FBI: Phishing-as-a-Service Kit Hijacks Microsoft 365
The FBI has flagged a new phishing‑as‑a‑service kit called Kali365 that hijacks Microsoft 365 accounts by stealing the access token issued after a successful multifactor authentication (MFA) check. The kit exploits Microsoft’s device‑code sign‑in flow, allowing attackers to bypass MFA and gain full mailbox access without a password. Priced at $250 per month (about $2,000 annually) and sold on Telegram, Kali365 targets financial‑services employees, creating a foothold for wire fraud and business‑email compromise. Regulators urge banks to block the device‑code flow and adopt phishing‑resistant authentication such as FIDO passkeys.
Microsoft Is Killing SMS Sign-In Codes. ERP Teams Should Pay Attention
Microsoft is phasing out SMS one‑time codes for personal Microsoft accounts, steering users toward passkeys, Microsoft Authenticator, and verified email. The deprecation does not affect Microsoft Entra ID work accounts, but it does impact ERP teams that rely on personal...
CrowdStrike and Google Take Down Botnet Used by Hackers to Target Open Source Software Developers
CrowdStrike, in partnership with Google and nonprofit Shadowserver, dismantled the Glassworm botnet that had been compromising open‑source developers for two years. The operation shut down four command‑and‑control servers that leveraged the Solana blockchain, BitTorrent, Google Calendar and VPNs, halting further...
The FBI Just Dropped Its 2025 Internet Crime Report. Here Are 6 Big Takeaways
The FBI’s 2025 Internet Crime Report shows internet‑crime complaints exceeding 1 million for the first time, with more than 3,000 reports filed each day. Reported losses surged to over $20 billion, a $4 billion increase from 2024 and double the amount recorded four...
Latin American Cybercriminals Hoover Up Government Data
Latin American cybercriminal groups have made public administration the region's most‑breached sector, accounting for 21% of all breaches (543 incidents) in the past year. High‑profile compromises include Uruguay's Antel identity service, data theft from 25 Mexican agencies, and a wave...
AI-Assisted Exploit Development Outpaces Scanner Detection
Researchers at Cogent Security found that AI‑assisted exploit creation slashed the time needed to weaponize a disclosed vulnerability from 125 days in early 2025 to just 0.5 days by April 2026. The acceleration, driven by publicly available large language models that can read patch...
Malicious Npm Package Stole Files From Claude AI User Directory via GitHub
Security researchers at OX Security have identified a malicious npm package, mouse5212‑super‑formatter, that steals files from the Claude AI user directory. The package uploads data to a threat‑actor‑controlled GitHub repository by leveraging a GitHub token found on the victim’s machine...
Sola Security Unveils Lumina, Forwarding an Autonomous Security Deep Research Platform for Actionable Risk Intelligence?
Sola Security introduced Lumina, an autonomous risk‑intelligence platform that continuously scans cloud, identity, SaaS and endpoint environments. The solution converts thousands of raw data points into a daily feed of contextualized signals, each enriched with business impact and recommended actions....
How Can MSSPs Scale Threat Detection Without Burning Out Their Analysts?
Managed security service providers (MSSPs) face a talent bottleneck that limits analyst capacity as client demand surges. To avoid burnout, they are adopting AI‑driven threat intelligence, automated enrichment, and AI‑assisted triage from vendors like ANY.RUN. Integrated feeds, YARA‑based custom detection,...
‘Silent’ Ransomware Group Poses as IT Workers, Targeting Healthcare
The Silent Ransom Group, also known as Chatty Spider, has shifted from traditional phishing to posing as IT employees to infiltrate networks. Since spring 2024 the gang contacts staff by phone or email, urging remote‑desktop access or even sending operatives...
CrowdStrike, Google Take Down Glassworm Botnet
A joint operation by CrowdStrike, Google and the Shadowserver Foundation has dismantled the Glassworm botnet by simultaneously disabling its four command‑and‑control channels, which included VPS servers, Google Calendar entries, peer‑to‑peer networks and Solana blockchain memo fields. Glassworm, active since early...
Fake Job Offers From Meta And Spotify Used To Hack Facebook Accounts In New Scam
Cybercriminals are running a sophisticated phishing campaign that masquerades as recruitment drives from high‑profile brands such as Meta, Disney, Coca‑Cola and Spotify. The scheme begins with polished job‑offer emails that bypass spam filters, then redirects victims to hidden “HUB” domains...
