Four-Faith industrial cellular routers are being actively targeted in a growing botnet campaign exploiting a critical authentication bypass flaw tracked as CVE-2024-9643. Security researchers warn that attackers are rapidly weaponizing the vulnerability to hijack exposed devices and repurpose them as…
CISA Admin Exposes AWS GovCloud Credentials on Public GitHub Repository
A major security lapse has exposed highly sensitive U.S. government cloud credentials after a contractor working with the Cybersecurity and Infrastructure Security Agency (CISA) accidentally published them in a public GitHub repository. The repository, named “Private-CISA,” remained publicly accessible until…
Waymo Cars Flood Quiet Atlanta Cul-De-Sac
Dozens of automated Waymo cars filmed driving in and out of Atlanta dead-end street, as company blames ‘fleet positioning’ This article has been indexed from Silicon UK Read the original article: Waymo Cars Flood Quiet Atlanta Cul-De-Sac
Shai-Hulud worm copycats emerge after source code leak
Shai-Hulud worm copycats are already attacking NPM developers after its source code leaked, enabling fast supply chain exploitation. The first copycats of the Shai-Hulud worm have already started showing up online, only a few days after the malware’s source code…
Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer
Cybersecurity researchers have flagged a compromised version of the Nx Console extension that was published to the Microsoft Visual Studio Code (VS Code) Marketplace. The extension in question is rwl.angular-console (version 18.95.0), a popular user interface and plugin for code…
Hackers Bypass Security Tools to Target Users Directly
Bridewell report calls out emergence of “fix-style” attacks This article has been indexed from www.infosecurity-magazine.com Read the original article: Hackers Bypass Security Tools to Target Users Directly
JLR Profit Drops 99 Percent After Cyber-Attack
Profit at largest UK carmaker plunges after hack disrupts production for weeks, as it seeks to get delayed EV plans back on track This article has been indexed from Silicon UK Read the original article: JLR Profit Drops 99 Percent…
Jurors Dismiss Musk’s OpenAI Lawsuit
California jury finds entrepreneur Elon Musk waited too long to file lawsuit accusing Sam Altman, Greg Brockman, OpenAI of misdeeds This article has been indexed from Silicon UK Read the original article: Jurors Dismiss Musk’s OpenAI Lawsuit
Students Boo Former Google Chief Schmidt Over AI Remarks
Graduating students at University of Arizona boo Eric Schmidt as he urges them to adapt to AI that will ‘shape the world’ This article has been indexed from Silicon UK Read the original article: Students Boo Former Google Chief Schmidt…
Hackers Exploit Entra ID Accounts to Steal Microsoft 365, Azure Data
Hackers Abuse Microsoft Entra ID Accounts to Exfiltrate Microsoft 365 and Azure Data. A highly sophisticated cyberattack campaign carried out by a threat actor tracked as Storm-2949, targeting Microsoft Entra ID accounts to steal sensitive data from Microsoft 365 and…
iProov brings identity verification to video meetings to reduce fraud risks
iProov has launched iProov Verified Meetings, a new solution that enables organizations to verify the identity of video call participants without adding friction to the user experience. Video meetings have become a trusted and scalable communication channel, but attackers are…
Babel Street targets AI-driven threats with new agentic investigation capabilities
Babel Street has launched Insights Investigator, a new agentic capability that puts tradecraft-trained AI agents at the front edge of investigative work while ensuring analysts remain in control of scope, logic, and outcomes of their missions. As part of the…
YouTube Expands AI Likeness Detection to All Creators Aged 18 and Over
YouTube is set to roll out its likeness detection feature to all eligible creators aged 18 and over in the coming weeks. Thank you for being a Ghacks reader. The post YouTube Expands AI Likeness Detection to All Creators Aged…
JavaScript Malware Campaign Drops Crypto Clipper via PowerShell
A large-scale CountLoader campaign that uses layered obfuscation, multi-stage payload delivery, and covert command-and-control (C2) communication to deploy cryptocurrency clipper malware. The campaign stands out for its complex infection chain, combining JavaScript, PowerShell, and in-memory shellcode execution to evade detection…
Hackers Abuse Microsoft Entra ID Accounts to Exfiltrate Microsoft 365 and Azure Data
A compromised version of the widely used Nx Console VS Code extension was published to the Visual Studio Code Marketplace on May 18, 2026, silently targeting developer credentials, cloud infrastructure tokens, and CI/CD pipeline secrets across thousands of machines. The…
Egnyte unveils Email Capture and AI features to unify fragmented data
Egnyte has announced a new set of capabilities designed to consolidate fragmented knowledge. Email Capture centralizes critical communications and attachments from siloed inboxes into the Egnyte folder structure, assisting users to make more informed data-driven decisions based on their entire…
Linus Torvalds talks AI bug hunters, 7-Eleven ransom demand, MENA’s new cybercrime op
Linus Torvalds not into AI bug hunters 7-Eleven hit with ransom demand MENA runs new cybercrime op Get the show notes here: https://cisoseries.com/cybersecurity-news-linus-torvalds-talks-ai-bug-hunters-7-eleven-ransom-demand-menas-new-cybercrime-op/ Thanks to our episode sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpoint control. With their recent…
IT Security News Hourly Summary 2026-05-19 09h : 4 posts
4 posts were published in the last hour 7:2 : Compromised GitHub Action Steals Workflow Credentials 7:2 : Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials 6:32 : Mini Shai-Hulud Attack Hits @antv npm Packages 6:32…
Compromised GitHub Action Steals Workflow Credentials
A widely used GitHub Action, actions-cool/issues-helper, has been compromised in a supply chain attack that exposes sensitive CI/CD secrets to an attacker-controlled domain. The attack hinges on a subtle but powerful manipulation of Git tags. Instead of altering the visible commit…
Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials
In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious code that harvests sensitive credentials and exfiltrates them to an attacker-controlled server. “Every existing tag in the repository has been…
Mini Shai-Hulud Attack Hits @antv npm Packages
A large-scale npm supply chain attack has compromised multiple widely used packages within the @antv ecosystem, to investigate what appears to be an active and rapidly evolving campaign linked to the Mini Shai-Hulud malware family. The attack centers on the…
Critical Vulnerability Exposes Industrial Robot Fleets to Hacking
The vulnerability, CVE-2026-8153, affects Universal Robots PolyScope 5 and it can be exploited for OS command injection. The post Critical Vulnerability Exposes Industrial Robot Fleets to Hacking appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Microsoft to Retire Teams Together Mode to Improve Performance
Microsoft has announced it will retire the “Together mode” feature in Microsoft Teams, marking a shift toward simplified meeting layouts designed to improve performance, usability, and consistency across devices. The change, confirmed by Microsoft Product Manager Katarina Tranker in the…
CISA Admin Reportedly Exposes AWS GovCloud Credentials in Public GitHub Repository
A significant security lapse involving the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has come to light after a contractor reportedly exposed highly sensitive AWS GovCloud credentials in a public GitHub repository. The incident, disclosed by security researchers on May…