Collecting Cyber-News from over 60 sources

Tag: service

Microsoft disrupts cybercrime service that abused software verification systems en masse

May 19, 2026 6:00 PM

Tags: cybercrime, group, malware, microsoft, ransomware, service, software, threat

Fox Tempest, a financially-motivated threat group, allowed ransomware operators and other cybercriminals to slip malware-laced software past security controls. First seen on cyberscoop.com Jump to article: cyberscoop.com/microsoft-digital-crimes-unit-disrupts-fox-tempest/
OverDoS in n8n Wie eine OAuth-Funktion über 70.000 Automatisierungsserver lahmlegen kann

May 19, 2026 5:00 PM

Tags: authentication, cve, open-source, remote-code-execution, service, vulnerability

Die Open-Source-Automatisierungsplattform n8n steht erneut im Fokus der Sicherheitsforschung. Diesmal geht es nicht um klassischen Remote Code Execution, sondern um eine besonders perfide Denial-of-Service-Schwachstelle mit dem Namen OverDoS. Sicherheitsforscher von Checkmarx zeigen, wie Angreifer ohne Authentifizierung ganze n8n-Instanzen gezielt mit Daten fluten und dadurch unbrauchbar machen können. Betroffen sind potenziell zehntausende öffentlich erreichbare Systeme. CVE-2026-42236:…
Internet Explorer may be dead, but its ghost still runs malware

May 19, 2026 4:00 PM

Tags: backdoor, crypto, detection, Internet, malware, microsoft, powershell, service, software, theft, tool, update, windows

A legacy Windows tool that refuses to die: Bitdefender’s findings suggest MSHTA remains attractive because it checks several boxes attackers like. These include it being Microsoft-signed, preinstalled on Windows, capable of in-memory execution, and still implicitly trusted in many environments.Other sophisticated campaigns picked it up too. Bitdefender detailed PurpleFox using MSHTA to launch ‘msiexec’ commands…
SASE-Spezialist Versa erhält ENS-Zertifizierung für den spanischen Markt

May 19, 2026 4:00 PM

Tags: access, service

Versa verfügt ab sofort über die spanische ENS-Zertifizierung der höchsten Stufe ALTA. Der Spezialist für Secure-Access-Service-Edge (SASE) erfüllt somit vollständig die strengen Anforderungen des Königlichen Dekrets 311/2022 und unterstreicht sein Engagement, Behörden und kritische Infrastrukturen mit höchsten Sicherheitsstandards zu schützen. Die Esquema Nacional de Seguridad (ENS) ist das gesetzlich verankerte Sicherheitsrahmenwerk für die elektronische Verwaltung…
The New Phishing Click: How OAuth Consent Bypasses MFA

May 19, 2026 3:00 PM

Tags: mfa, microsoft, phishing, service

In February 2026, a phishing-as-a-service (PhaaS) platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries. The targets of the platform received a message asking them to enter a short code at microsoft.com/devicelogin and complete their normal MFA challenge, then walked away believing they had…
Hosting Service Standards That Define High-Performing Agencies

May 19, 2026 2:00 PM

Tags: service

There’s a quiet pattern among the agencies that consistently outperform their competitors. Their client retention rates are higher…. First seen on hackread.com Jump to article: hackread.com/hosting-service-standards-high-performing-agencies/
Westcon-Comstor and TD Synnex roll out partner white-label offerings

May 19, 2026 2:00 PM

Tags: service

Channel players launch services that can be taken up by partners keen to extend their own capabilities and visibility in the market First seen on computerweekly.com Jump to article: www.computerweekly.com/microscope/news/366643373/Westcon-Comstor-and-TD-Synnex-roll-out-partner-white-label-offerings
ShinyHunters Takes Responsibility for Attack on Learning Management Platform

May 19, 2026 2:00 PM

Tags: attack, cyber, cyberattack, group, service, threat

A cyberattack linked to the notorious threat group ShinyHunters has disrupted a widely used Learning Management System (LMS), impacting educational institutions and students across the United States. According to a Public Service Announcement (PSA) issued by the FBI on May 15, 2026 (Alert I-051526-PSA), the platform has since been restored. However, concerns remain over potential…
Hackers Actively Exploit ‘Nginx Rift’ Vulnerability Affecting NGINX, F5 Products

