Main Menu
Cyber Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Netherlands Seizes 800 Stark Industries Servers, Arrests Two
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Ubiquiti Patches 3 Max-Severity UniFi OS Flaws, 100K Exposed
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Mysk: WhatsApp Stores Chats Unencrypted, Meta Apps Can Read Them
Wireshark 4.6.6 Patches ROHC Crash and MACsec Buffer Overflow
FBI Warns Kali365 PhaaS Platform Bypasses Microsoft 365 MFA
Lenovo BootRepair.sys Driver Exposes BYOVD Attack on CrowdStrike
Splunk CVE-2026-20239 Logs Session Cookies in Plaintext
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Deleted Google API Keys Stay Active for Up to 23 Minutes
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Texas AG Sues Meta Over WhatsApp Encryption Claims
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
UNG0002 Hides Cobalt Strike in macOS Folder Structures
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
Operation Dragon Whistle Uses VS Code Tunnels as C2
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
NGINX 1.31.0 Zero-Day nginx-poolslip Bypasses ASLR
WantToCry Ransomware Hits SMB Ports, Evades EDR Tools
DOJ Secures Guilty Pleas From Tech-Support Fraud Executives
BadIIS Malware-as-a-Service Hijacks IIS Servers for SEO Fraud
GhostTree Exploit Hangs Windows Defender With NTFS Junctions
SilverFox APT Spreads ValleyRAT via Fake Microsoft Teams Sites
TamperedChef Hides Malware Inside Signed Apps
Chrome 148 Patches Critical WebRTC Use-After-Free
P2PInfect Botnet Infiltrates Kubernetes Clusters via Redis
CVE Vulnerability Alerts
Dirty Frag CVE-2026-43284 Exploited in Wild, Linux Patches Out
Mitchell Langley May 12, 2026
Microsoft Defender confirmed limited in-the-wild exploitation of Dirty Frag CVE-2026-43284 in Linux, a deterministic LPE chain targeting xfrm-ESP and RxRPC page caches. Patches available for ...
Cybersecurity
FCC Extends Foreign Router Update Window to 2029 Amid Volt Typhoon
Gabby Lee May 12, 2026
The FCC extended security update support for banned Chinese-made routers to 2029, citing Volt Typhoon threat concerns and risk of unpatched network devices.
Cybersecurity
Skoda Online Shop Breach Exposes Customer Data and Password Hashes
Gabby Lee May 12, 2026
Skoda Auto disclosed a breach of its online shop portal that exposed customer names, addresses, email addresses, and password hashes to unauthorized access.
Cybersecurity
Operation HookedWing: 4-Year Campaign Compromises 500 Orgs
Mitchell Langley May 12, 2026
SOCRadar uncovered Operation HookedWing, a 4-year credential-harvesting campaign that compromised 2,000+ accounts across 500+ organizations in aviation, energy, government, and critical infrastructure using GitHub-hosted phishing ...
Application Security
cPanel Patches Three CVEs as Sorry Ransomware Hits 44K Servers
Gabby Lee May 12, 2026
cPanel released a second emergency patch in ten days — CVE-2026-29202 and CVE-2026-29203 enable code execution — as Sorry ransomware hits 44,000 servers.
Application Security
Checkmarx Jenkins Plugin Backdoored in TeamPCP Supply Chain
Gabby Lee May 12, 2026
TeamPCP backdoored the Checkmarx Jenkins AST scanner plugin in a third supply chain wave, following March Trivy and April KICS attacks. Version 2026.5.09 was compromised; ...
Cybersecurity
University Student’s TETRA Replay Attack Halts Taiwan Bullet Train
Mitchell Langley May 12, 2026
A Taiwan university student used cheap radio equipment to replay TETRA signals, disabling the island's high-speed rail network for nearly an hour in 2026.
Application Security
Five Malicious NuGet Packages Target Chinese .NET Developers
Mitchell Langley May 12, 2026
