SecurityFinal 24 hours to save up to $410 on your TechCrunch Disrupt 2026 ticket 20hThe RecordMicrosoft calls zero-day releases ‘never justifiable’ as researcher threatens to drop more 21hDark ReadingWith Complex Cloud Integrations, Small Errors Lead to Major Compromises 21hInfosecuritySilent Ransom Group Uses In-Person IT Impersonation to Breach Systems 21hThe Register SecurityDutch cops wrest 17M devices from mystery botnet's clutches 21hSecurityWeekGogs Zero-Day Exposes Servers to Remote Code Execution 21hOX Security7 AI Security Testing Tools for LLMs, Agents, and AI Pipelines (2026)22hBleepingComputerGoogle Chrome adds session cookie theft protection for all users 22hDark Reading'The Com' Cyberattacks Support Violence & Sexploitation 22hThe Register SecurityChatGPT blindly trusts browser content, turning the page into a payload 22hThe Register SecurityRussia-linked threat group put ChatGPT to work from lure to payload 23hIndicatorBriefing: YouTube stops hiding its AI labels 23hSecurityWeekCalifornia Sues 23andMe, Alleging It Failed to Protect User Data in 2023 Breach 23hSchneier on SecurityChilling Effects 23hThe Register SecurityShinyHunters adds Charter to trophy shelf after 4.9M customer records leak 1dSecurityWeekChrome 148 Update Patches 151 Vulnerabilities 1dBleepingComputerUS charges Google security engineer with Polymarket insider trading 1dInfosecurityInfosecurity Europe: CyCOS Project Expands to Support UK SMEs as CIISec Takes Over 1dCSO OnlineNotepad++ vulnerabilities could enable arbitrary code execution on Windows systems 1dCSO OnlineThe Gentlemen are coming for your files, and then your network 1dInfosecurityChinese Hackers Exploit Iran War to Target Maritime and Energy Companies 1dCSO OnlineCybersecurity trends in SEC filings 1dBleepingComputerCharter Communications data breach affects 4.9 million accounts 1dInfosecurityAI-Generated npm Malware Leaks Its Own GitHub Token 1dGraham CluleyPolice arrest man following hack of Ajax football club 1dWeLiveSecurityThis month in security with Tony Anscombe – May 2026 edition 1dKaspersky SecurelistWhat’s in the container? Analyzing vulnerabilities, risks and protection with Kaspersky Container Security and the KIRA AI assistant 1dCSO OnlineGDPR set the tone for regulatory action — and the AI fine pushback to come 1dXBOWGartner Security & Risk Management Summit 2026 1dZscalerWhat’s New in GovCloud: May 2026 Zscaler Product Updates 1dCrowdStrikeCrowdStrike Named a Leader in 2026 Gartner® Magic Quadrant™ for Endpoint Protection for Seventh Consecutive Time 1dCrowdStrikeShadow AI: The Hidden Risk Expanding Across the Enterprise 1dSnykHow Relay Network Adopted AI Coding Securely and Built the Foundation for Agentic Development 1dSnykFix SCA issues at scale in your terminal with Snyk Remediation Agent in the CLI 1dTenableOracle May 2026 Critical Security Patch Update Addresses 35 CVEs 1dMicrosoft SecurityTyposquatted npm packages used to steal cloud and CI/CD secrets 1dSANS ISCISC Stormcast For Friday, May 29th, 2026 https://isc.sans.edu/podcastdetail/9950, (Fri, May 29th)1dCSO OnlineIBM and Red Hat want to become the ‘security clearinghouse’ for open source applications in the enterprise 1dCSO OnlineLack of response to critical vulnerability in Gogs is a reminder of the limits of open source projects 1dBleepingComputerAnthropic confirms Claude Mythos-class models will roll out to the public 1dTLDR InfoSecSeedworm DLL Attack 🐛, Gitea Image Leak Bug 