IT Security News

Cybersecurity news and articles about information security, vulnerabilities, exploits, hacks, laws, spam, viruses, malware, breaches.

Main menu

Skip to content
  • Advertising
  • Contact
  • Legal and Contact information
  • Opt-out preferences
  • Privacy Policy
  • Social Media
    • Telegram Channel
EN, GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Hackers Weaponize NF-e Invoice Lures to Deploy Banana RAT

2026-05-22 12:05

Hackers are actively using Brazil’s electronic invoice system (NF-e) as a lure to distribute a sophisticated banking trojan known as Banana RAT. The campaign has been attributed to a financially motivated threat cluster tracked as SHADOW-WATER-063 and appears exclusively focused…

Read more →

EN, GBHackers Security | #1 Globally Trusted Cyber Security News Platform

CISA Issues Alert on Exploited Microsoft Defender Zero-Day Vulnerabilities

2026-05-22 12:05

CISA has issued an urgent alert warning organizations about two newly disclosed zero-day vulnerabilities affecting Microsoft Defender, both added to the Known Exploited Vulnerabilities (KEV) catalog on May 20, 2026. CVE-2026-45498: Microsoft Defender DoS Vulnerability CVE-2026-45498 is a denial-of-service (DoS)…

Read more →

EN, Securelist

Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload

2026-05-22 12:05

The experienced Cloud Atlas group remains active, continuing to target government sectors and diplomatic entities in Russia and Belarus, employing both new and established techniques to maintain persistence in compromised systems. This article has been indexed from Securelist Read the…

Read more →

Cyber Security News, EN

Hackers Use Hugging Face to Host Second-Stage Malware for npm Supply Chain Attack

2026-05-22 12:05

Hackers have found a new and alarming way to weaponize one of the most trusted platforms in the AI world. A threat actor linked to North Korea has embedded second-stage malware inside Hugging Face, the widely used AI and machine…

Read more →

Cyber Security News, EN

FBI Warns of Kali365 Attacking Microsoft 365 Users to Steal Logins and Bypass MFA

2026-05-22 12:05

The FBI has issued a new cybersecurity warning about a rapidly emerging phishing-as-a-service (PhaaS) platform named Kali365, which is actively targeting Microsoft 365 users to steal access tokens and bypass multi-factor authentication (MFA). Kali365 is being distributed primarily through Telegram…

Read more →

Cyber Security News, EN

CISA Warns of Trend Micro Apex One Vulnerability Exploited in Attacks

2026-05-22 12:05

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Trend Micro Apex One to its Known Exploited Vulnerabilities (KEV) catalog, warning organizations of active exploitation risks. The flaw, tracked as CVE-2026-34926, affects on-premise deployments of…

Read more →

Cyber Security News, EN

Splunk Patches Multiple Vulnerabilities that Enable DOS Attack and Exposes Sensitive Data

2026-05-22 12:05

Splunk has released security updates addressing multiple vulnerabilities across Splunk Enterprise, Splunk Cloud Platform, and the Splunk AI Toolkit that could lead to denial-of-service (DoS) conditions and exposure of sensitive data. The issues, disclosed on May 20, 2026, include three…

Read more →

EN, Help Net Security

CISA’s new KEV nomination form opens reporting to vendors and researchers

2026-05-22 12:05

The Cybersecurity and Infrastructure Security Agency launched a new nomination form that lets researchers, vendors, and industry partners report known exploited vulnerabilities for possible inclusion in its KEV catalog. The form gives outside contributors a direct way to submit vulnerabilities…

Read more →

EN, GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Android Malware Secretly Signs Users Up for Premium Services

2026-05-22 11:05

Android users are being targeted by a large-scale malware campaign that silently subscribes victims to premium mobile services without their knowledge. The malware campaign focuses on carrier billing fraud, abusing premium SMS services to generate revenue for attackers. What makes…

