Recently disclosed vulnerabilities in PHP, particularly within its widely used SOAP extension, have raised significant alarms across the cybersecurity community. Among the newly identified flaws is a high-severity vulnerability that could permit attackers to achieve Remote Code Execution (RCE) on…
Category: EN
Python Infostealer Hides in GitHub Releases to Bypass Detection
A stealthy Python-based infostealer campaign that abuses GitHub Releases to host payloads and maintain long-term, low‑visibility access to victim systems. The operation, dubbed “Operation HumanitarianBait” in some reporting, appears designed for cyberespionage against Russian‑speaking targets using humanitarian‑themed lures and a…
cPanel and WHM Servers Targeted in Attacks Exploiting CVE-2026-41940
A critical authentication bypass vulnerability affecting cPanel and WHM servers, identified as CVE-2026-41940, is currently under active exploitation by a highly sophisticated and elusive cybercriminal syndicate known as Mr_Rot13. The vulnerability carries a maximum severity CVSS score of 9.8, allowing…
Crimenetwork returns after takedown, dismantled again by German authorities
German police shut down a revived Crimenetwork marketplace with 22,000 users and 100+ sellers months after the original takedown. German police dismantled a resurrected version of the German-language cybercrime marketplace Crimenetwork, just months after the original platform was taken down.…
Zara Owner Inditex Confirms Customer Data Breach Affecting Nearly 200,000 People
Fashion retailer Inditex, the parent company of Zara, has confirmed unauthorized access to customer transaction databases hosted by a third-party provider. Data breach notification service Have I Been Pwned said approximately 197,400 unique email addresses were included in the leaked dataset. The…
Hackers Use Weaponized JPEG File to Deploy Trojanized ScreenConnect Malware
A sophisticated new cyberattack campaign is targeting Windows systems using a fake image file to sneak dangerous malware past security defenses. The operation, named Operation SilentCanvas, tricks victims into running a malicious PowerShell script disguised as a harmless JPEG photo,…
GhostLock Attack Leverages Windows file-sharing to Lock Files Access Like Ransomware
Traditional ransomware disrupts organizations by encrypting data and demanding payment for decryption keys. However, a newly disclosed technique called GhostLock demonstrates a fundamentally different availability attack that achieves the same business disruption without writing a single encrypted byte to disk.…
Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotaged
Cybercrooks ruin engineers’ weekends with Saturday attack This article has been indexed from www.theregister.com – Articles Read the original article: Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotaged
Police take down relaunched criminal marketplace with 22,000 users, €3.6 million in revenue
German authorities shut down a relaunched version of the criminal marketplace Crimenetwork and arrested its suspected operator. The domain seizure notice (Source: BKA) A special unit of the Spanish National Police arrested the suspected 35-year-old German operator at his residence…
Malicious Hugging Face Repo Spreads Windows Infostealer
A sophisticated malware campaign exploited the Hugging Face machine learning platform to distribute an information-stealing trojan to Windows users through a fake repository that briefly became the platform’s top trending project. This article has been indexed from CyberMaterial Read the…
macOS Malware Campaign via Google Ads
A sophisticated malvertising campaign is targeting macOS users through manipulated Google Ads and fraudulent artificial intelligence applications. This article has been indexed from CyberMaterial Read the original article: macOS Malware Campaign via Google Ads
New cybersecurity industry alliance aims to lead US critical infrastructure protection
The new Alliance for Critical Infrastructure’s biggest goal: changing how the U.S. plans for a major cybersecurity crisis. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: New cybersecurity industry alliance aims to lead…
Lyrie.ai Joins First Batch of Anthropic’s Cyber Verification Program
Dubai, UAE, 11th May 2026, CyberNewswire This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: Lyrie.ai Joins First Batch of Anthropic’s Cyber Verification Program
Skoda Data Breach Hits Online Shop Customers
Using a vulnerability in the portal, hackers accessed names, addresses, email addresses, and phone numbers. The post Skoda Data Breach Hits Online Shop Customers appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Skoda…
Your Purple Team Isn’t Purple — It’s Just Red and Blue in the Same Room
Defending a network at 2 am looks a lot like this: an analyst copy-pasting a hash from a PDF into a SIEM query. A red team script is being rewritten by hand so the blue team can use it. A…
LLMs and Text-in-Text Steganography
Turns out that LLMs are really good at hiding text messages in other text messages. This article has been indexed from Schneier on Security Read the original article: LLMs and Text-in-Text Steganography
Online Safety Act failing to deliver “step change” for children, report warns
A new report published by Internet Matters, reveals that the Online Safety Act (OSA) in the UK, although bringing visibility of online safety tools, does not seem to be living up to expectations of providing the much-needed “meaningful protection from harm.” …
macOS Malware Leverages Google Ads and Legitimate Claude.ai Shared Chats to Deliver Malware
Threat actors are executing a sophisticated malvertising campaign targeting macOS users via poisoned Google Ads and deceptive artificial intelligence applications. Researchers recently uncovered an operation that redirects victims to fraudulent landing pages via sponsored search results. By combining trusted hosting…
Cloudflare Lays Off 1,100 Employees in AI-Driven Restructuring
The company topped revenue and earnings forecasts for the first quarter of 2026, but its shares plunged more than 20%. The post Cloudflare Lays Off 1,100 Employees in AI-Driven Restructuring appeared first on SecurityWeek. This article has been indexed from…
Hackers Exploit Vercel GenAI to Mass-Produce Convincing Phishing Sites
Hackers are abusing Vercel GenAI to create convincing phishing sites that mimic major brands, including Microsoft, Adidas, and Nike, making scams harder to detect. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read…