A new phishing campaign uncovered in late April 2026 shows how threat actors behind the Tycoon 2FA Phishing-as-a-Service (PhaaS) kit are evolving beyond traditional credential theft. This development comes just weeks after a global takedown effort led by Microsoft and…
Tenable warns AI adoption is outpacing governance as cloud exposure risks surge
A new report from Tenable is warning that organizations are creating what it describes as a growing “AI exposure gap,” as enterprises race to deploy AI tools and cloud-native services faster than security and governance teams can keep up. The “Cloud and AI…
Cyberattack on West Pharmaceutical halts manufacturing across multiple sites
West Pharmaceutical Services has disclosed a ransomware attack that disrupted manufacturing, shipping, and receiving operations across multiple global facilities after bad actors breached the company’s network on 4 May. The pharmaceutical packaging manufacturer said attackers exfiltrated data and encrypted systems, forcing the company to proactively shut down portions of…
Beyond deepfakes: Building identity resilience against AI impersonation
Generative AI is changing the economics of identity fraud. Voice cloning, real-time face animation, synthetic documents, and AI-assisted social engineering are making it easier for attackers to impersonate legitimate users across service desks, onboarding workflows, and remote account recovery. The…
MPs want social media treated more like unsafe toys than harmless apps
Parliamentary committee tells ministers the current online safety regime is failing children and warns ‘no action is not an option’ This article has been indexed from www.theregister.com – Articles Read the original article: MPs want social media treated more like…
Google Patches 79 Chrome Security Vulnerabilities, 14 Rated Critical
Google has rolled out a major Chrome security update, fixing 79 vulnerabilities in the Stable channel, including 14 critical flaws that could allow attackers to execute arbitrary code or crash systems. The update, now available as version 148.0.7778.167/168 for Windows…
Multiple cPanel Vulnerabilities Could Lead to Sensitive Resource Exposure
Multiple newly disclosed vulnerabilities in cPanel & WHM, including the critical CVE‑2026‑41940 authentication bypass bug and a cluster of May 2026 flaws, could allow attackers to access sensitive resources and hosting accounts if servers remain unpatched. Organizations running Internet‑facing cPanel…
Critical Next.js Vulnerability Exposes Cloud Credentials, API keys, and Admin Panels
A high-severity vulnerability in Next.js threatens self-hosted web applications with severe data breaches. Threat actors can now exploit a Server-Side Request Forgery (SSRF) flaw to silently steal cloud credentials, harvest API keys, and access sensitive internal admin panels. Organizations running…
Critical Microsoft Exchange Server Vulnerability Actively Exploited in Attacks
Microsoft issued an urgent security alert regarding a newly discovered vulnerability in Exchange Server that is currently being exploited in the wild. Tracked as CVE-2026-42897, this critical spoofing flaw carries a high CVSS 3.1 severity score of 8.1 and directly…
79 Chrome Vulnerabilities Patched, Including 14 Critical One’s – Update Now!
Google has rolled out a massive security update for its Chrome browser, sealing a staggering 79 vulnerabilities before threat actors can exploit them. With 14 of these flaws rated as critical, browsing the web on an outdated version leaves your…
China-Linked Hackers Deploy New TencShell Malware Against Global Manufacturer
A suspected China-linked threat actor targeted the Indian branch of a global manufacturer leveraging an open source offensive toolkit This article has been indexed from www.infosecurity-magazine.com Read the original article: China-Linked Hackers Deploy New TencShell Malware Against Global Manufacturer
UK Regulator Begins Microsoft Software Probe
CMA launches review that could place greater oversight on Microsoft business software, amid questions over light-touch enforcement This article has been indexed from Silicon UK Read the original article: UK Regulator Begins Microsoft Software Probe
Cisco Catalyst SD-WAN Controller Flaw Under Active Exploitation for Admin Access
Cisco has disclosed a critical vulnerability in its Catalyst SD-WAN platform that is already being exploited in the wild, allowing attackers to gain administrative control over enterprise networks without authentication. Critical SD-WAN flaw under attack The vulnerability, tracked as CVE-2026-20182,…
FrostyNeighbor: Fresh mischief and digital shenanigans
ESET researchers uncovered new activities attributed to FrostyNeighbor, updating its compromise chain to support the group’s continual cyberespionage operations This article has been indexed from WeLiveSecurity Read the original article: FrostyNeighbor: Fresh mischief and digital shenanigans
Researchers uncover YellowKey and GreenPlasma Windows Zero-Days
Researchers disclosed two new Windows zero-days named YellowKey and GreenPlasma affecting BitLocker and the CTFMON framework. A security researcher known as Chaotic Eclipse, also called Nightmare-Eclipse, disclosed two new Windows zero-day vulnerabilities named YellowKey and GreenPlasma. The flaws affect BitLocker…
Chrome 148 Update Patches Critical Vulnerabilities
The refresh resolves critical-severity use-after-free and other types of bugs in various browser components. The post Chrome 148 Update Patches Critical Vulnerabilities appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Chrome 148 Update…
Keycard helps developers secure autonomous AI agents with scoped access
Keycard has announced Keycard for Multi-Agent Apps, extending its platform to support delegated, session-based access across systems of autonomous agents. Keycard lets developers build apps where every agent has its own identity, access is scoped to each task and every…
G7 releases AI SBOM, DELL SupportAssist BSOD, Dirty Frag sequel
G7 countries release AI SBOM guidance Dell confirms its SupportAssist software causes Windows BSOD crashes Dirty Frag sequel arrives as Fragnesia Get the show notes here: https://cisoseries.com/cybersecurity-news-g7-releases-ai-sbom-dell-supportassist-bsod-dirty-frag-sequel/ Huge thanks to our episode sponsor, Doppel Social engineering attacks look trustworthy —…
IT Security News Hourly Summary 2026-05-15 09h : 10 posts
10 posts were published in the last hour 7:3 : [Guest Diary] New Malware Libraries means New Signatures, (Fri, May 15th) 7:2 : Employees Report AI ‘Brain Fry’ 7:2 : TeamPCP Hackers Exploit CI/CD Pipelines to Steal Cloud Credentials 7:2…
[Guest Diary] New Malware Libraries means New Signatures, (Fri, May 15th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: [Guest Diary] New Malware Libraries means New…
Employees Report AI ‘Brain Fry’
Use of AI tools to boost worker productivity may backfire if used improperly, study finds, as staff report ‘brain fry’ This article has been indexed from Silicon UK Read the original article: Employees Report AI ‘Brain Fry’
TeamPCP Hackers Exploit CI/CD Pipelines to Steal Cloud Credentials
A financially motivated threat group known as TeamPCP is aggressively targeting modern software supply chains, abusing trusted CI/CD pipelines to steal sensitive developer and cloud credentials at scale. TeamPCP’s core strategy is simple but highly effective: compromise trusted build and…
On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email
Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-42897 (CVSS score: 8.1), has been described as a spoofing bug stemming…
Microsoft Exposes Kazuar Malware’s Modular P2P Botnet Architecture
Microsoft has revealed new technical insights into Kazuar, a long-running malware linked to the Russian state-backed group Secret Blizzard, highlighting its evolution into a stealthy, modular peer-to-peer (P2P) botnet designed for persistent cyber espionage. Originally identified as a traditional backdoor,…