Collecting Cyber-News from over 60 sources

Tag: control

Russian APT Turla builds long-term access tool with Kazuar Botnet evolution

May 16, 2026 8:00 PM

Tags: access, apt, backdoor, botnet, control, detection, group, malware, microsoft, russia, tool

Russia-linked APT group Turla turned its Kazuar malware into a stealthy P2P botnet for long-term access to compromised systems. Russia-linked APT group Turla upgraded its Kazuar backdoor into a modular peer-to-peer botnet designed for stealth and persistent access to infected systems. Microsoft researchers say the malware allows attackers to maintain long-term control while making detection…
Expired domain leads to supply chain attack on node-ipc npm package

May 16, 2026 12:00 AM

Tags: access, attack, cloud, control, credentials, data, data-breach, detection, dns, docker, email, github, gitlab, group, ibm, macOS, malicious, microsoft, open-source, password, service, software, supply-chain

require(‘node-ipc’). The trojanized versions were designed to remain fully functional to avoid immediate detection, which together with other decisions attackers took, such as data exfiltration via DNS TXT, suggest stealthiness was a top priority.Once executed, the malicious code collects information about the host system, including operating system version, hostname, and environment variables. It then starts…
The Next Cybersecurity Challenge May Be Verifying AI Agents

May 16, 2026 12:00 AM

Tags: ai, control, cybersecurity, identity

AI agents are reshaping cybersecurity. Learn why verification, trusted identity standards, and runtime controls are now essential. First seen on hackread.com Jump to article: hackread.com/next-cybersecurity-challenge-verifying-ai-agents/
Anthropic Warns US Risks Losing AI Edge to China Over Chips

May 16, 2026 12:00 AM

Tags: access, ai, china, control, infrastructure, risk

New Report Warns China Could Reach Frontier AI Near-Parity by 2028. Anthropic warned that weak chip export controls, model distillation and expanded Chinese access to advanced compute infrastructure could erode Washington’s frontier AI advantage and accelerate Beijing’s push toward near-parity in advanced AI systems. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/anthropic-warns-us-risks-losing-ai-edge-to-china-over-chips-a-31702
Two Unpatched Windows Exploits Target BitLocker, SYSTEM Access

May 15, 2026 9:00 PM

Tags: access, control, exploit, microsoft, update, windows

Two unpatched Windows exploit PoCs target BitLocker protections and privilege controls after Microsoft’s May Patch Tuesday security update. The post Two Unpatched Windows Exploits Target BitLocker, SYSTEM Access appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-unpatched-windows-exploits-bitlocker-privilege-escalation/
Hackers Use PyInstaller and AMSI Patching to Deliver XWorm RAT v7.4

May 15, 2026 8:00 PM

Tags: control, data, hacker, malware, rat, update, windows

Hackers are hiding XWorm malware in PyInstaller files to bypass Windows security, steal data and remotely control devices through ads. First seen on hackread.com Jump to article: hackread.com/hackers-pyinstaller-amsi-patching-xworm-rat-v7-4/
Cisco warns of an actively exploited SD-WAN flaw with max severity

May 15, 2026 3:00 PM

Tags: access, advisory, cisco, cloud, control, cve, cvss, cybersecurity, data-breach, exploit, flaw, infrastructure, kev, malicious, mitigation, network, service, software, update, vulnerability

root user account,” Cisco said. “Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.”The issue, tracked as CVE-2026-20182, received a max-severity rating of CVSS 10.0. The company said that the issue is configuration-independent, meaning vulnerable systems remain exposed regardless of deployment-specific settings.Cisco…
Google Project Zero Details Pixel 10 Zero-Click Exploit Chain

May 15, 2026 3:00 PM

Tags: android, control, cyber, exploit, google, update, vulnerability

A powerful zero-click exploit chain for the Pixel 10 that can take an attacker from a remote Dolby decoding bug to full kernel control through a single vulnerable video processing driver. The work shows both how quickly Google can now patch critical issues and how shallow mistakes in vendor drivers can still undermine Android’s security…
The economics of ransomware 3.0

