India’s education sector is now at the center of a growing cybercrime storm. Millions of students across the country are being targeted by threat actors who have turned personal academic data into a weapon for phishing, social engineering, and direct…
Fake Invitation Phishing Campaign Targets U.S. Organizations With Credential Theft
A large-scale phishing campaign is actively targeting U.S. organizations, using fake event invitations as bait to steal login credentials, intercept one-time passwords, or install remote access tools. The operation has been running since at least December 2025, with researchers tracking…
TamperedChef Malware Uses Signed Productivity Apps to Deliver Stealers and RATs
A new wave of malware disguised as everyday productivity tools has been quietly spreading across the internet, stealing user credentials and giving attackers remote control of infected systems. Researchers have tracked hundreds of campaigns tied to a threat known as…
Hackers Use Fake Microsoft Teams Downloads to Deploy ValleyRAT Malware
Hackers have been caught running a deceptive campaign that uses fake Microsoft Teams download websites to trick users into installing ValleyRAT, a remote access trojan capable of stealing data, logging keystrokes, and taking remote control of infected machines. The campaign,…
Threat hunters find Google API keys still usable 23 minutes after deletion
Plenty of time for bad actors to grab data or hit you with a giant bill This article has been indexed from www.theregister.com – Articles Read the original article: Threat hunters find Google API keys still usable 23 minutes after…
Law enforcement shuts down VPN service used by two dozen ransomware gangs
First VPN promised hackers complete anonymity for their cyberattacks. But Europol said it was able to notify the service’s users that they have now been identified. This article has been indexed from Security News | TechCrunch Read the original article:…
AWS KY3P report now available for third-party supplier due diligence
We’re excited to announce that Amazon Web Services (AWS) has completed the S&P Global Know Your Third Party (KY3P) assessment of its security posture. This assessment demonstrates our continued commitment to meet the heightened expectations of cloud service providers. Customers…
Is Temu Safe? What to Know Before Shopping
Is Temu safe? We cover what to know about shopping on the platform, from data privacy to payment security, plus tips to shop smart wherever you buy. The post Is Temu Safe? What to Know Before Shopping appeared first on…
HackerOne takes an axe to its bug bounty rewards
Critical flaw payouts slashed by more than 75% This article has been indexed from www.theregister.com – Articles Read the original article: HackerOne takes an axe to its bug bounty rewards
IT Security News Hourly Summary 2026-05-21 21h : 2 posts
2 posts were published in the last hour 18:32 : Apple Blocks Over 2 Million Apps in 2025 Fraud Crackdown 18:32 : Global law enforcement operation takes First VPN offline
Apple Blocks Over 2 Million Apps in 2025 Fraud Crackdown
Apple 2025 fraud report shows major App Store protections: over 2M apps rejected, 1B fake accounts blocked, and billions in fraud prevented. Apple ‘s annual fraud prevention report for 2025 paints a striking picture of just how much effort goes…
Global law enforcement operation takes First VPN offline
Police seized First VPN in a global crackdown, exposed its cybercrime users, and shut down infrastructure tied to ransomware and data theft. A major international law enforcement operation has taken First VPN offline, a service that had become a quiet staple for…
The art of being ungovernable
In this edition of the Threat Source newsletter, William explores the value of being “ungovernable” in a professional setting, sharing how challenging the status quo and seeking out the smartest people in the room can lead to a more fulfilling…
Mini Shai-Hulud Compromises @antv npm Packages to Steal CI/CD Credentials
A new and sophisticated supply chain attack has been uncovered, targeting one of the most trusted corners of the open-source software world. Dubbed “Mini Shai-Hulud,” this campaign went after the @antv npm package ecosystem, a collection of widely used data…
Authorities Have Taken Down “First VPN” Used in Ransomware Attacks
In a major international law enforcement success, authorities from seven countries dismantled First VPN, a criminal virtual private network linked to global cybercrime, during a coordinated operation on May 19 and 20, 2026. Dubbed Operation Saffron, the joint action was…
Critical Chrome Vulnerabilities Enable Remote Code Execution Attacks – Patch Now!
Google has released an urgent security update for Chrome, addressing 16 vulnerabilities including two rated Critical that could allow attackers to execute arbitrary code on affected systems. The Stable channel has been updated to 148.0.7778.178/179 for Windows and Mac, and…
Microsoft Defender vulnerabilities are being exploited in the wild
CISA added seven known exploited vulnerabilities to its KEV catalog, including two Microsoft Defender flaws. This article has been indexed from Malwarebytes Read the original article: Microsoft Defender vulnerabilities are being exploited in the wild
Evaluating SOC Effectiveness Using Detection Coverage and Response Metrics
Security Operations Center evaluation often collapses into counting activity: alerts processed, cases closed, and tools deployed. Those numbers are easy to collect but frequently mislead because they blend workload, noise, and adversary pressure. A more defensible approach evaluates the SOC…
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 11, 2026 to May 17, 2026)
Last week, there were disclosed in and that have been added to the Wordfence Intelligence Vulnerability Database, and there were that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not…
6 Best Vulnerability Management Software & Systems for 2026
Compare the top vulnerability management software in 2026 to help your security team prioritize and apply fixes across your network. The post 6 Best Vulnerability Management Software & Systems for 2026 appeared first on eSecurity Planet. This article has been…
7 Best Attack Surface Management Software in 2026
Efficiently manage your attack surface in 2026 with industry-leading tools. The post 7 Best Attack Surface Management Software in 2026 appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original article: 7 Best Attack…
ABB B&R PCs
View CSAF Summary ABB became aware of vulnerability in the product versions listed as affected in the advisory. An update is now available that addresses and remediates the vulnerability. A network attacker could exploit the vulnerabilities to execute remote code,…
ABB B&R Automation Runtime
View CSAF Summary An update is available that resolves a vulnerability identified by B&Rs internal security analysis in the product versions listed as affected in this advisory. An attacker who successfully exploited these vulnerabilities could take over a remote session…
ABB B&R Automation Studio
View CSAF Summary ABB became aware of vulnerability in the product versions listed as affected in the advisory. An update is available that replaces an outdated third-party component. Although no successful exploitation was observed during testing of the affected B&R…