New ChatGPhish Technique Uses Prompt Injection to Manipulate ChatGPT Responses
Security researchers have disclosed "ChatGPhish," a novel browser‑based prompt‑injection technique that manipulates ChatGPT's page‑summarization feature. By embedding malicious instructions in ordinary web pages, attackers can coerce the model into appending phishing alerts, links, or QR codes to otherwise legitimate summaries. The proof‑of‑concept demonstrates that a simple visit to a compromised site can generate a trusted‑looking notification inside ChatGPT, potentially leading users to malicious destinations. This expands the attack surface from email to any LLM‑enabled browsing workflow.
CBSE Engages IIT Experts After Admitting OSM Security Vulnerabilities
The Central Board of Secondary Education (CBSE) has enlisted cybersecurity experts from IIT Madras, IIT Kanpur and the Digital Infrastructure Corporation of India to audit its On‑Screen Marking (OSM) platform after confirming multiple vulnerabilities. Reported flaws included a hard‑coded master...
Notepad++ Patches High-Severity RCE Flaws in Version 8.9.6.1
The Notepad++ team released version 8.9.6.1, patching three newly disclosed vulnerabilities—CVE‑2026‑48778, CVE‑2026‑48770 and CVE‑2026‑48800. The most critical flaw, CVE‑2026‑48778, allows remote code execution by abusing the entry in the config.xml file, enabling attackers to launch arbitrary programs such as calc.exe....
OverlayPhantom Android Banking Trojan Targets 180+ Financial Apps Across 10 Countries
Cyble researchers have uncovered OverlayPhantom, a sophisticated Android banking trojan active since May 2025. The malware targets more than 180 financial, banking and cryptocurrency apps across ten Western nations, including the United States and major European markets. It spreads through...
Why AI-Native Cybersecurity Matters in the Age of Machine-Speed Threats
The article argues that AI‑native cybersecurity is becoming essential as over 20 billion connected devices expand the attack surface faster than traditional defenses can adapt. Machine‑speed threats—automated phishing, autonomous privilege escalation, and rapid exploitation of misconfigurations—outpace legacy perimeter‑based models. AI‑driven analytics...
Taiwan Flags Five Major Cyber Risks After 726 Security Incidents in 2025
Taiwan’s Ministry of Digital Affairs recorded 726 cybersecurity incidents in 2025, a slight decline of 29 cases from 2024. Most incidents were low‑severity Level 1 events, but unauthorized access accounted for 68.6 % of all reports. The Administration for Cyber Security identified...
Wireshark 4.6.6 Resolves ROHC Parser and Buffer Overflow Vulnerabilities
The Wireshark Foundation released version 4.6.6, addressing two critical security flaws: a Dissector Crash in the ROHC protocol parser (wnpa‑sec‑2026‑51) and a global‑buffer‑overflow in the MACsec dissector. The update also resolves multiple Windows‑specific stability problems, including crashes in Visual Studio...
The Cyber Express Weekly Roundup: Supply Chain Breaches, AI Content Enforcement, And Event Disruption Attacks
The Cyber Express weekly roundup highlights a surge in distributed cyber threats, from a massive npm supply‑chain breach that compromised over 300 AntV packages to an attempted disruption of Vienna’s Eurovision event where nearly 500 attacks were blocked. The U.S....
Vulnerability Exploitation Overtakes Stolen Credentials in AI-Driven Cyberattacks
Verizon’s 19th Data Breach Investigations Report shows vulnerability exploitation now initiates 31% of cyber incidents, overtaking stolen credentials for the first time in two decades. Artificial intelligence is compressing the gap between vulnerability disclosure and active exploitation, shrinking response windows...
Microsoft Patches Actively Exploited Defender Vulnerabilities Affecting Enterprise Systems
Microsoft disclosed active exploitation of two Defender flaws—CVE-2026-41091, a high‑severity privilege‑escalation bug, and CVE-2026-45498, a lower‑severity denial‑of‑service issue. Both vulnerabilities were confirmed in the wild and have been patched in Defender Antimalware Platform versions 1.1.26040.8 and 4.18.26040.7. A third flaw,...
EMEA Emerges as Global Hotspot for Financial Services DDoS Attacks
Akamai’s 2026 State of the Internet Security report reveals that financial services are now the most targeted sector for DDoS attacks, with median attack duration up 738% since 2024. The surge is driven by AI‑enabled botnets and hacktivist campaigns, especially...
