GitHub on Wednesday officially confirmed that the breach of its internal repositories was the result of a compromise of an employee device involving a poisoned version of the Nx Console Microsoft Visual Studio Code (VS Code) extension. The development comes…
Claude Code’s Network Sandbox Vulnerability Exposes User Credentials and Source Code
Anthropic’s Claude Code AI coding assistant harbored a critical network sandbox bypass for over five months, allowing attackers to exfiltrate credentials, source code, and environment variables from developer systems, and the company issued no public advisory for either incident. Security…
Cyber threats push SMBs to spend more on security
Cybersecurity has become a key priority for small and medium-sized businesses due to growing threats and wider AI adoption. An IDC survey of 2,200 SMBs in eight markets examined how organizations manage cyber risks, prepare for AI-related threats, and handle…
Dark Web Brokers Repackage Old Breaches as Fresh Corporate Data Leaks
A wave of fake data leak claims is flooding dark web forums, and most of what is being sold turns out to be recycled material from old breaches. Threat actors operating in Chinese-language cybercrime ecosystems are packaging this stale data…
Gremlin Stealer Stores C2 URLs and Exfiltration Paths in Encrypted Resource Sections
A newly analyzed variant of the Gremlin stealer malware has raised alarms by hiding its command-and-control (C2) addresses and data exfiltration paths inside encrypted resource sections of a compiled program. This approach makes the malware harder to detect through traditional…
ISC Stormcast For Thursday, May 21st, 2026 https://isc.sans.edu/podcastdetail/9940, (Thu, May 21st)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, May 21st, 2026…
ExifTool CVE-2026-3102: RCE via Image Metadata
Security researchers at Kaspersky’s Global Research and Analysis Team have disclosed CVE-2026-3102, a critical vulnerability in ExifTool that allows attackers to execute arbitrary commands on macOS systems by hiding malicious code inside image file metadata. This article has been indexed…
Malicious VS Code Extension Breaches GitHub
GitHub confirmed over the weekend that an employee device was compromised after installing a trojanized Visual Studio Code extension from the official marketplace. This article has been indexed from CyberMaterial Read the original article: Malicious VS Code Extension Breaches GitHub
AI-Driven DDoS Attacks Surge 738% in Finance
Financial services organizations face a dramatic escalation in distributed denial-of-service attacks, with the median duration of Layers 3 and 4 DDoS attacks increasing 738% since 2024, according to new research from Akamai. This article has been indexed from CyberMaterial Read…
UK GCA Opens £2.9B Defense Tech Framework to SMEs
The UK Government Commercial Agency has announced plans to expand access to a major defense technology procurement framework worth £2.88 billion, opening opportunities for small and medium-sized enterprises that have been largely excluded from previous contracts. This article has been…
University of Arizona leads cyber operations education
The University of Arizona has established itself as a national leader in cybersecurity education, becoming one of only 10 institutions nationwide to hold all three National Security Agency Center of Academic Excellence designations in cyber defense, cyber operations, and cyber…
Third-Party Risk Management Needs to Evolve
Annual vendor risk assessments are no longer enough as AI, cloud services, and fourth-party ecosystems rapidly expand risk exposure. The post Third-Party Risk Management Needs to Evolve appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet…
Void Botnet Uses Ethereum Smart Contracts for Seizure-Resistant C2 Infrastructure
A new botnet called Void has emerged on the cybercrime underground, bringing a troubling twist to how attackers manage their operations remotely. Instead of relying on traditional servers that authorities can seize or shut down, Void Botnet routes its commands…
Hackers Use Fake Income Tax Assessment Pages to Infect Windows Systems
A new threat campaign is targeting Windows users in India by disguising malicious files as official income tax documents. Researchers have tracked the operation under the name TAX#TRIDENT, and it has shown the ability to pivot across multiple delivery methods…
How a Webmail Log File Became a Root-Level Backdoor
A forensic breakdown of how an attacker turned CyberPanel’s SnappyMail logging into a persistent webshell that survived every WordPress cleanup attempt. The post How a Webmail Log File Became a Root-Level Backdoor appeared first on Wordfence. This article has been…
A Bipartisan Amendment Would End Police License Plate Tracking Nationwide
One line tucked into a federal highway bill would strip funds from cities and states unless they kill their automated plate tracking programs—effectively banning the tech for all but toll collection. This article has been indexed from Security Latest Read…
IT Security News Hourly Summary 2026-05-21 00h : 4 posts
4 posts were published in the last hour 21:55 : IT Security News Daily Summary 2026-05-20 21:34 : Browser Threats Are Expanding the SMB Attack Surface 21:34 : PinTheft: Another Linux Privilege Escalation, Another Working Exploit, This Time Targeting Arch…
IT Security News Daily Summary 2026-05-20
168 posts were published in the last hour 21:34 : Browser Threats Are Expanding the SMB Attack Surface 21:34 : PinTheft: Another Linux Privilege Escalation, Another Working Exploit, This Time Targeting Arch 21:34 : Trapdoor Android Ad Fraud Operation Uses…
Browser Threats Are Expanding the SMB Attack Surface
Palo Alto Networks warns that browser-based attacks, AI phishing, and malicious extensions are creating growing cybersecurity risks for SMBs. The post Browser Threats Are Expanding the SMB Attack Surface appeared first on eSecurity Planet. This article has been indexed from…
PinTheft: Another Linux Privilege Escalation, Another Working Exploit, This Time Targeting Arch
PinTheft is a Linux LPE flaw in the RDS subsystem with public exploit code. Arch Linux users face the highest risk and should patch immediately. The wave of Linux local privilege escalation vulnerabilities showing up with working exploit code is…
Trapdoor Android Ad Fraud Operation Uses 455 Malicious Apps to Generate Fake Clicks
A large-scale ad fraud operation called Trapdoor has been discovered targeting Android users through 455 malicious apps, quietly generating fake ad clicks and draining real advertising budgets across the digital ecosystem. At its peak, the operation produced 659 million fraudulent…
Even Claude agrees: hole in its sandbox was real and dangerous
Another day, another AI bug silently fixed with no CVE and no public disclosure This article has been indexed from www.theregister.com – Articles Read the original article: Even Claude agrees: hole in its sandbox was real and dangerous
Why Policy in Amazon Bedrock AgentCore chose Cedar for securing agentic workflows
Agents have agency: they adapt and find multiple ways to solve problems. This autonomy creates a fundamental security challenge: the large language model (LLM) at the heart of the agent is non-deterministic, and its decisions can’t be predicted or guaranteed…
The npm Threat Landscape: Attack Surface and Mitigations (Updated May 20)
Unit 42 analyzes npm supply chain evolution post-Shai Hulud. Discover wormable malware, CI/CD persistence, multi-stage attacks and more. The post The npm Threat Landscape: Attack Surface and Mitigations (Updated May 20) appeared first on Unit 42. This article has been…