Cyber Security
Cybersecurity
DragonForce and Nitrogen Ransomware Hit Three Continents
DragonForce claimed Lebanon IT firm SETS Solutions and Mexican manufacturer Copamex, while Nitrogen posted U.S. real estate developer Pyramid in parallel.
Application Security
AI Tool Uncovers Two-Year-Old Redis RCE CVE-2026-23479
Team Xint Code used an AI tool to find CVE-2026-23479, a two-year-old Redis RCE posing high risk in cloud environments where Redis runs without authentication.
Cybersecurity
CISA to Issue Binding AI Security Directive This Week
CISA will issue a binding directive from the AI executive order, mandating AI vulnerability management rules for all federal civilian executive branch agencies.
Application Security
AI Worm Exploits 73.8% of Test Enterprise Network with Free Model
University of Toronto researchers built an AI worm that exploited 73.8% of a test enterprise network using a free open-weight model and only known CVEs.
Application Security
Fake Claude Code Installers on Google Sites Steal AI API Keys
An active campaign uses 32 Google Sites pages to distribute credential malware targeting AI API keys, browser logins, and password managers from developers.
Application Security
Fake Chrome Web Store DMCA Notices Target Extension Developers
Attackers send fake Chrome Web Store DMCA notices using real extension data to steal developer accounts and push malicious updates to millions of users.
Cybersecurity
Commission Proposes $11 Billion Dedicated US Cyber Force Branch
A CSIS/FDD commission proposed a standalone US Cyber Force with 30,000 troops and an $11 billion startup cost, with Gillibrand's defense amendments pending.
Cybersecurity
KillSec Ransomware Hits Indian Teaching Hospital and Mexican Insurer
KillSec ransomware posted an Indian teaching hospital and a Mexican insurance firm as victims, exposing patient data under India's DPDPA and Mexico's CNBV.
Cybersecurity
Nova Ransomware Apologizes for CIS Rule Violation, Bans Affiliate
Nova ransomware publicly apologized and banned an affiliate for attacking Eriell Group, an Uzbekistan oilfield firm, violating the CIS safe harbor rule.
Cybersecurity
Trump Signs Executive Order for National Security Review of AI Models
Trump signed an executive order directing US national security agencies to assess top AI foundation models for offensive cyber and dual-use threat risks.
Application Security
Huntress Discloses Windows Search URI Flaw That Leaks NTLMv2 Hashes
Huntress disclosed a Windows Search URI handler flaw that silently sends NTLMv2 hashes to attacker servers with one click. Microsoft declined to patch.
Cybersecurity
Qilin Ransomware Claims Six Victims Across Five Countries in Two Days
Qilin ransomware posted six victims across five countries over two days, including Nova Medical Products and MEISA Sines at Portugal's Sines energy port.
Cybersecurity
APT73 Bashe Ransomware Claims Armenia’s Ministry of Internal Affairs
APT73 (Bashe), a LockBit-linked RaaS, posted Armenia's elections.mia.gov.am as a victim, threatening voter registration and electoral administration data.
Cybersecurity
Russia’s FSB Claims Foreign Spies Installed Phone Surveillance Malware
Russia's FSB claimed foreign spies installed surveillance malware on senior officials' smartphones, naming Cloudflare and Fastly as alleged C2 infrastructure.
Cybersecurity
Europol Operation KRATOS 2 Dismantles 9 Illegal Streaming Crime Groups
Europol's seven-month Operation KRATOS 2 arrested 29 suspects, targeted 4,370 piracy domains, and removed 27,000 illegal streaming URLs across 13 countries.
Application Security
CVE-2026-8206 Kirki Plugin Exploited; 500,000 WordPress Sites at Risk
CVE-2026-8206 in the Kirki WordPress plugin is under active attack, with Wordfence detecting 222 exploitation attempts targeting admin account takeover.
CVE Vulnerability Alerts
CVE-2026-0826 (CVSS 9.2): Unauthenticated RCE in HP Poly VoIP Phones
CVE-2026-0826 allows unauthenticated root-level RCE on HP Poly VVX and Trio VoIP phones via a crafted SIP INVITE request targeting the SDP/ICE parser.
Cybersecurity
Sophos: AI Ransomware Toolkit Uses Claude Opus 4.5 for EDR Evasion
Sophos discovered a criminal ransomware framework using Claude Opus 4.5 and multi-agent AI pipelines to build and test 80 evasion-optimized malware modules.
Application Security
CISA Adds CVE-2024-21182 Oracle WebLogic to KEV; Feds Have 3 Days
CISA confirmed active exploitation of Oracle WebLogic CVE-2024-21182, giving federal agencies a June 4 deadline to patch the unauthenticated data-access flaw.
Application Security
CVE-2026-49975 HTTP/2 Bomb Hits nginx, Apache, Envoy, and Cloudflare
CVE-2026-49975 HTTP/2 Bomb exploit achieves 5,700:1 amplification against Envoy, crashing 32 GB of server memory with a single residential connection.