UK Cybersecurity Innovation SilentGlass Goes Global After Licensing Deal
The UK government has granted a global commercial licence for SilentGlass, a hardware‑based cyber‑security device originally created by the National Cyber Security Centre. The plug‑and‑play unit sits between a laptop and monitor to block video‑connection attacks, addressing a growing class...
Hackers Exploit Butter Network Bridge to Mint Massive MAPO Supply
Hackers exploited a Solidity flaw in the Butter Network cross‑chain bridge, minting a quadrillion MAPO tokens and flooding the market. The attacker moved roughly one billion MAPO onto Uniswap, draining about 52 ETH (≈ $180,000) and driving the token price from $0.003...
Pardus Linux Vulnerability Chain Enables Complete System Takeover
A critical privilege‑escalation chain (CVE‑2026‑5140) in Pardus Linux lets any unprivileged user obtain full root access in seconds. The flaw combines a Polkit policy misconfiguration, a CRLF injection in SystemSettingsWrite.py, and an untrusted‑search‑path bug in AutoAptUpgrade.py. Scoring 9.3 on CVSS...
Ukraine Busts Massive Cybercrime Scheme Behind 28,000 Stolen Accounts
Ukrainian National Police uncovered an international cybercrime ring that stole nearly 30,000 customer accounts from a California‑based online retailer. The operation, driven by an 18‑year‑old Odessa resident, used infostealer malware to harvest login credentials and session cookies, enabling fraudulent purchases...
GitHub Confirms Cyberattack Targeting Thousands of Internal Repositories
GitHub disclosed that a threat group identified as TeamPCP breached thousands of its internal code repositories after compromising an employee’s machine with a malicious Visual Studio Code extension. The attackers attempted to monetize the stolen source by offering it for...
Massive Npm Supply Chain Attack Hits AntV Ecosystem; Hundreds of JavaScript Packages Compromised
A coordinated supply‑chain attack compromised more than 300 npm packages in the AntV ecosystem, a suite of data‑visualization tools originally built by Alibaba. Attackers hijacked the maintainer account “atool” and published malicious versions within a 22‑minute window, embedding malware that...
Global Banks Scramble After AI Tool Exposes Cyber Weaknesses
Banks in the United States, Europe and Japan are fast‑tracking cybersecurity upgrades after Anthropic’s Mythos AI tool exposed previously unknown vulnerabilities in core banking systems. The discovery has sparked urgent warnings from the European Central Bank, the International Monetary Fund...
7-Eleven Confirms Hack After Appearing on ShinyHunters Leak List
7‑Eleven confirmed that its internal systems were breached in early April 2026, exposing personal data from franchisee application files. The breach came to light after the ShinyHunters ransomware group listed the retailer in a recent “pay‑or‑leak” extortion campaign. 7‑Eleven has...
Shadow AI Is Growing in Silence While Enterprise Security Falls Behind
Shadow AI is proliferating as enterprises rush to adopt generative AI, outpacing existing governance frameworks. A World Economic Forum survey shows 87% of organizations view AI‑related vulnerabilities as the fastest‑growing cyber risk, and 75% of CISOs have discovered unsanctioned GenAI...
OpenAI Confirms Limited Impact From TanStack Npm Supply Chain Attack, Urges macOS App Updates
OpenAI disclosed that a recent TanStack npm supply‑chain attack compromised two employee devices but did not expose customer data or production systems. The breach, linked to the Mini Shai‑Hulud malware campaign, prompted immediate isolation, credential rotation, and a temporary halt...
Exim BDAT Vulnerability Exposes Email Servers to Remote Attacks
A critical remote use‑after‑free flaw (CVE‑2026‑45185) was discovered in Exim mail servers that use GnuTLS, earning a CVSS score of 9.8. The vulnerability surfaces when a TLS close_notify alert interrupts an active BDAT transfer, allowing memory corruption and potential code...
AI Cyberattacks Are Escalating Across the Americas. This Webinar Explains Why
In the first quarter of 2026 the Americas saw a sharp rise in AI‑powered cyberattacks, ransomware bursts, and assaults on critical infrastructure. Threat actors leveraged generative AI to automate phishing, deepfake creation, and rapid exploitation, making detection harder. Nation‑state groups...
Microsoft May 2026 Patch Tuesday Fixes 120 Vulnerabilities, No Zero-Day Exploits Reported
Microsoft’s May 2026 Patch Tuesday delivered fixes for roughly 120 vulnerabilities across Windows, Office, and enterprise services. The bulletin includes 17 critical flaws—14 of them remote code execution (RCE) bugs—but reports no publicly disclosed or actively exploited zero‑day attacks. High‑impact issues...