Cisco Research Finds Standard AI Safety Benchmarks Miss the Real Threat
Cisco’s AI Threat Intelligence team evaluated 15 leading closed‑source large language models using both single‑turn and multi‑turn adversarial prompts. The study found multi‑turn attack success rates ranging from 7.9% to 88.3%, far exceeding the 2.2%‑64.9% rates seen in single‑turn tests....
Mitigating CVE-2026-31431 (“Copy Fail”) In Docker Engine
Docker Engine version 29.4.3 introduces a layered mitigation for CVE‑2026‑31431, known as “Copy Fail,” by adding AppArmor and SELinux rules that block AF_ALG socket creation while retaining the original seccomp filter. The vulnerability is a Linux‑kernel privilege‑escalation flaw affecting kernels released...
All Major LLMs Exposed to Multi-Turn Manipulation, Warn Researchers
Researchers at Cisco discovered that multi‑turn conversations can circumvent the safety guardrails of leading large language models, including ChatGPT, Claude, Gemini, Amazon Nova, and xAI’s Grok. By iteratively reframing requests, adopting personas, and exploiting configuration settings such as Grok’s reasoning...
Banesco Banco Universal: Scaling Phishing-Resistant Authentication to 2.2 Million Users
Banesco Banco Universal rolled out FIDO2‑based passkeys to 2.2 million customers, covering 92% of its active user base. The phased deployment replaced SMS and email OTPs with asymmetric‑key authentication across mobile and web channels. In its first year, the bank processed...
FBI Warns of In-Person Data Theft Attacks From Extortion Gang
The FBI issued a flash alert warning that the Silent Ransom Group (SRG) is now conducting in‑person data‑theft attacks against U.S. law firms. The gang pretends to be IT support, first attempting remote desktop access, and if that fails, sends...
‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery Systems
Adversa AI unveiled the SymJack attack, which hijacks symlinks in AI‑driven coding agents to embed a malicious command‑and‑control server. By compromising the agent’s repository and inserting a disguised cp command, the payload silently registers the attacker’s server, allowing code execution...
CISA Gives Feds 4 Days to Patch Actively Exploited cPanel Plugin Flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a Binding Operational Directive requiring all federal agencies to patch a critical LiteSpeed cPanel plugin flaw within four days, by midnight on May 29, 2026. The vulnerability, cataloged as CVE‑2026‑48172, enables...
UK Has ‘Narrowing Window’ to Stay Ahead of Tech Threats, Says GCHQ Chief Keast-Butler
GCHQ Director Anne Keast‑Butler warned that the UK and its allies face a narrowing window to outpace Russian and Chinese technology threats. She urged a ten‑fold increase in cyber‑security urgency, citing Russia’s expanding hybrid attacks on European critical infrastructure and China’s...
The NSA, ‘Mythos’ and the Quiet Emergence of AI Cyber Doctrine
The U.S. government and leading tech firms are rapidly integrating frontier AI models, such as Anthropic's Claude Mythos, into offensive cyber operations, shifting the threat landscape from tool‑centric to autonomous agent‑centric. Mythos demonstrated autonomous discovery and exploitation of thousands of...
Mapping a Hack
Glenn Wilkinson, CEO of Agger Labs, used a fictional story about "Jane Hacker" at the ITWeb Security Summit 2026 to illustrate how easily a social‑engineering email can give a cyber‑criminal foothold in a South African bank. The scenario shows a...
PureLogs Variant Steals Data via Purchase Order Lures
A new PureLogs infostealer variant is being delivered via purchase‑order phishing emails that contain a RAR archive with malicious JavaScript. The script decrypts PowerShell code, bypasses execution policies and uses process hollowing to run the payload inside MsBuild.exe. The fileless...
OverlayPhantom Android Banking Trojan Targets 180+ Financial Apps Across 10 Countries
Cyble researchers have uncovered OverlayPhantom, a sophisticated Android banking trojan active since May 2025. The malware targets more than 180 financial, banking and cryptocurrency apps across ten Western nations, including the United States and major European markets. It spreads through...
Why Critical National Infrastructure Providers Should Strengthen Cyber Defences
The UK’s National Cyber Security Centre warned that critical national infrastructure (CNI) operators face a heightened risk of severe cyber‑attacks, citing recent coordinated strikes on Poland’s energy grid. As industrial control systems become increasingly connected to corporate IT and cloud...
