Some AI-based video age-verification checks can be fooled with a fake mustache. This article has been indexed from Schneier on Security Read the original article: Bypassing On-Camera Age-Verification Checks
American Lending Center Data Breach Affects 123,000 Individuals
The non-bank lender discovered a ransomware attack nearly one year ago, but only recently completed its investigation. The post American Lending Center Data Breach Affects 123,000 Individuals appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Akamai to acquire LayerX for $205 million
Akamai has entered into a definitive agreement to acquire LayerX, a provider of browser-based AI usage control and secure enterprise browser (SEB) technology. LayerX’s solutions will extend Akamai’s protection into the browser, where the majority of enterprise tasks now occur…
OrBit Rootkit Targets Linux to Steal SSH and Sudo Credentials
Hackers are continuing to abuse a stealthy Linux rootkit known as OrBit to harvest SSH and sudo credentials, with new research showing the threat has quietly evolved over four years while remaining active in the wild. First analyzed in 2022,…
OpenAI Hit by TanStack Supply Chain Attack
Two employee devices were compromised in the attack, and credential material was stolen from OpenAI code repositories. The post OpenAI Hit by TanStack Supply Chain Attack appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Thieves unlock stolen iPhones using cheap tools sold on Telegram
Helping a friend recover a stolen phone, Infoblox researchers uncovered a thriving Telegram-based underground marketplace selling unlocking tools and phishing infrastructure used to monetize stolen iPhones. Activation Lock can remotely disable a stolen iPhone and prevent normal resale, with owners…
Gremlin Stealer’s Evolved Tactics: Hiding in Plain Sight With Resource Files
Unit 42 analyzes the evolution of Gremlin stealer. This variant uses advanced obfuscation, crypto clipping and session hijacking to compromise data. The post Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files appeared first on Unit 42. This…
CalPhishing Scam Uses EvilTokens Kit, Outlook Invites to Steal M365 Sessions
Hackers are exploiting Outlook calendar invites and device code phishing to steal M365 session tokens, bypass MFA and breach enterprise accounts. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article:…
Microsoft Warns HPE Operations Agent Abused in Malware-Free Attacks
Microsoft has revealed a stealthy intrusion campaign where attackers bypassed traditional malware and exploits, instead abusing trusted enterprise tools to silently infiltrate networks. The technique highlights a growing shift in cyberattacks where adversaries rely on legitimate software and existing trust…
OpenAI caught in TanStack npm supply chain chaos after employee devices compromised
Attackers stole a limited amount of internal credential material after malware hidden in poisoned packages reached two staff machines This article has been indexed from www.theregister.com – Articles Read the original article: OpenAI caught in TanStack npm supply chain chaos…
Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897)
A critical cross-site scripting (XSS) vulnerability (CVE-2026-42897) in Microsoft Exchange Server is being exploited by attackers, Microsoft warned on Thursday. A permanent fix is still in the works. In the meantime, Microsoft provided temporary mitigations. About CVE-2026-42897 CVE-2026-42897 affects on-premises…
IT Security News Hourly Summary 2026-05-15 12h : 6 posts
6 posts were published in the last hour 10:2 : TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code 10:2 : Rocky Linux launches opt-in security repository for urgent fixes 9:32 : Microsoft Edge, Windows 11, and LiteLLM Fall to…
TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code
The hacking group is encouraging miscreants to use the code in supply chain attacks, promising monetary rewards. The post TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Rocky Linux launches opt-in security repository for urgent fixes
Rocky Linux has introduced a Security Repository that allows the distribution to ship urgent security fixes ahead of upstream Enterprise Linux when public exploit code exists and upstream patches are unavailable. “The repository is disabled by default. That’s intentional. The…
Microsoft Edge, Windows 11, and LiteLLM Fall to Exploits at Pwn2Own Berlin 2026
The world’s top ethical hackers wasted no time breaking into modern software and AI systems on the opening day of Pwn2Own Berlin 2026, exposing critical zero-day vulnerabilities in Microsoft Edge, Windows 11, LiteLLM, and NVIDIA platforms. On May 14, researchers…
Hackers Abuse Scheduled Tasks to Maintain Persistence in FrostyNeighbor Attacks
A state-aligned hacking group known as FrostyNeighbor has resurfaced with a fresh wave of cyberattacks targeting government organizations in Ukraine, using a carefully designed infection chain that is harder than ever to detect. The group, active since at least 2016,…
VMware Fusion Vulnerability Let Attackers Escalate Privilege to Root
A high-severity privilege escalation vulnerability has been discovered in VMware Fusion, Broadcom’s popular macOS virtualization software, allowing local attackers to gain root-level access on affected systems. Tracked as CVE-2026-41702, the flaw was privately reported to Broadcom and patched on May…
Microsoft Details Kazuar Malware’s Modular Architecture and P2P Botnet Operations
A nation-state malware known as Kazuar has resurfaced with a far more dangerous design than anyone expected. What once started as a relatively standard backdoor has now grown into a fully modular, peer-to-peer botnet specifically engineered for long-term, covert espionage…
Amazon Redshift JDBC Driver Flaws Expose Systems to RCE Attacks
Amazon Redshift users are facing a serious security risk after researchers uncovered a high-severity vulnerability that could allow attackers to execute arbitrary code on affected systems. The flaw, tracked as CVE-2026-8178, affects the widely used Amazon Redshift JDBC Driver and…
Tycoon 2FA Operators Use OAuth Device Code Phishing to Bypass MFA
A new phishing campaign uncovered in late April 2026 shows how threat actors behind the Tycoon 2FA Phishing-as-a-Service (PhaaS) kit are evolving beyond traditional credential theft. This development comes just weeks after a global takedown effort led by Microsoft and…
Tenable warns AI adoption is outpacing governance as cloud exposure risks surge
A new report from Tenable is warning that organizations are creating what it describes as a growing “AI exposure gap,” as enterprises race to deploy AI tools and cloud-native services faster than security and governance teams can keep up. The “Cloud and AI…
Cyberattack on West Pharmaceutical halts manufacturing across multiple sites
West Pharmaceutical Services has disclosed a ransomware attack that disrupted manufacturing, shipping, and receiving operations across multiple global facilities after bad actors breached the company’s network on 4 May. The pharmaceutical packaging manufacturer said attackers exfiltrated data and encrypted systems, forcing the company to proactively shut down portions of…
Beyond deepfakes: Building identity resilience against AI impersonation
Generative AI is changing the economics of identity fraud. Voice cloning, real-time face animation, synthetic documents, and AI-assisted social engineering are making it easier for attackers to impersonate legitimate users across service desks, onboarding workflows, and remote account recovery. The…
MPs want social media treated more like unsafe toys than harmless apps
Parliamentary committee tells ministers the current online safety regime is failing children and warns ‘no action is not an option’ This article has been indexed from www.theregister.com – Articles Read the original article: MPs want social media treated more like…