May 19, 2026 1:00 PM

Tags: exploit, hacker, service, vulnerability

Hackers are actively exploiting the Nginx Rift vulnerability affecting NGINX and F5 products, exposing servers to denial-of-service attacks. First seen on hackread.com Jump to article: hackread.com/hackers-exploit-nginx-rift-vulnerability-nginx-f5-products/
From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat

May 19, 2026 1:00 PM

Tags: china, cisco, crime, cyber, group, malware, service, threat

Cisco Talos has uncovered a BadIIS variant, identifiable by its embedded “demo.pdb” strings, that functions as commodity malware, likely sold or shared among multiple Chinese-speaking cyber crime groups operating under a malware-as-a-service (MaaS) model for continuous monetization. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/from-pdb-strings-to-maas-tracking-a-commodity-badiis-ecosystem/
7 tips for accelerating cyber incident recovery

May 19, 2026 12:00 PM

Tags: attack, awareness, backup, breach, business, ceo, cio, ciso, cloud, communications, control, cyber, cybersecurity, data, defense, finance, framework, governance, incident, incident response, infection, insurance, international, lessons-learned, malicious, malware, monitoring, nist, risk, service, technology, threat, update

Emphasize scoping and containment from the outset: Because you can’t recover from what you can’t stop, scoping and containment should be the absolute first priority during incident recovery, says Amit Basu, CIO and CISO at freight shipping firm International Seaway.”Before anything else, you must stop the bleeding,” he says. This means understanding the true scope…
PostgreSQL Flaws Expose Databases to Remote Code Execution and SQL Injection

May 19, 2026 12:00 PM

Tags: attack, cyber, flaw, group, injection, remote-code-execution, service, sql, update, vulnerability

PostgreSQL has released critical security updates addressing multiple high-impact vulnerabilities that could allow remote code execution (RCE), SQL injection, and denial-of-service (DoS) attacks across widely deployed database environments. The PostgreSQL Global Development Group announced the release of versions 18.4, 17.10, 16.14, 15.18, and 14.23, fixing 11 security flaws and more than 60 bugs. These vulnerabilities…
Microsoft Details Storm-2949 Cloud Attack on Azure and Microsoft 365

May 19, 2026 10:00 AM

Tags: attack, breach, cloud, cyberattack, data, identity, infrastructure, intelligence, microsoft, service, theft, threat

Microsoft Threat Intelligence has disclosed details of a cyberattack carried out by a threat actor tracked as Storm-2949, which escalated from a targeted identity compromise into a large-scale breach of cloud infrastructure and sensitive enterprise systems. The campaign focused heavily on data theft from Microsoft 365 services, Azure-hosted production environments, and cloud storage resources, demonstrating how compromised identities can…
Interpol leads cybercrime crackdown across 13 countries in Middle East, North Africa

May 18, 2026 10:00 PM

Tags: cybercrime, finance, interpol, malware, middle-east, phishing, service

Operation Ramz resulted in 201 arrests and disrupted phishing services, malware and financial scams. First seen on cyberscoop.com Jump to article: cyberscoop.com/interpol-operation-ramz-middle-east-north-africa/
Government Backed Hackers Abuse Cloudflare in Malaysian Espionage Campaign

May 18, 2026 5:00 PM

Tags: data, espionage, government, hacker, service

Government Backed Hackers abused Cloudflare storage services in a Malaysian espionage campaign involving hidden C2 systems and data exfiltration. First seen on hackread.com Jump to article: hackread.com/government-backed-hackers-cloudflare-malaysia-espionage/
‘Patched’ Windows bug resurfaces 6 years later as working SYSTEM-level exploit

May 18, 2026 3:00 PM

Tags: access, cve, edr, exploit, flaw, microsoft, service, update, vpn, vulnerability, windows

Nightmare-Eclipse’s Windows disclosure spree keeps growing: MiniPlasma is only the latest entry in what has become one of 2026’s most chaotic Windows disclosure runs.The spree began with BlueHammer, a Windows Defender privilege escalation flaw later assigned CVE-2026-33825. That was followed by RedSun and UnDefend, two additional Windows privilege escalation and denial-of-service disclosures. Huntress later reported…
Why the best security investment a board can make in 2026 isn’t another tool

