Switchzilla says attackers could access sensitive data and make configuration changes across tenant boundaries through vulnerable internal APIs This article has been indexed from www.theregister.com – Articles Read the original article: Cisco serves up yet another perfect 10 bug with…
Apple Rejected 2 Million App Store Submissions in 2025 for Security and Fraud Prevention
The company blocked over 1.1 billion accounts and $2.2 billion in potentially fraudulent transactions. The post Apple Rejected 2 Million App Store Submissions in 2025 for Security and Fraud Prevention appeared first on SecurityWeek. This article has been indexed from…
Microsoft Defender vulnerabilities exploited in the wild (CVE-2026-41091, CVE-2026-45498)
Attackers are exploiting two Microsoft Defender vulnerabilities (CVE-2026-41091 and CVE-2026-45498), Microsoft acknowledged and CISA confirmed by adding them to its Known Exploited Vulnerabilities catalog. The vulnerabilities CVE-2026-41091 allows for local privilege elevation (LPE), and is caused by the Microsoft Malware…
Google Chrome Security Flaws Could Let Attackers Execute Code Remotely
Google has released a critical security update for its Chrome browser, addressing multiple vulnerabilities that could allow attackers to execute arbitrary code on affected systems. The update, now rolling out to users globally, upgrades Chrome to version 148.0.7778.178/179 for Windows…
Socket Raises $60 Million at $1 Billion Valuation
The company will invest in its firewall, certified patches, protection extensions, new products, and team expansion. The post Socket Raises $60 Million at $1 Billion Valuation appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking
CVE-2026-9082 can be exploited without authentication for information disclosure, privilege escalation, and remote code execution. The post Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
When Identity is the Attack Path
Consider a cached access key on a single Windows machine. It got there the way most cached credentials do – a user logged in, and the key stored itself automatically. Standard AWS behavior. No one misconfigured anything or violated a…
Microsoft’s Retired IE Tool MSHTA Now Being Used in Fileless Malware Attacks
Despite Internet Explorer’s retirement, hackers are abusing the legacy MSHTA utility in stealthy fileless malware attacks targeting Windows users. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: Microsoft’s Retired…
Fake Microsoft Teams Downloads Spread ValleyRAT Malware
Hackers are actively distributing a sophisticated ValleyRAT malware variant through fake Microsoft Teams download pages, leveraging social engineering and multi-stage execution techniques to evade detection. The campaign, first observed in mid-April on the X platform, uses fraudulent domains such as…
Researchers left AI agents alone in a virtual town and watched it all unravel
Told not to commit crimes, the AI agents mostly did anyway. Arson, violence, romance, self-deletion, and general chaos quickly ensued. This article has been indexed from Malwarebytes Read the original article: Researchers left AI agents alone in a virtual town…
Catch spyware in the act with Windows Webcam Monitoring
Know when a program tries to access your webcam so you can allow or block, in real time. This article has been indexed from Malwarebytes Read the original article: Catch spyware in the act with Windows Webcam Monitoring
Microsoft storms RAMPART, adds Clarity to agentic AI safety
Redmond open sources two tools for building and maintaining safer agents This article has been indexed from www.theregister.com – Articles Read the original article: Microsoft storms RAMPART, adds Clarity to agentic AI safety
IT Security News Hourly Summary 2026-05-21 12h : 13 posts
13 posts were published in the last hour 10:3 : Ofcom Says YouTube, TikTok Dragging Feet On Child Protections 10:3 : TamperedChef Malware Hides in Signed Apps to Drop Stealers and RATs 10:2 : Critical Drupal Core Security Vulnerability Exposes…
Ofcom Says YouTube, TikTok Dragging Feet On Child Protections
While other platforms have made new commitments, Google’s YouTube and TikTok believe they are doing enough, says media regulator This article has been indexed from Silicon UK Read the original article: Ofcom Says YouTube, TikTok Dragging Feet On Child Protections
TamperedChef Malware Hides in Signed Apps to Drop Stealers and RATs
A large-scale malware campaign dubbed “TamperedChef” is leveraging trojanized productivity applications such as PDF editors, calendar tools, and file converters to silently deploy information stealers and remote access trojans (RATs), according to recent threat intelligence findings. Security researchers have identified…
Critical Drupal Core Security Vulnerability Exposes Websites to Cyberattack
A highly critical security vulnerability in Drupal core is set to impact websites worldwide, with the official security release scheduled for May 20, 2026. The vulnerability has been assigned a “Highly Critical” severity rating (20/25), indicating potential risks to confidentiality…
Critical Cisco Secure Workload Vulnerability Enables Unauthorized API Access
Cisco has disclosed a critical security vulnerability in its Secure Workload platform that could allow unauthenticated attackers to gain unauthorized access to sensitive resources via internal APIs. The flaw, tracked as CVE-2026-20223, carries a maximum CVSS score of 10.0 and…
BadIIS Malware Turns Hijacks IIS Servers and Redirect Users to Illicit Sites
A dangerous piece of malware known as BadIIS has been actively targeting Internet Information Services (IIS) web servers, quietly hijacking them and redirecting unsuspecting visitors to illegal gambling sites, adult content platforms, and other illicit destinations. The attacks have been…
New Microsoft Defender 0‑Days Actively Exploited in the Wild
Two newly disclosed Microsoft Defender vulnerabilities are being actively exploited in the wild, enabling local attackers to elevate privileges to SYSTEM and potentially disrupt endpoint protection across Windows environments. The bugs, tracked as CVE‑2026‑41091 (Elevation of Privilege) and CVE‑2026‑45498 (Denial…
Nine-year-old Linux Kernel Vulnerability Let Attackers Exfiltrate SSH Private Keys
A newly disclosed Linux kernel vulnerability, tracked as CVE-2026-46333, exposes a serious local privilege escalation flaw that has remained undetected for nearly nine years. Security researchers at the Qualys Threat Research Unit (TRU) revealed that the issue allows attackers to…
Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI
More than 200 vulnerabilities patched in recent Chrome releases are marked as ‘reported by Google’. The post Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days
The bugs could be exploited to elevate privileges to System or create a denial-of-service (DoS) condition. The post Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Anthropic Set For First Profitable Quarter
Anthropic reported expects first operating profit in June quarter, though profits may not continue as spending ramps up This article has been indexed from Silicon UK Read the original article: Anthropic Set For First Profitable Quarter
Fake Invitation Phishing Campaign Steals Credentials From U.S. Organizations
A large-scale phishing campaign leveraging fake event invitations is actively targeting U.S. organizations, combining credential theft, OTP interception, and remote access tool abuse into a single attack chain. The campaign stands out due to its repeatable phishing framework, which allows…