The Gentlemen Emerging as Key Ransomware Player
The Gentlemen ransomware gang has quickly become a leading threat, accounting for 73 attacks in April 2026—about 10% of all ransomware incidents that month. The group leverages modern XChaCha20 and Curve25519 encryption to lock files at scale and employs SystemBC‑based SOCKS6...
Telia Finland and QMill Demonstrate Quantum-Assisted Message Encryption Across Standard Mobile Networks
Telia Finland and Finnish quantum‑software firm QMill have demonstrated a quantum‑enhanced encryption protocol that runs on standard mobile‑network channels, eliminating the need for dedicated quantum‑key‑distribution hardware. The software leverages near‑term NISQ quantum processors—either on‑premises or cloud‑based—to generate quantum‑resilient keys and...
Innovate Fast, Owe Less: A Practical Path to Help Reduce AI Security Debt
Artificial intelligence is accelerating, but each new AI app or agent adds security risk and technical debt, especially when deployed without IT oversight, creating shadow AI. Vimal Navis of PwC warns that industry standards lag, turning rapid innovation into AI...
Microsoft Previews Automatic Device Isolation in Defender for Endpoint
Microsoft is previewing an automatic device isolation feature in Defender for Endpoint’s auto attack disruption tool, allowing the platform to sever a compromised device’s network connections while keeping it linked to security services. The capability aims to halt lateral movement,...
When Certificates Expire 8x Faster, Manual Renewals Break
Digital certificates are facing a rapid reduction in validity periods, dropping from up to 398 days to as low as 47 days by 2029, with the first cut to 200 days already in effect. This compression forces organizations to renew...
WhatsApp Breach Revealed During Estimates
A Senate estimates hearing revealed that Senator James McGrath and three of his staff had their WhatsApp accounts hacked by a foreign state actor. The breach, which affected both official and personal devices, occurred on March 9, 2026. Officials from the Department...
UK Visa Portal Spilled Thousands of Applicants’ Passports and Selfies Online — and Hasn’t Fixed the Leak
TechCrunch discovered that the private UK Visa Portal website has publicly exposed the passports and selfie photos of at least 100,000 visa applicants. The breach stems from a security lapse that remains unfixed, and the company, which is not affiliated...
Why Compliance Alone Doesn’t Make Federal Networks Secure
Zero Trust has shifted from a best‑practice goal to a federal mandate under Executive Order 14028, OMB M‑22‑09, and the DoD roadmap. Agencies are racing to tick compliance boxes—dashboards, checklists, and AI‑driven reports—while many critical environments remain untouched. The biggest...
Mythos Detected 23,000 Vulnerabilities Across 1,000 OSS Projects
Anthropic’s Claude Mythos model has scanned more than 1,000 open‑source projects and flagged over 23,000 potential vulnerabilities. Of those, 1,726 have been confirmed, with more than 1,000 classified as high or critical severity. The company estimates the final count of...
TeamPCP Compromised LiteLLM in AI Supply Chain Attack
Researchers uncovered that the threat group TeamPCP executed a software supply‑chain attack by compromising the Trivy vulnerability scanner and using stolen CI/CD tokens to publish malicious versions of the popular LiteLLM Python library on PyPI. The malicious packages embedded base64...
Gambit Says Speed of AI-Powered Cyberattacks Drives Need for Cyber Resilience
Gambit warns that AI‑enhanced cyberattacks can move from initial access to data destruction in minutes, as demonstrated by the Iran‑linked persona Ababil of Minab targeting LA Metro and other critical entities. The attackers deleted virtual machines, databases and storage volumes,...
Why Annual Penetration Tests Are No Longer Enough
Traditional annual penetration tests are losing effectiveness as organizations rapidly adopt cloud, hybrid and AI-driven infrastructures that evolve faster than yearly cycles. Lydia Zhang of Ridge Security argues that shrinking windows between vulnerability discovery and exploitation leave organizations exposed between...
Millions of AI Agents Imperiled by Critical Vulnerability in Open Source Package
A critical vulnerability dubbed BadHost (CVE‑2026‑48710) was discovered in Starlette, the open‑source ASGI framework that powers FastAPI, vLLM, LiteLLM and other Python AI tooling. The flaw lets attackers inject a malicious Host header, bypassing path‑based authorization and potentially gaining access...