May 15, 2026 12:00 PM

Tags: alphv, attack, backup, breach, ceo, citrix, control, country, cyber, cyberattack, cybersecurity, data, data-breach, detection, encryption, endpoint, extortion, finance, framework, group, healthcare, HIPAA, incident response, insurance, moveIT, network, nist, office, privacy, ransom, ransomware, risk, russia, service, social-engineering, strategy, supply-chain, technology, threat

Triple extortion mechanism. Ashish Mishra What the Change Healthcare case tells you about real costs: Consider what happened to Change Healthcare in early 2024. The ALPHV group’s attack on this healthcare payments processor didn’t just encrypt systems, it exposed the personal health information of potentially over 100 million Americans and disrupted pharmacy services across the…
The economics of ransomware 3.0

May 15, 2026 12:00 PM

Tags: alphv, attack, backup, breach, ceo, citrix, control, country, cyber, cyberattack, cybersecurity, data, data-breach, detection, encryption, endpoint, extortion, finance, framework, group, healthcare, HIPAA, incident response, insurance, moveIT, network, nist, office, privacy, ransom, ransomware, risk, russia, service, social-engineering, strategy, supply-chain, technology, threat

Triple extortion mechanism. Ashish Mishra What the Change Healthcare case tells you about real costs: Consider what happened to Change Healthcare in early 2024. The ALPHV group’s attack on this healthcare payments processor didn’t just encrypt systems, it exposed the personal health information of potentially over 100 million Americans and disrupted pharmacy services across the…
Cisco Catalyst SD-WAN Controller Flaw Under Active Exploitation for Admin Access

May 15, 2026 10:00 AM

Tags: access, attack, cisco, control, cve, cvss, cyber, exploit, flaw, network, vulnerability

Cisco has disclosed a critical vulnerability in its Catalyst SD-WAN platform that is already being exploited in the wild, allowing attackers to gain administrative control over enterprise networks without authentication. Critical SD-WAN flaw under attack The vulnerability, tracked as CVE-2026-20182, carries a maximum CVSS score of 10.0 and affects Cisco Catalyst SD-WAN Controller (vSmart) and…
Palo Alto Firewalls Hit by Zero-Day Allowing Arbitrary Code Execution as Root

May 15, 2026 8:00 AM

Tags: authentication, control, cve, cvss, cyber, exploit, firewall, flaw, hacker, network, service, software, vulnerability, zero-day

A devastating zero-day vulnerability in Palo Alto Networks firewalls is under active exploitation by suspected state-sponsored hackers, allowing unauthenticated attackers to seize complete control of enterprise security infrastructure. The flaw, tracked as CVE-2026-0300 with a critical CVSS score of 9.3, targets the User-ID Authentication Portal service in PAN-OS software and has been weaponized since at…
Zombie linkages are keeping expired domains trusted for years

May 15, 2026 8:00 AM

Tags: control

Domains expire, get transferred, and return to the market every day. The systems connected to those domains can continue trusting the original owner long after control has … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/15/expired-domains-security-risks-research/
Akamai to Buy LayerX for $205M to Expand AI Browser Security

May 15, 2026 12:00 AM

Tags: access, ai, control, data, startup, zero-trust

Akamai Says Startup LayerX’s Browser Telemetry Will Strengthen Access Decisions. Akamai said its proposed $205 million acquisition of LayerX will add enterprise browser security and AI usage controls to its zero trust portfolio as enterprises grapple with generative AI data exposure, autonomous AI agents and growing demand for browser-level visibility. First seen on govinfosecurity.com Jump…
Maximum Severity Cisco SD-WAN Bug Exploited in the Wild

May 15, 2026 12:00 AM

Tags: cisco, control, cvss, exploit, network, threat, vulnerability

This is the second time this year a threat actor has leveraged a CVSS 10.0 vulnerability in Cisco’s network control system. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/maximum-severity-cisco-sd-wan-bug-exploited
Meet Fragnesia, the third Linux kernel vulnerability in a month

