IT Security News Daily Summary 2026-05-05

166 posts were published in the last hour

• 21:34 : Scientists connect “time crystal” to real device in quantum breakthrough
• 21:9 : U.S. court sentences Karakurt ransomware negotiator to 8.5 years
• 20:16 : How Akamai’s Zero Trust Framework Meets Critical U.S. Government Mandates
• 19:34 : Vimeo confirms breach via third-party vendor impacts 119K users
• 19:14 : Google Update: Android Flaw Could Put Billions of Devices at Risk
• 19:13 : Google AppSheet Abuse Helped Phish 30,000 Facebook Accounts
• 19:13 : New WhatsApp Flaws Could Affect Billions of Users After Meta Security Patch
• 19:13 : ABB B&R PVI
• 19:13 : Johnson Controls CEM AC2000
• 19:13 : Hitachi Energy PCM600
• 19:13 : ABB B&R Automation Runtime
• 19:13 : ABB B&R Automation Studio
• 19:13 : Low Noise, High Confidence: Optimizing SOC Costs with Better Threat Intelligence
• 19:13 : Vulnerability Summary for the Week of April 27, 2026
• 19:13 : Introducing AI traffic analysis dashboards for AWS WAF
• 19:5 : IT Security News Hourly Summary 2026-05-05 21h : 2 posts
• 18:7 : Attackers Actively Exploiting Critical Vulnerability in Breeze Cache Plugin
• 18:7 : Spring Boot Done Right: Lessons From a 400-Module Codebase
• 17:9 : New ScarCruft Supply Chain Attack Hits Gaming Platform With Windows and Android Backdoors
• 17:9 : Critical Qualcomm Chipset Vulnerabilities Enables Remote Code Execution
• 17:9 : Critical Weaver E-cology RCE Vulnerability Actively Exploited in Attacks
• 17:9 : Cisco to Acquire Astrix Security to Strengthen AI Agent and Non-Human Identity Security
• 17:8 : GnuTLS 3.8.13 Released with Fix for 12 Vulnerabilities Affecting Network Communications
• 17:8 : Indirect Prompt Injection: The Hidden AI Threat
• 17:8 : DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware
• 17:8 : Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE
• 16:37 : Tanium Atlas aims to accelerate threat response in the AI era
• 16:13 : What If Your Digital Footprint Could Shrink?
• 16:13 : Microsoft Flags Mass Phishing Campaign Using Fake Compliance Emails
• 16:5 : IT Security News Hourly Summary 2026-05-05 18h : 13 posts
• 15:36 : Kaspersky suspects Chinese hackers planted a backdoor into Daemon Tools in ‘widespread’ attack
• 15:36 : Critical Android vulnerability CVE-2026-0073 fixed by Google
• 15:36 : LastPass Mobile Smart Scanner improves password security
• 15:36 : Unpatched flaws turn Ollama’s auto-updater into a persistent RCE vector, researchers say
• 15:36 : China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions
• 15:36 : Five ways to use Kiro and Amazon Q to strengthen your security posture
• 15:36 : Trellix investigating breach of source code repository
• 15:9 : The Other Side of the MCP Threat Conversation
• 15:9 : Attackers are cashing in on fresh ‘CopyFail’ Linux flaw
• 15:9 : Hackers steal students’ data during breach at education tech giant Instructure
• 15:9 : Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations
• 15:9 : North Korean APT Targets Yanbian Gamers via Trojanized Platform
• 15:9 : CISA urges critical infrastructure firms to ‘fortify’ now before it’s too late
• 14:36 : Android Zero-Click RCE Vulnerability Enables Remote Shell Access
• 14:36 : DAEMON Tools Software Hacked to Deliver Malware in a Supply Chain Attack
• 14:36 : Education Sector Under Attack From State Espionage, Spear-Phishing, and Supply Chain Attacks
• 14:36 : Exposed by Design: What 1 Million Open AI Services Reveal About the Future of Cyber Risk
• 14:36 : Google to pay up to $1.5 million for zero-click Pixel Titan M exploits
• 14:36 : Cyber Briefing: 2026.05.05
• 14:7 : Hackers Abuse DAEMON Tools Distribution Channel to Deliver Malicious Payloads
• 14:7 : AI Threat Readiness: Defending Against Attacks Powered by Frontier AI Models
• 14:7 : 4 days left: Get 50% off a second TechCrunch Disrupt 2026 pass to make more deals faster
• 14:7 : Real estate giant confirms vishing incident as ShinyHunters and Qilin both come knocking
• 14:7 : Fake SSA Emails Drive Venomous#Helper Phishing Campaign
• 13:36 : LuxSci Launches Enterprise-Grade HIPAA-Compliant Email Security for Mid-Sized Healthcare Organizations
• 13:36 : ScarCruft Targets Gaming Platform With Windows, Android Backdoors
• 13:36 : Huntress Expands Channel Partnerships to Boost Cybersecurity Reach Across Mid-Market and Public Sector
• 13:36 : Hacker Conversations: Joey Melo on Hacking AI
• 13:6 : Cleartext Passwords in MS Edge? In 2026?, (Mon, May 4th)
• 13:6 : CISA Unveils New Initiative to Fortify America’s Critical Infrastructure
• 13:5 : Anti-ICE Site GTFO ICE Accused of Exposing Data of 17,000+ Activists