Socket discovered five NuGet packages typosquatting Chinese .NET UI libraries — IR.DantUI, IR.OscarUI, and three more — amassing 65,000 downloads while stealing credentials from 12 ...
Cybersecurity
QLNX Fileless Linux RAT Combines eBPF Rootkit, PAM Backdoor
Gabby Lee May 12, 2026
QLNX is a fileless Linux RAT using eBPF rootkit and PAM backdoor to steal npm, PyPI, AWS, and GitHub tokens from developer hosts with near-zero ...
Cybersecurity
ShinyHunters Leaks 50GB After Vishing Breach at Cushman & Wakefield
Andrew Doyle May 12, 2026
Cushman & Wakefield confirmed a vishing-enabled breach after ShinyHunters and Qilin ransomware listed the firm separately. ShinyHunters published a 50GB Salesforce dataset after the May ...
Application Security
Google GTIG Documents First AI-Generated Zero-Day Exploit
Gabby Lee May 12, 2026
Google's Threat Intelligence Group confirmed the first AI-generated zero-day exploit, targeting 2FA logic in an open-source web admin tool via LLM-written code.
Application Security
Apache CVE-2026-23918: HTTP/2 Double-Free Enables RCE on Debian
Mitchell Langley May 12, 2026
Apache patched CVE-2026-23918 (CVSS 8.8), a double-free in mod_http2 that enables RCE on Debian-default Linux servers. Fix ships in Apache HTTP Server 2.4.67.
Application Security
SailPoint GitHub Repositories Breached via Third-Party App Flaw
Mitchell Langley May 12, 2026
SailPoint disclosed unauthorized access to its GitHub repositories through a third-party app vulnerability on April 20, 2026, exposing source code data.
Cybersecurity
TrickMo Android Banker Routes C2 Traffic Through TON Blockchain
Andrew Doyle May 12, 2026
ThreatFabric identified Trickmo.C, a TrickMo Android banking trojan routing C2 through TON blockchain with SSH tunneling, SOCKS5, and NFC capabilities targeting European banking users.
Application Security
CVE-2026-7482 in Ollama Exposes 300,000 AI Servers to Memory Leaks
Gabby Lee May 11, 2026
CVE-2026-7482, dubbed 'Bleeding Llama,' exposes 300,000+ Ollama AI servers to heap memory leaks via a crafted GGUF file. Patch to version 0.17.1 is available.
Application Security
JDownloader Website Hacked to Serve Python RAT Malware
Mitchell Langley May 11, 2026
Unknown attackers compromised the official JDownloader website and replaced legitimate Windows and Linux installers with a Python-based remote access trojan.
Cybersecurity
NVIDIA GeForce NOW Breach Exposes Armenian Users’ Data
Andrew Doyle May 11, 2026
NVIDIA confirmed a GeForce NOW data breach via Armenian partner GFN.am, exposing names, emails, and phone numbers of users registered before March 9, 2026.
Cybersecurity
RansomHouse Breaches Trellix; Source Code Repositories Accessed
Mitchell Langley May 11, 2026
Trellix confirmed unauthorized access to its source code repositories after RansomHouse posted photographic evidence of the breach. Law enforcement has been notified.
Application Security
Fake OpenAI Repo Trended on Hugging Face Before Malware Found
Andrew Doyle May 11, 2026
A fraudulent OpenAI repository reached Hugging Face's trending list while distributing infostealing malware targeting credentials and access tokens.
Cybersecurity
MacSync Infostealer Weaponizes Google Ads and Claude.ai Chats
Gabby Lee May 11, 2026
Attackers chain Google sponsored ads with fake Claude.ai chat sessions to deliver MacSync, a macOS infostealer harvesting Keychain contents and browser credentials.
Application Security
Ghost CMS CVE-2026-26980 Exploited in ClickFix Campaign
Mitchell Langley May 25, 2026
Cybersecurity
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Gabby Lee May 25, 2026
Cybersecurity
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Gabby Lee May 25, 2026
Cybersecurity
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Mitchell Langley May 25, 2026