May 14, 2026 11:00 PM

Tags: access, control, exploit, framework, least-privilege, linux, mfa, mitigation, monitoring, password, service, switch, update, vulnerability

CSO. “It is bypassing traditional filesystem permissions that are present and enforced (for example, ‘file is owned by root’, or ‘file is read-only’) to allow manipulation without touching the disk.”Similar to Dirty Frag, Fragnesia (CVE-2026-46300) is a local privilege escalation hole that exploits a vulnerability in the XFRM ESP-in-TCP subsystem to achieve a memory write…
U.S. CISA adds a flaw in Cisco Catalyst SD-WAN to its Known Exploited Vulnerabilities catalog

May 14, 2026 10:00 PM

Tags: cisa, cisco, control, cve, cybersecurity, exploit, flaw, infrastructure, kev, vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Cisco Catalyst SD-WAN to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Cisco Catalyst SD-WAN, tracked as CVE-2026-20182 (CVSS score of 10.0), to its Known Exploited Vulnerabilities (KEV) catalog. Cisco fixed CVE-2026-20182, a flaw in SD-WAN control…
FlowerStorm phishing gang adopts virtual-machine obfuscation to evade email defenses

May 14, 2026 4:00 PM

Tags: attack, authentication, business, cloud, communications, control, credentials, defense, detection, email, framework, government, infrastructure, login, malicious, malware, mfa, microsoft, phishing, service, theft

The campaign dynamically adapts to victims: After deobfuscation, the phishing payload loads infrastructure designed to impersonate Microsoft 365 and other login portals while dynamically adapting to targeted users.According to the report, the malware can determine which authentication provider should be impersonated, preload victim email addresses into phishing pages, and customize branding elements such as company…
Understanding the Hidden Cost of Faster Payments

May 14, 2026 4:00 PM

Tags: control, finance, fraud

As Regulators Tighten Liability Rules, Banks Face Pressure to Justify Fraud Losses. So far, banks have managed to strike a balance between fraud prevention and customer convenience, often accepting a certain level of loss rather than introducing controls that could slow payments, increase false declines or drive customers to competitors. First seen on govinfosecurity.com Jump…
New Malware Framework Enables Screen Control and UAC Bypass

May 14, 2026 3:00 PM

Tags: access, attack, control, cyber, framework, infrastructure, malware, open-source, tool

A sophisticated malware framework capable of screen control, browser artifact access, and User Account Control (UAC) bypass, highlighting how attackers are increasingly adapting open-source tools for real-world intrusions. The attack chain revealed a carefully staged operation designed to blend into normal enterprise traffic. Investigators observed suspicious infrastructure activity, host-level artifacts, and command-and-control (C2) communication patterns…
Amazon Quick Security Flaw Allowed Restricted Users to Access AI Chat Agents

May 14, 2026 1:00 PM

Tags: access, ai, business, cloud, control, cyber, flaw, intelligence

A newly disclosed security flaw in Amazon’s AI-powered business intelligence platform has revealed how restricted users could quietly bypass controls and interact with AI chat agents, despite explicit administrative denial. The issue, discovered by Fog Security researcher Jason Kao, exposes a critical gap between user interface restrictions and backend enforcement in modern AI-integrated cloud services.…
Microsoft turns Copilot Studio into an AI agent control center

May 14, 2026 1:00 PM

Tags: ai, control, governance, microsoft, update

The Microsoft Copilot Studio April 2026 updates improve visibility and governance for admins and expand workflow capabilities for managing agents. Copilot surfaces agent … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/14/copilot-studio-security-governance-updates/
What CISOs need to land a board role

May 14, 2026 12:01 PM

Tags: business, ciso, control, corporate, cyber, cybersecurity, finance, governance, government, intelligence, jobs, resilience, risk, skills, strategy, training

Tips for CISOs aiming for a board role: For CISOs interested in contributing to global vendor boards, Morelli advises focusing on becoming a partner, not just a customer. This requires the ability to articulate how a product’s evolution impacts the risk profile of an entire sector.For non-industry or public boards, CISOs must be comfortable contributing…
New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots

