Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Review: Foundations of Cybersecurity, 2nd edition Jason Andress has refreshed his introductory security text for No Starch Press. He writes in the introduction that the…
Category: EN
Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt
Grafana has disclosed that an “unauthorized party” obtained a token that granted them the ability to access the company’s GitHub environment and download its codebase. “Our investigation has determined that no customer data or personal information was accessed during this…
Meta Launches Incognito Chat With Meta AI for Private Conversations on WhatsApp and Meta AI App
Meta has introduced Incognito Chat with Meta AI, a new mode for WhatsApp and the Meta AI app that offers private conversations, which the company claims cannot Thank you for being a Ghacks reader. The post Meta Launches Incognito Chat…
First Public macOS Kernel Exploit on Apple M5 Prepared Using Mythos Preview in Five Days
Apple’s M5 silicon has reportedly been exploited for the first time in a public macOS kernel memory corruption attack, successfully bypassing the company’s notable hardware-level memory protection. Researchers from Calif, Bruce Dang, Dion Blazakis, and Josh Maine, developed a working…
Pwn2Own Berlin 2026, Day Three: DEVCORE Crowned Master of Pwn, $1.298 Million Total
Pwn2Own Berlin 2026 ended with 47 zero-days and $1.29M in payouts, as DEVCORE dominated the competition across all categories. Pwn2Own Berlin 2026 ended after three intense days, with participants discovering 47 unique zero-days, and earning $1,298,250 in total payouts. Pwn2Own…
U.S. CISA adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Exchange Server, tracked as CVE-2026-42897 (CVSS score of…
Russian APT Turla builds long-term access tool with Kazuar Botnet evolution
Russia-linked APT group Turla turned its Kazuar malware into a stealthy P2P botnet for long-term access to compromised systems. Russia-linked APT group Turla upgraded its Kazuar backdoor into a modular peer-to-peer botnet designed for stealth and persistent access to infected…
Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming
A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild to inject malicious JavaScript code into WooCommerce checkout pages with the goal of stealing payment data. Details of the activity were…
Trusted Tools Becoming the New Cybersecurity Threat, Says Bitdefender Report
Cybersecurity threats are evolving rapidly, and according to recent findings, attackers are increasingly relying on tools that organizations already trust. In its latest analysis, Bitdefender highlighted that modern cyberattacks often resemble routine administrative activity rather than traditional malware-based intrusions.…
ShinyHunters Vimeo Data Breach Exposes Information of Over 119,000 Users
Early this year, Vimeo faced a security incident leading to the theft of personal details tied to over 119,000 people by the ShinyHunters hacking collective. Information on the leak became known via Have I Been Pwned, a service tracking…
Linux Copy Fail Vulnerability Puts Major Systems at Risk
A critical Linux kernel vulnerability known as Copy Fail is drawing urgent attention because it can let a local, unprivileged attacker gain root access on affected systems. Security researchers say the issue affects many mainstream Linux distributions and can…
Hacker Claims of Stealing Data from 8,809 Education Institutes, Instructure Hacked
A hacker has claimed to compromise edtech giant Instructure, saying it stole over 280 million records of students and staff from around 8,809 school, colleges, and online education platforms. About Instructure It is a cloud based edtech company famous for…
Critical OpenClaw Flaws Allow Persistent Access and Credential Abuse
OpenClaw, a self-hosted AI agent runtime which has gained rapid adoption by enterprises, introduces a new type of security exposure for enterprises as dynamically executed content, external skill integrations, and cloud-based authentication mechanisms are convergent without adequate defensive control…
Vibe Coding Cheat Sheet: Tools, Prompts, Security Tips, and More
This vibe coding cheat sheet explains how plain-language prompts can build apps fast, plus the planning, testing, and security checks needed. The post Vibe Coding Cheat Sheet: Tools, Prompts, Security Tips, and More appeared first on TechRepublic. This article has…
Timeline of Iran’s Nuclear Program and the Stuxnet and Fast16 Attacks
This timeline is intended to serve as a sidebar to the in-depth story I published today about how the Fast16 malware subverted nuclear weapons tests. As noted in the story, which you can read here, all things point to Iran…
Experts Confirm the Fast16 Malware Was Sabotaging Nuclear Weapons Tests, Likely in Iran
Fast16 didn’t predate Stuxnet but was contemporaneous with it. It also wasn’t aimed at altering nuclear weapons but was simply feeding false data to engineers about the nuclear detonation tests they were conducting, in order to trick them into believing…
The Security Mistakes Being Repeated With Ai
There’s a pernicious cycle in cybersecurity that has repeated for decades. Products are released before they are properly secured — security-by-design principles are skipped — leaving security teams to manage… The post The Security Mistakes Being Repeated With Ai appeared…
JDownloader Website Hack Exposes Windows and Linux Users to Malicious Installers
A popular open-source download manager trusted by millions suddenly became a malware delivery platform after attackers compromised its official website, replacing legitimate installers with trojanized versions targeting both Windows and Linux users. The incident, confirmed by JDownloader developers, occurred between May…
Cybercriminal Twins Caught After They Forgot to Turn Off Microsoft Teams Recording
Plus: Instructure’s Canvas ransomware debacle comes to a close, an alleged dark net market kingpin gets arrested, OpenAI workers fall victim to a supply chain attack, and more. This article has been indexed from Security Latest Read the original article:…
JDownloader Website Compromised to Distribute Malicious Windows and Linux Installers
A widely used download manager trusted by millions has briefly turned into a malware delivery platform after attackers compromised the official JDownloader website, replacing legitimate installers with malicious versions targeting both Windows and Linux users. The incident, confirmed by developers…