The security defect (CVE-2026-8732) allows unauthenticated attackers to create administrative accounts on the affected installations. The post WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
First VPN Service Taken Offline Following Ransomware and Data Theft Investigation
Cybercrime has become increasingly challenging as efforts to disrupt it have shifted beyond the threat actors themselves towards the infrastructure that enables them to operate at scale have increased. First VPN has been dismantled in a significant enforcement action…
What One Predator Case Can Reveal About an Online Platform’s Safety Gaps
When a predator contacts a child through an online platform, the details of how it happened often expose… This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: What One Predator…
Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts
The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions began circulating on Telegram showing how to trick Meta’s…
IBM WebSphere Server Vulnerable to Remote Code Execution Attack Via Crafted Request
IBM has disclosed a critical security vulnerability in its WebSphere Application Server ecosystem that could allow attackers to execute arbitrary code through specially crafted HTTP requests. The flaw, tracked as CVE-2026-8633, affects environments that use the optional Web Server Plug-ins…
Dutch Police Dismantle Massive 17-Million-Device Botnet
Dutch authorities seized command-and-control servers tied to a botnet of infected computers, smartphones, and tablets that was allegedly used to power a residential proxy network and facilitate cybercrime. The post Dutch Police Dismantle Massive 17-Million-Device Botnet appeared first on SecurityWeek.…
RaccoonLine Publishes a Breakdown of 7 Structural Differences Between dVPNs and Traditional VPNs
Rome, Italy, June 1st, 2026, CyberNewswire With VPN providers facing increasing legal pressure from governments across multiple jurisdictions in 2026, RaccoonLine today published a technical breakdown of the seven structural differences between decentralized and centralized VPN architecture, focusing specifically on…
Grand Theft Auto V cheat service gets hacked, exposing thousands of gamers
Hackers stole usernames, hashed passwords, and other data from a service that allowed players to cheat in Grand Theft Auto V. This article has been indexed from Security News | TechCrunch Read the original article: Grand Theft Auto V cheat…
OpenAI requires stronger authentication for users of its most powerful AI models
Yubico announced its significant role in securing the AI frontier as OpenAI mandates the use of passkeys for individuals that are part of their Trusted Access for Cyber (TAC) program. As a leading global AI research and development company, OpenAI…
Vulnerability Disclosure in the Age of AI
New article: “Responsible Disclosure in the Age of AI: A Call for Urgent Action,” by Melissa Hathaway. Abstract: Artificial intelligence is fundamentally reshaping the balance between vulnerability discovery and remediation. Frontier AI models are now capable of autonomously identifying exploitable…
Vulnerability Summary for the Week of May 25, 2026
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1Panel-dev–MaxKB MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.0, MaxKB’s webhook trigger endpoint (/api/trigger/v1/webhook/{trigger_id}) is accessible without authentication. The WebhookAuth class unconditionally returns (None, {}), which…
Meta tries to get ahead of scammers before the World Cup begins
Football fans are counting down the days until the FIFA World Cup begins, and scammers are doing the same. Last week, the FBI warned that cybercriminals are spoofing FIFA websites to steal personal information, sell fake tickets, and promote fraudulent…
Multiple Red Hat Cloud Services npm Packages Compromised to Deploy Credential-Stealing Malware
A significant supply chain attack on June 1, 2026, targeting over 30 official packages under the @redhat-cloud-services npm scope. The campaign, dubbed “Miasma: The Spreading Blight,” is a new variant of the Mini Shai-Hulud malware family a sophisticated credential-stealing worm…
SmartApeSG Campaign Uses ClickFix Scripts to Infect Windows Hosts With RAT Malware
A well-known social engineering campaign called SmartApeSG is back in the spotlight, this time using ClickFix scripts to quietly plant remote access malware on Windows computers. The campaign lures victims through fake verification pages that trick them into running a…
Attackers Abuse Docker and Kubernetes Misconfigurations to Compromise Host Systems
Attackers are actively exploiting misconfigurations in Docker and Kubernetes environments to break out of containers and take full control of the underlying host systems. What was once a niche concern has grown into a serious and escalating threat, with attackers…
Microsoft Office for the Web and Teams Hit by File Access Outage
Microsoft experienced a service disruption affecting users’ ability to open files through Office for the Web and Microsoft Teams, with the company confirming resolution after investigating elevated error rates across its online productivity platform. The incident, tracked internally under MO1329446…
Spring 2026 SOC 1, 2, and 3 reports are now available with 188 services in scope
Amazon Web Services (AWS) is pleased to announce that the Spring 2026 System and Organization Controls (SOC) 1, 2, and 3 reports are now available. The reports cover 188 services over the 12-month period from April 1, 2025–March 31, 2026,…
IT Security News Hourly Summary 2026-06-01 18h : 13 posts
13 posts were published in the last hour 16:3 : Unauthenticated Privilege Escalation Vulnerability Patched in Kirki WordPress Plugin 16:3 : TeamPCP’s Supply Chain Campaign Raises Fresh Concerns Over Open-Source Software Security 16:3 : Bengaluru Developer’s Viral AI Tool Shows…
Unauthenticated Privilege Escalation Vulnerability Patched in Kirki WordPress Plugin
On May 4th, 2026, we received a submission for an Unauthenticated Privilege Escalation vulnerability in the Kirki WordPress plugin. Although the plugin has more than 500,000 active installations, we estimate that only around 150,000 sites are using a vulnerable version,…
TeamPCP’s Supply Chain Campaign Raises Fresh Concerns Over Open-Source Software Security
A cybercrime group known as TeamPCP has been linked to an expanding series of software supply chain attacks that researchers say have affected hundreds of organizations, with GitHub becoming the latest high-profile name connected to the campaign. GitHub recently…
Bengaluru Developer’s Viral AI Tool Shows the Power of One Click Decisions
As artificial intelligence continues to transform software development workflows and corporate staffing strategies, discussions regarding automation-driven job displacement have gained increasing prominence across the technology sector. Against this backdrop, a Bengaluru software engineer has captured widespread attention online with…
Media Regulators Call Out Youtube, TikTok for Ignoring Child Safety
According to a report by Ofcom, YouTube and TikTok have failed to implement steps to safeguard British children from harmful online content. Data suggests widespread exposure to underage kids on these platforms. TikTok, YouTube ignoring child safety Ofcom media regulators…
MAPO Token Crashes 96% After Cross-Chain Bridge Exploit Triggers Massive Unauthorized Mint
A major shock hit cryptocurrency markets when the MAPO token crashed nearly 96% after a vulnerability in the Butter Network cross-chain bridge was exploited. The attacker created an enormous number of unauthorized tokens, flooding the market with supply far…
CLARITY Act Explained: How the 2025 U.S. Crypto Bill Ends a Decade of Regulatory Chaos
For over a decade, the U.S. cryptocurrency industry has faced crippling regulatory uncertainty, with the SEC and CFTC locked in a bureaucratic tug-of-war over jurisdiction. The CLARITY Act (Digital Asset Market Clarity Act of 2025) is Washington’s most serious…