The U.S. Department of Justice (DOJ) has sentenced two American cybersecurity professionals to prison for their involvement in ALPHV BlackCat ransomware attacks that targeted multiple U.S. organizations in 2023. The case highlights the growing threat of insider expertise being misused…
New Apache MINA Vulnerabilities Open Door to Remote Code Execution Attacks
The Apache MINA project has issued urgent security updates to address two severe vulnerabilities. These security flaws could allow malicious actors to execute unauthorized code remotely. The development team has successfully patched these issues in the newly released Apache MINA…
Critical MOVEit Vulnerabilities Enables Authentication Bypass
Progress Software has issued a critical security bulletin for its MOVEit Automation platform. This April 2026 alert warns of two highly severe vulnerabilities that could allow attackers to bypass security checkpoints and gain full system control. MOVEit Automation is widely…
CISA Warns of cPanel & WHM Vulnerability Exploited in Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical security flaw affecting widely used web hosting management platforms. CISA recently added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, indicating that threat…
If the vote you rocked, your personal info can be grokked
Even limited voter rolls can be linked to identify people, research shows Your voter data could be used against you. A foreign intelligence service that wished to identify the family members of deployed military personnel could do so by cross-referencing…
OpenAI Rolls Out Advanced Security for ChatGPT Accounts
Advanced Account Security provides stronger login methods, more secure account recovery, shorter sessions, and training exclusion. The post OpenAI Rolls Out Advanced Security for ChatGPT Accounts appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Frameworks Don’t Build Trust. Adoption Does
As AI evolves toward autonomy, the Cloud Security Alliance is launching the STAR for AI Catastrophic Risk Annex to codify auditable controls for agentic systems The post Frameworks Don’t Build Trust. Adoption Does appeared first on Security Boulevard. This article…
How OpenClaw’s agent skills become an attack surface
OpenClaw and similar AI agent ecosystems, present pressing security risks. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: How OpenClaw’s agent skills become an attack surface
cPanel Vulnerability Exploited to Compromise Government and Military Servers
A critical authentication bypass vulnerability in cPanel and Web Host Manager, officially tracked as CVE-2026-41940, is currently being exploited by unidentified threat actors. Security researchers at Ctrl-Alt-Intel recently uncovered an alarming campaign leveraging this vulnerability to compromise government and military…
CISA Alert Highlights Active Exploitation of cPanel & WHM Security Bug
The US Cybersecurity and Infrastructure Security Agency (CISA) has raised the alarm over a critical security vulnerability affecting WebPros cPanel & WebHost Manager (WHM) and WP2 (WordPress Squared). On April 30, 2026, CISA officially added this flaw to its Known…
A week in security (April 27 – May 3)
A list of topics we covered in the week of April 27 to May 3 of 2026 The post A week in security (April 27 – May 3) appeared first on Security Boulevard. This article has been indexed from Security…
Hackers Target Cloud Apps Using Phone Scams and Login Tricks
Cybersecurity researchers have identified two threat groups that are executing fast-moving attacks almost entirely within software-as-a-service environments, allowing them to operate with very little visible trace of intrusion. The groups, tracked as Cordial Spider and Snarky Spider, are also known…
15-year-old detained over massive data breach at French government agency
French authorities have detained a 15-year-old suspected of involvement in a data breach at France Titres, the government agency responsible for issuing official documents. “Between 12 and 18 million data records were reportedly being offered for sale on cybercriminal forums…
Attackers Hijack SAP npm Packages to Steal Dev Secrets
A sophisticated supply chain attack hit the SAP developer ecosystem on April 29, 2026, compromising four widely-used npm packages with credential-stealing malware. The attackers modified package installation scripts to download the Bun JavaScript runtime a legitimate alternative to Node.js during…
Over 40,000 Servers Compromised in Ongoing cPanel Exploitation
The attacks likely target CVE-2026-41940, a recently patched zero-day leading to administrative access. The post Over 40,000 Servers Compromised in Ongoing cPanel Exploitation appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Over 40,000…
Wingtech Faces Delisting Risk Amid Nexperia Row
Chinese parent of Dutch chipmaker faces bourse issues after auditors lose access to financial records of overseas operations This article has been indexed from Silicon UK Read the original article: Wingtech Faces Delisting Risk Amid Nexperia Row
Five Eyes spook shops warn rapid rollouts of agentic AI are too risky
Prioritize resilience over productivity, say CISA, NCSC and their friends from Oz, NZ, Canada Information security agencies from the nations of the Five Eyes security alliance have co-authored guidance on the use of agentic AI that warns the technology will…
Email Bombing and Fake IT Support Calls Fuel New Microsoft Teams Phishing Attacks
A new wave of cyberattacks is targeting employees through a combination of inbox flooding and fake IT support contacts on Microsoft Teams, tricking users into handing over remote access to their own devices. These attacks have been growing steadily since…
FreeBSD DHCP Client Vulnerability Enables Remote Code Execution as Root
The FreeBSD Project has released a critical security advisory addressing a severe flaw in its default IPv4 DHCP client. Tracked as CVE-2026-42511, this vulnerability allows a local network attacker to execute arbitrary code as root, granting them complete control over the…
Threat Actors Use AI to Automate 0-Day Discovery and Exploitation at Machine Speed
The way cyberattacks are launched has fundamentally changed. Threat actors are no longer spending months hunting for software flaws by hand. With artificial intelligence in their toolkit, they can now discover and exploit zero-day vulnerabilities in minutes, placing organizations across…
OpenAI Orders Models Not To Talk About Goblins
Start-up tweaks models to downplay references to gremlins, ogres, pigeons or raccoons, following user complaints This article has been indexed from Silicon UK Read the original article: OpenAI Orders Models Not To Talk About Goblins
Kenya Workers Who Viewed Meta Glasses Wearers Having Sex Are Fired
More than 1,000 staff laid off in Kenya subcontractor after staff disclosed reviewing smart glasses footage of users going to toilet This article has been indexed from Silicon UK Read the original article: Kenya Workers Who Viewed Meta Glasses Wearers…
Email Bombing, Fake IT Support Calls Drive Microsoft Teams Phishing Surge
Email bombing campaigns combined with fake IT support outreach are driving a surge in sophisticated Microsoft Teams phishing attacks. The attacks typically begin with email bombing, where victims are flooded with spam messages to create confusion and urgency. Shortly after,…
AI-Powered Threat Actors Accelerate 0-Day Discovery at Machine Speed
Threat actors are already using AI models as autonomous operators to discover and exploit 0‑days in minutes, thereby collapsing the time and cost required to run complex intrusion campaigns. This shift, first clearly visible in late 2025 operations, is forcing…