Redmond open sources two tools for building and maintaining safer agents This article has been indexed from www.theregister.com – Articles Read the original article: Microsoft storms RAMPART, adds Clarity to agentic AI safety
IT Security News Hourly Summary 2026-05-21 12h : 13 posts
13 posts were published in the last hour 10:3 : Ofcom Says YouTube, TikTok Dragging Feet On Child Protections 10:3 : TamperedChef Malware Hides in Signed Apps to Drop Stealers and RATs 10:2 : Critical Drupal Core Security Vulnerability Exposes…
Ofcom Says YouTube, TikTok Dragging Feet On Child Protections
While other platforms have made new commitments, Google’s YouTube and TikTok believe they are doing enough, says media regulator This article has been indexed from Silicon UK Read the original article: Ofcom Says YouTube, TikTok Dragging Feet On Child Protections
TamperedChef Malware Hides in Signed Apps to Drop Stealers and RATs
A large-scale malware campaign dubbed “TamperedChef” is leveraging trojanized productivity applications such as PDF editors, calendar tools, and file converters to silently deploy information stealers and remote access trojans (RATs), according to recent threat intelligence findings. Security researchers have identified…
Critical Drupal Core Security Vulnerability Exposes Websites to Cyberattack
A highly critical security vulnerability in Drupal core is set to impact websites worldwide, with the official security release scheduled for May 20, 2026. The vulnerability has been assigned a “Highly Critical” severity rating (20/25), indicating potential risks to confidentiality…
Critical Cisco Secure Workload Vulnerability Enables Unauthorized API Access
Cisco has disclosed a critical security vulnerability in its Secure Workload platform that could allow unauthenticated attackers to gain unauthorized access to sensitive resources via internal APIs. The flaw, tracked as CVE-2026-20223, carries a maximum CVSS score of 10.0 and…
BadIIS Malware Turns Hijacks IIS Servers and Redirect Users to Illicit Sites
A dangerous piece of malware known as BadIIS has been actively targeting Internet Information Services (IIS) web servers, quietly hijacking them and redirecting unsuspecting visitors to illegal gambling sites, adult content platforms, and other illicit destinations. The attacks have been…
New Microsoft Defender 0‑Days Actively Exploited in the Wild
Two newly disclosed Microsoft Defender vulnerabilities are being actively exploited in the wild, enabling local attackers to elevate privileges to SYSTEM and potentially disrupt endpoint protection across Windows environments. The bugs, tracked as CVE‑2026‑41091 (Elevation of Privilege) and CVE‑2026‑45498 (Denial…
Nine-year-old Linux Kernel Vulnerability Let Attackers Exfiltrate SSH Private Keys
A newly disclosed Linux kernel vulnerability, tracked as CVE-2026-46333, exposes a serious local privilege escalation flaw that has remained undetected for nearly nine years. Security researchers at the Qualys Threat Research Unit (TRU) revealed that the issue allows attackers to…
Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI
More than 200 vulnerabilities patched in recent Chrome releases are marked as ‘reported by Google’. The post Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days
The bugs could be exploited to elevate privileges to System or create a denial-of-service (DoS) condition. The post Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Anthropic Set For First Profitable Quarter
Anthropic reported expects first operating profit in June quarter, though profits may not continue as spending ramps up This article has been indexed from Silicon UK Read the original article: Anthropic Set For First Profitable Quarter
Fake Invitation Phishing Campaign Steals Credentials From U.S. Organizations
A large-scale phishing campaign leveraging fake event invitations is actively targeting U.S. organizations, combining credential theft, OTP interception, and remote access tool abuse into a single attack chain. The campaign stands out due to its repeatable phishing framework, which allows…
Critical Vulnerability in Cisco Secure Workload Threatens Enterprise API Security
Cisco has disclosed a critical security vulnerability in its Secure Workload platform that could allow unauthenticated attackers to gain high-level administrative access to sensitive enterprise environments. The flaw, tracked as CVE-2026-20223, carries a maximum CVSS score of 10.0 and is…
New NGINX 0-Day RCE “nginx-poolslip” Threatens Millions of Servers
A newly discovered zero-day vulnerability in NGINX, dubbed “nginx-poolslip,” is raising serious concerns across the global cybersecurity community, as it exposes millions of servers to potential remote code execution (RCE) attacks. The vulnerability affects NGINX version 1.31.0, the latest stable…
One Man, One AI, One Fake Persona: Inside the 5-Year Influence and Fraud ‘Patriot Bait’ Campaign
A solo Russian-speaking threat actor ran a 5-year Telegram channel and, starting September 2025, used AI to automate its content, credential theft, and a cryptocurrency fraud scheme targeting American audiences. This article has been indexed from Trend Micro Research, News…
OpenAI Reportedly Plans Imminent IPO Filing
OpenAI said to be pushing ahead with confidential IPO filing in coming days, after defeating key legal challenge This article has been indexed from Silicon UK Read the original article: OpenAI Reportedly Plans Imminent IPO Filing
A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale
GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations. This article has been indexed from Security Latest Read the original article: A…
1-15 May 2026 Cyber Attacks Timeline
The threat landscape during May H1 was dominated by cyber crime and characterized by malware attacks, while the exploitation of public-facing applications led the initial access. This article has been indexed from HACKMAGEDDON Read the original article: 1-15 May 2026…
WantToCry Ransomware Abuses SMB Services to Remotely Encrypt Files
A ransomware strain called WantToCry has been targeting businesses by abusing a widely used file-sharing protocol to encrypt files without dropping any malware on the victim’s system. The attacks mark a notable shift in how ransomware operators approach campaigns, serving…
New NGINX 0-Day RCE “nginx-poolslip” Affects Millions of NGINX Servers
A newly disclosed zero-day remote code execution (RCE) vulnerability, dubbed nginx-poolslip, has been identified in NGINX version 1.31.0, the latest stable release of the widely deployed web server software. The discovery was made by security agent Vega, operating under the…
Grafana Labs Says Code Breach Stemmed from TanStack Attack
Grafana Labs has confirmed a recent data breach was caused by the TanStack supply chain attack This article has been indexed from www.infosecurity-magazine.com Read the original article: Grafana Labs Says Code Breach Stemmed from TanStack Attack
Meta Tells Staff It May Not Conduct Further Layoffs This Year
Facebook parent tells employees it may not carry out further company-wide job cuts this year, as it carries out AI-focused restructure This article has been indexed from Silicon UK Read the original article: Meta Tells Staff It May Not Conduct…
Indian Student Data Weaponized in Phishing and Financial Fraud Campaigns
A growing trend in India where student data is increasingly being exploited for cybercrime activities, including phishing, impersonation, social engineering, and financial fraud. As educational institutions rapidly adopt digital platforms for admissions, fee payments, examinations, and communication, the volume of…