Apple Open-Sources Quantum-Resistant Encryption Code
Apple has released the source code for two quantum‑secure algorithms, ML‑KEM and ML‑DSA, along with the formal verification tools used to prove their correctness. The implementations are integrated into Apple’s CoreCrypto library, which secures encryption, decryption, hashing, and digital signatures...
Hackers Claim to Be Selling 340 Million Stolen OnlyFans Records — but Experts Are Already Skeptical on How Serious Hack...
Hackers posted a dark‑web advertisement claiming to sell 340 million records from OnlyFans, including usernames, emails, and activity metrics. OnlyFans publicly denied any breach, labeling the reports false. Cybersecurity firm Cybernews examined a sample and concluded the data likely aggregates previous...
The Attack Dominating Financial Services Doesn't Steal Passwords. It Resets MFA and Steals the Token.
Financial services are being compromised not by password theft but by attackers who manipulate help‑desk staff to reset MFA and capture OAuth tokens. CrowdStrike’s 2026 Threat Landscape report identifies Mutant Spider’s Teams‑vishing as the most active vector, while the FBI’s...
Trojanized Gemini and Claude Installers Target Developers Via SEO Poisoning
Cybercriminals are leveraging SEO poisoning to promote typosquatted domains that mimic official AI tool installers such as Google Gemini CLI and Anthropic Claude Code. When developers follow the fake pages, a PowerShell script downloads a file‑less infostealer that silently installs...
CrowdStrike Disrupts Glassworm Supply Chain Botnet
CrowdStrike, together with Google and the Shadowserver Foundation, announced the coordinated takedown of the Glassworm supply‑chain botnet. The operation disabled all four of the botnet’s command‑and‑control channels, which leveraged blockchain, peer‑to‑peer, and cloud services. Glassworm had been infecting software developers...
Microsoft Issues Out-of-Band SharePoint Patch
Microsoft issued an out‑of‑band update to fix a critical remote‑code‑execution flaw in SharePoint Server (CVE‑2026‑45659). The vulnerability carries an 8.8 CVSS score and can be exploited by an authenticated user with only low‑privilege site‑member rights. No public exploit has been...
‘The Worst Leak I’ve Witnessed’: A CISA Contractor Left AWS GovCloud Credentials Sitting In A Public GitHub Repo
A CISA contractor inadvertently published a public GitHub repository named “Private‑CISA” that contained AWS GovCloud administrative keys, plaintext passwords, and internal configuration files. The repository’s owner had disabled GitHub’s built‑in secret‑detection feature, allowing the credentials to be exposed openly. After...
ConnectWise Automate Vulnerability Could Allow Security Check Bypass and RCE
ConnectWise disclosed a critical vulnerability (CVE‑2026‑9089) in its Automate remote‑monitoring and management (RMM) platform, affecting on‑premises deployments earlier than version 2026.5. The flaw, rated 8.8 on the CVSS scale, can bypass integrity‑verification checks and enable remote code execution. Cloud‑hosted Automate...
FTC Warns Fake Party Invite Scams Are Turning Everyday Emails Into Financial Risks
The Federal Trade Commission has warned that scammers are masquerading credential‑stealing attempts as ordinary party invitations from platforms like Evite or a recipient’s contacts. When users enter their email address and password, the information is routed to fraudsters who can...
Ethical Hacker, CBSE Lock Horns over Board Exam Portal Vulnerability
Ethical hacker Nisarga Adhikary claimed he accessed non‑test user data on CBSE's On‑Screen Marking (OSM) portal, providing screen recordings as evidence. CBSE responded that the breached URL was a testing site with only sample data and that the production evaluation...
Windows Secure Boot Certificates Set to Expire in June – Here's What It Means for Your PC
Microsoft’s original Secure Boot certificates, issued in 2011, will expire in June 2024. The company is distributing new UEFI CA 2023 keys through Windows Update to all supported Windows devices. PCs that receive the update retain full boot‑level protection, while those...
Christophe Pettus: What Else Is In There?
PostgreSQL’s legacy refint extension was found to contain a critical stack‑buffer overflow and SQL‑injection bug (CVE‑2026‑6637) that lets unprivileged users run OS‑level code. The vulnerability, rated 8.8 CVSS, was disclosed on May 14 and is fixed in the May 14 minor releases...