Romanian national Gavril Sandu faces up to 30 years in a US prison after extradition over a VOIP vishing and fake debit card fraud scheme. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More…
fsnotify Maintainer Access Change Sparks Supply Chain Security Concerns
A dispute over maintainer access in the widely used Go library fsnotify has triggered temporary supply chain concerns after contributors were removed from the project’s GitHub organization and recent releases came under scrutiny. While no evidence suggests that any version of fsnotify…
Yarbo responds to robot flaws that could mow down their owners
A researcher found a host of vulnerabilities in Yarbo garden robots that could expose Wi-Fi passwords, hijack cameras, and run over their owners on command. This article has been indexed from Malwarebytes Read the original article: Yarbo responds to robot…
Google Detects First AI-Generated Zero-Day Exploit
The zero-day was designed to bypass 2FA and it was developed by a prominent cybercrime group. The post Google Detects First AI-Generated Zero-Day Exploit appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Google…
Alation AI Governance creates a system of record for AI oversight
Alation has introduced Alation AI Governance, a new offering that gives enterprises the system of record they are missing for AI compliance. Enterprises are deploying AI models, agents, and tools faster than they can govern them. As a result, when…
Google researchers uncover criminal zero-day exploit likely built with AI
Google’s threat intelligence researchers have linked a zero-day exploit to AI-assisted development by a criminal group. The exploit targeted a popular open-source web-based system administration tool. It allowed attackers to bypass two-factor authentication once they had valid user credentials. The…
GTIG AI Threat Tracker: Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access
Executive Summary Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based…
9-Year-Old Dirty Frag Vulnerability Enables Root Access on Linux Systems
The Dirty Frag vulnerability affects Linux systems and allows root access escalation, while public PoC exploit code increases attack risks. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: 9-Year-Old…
SailPoint Agentic Fabric expands identity governance to autonomous AI agents
SailPoint has introduced SailPoint Agentic Fabric, a new platform designed to help enterprises secure AI agents and other non-human identities at scale. As organizations deploy autonomous AI agents across cloud environments, applications, and endpoints, they face a growing governance gap.…
Linux developers weigh emergency “killswitch” for vulnerable kernel functions
Linux kernel developers are reviewing a proposal for an emergency risk mitigation mechanism (“Killswitch”) that would allow administrators to disable vulnerable kernel functions at runtime. The proposal, submitted by Linux kernel developer/maintainer Sasha Levin, arrives in the wake of the…
Hackers Observed Using AI to Develop Zero-Day for the First Time
Google Threat Intelligence Group details how cybercriminals attempted to launch a campaign based around an AI-developed Zero-Day targeting open-source software This article has been indexed from www.infosecurity-magazine.com Read the original article: Hackers Observed Using AI to Develop Zero-Day for the…
Lynx ransomware gang claims St Anne’s School attack
St Anne’s Catholic School in Southampton, UK, has become the latest victim claimed by the Lynx ransomware gang, which alleges it stole confidential information, financial data, and contracts during a March 2026 attack. This article has been indexed from CyberMaterial…
WEF: AI adoption in cybersecurity reaches 77%
Three-quarters of organizations have integrated artificial intelligence into their cybersecurity operations, according to a new World Economic Forum white paper titled “Empowering Defenders: AI for Cybersecurity.” The survey found that 77% of organizations currently use AI tools, while an overwhelming…
Police Shut Down Relaunched Crimenetwork Dark Web Marketplac
Law enforcement agencies in Germany and Spain have dismantled a relaunched version of the Crimenetwork dark web marketplace, arresting its operator at his home in Mallorca. This article has been indexed from CyberMaterial Read the original article: Police Shut Down…
Anthropic, South Korea discuss AI safety cooperation
Anthropic held discussions with South Korean government officials on May 11, 2026, focusing on AI safety cooperation, cybersecurity partnerships, and domestic AI policy development. This article has been indexed from CyberMaterial Read the original article: Anthropic, South Korea discuss AI…
Arkansas State launches cybersecurity training center
Arkansas State University will launch a student-operated cybersecurity program this fall through a partnership with Kalmer Solutions. This article has been indexed from CyberMaterial Read the original article: Arkansas State launches cybersecurity training center
IT Security News Hourly Summary 2026-05-11 15h : 15 posts
15 posts were published in the last hour 12:33 : PHP SOAP Extension Flaw Could Let Attackers Execute Code Remotely 12:32 : Python Infostealer Hides in GitHub Releases to Bypass Detection 12:32 : cPanel and WHM Servers Targeted in Attacks…
PHP SOAP Extension Flaw Could Let Attackers Execute Code Remotely
Recently disclosed vulnerabilities in PHP, particularly within its widely used SOAP extension, have raised significant alarms across the cybersecurity community. Among the newly identified flaws is a high-severity vulnerability that could permit attackers to achieve Remote Code Execution (RCE) on…
Python Infostealer Hides in GitHub Releases to Bypass Detection
A stealthy Python-based infostealer campaign that abuses GitHub Releases to host payloads and maintain long-term, low‑visibility access to victim systems. The operation, dubbed “Operation HumanitarianBait” in some reporting, appears designed for cyberespionage against Russian‑speaking targets using humanitarian‑themed lures and a…
cPanel and WHM Servers Targeted in Attacks Exploiting CVE-2026-41940
A critical authentication bypass vulnerability affecting cPanel and WHM servers, identified as CVE-2026-41940, is currently under active exploitation by a highly sophisticated and elusive cybercriminal syndicate known as Mr_Rot13. The vulnerability carries a maximum severity CVSS score of 9.8, allowing…
Crimenetwork returns after takedown, dismantled again by German authorities
German police shut down a revived Crimenetwork marketplace with 22,000 users and 100+ sellers months after the original takedown. German police dismantled a resurrected version of the German-language cybercrime marketplace Crimenetwork, just months after the original platform was taken down.…
Zara Owner Inditex Confirms Customer Data Breach Affecting Nearly 200,000 People
Fashion retailer Inditex, the parent company of Zara, has confirmed unauthorized access to customer transaction databases hosted by a third-party provider. Data breach notification service Have I Been Pwned said approximately 197,400 unique email addresses were included in the leaked dataset. The…
Hackers Use Weaponized JPEG File to Deploy Trojanized ScreenConnect Malware
A sophisticated new cyberattack campaign is targeting Windows systems using a fake image file to sneak dangerous malware past security defenses. The operation, named Operation SilentCanvas, tricks victims into running a malicious PowerShell script disguised as a harmless JPEG photo,…
GhostLock Attack Leverages Windows file-sharing to Lock Files Access Like Ransomware
Traditional ransomware disrupts organizations by encrypting data and demanding payment for decryption keys. However, a newly disclosed technique called GhostLock demonstrates a fundamentally different availability attack that achieves the same business disruption without writing a single encrypted byte to disk.…