Europe Warned Against AI Skills Gap as Experts Outline Possible 2040 Futures
The European Labour Authority and the European Commission’s employment directorate released a report outlining how AI‑driven skill development will shape Europe’s labour market by 2040. It maps several futures—from robust growth and flexible careers to deepening inequality and job insecurity—depending...
National Technology Day 2026: India’s AI Growth Puts Security in Focus
India’s National Technology Day 2026 underscored a shift toward AI‑first enterprises, where intelligent systems are embedded in everyday workflows rather than treated as isolated tools. Executives highlighted that AI now analyses context, triggers actions, and supports decision‑making across sectors, propelled...
The Cyber Express Weekly Roundup: EU AI Act Updates, Malware Expansion, Critical Vulnerabilities, and Rising Cybercrime Trends
The European Union has revised its AI Act, streamlining compliance rules while imposing stricter bans on harmful AI‑generated content. Microsoft‑confirmed ClickFix malware has expanded its campaign to target macOS users with fake troubleshooting pages. A critical PAN‑OS vulnerability (CVE‑2026‑0300) with...
Fake Moustache Trick Raises Questions Over UK Online Safety Act Age Checks
The UK’s Online Safety Act, launched in July 2025, introduced stricter age‑verification and content‑moderation rules to protect children online. Early testing shows simple tricks—such as a 12‑year‑old drawing a fake moustache—can fool AI‑driven facial age checks, exposing a critical vulnerability....
ClickFix Campaign Evolves with Targeting of MacOS Users
Microsoft’s Defender Security Research team has uncovered an active ClickFix campaign that has expanded from Windows‑only to targeting macOS users since January 2026. Threat actors post fake maintenance instructions on blog and advice sites, urging victims to paste malicious commands into...
Global Instructure Breach Hits Queensland Schools Through QLearn Platform
A breach at Instructure, the provider of the QLearn learning platform, has exposed personal data for potentially over 200 million people across more than 9,000 educational institutions worldwide. Queensland’s Department of Education confirmed that students and staff who used QLearn since...
Operation Epic Fury Exposes Critical OT Security Gaps in U.S. Oil and Gas Sector
Operation Epic Fury, launched on Feb. 28, has spotlighted glaring operational technology (OT) security gaps in the U.S. oil and gas sector. An independent Tosi‑commissioned survey of OT decision makers shows 87% of operators feel they can spot an OT...
Salesforce Marketing Cloud Vulnerabilities Expose Cross-Tenant Subscriber Data Risks
Salesforce Marketing Cloud (SFMC) disclosed a series of vulnerabilities affecting AMPScript, CloudPages, and email‑rendering workflows. The flaws allowed template injection, unauthenticated decryption of query‑string tokens, and exploitation of legacy XOR encryption, potentially exposing subscriber lists and email content across tenants....
UIDAI, NFSU Sign 5-Year Pact to Boost Cybersecurity and Digital Forensics
India’s Unique Identification Authority (UIDAI) has signed a five‑year partnership with the National Forensic Sciences University (NFSU) to boost cybersecurity and digital forensics across the Aadhaar ecosystem. The agreement, announced on May 5 in Ahmedabad, outlines six strategic pillars covering talent...
Australia Forms Cyber Incident Review Board to Strengthen Defences After Major Breaches
Australia has established a Cyber Incident Review Board under the Cyber Security Act 2024 to conduct no‑fault, post‑incident analyses of major cyber attacks affecting both government and private firms. Chaired by Telstra’s CISO Narelle Devine, the board brings together leaders...
U.S. Will Now Examine National Security Implications of New AI Models, Pre-Release
The U.S. Commerce Department’s Center for AI Standards and Innovation (CAISI) has signed new pre‑release testing agreements with Google DeepMind, Microsoft and Elon Musk’s xAI, adding to existing deals with Anthropic and OpenAI. The agreements require the companies to hand...
NCSC Warns Organisations to Act Fast as Hidden Software Flaws Surface
The UK National Cyber Security Centre (NCSC) has issued an urgent alert that advances in artificial intelligence are set to expose long‑standing software flaws, prompting a wave of critical vulnerability patches across all technology stacks. Chief Technology Officer Ollie Whitehouse...
The Cyber Express Weekly Roundup: Data Breaches, AI Risks, and Phishing Campaigns Dominate Cybersecurity Landscape
The Cyber Express weekly roundup spotlights a string of high‑profile cyber incidents, from ChipSoft’s ransomware‑driven patient‑data theft in the Netherlands to a phishing breach that exposed personal details of 732 Hutt City Council residents. An AI coding agent at PocketOS...