May 18, 2026 12:00 PM

Tags: access, ai, api, attack, automation, breach, cloud, credentials, data, detection, endpoint, governance, monitoring, network, risk, service, technology, tool

Attackers don’t break through your defenses. They walk between them: The most effective attacks today don’t target any single tool’s coverage area. They move through the seams. An attacker who compromises a valid credential doesn’t trigger endpoint detection. An attacker who moves from one cloud service to another using legitimate trust relationships doesn’t trip network…
AI coding is fueling a secrets-sprawl crisis few CISOs are containing

May 18, 2026 12:00 PM

Tags: access, ai, api, automation, awareness, business, ceo, ciso, control, credentials, data-breach, detection, governance, identity, leak, privacy, programming, risk, service, software, supply-chain, threat, tool, training, unauthorized

Addressing the broader issue: As AI-assisted coding expands, security leaders must rethink how they manage risk. That means looking beyond repositories and securing the full software development lifecycle (SDLC), including collaboration tools where credentials often show up.”We focus on both, but the risk profile is very different, what’s identified in Jira or Slack is far…
AI coding is fueling a secrets-sprawl crisis few CISOs are containing

May 18, 2026 12:00 PM

Tags: access, ai, api, automation, awareness, business, ceo, ciso, control, credentials, data-breach, detection, governance, identity, leak, privacy, programming, risk, service, software, supply-chain, threat, tool, training, unauthorized

Addressing the broader issue: As AI-assisted coding expands, security leaders must rethink how they manage risk. That means looking beyond repositories and securing the full software development lifecycle (SDLC), including collaboration tools where credentials often show up.”We focus on both, but the risk profile is very different, what’s identified in Jira or Slack is far…
Expired domain leads to supply chain attack on node-ipc npm package

May 16, 2026 12:00 AM

Tags: access, attack, cloud, control, credentials, data, data-breach, detection, dns, docker, email, github, gitlab, group, ibm, macOS, malicious, microsoft, open-source, password, service, software, supply-chain

require(‘node-ipc’). The trojanized versions were designed to remain fully functional to avoid immediate detection, which together with other decisions attackers took, such as data exfiltration via DNS TXT, suggest stealthiness was a top priority.Once executed, the malicious code collects information about the host system, including operating system version, hostname, and environment variables. It then starts…
Exchange Server zero-day vulnerability can be triggered by opening a malicious email

May 15, 2026 11:00 PM

Tags: automation, data, email, malicious, microsoft, mitigation, risk, service, tactics, update, vulnerability, zero-day

Known issues with mitigation tactics: However, admins should note there are known issues once the mitigation is applied either manually or automatically through the EM Service.OWA Print Calendar functionality might not work. As a workaround, copy the data or screenshot the calendar you want to print, or use Outlook Desktop client. Inline images might not…
Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access

May 15, 2026 8:00 PM

Tags: access, backdoor, botnet, cybersecurity, group, hacking, infrastructure, russia, service

The Russian state-sponsored hacking group known as Turla has transformed its custom backdoor Kazuar into a modular peer-to-peer (P2P) botnet that’s engineered for stealth and persistent access to compromised hosts. Turla, per the U.S. Cybersecurity and Infrastructure Security Agency (CISA), is assessed to be affiliated with Center 16 of Russia’s Federal Security Service (FSB) First…
Gunra Ransomware Expands RaaS After Conti Locker Shift

May 15, 2026 4:00 PM

Tags: cyber, cybercrime, group, ransomware, service

Gunra ransomware is rapidly evolving into a more structured and dangerous cybercrime operation after shifting from a Conti-based locker to its own Ransomware-as-a-Service (RaaS) model. First discovered in April 2025, the group initially targeted a small number of victims, but its recent operational changes have significantly increased its reach and impact across industries. Gunra first…
Cisco warns of an actively exploited SD-WAN flaw with max severity

