The Iranian state-sponsored threat actor known as Nimbus Manticore (aka Screening Serpens and UNC1549) has been attributed to a fresh campaign using lures impersonating organizations in the aviation and software sectors across the U.S., Europe, and the Middle East following…
ConnectWise Automate Flaw Allows Hackers to Evade Security Controls
ConnectWise has released a security update to address a high-severity vulnerability in its ConnectWise Automate remote monitoring and management (RMM) platform, a widely used tool for managed service providers (MSPs). The flaw, tracked as CVE-2026-9089, carries a CVSS score of…
Hackers Use SEO Poisoning to Fake Gemini CLI and Claude Code Installers
Hackers are increasingly abusing search engine optimization (SEO) techniques to distribute malware by impersonating popular AI developer tools, including Gemini CLI and Claude Code. The activity, first observed in early March 2026, shows attackers creating malicious domains that rank above…
Apache CXF Flaw Exposes Systems to LDAP Injection Attacks
Apache CXF users are facing a significant security risk following the disclosure of a new vulnerability that exposes systems to LDAP injection attacks, potentially allowing unauthorized access to sensitive certificate data. The issue, tracked as CVE-2026-44930, has been classified as…
Lazarus APT unveils fileless remote access Trojan designed to evade detection
North Korea-linked Lazarus APT Group is using a stealthy memory-only RAT that leaves almost no forensic traces behind. North Korea-linked APT group Lazarus has never been shy about its ambitions, the threat actor has been tied to some of the…
PuTTY 0.84 Update Patches SSH Key Exchange Crash Issues and Telnet Prompt Spoofing Flaw
PuTTY 0.84 has been released with three minor security fixes that address issues that could allow remote attackers to crash the client or trick users during insecure sessions. Although the vulnerabilities are classified as low severity, they affect core components…
Phishing Campaigns Exploit RCS and iMessage to Evade SMS Security Filters
Phishing campaigns are entering a new phase as attackers abandon traditional SMS delivery and static credential theft in favor of encrypted messaging channels and real-time account takeover techniques. Unlike conventional SMS phishing, RCS and iMessage operate over data networks with…
Passwordless security and the new identity battleground
For years, passwords were the only thing that mattered for securing our online presence, but the discussion around authentication is evolving rapidly. Passkeys, biometrics, device trust, and adaptive identity management solutions are often cited as the key to the next…
Major US telecom providers debut C2 ISAC to counter AI-driven threats
Eight of the leading communications companies in the United States have created a new cybersecurity alliance that aims to improve threat intelligence sharing within the telecommunications industry, amid growing concerns about AI cyberattacks, state-sponsored espionage, and infrastructure attacks. The new…
Anthropic Plans Public Release of Mythos-Class AI Bug Finder Once Safeguards Are Ready
Anthropic has announced its plan to release Mythos-class AI models to the general public once it develops adequate safeguards. Thank you for being a Ghacks reader. The post Anthropic Plans Public Release of Mythos-Class AI Bug Finder Once Safeguards Are…
Megalodon infects GitHub repositories, Netherlands seizes 800 servers, Ghost CMS exploited for ClickFix attacks
‘Megalodon’ infects GitHub repositories Netherlands seizes 800 servers over cyberattacks Ghost CMS exploited for ClickFix attacks Check out your show notes here: https://cisoseries.com/cybersecurity-news-megalodon-infects-github-netherlands-server-seize-ghost-cms-exploited-for-clickfix/ Huge thanks to our sponsor, Guardsquare Your backend is only as secure as your frontend. Research shows…
IT Security News Hourly Summary 2026-05-26 09h : 4 posts
4 posts were published in the last hour 7:2 : Waymo Suspends Atlanta Service After Car Stalls In Floodwater 7:2 : Multiple 7-Zip Vulnerabilities Enable Arbitrary Code Execution 6:32 : Malicious PDF LNK Files Deploy Cobalt Strike in Operation Dragon…