📦, Starlette ASGI Flaw 🤖1dExploit-DB[remote] Microsoft - NTLMv2 Hash Capture 1dExploit-DB[webapps] MikroORM 7.0.13 - SQL Injection 1dExploit-DB[webapps] Prodigy Commerce 3.3.0 - Local File Inclusion 1dExploit-DB[webapps] Langflow 1.3.0 - Remote Code Execution 1dExploit-DB[webapps] Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution 1dExploit-DB[local] ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion 1dExploit-DB[local] ZTE Routers - Unauthenticated Denial of Service 1dExploit-DB[local] ZTE ZXHN H188A V6 - Authentication Bypass 1dExploit-DB[local] ZTE H298A / H108N - Unauthenticated Credential Exposure 1dExploit-DB[local] Linux Kernel - Local Privilege Escalation 1dSimon WillisonClaude Opus 4.8: "a modest but tangible improvement"1dDark ReadingAs Global Powers Explore Humanoid Robots, Cyber-Risk Looms 1dBleepingComputerGreyVibe hackers use ChatGPT, Gemini to power cyberattacks 1dThe Register SecurityTroops’ phones gave away location data to foreign adversaries 1dPraetorianWhen Encryption Isn’t Really Encryption 1dBleepingComputerBTMOB Android malware service generates custom phishing payloads 1dFederal News Cyber‘Detect, understand, respond’ driving OMB, CISA’s latest cyber efforts 1dThe Register SecuritySnowflake buys Natoma to help freeze out rogue agents 1dSANS ISCAnalysis of a Year of Files Uploaded to DShield Sensors, (Wed, May 27th)1dTechCrunch SecurityHackers are trying to steal Signal users’ backups in new wave of widespread attacks 1dDark ReadingDutch Raid Fails to Dent Russian Bulletproof Host 1dCyberScoopHouse panel poised to hold hearing centered on AI impact on cyber 1dSecurityWeekRussia-Linked ‘GreyVibe’ Attackers Use AI to Supercharge Cyberattacks 1dCyberScoopGoogle security engineer accused of turning confidential search trends into $1.2M win on Polymarket 1dCisco TalosLess panic patching, more precision 1dTechCrunch SecurityA security lapse at prison pay phone service Pay Tel publicly exposed over 300K callers’ driver’s licenses 1dReversingLabsForrester Names RL in Agentic Development Security Market 1dPraetorianAdversarial Oracles: LLM-Guided EDR Signature Reduction 1dSecurityWeekGeordie Raises $30 Million for AI Security and Governance Platform 1dZscalerDeep Dive: Inside the Zscaler and Vectra AI Integration 1dEFF DeeplinksAge Verification is a Privacy Nightmare 1dQualysExtending EOL/EOS Software Intelligence Across Containers, Kubernetes, and Modern Workloads 1dSpecterOpsThe Case for Practicing Response Before You Need It 1dSpecterOpsDon’t Jump the Turnstile: Lessons from the Field 1dDark ReadingAgentic AI Isn't Risky; the Way Orgs Deploy It Is 1dInfosecurityAttackers Move Past Typosquatting to Realistic Package Impersonation 1dThe Hacker NewsThreat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer 1dCybersecurity DiveHow CISOs can manage sovereign-cloud security risks 1dMicrosoft SecurityThe Gentlemen ransomware: Dissecting a self-propagating Go encryptor 1dReversingLabs5 lessons from vulnerability management's front lines 1dSecurityWeekCarnival Data Breach Exposed 6 Million People 1dCybersecurity DiveIBM’s new $5B initiative will help enterprises rapidly patch open-source vulnerabilities 1dCybersecurity DiveEnterprise data is creeping its way into shadow AI tools 1dThe RecordCruise giant Carnival confirms data breach affecting nearly 6 million people 1dThe Hacker NewsMicrosoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal 1dThe RecordCanadian man gets 33 years