Attackers are now abusing a fresh Langflow vulnerability to quietly steal cloud keys and turn victim systems into workers for a new NATS based botnet. This campaign shows how a single exposed AI workflow tool can become the start of…
Deepfake sextortion forces schools to remove student photos from websites
Experts are urging schools to take down identifiable photos of students, after AI deepfakes have led to sextortion cases at UK schools. This article has been indexed from Malwarebytes Read the original article: Deepfake sextortion forces schools to remove student…
Most Organizations Now Use AI Agents for Sensitive Security Tasks
Semperis study finds 74% of organizations believe AI will increase attacks on identity infrastructure This article has been indexed from www.infosecurity-magazine.com Read the original article: Most Organizations Now Use AI Agents for Sensitive Security Tasks
Mistral Pitches Security-Focused AI As Mythos Alternative
French start-up reportedly in talks with European banks to use upcoming model to review security of their systems This article has been indexed from Silicon UK Read the original article: Mistral Pitches Security-Focused AI As Mythos Alternative
High-Severity Vulnerability Patched in VMware Fusion
The patch was announced as Broadcom is attending the Pwn2Own hacking competition in Berlin this week. The post High-Severity Vulnerability Patched in VMware Fusion appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: High-Severity…
UK AI Chip Start-Up Fractile Raises $220m
Fractile completes Series B round valuing it at $1bn as it seeks to ease inference bottleneck for cutting-edge AI models This article has been indexed from Silicon UK Read the original article: UK AI Chip Start-Up Fractile Raises $220m
Met Police Arrest 173 In Live Facial Recognition Trial
Six-month live facial recognition trial results in an arrest every 35 minutes, including a woman wanted for more than 20 years This article has been indexed from Silicon UK Read the original article: Met Police Arrest 173 In Live Facial…
PoC Released for 18-Year-Old NGINX Flaw Allowing Remote Code Execution
A critical vulnerability in NGINX’s source code, hidden since 2008, has finally been exposed, and a working exploit is already in the wild. Security researchers at depthfirst have publicly released a proof-of-concept (PoC) exploit demonstrating unauthenticated remote code execution (RCE)…
Langflow CVE-2026-33017 Exploited to Steal AWS Keys, Deploy NATS Worker
Langflow instances left unpatched against CVE-2026-33017 are now being actively abused not just for remote code execution, but as launchpads to steal AWS keys and join a NATS-backed botnet-style worker pool dubbed “KeyHunter.” The vulnerability, now listed in CISA’s Known…
CERN’s open source KiCad library gives the world 17,000 circuit board components
CERN has released its complete KiCad component library under an open source license, making it available to hardware designers anywhere in the world. The library, maintained by CERN’s Design Office, contains more than 17,000 electronic components in the form of…
New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption
Details have emerged about a new variant of the recent Dirty Frag Linux local privilege escalation (LPE) vulnerability that allows local attackers to gain root access, making it the third such bug to be identified in the kernel within a…
Waymo Issues Recall After Car Drives Into Flooded Road
Google sister company issues ‘voluntary’ software update after empty vehicle swept away in flooded road in San Antonio, Texas This article has been indexed from Silicon UK Read the original article: Waymo Issues Recall After Car Drives Into Flooded Road
Packagist Warns: Update Composer Now After GitHub Actions Token Leak
A sudden change in GitHub’s token format has triggered an unexpected security vulnerability in Composer, exposing sensitive authentication tokens in CI/CD logs and forcing Packagist to issue an urgent warning to PHP developers worldwide. The issue stems from a mismatch…
Nitrogen Ransomware claims massive data theft from Foxconn
Foxconn confirmed a cyberattack on some North American factories. The Nitrogen ransomware group claims it stole 8TB of data from the firm. Foxconn confirmed that several of its North American factories were affected by a cyberattack. The manufacturer confirmed it…
The Gentlemen RaaS Leverages Fortinet and Cisco Edge Devices for Initial Access
A ransomware group that only surfaced in mid-2025 has already made a significant mark on the threat landscape. The Gentlemen, a ransomware-as-a-service (RaaS) operation, has quickly risen to become one of the most active ransomware programs in the world, with…
Critical MongoDB Vulnerability Allow Attackers to Execute Arbitrary Code
A newly disclosed critical vulnerability in MongoDB could allow threat actors to execute arbitrary code, potentially handing them complete control over affected servers and exposing millions of records to theft. The vulnerability, officially tracked as CVE-2026-8053, directly impacts MongoDB Server…
Critical 18-Year-Old NGINX Vulnerability Enables Remote Code Execution Attacks – PoC Released
A critical heap buffer overflow vulnerability, lurking in NGINX’s source code since 2008, has been publicly disclosed. Complete with a working proof-of-concept exploit capable of delivering unauthenticated remote code execution (RCE) against one of the world’s most widely deployed web…
Researcher Drops YellowKey, GreenPlasma Windows Zero-Days
YellowKey is a BitLocker bypass that requires physical access. GreenPlasma enables elevation of privileges to System. The post Researcher Drops YellowKey, GreenPlasma Windows Zero-Days appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Researcher…
IT Security News Hourly Summary 2026-05-14 09h : 6 posts
6 posts were published in the last hour 7:2 : Foxconn US Plant Hit By Data-Theft Hack 7:2 : To gain root access at this company, all an intruder had to do was ask nicely 7:2 : 18-Year-Old NGINX Rewrite…
Foxconn US Plant Hit By Data-Theft Hack
Hackers claim theft of component schematics, data centre topology diagrams after hack halts operations at Wisconsin facility This article has been indexed from Silicon UK Read the original article: Foxconn US Plant Hit By Data-Theft Hack
To gain root access at this company, all an intruder had to do was ask nicely
Human IT managers thought they were being nice to the boss, but were assisting a threat actor This article has been indexed from www.theregister.com – Articles Read the original article: To gain root access at this company, all an intruder…
18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE
Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open, including a critical flaw that remained undetected for 18 years. The vulnerability, discovered by depthfirst, is a heap buffer overflow issue impacting ngx_http_rewrite_module (CVE-2026-42945, CVSS v4 score:…
Simple bypass of the link preview function in Outlook Junk folder, (Thu, May 14th)
Besides serving as a place where Microsoft Outlook places suspected spam, the Outlook Junk folder has one additional function that can be quite helpful when it comes to identifying malicious messages. Any e-mail placed in this folder is stripped of…
Gentlemen RaaS Exploits Fortinet and Cisco Edge Devices for Initial Access
The Gentlemen ransomware-as-a-service (RaaS) operation is turning exposed Fortinet and Cisco edge devices into a fast lane into enterprise networks and doing it at scale. What began as a rising RaaS brand in mid‑2025 has, by early 2026, evolved into…