May 15, 2026 3:00 PM

Tags: access, advisory, cisco, cloud, control, cve, cvss, cybersecurity, data-breach, exploit, flaw, infrastructure, kev, malicious, mitigation, network, service, software, update, vulnerability

root user account,” Cisco said. “Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.”The issue, tracked as CVE-2026-20182, received a max-severity rating of CVSS 10.0. The company said that the issue is configuration-independent, meaning vulnerable systems remain exposed regardless of deployment-specific settings.Cisco…
Hackers Exploit OAuth Device Flow to Steal Microsoft 365 Tokens

May 15, 2026 3:00 PM

Tags: authentication, cyber, exploit, hacker, microsoft, phishing, service, threat

Hackers are rapidly weaponizing a little-known Microsoft authentication feature to hijack enterprise accounts, as device code phishing surges across the threat landscape. The spike in activity is closely tied to the public release of criminal toolkits and phishing-as-a-service (PhaaS) platforms, making the once obscure technique widely accessible. New kits are appearing almost weekly, many seemingly…
The economics of ransomware 3.0

May 15, 2026 12:00 PM

Tags: alphv, attack, backup, breach, ceo, citrix, control, country, cyber, cyberattack, cybersecurity, data, data-breach, detection, encryption, endpoint, extortion, finance, framework, group, healthcare, HIPAA, incident response, insurance, moveIT, network, nist, office, privacy, ransom, ransomware, risk, russia, service, social-engineering, strategy, supply-chain, technology, threat

Triple extortion mechanism. Ashish Mishra What the Change Healthcare case tells you about real costs: Consider what happened to Change Healthcare in early 2024. The ALPHV group’s attack on this healthcare payments processor didn’t just encrypt systems, it exposed the personal health information of potentially over 100 million Americans and disrupted pharmacy services across the…
The economics of ransomware 3.0

May 15, 2026 12:00 PM

Tags: alphv, attack, backup, breach, ceo, citrix, control, country, cyber, cyberattack, cybersecurity, data, data-breach, detection, encryption, endpoint, extortion, finance, framework, group, healthcare, HIPAA, incident response, insurance, moveIT, network, nist, office, privacy, ransom, ransomware, risk, russia, service, social-engineering, strategy, supply-chain, technology, threat

Triple extortion mechanism. Ashish Mishra What the Change Healthcare case tells you about real costs: Consider what happened to Change Healthcare in early 2024. The ALPHV group’s attack on this healthcare payments processor didn’t just encrypt systems, it exposed the personal health information of potentially over 100 million Americans and disrupted pharmacy services across the…
Tycoon 2FA Operators Use OAuth Device Code Phishing to Bypass MFA

May 15, 2026 11:00 AM

Tags: 2fa, credentials, cyber, mfa, microsoft, phishing, service, threat

A new phishing campaign uncovered in late April 2026 shows how threat actors behind the Tycoon 2FA Phishing-as-a-Service (PhaaS) kit are evolving beyond traditional credential theft. This development comes just weeks after a global takedown effort led by Microsoft and Europol disrupted Tycoon 2FA infrastructure. Despite that operation, the actors have quickly adapted, reusing their…
Palo Alto Firewalls Hit by Zero-Day Allowing Arbitrary Code Execution as Root

May 15, 2026 8:00 AM

Tags: authentication, control, cve, cvss, cyber, exploit, firewall, flaw, hacker, network, service, software, vulnerability, zero-day

A devastating zero-day vulnerability in Palo Alto Networks firewalls is under active exploitation by suspected state-sponsored hackers, allowing unauthenticated attackers to seize complete control of enterprise security infrastructure. The flaw, tracked as CVE-2026-0300 with a critical CVSS score of 9.3, targets the User-ID Authentication Portal service in PAN-OS software and has been weaponized since at…
Dell SupportAssist Update Forces Windows Systems Into BSOD Loop

May 15, 2026 8:00 AM

Tags: cyber, service, update, windows

A faulty update to Dell’s SupportAssist Remediation service is triggering widespread system crashes, forcing thousands of Dell and Alienware devices into continuous Blue Screen of Death (BSOD) loops. Affected systems repeatedly crash with the “CRITICAL_PROCESS_DIED” error, often every 30 minutes, severely disrupting productivity and system stability. Dell has acknowledged the issue and confirmed that its…