for using social media to coerce US children into sending sexual content 1dGraham CluleyMyPillow listed on ransomware gang’s leak site, but denies it has been breached 1dWizState of Post Quantum Cryptography 1dThe Hacker NewsThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More 1dThe RecordChinese-speaking fraud gang could be stealing millions from 2026 World Cup fans 1dThe RecordRussia conducting daily attacks on UK 'from seabed to cyberspace,' spy chief warns 1dSecurityWeekNew BTMOB Android Malware Enables Full Device Takeover 1dCyberScoopZapier fixes bug chain that researchers say risked widespread account takeover 1dRapid7Experts on Experts: Why Compliance is becoming Continuous 1dCloudflareHow we built Cloudflare's data platform and an AI agent on top of it 1dMDSecVisual Studio Extensions Revisited 1dDark ReadingFocus on Cyber Insurance: How Quantifying Risk Is Reshaping Security 1dInfosecurityMicrosoft Condemns "Uncoordinated" Zero Day Disclosures 1dRapid7Authenticated RCE via Argument Injection in Gogs (NOT FIXED)1dInfosecurityNew Threat Actor Jinx-0164 Targets Crypto Developers on macOS 1dIndicatorTips for images, geolocation, and visualization that I learned from 5 OSINT videos 1dZscalerAutomating Operational Notifications from Zscaler with OneAPI 2dInfosecurityInfosecurity Europe: Cybersecurity Staff Prefer CISOs With Real Attack Response Experience, Study Reveals 2dUnit 422026 World Cup: Discussing The World’s Biggest Game’s Attack Surface 2dCisco TalosDICOM, Pydicom, GDCM, and Orthanc: A technical tour of what really happens in the heap 2dTenableDownload pumping: New npm deception technique for supply chain attacks 2dInfosecurityGCHQ Chief Urges Action as AI Reshapes Cyber Threats 2dDark ReadingBTMOB RAT Spreads Across Brazil, LatAm via MaaS Model 2dWeLiveSecurityESET APT Activity Report Q4 2025–Q1 2026 2dOX SecurityAI Security Testing: How to Validate LLMs, Agents, and AI Pipelines in Production 2dDark ReadingNordic CISOs Handle Rising Cyber Threats Remarkably Well 2dKaspersky SecurelistPirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years 2dXBOWAutonomous Offensive Security Testing, Built for Enterprise Trust 2dHelp Net SecurityHottest cybersecurity open-source tools of the month: May 2026 2dSANS ISCISC Stormcast For Thursday, May 28th, 2026 https://isc.sans.edu/podcastdetail/9948, (Thu, May 28th)2dSophosCanvas attack aftermath: What risks come next?2dSophosEncore Performance: Sophos ranked #1 Overall in Endpoint, EDR, XDR, MDR, and Firewall for the 2nd consecutive time in the G2 Summer 2026 Reports 2dTLDR InfoSecJailbroken Gemini Used For Hack 🤖, MyPillow Ransomware 🛏️, UK Visa Portal Leak 🛂2dDatadog Security LabsFrom Exploit Code to Production Detection: Building a CVE-2026-31431 (Copy Fail) detection with Agents 2dSimon Willisonsqlite AGENTS.md 2dGraham CluleySmashing Security podcast #469: What your Oura ring won’t tell you 2dFederal News CyberThe cyber strategy for America: How AI-powered security, shared services enable agile cyber defense 2dFederal News Cyber5G: The DoD’s wireless backbone 2dUnit 42Out of the Crypt: The Evolving Cyber Extortion Economy 2dSANS ISCReconstructing an Akira Ransomware Kill Chain from Perimeter and Endpoint Logs, (Wed, May 27th)2dCyberScoopOpenAI heralds cybersecurity, election interference safeguard plans for 2026 midterms 2dCyberScoopFBI warns US-based law firms to be on the lookout for cybercrime group that steals data in person 2dNextgov