Dutch Health Tech Firm ChipSoft Confirms Destruction of Stolen Patient Data
Dutch health‑tech firm ChipSoft disclosed that all patient data stolen in the April ransomware attack has been destroyed, according to a statement on April 28, 2026. The breach, first reported on April 12, forced the shutdown of key services such...
Australia’s APRA Issues AI Risk Warning to Banks and Insurers
APRA issued an AI risk warning to banks, insurers and superannuation trustees, highlighting that governance, risk management and operational resilience have not kept pace with rapid AI adoption. The regulator’s supervisory review found fragmented assurance practices, limited model transparency and...
IOCTA 2026 Report Warns of Rising AI-Driven Cybercrime and Dark Web Threats
Europol’s Internet Organised Crime Threat Assessment 2026 warns that AI, encryption and cryptocurrencies are accelerating the sophistication of cybercrime across Europe. The report highlights a surge in AI‑generated phishing, fragmented dark‑web marketplaces and a shift toward data‑extortion ransomware. Child sexual‑exploitation...
Hutt City Council Confirms Phishing Attack, Data of Hundreds Potentially Exposed
In March 2026 the Hutt City Council suffered a phishing attack that compromised email accounts, exposing identity details of five individuals and potentially financial information for up to 732 residents. The council swiftly secured the affected accounts, notified the Privacy...
CERT-In Warns of AI-Driven Cyber Threat Surge, MSMEs at Highest Risk
India’s cyber‑security agency CERT‑In warned that frontier AI is reshaping cyber threats, making attacks faster, more scalable and accessible to low‑skill actors. The advisory highlights that AI can scan code, spot zero‑day vulnerabilities and launch coordinated multi‑stage attacks in seconds....
ClickUp Discloses Feature Flag Misconfiguration That Exposed 893 Customer Email Addresses and a Live API Token
ClickUp disclosed that a misconfigured feature‑flag setup exposed 893 customer email addresses and a live API token. The emails were embedded in Split.io flag targeting rules and became publicly queryable through the client‑side SDK key, which is intentionally exposed in...
Cybersecurity Incident Strikes Contractor Handling JRL MRT Stations and NEWater Factory 3 Projects
A cybersecurity breach exposed tender documents for Shanghai Tunnel Engineering Co's three Jurong Region Line MRT stations and the Changi NEWater Factory 3 projects. The Land Transport Authority temporarily cut the contractor's digital access, while the Public Utilities Board confirmed...
Notepad++ Releases 8.9.4 Patch to Fix String Injection Vulnerability (CVE-2026-3008) in 8.9.3
Notepad++ has issued version 8.9.4 to patch a string‑injection vulnerability (CVE‑2026‑3008) found in the prior 8.9.3 release. The flaw could allow an attacker to read arbitrary memory or crash the editor, endangering unsaved code and workflow stability. The new build also...
Operation TrustTrap Reveals 16,800 Fake Domains Exploiting User Trust
Cyble Research and Intelligence Labs uncovered Operation TrustTrap, a massive domain‑spoofing campaign that leveraged more than 16,800 fraudulent web addresses to harvest credentials and payment data. The scheme mimics U.S. government portals—especially DMV, toll and vehicle‑registration sites—using a technique called...
EBay Struggles with Widespread Outage, Disrupting Transactions and API Access
eBay experienced a widespread outage beginning late Sunday, April 26, 2026, that extended into Monday, disrupting core functions such as search, listings, checkout, and its API. Downdetector recorded more than 1,300 user complaints, with reports peaking around 3:30 PM ET. Unverified claims...
China-Linked Cyber Actors Turn to Massive Covert Botnets to Evade Detection
A new advisory from the UK National Cyber Security Centre reveals that China‑linked threat groups, dubbed China‑Nexus, have shifted from dedicated servers to massive covert botnets composed of compromised SOHO routers and IoT devices. The report cites networks like the...
Hacker Active Well Beyond Context.ai Compromise, Says Vercel CEO
Vercel’s CEO Guillermo Rauch disclosed that the breach linked to Context.ai’s February infection was part of a longer‑running campaign. The threat actor used Lumma Stealer malware to harvest Vercel API keys, then performed rapid enumeration of non‑sensitive environment variables across...
University of Warsaw Data Breach Exposes 200,000+ Sensitive Files on Darknet
Over 200,000 files containing personal data were leaked from the University of Warsaw after a cyberattack that was detected on February 9, 2026 and posted on the darknet on April 15, 2026. Attackers used stolen valid credentials, likely obtained via malware on a user...