Collecting Cyber-News from over 60 sources

Tag: access

Europe Edges Closer to Claude Mythos Access

Jun 1, 2026 11:42 PM

Tags: access, ai, cybersecurity, vulnerability

Anthropic Offers ENISA a Place in Project Glasswing. Anthropic offered the European Union’s cybersecurity agency ENISA entry to Project Glasswing, its arrangement for giving organizations controlled early access to its vulnerability-finding Mythos AI model. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/europe-edges-closer-to-claude-mythos-access-a-31827
Hackers hijacked Instagram accounts by tricking Meta AI support chatbot into granting access

Jun 1, 2026 9:42 PM

Tags: access, ai, hacker

Several users on social media reported having their Instagram accounts hacked over the weekend. Meta’s own support chatbot was blamed for allowing hackers to hijack accounts. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/01/hackers-hijacked-instagram-accounts-by-tricking-meta-ai-support-chatbot-into-granting-access/
Microsoft investigates Office Apps, Teams file access issues

Jun 1, 2026 5:42 PM

Tags: access, cloud, microsoft, office

Microsoft says an ongoing incident is preventing users of its Teams collaboration platform and Office for the web cloud-based productivity suite from opening files. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-investigates-office-apps-teams-file-access-issues/
Cyberkriminelle nutzen die Phishing-Plattform Kali365, um legitime Microsoft-365-Verfahren für einen Zugriff ohne Passwörter

Jun 1, 2026 1:42 PM

Tags: access, ai, authentication, cyberattack, microsoft, password, phishing, service, tool

Das FBI warnt aktuell vor Kali365, einer seit April 2026 aktiven Phishing-as-a-Service-Plattform, die gezielt Microsoft-365-Umgebungen ins Visier nimmt. Hierbei werden keine Zugangsdaten gestohlen, sondern OAuth-Tokens gekapert, wodurch selbst eine Multifaktor-Authentifizierung (MFA) umgangen wird. Die Plattform bietet zudem KI-generierte Phishing-Vorlagen, automatisierte Kampagnen-Tools und Echtzeit-Tracking-Dashboards und wird über Telegram als Abonnementmodell vertrieben. Der Angriff läuft dabei in…
Meta AI Vulnerability Allegedly Enables Instagram Password Resets

Jun 1, 2026 10:42 AM

Tags: access, ai, cyber, identity, password, tool, unauthorized, vulnerability

Instagram is facing scrutiny after a critical vulnerability in its Meta AI-powered support system allegedly allowed attackers to take over user accounts by abusing the password recovery process. The tool, designed to help users regain access to locked accounts, could be tricked into sending password reset codes to unauthorized individuals without proper identity verification. The…
Microsoft Issues OutBand SharePoint Patch

May 26, 2026 11:00 PM

Tags: access, microsoft, update

SharePoint access often means access to the keys of the kingdom, something attackers and defenders understand all too well. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/microsoft-issues-sharepoint-patch
Anthropic Expands Public Access to Claude Mythos AI Model

May 26, 2026 10:00 PM

Tags: access, ai, intelligence, RedTeam, vulnerability

Expect to See Widespread Availability of Mythos-Level Models Within 6-12 Months. Anthropic is expanding public access to its frontier artificial intelligence model Claude Mythos to qualifying customers’ security teams on request for such purposes as vulnerability research and red-teaming, and predicts that Mythos-class models will be publicly available within 12 months. First seen on govinfosecurity.com…
Microsoft Code Editor Flaw Lets Attackers Hijack Developer PCs

May 26, 2026 8:00 PM

Tags: access, ai, flaw, intelligence, malicious, microsoft, tool

Hidden Install Settings Let Malicious MCP Links Execute Code. Microsoft patched a high-severity flaw in Visual Studio Code after researchers found attackers could hide malicious settings inside MCP server install links, giving them persistent access to developer machines through what appeared to be routine artificial intelligence tool installations. First seen on govinfosecurity.com Jump to article:…
Why AI Agents Are Creating a New Security Blind Spot

May 26, 2026 7:00 PM

Tags: access, ai, attack, governance, identity, okta, risk

Okta’s Charlotte Wylie on Identity, Governance and Rogue AI Access. AI agents are becoming a new identity type inside enterprises, creating visibility gaps and security risks most organizations aren’t prepared to manage. Okta’s Charlotte Wylie explains why shadow agents, overprovisioned access and AI-driven attacks demand a new governance model. First seen on govinfosecurity.com Jump to…
FBI warns about PhaaS platform used to access Microsoft 365 environments

May 26, 2026 6:00 PM

Tags: access, authentication, hacker, microsoft, phishing

Device code phishing enabled hackers to bypass multifactor authentication without credentials. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/fbi-warns-phishing-platform-microsoft-365/821105/
Lithuania investigates theft of 600,000 state registry records by foreign actor