CyberIran’s hackers are coordinating more closely, Israel’s top cyberdefense official says 2dZscalerSecuring the Cloud: How Rust is Powering Zscaler’s Next Evolution 2dCyberScoopUK spy chief labels AI ‘unstoppable force’ with offensive, defensive ramifications for cyberspace 2dFederal News CyberDoD’s system to protect classified information held by contractors is under strain 2dTechCrunch SecurityUK Visa Portal exposed thousands of applicants’ passports and selfies — then called the lawyers on us 2dCloudflareIran's Internet is partially restored, Cloudflare Radar data shows 2dTechCrunch SecurityCrowdStrike and Google take down botnet used by hackers to target open source software developers 2dSimon WillisonI think Anthropic and OpenAI have found product-market fit 2dTenableInside the customer environment: Where threat actors, vulnerabilities, and exposed assets intersect 2dWizEvidence at the Moment of Attack. Answers at AI Speed.2dSpecterOpsSpelunking through Splunk 2dThe Hacker NewsMalicious npm Package Stole Files From Claude AI User Directory via GitHub 2dFederal News CyberBillington CyberSecurity Cyber and AI Outlook Series Episode 6: Securing AI for National Security: Defending Federal and Military AI Systems from Emerging Cyber Threats 2dCybersecurity DiveCoordinated operation takes down Glassworm botnet 2dHelp Net SecurityHackers are knocking on office doors pretending to be IT staff 2dReversingLabsDependency attack takes down ed-tech platform at scale 2dCybersecurity DiveLeading AI models are more vulnerable to malicious prompts than vendors claim 2dSchneier on SecurityFBI’s 2025 Internet Crime Report 2dCisco TalosMediaArea heap-based buffer overflow vulnerabilities 2dInfosecurityCrowdStrike, Google Take Down Glassworm Botnet 2dTechCrunch SecurityTechCrunch Disrupt 2026 Early Bird ticket savings end in 3 days 2dBlack Hills InfoSecBad Habits: An ANTISOC Operation 2dWizCommit to Compromise: A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure 2dHelp Net SecurityClaude now reviews and fixes vulnerabilities as you write code 2dCyberScoopCrowdStrike disrupts Glassworm botnet that preyed on open-source supply chain 2dOX SecurityVibe Coding Security: Why 62% Of AI-Generated Code Ships With Vulnerabilities 2dBitdefenderFootball Fever Fuels Scam Campaigns Across Email and Social Media 2dWizDefending at Machine 2dThe Hacker NewsGlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure 2dOX SecurityThe CVE Is Dead. Long live the Mythos Era.2dHelp Net SecurityApple makes its quantum-resistant encryption open source 3dThe Hacker NewsGitea Vulnerability Exposes Private Container Images without Authentication 3dCisco TalosIntroducing EvidenceForge: Synthetic security logs that don’t look (as) fake 3dOX SecurityMalware-Slop: New Malicious npm Package Leaks Its Own GitHub Private Token 3dWeLiveSecurityWhat to consider before asking an AI chatbot for health advice 3dSimon WillisonQuoting Kyle Ferrana 3dHelp Net SecurityVigolium: Open-source vulnerability scanner 3dSnykContinuous Offensive Security: The Line We've Been Walking 3dSANS ISCISC Stormcast For Wednesday, May 27th, 2026 https://isc.sans.edu/podcastdetail/9946, (Wed, May 27th)3dSophosSophos named a Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection for the 17th consecutive report 3dTLDR InfoSec600K Lithuanian Records Leaked 🇱🇹, KnowledgeDeliver 0-Day RCE 💥, Google Family Link Hijack 📱3dSimon WillisonThe pressure 3dNextgov CyberState leaders