A report by Poland’s top intelligence agency accused Russia of sabotage and hacking activities against the country’s military and civilian infrastructure. This article has been indexed from Security News | TechCrunch Read the original article: Poland says hackers breached water…
Active attack: Dirty Frag Linux vulnerability expands post-compromise risk
Dirty Frag is a newly disclosed Linux local privilege escalation vulnerability affecting kernel networking and memory-fragment handling components including esp4, esp6, and rxrpc. The vulnerability enables reliable escalation from an unprivileged user to root and may be leveraged after initial…
TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms
Threat hunters have flagged a previously undocumented Brazilian banking trojan dubbed TCLBANKER that’s capable of targeting 59 banking, fintech, and cryptocurrency platforms. The activity is being tracked by Elastic Security Labs under the moniker REF3076. The malware family is assessed…
Insider Betting on Polymarket
Insider trading is rife on Polymarket: Analysis by the Anti-Corruption Data Collective, a non-profit research and advocacy group, found that long-shot bets—defined as wagers of $2,500 or more at odds of 35 percent or less—on the platform had an average…
Poland says hackers breached water treatment plants, and the U.S. is facing the same threat
A report by Poland’s top intelligence agency accused Russia of sabotage and hacking activities against the country’s military and civilian infrastructure. This article has been indexed from Security News | TechCrunch Read the original article: Poland says hackers breached water…
Worm rubs out competitor’s malware, then takes control
All your compromised credentials are belong to us now instead of the other gang This article has been indexed from www.theregister.com – Articles Read the original article: Worm rubs out competitor’s malware, then takes control
News brief: Security worries and warnings as AI use expands
<p>”We live in a world that could become fraught with day-to-day hazards from the misuse of AI and we need to take ownership of the problems — because the risks are real,” warned Dr. Seán Ó hÉigeartaigh, executive director of…
US defense contractor who sold hacking tools to Russian broker ordered to pay $10M to former employers
Former cybersecurity executive Peter Williams stole several surveillance and hacking tools and sold them for $1.3 million to a Russian broker that works with Putin’s government. This article has been indexed from Security News | TechCrunch Read the original article:…
Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads
Cybersecurity researchers have discovered fraudulent apps on the official Google Play Store for Android that falsely claimed to offer access to call histories for any phone number, only to trick users into joining a subscription that provided fake data and…
IT Security News Hourly Summary 2026-05-08 18h : 6 posts
6 posts were published in the last hour 16:2 : French Prosecutors Escalate Elon Musk X Probe to Criminal Investigation 16:2 : Anthropic’s Claude used in attempted compromise of Mexican water utility 16:2 : Instructure confirms cybersecurity incident 15:32 :…
French Prosecutors Escalate Elon Musk X Probe to Criminal Investigation
French prosecutors have escalated their inquiry into Elon Musk and X into a criminal investigation, widening a case that already included allegations of algorithmic manipulation, improper data extraction, and harmful content on the platform. The move deepens a legal…
Anthropic’s Claude used in attempted compromise of Mexican water utility
Researchers warn the incident highlights how AI tools can help untrained threat actors develop complex cyberattack capabilities. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Anthropic’s Claude used in attempted compromise of Mexican…
Instructure confirms cybersecurity incident
The ed tech company that operates Canvas said information impacted by the data breach includes messages, names, email addresses and student ID numbers. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Instructure confirms cybersecurity…
Trenchant Exec Who Sold Zero Days to Russian Buyer Ordered to Pay $10 Million in Restitution to Former Employers
Peter Joseph Williams, the former L3 Trenchant executive recently convicted of stealing zero-day exploits from his employer and selling them to a Russian broker, has been ordered to pay $10 million to his former employer and its parent company, according…
CVE-2026-34354: Guardicore Local Privilege Escalation Vulnerability
Read the technical details of a security vulnerability (CVE-2026-34354) in Akamai Guardicore Platform Agent for Windows — and get clear guidance on mitigation. This article has been indexed from Blog Read the original article: CVE-2026-34354: Guardicore Local Privilege Escalation Vulnerability
Zara Data Breach: 197,000 Customers Exposed in Third-Party Security Incident
Nearly 200,000 Zara customers were exposed in a third-party breach linked to ShinyHunters, revealing emails, purchase history, and support data. Personal data belonging to nearly 197,000 Zara customers has been compromised following a cyberattack on a former technology provider used…
Hackers Abuse Signed Logitech Installer to Deploy TCLBANKER Banking Trojan
A new banking trojan known as TCLBANKER has been quietly making rounds, and its delivery method is as clever as it is concerning. Attackers are using a trojanized version of a legitimate, digitally signed installer to slip malware onto victims’…
New Infostealer Campaign Uses GitHub Releases for Payload Hosting and Evasion
A newly discovered cyberespionage campaign is using a deceptively simple tactic to slip past security defenses: disguising malware as a humanitarian aid request while hiding the real payload on GitHub. Researchers have named this operation “HumanitarianBait,” and it is far…
Fake Moustache Bypasses Age Verification System Raising Online Safety Act Concerns
A 12-year-old boy grabbed an eyebrow pencil, drew a moustache on his face, held it up to his screen, and was verified as 15 years old. That single moment, shared by a parent in a UK survey, says more about…
Hackers Leveraged Hugging Face and ClawHub With 575+ Malicious Skills to Deploy Malware
An active malware distribution campaign abusing two prominent AI platforms Hugging Face and ClawHub to deliver trojans, cryptominers, and infostealers disguised as legitimate AI tools and agent extensions. The campaign marks a significant evolution in supply chain attacks, shifting from…
New ZiChatBot Malware Uses Zulip REST APIs as Command and Control Server
A newly discovered malware called ZiChatBot has been found quietly using the REST APIs of a legitimate team chat application called Zulip to receive and carry out commands from its operators. This approach is unusual because the malware never communicates…
Hackers Attack School Login Pages After Another Instructure Breach
Instructure attacked Last week, edtech giant Instructure reported a data breach where threat actors stole students’ personal data: names, email addresses, and conversations between students and teachers. Hackers compromised Instructure again, destroying various schools’ login sites to the platform…
Cisco Reveals Security Gaps in Vision Language Models
Cisco researchers found that tiny, nearly invisible image perturbations can bypass vision language model safety mechanisms. The post Cisco Reveals Security Gaps in Vision Language Models appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read…
In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner
Other noteworthy stories that might have slipped under the radar: US gov targets 72-hour patch cycles, malware uses Windows Phone Link to steal OTPs, spy operation targets Eurasian drone industry. The post In Other News: Train Hacker Arrested, PamDOORa Linux…