macOS users are facing a new and sophisticated threat as a variant of the SHub infostealer malware, dubbed “Reaper,” has been observed deploying a fake Google Software Update LaunchAgent to maintain persistent access on infected machines. The malware stays hidden…
UAC-0184 Malware Chain Uses bitsadmin and HTA Files for Gated Payload Delivery
A newly documented attack chain linked to the threat group UAC-0184 has been observed using Windows’ built-in bitsadmin tool and HTA files to sneak malicious payloads onto targeted systems. The campaign is primarily aimed at Ukraine, with clear indicators pointing…
IT Security News Hourly Summary 2026-05-20 00h : 7 posts
7 posts were published in the last hour 22:4 : Microsoft shuts down illegal code-signing operation used by ransomware crims to mask their malware 22:4 : CIRT insights: How to help prevent unauthorized account removals from AWS Organizations 21:55 :…
Microsoft shuts down illegal code-signing operation used by ransomware crims to mask their malware
‘Thousands’ of US victims, including 12+ machines owned and operated by Redmond This article has been indexed from www.theregister.com – Articles Read the original article: Microsoft shuts down illegal code-signing operation used by ransomware crims to mask their malware
CIRT insights: How to help prevent unauthorized account removals from AWS Organizations
The AWS Customer Incident Response Team works with customers to help them recover from active security incidents. As part of this work, the team often uncovers new or trending tactics used by various threat actors that take advantage of specific…
IT Security News Daily Summary 2026-05-19
158 posts were published in the last hour 21:34 : AI Agent Security: Automating Workflow Without Creating Prompt Injection or Data Leak Risks 21:34 : From teen hacker to Iron Dome researcher, this founder raised $28M to fight AI phishing…
AI Agent Security: Automating Workflow Without Creating Prompt Injection or Data Leak Risks
AI agent security starts with a simple fact: the more authority an agent has, the tighter its access… This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: AI Agent Security:…
From teen hacker to Iron Dome researcher, this founder raised $28M to fight AI phishing
Ocean, an agentic email security platform, raised funding from Lightspeed Venture Partners. This article has been indexed from Security News | TechCrunch Read the original article: From teen hacker to Iron Dome researcher, this founder raised $28M to fight AI…
Discord enables end-to-end encrypted voice and video calling for every user
Good news! Discord’s hundreds of millions of users now have their communications scrambled, so not even Discord can see them. This article has been indexed from Security News | TechCrunch Read the original article: Discord enables end-to-end encrypted voice and…
The Gentlemen Ransomware Attacks Windows, Linux, NAS, BSD, and ESXi Attacks
A ransomware group called The Gentlemen has been quietly building one of the most aggressive cybercriminal operations seen in recent years. Emerging publicly in the second half of 2025, the group rapidly scaled its activity to become one of the…
Hackers have compromised dozens of popular open source packages in an ongoing supply-chain attack
The attacks are part of a wider campaign known as Mini Shai-Hulud, which has already compromised several open source projects and, in turn, developers and companies that use them. This article has been indexed from Security News | TechCrunch Read…
Drupal is rolling out an emergency security update on May 20. You cannot miss it
Drupal Is Pushing an Emergency Security Update Tomorrow. If You Run a Drupal Site, This Is Not One to Miss. Something significant is coming out of the Drupal project tomorrow, and the way the announcement is worded should be enough…
CISA GitHub Leak Exposes AWS GovCloud Secrets
A public GitHub repository tied to a CISA contractor reportedly exposed AWS GovCloud credentials and internal deployment data. The post CISA GitHub Leak Exposes AWS GovCloud Secrets appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet…
OffSec Launches Instructor-Led Live Training for Enterprise Security Teams
OffSec is excited to announce the launch of Live Training. Booking for instructor-led, in-person training now open. The post OffSec Launches Instructor-Led Live Training for Enterprise Security Teams appeared first on OffSec. This article has been indexed from OffSec Read…
Kimsuky Hackers Use LNK and JSE Lures to Target Recruiters, Crypto Users, and Defense Officials
North Korea-linked hackers are at it again, and this time they are casting a wide net. The Kimsuky threat group, a well-known cyber espionage unit with ties to the DPRK, ran four separate spear-phishing campaigns in the first half of…
IT Security News Hourly Summary 2026-05-19 21h : 5 posts
5 posts were published in the last hour 18:32 : Microsoft dismantled malware-signing network Fox Tempest 18:32 : Operation Ramz Seizes 53 Servers Linked to Cyber Scams and Malware Threats 18:32 : 3 Tactics Elite SOCs Use to Operationalize Threat…
Microsoft dismantled malware-signing network Fox Tempest
Microsoft disrupted Fox Tempest, a malware-signing-as-a-service (MSaaS) that allowed attackers to sign malware with fake trusted certificates. Microsoft said it disrupted a cybercrime operation run by a threat actor named Fox Tempest, which helped threat actors sign malware with short-lived…
Operation Ramz Seizes 53 Servers Linked to Cyber Scams and Malware Threats
A large-scale international cybercrime crackdown dubbed Operation Ramz has led to the seizure of 53 servers, the arrest of 201 individuals, and the identification of 382 additional suspects across the Middle East and North Africa (MENA) region. The coordinated operation, led…
3 Tactics Elite SOCs Use to Operationalize Threat Intelligence
A data breach makes headlines for a day. The damage it leaves behind lasts years. Critical business risk isn’t one catastrophic moment — it’s a slow-motion erosion: dwell time compounding into lateral movement, a compromised supplier becoming your breach, a…
DirtyDecrypt Linux Kernel Vulnerability PoC Exploit Code Released
A working proof-of-concept (PoC) exploit for a high-severity Linux kernel local privilege escalation vulnerability dubbed DirtyDecrypt, also tracked as DirtyCBC, enables local attackers to gain full root access on affected systems. Security analyst Will Dormann technically attributes the flaw to CVE-2026-31635, a…
Malware Campaign Uses JavaScript, PowerShell, and Shellcode to Deliver Crypto Clipper
A wave of well-crafted malware is quietly draining cryptocurrency from users across the globe, and the attackers behind it have gone to great lengths to stay hidden. Researchers have uncovered a large-scale campaign built around a multi-stage loader called CountLoader,…
Grafana Rejects Ransom Demand After GitHub Breach Exposes Codebase Theft
Grafana refused an extortion demand after attackers used a stolen GitHub token to download code, with no customer data exposed so far. The post Grafana Rejects Ransom Demand After GitHub Breach Exposes Codebase Theft appeared first on TechRepublic. This article…
AdvancedHEALTH Ransomware Claim Includes 2.3M Patient Data Lines
DragonForce claims it stole 390GB from AdvancedHEALTH, including patient data and minors’ records, as breach notices and legal scrutiny begin. The post AdvancedHEALTH Ransomware Claim Includes 2.3M Patient Data Lines appeared first on TechRepublic. This article has been indexed from…
Microsoft Confirms Windows Update Bug Blocking Security Fixes
Microsoft confirmed that KB5089549 can fail with error 0x800f0922 on Windows 11 devices with low EFI partition space, and shared workarounds are available. The post Microsoft Confirms Windows Update Bug Blocking Security Fixes appeared first on TechRepublic. This article has…