renew call for cyber grant program’s renewal 3dDoyensecComparing AI Application Security Testing Platforms 3dMicrosoft SecurityFrom poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities 3dEFF DeeplinksMore License Plate Reader Mission Creep: School Residency Verification, Background Checks, and Noise Complaints 3dFederal News CyberWhy Project Glasswing demands a shift to containment 3dXBOWAutonomous Offensive Security at Scale: Modern Penetration Testing for Enterprises 3dCyberScoopApple open-sources quantum-resistant encryption code 3dGraham CluleyFBI warns of Kali365 phishing kit that breaks into Microsoft 365 accounts – no password required 3dTechCrunch SecurityDutch government blocks US company from acquisition, citing ‘risk to public interest’3dSimon WillisonMicrosoft Copilot Cowork Exfiltrates Files 3dReversingLabsResearcher's Notebook: Hunting Megalodon Fossils 3dCybersecurity DiveIranian government, not hacktivist group, breached LA Metro system, security firm says 3dTechCrunch SecurityGhost hackers: the cybersecurity mystery that nobody has solved 3dTechCrunch SecurityIranian hackers blamed for breach of Los Angeles transit system that took weeks to recover 3dSimon WillisonQuoting Paul Graham 3dSchneier on SecurityIdentifying People Using Wi-Fi Routers 3dCybersecurity DiveFBI warns about PhaaS platform used to access Microsoft 365 environments 3dHelp Net SecurityAnthropic: Claude Mythos identified 10,000+ software flaws 3dTenableEXPOSURE 2026 prepares cybersecurity professionals for the AI era 3dFortinetPhishing Campaign Deploys JavaScript-Driven PureLogs Variant to Steal Sensitive Data 3dRapid7How Security Leaders Cut Through Complexity to Drive Better Outcomes 3dWizState of SDLC Security 2026: How Risk Scales in Modern Development 3dThe Hacker NewsMicrosoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions 3dIndicator8 AI bots now write 50% of X’s Community Notes 3dHelp Net SecurityHigh-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659)4dCheck Point ResearchAI Threat Landscape Digest March-April 2026 4dThe Hacker NewsCERT-In Recommends 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks 4dWeLiveSecurityBTMOB: A stealthy RAT burrowing deep into Android devices 4dAdversa AISymJack: the approval prompt is lying to you. A symlink-hijack RCE in six AI coding agents 4dCrowdStrikeCrowdStrike Named a Leader in Identity Threat Detection and Response 4dCrowdStrikeDisrupting Glassworm: Inside CrowdStrike’s Takedown of a Developer-Targeting Botnet 4dTrustedSecPCI DSS, Telephone Payments, and the Problems With VoIP 4dSANS ISCISC Stormcast For Tuesday, May 26th, 2026 https://isc.sans.edu/podcastdetail/9944, (Tue, May 26th)4dFull DisclosureRe: Dovecot Security Advisory OXDC-2026-0002 4dFull DisclosureSSRF in Anthropic mcp-server-fetch and Microsoft playwright-mcp — publicly disclosed via GitHub issues 4dFull Disclosure[SECURITY ADVISORY] CVE-2021-21735 - ZTE ZXHN H168N V3.5 Unauthenticated Admin Credential Leak 4dFull Disclosure[SECURITY ADVISORY] CVE-2026-34474 - ZTE H298A/H108N Unauthenticated Admin Credential Exposure 4dFull Disclosure[SECURITY ADVISORY] CVE-2026-34472 - ZTE ZXHN H188A V6 Authentication Bypass via Pre-Login Wizard 4dFull Disclosure[SECURITY ADVISORY] CVE-2026-34473 - Unauthenticated DoS in 17+ ZTE Router Models (140K+ Devices)4dFull DisclosureMultiple vulnerabilities in Sparx Pro Cloud Server and Enterprise Architect 4dSANS ISCPossible ACR Stealer From Page Impersonating