A wave of traffic overwhelmed systems, briefly halting downloads, patches, and web resources managed by Canonical – the team responsible for Ubuntu Linux. Outages stretched nearly twenty-four hours, blocking access to essential tools during the incident. Midway through the…
Tag: EN
Quasar Linux Malware Targets Developers in Stealthy Supply Chain Attack
A newly discovered Linux implant called Quasar Linux, or QLNX, is a serious threat because it goes after the people and systems that build software. Instead of behaving like ordinary malware, it is designed to quietly take root in…
NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE
A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public disclosure, according to VulnCheck. The vulnerability, tracked as CVE-2026-42945 (CVSS score: 9.2), is a heap buffer overflow…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 97
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter JDownloader site hacked to replace installers with Python RAT malware New TrickMo Variant: Device Take Over malware targeting Banking,…
Attackers exploit Funnel Builder bug to inject e-skimmers into e-stores
Attackers are exploiting a critical flaw in the WordPress Funnel Builder plugin to inject skimming code into WooCommerce checkout pages. A critical vulnerability in the WordPress Funnel Builder plugin is being actively exploited to inject malicious JavaScript into WooCommerce checkout…
Security Affairs newsletter Round 577 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Attackers…
Why Is Cybersecurity Now A Business Priority, Not Just An IT Function?
Cybersecurity is becoming more than just a technology issue; it is now an essential part of doing business. As more and more organizations depend on digital systems, their data have… The post Why Is Cybersecurity Now A Business Priority, Not…
Ubuntu Services Remain Disrupted After DDoS Attack Targets Canonical Infrastructure
Several Ubuntu users reported problems installing updates and downloading packages after parts of Canonical’s infrastructure were disrupted during a Distributed Denial of Service (DDoS) attack. Canonical, the company behind the Ubuntu Linux distribution, confirmed that its online systems had…
Apple Account Data and Bluetooth Signals Tie Suspect to Crypto Robbery
The App Store ecosystem has been infiltrated by a coordinated wave of fraudulent cryptocurrency wallet applications that exploit regional platform restrictions and user trust to steal credentials from iOS users. More than two dozen malicious apps have been identified…
High Court Squashes Ban for Sim-Swap Fraud, Says Zero Customer Liability
In an important ruling amid surging digital financial fraud attacks, the Bombay HC sided with the customer protection norms. It directed Bank of Baroda to return Rs. 1.24 crore to the victim private firm that lost money in a SIM-swap…
Scammers Send Physical Phishing Letters to Steal Ledger Wallet Seed Phrases
Scammers are mailing fake Ledger phishing letters to users in Italy with QR codes that trick crypto wallet users into revealing seed phrases. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the…
Grafana Says It Rejected Ransom Demand After Source Code Theft
Grafana says hackers stole its source code after accessing a GitHub token, but no customer data or systems were affected. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: Grafana…
Grafana Labs Security Breach – Hackers Access GitHub and Download Codebase
A threat actor infiltrated Grafana Labs’ GitHub environment, stealing a privileged token to download the company’s private codebase, and then attempted to extort the open-source observability giant with an unanswered ransom demand. Grafana Labs disclosed on May 16, 2026, that…
Week in review: Cisco patches SD-WAN 0-day, unpatched Microsoft Exchange Server flaw exploited
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Review: Foundations of Cybersecurity, 2nd edition Jason Andress has refreshed his introductory security text for No Starch Press. He writes in the introduction that the…
Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt
Grafana has disclosed that an “unauthorized party” obtained a token that granted them the ability to access the company’s GitHub environment and download its codebase. “Our investigation has determined that no customer data or personal information was accessed during this…
Meta Launches Incognito Chat With Meta AI for Private Conversations on WhatsApp and Meta AI App
Meta has introduced Incognito Chat with Meta AI, a new mode for WhatsApp and the Meta AI app that offers private conversations, which the company claims cannot Thank you for being a Ghacks reader. The post Meta Launches Incognito Chat…
First Public macOS Kernel Exploit on Apple M5 Prepared Using Mythos Preview in Five Days
Apple’s M5 silicon has reportedly been exploited for the first time in a public macOS kernel memory corruption attack, successfully bypassing the company’s notable hardware-level memory protection. Researchers from Calif, Bruce Dang, Dion Blazakis, and Josh Maine, developed a working…
Pwn2Own Berlin 2026, Day Three: DEVCORE Crowned Master of Pwn, $1.298 Million Total
Pwn2Own Berlin 2026 ended with 47 zero-days and $1.29M in payouts, as DEVCORE dominated the competition across all categories. Pwn2Own Berlin 2026 ended after three intense days, with participants discovering 47 unique zero-days, and earning $1,298,250 in total payouts. Pwn2Own…
U.S. CISA adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Exchange Server, tracked as CVE-2026-42897 (CVSS score of…
Russian APT Turla builds long-term access tool with Kazuar Botnet evolution
Russia-linked APT group Turla turned its Kazuar malware into a stealthy P2P botnet for long-term access to compromised systems. Russia-linked APT group Turla upgraded its Kazuar backdoor into a modular peer-to-peer botnet designed for stealth and persistent access to infected…