If your organisation runs quarterly vulnerability scans and calls it penetration testing, you are not alone. According to a 2025 SANS Institute survey, over 60% of organisations conflate vulnerability scanning… The post Why Vulnerability Scanning Is Not Penetration Testing, And…
Meta U-turns on encryption push for Instagram as DMs go plaintext
After years of insisting end-to-end encryption was the future of online comms, Zuckcorp has handed itself full visibility into user chats once again This article has been indexed from www.theregister.com – Articles Read the original article: Meta U-turns on encryption…
AWS EC2 outage in US-EAST-1 due to power loss
Amazon Web Services suffered a significant power outage in its US-EAST-1 region on May 7, impacting EC2 instances and EBS volumes after a thermal event triggered cooling system failures. This article has been indexed from CyberMaterial Read the original article:…
Zara data breach exposes 197,000 customers
Spanish fast-fashion retailer Zara has disclosed a data breach impacting more than 197,000 customers after hackers successfully infiltrated the company’s databases. This article has been indexed from CyberMaterial Read the original article: Zara data breach exposes 197,000 customers
25M Alerts Reveal Enterprise Alert Fatigue
Security operations centers across enterprises are drowning in alerts to the point where ignoring warnings has become standard practice, according to a new report examining more than 25 million security alerts from live production environments. This article has been indexed…
Meta challenges Ofcom fine calculation methodology
Meta has filed for judicial review in UK High Court challenging how Ofcom calculates fees and penalties under the Online Safety Act. This article has been indexed from CyberMaterial Read the original article: Meta challenges Ofcom fine calculation methodology
2026 ChicagoCISO ORBIE Awards Honor Security Leaders
The ChicagoCISO ORBIE Awards for 2026 have announced their honorees, recognizing chief information security officers from six prominent organizations across financial services, healthcare, and technology sectors. This article has been indexed from CyberMaterial Read the original article: 2026 ChicagoCISO ORBIE…
IT Security News Hourly Summary 2026-05-08 15h : 1 posts
1 posts were published in the last hour 12:32 : Dirty Frag: A new Linux privilege escalation vulnerability is already in the wild
Dirty Frag: A new Linux privilege escalation vulnerability is already in the wild
Dirty Frag: unpatched Linux kernel flaw grants root access on Ubuntu, RHEL and Fedora. A working exploit is already public. Security researchers have disclosed a new unpatched vulnerability in the Linux kernel, code-named Dirty Frag, that allows an unprivileged local…
Modular RAT Campaign Steals Credentials and Captures Screenshots
A sophisticated spear-phishing campaign, dubbed Operation GriefLure, targeting senior executives in Vietnam and the Philippines with a stealthy modular remote access trojan (RAT). The campaign focuses on high-value organizations, including Viettel Group Vietnam’s largest military-backed telecom provider and St. Luke’s Medical…
ShinyHunters escalates Canvas attacks with school login defacements
Days after the first attack, ShinyHunters is applying pressure with ransom messages on school login portals. This article has been indexed from Malwarebytes Read the original article: ShinyHunters escalates Canvas attacks with school login defacements
Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants
The hackers gained the ability to modify equipment operational parameters, creating a direct risk to the public water supply. The post Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants appeared first on SecurityWeek. This article has been…
Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise
A previously undocumented Linux implant codenamed Quasar Linux RAT (QLNX) is targeting developers’ systems to establish a silent foothold as well as facilitate a broad range of post-compromise functionality, such as credential harvesting, keylogging, file manipulation, clipboard monitoring, and network…
AI Firm Braintrust Prompts API Key Rotation After Data Breach
Hackers accessed one of the company’s AWS accounts and compromised AI provider secrets stored in Braintrust. The post AI Firm Braintrust Prompts API Key Rotation After Data Breach appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Cline Kanban WebSocket Vulnerability Enables Malicious Sites to Take Over AI Coding Agents
Cline, a widely adopted open-source AI coding agent, has recently patched a severe vulnerability in its local Kanban server. Trusted by developers with deep access to source code, cloud credentials, and terminals, Cline automates complex coding tasks. However, researchers from…
Fake OpenClaw Installer Targets Crypto Wallets and Password Managers
Hackers are abusing a fake OpenClaw installer to deploy a modular Rust-based infostealer framework dubbed Hologram, aimed at harvesting credentials from more than 250 crypto wallet and password manager browser extensions while hiding behind trusted cloud and messaging services. The site…
Mozilla Patches 423 Firefox Vulnerabilities with Claude Mythos and Other AI Models
Mozilla has fixed a total of 423 Firefox security bugs in April 2026 alone, a figure nearly 20 times higher than its monthly average of about 21 bugs throughout 2025, driven by a groundbreaking agentic AI pipeline built around Anthropic’s…
New NWHStealer Delivery Chain Uses Bun Loader, Anti-VM Checks, and Encrypted C2
A new and evolving threat has caught the attention of cybersecurity researchers worldwide. A Windows-based information stealer known as NWHStealer has resurfaced with a more sophisticated delivery chain, now using the Bun JavaScript runtime as part of its infection process.…
New PCPJack Worm Targets Docker, Kubernetes, Redis, and MongoDB for Credential Theft
A sophisticated new malware framework called PCPJack has been found actively targeting cloud environments across the internet, hunting for exposed services and stripping away credentials at scale. The worm zeroes in on Docker, Kubernetes, Redis, and MongoDB deployments, turning misconfigured…
Meta fights Ofcom over how many billions count as billions
Social media biz says watchdog’s fine formula is ‘disproportionate’ and should stop counting global revenue This article has been indexed from www.theregister.com – Articles Read the original article: Meta fights Ofcom over how many billions count as billions
Hackers ate my homework: Educational SaaS Canvas down after cyberattack
ShinyHunters takes the credit and gives developer an F for security This article has been indexed from www.theregister.com – Articles Read the original article: Hackers ate my homework: Educational SaaS Canvas down after cyberattack
Cyberattack Hits Canvas System Used by Thousands of Schools as Finals Loom
A system that thousands of schools and universities use went offline due to a cyberattack, creating chaos as students tried to study for finals. The post Cyberattack Hits Canvas System Used by Thousands of Schools as Finals Loom appeared first…
Ivanti EPMM vulnerability exploited in zero-day attacks (CVE-2026-6973)
Ivanti has released fixes for 5 high-severity vulnerabilities in its Endpoint Manager Mobile (EPMM) solution, one of which (CVE-2026-6973) has being exploited as a zero-day by attackers. “We are aware of a very limited number of customers exploited with CVE-2026-6973,”…
New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials
Cybersecurity researchers have disclosed details of a new Linux backdoor named PamDOORa that’s being advertised on the Rehub Russian cybercrime forum for $1,600 by a threat actor called “darkworm.” The backdoor is designed as a Pluggable Authentication Module (PAM)-based post-exploitation…