Claude, (Tue, May 26th)4dTLDR InfoSecUbiquiti Patches 3 Flaws 📶, Ghost CMS SQLi Exploited 👻, Cisco CVSS 10 Patched 🩹4dElastic SecurityDetecting Tycoon 2FA AiTM attacks across Entra ID and Google Workspace 4dSimon WillisonNotes on Pope Leo XIV's encyclical on AI 4dTroy HuntWelcoming the Bhutanese Government to Have I Been Pwned 4dFederal News CyberAI reprices public-sector knowledge work 4dFederal News CyberOMB revamps cyber event logging requirements 4dHelp Net SecurityAnthropic adds 28 security and compliance integrations for Claude 4dCitizen LabTrump Wants to Tap Your Phone. Ottawa Might Let Him.4dHelp Net SecurityCisco refines its risk-based vulnerability disclosure for the AI era 4dCheck Point Research25th May – Threat Intelligence Report 4dSANS ISCMicrosoft Access VBA, (Mon, May 25th)4dMandiantExploitation of KnowledgeDeliver via ViewState Deserialization Vulnerability 4dMandiant2 PhaaS 2 Furious: The Evolution of Chinese-Language Phishing Services 4dSANS ISCTeamPCP Supply Chain Campaign: Activity Through 2026-05-24, (Mon, May 25th)4dOX SecurityFrom Auth Bypass to RCE: A 4-Vulnerability Exploit Chain in DataEase 4dHelp Net SecurityUS states step up cyber defenses to protect local communities 5dTLDR InfoSecLiteSpeed cPanel 0-Day ⚙️, Apple M5 MIE Defeated 🍎, npm Staged Publishing ⛓️5dSimon WillisonQuoting Armin Ronacher 6dTroy HuntWeekly Update 505 6dSnykLaravel Lang Supply Chain Advisory 6d0xdfHTB: MonitorsFour 6dXBOWExclusive CISO Dinner on AI Security Leadership 7dSchneier on SecurityFriday Squid Blogging: Regulating Squid Fishing in the South Pacific 7dRapid7Metasploit Wrap Up 05/22/2026 7dZscalerWhen the Scanner Starts Thinking: Learnings from Mythos & GPT 5.5 Cyber in Security Testing 7dMicrosoft SecurityMicrosoft recognized as a Leader in The Forrester Wave™ for Workforce Identity Security Platforms 7dMicrosoft SecurityFrom edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence 7dKrebs on SecurityLawmakers Demand Answers as CISA Tries to Contain Data Leak 7dReversingLabsGitHub breach: The development ecosystem is in the hot seat 7dMicrosoft SecurityMicrosoft Security success stories: How St. Luke’s and ManpowerGroup are securing AI foundations 7dCheck Point ResearchFast and Furious – Nimbus Manticore Operations During the Iranian Conflict 7dCybersecurity DiveIran-linked hackers target key US, allied sectors with sophisticated spear-phishing messages 7dCybersecurity DiveNew York regulator calls for additional cyber mitigation amid heightened threat environment 7dSchneier on SecurityCISA Security Leak 7dUnit 42Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns 7dThe MarkupIt’s easier for Californians to escape data brokers following a Markup investigation 7dIndicatorBriefing: New tools for AI image verification 8dUnit 42Paved With Intent: ROADtools and Nation-State Tactics in the Cloud 8dKaspersky SecurelistCloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload 8dWeLiveSecurityFoul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise 8dCrowdStrikeMeasuring AI-Enabled Success: 3 KPIs Leaders Should Track 8dTLDR InfoSecMegalodon Hits 5.7K Repos 🦈, CanaryHunter Token Scan 🔍, Kimwolf Admin Arrested 🚨8dKrebs on SecurityAlleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada 8dZscalerThe Agentic Wave: Why Our Newest Innovation Demands Our Oldest Discipline 8dSimon WillisonDatasette Agent 8dOX SecurityMegalodon: New CI/CD Malware Spreads Across GitHub, Infecting ~5,000+ Repositories 