• 13:5 : Critical Weaver E-cology RCE Exploit Raises Alarm for Enterprise Systems
• 13:5 : Silver Fox Uses Fake Tax Notices to Drop ValleyRAT and ABCDoor Backdoor
• 13:5 : Attackers Abuse Amazon SES to Send Authenticated Phishing Emails That Bypass Security
• 13:5 : Code of Conduct Phishing Emails Target 35,000 Users in Multi-Stage AiTM Attack
• 13:5 : Critical Bug Could Expose 300,000 Ollama Deployments to Information Theft
• 13:5 : Conti ransomware gang member sentenced to 102 months in prison
• 13:5 : Download: Secure Foundations for AI Workloads on AWS
• 13:5 : MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks
• 13:5 : The Back Door Attackers Know About — and Most Security Teams Still Haven’t Closed
• 13:5 : Ask Me Anything Cyber: Bolster AI – Protecting the Internet at Scale
• 13:5 : IT Security News Hourly Summary 2026-05-05 15h : 14 posts
• 12:34 : Cisco Acquisition of Astrix Security Signals to Strengthen on Non-Human Identity Security
• 12:34 : Proton Mail rolls out post-quantum encryption for all users as industry braces for ‘harvest now, decrypt later’ threat
• 12:34 : ShinyHunters claims dump puts 119K Vimeo emails in the wild
• 12:34 : ScarCruft Compromises Gaming Platform
• 12:34 : New Attribution Framework for APT Campaign Tracking
• 12:34 : Instagram Discontinues End-to-End Encryption
• 12:34 : Karakurt negotiator sentenced to 8.5 years
• 12:34 : Carleton College launches student cybersecurity teams
• 12:12 : Cerberus Stalkerware Hits Google Play, Abuses Accessibility and Firebase for Remote Control
• 12:12 : Update WhatsApp now: Two new flaws could expose you to malicious files
• 12:11 : Romance scammers turn sweet talk into £102M payday
• 12:11 : Critical Remote Code Execution Vulnerability Patched in Android
• 12:11 : Oracle rolls out monthly security patch updates
• 12:11 : VIAVI CyberFlood CF1000 pushes 400G validation for multi-terabit AI data centers
• 11:37 : SSL.com rotates their root certificate today, (Tue, May 5th)
• 11:37 : Instagram’s to End Encrypted Chats for Direct Messages
• 11:36 : WhatsApp Vulnerability Lets Attackers Leverage Instagram Reels to Execute Malicious URLs
• 11:36 : New Attribution Framework Connects APT Campaigns Through Strategic, Operational, and Technical Layers
• 11:36 : Critical, High-Severity Vulnerabilities Patched in Apache MINA, HTTP Server
• 11:36 : Microsoft: Phishing campaign used fake compliance notices to compromise employee accounts
• 11:36 : We Scanned 1 Million Exposed AI Services. Here’s How Bad the Security Actually Is
• 11:36 : AI Adoption Outpaces Safety Policies, Leaving Organizations Exposed to Cyber Risk
• 11:8 : Education Sector Hit by Espionage, Phishing, and Supply Chain Attacks
• 11:8 : WhatsApp Security Flaw Enables Malicious URL Execution Through Instagram Reels
• 11:7 : DarkSword Malware
• 11:7 : Karakurt Ransomware Negotiator Sentenced to Prison
• 10:36 : The AI Regulation Race: Can the US Keep Innovation Ahead of Oversight?
• 10:36 : FEMITBOT Network Abuses Telegram Mini Apps for Crypto Scams and Android Malware
• 10:36 : Microsoft warns of global campaign stealing auth tokens from 35K users
• 10:36 : Anomali ThreatStream Next-Gen speeds threat response across workflows
• 10:8 : CloudZ RAT potentially steals OTP messages using Pheno plugin
• 10:8 : UAT-8302 and its box full of malware
• 10:8 : Intel Appoints Qualcomm Exec To Handle PCs, Robotics
• 10:7 : Code of Conduct Phish Hits 35,000 Users in Multi-Stage AiTM Attack
• 10:7 : NCSC Warns of an AI-Fuelled “Vulnerability Patch Wave”
• 10:5 : IT Security News Hourly Summary 2026-05-05 12h : 16 posts
• 9:35 : New Mexico Seeks Billions In Meta Public Nuisance Claim
• 9:35 : ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows
• 9:35 : Beware of Fake ‘Notepad++ for Mac’ Website, Possibly Could Harm your Machine
• 9:35 : NHS to close-source hundreds of GitHub repos over AI, security concerns
• 9:35 : WhatsApp Discloses File Spoofing, Arbitrary URL Scheme Vulnerabilities
• 9:34 : MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs
• 9:34 : North Korean hackers trojanize gaming platform to spy on ethnic Koreans in China
• 9:7 : SEC Fines Musk $1.5m Over Twitter Stake Disclosure
• 9:7 : Attackers Exploit Amazon SES to Send Authenticated Phishing Emails
• 9:7 : Qualcomm Chipset Vulnerabilities Raise Alarm Over Remote Code Execution Risk
• 9:7 : Microsoft’s bad obsession is showing up in shabby services and slipshod software. Here’s proof
• 9:7 : Cybersecurity jobs available right now: May 5, 2026
• 9:7 : One in four MCP servers opens AI agent security to code execution risk
• 9:7 : Can your coding style predict whether your code is vulnerable?
