GitLab has released patch versions 19.0.1, 18.11.4, and 18.10.7 to fix seven security issues affecting GitLab CE and EE, including Duo AI workflow runner access control, a Wiki denial-of-service flaw, and several authorization bugs across GraphQL, Duo Workflows, Operations, Pipelines,…
Infosecurity Europe: CyCOS Project Expands to Support UK SMEs as CIISec Takes Over
From a research-driven pilot, the Cybersecurity Communities of Support (CyCOS) is about to be handed over to CIISec This article has been indexed from www.infosecurity-magazine.com Read the original article: Infosecurity Europe: CyCOS Project Expands to Support UK SMEs as CIISec…
BTMOB RAT Gives Criminals a Point-and-Click Kit to Take Over Your Android Phone
BTMOB sells Android full-device takeover as a kit, no coding needed. It steals data, records screens, and hands attackers remote control for $5,000 lifetime. Most Android malware requires at least some technical competence to deploy, but the BTMOB doesn’t. The…
Microsoft 365 Copilot redesign brings context and actions into one workspace
Microsoft 365 Copilot, an AI assistant that helps people write, summarize, analyze information, and complete work tasks, has been redesigned. It now serves as a single, flexible entry point to Copilot across Microsoft 365 apps, suggesting relevant actions based on…
Fake Adobe Document Cloud Pages Spread ScreenConnect Malware
Hackers are actively exploiting trust in Adobe Document Cloud by using fake delivery pages to install remote access malware. The campaign leverages a sophisticated phishing kit named “RatPressto,” which abuses compromised WordPress sites and legitimate software to evade detection while…
Chinese Hackers Exploit Iran War to Target Maritime and Energy Companies
ESET’s 2026 APT Activity Report suggests China-backed APTs are using instability in the region to target victims, as well as continuing activity against organizations around the globe This article has been indexed from www.infosecurity-magazine.com Read the original article: Chinese Hackers…
Google Patches 151 Vulnerabilities in Chrome, Including 22 Critical Ones
Google has pushed a major Chrome Stable update that fixes 151 security flaws, including 22 critical vulnerabilities affecting core graphics, networking, media, and UI components across Windows, macOS, and Linux. The Stable channel has been updated to version 148.0.7778.216/217 for…
Critical Samba Vulnerability Enables Remote Code Execution Attacks
A critical vulnerability in the Samba printing subsystem, tracked as CVE-2026-4480, has been disclosed, allowing unauthenticated attackers to achieve remote code execution (RCE) on affected systems. The flaw carries a maximum CVSS v3.1 score of 10.0, highlighting its severe impact…
Malicious RVTools Installer Abuses Sectigo Certificate to Bypass SmartScreen Warnings
A trusted tool for VMware administrators has been weaponized. Attackers built a fake version of RVTools, a widely used utility for managing virtual infrastructure, and disguised it with a real digital certificate to slip past Windows security warnings without raising…
AI-Generated npm Malware Leaks Its Own GitHub Token
Sloppy AI-generated npm infostealer leaked its own GitHub token, exposing the operator This article has been indexed from www.infosecurity-magazine.com Read the original article: AI-Generated npm Malware Leaks Its Own GitHub Token
Are hackers using AI personalities to attack?
Yes, hackers are continually using AI personas to provide helpful advice on how to commit cybercrimes. AI chatbots are susceptible to manipulation. And after a… The post Are hackers using AI personalities to attack? appeared first on Panda Security Mediacenter.…
Samba Security Flaw Lets Attackers Execute Code Remotely
A critical security vulnerability in Samba’s printing subsystem has been disclosed, allowing unauthenticated attackers to execute arbitrary code remotely on affected servers. Tracked as CVE-2026-4480, the flaw carries a maximum CVSS score of 10.0, highlighting its severe impact on confidentiality,…
Anthropic launches Claude Opus 4.8, prepares Mythos-class models for all customers
Anthropic has released Claude Opus 4.8 and outlined plans for broader access to its Mythos-class models, which the company expects to make available to all customers in the coming weeks. Claude Opus 4.8 (Source: Anthropic) Claude Opus 4.8 is available…
Claude Opus 4.8 Released With Advanced Engineering-Level Coding Capabilities
Anthropic has announced the release of Claude Opus 4.8, a major upgrade to its flagship AI model that introduces advanced engineering-level coding capabilities and improved autonomous task execution. The latest version builds on Opus 4.7, focusing on enhanced reasoning, longer…
OpenVPN Connect macOS Vulnerability Allows Remote Command Execution
OpenVPN has released a critical security update for its macOS client after researchers uncovered a vulnerability that could allow remote command execution on affected systems. The issue, tracked as CVE-2026-9560, impacts the privileged helper component in OpenVPN Connect and has…
Zapocalypse Attack Lets Threat Actors Hijack Zapier Accounts
“Zapocalypse” is a newly disclosed attack chain that shows how attackers could have abused Zapier’s “Code by Zapier” feature to move from a single sandboxed Python step to a potential full-scale Zapier account takeover. The research, carried out by Token…
Humanix expands detection to identify live violations of security procedures
Humanix has announced a capability to identify live violations of organization-defined procedures governing IT support workflows. Designed to prevent unauthorized access, these procedures typically require help desk and service desk agents to follow identity verification steps before fulfilling sensitive requests,…
Claroty targets cyber-physical system risks with AI-powered security agent
Claroty has launched Claroty Claire, a CPS-native AI security agent designed to help organizations defend mission-critical infrastructure. Claire is powered by a CPS language model trained on more than a decade of industry expertise and CPS-related data. The launch expands…
Netskope extends data localization capabilities with NewEdge updates
Netskope has enhanced its NewEdge Network infrastructure, expanding data sovereignty capabilities to more regions than any other SASE cloud provider. The NewEdge Network architecture provides national data localization features that address requirements for network transport, data processing, and metadata governance…
World Cup fraud, US military location targets, IBM and Red Hat go Project Lightwell
Fraud gang steals from World Cup fans Pentagon says US military targeted by location IBM and Red Hat commit to “Project Lightwell” Check out your show notes here: https://cisoseries.com/cybersecurity-news-world-cup-fraud-us-military-location-targets-ibm-and-red-hat-go-project-lightwell/ Huge thanks to our sponsor, Guardsquare Attackers are treating your mobile…
IT Security News Hourly Summary 2026-05-29 09h : 7 posts
7 posts were published in the last hour 7:2 : Fake Video Player Updates Spread Miner and RAT Malware 7:2 : AI Security Best Practices for technical and non-technical people 7:2 : What’s in the container? Analyzing vulnerabilities, risks and…
Fake Video Player Updates Spread Miner and RAT Malware
Hackers are actively exploiting illegal streaming platforms to distribute advanced malware, using fake video player updates as a lure to infect unsuspecting users. The attack begins when users attempt to play a video on compromised streaming websites. Instead of playback,…
AI Security Best Practices for technical and non-technical people
AI Security Best Practices: What Every Employee Needs to Know A summary of an AI Security Policy — covering the risks that matter, with real examples of what goes wrong when they are ignored. AI tools are now part of…
What’s in the container? Analyzing vulnerabilities, risks and protection with Kaspersky Container Security and the KIRA AI assistant
What are the main risks for container environments: vulnerabilities, supply chain attacks, configuration errors; how to improve container security and how Kaspersky Container Security with the KIRA AI assistant can help. This article has been indexed from Securelist Read the…