8dCisco TalosThe art of being ungovernable 8dGraham CluleyDefenders fall behind, as AI rewrites the rules of a data breach 8dWizClaude Enterprise Meets the Security Graph: Wiz Integrates with Anthropic's Compliance API 8dCloudflareAnnouncing Claude Compliance API support with Cloudflare CASB 8dSnykSnyk announces Anthropic updates: Evo integrates with Claude Enterprise, and Snyk Desk comes to Claude Desktop 8dSchneier on SecuritymacOS Kernel Memory Corruption Exploit 8dMicrosoft SecurityWhat’s new in Microsoft Security: May 2026 8dSpecterOpsIntroducing TailscaleHound: Mapping Tailscale Attack Paths in BloodHound 8dUnit 42The npm Threat Landscape: Attack Surface and Mitigations (Updated May 21)8dTenableMini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaign 8dHacking ArticlesWindows Privilege Escalation: Bypass UAC 8dReversingLabsAI agents are the new insider threat 8dTenableCVE-2026-9082: Highly Critical SQL Injection Vulnerability in Drupal Core (SA-CORE-2026-004)8dRapid7Q1 2026 Threat Landscape Report: Zero-clicks, geopolitical tensions, and some wins for law enforcement 8dOX SecurityAI code security: Why Your Old Tools Can’t Keep Up And What Enterprises Should Use Instead 8dTenableTenable One deepens third-party integrations with new Open Connector for unified risk visibility 8dProjectDiscoveryRed-Teaming Cloud Infrastructure with Neo 9dCrowdStrikeNew Claude Integration Brings Audit Data into the Falcon Platform 9dSnykSecuring The AI Revolution: How Snyk And Our Partners Are Scaling For The Future 9dTrustedSecShai-Hulud Is Back, and This Time It Ate the Whole Ecosystem 9dTLDR InfoSecGitHub Source Breached 🐙, MS RAMPART AI Toolkit 🪟, Discord Calls Now E2EE 💬9dDatadog Security LabsUnpatchable Vulnerabilities of Kubernetes: CVE-2021-25740 9dRecorded FutureThe Vulnerability Flood Is Now a Board Conversation. Here's How to Lead It.9dTor ProjectNew Release: Tails 7.8 9dGraham CluleySmashing Security podcast #468: High-speed train hacks and homicidal lawnmowers 9dNextgov CyberDraft executive order would set deadlines for digital signature and key quantum encryption 9dMicrosoft SecurityMini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft 9dReversingLabsHackers Abuse Parental Controls to Hijack Google Accounts 9dOX SecurityNorth Korean-Linked Threat Actor Targets Developers with New npm Infostealer RAT 9dHacking ArticlesA Detailed Guide on Nmap Firewall Scan 9dNextgov CyberHouse Homeland Dems request CISA briefing amid report of leaked agency credentials 9dQualysCVE-2026-46333: Local Root Privilege Escalation and Credential Disclosure in the Linux Kernel ptrace Path 9dEFF Deeplinks🔒 A Win for Encrypted Messaging | EFFector 38.10 9dReversingLabsSpectra Analyze, Spectra Core Update: Deeper Detection, Smarter Analysis 9dSchneier on SecurityOn AI Security 9dBlack Hills InfoSecSame Problem, Different Angles: When Red Team and Blue Team Actually Talk to Each Other 9dOX SecurityTeamPCP Strikes (again): How a Trojan VS Code Extension Brought Down GitHub 9dSentinelOneSentinels League 2026: Live Rankings for the Threat Hunting World Championship 9dFortinetMisconfigured, Enrolled and Dormant: Anatomy of a P2Pinfect Kubernetes Compromise 9dTenableImplement agentic AI in cybersecurity with Tenable Hexa AI: Reduce cyber risk at machine speed 9dRapid7Operationalizing CTEM Faster: Build Surface Command Dashboards in Minutes 10dUnit 42Tracking TamperedChef Clusters via Certificate and Code Reuse 10dKaspersky