IT Security News Daily Summary 2026-05-28

167 posts were published in the last hour

• 20:36 : Krispy Kreme Settlement Deadline Nears: Eligible Members Could Claim Up to $3,500
• 20:36 : Carnival Data Breach Exposes Personal Data of Nearly 6 Million Customers
• 20:36 : Disgruntled 0-day hunter ‘humiliated’ by Microsoft pledges ‘bone shattering drop’ as Redmond calls cops
• 20:5 : Analysis of a Year of Files Uploaded to DShield Sensors, (Wed, May 27th)
• 20:4 : How to secure data at rest, in use and in motion
• 20:4 : AI Is Reshaping the Future of Cyber Resilience
• 20:4 : AI Software Supply Chain Threats Escalate in 2026
• 20:4 : Snowflake buys Natoma to help freeze out rogue agents
• 19:37 : 15,000 WordPress Sites Affected by Administrator Account Creation Vulnerability in WP Maps Pro WordPress Plugin
• 19:36 : Apple May Bring Android-Style Theft Detection to iPhones
• 19:36 : FBI Warns Companies About Ransom Gang’s Fake IT Support Tactics
• 19:36 : Hackers are trying to steal Signal users’ backups in new wave of phishing attacks
• 19:5 : IT Security News Hourly Summary 2026-05-28 21h : 6 posts
• 19:4 : Russia-Linked ‘GreyVibe’ Attackers Use AI to Supercharge Cyberattacks
• 19:4 : Simplifying policy management with URL and Domain Category filtering on AWS Network Firewall
• 18:36 : A security lapse at prison pay phone service Pay Tel publicly exposed over 300K callers’ driver’s licenses
• 18:5 : Less panic patching, more precision
• 18:5 : Why Your DLP Policies Fall Short the Moment AI Agents Enter the Picture
• 18:5 : Ransomware Negotiations Mirror Aggressive Sales Tactics
• 18:5 : Browser Threats Expand Across Enterprise Networks
• 18:4 : Multi-Turn Attacks Expose Ongoing Weaknesses Across Frontier AI Models
• 18:4 : A security lapse at prison payphone service Pay Tel publicly exposed over 300K callers’ driver’s licenses
• 18:4 : Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code
• 17:38 : Wordfence Intelligence Weekly WordPress Vulnerability Report (May 18, 2026 to May 24, 2026)
• 17:38 : The Pentagon Knew Enemies Could Track Troops’ Phones for Years. Now They Are
• 17:38 : Geordie Raises $30 Million for AI Security and Governance Platform
• 17:38 : Africa’s Digital Boom Makes It a Prime Target for Hackers
• 17:38 : Yarbo Robotic Lawnmower Flaw Exposed Thousands of Devices With Shared Passwords
• 17:5 : The CISO Whisperer’s Watch List For The Gartner Security & Risk Management Summit 2026
• 17:5 : CP Plus 8 Ch. Network Video Recorder
• 17:5 : Fourth Frontier Frontier X Mobile Application, Frontier X2
• 17:5 : ABB Busch-Welcome 2 Wire Door Opener Actuator
• 17:5 : Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter
• 17:4 : ABB EIBPORT
• 17:4 : The Gentlemen ransomware: Dissecting a self-propagating Go encryptor
• 17:4 : Ask Me Anything Cyber: Who is behind Cloud Village?
• 16:38 : Detecting Advanced Persistent Threats Using Behavioral Analytics and Log Correlation
• 16:38 : U.S. says troops were targeted with location data, as senator warns ad industry is a ‘national security threat’
• 16:38 : Resecurity Supports Microsoft DCU in Disrupting Fox Tempest ’s Cybercriminal Code-Signing Ecosystem
• 16:38 : CVE-2026-35616: FortiClient EMS Flaw Actively Exploited in Malware Attacks
• 16:38 : Microsoft tests the 15-character limit of Windows Server admins’ patience
• 16:38 : Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer
• 16:5 : IT Security News Hourly Summary 2026-05-28 18h : 11 posts
• 16:3 : Google’s $135M Android Privacy Settlement: Who May Be Eligible
• 16:3 : Malicious Websites Track Visitors by Analyzing their SSD Timing Activity
• 16:3 : New Linux CIFSwitch Kernel Vulnerability Allows Attackers to Gain Root Access
• 16:3 : ClearFake Uses BSC Testnet Smart Contracts for Takedown-Resistant Command and Control
• 16:3 : Hackers Deploy VIP Keylogger Through Phishing Emails Masquerading as Business Documents
• 16:2 : Critical OpenVPN Connect for macOS Vulnerability Let Attackers Execute Arbitrary Commands
• 15:41 : Attackers Move Past Typosquatting to Realistic Package Impersonation
• 15:41 : IBM’s new $5B initiative will help enterprises rapidly patch open-source vulnerabilities
• 15:41 : How CISOs can manage sovereign-cloud security risks
• 15:5 : Silent Ransom Group Targets Law Firms With IT Impersonation Attacks
• 15:5 : 6 Best IT Asset Management (ITAM) Software in 2026
