Cofense has warned of a “significant” increase in phishing campaigns abusing Vercel platform This article has been indexed from www.infosecurity-magazine.com Read the original article: Researchers Spot Uptick in Use of Vercel for Phishing Campaigns
DeepSeek Value Rises To $45bn In First Funding Round
China’s biggest state-backed chip investment fund reportedly in talks to lead AI start-up’s funding round, as valuation more than doubles This article has been indexed from Silicon UK Read the original article: DeepSeek Value Rises To $45bn In First Funding…
UAT-8302 Targets Government Agencies With Custom Malware and Open-Source Tools
A new China-linked hacking group, tracked as UAT-8302, that is using custom malware and open-source tools to spy on government organizations in South America and southeastern Europe. The campaign focuses on long-term access and data theft, combining advanced backdoors like…
Woflow – 447,593 breached accounts
In March 2026, the AI-driven merchant data platform Woflow was named as a victim by the ShinyHunters data extortion group. The group subsequently published tens of thousands of files allegedly obtained from the company, comprising more than 2TB of data.…
Claude AI Guided Hackers Toward OT Assets During Water Utility Intrusion
Dragos has published a report describing how threat actors used Claude AI in an attack on a water and drainage utility in Mexico. The post Claude AI Guided Hackers Toward OT Assets During Water Utility Intrusion appeared first on SecurityWeek.…
Google Proposes Spam Policy Changes To Avoid EU Fine
Google reportedly seeks to avoid further EU fines with proposal altering the way it ranks publishers that include commercial content This article has been indexed from Silicon UK Read the original article: Google Proposes Spam Policy Changes To Avoid EU…
Redis Security Flaws Expose Servers to Remote Code Execution Risks
Redis has disclosed and patched five security vulnerabilities, including four rated High severity, that could allow authenticated attackers to achieve remote code execution (RCE) on affected Redis servers. The advisory, published May 5, 2026, by Redis Chief Information Security Officer…
Hackers Exploit Google Ads to Steal GoDaddy ManageWP Logins
Hackers are abusing Google Ads to steal GoDaddy ManageWP credentials by placing a look‑alike phishing ad above the legitimate ManageWP result and proxying victims’ logins in real time via an adversary‑in‑the‑middle (AiTM) setup. The attackers purchase a sponsored Google ads…
U.S. CISA adds a flaw in Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in the Palo Alto Networks PAN-OS, tracked as CVE-2026-0300…
Chrome installs AI model on devices, Daemon Tools disk app backdoored, crypto security exodus
Google Chrome installs 4GB AI model on devices Daemon Tools disk app backdoored in supply-chain attack Crypto’s ‘decentralised finance’ sector hit by investor exodus Get the show notes here: Thanks to our episode sponsor, Vanta Risk and regulation ramping up—and…
Anthropic Expands Compute Capacity With SpaceX’s Colossus 1
Anthropic to use all 300 MW of compute from SpaceX’s Colossus 1 data centre in Memphis, Tennessee, as it seeks to ease capacity crunch This article has been indexed from Silicon UK Read the original article: Anthropic Expands Compute Capacity…
Cisco Network Flaw Exposes Devices to Remote Denial-of-Service Exploits
Cisco has issued a high-severity security advisory detailing a critical connection exhaustion vulnerability affecting its network management software. Tracked as CVE-2026-20188, this flaw carries a CVSS base score of 7.5. It directly impacts both the Cisco Crosswork Network Controller (CNC)…
Malicious NuGet Packages Steal Browser Credentials, SSH Keys, and Crypto Wallets
Malicious NuGet packages are quietly stealing browser credentials, SSH keys, and cryptocurrency wallet data from developer machines and CI/CD infrastructure, with a particular focus on Chinese .NET ecosystems. The campaign blends legitimate-looking UI and infrastructure libraries with a heavily protected…
IT Security News Hourly Summary 2026-05-07 09h : 3 posts
3 posts were published in the last hour 6:36 : Critical vm2 Node.js Library Flaws Enable Arbitrary Code Execution Attacks 6:9 : Google Chrome 148 Released with Fix for 127 Security Vulnerabilities – Update Now! 6:9 : Massive 2.45B-Request DDoS…
Critical vm2 Node.js Library Flaws Enable Arbitrary Code Execution Attacks
Multiple critical sandbox-escape vulnerabilities have been disclosed in vm2, one of the most widely used Node.js sandboxing libraries, allowing attackers to escape the isolated execution environment and run arbitrary commands directly on the host system. Eleven advisories were published by…
Google Chrome 148 Released with Fix for 127 Security Vulnerabilities – Update Now!
Google has officially promoted Chrome 148 to the stable channel for Windows, Mac, and Linux, rolling out version 148.0.7778.96 for Linux and 148.0.7778.96/97 for Windows and Mac, one of the most security-intensive releases in the browser’s recent history, packing 127…
Massive 2.45B-Request DDoS Attack Used 1.2 Million IPs to Evade Rate Limits
Distributed Denial of Service (DDoS) campaign targeted a large-scale user-generated content platform, unleashing over 2.45 billion malicious requests in just five hours. Rather than relying on brute-force methods, the attackers distributed traffic across 1.2 million unique IP addresses. This structural shift…
Fake Disk Cleanup Apps Fuel New macOS ClickFix Attack
A wave of ClickFix-style social engineering attacks that specifically target macOS users, using fake disk cleanup and system utility tips hosted on popular content platforms. Instead of installing helpful tools, these Terminal commands silently fetch and execute infostealers such as…
France’s Break From Microsoft Signals Europe’s Growing Push for Digital Sovereignty
In a move that reflects Europe’s deepening concerns over data sovereignty and foreign technological dependence, France has decided to move its national Health Data Hub away from Microsoft’s cloud infrastructure and into the hands of domestic provider Scaleway. The decision…
Attackers compromised Daemon Tools software to deliver backdoors
Kaspersky researchers uncovered another supply chain compromise involving a popular Windows tool: Daemon Tools, an app for mounting disk image files as virtual drives that is widely used by gamers, developers, and IT professionals. Since April 8, 2026, the official…
Sysdig delivers cloud security that runs inside AI coding agents
Sysdig announced headless cloud security, a cyberdefense platform designed for the agentic AI era. Sysdig Headless Cloud Security enables customers to drop the traditional, one-size-fits-all UI approach and equip their AI agents as the primary operators of machine-speed, data-driven cyberdefense.…
Teams calls are about to get a lot harder to fake
Microsoft Teams Calling is getting a new feature that will warn users about suspicious inbound VoIP calls from first-time external callers who might be impersonating trusted brands. The post Teams calls are about to get a lot harder to fake…
Multi-model AI is creating a routing headache for enterprises
Application teams are moving AI inference into production systems that support business operations. Enterprises are expanding traffic management, identity controls, observability, and routing systems for multiple AI models and environments. F5’s 2026 State of Application Strategy Report found that 78%…
Open-source MCP server monitoring for Python apps
Pythonic Model Context Protocol servers handle tool calls, session events, module imports, and subprocess activity. BlueRock has released MCP Python Hooks, an open source runtime sensor that gives developers a way to capture those signals without modifying application code. What…