Educational institutions are now facing a coordinated mix of state espionage, spear‑phishing, and supply chain intrusions, even as classic ransomware and vulnerability volumes show signs of easing. Every attributed campaign was linked to state actors, with no financially motivated groups…
WhatsApp Security Flaw Enables Malicious URL Execution Through Instagram Reels
WhatsApp has recently patched two notable security vulnerabilities that could have allowed attackers to execute malicious links and disguise dangerous files. The most alarming discovery involves a flaw in how WhatsApp processes Instagram Reels. This vulnerability allows remote threat actors…
DarkSword Malware
DarkSword is a sophisticated piece of malware—probably government designed—that targets iOS. Google Threat Intelligence Group (GTIG) has identified a new iOS full-chain exploit that leveraged multiple zero-day vulnerabilities to fully compromise devices. Based on toolmarks in recovered payloads, we believe…
Karakurt Ransomware Negotiator Sentenced to Prison
Deniss Zolotarjovs was directly involved in extortion strategies and in negotiations with victim companies. The post Karakurt Ransomware Negotiator Sentenced to Prison appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Karakurt Ransomware Negotiator…
The AI Regulation Race: Can the US Keep Innovation Ahead of Oversight?
Can the US balance AI innovation with regulation? Explore how enterprises navigate fragmented policies, global pressure, and governance challenges. This article has been indexed from Silicon UK Read the original article: The AI Regulation Race: Can the US Keep Innovation…
FEMITBOT Network Abuses Telegram Mini Apps for Crypto Scams and Android Malware
A massive fraud network called FEMITBOT uses Telegram Mini Apps and fake brand names like Apple, Disney, and… This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: FEMITBOT Network Abuses…
Microsoft warns of global campaign stealing auth tokens from 35K users
Microsoft revealed a phishing campaign hitting 35,000 users in 26 countries, stealing login tokens via fake code-of-conduct emails and legit services. Microsoft disclosed a major phishing campaign that targeted over 35,000 users across 26 countries in mid-April 2026. Attackers used…
Anomali ThreatStream Next-Gen speeds threat response across workflows
Anomali has announced ThreatStream Next-Gen. Available standalone or within the Anomali Unified Security Data Lake, it turns threat intelligence into an active decisioning layer across security workflows, validated to drive investigations 300× faster than traditional methods across 50 enterprise deployments.…
CloudZ RAT potentially steals OTP messages using Pheno plugin
Cisco Talos discovered an intrusion, active since at least January 2026, where an unknown attacker implanted a CloudZ remote access tool (RAT) and a previously undocumented plugin called “Pheno.” This article has been indexed from Cisco Talos Blog Read the original article: CloudZ RAT potentially steals OTP messages using Pheno plugin
UAT-8302 and its box full of malware
Cisco Talos is disclosing UAT-8302, a sophisticated, China-nexus advanced persistent threat (APT) group targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025. This article has been indexed from Cisco Talos…
Intel Appoints Qualcomm Exec To Handle PCs, Robotics
Top Qualcomm executive Alex Katouzian to lead Intel desktop computing group after spearheading Qualcomm’s Snapdragon X desktop chip This article has been indexed from Silicon UK Read the original article: Intel Appoints Qualcomm Exec To Handle PCs, Robotics
Code of Conduct Phish Hits 35,000 Users in Multi-Stage AiTM Attack
A highly sophisticated phishing campaign leveraging code-of-conduct-themed lures has targeted more than 35,000 users across 13,000 organizations. The multi-stage attack, observed between April 14 and April 16, 2026, highlights how threat actors are refining social engineering, delivery infrastructure, and authentication…
NCSC Warns of an AI-Fuelled “Vulnerability Patch Wave”
The UK’s National Cyber Security Centre is urging organizations to prepare for glut of new software updates This article has been indexed from www.infosecurity-magazine.com Read the original article: NCSC Warns of an AI-Fuelled “Vulnerability Patch Wave”
IT Security News Hourly Summary 2026-05-05 12h : 16 posts
16 posts were published in the last hour 9:35 : New Mexico Seeks Billions In Meta Public Nuisance Claim 9:35 : ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows 9:35 : Beware of Fake ‘Notepad++ for…
New Mexico Seeks Billions In Meta Public Nuisance Claim
In second phase of trial, state attorney general seeks billions in fines and substantial changes to Meta apps over safety concerns This article has been indexed from Silicon UK Read the original article: New Mexico Seeks Billions In Meta Public…
ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows
The North Korea-aligned state-sponsored hacking group known as ScarCruft has compromised a video game platform in a supply chain espionage attack, trojanizing its components with a backdoor called BirdCallto likely target ethnic Koreans residing in China. While prior versions of…
Beware of Fake ‘Notepad++ for Mac’ Website, Possibly Could Harm your Machine
A fake website claiming to offer an official macOS version of the popular text editor Notepad++ has been making rounds online, raising serious cybersecurity concerns across the tech community. The site, operating under the domain notepad-plus-plus-mac.org, falsely presents itself as…
NHS to close-source hundreds of GitHub repos over AI, security concerns
Healthcare giant’s maintainers handed May deadline to enact the change The UK’s National Health Service (NHS) is ordering all of its technology leaders to temporarily wall off the organization’s open source projects over concerns relating to advanced AI and Anthropic’s…
WhatsApp Discloses File Spoofing, Arbitrary URL Scheme Vulnerabilities
The vulnerabilities were reported to Meta through its bug bounty program and were patched with updates released earlier this year. The post WhatsApp Discloses File Spoofing, Arbitrary URL Scheme Vulnerabilities appeared first on SecurityWeek. This article has been indexed from…
MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs
The security defects allow unauthenticated, remote attackers to execute arbitrary code through crafted requests. The post MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: MetInfo, Weaver…
North Korean hackers trojanize gaming platform to spy on ethnic Koreans in China
A gaming platform built for ethnic Koreans in China has been serving backdoored Windows and Android software to its users since late 2024. The platform, sqgame[.]net, hosts traditional card and board games for a community that sits along the North…
SEC Fines Musk $1.5m Over Twitter Stake Disclosure
Entrepreneur Elon Musk to pay $1.5m in settlement with US regulator over failure to disclose large stake in Twitter ahead of buyout This article has been indexed from Silicon UK Read the original article: SEC Fines Musk $1.5m Over Twitter…
Attackers Exploit Amazon SES to Send Authenticated Phishing Emails
Attackers are increasingly abusing Amazon Simple Email Service (SES) to deliver highly convincing phishing emails that bypass traditional security controls, marking a growing trend in email-based threats. The primary goal of any phishing campaign is to evade detection while tricking…
Qualcomm Chipset Vulnerabilities Raise Alarm Over Remote Code Execution Risk
Qualcomm Technologies has released its May 2026 security bulletin, addressing a sweeping array of vulnerabilities across its proprietary and open-source software ecosystems. Threat actors could exploit these security gaps to compromise smartphones, automotive systems, and industrial Internet of Things devices…