TOP CYBERSECURITY HEADLINES

Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Application Security
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
Cybersecurity
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Cybersecurity
Netherlands Seizes 800 Stark Industries Servers, Arrests Two

This Week’s Security Spotlight

Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Mitchell Langley May 25, 2026
Application Security
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Gabby Lee May 25, 2026
CVE Vulnerability Alerts
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
Gabby Lee May 22, 2026
Cybersecurity
NYC Health + Hospitals Breach Exposes 1.8M Patients’ Fingerprints
Gabby Lee May 21, 2026
More In News
Trending
INTERPOL Operation Ramz: 201 Arrests in 13-Nation MENA Sweep
Tycoon2FA Adds Device-Code Attack to Bypass Microsoft 365 MFA
Operation HookedWing: 4-Year Campaign Compromises 500 Orgs
ShinyHunters Leaks 50GB After Vishing Breach at Cushman & Wakefield

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Star Blizzard’s Malware Makeover: From LostKeys to MaybeRobot
October 23, 2025
Podcasts
Keycard Emerges from Stealth with $38M to Secure the Identity of AI Agents
October 23, 2025
Podcasts
Critical TP-Link Omada Vulnerabilities Expose Networks to Remote Takeover
October 23, 2025

Cyber Security News

Application Security
TamperedChef Hides Malware Inside Signed Apps
May 22, 2026
Application Security
Chrome 148 Patches Critical WebRTC Use-After-Free
May 22, 2026
CVE Vulnerability Alerts
P2PInfect Botnet Infiltrates Kubernetes Clusters via Redis
May 22, 2026
Group-IB Exposes Five Brokers Fabricating Breach Alerts From Old Leaks
Cybersecurity
Group-IB Exposes Five Brokers Fabricating Breach Alerts From Old Leaks
May 22, 2026
Cybersecurity
NYC Health + Hospitals Breach Exposes 1.8M Patients’ Fingerprints
May 21, 2026
Cybersecurity
Poland Drops Signal After Russian APTs Compromise Officials’ Accounts
May 21, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Operation HookedWing: 4-Year Campaign Compromises 500 Orgs
May 12, 2026
SOCRadar uncovered Operation HookedWing, a 4-year credential-harvesting campaign that compromised 2,000+ accounts across 500+ organizations in aviation, energy, government, and critical infrastructure using GitHub-hosted phishing ...
cPanel Patches Three CVEs as Sorry Ransomware Hits 44K Servers
May 12, 2026
cPanel released a second emergency patch in ten days — CVE-2026-29202 and CVE-2026-29203 enable code execution — as Sorry ransomware hits 44,000 servers.
Checkmarx Jenkins Plugin Backdoored in TeamPCP Supply Chain
May 12, 2026
TeamPCP backdoored the Checkmarx Jenkins AST scanner plugin in a third supply chain wave, following March Trivy and April KICS attacks. Version 2026.5.09 was compromised; ...
University Student’s TETRA Replay Attack Halts Taiwan Bullet Train
May 12, 2026
A Taiwan university student used cheap radio equipment to replay TETRA signals, disabling the island's high-speed rail network for nearly an hour in 2026.
Five Malicious NuGet Packages Target Chinese .NET Developers
May 12, 2026
Socket discovered five NuGet packages typosquatting Chinese .NET UI libraries — IR.DantUI, IR.OscarUI, and three more — amassing 65,000 downloads while stealing credentials from 12 ...
QLNX Fileless Linux RAT Combines eBPF Rootkit, PAM Backdoor
May 12, 2026
QLNX is a fileless Linux RAT using eBPF rootkit and PAM backdoor to steal npm, PyPI, AWS, and GitHub tokens from developer hosts with near-zero ...
ShinyHunters Leaks 50GB After Vishing Breach at Cushman & Wakefield
May 12, 2026
Cushman & Wakefield confirmed a vishing-enabled breach after ShinyHunters and Qilin ransomware listed the firm separately. ShinyHunters published a 50GB Salesforce dataset after the May ...
Google GTIG Documents First AI-Generated Zero-Day Exploit
May 12, 2026
Google's Threat Intelligence Group confirmed the first AI-generated zero-day exploit, targeting 2FA logic in an open-source web admin tool via LLM-written code.