Cybersecurity
DragonForce and Nitrogen Ransomware Hit Three Continents
TOP CYBERSECURITY HEADLINES
Application Security
AI Worm Exploits 73.8% of Test Enterprise Network with Free Model
Application Security
Fake Claude Code Installers on Google Sites Steal AI API Keys
Application Security
Fake Chrome Web Store DMCA Notices Target Extension Developers
This Week’s Security Spotlight
Cybersecurity
CISA to Issue Binding AI Security Directive This Week
Application Security
Fake Claude Code Installers on Google Sites Steal AI API Keys
Application Security
IBM WebSphere CVE-2026-8633: CVSS 9.8 No-Auth RCE Flaw Patched
Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
AI Worm Exploits 73.8% of Test Enterprise Network with Free Model
University of Toronto researchers built an AI worm that exploited 73.8% of a test enterprise network using a free open-weight model and only known CVEs.
Fake Claude Code Installers on Google Sites Steal AI API Keys
An active campaign uses 32 Google Sites pages to distribute credential malware targeting AI API keys, browser logins, and password managers from developers.
Fake Chrome Web Store DMCA Notices Target Extension Developers
Attackers send fake Chrome Web Store DMCA notices using real extension data to steal developer accounts and push malicious updates to millions of users.
Commission Proposes $11 Billion Dedicated US Cyber Force Branch
A CSIS/FDD commission proposed a standalone US Cyber Force with 30,000 troops and an $11 billion startup cost, with Gillibrand's defense amendments pending.
KillSec Ransomware Hits Indian Teaching Hospital and Mexican Insurer
KillSec ransomware posted an Indian teaching hospital and a Mexican insurance firm as victims, exposing patient data under India's DPDPA and Mexico's CNBV.
Nova Ransomware Apologizes for CIS Rule Violation, Bans Affiliate
Nova ransomware publicly apologized and banned an affiliate for attacking Eriell Group, an Uzbekistan oilfield firm, violating the CIS safe harbor rule.
Trump Signs Executive Order for National Security Review of AI Models
Trump signed an executive order directing US national security agencies to assess top AI foundation models for offensive cyber and dual-use threat risks.
Huntress Discloses Windows Search URI Flaw That Leaks NTLMv2 Hashes
Huntress disclosed a Windows Search URI handler flaw that silently sends NTLMv2 hashes to attacker servers with one click. Microsoft declined to patch.
Qilin Ransomware Claims Six Victims Across Five Countries in Two Days
Qilin ransomware posted six victims across five countries over two days, including Nova Medical Products and MEISA Sines at Portugal's Sines energy port.
APT73 Bashe Ransomware Claims Armenia’s Ministry of Internal Affairs
APT73 (Bashe), a LockBit-linked RaaS, posted Armenia's elections.mia.gov.am as a victim, threatening voter registration and electoral administration data.
Russia’s FSB Claims Foreign Spies Installed Phone Surveillance Malware
Russia's FSB claimed foreign spies installed surveillance malware on senior officials' smartphones, naming Cloudflare and Fastly as alleged C2 infrastructure.
Europol Operation KRATOS 2 Dismantles 9 Illegal Streaming Crime Groups
Europol's seven-month Operation KRATOS 2 arrested 29 suspects, targeted 4,370 piracy domains, and removed 27,000 illegal streaming URLs across 13 countries.
CVE-2026-8206 Kirki Plugin Exploited; 500,000 WordPress Sites at Risk
CVE-2026-8206 in the Kirki WordPress plugin is under active attack, with Wordfence detecting 222 exploitation attempts targeting admin account takeover.
CVE-2026-0826 (CVSS 9.2): Unauthenticated RCE in HP Poly VoIP Phones
CVE-2026-0826 allows unauthenticated root-level RCE on HP Poly VVX and Trio VoIP phones via a crafted SIP INVITE request targeting the SDP/ICE parser.
Sophos: AI Ransomware Toolkit Uses Claude Opus 4.5 for EDR Evasion
Sophos discovered a criminal ransomware framework using Claude Opus 4.5 and multi-agent AI pipelines to build and test 80 evasion-optimized malware modules.
CISA Adds CVE-2024-21182 Oracle WebLogic to KEV; Feds Have 3 Days
CISA confirmed active exploitation of Oracle WebLogic CVE-2024-21182, giving federal agencies a June 4 deadline to patch the unauthenticated data-access flaw.
CVE-2026-49975 HTTP/2 Bomb Hits nginx, Apache, Envoy, and Cloudflare
CVE-2026-49975 HTTP/2 Bomb exploit achieves 5,700:1 amplification against Envoy, crashing 32 GB of server memory with a single residential connection.
VS Code Zero-Day Exposes GitHub OAuth Tokens; No Patch Available
Researcher Ammar Askar publicly disclosed a VS Code zero-day that lets malicious extensions steal GitHub OAuth tokens, granting full repository access.
Google Patches Android Zero-Day CVE-2025-48595 Under Active Exploit
Google confirmed CVE-2025-48595, a no-interaction privilege escalation flaw in Android 14–16, is under active targeted attack. Patches arrive June 5.
Red Hat npm Packages Backdoored with Miasma Credential Worm
Attackers backdoored 32 Red Hat npm packages with the Miasma worm, stealing CI/CD secrets, cloud keys, and SSH keys across roughly 80,000 weekly downloads.