HMRC to use Quantexa AI system to bring together separate data silos to help improve fraud detection, while automating routine tasks This article has been indexed from Silicon UK Read the original article: HMRC Strikes £175m, 10-Year AI Deal With…
Critical FunnelKit Vulnerability Puts 40,000+ WooCommerce Sites at Risk
A critical security vulnerability in the Funnel Builder plugin by FunnelKit is actively being exploited, putting more than 40,000 WooCommerce websites at risk of payment data theft. The vulnerability affects all Funnel Builder versions prior to 3.15.0.3 and allows unauthenticated…
1 Million WordPress Websites Exposed by Avada Builder Security Vulnerabilities
A widely used WordPress plugin powering over one million websites has been found vulnerable to two serious security flaws that could expose sensitive data and server files. Security researchers warn that the issues in the Avada Builder plugin could allow…
Linux Torvalds Warns AI Bug Report Spam Is Disrupting Linux Security Discussions
Linux kernel creator Linus Torvald has warned that a flood of low‑value, AI‑generated bug reports is overwhelming the private Linux security mailing list and actively disrupting real security work. The new kernel documentation for Linux 7.1 now explicitly tells AI…
The AI backdoor your security stack is not built to see
Enterprises deploying LLMs have spent the past two years building defenses around a reasonable assumption: malicious behavior leaves a trace in the input. Scan for suspicious tokens, filter unusual characters, watch for prompt injection patterns. New research from Microsoft and…
Crafted JPEGs Could Trigger PHP Memory Bugs for Exploitation
PHP, one of the most widely used web programming languages, is rarely viewed as a direct attack surface at its core level. Security focus typically shifts toward frameworks and third-party libraries. However, new research shows that PHP’s built-in functionality specifically…
AI reveals the invisible magnetic chaos wasting energy inside electric motors
Electric vehicles are pushing scientists to tackle one of the biggest hidden energy drains inside electric motors: magnetic energy loss. Now, researchers in Japan have developed a powerful AI-driven physics model that can peer into the chaotic “maze-like” magnetic patterns…
Grafana Labs admits all its codebase are belong to someone who popped its GitHub account
No customer info stolen, no impact to operations, and no blackmail payment This article has been indexed from www.theregister.com – Articles Read the original article: Grafana Labs admits all its codebase are belong to someone who popped its GitHub account
Lyrie: Open-source autonomous pentesting agent
Penetration testing has usually required weeks of manual work, specialized tooling, and teams with narrow skill sets. Lyrie, an open-source autonomous security agent built by OTT Cybersecurity, compresses that process into a command line tool and publishes the entire codebase.…
Malicious npm Packages Steal SSH Keys, Cloud Credentials, and Crypto Wallets
A new supply chain attack campaign targeting developers has surfaced in the npm ecosystem, with four malicious packages discovered stealing sensitive data, including SSH keys, cloud credentials, and cryptocurrency wallets. The campaign, identified by OX Security within the past 24…
Researchers Build First Public Apple M5 macOS Kernel Exploit with Mythos Preview
Security researchers have unveiled the first publicly known macOS kernel memory corruption exploit targeting Apple’s latest M5 silicon, marking a significant moment for both offensive security and Apple’s next-generation defenses. The exploit, developed in collaboration with Mythos Preview, reportedly bypasses…
Grafana Labs Confirms Security Incident Involving GitHub Codebase Access
Grafana Labs has confirmed a security incident involving unauthorized access to its internal GitHub environment, after a threat actor obtained a compromised access token and downloaded portions of the company’s codebase. The disclosure, made via an official statement on May…
AI shrinks vulnerability exploitation window to hours
Time has become organizations’ biggest vulnerability because the gap between vulnerability discovery and exploitation has narrowed to hours, according to Synack’s 2026 State of Vulnerabilities Report. Total vulnerabilities by severity (2022-2025) (Source: Synack) AI expands the attack surface Agentic AI…
Claude Code Vulnerability Allows Attackers to Run Commands Through Crafted Deeplinks
A recently disclosed flaw in Claude Code allowed attackers to execute arbitrary system commands using a single crafted deeplink URL, turning a convenience feature into a remote code execution (RCE) vector. The issue, documented by security researcher Joernchen, has been…
Product showcase: McAfee + ChatGPT integration turns doubt into a scam check
McAfee + ChatGPT integration brings real-time scam detection in conversations and gives users an easier way to verify suspicious content before clicking or responding. It is available to anyone, without requiring a McAfee or ChatGPT subscription. It combines conversational AI…
Claude Code RCE Flaw Lets Attackers Execute Commands via Malicious Deeplinks
A critical remote code execution (RCE) vulnerability has been discovered in Anthropic’s Claude Code CLI tool, allowing attackers to execute arbitrary commands on a victim’s machine by tricking them into clicking a specially crafted deeplink. The flaw, now patched in…
Fast16 Malware Manipulated Nuclear Weapons Simulation Data to Sabotage Test Results
Fast16 malware has been reclassified as a precision tool engineered not to disrupt nuclear warheads directly, but to quietly falsify the outcome of nuclear weapons test simulations and stall weapons development. Rather than causing kinetic damage, Fast16’s purpose was psychological…
Critical WordPress Plugin Vulnerability Exposes Websites to Authentication Bypass Attacks
A critical vulnerability in a widely used WordPress plugin has exposed over 200,000 websites to full account takeover, raising urgent concerns across the security community. Discovered on May 8, 2026, by Wordfence’s AI-powered PRISM threat intelligence platform, the flaw affects…
Hackers Earn $1.3 Million at Pwn2Own Berlin 2026
Participants demonstrated exploits for Windows, Linux, VMware, Nvidia, and AI products. The post Hackers Earn $1.3 Million at Pwn2Own Berlin 2026 appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Hackers Earn $1.3 Million…
When ransomware hits, confidence doesn’t restore endpoints
Ransomware, supply chain vulnerabilities, insider threats, compliance failures, and software disruptions remain major concerns for security leaders, according to The Ransomware Reality: Zero Days to Recover report by Absolute Security. How CISOs currently ensure endpoint resilience against ransomware (overall, %)…
IT Security News Hourly Summary 2026-05-18 06h : 1 posts
1 posts were published in the last hour 4:2 : Election Commission Says ECINET Withstood Over 68 Lakh Cyberattack Attempts During Poll Counting
Election Commission Says ECINET Withstood Over 68 Lakh Cyberattack Attempts During Poll Counting
The Election Commission of India (ECI) said its digital election infrastructure faced more than 68 lakh malicious online hits on the day votes were counted for the recently concluded Assembly elections, with attempts originating from both domestic and overseas…
AI is distorting the Holocaust (Lock and Code S07E10)
This week on the Lock and Code podcast, we speak with Clara Mansfeld about how AI-generated imagery is warping the history of the Holocaust. This article has been indexed from Malwarebytes Read the original article: AI is distorting the Holocaust…
Linus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable’
Multiple researchers using the same tools to find the same bugs are creating ‘unnecessary pain and pointless work’ This article has been indexed from www.theregister.com – Articles Read the original article: Linus Torvalds says AI-powered bug hunters have made Linux…