SecurelistHow an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102)10dWeLiveSecurityWebworm: New burrowing techniques 10dGraham CluleyFBI warns students and staff that ShinyHunters may come knocking after Canvas breach 10dZscalerGLOBSEC: How to overcome the digital trust crisis 10dCrowdStrikeHow to Protect Identities and Sessions from Infostealers 10dSophosSophos Firewall and Synchronized Security 10dSophosGitHub internal repositories breached.10dTLDR InfoSecCisco SD-WAN CVSS 10 📶, Cloudflare Tests Mythos ☁️, CISA Leaks AWS Keys 🏛️10dSnykA Day in the Life of a Strategy Co 10dSnykThe AntV Supply Chain Campaign Expands: Microsoft's `durabletask` PyPI Package Compromised 10dEFF DeeplinksMicrosoft Took a Step Toward Human Rights Accountability. Google and Amazon (and Others) Should Pay Attention!10dNextgov CyberTelecom firms form new cyber information-sharing group 10dWizdurabletask: TeamPCP's Latest PyPi Compromise 10dQualysInside the 2026 Verizon DBIR: What One Billion Records Revealed About Vulnerability Remediation 10dCisco TalosTP-Link, Photoshop, OpenVPN, Norton VPN vulnerabilities 10dRapid7Rapid7’s 2026 Global Cybersecurity Summit: Key Takeaways for Security Leaders 10dEFF DeeplinksYour Privacy Shouldn't Be A Corporate Decision 10dNextgov CyberMicrosoft disrupts cybercrime service offering malware disguised as legitimate software 10dSentinelOneTurn Blind Trust into Verified Control with Prompt Security for Agentic AI 10dIndicatorTech platforms are now required by US law to remove deepfake nudes. Here’s how you can request a takedown.10dWizIntroducing Runtime Threat Detection for Google Cloud Run 10dTenableKey findings from the Verizon DBIR 2026: Slower vulnerability remediation meets faster exploitation 10dCloudflareAnnouncing Claude Managed Agents on Cloudflare 10dBitdefenderMicrosoft’s MSHTA Legacy Tool Still Powers Malware Campaigns on Windows 10dSchneier on SecurityLaurie Anderson Is Quoting Me 11dCisco TalosFrom PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat 11dWeLiveSecurityThe quest for greater tech independence 11dWizThe Worm That Keeps on Digging: TeamPCP Hits @antv in Latest Wave 11dTrustedSecCoverage-Driven Sustained Testing (CDST): A Graph-Oriented Model for Open-Ended Agentic Workflows 11dHacking ArticlesNetExec for OSCP: AD Pentesting 11dSophosWantToCry ransomware remotely encrypts files 11dTLDR InfoSec1.8M NYC Patients Hit 🗽, Pixel 10 0-Click Exploit 📱, Ledger Mail Phishing ✉️11dRecorded FutureAt Mythos Speed: A Defender's Playbook for the AI Vulnerability Surge in 2026 11dTor ProjectNew Release: Tor Browser 15.0.14 11dTor ProjectA new way to fund internet freedom 11dSnykMini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Published via Compromised Maintainer Account 11dZscalerData Leakage Through AI Prompts: 12 Realistic Examples (and Controls That Stop Them)11dDoyensecWhen Filenames Become Attack Surfaces: Weaponizing NASA's CFITSIO Extended Filename Syntax 11dKrebs on SecurityCISA Admin Leaked AWS GovCloud Keys on Github 11dEFF DeeplinksWe Updated Our Privacy Policy. Here's What Changed and Why.11dEFF DeeplinksWe Must Not Normalize Digital Surveillance Abuses. EFF’s New Guide Underlines Concrete Steps to Fight Back.11dCheck Point Research18th May – Threat Intelligence Report 11dSentinelOneSHub Reaper | macOS Stealer Spoofs Apple, Google, and Microsoft in a Single Attack Chain 11dSentinelOneBreaking the Black Box: A Case Study in Red-Teaming a Government Education AI