RubyGems, the standard package manager for the Ruby programming language, has temporarily paused account sign ups following what has been described as a “major malicious attack.” “We’re dealing with a major malicious attack on Ruby Gems right now,” Maciej Mensfeld,…
You Secured the Code. Did You Secure the Model?
Your team just shipped an AI-powered feature. You scanned the code. Passed SAST. Reviewed the PR. Green across the board. But here’s what you probably didn’t scan: the model weights. The agent framework. The dataset lineage. The MCP server that your agent calls at runtime. …
Hackers Hijack Microsoft Teams Accounts to Deliver ModeloRAT
A new wave of cyberattacks is putting Microsoft Teams users on high alert across organizations worldwide. Hackers have been found hijacking Teams accounts to impersonate IT support staff and push a dangerous piece of malware called ModeloRAT directly into corporate…
SAP Patches Critical SQL injection Vulnerability in SAP S/4HANA
On May 12, 2026, SAP released its highly anticipated monthly Security Patch Day updates, addressing numerous severe security flaws across its entire enterprise software portfolio. The most alarming discovery is a critical SQL injection vulnerability in SAP S/4HANA, giving attackers…
New Stealthy Vidar Stealer Campaign Bypass EDR and Steal Credentials
A new and highly stealthy campaign distributing Vidar Stealer has surfaced, targeting Windows users with a sophisticated attack chain designed to slip past endpoint defenses and harvest sensitive credentials. The campaign has drawn significant attention from the cybersecurity community because…
Zoom Rooms and Workplace Vulnerabilities Allow Attackers to Escalate Privileges
A series of newly discovered vulnerabilities in Zoom’s software ecosystem could hand local attackers the keys to your system. As organizations continue to rely heavily on virtual meetings, threat actors are constantly hunting for ways to exploit these communication tools.…
Threat Actors Leverage Vercel’s AI Tools to Mass‑Produce Realistic Phishing Sites
A new and growing wave of phishing attacks is making credential theft easier than ever before. Threat actors are now using Vercel, a legitimate AI-powered web development platform, to build convincing fake login pages that closely mirror real websites. The…
Fake Claude search results lure Mac users into ClickFix attack
Researchers found a ClickFix campaign that uses fake Claude setup guides to trick Mac users into infecting themselves. This article has been indexed from Malwarebytes Read the original article: Fake Claude search results lure Mac users into ClickFix attack
IT Security News Hourly Summary 2026-05-12 18h : 12 posts
12 posts were published in the last hour 16:2 : White Circle Raises $11 Million for AI Control Platform 16:2 : Stealthy hackers exploit cPanel flaw in active backdoor campaign (CVE-2026-41940) 16:2 : Exaforce raises $125 million to respond to…
White Circle Raises $11 Million for AI Control Platform
The startup will invest in accelerating product development, hiring new talent, and expanding its customer base. The post White Circle Raises $11 Million for AI Control Platform appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Stealthy hackers exploit cPanel flaw in active backdoor campaign (CVE-2026-41940)
Security researchers at XLab have outlined an active attack campaign targeting CVE-2026-41940, the recently disclosed vulnerability in cPanel & WHM, and have linked it to a stealthy hacking group that has been operating largely undetected for years. The vulnerability allows…
Exaforce raises $125 million to respond to AI-powered attacks
Exaforce announced a $125 million Series B financing round, one of the largest ever in the emerging AI SOC space. The round includes participation from HarbourVest, Peak XV, Mayfield, Khosla Ventures, Seligman Ventures and AICONIC. The new capital will help…
Exaforce raises $125M Series B to build AI for catching and stopping cyberattacks as they happen
The round valued the three-year-old startup at $725 million. This article has been indexed from Security News | TechCrunch Read the original article: Exaforce raises $125M Series B to build AI for catching and stopping cyberattacks as they happen
The world’s most “Dangerous” AI, Anthropic’s Mythos, found only one flaw in curl
Anthropic’s AI found five vulnerabilities in curl, but only one low-severity issue proved to be a real vulnerability. In April, Anthropic made considerable noise announcing Mythos, a new artificial intelligence model described as so effective at identifying vulnerabilities in code…
OpenAI Codex Bug Leads to GitHub Token Breach
In March 2026, researchers from BeyondTrust showed that a tailored GitHub branch name was enough to steal Codex’s OAuth token in cleartext. Tech giant OpenAI termed it as “Critical P1”. Soon after, Anthropic’s Claude Code source code leaked into…
Ransomware Attacks Reach All Time High, Leaked Over 2.6 Billion Records
A recent analysis of cybercrime data of last year (2025) disclosed that ransomware victims have risen rapidly by 45% in the previous year. But this is not important, as there exists something more dangerous. The passive dependence on hacked…
Undermining the trust boundary: Investigating a stealthy intrusion through third-party compromise
Microsoft Incident Response investigated an attack operated through legitimate and trusted administrative mechanisms to blend seamlessly into routine operations and remain undetected demonstrating that intrusions have increasingly avoided using noisy exploits, obvious malware, or custom tooling, instead leveraging systems that…
ThreatDown ITDR prevents credential-based attacks
ThreatDown, the former corporate business unit of Malwarebytes, launched ThreatDown Identity Threat Detection and Response (ITDR). ITDR is a new product that helps security teams monitor identities to detect suspicious activity, misconfigurations, and active attacks targeting user accounts and privileges.…
OpenAI Launches ‘Daybreak’ to Help Build Secure By Design Software
With Daybreak, OpenAI wants its frontier AI models to be used to deploy secure by design software from the ground up This article has been indexed from www.infosecurity-magazine.com Read the original article: OpenAI Launches ‘Daybreak’ to Help Build Secure By…
Enabling AI sovereignty on AWS
Cloud and AI are transforming industries and societies at unprecedented speed, from accelerating research and enhancing customer experiences to optimizing business processes and enriching public services. At Amazon Web Services (AWS), we believe that for the cloud and AI to…
Identity takes center stage as a leading factor in enterprise cyberattacks
A new report shows two-thirds of ransomware attacks began with an identity-related breach. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Identity takes center stage as a leading factor in enterprise cyberattacks
Google Says Hackers Used AI to Build Zero-Day Exploit
Google says hackers used AI to help build a zero-day exploit targeting 2FA, raising concerns about AI-assisted hacking. The post Google Says Hackers Used AI to Build Zero-Day Exploit appeared first on TechRepublic. This article has been indexed from Security…
Subnet Solutions PowerSYSTEM Center
View CSAF Summary Successful exploitation of these vulnerabilities could allow an authenticated attacker to expose sensitive information or cause a CRLF injection. The following versions of Subnet Solutions PowerSYSTEM Center are affected: PowerSYSTEM Center 2020 <=5.28.x (CVE-2026-35504) PowerSYSTEM Center 2020…
ABB AC500 V3 Stack Buffer Overflow in Cryptographic Message Syntax
View CSAF Summary ABB became aware of vulnerability in the products versions listed as affected in the advisory. An update is available that resolves publicly reported vulnerability. An attacker who successfully exploited these vulnerabilities could cause a crash, denial-of-service (DoS),…