• 15:5 : What Is Cloud Security Management? Types & Strategies in 2026
• 15:4 : 6 Best Cloud Log Management Services Reviewed in 2026
• 15:4 : Carnival Data Breach Exposed 6 Million People
• 15:4 : IBM and Red Hat are betting $5 billion that open source needs a security guard
• 14:36 : Microsoft’s Copilot trust test: Zero findings, more models, wider oversight
• 14:36 : Cybercriminals sail away with data from 6 million Carnival customers
• 14:36 : Cyber Briefing: 2026.05.28
• 14:36 : Enterprise data is creeping its way into shadow AI tools
• 14:5 : Hackers Pivot from marimo RCE to Internal Database Using LLM Agent
• 14:5 : Check Point Launches AI Agents That Think Like Attackers as Autonomous Exploitation Reaches Critical Threat Level
• 14:4 : Microsoft’s Copilot trust test: zero findings, more models, wider oversight
• 14:4 : ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More
• 14:4 : Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal
• 13:36 : Consistent Protections Without Compromise: Akamai’s WAF Is Now on AWS Marketplace
• 13:36 : Anthropic Roll Out Free Claude Code Security-Guidance Plugin
• 13:36 : The Autonomous Security Platform Built for Attacker Speed
• 13:36 : U.S. CISA adds Daemon Tools, TanStack, and Nx Console flaws to its Known Exploited Vulnerabilities catalog
• 13:36 : New BTMOB Android Malware Enables Full Device Takeover
• 13:36 : Zapier exploit chain shows how known anti-patterns compose into critical risk
• 13:5 : IT Security News Hourly Summary 2026-05-28 15h : 22 posts
• 13:2 : IBM and Red Hat Commit $5 Billion to Secure Open Source Supply Chains Under “Project Lightwell”
• 13:2 : Critical FortiClient EMS Vulnerability Exploited in Fresh Attacks
• 13:2 : CISOs Need Real Incident Experience, Survey Shows
• 12:35 : Malicious Websites Exploit SSD Timing Signals to Monitor Visitor Activity
• 12:35 : Proton Mail Lets Users Send and Receive Gmail Directly Without Giving Google Access to Proton Inbox
• 12:35 : Critical Roundcube Webmail Vulnerability Let Attackers Inject SQL Queries
• 12:35 : New PureLogs Variant Uses MsBuild.exe Process Hollowing to Evade Detection
• 12:35 : Gitea Container Vulnerability Exposes Private Container Images to Attackers
• 12:35 : Hackers Use GHOSTYNETWORKS and OMEGATECH to Host JS Malware Infrastructure
• 12:35 : Carnival Cruise Data Breach Exposes Millions of Customers’ Personal Information
• 12:35 : Carnival confirms data breach impacting nearly 6 million
• 12:35 : Carnival confirms ShinyHunters cruised off with 6M customer records after April breach
• 12:35 : Qevlar’s new AI agents correlate CVEs, incident data, and active exploitation signals
• 12:34 : Digimarc adds provenance, audit, and verification controls for AI agent workflows
• 12:34 : Qumulo NeuralProtect uses AI to detect and stop ransomware before encryption
• 12:34 : OpenAI prepares ChatGPT for the election misinformation wave
• 12:34 : New AI Usage Report: Enterprise AI Risk Is Heavily Concentrated Among a Small Group of AI “Power users”
• 12:34 : VaultJacking: Google Password Manager PIN Compromise
• 12:34 : Fake ChatGPT site delivers malware to Windows/Mac
• 12:34 : Motorola Smart Feed App Hijacks Amazon Shopping
• 12:34 : Silent Ransom Group Targets Law Firms
• 12:34 : Dutch Police Arrest Ajax Hacking Suspect
• 12:4 : New Edamame Platform Aims to Catch AI Coding Agents Going Off the Rails
• 12:4 : Microsoft Condemns “Uncoordinated” Zero Day Disclosures
• 11:38 : A Fake UK Visa Site Left 100,000 Passports Wide Open
• 11:38 : Your Windows PC has a security deadline in June 2026
• 11:38 : Raising the Cybersecurity Stakes: Ante up for the Agentic Era
• 11:38 : Gitea Vulnerability Exposed 30,000 Deployments to Attacks
• 11:38 : New Threat Actor Jinx-0164 Targets Crypto Developers on macOS
• 11:4 : VaultJacking Attack Exposes Google Password Vaults via Single PIN
• 11:4 : Fake ChatGPT download site infects Windows and Mac users with malware
• 10:37 : 2026 World Cup: Discussing The World’s Biggest Game’s Attack Surface
• 10:37 : AI-Generated npm Malware Leaks Hacker’s Private GitHub Token
• 10:37 : Gitea Container Registry Vulnerability Could Lead to Private Image Exposure
• 10:36 : Top 10 Best Mobile Application Security Testing (MAST) Tools in 2026
• 10:36 : Scammers Are Using Your Real Hotel Reservations to Trick You With Spear-Phishing Attacks
• 10:36 : U.S. CISA adds LiteSpeed cPanel Plugin flaw to its Known Exploited Vulnerabilities catalog