May 26, 2026 5:00 PM

Tags: access, office, theft, unauthorized

The Lithuanian Prosecutor General’s Office said Friday that attackers gained unauthorized access to more than 600,000 records managed by the Centre of Registers, the state agency responsible for handling property and legal entity records. First seen on therecord.media Jump to article: therecord.media/lithuania-investigates-theft-of-state-records
Quasar RAT Hits Developers With Fileless Linux Attacks

May 26, 2026 3:00 PM

Tags: access, attack, backdoor, cyber, linux, rat, software

Quasar Linux (QLNX) is a new, stealthy Linux Remote Access Trojan that quietly turns developer and DevOps workstations into high”‘value beachheads for software supply”‘chain attacks, using fileless execution, an eBPF rootkit, PAM backdoors, and a P2P C2 mesh to evade conventional defenses. Despite its name, it is unrelated to the Windows”‘focused QuasarRAT family. It is…
Lazarus APT unveils fileless remote access Trojan designed to evade detection

May 26, 2026 11:00 AM

Tags: access, apt, crypto, detection, finance, group, korea, lazarus, north-korea, rat, threat

North Korea-linked Lazarus APT Group is using a stealthy memory-only RAT that leaves almost no forensic traces behind. North Korea-linked APT group Lazarus has never been shy about its ambitions, the threat actor has been tied to some of the most audacious financial heists in recent memory, draining hundreds of millions from cryptocurrency exchanges and…
Apache CXF Flaw Exposes Systems to LDAP Injection Attacks

May 26, 2026 11:00 AM

Tags: access, apache, attack, cve, cyber, flaw, injection, risk, service, unauthorized, vulnerability

Apache CXF users are facing a significant security risk following the disclosure of a new vulnerability that exposes systems to LDAP injection attacks, potentially allowing unauthorized access to sensitive certificate data. The issue, tracked as CVE-2026-44930, has been classified as “important” and affects the LDAP certificate repository within the XKMS (XML Key Management Specification) service…
Multiple 7-Zip Vulnerabilities Enable Arbitrary Code Execution

May 26, 2026 10:00 AM

Tags: access, cyber, data, github, leak, vulnerability

Multiple memory safety bugs in 7″‘Zip 26.00 allow remote attackers to leak sensitive data and, in at least one case, execute arbitrary code when a victim opens a crafted archive file. GitHub Security Lab has disclosed a critical heap buffer overflow in 7″‘Zip’s NTFS handler (GHSL”‘2026″‘140, CVE”‘2026″‘48095), alongside a cluster of additional memory access violations…
Anthropic Prepares Claude Mythos for Wider Release Through Claude Code

May 26, 2026 8:00 AM

Tags: access, ai, cyber

Anthropic is preparing to expand access to its most advanced AI model, Claude Mythos, signaling a shift from tightly controlled deployment to a staged commercial rollout under a new version labeled Mythos 1. The move suggests the company is transitioning from experimental security use cases toward broader enterprise integration. Claude Mythos first emerged in March…
Manage machine identities: The hidden privileged access layer you need to manage

May 26, 2026 7:00 AM

Tags: access, automation

Why are machine identities becoming the majority of “things with access”? Every automation, integration, and workload needs a way to authenticate and the right permissions to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/26/delinea-managing-managing-machine-identities-access/
25th May Threat Intelligence Report

May 25, 2026 6:00 PM

Tags: access, breach, intelligence, threat, unauthorized

7-Eleven, the global convenience store chain, confirmed a breach after an unauthorized access to systems used for franchisee documents. ShinyHunters claimed responsibility and said it stole more than 600,000 Salesforce records containing personal […] First seen on research.checkpoint.com Jump to article: research.checkpoint.com/2026/25th-may-threat-intelligence-report/
Italian Authorities Dismantle CINEMAGOAL App Enabling Unauthorised Access to Streaming Platforms

May 25, 2026 1:02 PM

Tags: access, cyber, finance, law, unauthorized

Italian law enforcement agencies have dismantled a sophisticated piracy operation centered around the CINEMAGOAL application, which enabled unauthorized access to premium streaming platforms including Netflix, Sky, DAZN, Disney+, and Spotify. The operation, codenamed “All Clear,” was led by the Financial Police in Ravenna under the direction of the Bologna Public Prosecutor’s Office. Authorities conducted over…
Italian Authorities Dismantle CINEMAGOAL App Enabling Unauthorised Access to Streaming Platforms

May 25, 2026 1:02 PM

Tags: access, cyber, finance, law, unauthorized

Italian law enforcement agencies have dismantled a sophisticated piracy operation centered around the CINEMAGOAL application, which enabled unauthorized access to premium streaming platforms including Netflix, Sky, DAZN, Disney+, and Spotify. The operation, codenamed “All Clear,” was led by the Financial Police in Ravenna under the direction of the Bologna Public Prosecutor’s Office. Authorities conducted over…
Hackers Exploit Azure RBAC to Steal Key Vault Secrets

