Competition to release stronger AI models is accelerating, and just weeks after the release of GPT-5.4, OpenAI has introduced GPT-5.5, pointing to expanded safeguards in the new model. GPT-5.5 is being rolled out to Plus, Pro, Business, and Enterprise users…
Rituals cosmetics breach, FBI iOS flaw fixed, Teams Helpdesk impersonation
Cosmetics giant Rituals discloses data breach Apple fixes iOS flaw exploited by the FBI Microsoft Teams Helpdesk impersonation Get the show notes here: https://cisoseries.com/cybersecurity-news-rituals-cosmetics-breach-fbi-ios-flaw-fixed-teams-helpdesk-malware-impersonation/ Huge thanks to our sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpoint control. With their…
Intel Shares Jump On Data Centre Expectations
Intel sees shares rise sharply after it projects stronger-than-expected sales of data centre chips, boosted by AI demand This article has been indexed from Silicon UK Read the original article: Intel Shares Jump On Data Centre Expectations
Hackers Exploit Ollama Model Uploads to Leak Server Data
Cybersecurity researchers have uncovered a severe, unpatched vulnerability in Ollama, a popular open-source platform used for running large language models locally. Tracked as CVE-2026-5757, this critical flaw exists in Ollama’s model quantization engine. If exploited, it allows an unauthenticated attacker…
Researchers find cyber-sabotage malware that may predate Stuxnet by five years
FAST16 could be the first cyberweapon, and its effects could be with us today Black Hat Asia Infosec outfit SentinelOne found malware that tries to induce errors in engineering and physics simulation software and therefore represents an attempt at sabotage,…
The Robot Will See You Now
As these systems move from “pilot” to “permanent,” are you more concerned about the erosion of the physician-patient relationship or the potential for hidden economic “steering” within the algorithms? The post The Robot Will See You Now appeared first on…
IT Security News Hourly Summary 2026-04-24 09h : 4 posts
4 posts were published in the last hour 6:32 : China-Linked Hackers Hide Behind Compromised Routers 6:7 : Hackers Track 900+ React2Shell Exploits via Telegram Bots 6:7 : GopherWhisper: A burrow full of malware 6:7 : AI is speeding up…
China-Linked Hackers Hide Behind Compromised Routers
Hackers linked to China are increasingly abusing compromised routers and edge devices to build covert networks, enabling stealthy cyber operations that are harder to detect and block. Instead of relying on dedicated servers or purchased hosting, threat actors are now…
Hackers Track 900+ React2Shell Exploits via Telegram Bots
Hackers are using Telegram bots and AI tooling to run a structured, at-scale exploitation campaign abusing the critical React2Shell vulnerability (CVE-2025-55182), with evidence of 900+ confirmed compromises. Investigators found an exposed server tied to the Bissa scanner platform, used for…
GopherWhisper: A burrow full of malware
ESET Research has discovered a new China-aligned APT group that we’ve named GopherWhisper, which targets Mongolian governmental institutions This article has been indexed from WeLiveSecurity Read the original article: GopherWhisper: A burrow full of malware
AI is speeding up nation-state cyber programs
Im this Help Net Security interview, Kaja Ciglic, Senior Director, Cybersecurity Policy and Diplomacy at Microsoft, discusses how nation-state cyber programs have changed over three years. Cyber has become a core instrument of state power, integrated with military, economic, and…
Hackers Exploit SS7 and Diameter Flaws to Track Mobile Users Globally
A recent investigation by Citizen Lab has uncovered sophisticated, multi-year surveillance campaigns exploiting foundational vulnerabilities in global mobile networks. The report, titled “Bad Connection,” reveals how suspected commercial surveillance vendors (CSVs) weaponize the SS7 and Diameter signaling protocols to covertly…
Microsoft Teams Issue Blocking Users From Joining Meetings Following Edge browser update
Microsoft is actively investigating a known issue preventing some users from joining Microsoft Teams meetings on Windows devices, following a recent update to the Microsoft Edge browser. The disruption is affecting organizations, including those using NHSmail infrastructure, with reports indicating…
A study of 1,000 Android apps finds a privacy policy logging gap
Android developers write log statements for the same reasons they always have: debugging crashes, tracing performance issues, and understanding how features behave in production. Legal and privacy teams, working from templates and regulatory checklists, draft policies describing what the app…
Hackers Impersonate IT Helpdesk Staff to Breach Firms via Microsoft Teams
A newly identified cyber threat group, UNC6692, is using a clever mix of social engineering and custom malware to infiltrate corporate networks. By impersonating IT helpdesk personnel on Microsoft Teams, these hackers trick employees into downloading a sophisticated malware suite…
Ransomware Gang Unveils Custom Data-Theft Tool
Ransomware operators introduced a custom-built data exfiltration tool, signaling a notable evolution in attack techniques. Unlike most ransomware groups that rely on publicly available utilities such as Rclone or MegaSync, Trigona affiliates are now using a proprietary tool to steal…
With AI’s help, North Korean hackers stumbled into a near-undetectable attack
For many years, state-sponsored hacking was defined by human expertise in finding security holes, writing malware and exploits, pulling off social engineering and phishing attacks, and much more. Since the advent of LLM-powered AI assistants and tools, less skilled attackers…
Where AI in CI/CD is working for engineering teams
Developers have folded AI into daily coding work. Still, the same tools remain largely absent from the systems that validate and ship software. New research from JetBrains points to a widening gap between how engineers write code on their own…
IT spending to hit $6.31 trillion record, thanks to AI
Global spending on IT is expected to reach $6.31 trillion in 2026, according to the latest quarterly forecast from Gartner, marking a 13.5% increase from the previous year. The forecast shows that growth is spread across all major segments, though…
Inside The Vercel Supply Chain Exploit
Inside the Vercel Breach: Highlighting OAuth Token Risk In a special edition of Cybersecurity Today, host Jim Love and guest Jamie Blasco (CTO, Nudge Security) discuss Vercel, a major developer hosting platform, and a breach tied to OAuth grants and…
Bitwarden CLI Compromised After Malicious GitHub Actions Workflow
Cybersecurity researchers at Socket have uncovered a major supply chain compromise affecting the Bitwarden CLI. Attackers successfully abused a GitHub Action in Bitwarden’s CI/CD pipeline to inject malicious code into the popular password manager’s npm package. This breach is part…
Weak security means attackers could disable all of a city’s public EV chargers
Demonstrated in China, probably applicable elsewhere Black Hat Asia Developers of rented internet of things infrastructure – stuff like public EV chargers and shared e-bikes – are prioritizing user convenience over security, and leaving themselves exposed to wide-scale denial of…
IT Security News Hourly Summary 2026-04-24 06h : 5 posts
5 posts were published in the last hour 3:36 : Deepfake era demands proof-based security, not just awareness 3:36 : Carnival – 7,531,359 breached accounts 3:36 : Hackers Leverage Microsoft Teams to Breach Organizations Posing as IT Helpdesk Staff 3:36…
Deepfake era demands proof-based security, not just awareness
<p>For decades, cybercriminals have impersonated targets’ trusted contacts to convince them to send funds, credentials or sensitive data. Thanks to deepfake and voice cloning technology, however, security awareness training — the usual countermeasure to social engineering attacks — is arguably…