Foxconn has confirmed that several of its North American factories were hit by a cyberattack, after the Nitrogen ransomware group claimed to have stolen 8TB of data comprising more than 11 million files. According to the bad actor, the information supposedly obtained contains private directives, project details,…
Category: EN
Microsoft patches 138 vulnerabilities as AI-driven discovery accelerates
Microsoft is poised to set a new record for yearly patching by having released patches for over 130 vulnerabilities as part of its May Patch Tuesday release, pushing Microsoft’s total number of patched vulnerabilities to over 500 in just five months in 2026. Researchers…
Q&A: Why Vulnerability Scans Are Giving Businesses a False Sense of Security
Phillip Wylie is an internationally recognised cybersecurity expert, ethical hacker and offensive security specialist with more than 28 years’ experience across IT, network security, application security, penetration testing, red teaming and social engineering. As co-author of The Pentester BluePrint, founder of The Pwn…
April 2026 Cyber Attacks Statistics
In April 2026, Cyber Crime continued to lead the Motivations, once again ahead of Cyber Espionage. Cyber Warfare took the third place, ahead of Hacktivism. This article has been indexed from HACKMAGEDDON Read the original article: April 2026 Cyber Attacks…
Dirty Frag gets a sequel as Fragnesia hands Linux attackers root-level access
Fresh kernel flaw comes with public exploit code and continues ugly run of highly reliable privilege escalation bugs tied to memory and page-cache handling This article has been indexed from www.theregister.com – Articles Read the original article: Dirty Frag gets…
Microsoft turns Copilot Studio into an AI agent control center
The Microsoft Copilot Studio April 2026 updates improve visibility and governance for admins and expand workflow capabilities for managing agents. Copilot surfaces agent status in the authoring experience, giving admins insight into each agent’s security and protection posture. Customers can…
Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation
An anonymous cybersecurity researcher who disclosed three Microsoft Defender vulnerabilities has returned with two more zero-days involving a BitLocker bypass and a privilege escalation impacting Windows Collaborative Translation Framework (CTFMON). The security defects have been codenamed YellowKey and GreenPlasma, respectively,…
US Judge Challenges SEC, Musk Over Twitter Settlement
Federal judge says settlement presents string of ‘red flags’, asking them to explain why it appears crafted to avoid personally penalising Musk This article has been indexed from Silicon UK Read the original article: US Judge Challenges SEC, Musk Over…
Lyrie.ai Unveils Open Standard for Agent Security and Joins Anthropic’s Cyber Verification Program
DUBAI, UAE — May 14, 2026 — As autonomous AI agents begin to handle everything from corporate bank transfers to sensitive code deployments, the digital world is facing a new “Wild West” scenario: millions of autonomous entities operating without a…
Amazon Quick Security Flaw Allowed Restricted Users to Access AI Chat Agents
A newly disclosed security flaw in Amazon’s AI-powered business intelligence platform has revealed how restricted users could quietly bypass controls and interact with AI chat agents, despite explicit administrative denial. The issue, discovered by Fog Security researcher Jason Kao, exposes…
Your iPhone Gets Stolen. Then the Hacking Begins
A bustling underground ecosystem is providing criminals with the tools to unlock iPhones—and wage phishing attacks against their contacts to access bank accounts and more. This article has been indexed from Security Latest Read the original article: Your iPhone Gets…
Hackers Targeted PraisonAI Vulnerability Hours After Disclosure
The first exploitation attempts were observed less than four hours after the authentication bypass was publicly disclosed. The post Hackers Targeted PraisonAI Vulnerability Hours After Disclosure appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
AI cyber capability is speeding past earlier projections
AI cyber capability is improving faster than expected, with newer models surpassing earlier projections, according to the UK government’s AI Security Institute (AISI). AISI measures AI cyber capability using “time horizon benchmarks”, which estimate how long AI systems can complete…
BYD Adds Fast Charging To International EV Models
Tech that can charge battery in 5 minutes comes to Europe, as BYD seeks to pose more direct challenge to petrol vehicles This article has been indexed from Silicon UK Read the original article: BYD Adds Fast Charging To International…
Hackers Hijack HWMonitor to Sideload Malicious DLL
Hackers are once again exploiting user trust in legitimate software, this time abusing the popular CPUID HWMonitor utility to deliver a stealthy remote access trojan. The malicious archive mimics a legitimate installer, highlighting how trusted tools remain a powerful lure…
GitLab Security Flaw Allows Cross-Site Scripting and Unauthenticated DoS
GitLab has issued an urgent security update to neutralise a massive wave of vulnerabilities. Threat actors could exploit these newly disclosed flaws to silently hijack developer sessions or completely paralyze continuous integration pipelines with unauthenticated attacks. GitLab Security Flaw On…
FamousSparrow targets Azerbaijani energy sector in multi-wave espionage campaign
Chinese-linked FamousSparrow repeatedly targeted an Azerbaijani oil and gas company, reusing the same entry point in three intrusions from Dec 2025 to Feb 2026. Chinese-linked threat actor FamousSparrow has conducted a sustained intrusion campaign against an Azerbaijani oil and gas…
Critical 18-Year-Old NGINX Vulnerability Enables Remote Code Execution Attacks
A critical heap buffer overflow vulnerability has been discovered in the source code of NGINX, present since 2008. This vulnerability has been publicly disclosed, along with a working proof-of-concept exploit that can enable unauthenticated remote code execution (RCE) against one…
Windows DNS Client Vulnerability Enables Remote Code Execution Attacks
A newly disclosed vulnerability in the Microsoft Windows DNS Client could let attackers silently execute malicious code across enterprise networks, exposing a massive attack surface. Officially designated as CVE-2026-41096, this critical security flaw carries a severe CVSS score of 9.8…
Seedworm APT Abuses Signed Fortemedia and SentinelOne Binaries for DLL Sideloading
Iran-linked hackers have been quietly breaking into networks around the world, and their latest campaign is more calculated than anything we have seen from them before. The group known as Seedworm, also tracked as MuddyWater, spent the first quarter of…