A critical vulnerability has been identified in Argo CD that could allow attackers with minimal privileges to extract highly sensitive Kubernetes Secrets directly from etcd clusters. Tracked as CVE-2026-42880 and rated 9.6, this severe security flaw exposes a missing authorisation…
Government, Scientific Entities Hit via Daemon Tools Supply Chain Attack
While trojanized Daemon Tools versions were installed worldwide, a sophisticated backdoor was dropped only on a dozen systems. The post Government, Scientific Entities Hit via Daemon Tools Supply Chain Attack appeared first on SecurityWeek. This article has been indexed from…
One in Eight Workers Has Sold Their Corporate Logins
Cifas says that 13% of employees admit selling company credentials to a former colleague This article has been indexed from www.infosecurity-magazine.com Read the original article: One in Eight Workers Has Sold Their Corporate Logins
DTX Manchester 2026: From AI-Driven Execution to Shared Cyber Responsibility
DTX Manchester 2026 highlights AI-driven execution, automation, and the shift to shared cybersecurity responsibility across modern enterprises. This article has been indexed from Silicon UK Read the original article: DTX Manchester 2026: From AI-Driven Execution to Shared Cyber Responsibility
Georgia Supreme Court Vacates Ruling Over AI Errors
Top court of US state sanctions prosecutor after ‘numerous’ fictitious citations were cited in order from lower court This article has been indexed from Silicon UK Read the original article: Georgia Supreme Court Vacates Ruling Over AI Errors
QLNX Targets Developers in Supply Chain Credential Theft Campaign
QLNX is a newly documented Linux remote access trojan (RAT) that targets the theft on developers’ and DevOps credentials to hijack software supply chains. Recent attacks against popular projects like LiteLLM on PyPI and the Axios npm package have shown…
Malicious PyTorch Lightning update hits AI supply chain security
A malicious PyTorch Lightning update (v2.6.3) on PyPI spread briefly, stealing credentials and raising major concerns about AI supply chain security. A malicious update of the PyTorch Lightning library exposed developers to credential theft and remote compromise. Attackers uploaded version…
Major Publishers Sue Meta Over AI Training
Five major publishers, author Scott Turow sue Meta, Mark Zuckerberg over use of copyrighted works, in latest challenge over AI training This article has been indexed from Silicon UK Read the original article: Major Publishers Sue Meta Over AI Training
Massive “Low and Slow” DDoS Attack Hits Platform With 2.45 Billion in 5 Hours
DataDome researchers uncovered a massive low and slow DDoS attack that delivered 2.45 billion requests using 1.2 million IP addresses. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: Massive…
Ransomware Gang Member Linked to Russian Cybercrime Group Sentenced to Prison
A Latvian national operating from Moscow has been sentenced to 102 months in federal prison for his role as a key negotiator within a prolific Russian ransomware network. Deniss Zolotarjovs, 35, participated in a cybercrime syndicate that orchestrated data theft…
Silicon STATES: Head-to-Head Interview: Peri Kadaster, Chief Communications Officer, Nearform
As AI accelerates across industries, US regulators face a critical balancing act—can innovation outpace oversight without undermining trust, governance, and global competitiveness? This article has been indexed from Silicon UK Read the original article: Silicon STATES: Head-to-Head Interview: Peri Kadaster,…
US Government To Review Major AI Models
Department of Commerce to evaluate models from Google, Microsoft, xAI to assess capabilities, potential security risks This article has been indexed from Silicon UK Read the original article: US Government To Review Major AI Models
Apple To Let iPhone Users Choose AI Models Across Multiple Tasks
Upcoming iOS 27 release reportedly to bring in ability to choose from multiple AI models for tasks such as writing, image generation This article has been indexed from Silicon UK Read the original article: Apple To Let iPhone Users Choose…
Iran-Linked Hackers Target Oman Ministries in Webshell and Data Theft Campaign
Iran-linked operators have mounted a broad espionage operation against multiple Omani ministries, abusing exposed webshells, SQL escalation scripts, and a poorly secured C2 server to steal judicial and identity data at scale. Attacker’s own open directory strongly suggests a Ministry…
Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution
Palo Alto Networks has released an advisory warning that a critical buffer overflow vulnerability in its PAN-OS software has been exploited in the wild. The vulnerability, tracked as CVE-2026-0300, has been described as a case of unauthenticated remote code execution.…
Google Chrome Is Silently Downloading a 4GB Gemini Nano AI Model to User Devices Without Consent
Google Chrome has been quietly downloading around 4GB of Gemini Nano AI model weights to user devices without their consent, and it automatically re-downloads t Thank you for being a Ghacks reader. The post Google Chrome Is Silently Downloading a…
Video game supply chain attack, Bleeding Llama, US gets early LLM access
Video game platform hit by supply chain attack Bleeding Llama could expose your data US gets more early LLM access Get the show notes here: https://cisoseries.com/cybersecurity-news-video-game-supply-chain-attack-bleeding-llama-us-gets-early-llm-access/ Thanks to our episode sponsor, Vanta Risk and regulation ramping up—and customers expect proof…
Malicious OpenClaw Skill Targets Agentic AI Workflows to Deploy RATs and Stealers
OpenClaw’s agent “skill” ecosystem to deliver both Remcos RAT and a cross‑platform stealer called GhostLoader by hiding malware inside a deceptive DeepSeek integration called “DeepSeek‑Claw.” The campaign shows how agentic AI workflows with high local privileges can be quietly hijacked…
Zero-Auth Vulnerability Enables Cross-Tenant Access at DoD Contractor
A severe authorization vulnerability was recently discovered in Schemata, an AI-powered virtual training platform serving the United States Department of Defense. Security researcher Alex Schapiro, utilizing the open-source AI hacking agent Strix, identified a critical lack of API authorization. Backed…
Oracle Debuts Monthly Critical Security Patch Updates
Containing fixes for critical-severity vulnerabilities, the monthly rollouts will focus on addressing priority issues faster. The post Oracle Debuts Monthly Critical Security Patch Updates appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Oracle…
Meta Deploys AI to Scan Photos and Detect Underage Users on Facebook and Instagram
Meta has introduced an expanded AI system that scans photos and videos on Facebook and Instagram to estimate users’ ages by analyzing physical features such as Thank you for being a Ghacks reader. The post Meta Deploys AI to Scan…
IT Security News Hourly Summary 2026-05-06 09h : 1 posts
1 posts were published in the last hour 6:35 : Ransomware and Data Extortion Groups Intensify Targeting of Aviation and Aerospace Sector
Ransomware and Data Extortion Groups Intensify Targeting of Aviation and Aerospace Sector
The aviation and aerospace sector has become one of the most actively targeted industries by ransomware operators and data extortion groups in 2025 and 2026. From passenger-processing platforms to satellite-dependent navigation systems, attackers are finding that disrupting even a single…
Remus Infostealer Adopts Lumma-Style Browser Key Theft to Bypass App-Bound Encryption
Remus is a newly observed 64-bit infostealer that closely tracks the Lumma Stealer codebase while adding EtherHiding-based C2 resolution and a refined Application‑Bound Encryption (ABE) bypass for Chromium browsers. The first Remus activity dates back to early 2026, shortly after…