Apache CVE-2026-23918: HTTP/2 Double-Free Enables RCE on Debian
May 12, 2026
Apache patched CVE-2026-23918 (CVSS 8.8), a double-free in mod_http2 that enables RCE on Debian-default Linux servers. Fix ships in Apache HTTP Server 2.4.67.
SailPoint GitHub Repositories Breached via Third-Party App Flaw
May 12, 2026
SailPoint disclosed unauthorized access to its GitHub repositories through a third-party app vulnerability on April 20, 2026, exposing source code data.
TrickMo Android Banker Routes C2 Traffic Through TON Blockchain
May 12, 2026
ThreatFabric identified Trickmo.C, a TrickMo Android banking trojan routing C2 through TON blockchain with SSH tunneling, SOCKS5, and NFC capabilities targeting European banking users.
CVE-2026-7482 in Ollama Exposes 300,000 AI Servers to Memory Leaks
May 11, 2026
CVE-2026-7482, dubbed 'Bleeding Llama,' exposes 300,000+ Ollama AI servers to heap memory leaks via a crafted GGUF file. Patch to version 0.17.1 is available.
JDownloader Website Hacked to Serve Python RAT Malware
May 11, 2026
Unknown attackers compromised the official JDownloader website and replaced legitimate Windows and Linux installers with a Python-based remote access trojan.
NVIDIA GeForce NOW Breach Exposes Armenian Users’ Data
May 11, 2026
NVIDIA confirmed a GeForce NOW data breach via Armenian partner GFN.am, exposing names, emails, and phone numbers of users registered before March 9, 2026.
RansomHouse Breaches Trellix; Source Code Repositories Accessed
May 11, 2026
Trellix confirmed unauthorized access to its source code repositories after RansomHouse posted photographic evidence of the breach. Law enforcement has been notified.
Fake OpenAI Repo Trended on Hugging Face Before Malware Found
May 11, 2026
A fraudulent OpenAI repository reached Hugging Face's trending list while distributing infostealing malware targeting credentials and access tokens.
MacSync Infostealer Weaponizes Google Ads and Claude.ai Chats
May 11, 2026
Attackers chain Google sponsored ads with fake Claude.ai chat sessions to deliver MacSync, a macOS infostealer harvesting Keychain contents and browser credentials.
Germany, Spain Dismantle Rebooted Crimenetwork, Arrest Operator
May 11, 2026
German and Spanish authorities shut down the relaunched Crimenetwork dark web marketplace and arrested its 35-year-old German operator in Mallorca under a European arrest warrant.
TCLBanker Trojan Spreads via WhatsApp and Outlook, Hits 59 Banks
May 11, 2026
Researchers identify TCLBanker, a Brazilian banking trojan targeting 59 financial platforms that self-propagates by sending malicious messages through victims' WhatsApp and Outlook accounts.
cPanel and WHM Patch Three CVEs, Two Rated High Severity
May 11, 2026
cPanel patched two CVSS 8.8 flaws including Perl code execution in WHM, as the 40,000-server CVE-2026-41940 campaign remains active.
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Netherlands Seizes 800 Stark Industries Servers, Arrests Two
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Ubiquiti Patches 3 Max-Severity UniFi OS Flaws, 100K Exposed
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Mysk: WhatsApp Stores Chats Unencrypted, Meta Apps Can Read Them
Wireshark 4.6.6 Patches ROHC Crash and MACsec Buffer Overflow
FBI Warns Kali365 PhaaS Platform Bypasses Microsoft 365 MFA
Lenovo BootRepair.sys Driver Exposes BYOVD Attack on CrowdStrike
Splunk CVE-2026-20239 Logs Session Cookies in Plaintext
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Deleted Google API Keys Stay Active for Up to 23 Minutes
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Texas AG Sues Meta Over WhatsApp Encryption Claims
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
UNG0002 Hides Cobalt Strike in macOS Folder Structures
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
Operation Dragon Whistle Uses VS Code Tunnels as C2