• 9:7 : Meta adds proof-based security to encrypted backups
• 9:7 : Trellix Reveals Unauthorized Access to Source Code
• 8:32 : Banks Look To Offload AI Data Centre Debt
• 8:32 : Critical Android Zero-Click Vulnerability Enables Remote Shell Access
• 8:32 : New Attribution Framework Links APT Campaigns Across Key Layers
• 8:32 : Educational tech firm Instructure data breach may have impacted 9,000 schools
• 8:7 : China Court Rules AI Job Termination Illegal
• 8:7 : Critical Android Zero-Click Vulnerability Grants Remote Shell Access
• 8:7 : Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries
• 8:7 : Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API
• 7:34 : California Gets Power To Ticket Robotaxis
• 7:34 : How Iranian Cyber Intrusions Unfold Inside Enterprise Networks
• 7:34 : Apple Adds End-to-End Encryption for RCS Messaging Between iPhone and Android in iOS 26.5
• 7:34 : Instructure discloses breach, DigiCert revokes certificates, Silver Fox targets Indian and Russian orgs
• 7:7 : AI Hallucinations Slip Into Two South Africa Policy Documents
• 7:7 : Samsung’s Lee Family Pays £6bn Inheritance Tax Bill
• 7:7 : Copy Fail lands in CISA KEV as actively exploited Linux flaw threatens widespread privilege escalation
• 7:5 : IT Security News Hourly Summary 2026-05-05 09h : 2 posts
• 6:34 : pnpm 11 Turns On Minimum Release Age by Default to Reduce npm Supply Chain Risk
• 6:7 : Fake “Notepad++ for Mac” Site May Pose Malware Risk for Mac Users
• 5:34 : Apache HTTP Server Vulnerability Exposes Millions to Remote Code Execution Threats
• 5:34 : Microsoft Edge Found Storing Saved Passwords in Cleartext Memory at Startup
• 5:7 : DigiCert Hacked in Screensaver-Based Attack to Fraudulently Obtain EV Code Signing Certificates
• 5:7 : pnpm 11 Enables Default Release-Age Guard to Curb npm Supply Chain Attacks
• 5:7 : Critical Apache HTTP Server Flaw Exposes Millions of Servers to RCE Attacks
• 5:6 : Microsoft Edge Stores All Saved Passwords in Cleartext Process Memory at Launch
• 4:9 : Global Surge in Military Grade Spyware Puts Personal Smartphones at Risk
• 4:5 : IT Security News Hourly Summary 2026-05-05 06h : 4 posts
• 3:34 : Scientists just created exotic new forms of matter that shouldn’t exist
• 3:34 : Apache HTTP Server Exposes Millions of Servers to Remote Code Execution Attacks
• 3:34 : AI Models Surpass Doctors in Emergency Diagnosis, Harvard Study Finds
• 3:9 : Vimeo – 119,167 breached accounts
• 2:34 : Best Family Password Manager: Top 10 Picks
• 2:34 : Singapore boffins get diverse SIEMs singing in harmony with agentic rule translation
• 2:7 : ISC Stormcast For Tuesday, May 5th, 2026 https://isc.sans.edu/podcastdetail/9918, (Tue, May 5th)
• 2:7 : OpenAI To Extend Cyber Program to Government Agencies
• 2:7 : Small Defense Firms Lack Network Data to Stop Nation-State Hackers, Analyst Says
• 0:2 : Quasar Linux (QLNX) – A Silent Foothold in the Supply Chain: Inside a Full-Featured Linux RAT With Rootkit, PAM Backdoor, Credential Harvesting Capabilities
• 0:2 : CVE-2026-31431: How Red Hat Advanced Cluster Security and Red Hat Advanced Cluster Management can help
• 23:9 : US government warns of severe CopyFail bug affecting major versions of Linux
• 22:36 : U.S. government warns of severe CopyFail bug affecting major versions of Linux
• 22:36 : MOVEit automation flaws could enable full system compromise
• 22:5 : IT Security News Hourly Summary 2026-05-05 00h : 7 posts
• 21:55 : IT Security News Daily Summary 2026-05-04