A new analysis of the Lua-based fast16 malware has confirmed that it was a cyber sabotage tool designed to tamper with nuclear weapons testing simulations. According to Broadcom-owned Symantec and Carbon Black teams, the pre-Stuxnet tool was engineered to corrupt…
Bank of England, FCA and Treasury Raise Alarm Over Frontier AI
The UK’s financial authorities have set expectations for the sector on cybersecurity and operational resilience This article has been indexed from www.infosecurity-magazine.com Read the original article: Bank of England, FCA and Treasury Raise Alarm Over Frontier AI
OpenAI Considers Legal Action As Apple Relationship Sours
ChatGPT developer reportedly feels Apple failed to hold up its end of bargain as expected exposure, subscriptions fail to materialise This article has been indexed from Silicon UK Read the original article: OpenAI Considers Legal Action As Apple Relationship Sours
OtterCookie Malware Steals Dev Secrets, SSH Keys, Cloud Credentials, and Tokens
A newly analyzed malware strain, OtterCookie, is emerging as a serious threat to developers, quietly harvesting sensitive data from active workstations in real time. Unlike earlier assumptions, OtterCookie is not a variant of BeaverTail but a separate Node. js-based remote…
n8n Security Flaws Could Let Attackers Achieve Remote Code Execution
A set of critical vulnerabilities in the popular workflow automation platform n8n has raised serious security concerns, with researchers warning that attackers could chain multiple flaws to achieve full remote code execution (RCE) on affected systems. The issues, disclosed in…
EVs Dominate China Vehicle Sales Amid Oil Price Shock
Surging petrol prices drive EVs to take nine of 10 best-seller spots in world’s biggest car and EV market, as Tesla sales sag This article has been indexed from Silicon UK Read the original article: EVs Dominate China Vehicle Sales…
Fast16 Malware Sabotages Nuclear Test Simulations by Altering Data
A newly analyzed cyber-espionage framework called Fast16 has revealed one of the most precise and covert sabotage operations ever uncovered targeting nuclear weapons simulations by silently manipulating critical test data. Researchers confirm that the malware didn’t just infiltrate systems it…
AI Companies’ London Office Space Jumps Tenfold
Office space leased by AI firms in capital rises to 450,000 sq ft in surprise jump, amid sustained boom in sector This article has been indexed from Silicon UK Read the original article: AI Companies’ London Office Space Jumps Tenfold
Experts warn of active exploitation of critical NGINX flaw CVE-2026-42945
A critical NGINX flaw (CVE-2026-42945) is actively exploited, allowing crashes or possible code execution via malicious HTTP requests. A critical vulnerability in NGINX Plus and NGINX Open, tracked as CVE-2026-42945 (CVSS v4 score of 9.2), is already being actively exploited…
New Windows ‘MiniPlasma’ Zero-Day Let Attackers Gain SYSTEM Access – PoC Released
A critical Windows privilege escalation zero-day vulnerability dubbed “MiniPlasma” has emerged with a public proof-of-concept exploit that allows attackers to achieve SYSTEM-level privileges on fully patched Windows systems. Security researcher Nightmare-Eclipse released the weaponized exploit on GitHub on May 13,…
Microsoft Confirms Windows 11 Update Fails With Error 0x800f0922
Microsoft has officially acknowledged a critical installation failure affecting its May 2026 Patch Tuesday cumulative update for Windows 11, KB5089549, leaving users stranded with error code 0x800f0922 and, in some cases, additional errors 0x80240069 and 0x80240031. The known issue was…
A week in security (May 11 – May 17)
A list of topics we covered in the week of May 11 to May 17 of 2026 This article has been indexed from Malwarebytes Read the original article: A week in security (May 11 – May 17)
Exploitation of Critical NGINX Vulnerability Begins
The flaw leads to denial-of-service on default configurations and to remote code execution if ASLR is disabled. The post Exploitation of Critical NGINX Vulnerability Begins appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
Grafan GitHub extortion, Microsoft rejects Azure report, Funnel Builder flaw
Grafana GitHub token breach leads to extortion attempt Microsoft rejects Azure vulnerability report, researcher disputes decision Funnel Builder flaw actively exploited to steal payment data Get the show notes here: https://cisoseries.com/cybersecurity-news-grafan-github-extortion-microsoft-rejects-azure-report-funnel-builder-flaw/ Thanks to our episode sponsor, ThreatLocker ThreatLocker is extending…
IT Security News Hourly Summary 2026-05-18 09h : 5 posts
5 posts were published in the last hour 7:2 : HMRC Strikes £175m, 10-Year AI Deal With UK’s Quantexa 7:2 : Critical FunnelKit Vulnerability Puts 40,000+ WooCommerce Sites at Risk 7:2 : 1 Million WordPress Websites Exposed by Avada Builder…
HMRC Strikes £175m, 10-Year AI Deal With UK’s Quantexa
HMRC to use Quantexa AI system to bring together separate data silos to help improve fraud detection, while automating routine tasks This article has been indexed from Silicon UK Read the original article: HMRC Strikes £175m, 10-Year AI Deal With…
Critical FunnelKit Vulnerability Puts 40,000+ WooCommerce Sites at Risk
A critical security vulnerability in the Funnel Builder plugin by FunnelKit is actively being exploited, putting more than 40,000 WooCommerce websites at risk of payment data theft. The vulnerability affects all Funnel Builder versions prior to 3.15.0.3 and allows unauthenticated…
1 Million WordPress Websites Exposed by Avada Builder Security Vulnerabilities
A widely used WordPress plugin powering over one million websites has been found vulnerable to two serious security flaws that could expose sensitive data and server files. Security researchers warn that the issues in the Avada Builder plugin could allow…
Linux Torvalds Warns AI Bug Report Spam Is Disrupting Linux Security Discussions
Linux kernel creator Linus Torvald has warned that a flood of low‑value, AI‑generated bug reports is overwhelming the private Linux security mailing list and actively disrupting real security work. The new kernel documentation for Linux 7.1 now explicitly tells AI…
The AI backdoor your security stack is not built to see
Enterprises deploying LLMs have spent the past two years building defenses around a reasonable assumption: malicious behavior leaves a trace in the input. Scan for suspicious tokens, filter unusual characters, watch for prompt injection patterns. New research from Microsoft and…
Crafted JPEGs Could Trigger PHP Memory Bugs for Exploitation
PHP, one of the most widely used web programming languages, is rarely viewed as a direct attack surface at its core level. Security focus typically shifts toward frameworks and third-party libraries. However, new research shows that PHP’s built-in functionality specifically…
AI reveals the invisible magnetic chaos wasting energy inside electric motors
Electric vehicles are pushing scientists to tackle one of the biggest hidden energy drains inside electric motors: magnetic energy loss. Now, researchers in Japan have developed a powerful AI-driven physics model that can peer into the chaotic “maze-like” magnetic patterns…
Grafana Labs admits all its codebase are belong to someone who popped its GitHub account
No customer info stolen, no impact to operations, and no blackmail payment This article has been indexed from www.theregister.com – Articles Read the original article: Grafana Labs admits all its codebase are belong to someone who popped its GitHub account
Lyrie: Open-source autonomous pentesting agent
Penetration testing has usually required weeks of manual work, specialized tooling, and teams with narrow skill sets. Lyrie, an open-source autonomous security agent built by OTT Cybersecurity, compresses that process into a command line tool and publishes the entire codebase.…