A newly discovered cyberespionage campaign is using a deceptively simple tactic to slip past security defenses: disguising malware as a humanitarian aid request while hiding the real payload on GitHub. Researchers have named this operation “HumanitarianBait,” and it is far…
Fake Moustache Bypasses Age Verification System Raising Online Safety Act Concerns
A 12-year-old boy grabbed an eyebrow pencil, drew a moustache on his face, held it up to his screen, and was verified as 15 years old. That single moment, shared by a parent in a UK survey, says more about…
Hackers Leveraged Hugging Face and ClawHub With 575+ Malicious Skills to Deploy Malware
An active malware distribution campaign abusing two prominent AI platforms Hugging Face and ClawHub to deliver trojans, cryptominers, and infostealers disguised as legitimate AI tools and agent extensions. The campaign marks a significant evolution in supply chain attacks, shifting from…
New ZiChatBot Malware Uses Zulip REST APIs as Command and Control Server
A newly discovered malware called ZiChatBot has been found quietly using the REST APIs of a legitimate team chat application called Zulip to receive and carry out commands from its operators. This approach is unusual because the malware never communicates…
Hackers Attack School Login Pages After Another Instructure Breach
Instructure attacked Last week, edtech giant Instructure reported a data breach where threat actors stole students’ personal data: names, email addresses, and conversations between students and teachers. Hackers compromised Instructure again, destroying various schools’ login sites to the platform…
Cisco Reveals Security Gaps in Vision Language Models
Cisco researchers found that tiny, nearly invisible image perturbations can bypass vision language model safety mechanisms. The post Cisco Reveals Security Gaps in Vision Language Models appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read…
In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner
Other noteworthy stories that might have slipped under the radar: US gov targets 72-hour patch cycles, malware uses Windows Phone Link to steal OTPs, spy operation targets Eurasian drone industry. The post In Other News: Train Hacker Arrested, PamDOORa Linux…
Financial Services Must Prepare for Attacks Originating Inside the Cloud
With the increase in adoption of cloud-based infrastructure, digital banking ecosystems, and interconnected transaction platforms, cybersecurity has evolved from a regulatory requirement to a critical element of operational resilience. Payment service providers, banks, insurance companies, and investment firms now process…
Canvas Learning Platform Outage Disrupts Universities After ShinyHunters Cyberattack
Midday classes hit pause when Canvas went offline nationwide following a security alert that triggered emergency repairs. Though the issue began in Texas, ripple effects reached campuses far outside, cutting off vital links to homework and recorded lectures. When…
Dirty Frag: Unpatched Linux vulnerability delivers root access
A week after Copy Fail, another Linux local privilege escalation vulnerability dubbed “Dirty Frag” has been revealed, along with a PoC exploit. What is Dirty Frag In effect, Dirty Frag refers to two flaws: A xfrm-ESP Page-Cache Write vulnerability (CVE-2026-43284,…
ClaudeBleed Vulnerability Lets Hackers Hijack Claude Chrome Extension to Steal Data
The ClaudeBleed vulnerability allows hackers to bypass Claude for Chrome guardrails to exfiltrate private Google Drive and Gmail data. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: ClaudeBleed Vulnerability…
‘Dirty Frag’ Linux flaw one-ups CopyFail with no patches and public root exploit
Broken disclosure embargo left admins facing a fresh root-level flaw with no CVE This article has been indexed from www.theregister.com – Articles Read the original article: ‘Dirty Frag’ Linux flaw one-ups CopyFail with no patches and public root exploit
Pam Backdoor Targets Linux Systems to Steal SSH Credentials
A newly observed Linux backdoor technique, dubbed Pam, is exploiting the flexibility of Pluggable Authentication Modules (PAM) to capture SSH credentials and maintain persistence on compromised systems stealthily. Since its introduction in 1991 by Linus Torvalds, Linux has been designed for…
Microsoft says Edge’s plaintext password behavior is “by design”
A researcher found Edge loads saved passwords into computer memory when it starts, making them easier to steal if a device is already compromised. This article has been indexed from Malwarebytes Read the original article: Microsoft says Edge’s plaintext password…
Trellix Breach – RansomHouse Claims Access to Parts of Source Code
Trellix, the global cybersecurity firm formed from the merger of McAfee Enterprise and FireEye, has confirmed unauthorized access to a portion of its source code repository, with the RansomHouse ransomware group formally claiming responsibility for the attack. Trellix reported a…
DarkMoon AI-Powered Autonomous Penetration Testing Platform With 50+ Tools
A new open-source cybersecurity platform called DarkMoon has emerged as a significant advancement in autonomous penetration testing. It provides security teams and DevSecOps professionals with a fully AI-powered vulnerability assessment system. DarkMoon integrates over 50 specialized offensive security tools, all…
Why Vulnerability Scanning Is Not Penetration Testing, And Why Cisos Should Care
If your organisation runs quarterly vulnerability scans and calls it penetration testing, you are not alone. According to a 2025 SANS Institute survey, over 60% of organisations conflate vulnerability scanning… The post Why Vulnerability Scanning Is Not Penetration Testing, And…
Meta U-turns on encryption push for Instagram as DMs go plaintext
After years of insisting end-to-end encryption was the future of online comms, Zuckcorp has handed itself full visibility into user chats once again This article has been indexed from www.theregister.com – Articles Read the original article: Meta U-turns on encryption…
AWS EC2 outage in US-EAST-1 due to power loss
Amazon Web Services suffered a significant power outage in its US-EAST-1 region on May 7, impacting EC2 instances and EBS volumes after a thermal event triggered cooling system failures. This article has been indexed from CyberMaterial Read the original article:…
Zara data breach exposes 197,000 customers
Spanish fast-fashion retailer Zara has disclosed a data breach impacting more than 197,000 customers after hackers successfully infiltrated the company’s databases. This article has been indexed from CyberMaterial Read the original article: Zara data breach exposes 197,000 customers
25M Alerts Reveal Enterprise Alert Fatigue
Security operations centers across enterprises are drowning in alerts to the point where ignoring warnings has become standard practice, according to a new report examining more than 25 million security alerts from live production environments. This article has been indexed…
Meta challenges Ofcom fine calculation methodology
Meta has filed for judicial review in UK High Court challenging how Ofcom calculates fees and penalties under the Online Safety Act. This article has been indexed from CyberMaterial Read the original article: Meta challenges Ofcom fine calculation methodology
2026 ChicagoCISO ORBIE Awards Honor Security Leaders
The ChicagoCISO ORBIE Awards for 2026 have announced their honorees, recognizing chief information security officers from six prominent organizations across financial services, healthcare, and technology sectors. This article has been indexed from CyberMaterial Read the original article: 2026 ChicagoCISO ORBIE…
IT Security News Hourly Summary 2026-05-08 15h : 1 posts
1 posts were published in the last hour 12:32 : Dirty Frag: A new Linux privilege escalation vulnerability is already in the wild