May 25, 2026 12:00 PM

Tags: access, attack, cloud, cyber, data, exploit, hacker, identity, threat

Hackers are increasingly exploiting cloud identity and access management systems, and a methodical, sophisticated, and multi-layered attack, where a threat actor we track as Storm-2949 launched a relentless campaign with a singular focus: to exfiltrate as much sensitive data from a target organization’s high-value assets as possible. The attack, attributed to a threat actor tracked…
MiniUpdate RAT Abuses Azure C2 for Targeted Espionage

May 25, 2026 8:01 AM

Tags: access, cyber, espionage, group, iran, rat, threat

A sophisticated espionage campaign by the Iran-nexus advanced persistent threat group known as Screening Serpens also tracked as UNC1549 and Smoke Sandstorm deploying a newly identified remote access Trojan (RAT) family called MiniUpdate against targets in the United States, Israel, and the United Arab Emirates. Screening Serpens has been active since at least 2022, but…
Italy disrupts CINEMAGOAL piracy app that stole streaming auth codes

May 23, 2026 5:00 PM

Tags: access

Italian authorities have dismantled a piracy ecosystem centered around the CINEMAGOAL app that provided access to various streaming platforms, including Netflix, Disney+, and Spotify. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/legal/italy-disrupts-cinemagoal-piracy-app-that-stole-streaming-auth-codes/
Linux-Kernel-Schwachstelle ermöglicht Zugriff auf sensible Root-Daten

May 23, 2026 4:00 PM

Tags: access, bug, cve, linux, threat, vulnerability

Die Sicherheitsforscher der Threat Research Unit (TRU) von Qualys haben mit CVE-2026-46333 eine Schwachstelle im Linux-Kernel identifiziert, die unter bestimmten Bedingungen die Offenlegung sensibler Informationen privilegierter Prozesse ermöglicht. Die Sicherheitslücke befindet sich im sogenannten ptrace-Zugriffspfad des Kernels und kann von lokal angemeldeten Benutzern ohne administrative Rechte ausgenutzt werden. Nach Erkenntnissen der Forscher handelt es sich um eine Race-Condition…
Hackers Exploit F5 BIG-IP to Gain SSH Access and Pivot Into Linux Networks

May 23, 2026 1:00 PM

Tags: access, attack, cyber, exploit, hacker, intelligence, linux, microsoft, network, threat, unauthorized

Threat actors are actively exploiting end-of-life F5 BIG-IP appliances to gain unauthorized SSH access into enterprise networks, using the compromised devices as launchpads for sophisticated multi-stage intrusion campaigns that ultimately target Active Directory infrastructure. Microsoft Threat Intelligence disclosed the full attack chain on May 22, 2026, documenting how a single compromised edge appliance cascaded into…
The FBI Wants ‘Near Real-Time’ Access to US License Plate Readers

May 23, 2026 1:00 PM

Tags: access, deep-fake, exploit, flaw, google

Plus: Google publishes a live exploit for an unpatched flaw, the feds arrest two men accused of creating thousands of nonconsensual deepfake nudes, and more. First seen on wired.com Jump to article: www.wired.com/story/security-news-this-week-fbi-license-plate-reader-real-time-access/
Hackers Exploit F5 BIG-IP to Gain SSH Access and Pivot Into Linux Networks

May 23, 2026 1:00 PM

Tags: access, attack, cyber, exploit, hacker, intelligence, linux, microsoft, network, threat, unauthorized

Threat actors are actively exploiting end-of-life F5 BIG-IP appliances to gain unauthorized SSH access into enterprise networks, using the compromised devices as launchpads for sophisticated multi-stage intrusion campaigns that ultimately target Active Directory infrastructure. Microsoft Threat Intelligence disclosed the full attack chain on May 22, 2026, documenting how a single compromised edge appliance cascaded into…
LiteSpeed cPanel Plugin 0-Day Exploited for Server Root Access

May 23, 2026 12:00 PM

Tags: access, cvss, cyber, exploit, flaw, vulnerability, zero-day

A critical zero-day privilege escalation vulnerability in the LiteSpeed User-End cPanel plugin is being actively exploited in the wild, enabling any authenticated cPanel user to execute arbitrary scripts as root and gain full server control. Tracked as CVE-2026-48172 with a maximum CVSS score of 10.0, the flaw has been patched as of May 21, 2026. The root cause is a logic…
Ubiquiti Patches Critical UniFi OS Privilege Escalation Flaws

May 23, 2026 12:00 PM

Tags: access, control, cyber, flaw, vulnerability

Ubiquiti has released urgent security patches for five critical and high-severity vulnerabilities across its UniFi OS platform, addressing flaws that could allow remote attackers to execute arbitrary commands and escalate privileges on a wide range of UniFi devices. The flaws also span improper access control and path traversal, affecting a broad range of UniFi OS…
Zscaler to Buy Symmetry Systems to Secure AI Agent Access

May 23, 2026 6:00 AM

Tags: access, ai

First seen on scworld.com Jump to article: www.scworld.com/brief/zscaler-to-buy-symmetry-systems-to-secure-ai-agent-access