Read more →

EN, securityweek

‘First VPN’ Cybercrime Service Disrupted, Administrator Arrested

2026-05-22 11:05

The FBI says First VPN has been used by dozens of ransomware groups for network reconnaissance and intrusions. The post ‘First VPN’ Cybercrime Service Disrupted, Administrator Arrested appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…

Read more →

EN, Help Net Security

Meet Fractal, an OS made for microarchitecture reverse engineering

2026-05-22 11:05

Probing how a CPU isolates user code from kernel code is messy work. Researchers patch kernels, write drivers, or boot stripped-down bare-metal programs, and any of those choices change variables they were trying to hold still. Fractal, a new operating…

Read more →

EN, Help Net Security

Microsoft 365 users targeted by new phishing threat that bypasses MFA

2026-05-22 11:05

Microsoft 365 access tokens are being targeted by an emerging Phishing-as-a-Service (PhaaS) platform called Kali365, the FBI is warning. First observed in April 2026, Kali365 has been distributed through Telegram, allowing cybercriminals to obtain Microsoft 365 access tokens and bypass…

Read more →

EN, The Hacker News

Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoS-for-Hire Attacks

2026-05-22 11:05

The U.S. Department of Justice (DoJ) on Thursday announced the arrest of a Canadian man in connection with allegedly operating a distributed denial-of-service (DDoS) botnet known as Kimwolf. In tandem, Jacob Butler (aka Dort), 23, Ottawa, Canada, has been charged…

Read more →

Cybersecurity News: Threats, Vulnerabilities & Privacy Updates - gHacks, EN

Microsoft Phasing Out SMS Authentication Codes for Personal Accounts in Favor of Passkeys

2026-05-22 11:05

Microsoft has announced that it will discontinue SMS-based authentication and account recovery for personal Microsoft accounts. Thank you for being a Ghacks reader. The post Microsoft Phasing Out SMS Authentication Codes for Personal Accounts in Favor of Passkeys appeared first…

Read more →

Cyber Security News, EN

Hackers Can Weaponize Lenovo Driver to Terminate EDR Processes

2026-05-22 11:05

Hackers can weaponize a legitimately signed Lenovo driver to terminate security processes, highlighting a dangerous Bring Your Own Vulnerable Driver (BYOVD) attack vector that can bypass endpoint protection controls. Security researcher Jehad Abudagga has analyzed a Lenovo driver, BootRepair.sys, originally associated…

Read more →

Cyber Security News, EN

Google Publishes Exploit Code for Unfixed Chromium Bug Exposing Millions of Users

2026-05-22 11:05

Google has publicly released proof-of-concept (PoC) exploit code for a critical, still-unpatched vulnerability in the Chromium codebase, potentially exposing millions of users across Chrome, Microsoft Edge, and other Chromium-based browsers to stealthy botnet-style abuse. The vulnerability, originally reported in late…

Read more →

EN, Help Net Security

Downtime has become a $600 billion business problem

2026-05-22 11:05

The average cost of downtime has reached $600 billion for the Global 2000, a 50% increase in two years. According to Splunk’s The Hidden Costs of Downtime report, unplanned outages and service degradation cost each company an average of $300…

Read more →

EN, GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Splunk Patches Multiple Vulnerabilities Enabling DoS Attacks and Data Exposure

2026-05-22 10:05

Splunk has released security updates to fix three newly disclosed vulnerabilities that could allow low-privileged users to access sensitive data or disrupt Splunk Enterprise deployments through denial-of-service (DoS) conditions. The patches address issues in both Splunk Enterprise and the Splunk…

Read more →

EN, GBHackers Security | #1 Globally Trusted Cyber Security News Platform

Google API Key Issue Allows Deleted Keys to Retain Access to Cloud Services

2026-05-22 10:05

Google Cloud API keys may continue functioning for up to 23 minutes after deletion, exposing a significant security gap that could allow attackers to retain unauthorized access to cloud services even after credentials are revoked. Google API Deleted Keys to…

