A new cyberespionage campaign that abuses GitHub Releases and a PE-less Python implant to steal data from targeted Windows systems quietly. The operation combines social engineering, trusted cloud infrastructure, and multi-stage obfuscation to maintain long-term, covert access to victim machines.…
Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover
Lax extension permissions and improper trust implementation allow attackers to inject prompts in the Claude Chrome extension. The post Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover appeared first on SecurityWeek. This article has been indexed from…
PCPJack Worm Targets Docker, Kubernetes, Redis, and MongoDB Credentials
A newly identified malware framework dubbed PCPJack is targeting exposed cloud and container infrastructure to steal credentials at scale while actively removing artifacts linked to the TeamPCP threat actor. Unlike typical cloud-focused campaigns, PCPJack skips cryptomining entirely and instead appears optimized for…
Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks
CVE-2026-6973 is a high-severity vulnerability that allows an attacker who has admin privileges to execute arbitrary code. The post Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
PoC Exploit Released for Dirty Frag Linux Kernel Vulnerability
A proof-of-concept exploit for a new Linux kernel vulnerability class dubbed “Dirty Frag”. This universal local privilege escalation vulnerability allows attackers to obtain root access across most major Linux distributions reliably. Because a third party unexpectedly broke the responsible disclosure…
The Canvas Hack Is a New Kind of Ransomware Debacle
Thousands of schools around the US were paralyzed on Thursday after education tech firm Instructure shut down access to its Canvas platform following a breach by hackers going by the name ShinyHunters. This article has been indexed from Security Latest…
Cybersecurity Industry Split Over Impact of Anthropic’s Mythos AI
Advanced artificial intelligence systems are rapidly reshaping the cybersecurity industry, but experts remain sharply divided over whether the technology represents a manageable evolution in security research or the beginning of a large-scale vulnerability crisis. The debate escalated after Anthropic…
Product showcase: NetGuard open-source firewall for Android
NetGuard is a free, open-source firewall for Android phones and tablets that provides users with a simple way to block internet access. Android does not allow VPN services to be chained, so the app uses the Android VPN service to…
Mental health apps are collecting more than emotional conversations
People use mental health apps to talk about depression, trauma and suicidal thoughts in moments they may not share with anyone else. Many users likely assume those conversations carry protections similar to therapy sessions. In reality, mental health apps operate…
Multiple Critical Flaws Fixed in Next.js and React Server Components
Vercel has rolled out vital security updates for Next.js to address a wave of high-severity vulnerabilities affecting versions across the 13.x to 16.x branches. Published via GitHub advisories by Tim Neutkens, these flaws expose web applications to severe risks, including…
NWHStealer Campaign Deploys Bun Loader, Anti-VM Evasion, and Encrypted C2
A new distribution method for the NWHStealer infostealer that leverages the Bun JavaScript runtime, marking a significant evolution in the malware’s delivery infrastructure. The threat actors behind this Rust-based stealer are exploiting Bun’s relative newness and high-performance capabilities to package…
Your coworker might be selling company logins, and thinks it’s fine
Employee behavior once considered unacceptable is becoming tolerated across various industries, particularly in IT and telecommunications, and at all levels of seniority, including leadership. Cifas Workplace Fraud Trends research, based on a survey of 2,000 UK employees working at companies…
Multiple Critical Vulnerabilities Patched in Next.js and React Server Components
Vercel has released an extensive set of security advisories for Next.js, addressing more than a dozen vulnerabilities, including denial-of-service, middleware bypass, server-side request forgery, and cross-site scripting. The flaws affect Next.js versions 13.x through 16.x using the App Router, as…
Dirty Frag Linux Vulnerability Let Attackers Gain Root Privileges – PoC Released
Dirty Frag is a newly disclosed, CVE-pending Linux kernel local privilege escalation (LPE) vulnerability that chains two separate page-cache write flaws, the xfrm-ESP Page-Cache Write and the RxRPC Page-Cache Write, to achieve root access on virtually all major Linux distributions, with…
New infosec products of the week: May 8, 2026
Here’s a look at the most interesting products from the past week LastPass, Operant AI, Sysdig, and VIAVI. Operant AI Endpoint Protector secures AI agents and MCP tools Operant AI has launched Operant Endpoint Protector, a new addition to its…
Meta allegedly made billions from scam advertising while online fraud explodes worldwide.
In this special edition of Cybersecurity Today, David Shipley speaks with scam-fighting expert Erin West about the global fraud crisis, the rise of AI-powered scams, and why traditional law enforcement may be falling behind. Cybersecurity Today would like to thank…
IT Security News Hourly Summary 2026-05-08 06h : 1 posts
1 posts were published in the last hour 3:9 : Canvas Breach Disrupts Schools & Colleges Nationwide
Canvas Breach Disrupts Schools & Colleges Nationwide
An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the service’s login page with a ransom demand that…
ISC Stormcast For Friday, May 8th, 2026 https://isc.sans.edu/podcastdetail/9924, (Fri, May 8th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, May 8th, 2026…
ShinyHunters Extorts Universities in New Instructure Canvas Hack
A ShinyHunters-linked attack disrupted hundreds of Instructure Canvas portals during finals week. The post ShinyHunters Extorts Universities in New Instructure Canvas Hack appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original article: ShinyHunters…
Accelerate innovation and govern integrity with Red Hat Satellite 6.19
Organizations are shifting fast toward image-based workflows and AI, but you shouldn’t have to choose between moving quickly and keeping the lights on. Red Hat Satellite 6.19 bridges that gap. This release focuses on hardening the software supply chain and…
CVE-2026-31431: How Red Hat Advanced Cluster Security and Red Hat Advanced Cluster Management can help
A practical look at what happens when kernel bugs meet containers.Author’s note: Refer to this Red Hat Security Bulletin for the most recent information about this CVE. This blog post was originally published on May 4, 2026 and has been…
IT Security News Hourly Summary 2026-05-08 03h : 1 posts
1 posts were published in the last hour 1:3 : ShinyHunters Defaces Canvas LMS Portal, Hundreds of Universities Affected
ShinyHunters Defaces Canvas LMS Portal, Hundreds of Universities Affected
ShinyHunters hackers defaced the official Canvas LMS portal after breaching Instructure systems, disrupting university access worldwide. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: ShinyHunters Defaces Canvas LMS Portal,…