May 12, 2026 4:20 PM

Tags: android, banking, control, crypto, cybersecurity, network

Cybersecurity researchers have flagged a new version of the TrickMo Android banking trojan that uses The Open Network (TON) for command-and-control (C2).The new variant, observed by ThreatFabric between January and February 2026, has been observed actively targeting banking and cryptocurrency wallet users in France, Italy, and Austria.”TrickMo relies on a runtime-loaded APK (dex.module), First seen…
Attackers exploit cPanel CVE-2026-41940 to deploy Filemanager Backdoor

May 12, 2026 3:19 PM

Tags: backdoor, control, cve, cybercrime, exploit, flaw, unauthorized, vulnerability

Attackers are exploiting cPanel flaw CVE-2026-41940 to install the Filemanager backdoor and gain unauthorized admin access. Cybercriminals are actively exploiting the critical cPanel vulnerability CVE-2026-41940 (CVSS score of 9.3) to deploy a backdoor called Filemanager on compromised servers. cPanelis a widely used web hosting control panel that lets users manage websites and servers through a…
Developer workstations are the new beachhead

May 12, 2026 1:18 PM

Tags: access, application-security, attack, authentication, cloud, container, control, credentials, edr, endpoint, exploit, github, group, Hardware, identity, incident response, infrastructure, malware, mfa, monitoring, network, software, supply-chain, threat, update

The economics that drive the convergence: A typical developer workstation holds SSH keys, cloud provider credentials, container registry tokens, Git authentication tokens and CI/CD pipeline secrets. Many developers have administrative access to internal package registries and deployment infrastructure. Their machines often sit outside the hardened perimeter that security teams build around production systems.From an attacker’s…
CISOs step into the AI spotlight

May 12, 2026 12:19 PM

Tags: ai, api, attack, automation, awareness, business, ciso, control, cyber, cybersecurity, data, defense, detection, exploit, finance, fraud, governance, identity, infrastructure, jobs, least-privilege, military, phishing, risk, service, social-engineering, software, technology, threat, tool, training, update, vulnerability, vulnerability-management

Move fast, keep risk at bay: Like Hensley, Jeff Trudeau, CSO of Chime, says the role is fundamentally shifting from a control function to a strategic partner in how the business adopts AI responsibly. At Chime, that means being embedded early in how AI is built and deployed, not reviewing it after the fact, Trudeau…
CISOs step into the AI spotlight

May 12, 2026 12:19 PM

Tags: ai, api, attack, automation, awareness, business, ciso, control, cyber, cybersecurity, data, defense, detection, exploit, finance, fraud, governance, identity, infrastructure, jobs, least-privilege, military, phishing, risk, service, social-engineering, software, technology, threat, tool, training, update, vulnerability, vulnerability-management

Move fast, keep risk at bay: Like Hensley, Jeff Trudeau, CSO of Chime, says the role is fundamentally shifting from a control function to a strategic partner in how the business adopts AI responsibly. At Chime, that means being embedded early in how AI is built and deployed, not reviewing it after the fact, Trudeau…
Why patching SLAs should be the floor, not the strategy

May 12, 2026 12:19 PM

Tags: attack, authentication, business, cisa, ciso, compliance, control, cve, cvss, cyber, exploit, flaw, grc, identity, kev, metric, risk, service, strategy, tool, update, vulnerability, vulnerability-management

SLAs measure discipline, not risk: Here’s the mental model I’ve been pushing with my peers. Think of patching SLAs the way you think of fire drills. Fire drills are necessary. They prove that, on a predictable cadence, your organization can execute a known procedure. No one in charge of a building full of people would…
Android banking Trojan TrickMo evolves using TON network for C2

May 12, 2026 10:19 AM

Tags: android, banking, control, malware, network

ThreatFabric found a new TrickMo Android trojan focused on stealth and persistence, moving its command-and-control traffic to the TON network. Security researchers at ThreatFabric have recently identified a new version of TrickMo, a dangerous Android banking trojan that shows how malware operators are focusing less on flashy new features and more on improving stealth, flexibility,…