Read more →

EN, Security Affairs

One Telecom Provider Hosted Most of the Middle East ’s Active C2 Infrastructure

2026-05-22 10:05

Hunt.io mapped 1,350+ C2 servers across the Middle East, revealing how a small group of providers quietly supports major malware activity. For years, threat intelligence focused mostly on malware families, phishing domains, and individual indicators. But a new report from…

Read more →

EN, securityweek

TrendAI Patches Apex One Zero-Day Exploited in the Wild

2026-05-22 10:05

CVE-2026-34926 is a directory traversal flaw that can be exploited against the on-premise version of Apex One. The post TrendAI Patches Apex One Zero-Day Exploited in the Wild appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…

Read more →

Cybersecurity Today, EN

GitHub Breach Exposes 3,800 Repos | Microsoft Kills SMS Authentication | Proton Fights Canada Bill

2026-05-22 10:05

GitHub confirms a major supply chain breach after a malicious Visual Studio Code extension reportedly gave attackers linked to TeamPCP access to roughly 3,800 internal repositories. The bigger issue: developer workstations now hold some of the most sensitive secrets in…

Read more →

EN, GBHackers Security | #1 Globally Trusted Cyber Security News Platform

FBI Warns Kali365 PhaaS Platform Targets Microsoft 365 Users to Steal Logins

2026-05-22 10:05

The U.S. Federal Bureau of Investigation (FBI) has issued a Public Service Announcement (Alert I-052126-PSA) warning about a newly identified Phishing-as-a-Service (PhaaS) platform named Kali365, which is actively targeting Microsoft 365 users. First observed in April 2026, the platform enables attackers…

Read more →

EN, securityweek

Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack

2026-05-22 10:05

Hackers accessed Grafana’s GitHub repositories after a token compromised in the TanStack attack was not rotated. The post Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack appeared first on SecurityWeek. This article has been indexed from…

Read more →

Page 6 of 5449
« 1 … 4 5 6 7 8 … 5,449 »

Pages

  • Advertising
  • Contact
  • Legal and Contact information
  • Opt-out preferences
  • Privacy Policy
  • Social Media
    • Telegram Channel

Recent Posts

  • These special phone and app features can help protect you from spyware May 23, 2026
  • CVE-2026-9082: Drupal’s Highly Critical SQL Injection Flaw Is Already Under Active Attack May 23, 2026
  • Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware May 23, 2026
  • npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks May 23, 2026
  • Millions of Devices at Risk: New Trojan Monitors Smartphones May 23, 2026
  • AI Coding Tools Expose Thousands of Apps With Sensitive Corporate Data Online May 23, 2026
  • Why pure extortion is replacing traditional ransomware May 23, 2026
  • IT Security News Hourly Summary 2026-05-23 15h : 4 posts May 23, 2026
  • Nginx-poolslip Vulnerability Enables DoS and Code Execution Attacks — Patch Now! May 23, 2026
  • Australia Seizes $4.2 Million in Bitcoin in Major Darknet Crackdown May 23, 2026
  • WhatsApp Fixed Two Security Bugs via It’s Bug Bounty Program May 23, 2026
  • Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software May 23, 2026
  • RondoDox Botnet Exploits Critical 2018 Vulnerability to Hijack ASUS Routers May 23, 2026
  • The FBI Wants ‘Near Real-Time’ Access to US License Plate Readers May 23, 2026
  • Hackers Exploit F5 BIG-IP Appliance to Gain SSH Access and Pivot Into Enterprise Linux Networks May 23, 2026
  • Dirty Frag, Copy Fail, Fragnesia: The start of a worrisome Linux security trend May 23, 2026
  • ‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains May 23, 2026
  • Hackers Exploit F5 BIG-IP to Gain SSH Access and Pivot Into Linux Networks May 23, 2026
  • Ghostwriter Is Back, Using a Ukrainian Learning Platform as Bait to Hit Government Targets May 23, 2026
  • Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer May 23, 2026

Copyright © 2026 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com.

Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}