• 10:36 : Microsoft’s new cloud PCs place AI agents under enterprise controls
• 10:36 : GCHQ Chief Urges Action as AI Reshapes Cyber Threats
• 10:36 : Infosecurity Europe: Cybersecurity Staff Prefer CISOs With Real Attack Response Experience, Study Reveals
• 10:5 : DICOM, Pydicom, GDCM, and Orthanc: A technical tour of what really happens in the heap
• 10:5 : Critical Notepad++ Flaw Could Enable Remote Code Execution Attacks
• 10:5 : Critical Notepad++ Vulnerabilities Allow Attackers to Execute Arbitrary Code
• 10:5 : IT Security News Hourly Summary 2026-05-28 12h : 6 posts
• 10:5 : Microsoft Warns Public Release of Zero-Day Details Before Vendor Coordination
• 10:4 : Veeam Backup & Replication Tool Vulnerability Enables Privilege Escalation Attacks
• 10:4 : Google Unveils AI Threat Defense Platform to Fight AI-Powered Cyberattacks
• 10:4 : A single typo could derail your World Cup plans
• 9:32 : ClearFake Abuses BSC Testnet Contracts for Resilient C2 Operations
• 9:31 : Oil shipments, drone makers, and a poisoned code library targeted in recent APT campaigns
• 9:4 : JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware
• 8:34 : Roundcube Webmail Vulnerability Allows Hackers to Execute Malicious SQL Queries
• 8:34 : 19.6 Billion Files Are Sitting Open on the Internet. No Password Required
• 8:5 : Hackers Spread VIP Keylogger via Fake Business Emails
• 8:5 : Kemper – 269,299 breached accounts
• 8:5 : FortiClient EMS Code Execution Vulnerability Exploited to Deploy EKZ Malware
• 8:5 : SBI Warns of Scammers are Sending Fake Messages Claiming Your YONO App Will be Deactivated
• 8:5 : Silent Ransom Group Targets Law Firms With IT Support Impersonation Attacks
• 8:5 : Ketch brings multi-agent AI orchestration to enterprise privacy programs
• 7:34 : Microsoft Warns Against Public Release of Zero-Day Details Before Vendor Coordination
• 7:34 : Motorola App Allegedly Hijacks Amazon App Activity to Insert Affiliate Referral Codes
• 7:34 : Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years
• 7:34 : Police arrest suspect in Ajax football club hack that exposed 300,000 fan records
• 7:34 : XM Cyber enhances identity risk visibility with continuous exposure management capabilities
• 7:34 : Checksum introduces Continuous Quality Agent for automated test generation and healing
• 7:34 : Glassworm botnet shattered, China overhauls surveillance, Charter confirms ShinyHunters breach
• 7:5 : IT Security News Hourly Summary 2026-05-28 09h : 8 posts
• 7:4 : Derby Council Says AI Call Centre Feedback ‘Positive’
• 7:4 : Threat Actors Launch FIFA Website Spoofing Campaign to Steal User Details
• 7:4 : Hackers Host JS Malware on GHOSTYNETWORKS and OMEGATECH
• 7:4 : Company CEO flooded file share with smut, called for help after he deleted it
• 6:34 : FortiClient Code Execution Flaw Exploited to Deploy EKZ Malware
• 6:34 : New PureLogs Variant Abuses MSBuild to Evade Detection
• 6:34 : What to consider before asking an AI chatbot for health advice
• 6:34 : The CISO selling confidence in a market full of breach headlines
• 6:2 : Silent Ransom Impersonates IT Support to Target Law Firms
• 6:2 : Frontier AI models collapse under multi-turn AI attacks, Cisco finds
• 6:2 : Nudge Security adds browser-based discovery for shadow AI agents
• 5:34 : West Pharmaceutical Services Reports Data Breach and Encrypted Systems
• 5:34 : Hottest cybersecurity open-source tools of the month: May 2026
• 5:4 : SBI Warns Fake YONO Deactivation Message Scam
• 5:4 : Companies built AI into core systems before figuring out how to govern it
• 4:34 : Canonical releases Workshop for one-command sandboxed dev environments on Ubuntu
• 4:5 : IT Security News Hourly Summary 2026-05-28 06h : 2 posts
• 4:5 : OT attacks shift from recon to physical control, raising stakes
• 4:4 : Anthropic Updates Claude Code With Security Plugin and Faster Performance
• 4:4 : FortiClient Code Execution Vulnerability Exploited to Deploy EKZ Malware
• 2:4 : ISC Stormcast For Thursday, May 28th, 2026 https://isc.sans.edu/podcastdetail/9948, (Thu, May 28th)
• 23:34 : ShinyHunters Alleges 42M Records Stolen from Charter Communications
• 22:34 : Romanian Hacker Gets Nearly 5 Years in US Prison Over Network Intrusion
• 22:6 : Out of the Crypt: The Evolving Cyber Extortion Economy
• 22:5 : IT Security News Hourly Summary 2026-05-28 00h : 4 posts
• 21:55 : IT Security News Daily Summary 2026-05-27