A malicious Hugging Face repository, Open-OSS/privacy-filter, that abused the platform’s trust and trending algorithm to deliver a sophisticated Rust-based infostealer to Windows users. The project briefly reached the #1 trending position with roughly 244,000 downloads and hundreds of likes before…
Microsoft 365 Copilot Flaws Could Let Attackers Access Sensitive Data
Microsoft has disclosed a trio of critical information disclosure vulnerabilities affecting Microsoft 365 Copilot and Copilot Chat in Microsoft Edge. Released on May 7, 2026, these security flaws pose a substantial risk to enterprise data privacy and corporate confidentiality. If…
Q1 2026 Ransomware Report: Fewer Groups, Higher Impact
Ransomware activity remained elevated in Q1 2026, continuing the trend established over the past year. According to the State of Ransomware Q1 2026 report from Check Point Research, overall attack volume stayed near historic highs. At the same time, the structure of…
U.S. CISA adds a flaw in BerriAI LiteLLM to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in BerriAI LiteLLM to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in BerriAI LiteLLM, tracked as CVE-2026-42208 (CVSS score of 9.3), to…
The questionnaire-based TPRM model is broken, and TrustCloud has a fix
TrustCloud announced a new version of TrustLens, its third party risk management (TPRM) solution. The new TrustLens agentic AI capabilities focus on delivering four requirements every CISO wants in their TPRM program: speed, accuracy, coverage, and proactive risk mitigation. In…
ShinyHunters Escalates Canvas Extortion with School by School Ransom Campaign
ShinyHunters has escalated its Canvas extortion campaign, defacing hundreds of school login pages and threatening to leak stolen data unless institutions negotiate This article has been indexed from www.infosecurity-magazine.com Read the original article: ShinyHunters Escalates Canvas Extortion with School by…
Hackers Abuse Google Ads and Claude.ai Shared Chats to Distribute macOS Malware
Attackers are currently running a malvertising campaign that uses Google Ads and legitimate shared chats on Claude. Thank you for being a Ghacks reader. The post Hackers Abuse Google Ads and Claude.ai Shared Chats to Distribute macOS Malware appeared first…
IT Security News Hourly Summary 2026-05-11 12h : 7 posts
7 posts were published in the last hour 10:2 : PoC Exploit Released for Android Zero-Click Flaw Enabling Remote Shell Access 10:2 : Sandboxie Escape Flaw Could Let Attackers Gain SYSTEM-Level Privileges 10:2 : Checkmarx Jenkins AST Plugin Compromised in…
PoC Exploit Released for Android Zero-Click Flaw Enabling Remote Shell Access
Public references indicate that a GitHub proof-of-concept is now circulating for CVE-2026-0073, the critical Android flaw documented in Google’s May 2026 security bulletin, raising the urgency for defenders with wireless ADB enabled on test or production devices. Google and multiple…
Sandboxie Escape Flaw Could Let Attackers Gain SYSTEM-Level Privileges
Security researchers have exposed critical sandbox escape vulnerabilities in Sandboxie and Sandboxie-Plus that allow attackers to gain full SYSTEM-level privileges. We strongly urge users to update to version 1.17.5, which was recently patched, to mitigate these severe execution threats. A…
Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack
A malicious version of the plugin was published to the Jenkins Marketplace late last week. The post Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Google reCAPTCHA Update Blocks Privacy-Focused Android Users From Sites
Google has rolled out a significant update to its reCAPTCHA verification system that fundamentally alters how websites verify human traffic. Announced on April 22 at the Google Cloud Next 2026 conference, the new mechanism operates through Google’s Cloud Fraud Defense…
Vidar Malware Targets Browser Credentials, Cookies, Crypto Wallets, and System Data
A long-active information stealer is making headlines again, and this time it is targeting more than just passwords. Vidar malware, a credential-harvesting tool in circulation since late 2018, has been observed running through a sophisticated multi-stage attack chain designed to…
The scam economy has found its AI upgrade
Scam attempts continue to reach consumers via email, text messages, social media, online advertising, and phone calls. The volume of exposure has remained stable over the past year, with more than half of consumers encountering scam attempts at least monthly,…
Identity is the new perimeter as rapid NHI proliferation threatens visibility and control
NHIs are linked to diverse assets across the enterprise technology ecosystem, creating a highly fragmented architecture and making it challenging for security teams to maintain visibility and control. This article has been indexed from Cybersecurity Dive – Latest News Read…
Canvas System Is Online After a Cyberattack Disrupted Thousands of Schools
Tens of thousands of students studying for final exams around the world have regained access to a key online learning system after a cyberattack had earlier knocked it offline. The post Canvas System Is Online After a Cyberattack Disrupted Thousands…
Zara Data Breach Impacts Nearly 200,000 Customers
ShinyHunters gets away with emails and other data on 200,000 Zara customers This article has been indexed from www.infosecurity-magazine.com Read the original article: Zara Data Breach Impacts Nearly 200,000 Customers
Silicon In Focus Podcast: Identity Under Siege: Why Credentials Are the New Battleground
Discover why identity is the new cybersecurity battleground as experts explore zero trust, MFA weaknesses, AI threats, and credential attacks. This article has been indexed from Silicon UK Read the original article: Silicon In Focus Podcast: Identity Under Siege: Why…
Apple Tests AI-Powered AirPods With Cameras
Apple reportedly in late testing stage for AirPods with cameras that could feed visual information to upgraded Siri assistant This article has been indexed from Silicon UK Read the original article: Apple Tests AI-Powered AirPods With Cameras
OpenClaw Malware Targets Crypto Wallets and Bitwarden Credentials
OpenClaw users are being targeted in a fresh malware campaign that abuses a fake installer to steal credentials from popular crypto wallets and password managers, including MetaMask, Phantom, and Bitwarden. The archive contains a 130MB Rust executable padded with fake…
Taiwan’s train cyber-trauma reveals a global system that’s coming off the tracks
That’s not a radio. THIS is a radio This article has been indexed from www.theregister.com – Articles Read the original article: Taiwan’s train cyber-trauma reveals a global system that’s coming off the tracks
New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks
Also called Copy Fail 2 and tracked as CVE-2026-43284 and CVE-2026-43500, the exploit was disclosed before a patch was released. The post New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks appeared first on SecurityWeek. This article has been indexed…
Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads
A malicious Hugging Face repository managed to take a spot in the platform’s trending list by impersonating OpenAI’s Privacy Filter open-weight model to deliver a Rust-based information stealer to Windows users. The project, named Open-OSS/privacy-filter, masqueraded as its legitimate counterpart,…
Police Shut Relaunched Crimenetwork Dark Web Marketplace
Spanish police have arrested the suspected administrator of German dark web marketplace Crimenetwork This article has been indexed from www.infosecurity-magazine.com Read the original article: Police Shut Relaunched Crimenetwork Dark Web Marketplace