Waymo Suspends Atlanta Service After Car Stalls In Floodwater
Google sister company pauses service in Atlanta after car fails to avert deeply flooded road, following similar incident in Texas This article has been indexed from Silicon UK Read the original article: Waymo Suspends Atlanta Service After Car Stalls In…
Multiple 7-Zip Vulnerabilities Enable Arbitrary Code Execution
Multiple memory safety bugs in 7‑Zip 26.00 allow remote attackers to leak sensitive data and, in at least one case, execute arbitrary code when a victim opens a crafted archive file. GitHub Security Lab has disclosed a critical heap buffer…
Malicious PDF LNK Files Deploy Cobalt Strike in Operation Dragon Whistle
A newly uncovered cyber campaign dubbed “Operation Dragon Whistle” is targeting China’s education sector with highly tailored spear-phishing attacks that deploy Cobalt Strike beacons via deceptive PDF/LNK files. The attackers crafted emails that impersonate official university communications, urging students and…
Third-Party Cyberattack Impacts Patient Information at The Oncology Institute
The Oncology Institute disclosed a data breach tied to a third-party vendor, potentially exposing patient information after a 2025 cyberattack. The Oncology Institute has confirmed that patient information was impacted in a cybersecurity incident involving a third-party software provider. The…
KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike
A now-patched high-severity security flaw affecting Digital Knowledge KnowledgeDeliver, a Learning Management System (LMS) popular in Japan, was exploited as a zero-day to deliver the Godzilla web shell and ultimately facilitate the deployment of Cobalt Strike Beacon. The vulnerability, tracked…
Jailbroken Gemini AI Abused in Credential Theft and Crypto Wallet Heist
Jailbroken Gemini AI has been weaponised in a long-running campaign that combined political influence, credential theft, and a cryptocurrency wallet heist, all operated by a single threat actor using a fake “patriot” persona. Trend Micro researchers recently documented how a…
Anthropic Prepares Claude Mythos for Wider Release Through Claude Code
Anthropic is preparing to expand access to its most advanced AI model, Claude Mythos, signaling a shift from tightly controlled deployment to a staged commercial rollout under a new version labeled Mythos 1. The move suggests the company is transitioning…
Product showcase: F-Secure Internet Security blocks phishing sites, fake stores, and SMS scams
F-Secure Internet Security protects against viruses, ransomware, spyware, infected email attachments, and other cyber threats. It focuses on securing devices and online activity through malware protection, scam prevention, safe browsing, and banking safeguards. The platform supports Windows, macOS, Android, and…
Ransomware Uses ChaCha20 and Curve25519 to Encrypt Windows Files
Payload ransomware is a new Windows ransomware family that combines ChaCha20 stream encryption with per-file Curve25519 ECDH key exchange, making victim data effectively unrecoverable without the attackers’ private key. It also implements strong anti-forensics, including ETW patching, VSS deletion, event…
Hackers Abuse KnowledgeDeliver LMS Flaw to Install BLUEBEAM Web Shell
Hackers are actively exploiting a critical vulnerability in the KnowledgeDeliver Learning Management System (LMS) to deploy the BLUEBEAM web shell, according to findings from Mandiant’s Google Threat Intelligence Group. The flaw, tracked as CVE-2026-5426, enables unauthenticated remote code execution through…
New 7-Zip Vulnerabilities Let Attackers Execute Arbitrary Code and Compromise Systems
A critical heap buffer overflow vulnerability has been disclosed in 7-Zip version 26.00, enabling attackers to achieve arbitrary code execution via a vtable hijack by exploiting a defect in the tool’s NTFS archive handler. Tracked as CVE-2026-48095 and assigned advisory…
Manage machine identities: The hidden privileged access layer you need to manage
Why are machine identities becoming the majority of “things with access”? Every automation, integration, and workload needs a way to authenticate and the right permissions to act. That quiet requirement has created a massive population of machine identities, also called…