Microsoft Defender triggered widespread false positive alerts after a faulty security update caused it to flag two legitimate DigiCert root certificates as malicious, potentially disrupting SSL/TLS validation and code-signing operations across enterprise environments worldwide. A Defender antimalware signature update released…
CISA Highlights CVE-2026-31431 as an Active Linux Root Exploitation Risk
Several vulnerabilities in the Linux kernel have been recently disclosed that have attracted heightened scrutiny from the cybersecurity community, following evidence that they can be exploited to obtain full root-level control across a wide range of systems consistently. This…
Wireshark 4.6.5 Released, (Sun, May 3rd)
Wireshark release 4.6.5 fixes 43 vulnerabilities (38 CVEs) and 35 bugs. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Wireshark 4.6.5 Released, (Sun, May 3rd)
Kyber Ransomware Tests Post‑Quantum Encryption on Windows Networks
A new ransomware group named Kyber has pushed the envelope by experimenting with post‑quantum encryption in attacks on Windows‑based networks, according to recent cybersecurity analysis. The group has been observed targeting both Windows file servers and VMware ESXi platforms,…
Paying Ransom Won’t Help as VECT 2.0 Ransomware Destroys Data Irreversibly
VECT 2.0 ransomware contains fatal flaws that permanently destroy files, making recovery impossible and rendering ransom payments useless for victims worldwide. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article:…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 95
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet 73 Open VSX Sleeper Extensions Linked…
US Military Reaches Deals With 7 Tech Companies to Use Their AI on Classified Systems
Google, Microsoft, Amazon Web Services, Nvidia, OpenAI, Reflection and SpaceX will provide resources to help augment warfighter decision-making in complex operational environments,” the Defense Department said. The post US Military Reaches Deals With 7 Tech Companies to Use Their AI…
[un]prompted 2026 – The Parseltongue Protocol: Textual Obfuscation Methods
Author, Creator & Presenter: Joey Melo, AI Red Teaming Specialist At CrowdStrike Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations’ YouTube Channel. Permalink The post [un]prompted 2026…
IT Security News Hourly Summary 2026-05-03 18h : 2 posts
2 posts were published in the last hour 15:38 : U.S. CISA adds a flaw in WebPros cPanel to its Known Exploited Vulnerabilities catalog 15:38 : Securing AI procurement and third-party models: a practical guide for UK SMEs
U.S. CISA adds a flaw in WebPros cPanel to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in WebPros cPanel to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Defender, tracked as CVE-2026-41940 (CVSS score of 9.3), to…
Securing AI procurement and third-party models: a practical guide for UK SMEs
Securing AI procurement and third-party models: a practical guide for UK SMEs Third-party AI tools can be useful, but they also change the way your business handles data, makes decisions, and depends on suppliers. For many UK SMEs, the risk…
Security Affairs newsletter Round 575 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Two…
Iran Claims US Used Backdoors To Disable Networking Equipment During Conflict Amid Unverified Cyber Sabotage Reports
Midway through the incident, Iranian officials pointed fingers at American cyber operations. Devices made by firms like Cisco and Juniper began failing without warning. Power cycles hit Fortinet and MikroTik hardware even as Tehran limited external connections. Outages appeared…
IT Security News Hourly Summary 2026-05-03 15h : 1 posts
1 posts were published in the last hour 12:35 : PhantomRaven Wave 5: New Undocumented NPM Supply Chain Campaign Targets DeFi, Cloud, and AI Developers
PhantomRaven Wave 5: New Undocumented NPM Supply Chain Campaign Targets DeFi, Cloud, and AI Developers
PhantomRaven Wave 5: New Undocumented NPM Supply Chain Campaign Targets DeFi, Cloud, and AI Developers The post PhantomRaven Wave 5: New Undocumented NPM Supply Chain Campaign Targets DeFi, Cloud, and AI Developers appeared first on Security Boulevard. This article has…
A Tale of Two States: The 2026 Cybersecurity Paradox
The cyber threat outlooks from CIOs and CISOs at the NASCIO Midyear Conference in Philadelphia ranged from the good to the bad to the ugly — with AI front and center. The post A Tale of Two States: The 2026…
3 easy-to-miss cybersecurity risks for small businesses
Small business owners should be sure to fix these three non-technical risks that require little cybersecurity expertise. This article has been indexed from Malwarebytes Read the original article: 3 easy-to-miss cybersecurity risks for small businesses
FBI Links Cybercriminals to Sharp Surge in Cargo Theft Attacks
What happened The FBI issued a public service announcement on April 30, 2026, warning the US transportation and logistics industry of a sharp rise in cyber-enabled cargo theft, with estimated losses in the United States and Canada reaching nearly $725…
ConsentFix v3 Automates OAuth Abuse to Bypass MFA and Hijack Azure Accounts
What happened A third iteration of the ConsentFix attack technique has been circulating on hacker forums, introducing automation and scalability to a method that abuses Microsoft Azure’s OAuth2 authorization code flow to hijack accounts without passwords and despite multi-factor authentication…
1,800 Developers Hit in Mini Shai-Hulud Supply Chain Attack Across PyPI, NPM, and PHP
What happened A supply chain attack campaign attributed to TeamPCP, dubbed Mini Shai-Hulud, has compromised packages across the PyPI, NPM, and PHP ecosystems over a two-day period, affecting over 1,800 developer repositories containing stolen credentials. The campaign was first identified…
CISO Diaries: Victor-Andrei Nicolae on Practical Security, Patience, and AI-Driven Defense
Security leadership is often associated with emerging threats and advanced technologies, but much of the role comes down to disciplined execution, thoughtful decision-making, and balancing protection with business continuity. In CISO Diaries, we speak with leading CISOs around the world…
IT Security News Hourly Summary 2026-05-03 12h : 1 posts
1 posts were published in the last hour 9:34 : Google Revamps Bug Bounty Programs: Android Rewards Rise, Chrome Payouts Drop in the Age of AI
Google Revamps Bug Bounty Programs: Android Rewards Rise, Chrome Payouts Drop in the Age of AI
Google revamps bug bounties: Android rewards rise to $1.5M, Chrome payouts drop, shifting focus to high-impact, AI-resistant vulnerabilities. Google has announced a major overhaul of its Vulnerability Reward Programs (VRP) for Android and Chrome, marking a strategic shift in how…
Week in review: High-severity LPE vulnerability in the Linux kernel, cPanel 0-day exploited for months
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: The AI criminal mastermind is already hiring on gig platforms Labor-hire platforms let anyone with a credit card post a task and pay a stranger…