A newly disclosed vulnerability in ExifTool, tracked as CVE-2026-3102, exposes macOS systems to command execution attacks through malicious image metadata, highlighting ongoing risks in widely used file processing tools. ExifTool is a popular utility used across media workflows to read…
Taking care of business: The CISO’s role in a cyber crisis
<p>The role of the chief information security officer is pivotal — and constantly evolving. Today’s CISOs are responsible for all aspects of cybersecurity planning, prevention and management, and must also be attuned to the needs of the business.</p> <p>Increasingly, the…
GitHub says hackers stole data from thousands of internal repositories
The code hosting giant GitHub said it was investigating a breach, but said there was no evidence of customer data theft. This article has been indexed from Security News | TechCrunch Read the original article: GitHub says hackers stole data…
Carding site B1ack’s Stash dumps 4.6 Million stolen cards for free
Carding forum B1ack’s Stash claims to have released millions of stolen CVV2 payment card records for free after suspending sellers. B1ack’s Stash, one of the most active stolen card marketplaces on the dark web, has released 4.6 million credit card…
Exploited Faster, Patched Slower: Verizon DBIR 2026 Shows Security Teams Losing Ground
The Verizon 2026 Data Breach Investigations Report (DBIR) reveals a threat environment moving much faster than many organizations can reasonably protect themselves against. Based on information collected from more than 31,000 security incidents and over 22,000 confirmed data breaches spanning 145 different countries, the…
Agent AI is Coming. Are You Ready?
New Industry Data Just Released Suggests Not. On May 19th, 2026, Orchid Security released the results of our Identity Gap: Snapshot 2026. Among the findings, “identity dark matter” (the unseen, unmanaged elements of identity) now overshadows the visible elements 57%…
Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API
Cybersecurity researchers have flagged fresh activity from a China-aligned threat actor known as Webworm in 2025, deploying custom backdoors that employ Discord and Microsoft Graph API for command-and-control (C2 or C&C) communications. Webworm, first publicly documented by Broadcom-owned Symantec in…
IT Security News Hourly Summary 2026-05-20 15h : 13 posts
13 posts were published in the last hour 13:5 : Gremlin Stealer Hides C2 and Exfiltration Paths in Encrypted Resources 13:4 : Hackers Abuse MSHTA Legacy Windows Tool to Deliver LummaStealer and Amatera Malware 13:4 : Microsoft Python Client DurableTask…
Verizon DBIR: AI Helped Hackers Exploit Vulnerabilities in 31% of Recent Breaches
Verizon DBIR 2026 reveals software vulnerabilities overtook stolen passwords in cyberattacks, with AI helping hackers exploit flaws within hours. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: Verizon DBIR:…
Gremlin Stealer Hides C2 and Exfiltration Paths in Encrypted Resources
A newly identified variant of the Gremlin stealer malware is leveraging advanced obfuscation techniques to conceal its command-and-control (C2) infrastructure and data exfiltration logic within encrypted .NET resource sections. This evolution highlights a significant shift toward stealth, modularity, and anti-analysis…
Hackers Abuse MSHTA Legacy Windows Tool to Deliver LummaStealer and Amatera Malware
Hackers are exploiting a decades-old Windows tool to deliver dangerous malware onto unsuspecting systems, with consequences ranging from stolen passwords to full system compromise. The tool is MSHTA, short for Microsoft HTML Application Host, a built-in Windows utility that can…
Microsoft Python Client DurableTask Compromised by TeamPCP Hackers
Three consecutive releases of Microsoft’s official Python workflow SDK were poisoned with a multi-cloud credential-stealing worm, continuing the group’s relentless 2026 supply chain campaign. The TeamPCP threat group has struck again this time targeting durabletask, the official Microsoft Python client for…
Hackers Use Single-Letter Go Module Typosquat to Deploy DNS-Based Backdoor
A seemingly innocent typo in a Go module name has been quietly serving a live backdoor for nearly three years. Security researchers uncovered a malicious package called github.com/shopsprint/decimal that impersonates the popular github.com/shopspring/decimal library, differing by just a single letter in its name. The…
Anthropic Silently Patches Claude Code Sandbox Bypass
The researcher who found it says the vulnerability could have been chained with a prompt injection to exfiltrate data. The post Anthropic Silently Patches Claude Code Sandbox Bypass appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
NVIDIA Triton Inference Server Flaw Raises Risk of Unauthorized Access
NVIDIA has disclosed a critical security vulnerability in its Triton Inference Server that could allow attackers to bypass authentication and gain unauthorized access to affected systems. The flaw, tracked as CVE-2026-24207, has been assigned a CVSS v3.1 score of 9.8,…
Old Breaches Resold as New Corporate Data Leaks
Dark web data brokers are increasingly recycling old breach data and marketing it as fresh corporate leaks. The activity, largely observed in Chinese-language cybercrime forums and Telegram channels, is creating confusion among organizations and diverting security resources toward investigating claims…
Microsoft DurableTask Python Client Targeted in TeamPCP Cyberattack
The ongoing TeamPCP software supply chain campaign has compromised the official Microsoft DurableTask Python client, a widely used package for orchestrating workflows in Python applications. Three versions of the durabletask package on PyPI, 1.4.1, 1.4.2, and 1.4.3, were identified as malicious and…
Firefox 151 packs big privacy upgrades into a small update
Firefox 151 adds major privacy improvements and fixes high-priority security vulnerabilities, making this an update you shouldn’t ignore. This article has been indexed from Malwarebytes Read the original article: Firefox 151 packs big privacy upgrades into a small update
According to Sophos 71% of orgs hit by identity breaches
More than seven in ten organizations suffered identity-related breaches over the past year, according to Sophos’s State of Identity Security 2026 survey. This article has been indexed from CyberMaterial Read the original article: According to Sophos 71% of orgs hit…
NIST PNT Framework Strengthens GPS Interference Defenses
The National Institute of Standards and Technology has published a new framework addressing vulnerabilities in Positioning, Navigation, and Timing systems, with particular focus on strengthening defenses against GPS interference. This article has been indexed from CyberMaterial Read the original article:…
Indiana launches military-aligned cybersecurity pathway
Indiana will launch a first-of-its-kind military-aligned cybersecurity education pathway in June 2025, connecting high school students with advanced coursework, industry experience, and direct mentorship from the Indiana National Guard. This article has been indexed from CyberMaterial Read the original article:…
GitHub Breached — Employee Device Hack Led to Exfiltration of 3,800+ Internal Repos
GitHub on Tuesday said it’s investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform’s source code and internal organizations for sale on a cybercrime forum. “While we currently have no evidence…
OtterCookie RAT Steals Dev Secrets and Cloud Credentials
A newly discovered malware strain called OtterCookie is targeting software developers with sophisticated credential theft capabilities, according to recent analysis from security researchers. This article has been indexed from CyberMaterial Read the original article: OtterCookie RAT Steals Dev Secrets and…
Crafted JPEGs Trigger PHP Memory Bugs
Critical memory corruption vulnerabilities have been identified in PHP’s core ext/standard extension, specifically affecting how the widely deployed programming language processes JPEG image files. This article has been indexed from CyberMaterial Read the original article: Crafted JPEGs Trigger PHP Memory…