Cybersecurity researchers have discovered fraudulent apps on the official Google Play Store for Android that falsely claimed to offer access to call histories for any phone number, only to trick users into joining a subscription that provided fake data and…
IT Security News Hourly Summary 2026-05-08 18h : 6 posts
6 posts were published in the last hour 16:2 : French Prosecutors Escalate Elon Musk X Probe to Criminal Investigation 16:2 : Anthropic’s Claude used in attempted compromise of Mexican water utility 16:2 : Instructure confirms cybersecurity incident 15:32 :…
French Prosecutors Escalate Elon Musk X Probe to Criminal Investigation
French prosecutors have escalated their inquiry into Elon Musk and X into a criminal investigation, widening a case that already included allegations of algorithmic manipulation, improper data extraction, and harmful content on the platform. The move deepens a legal…
Anthropic’s Claude used in attempted compromise of Mexican water utility
Researchers warn the incident highlights how AI tools can help untrained threat actors develop complex cyberattack capabilities. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Anthropic’s Claude used in attempted compromise of Mexican…
Instructure confirms cybersecurity incident
The ed tech company that operates Canvas said information impacted by the data breach includes messages, names, email addresses and student ID numbers. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Instructure confirms cybersecurity…
Trenchant Exec Who Sold Zero Days to Russian Buyer Ordered to Pay $10 Million in Restitution to Former Employers
Peter Joseph Williams, the former L3 Trenchant executive recently convicted of stealing zero-day exploits from his employer and selling them to a Russian broker, has been ordered to pay $10 million to his former employer and its parent company, according…
CVE-2026-34354: Guardicore Local Privilege Escalation Vulnerability
Read the technical details of a security vulnerability (CVE-2026-34354) in Akamai Guardicore Platform Agent for Windows — and get clear guidance on mitigation. This article has been indexed from Blog Read the original article: CVE-2026-34354: Guardicore Local Privilege Escalation Vulnerability
Zara Data Breach: 197,000 Customers Exposed in Third-Party Security Incident
Nearly 200,000 Zara customers were exposed in a third-party breach linked to ShinyHunters, revealing emails, purchase history, and support data. Personal data belonging to nearly 197,000 Zara customers has been compromised following a cyberattack on a former technology provider used…
Hackers Abuse Signed Logitech Installer to Deploy TCLBANKER Banking Trojan
A new banking trojan known as TCLBANKER has been quietly making rounds, and its delivery method is as clever as it is concerning. Attackers are using a trojanized version of a legitimate, digitally signed installer to slip malware onto victims’…
New Infostealer Campaign Uses GitHub Releases for Payload Hosting and Evasion
A newly discovered cyberespionage campaign is using a deceptively simple tactic to slip past security defenses: disguising malware as a humanitarian aid request while hiding the real payload on GitHub. Researchers have named this operation “HumanitarianBait,” and it is far…
Fake Moustache Bypasses Age Verification System Raising Online Safety Act Concerns
A 12-year-old boy grabbed an eyebrow pencil, drew a moustache on his face, held it up to his screen, and was verified as 15 years old. That single moment, shared by a parent in a UK survey, says more about…
Hackers Leveraged Hugging Face and ClawHub With 575+ Malicious Skills to Deploy Malware
An active malware distribution campaign abusing two prominent AI platforms Hugging Face and ClawHub to deliver trojans, cryptominers, and infostealers disguised as legitimate AI tools and agent extensions. The campaign marks a significant evolution in supply chain attacks, shifting from…
New ZiChatBot Malware Uses Zulip REST APIs as Command and Control Server
A newly discovered malware called ZiChatBot has been found quietly using the REST APIs of a legitimate team chat application called Zulip to receive and carry out commands from its operators. This approach is unusual because the malware never communicates…
Hackers Attack School Login Pages After Another Instructure Breach
Instructure attacked Last week, edtech giant Instructure reported a data breach where threat actors stole students’ personal data: names, email addresses, and conversations between students and teachers. Hackers compromised Instructure again, destroying various schools’ login sites to the platform…
Cisco Reveals Security Gaps in Vision Language Models
Cisco researchers found that tiny, nearly invisible image perturbations can bypass vision language model safety mechanisms. The post Cisco Reveals Security Gaps in Vision Language Models appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read…
In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner
Other noteworthy stories that might have slipped under the radar: US gov targets 72-hour patch cycles, malware uses Windows Phone Link to steal OTPs, spy operation targets Eurasian drone industry. The post In Other News: Train Hacker Arrested, PamDOORa Linux…
Financial Services Must Prepare for Attacks Originating Inside the Cloud
With the increase in adoption of cloud-based infrastructure, digital banking ecosystems, and interconnected transaction platforms, cybersecurity has evolved from a regulatory requirement to a critical element of operational resilience. Payment service providers, banks, insurance companies, and investment firms now process…
Canvas Learning Platform Outage Disrupts Universities After ShinyHunters Cyberattack
Midday classes hit pause when Canvas went offline nationwide following a security alert that triggered emergency repairs. Though the issue began in Texas, ripple effects reached campuses far outside, cutting off vital links to homework and recorded lectures. When…
Dirty Frag: Unpatched Linux vulnerability delivers root access
A week after Copy Fail, another Linux local privilege escalation vulnerability dubbed “Dirty Frag” has been revealed, along with a PoC exploit. What is Dirty Frag In effect, Dirty Frag refers to two flaws: A xfrm-ESP Page-Cache Write vulnerability (CVE-2026-43284,…
ClaudeBleed Vulnerability Lets Hackers Hijack Claude Chrome Extension to Steal Data
The ClaudeBleed vulnerability allows hackers to bypass Claude for Chrome guardrails to exfiltrate private Google Drive and Gmail data. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: ClaudeBleed Vulnerability…
‘Dirty Frag’ Linux flaw one-ups CopyFail with no patches and public root exploit
Broken disclosure embargo left admins facing a fresh root-level flaw with no CVE This article has been indexed from www.theregister.com – Articles Read the original article: ‘Dirty Frag’ Linux flaw one-ups CopyFail with no patches and public root exploit
Pam Backdoor Targets Linux Systems to Steal SSH Credentials
A newly observed Linux backdoor technique, dubbed Pam, is exploiting the flexibility of Pluggable Authentication Modules (PAM) to capture SSH credentials and maintain persistence on compromised systems stealthily. Since its introduction in 1991 by Linus Torvalds, Linux has been designed for…
Microsoft says Edge’s plaintext password behavior is “by design”
A researcher found Edge loads saved passwords into computer memory when it starts, making them easier to steal if a device is already compromised. This article has been indexed from Malwarebytes Read the original article: Microsoft says Edge’s plaintext password…
Trellix Breach – RansomHouse Claims Access to Parts of Source Code
Trellix, the global cybersecurity firm formed from the merger of McAfee Enterprise and FireEye, has confirmed unauthorized access to a portion of its source code repository, with the RansomHouse ransomware group formally claiming responsibility for the attack. Trellix reported a…