Collecting Cyber-News from over 60 sources

Tag: service

Software and services shift benefits Westcon-Comstor

May 26, 2026 4:00 PM

Tags: business, service, software

Distributor shares full-year numbers as it continues to look for higher-value business and areas that deliver recurring revenues First seen on computerweekly.com Jump to article: www.computerweekly.com/microscope/news/366643572/Software-and-services-shift-benefits-Westcon-Comstor
EU Regulators Prepare Landmark Fine Against Google Under Digital Markets Act

May 26, 2026 3:00 PM

Tags: cyber, google, service, technology

The European Union is preparing to issue a landmark penalty against Google under its Digital Markets Act (DMA), marking a significant escalation in regulatory enforcement against major technology platforms. According to multiple reports, EU regulators have formally accused Alphabet’s Google of manipulating search results to prioritize its own services, raising concerns about fair competition, platform…
Angular Language Service Extension Flaws Allow Remote Code Execution

May 26, 2026 3:00 PM

Tags: advisory, attack, cyber, flaw, github, malicious, remote-code-execution, risk, service, vulnerability

Multiple high-severity vulnerabilities have been discovered in the Angular Language Service VS Code extension (Angular.ng-template), exposing developers to remote code execution (RCE) attacks through malicious project files and dependencies. The issues, tracked under GitHub advisory GHSA-ccq4-xmxr-8hcq, affect all versions before 21.2.4 and have been patched in the latest release. These flaws pose significant risks to…
Apache CXF Flaw Exposes Systems to LDAP Injection Attacks

May 26, 2026 11:00 AM

Tags: access, apache, attack, cve, cyber, flaw, injection, risk, service, unauthorized, vulnerability

Apache CXF users are facing a significant security risk following the disclosure of a new vulnerability that exposes systems to LDAP injection attacks, potentially allowing unauthorized access to sensitive certificate data. The issue, tracked as CVE-2026-44930, has been classified as “important” and affects the LDAP certificate repository within the XKMS (XML Key Management Specification) service…
ConnectWise Automate Flaw Allows Hackers to Evade Security Controls

May 26, 2026 11:00 AM

Tags: control, cve, cvss, cyber, flaw, hacker, monitoring, service, tool, unauthorized, update, vulnerability

ConnectWise has released a security update to address a high-severity vulnerability in its ConnectWise Automate remote monitoring and management (RMM) platform, a widely used tool for managed service providers (MSPs). The flaw, tracked as CVE-2026-9089, carries a CVSS score of 8.8 and could allow attackers to bypass integrity verification mechanisms, potentially enabling unauthorized code execution…
7-Eleven data breach exposes personal information of 185,000 people

May 26, 2026 10:00 AM

Tags: breach, data, data-breach, extortion, hacking, service

The ShinyHunters extortion gang stole the personal information of over 183,000 people after hacking the systems of convenience store chain giant 7-Eleven in April, according to data breach notification service Have I Been Pwned. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/7-eleven-data-breach-exposes-personal-information-of-185-000-people/
FBI warns of Kali365 phishing service targeting Microsoft 365 accounts

May 25, 2026 4:00 PM

Tags: authentication, mfa, microsoft, phishing, service

The FBI is warning about the Kali365 phishing-as-a-service platform (PhaaS) that is used to hijack Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass multi-factor authentication (MFA). First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbi-warns-of-kali365-phishing-service-targeting-microsoft-365-accounts/
Telegram Channels Fuel Sale of Verified Bank Mule Accounts

May 25, 2026 1:02 PM

Tags: cyber, cybercrime, finance, fintech, group, intelligence, service, threat

Cybercriminal groups are increasingly using Telegram channels and encrypted platforms to sell verified bank and fintech mule accounts, signaling a major shift in how illicit funds are laundered at scale. According to recent threat intelligence findings, money mule operations have evolved into structured Mule-as-a-Service (MaaS) ecosystems, allowing attackers to outsource financial laundering just as easily…
FBI Warns ‘Kali365’ Phishing Kit Hijacks Microsoft 365 OAuth Tokens

May 25, 2026 12:00 PM

Tags: cybercrime, microsoft, phishing, service

The Kali365 phishing-as-a-service platform lowers the barrier of entry for cybercriminals, said the FBI First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fbi-kali365-phishing-kit-m365/
Nginx-poolslip Flaw Exposes Servers to DoS and Code Execution Attacks

May 25, 2026 8:01 AM

Tags: attack, cve, cyber, dos, flaw, service, vulnerability

NGINX users are facing a critical security issue after F5 disclosed a new vulnerability, tracked as CVE-2026-9256, affecting the widely used ngx_http_rewrite_module. The flaw, dubbed “Nginx-poolslip,” can allow attackers to trigger denial-of-service (DoS) conditions and, under certain conditions, achieve remote code execution. Nginx-poolslip Flaw The issue originates from improper handling of overlapping PCRE (Perl-Compatible Regular…
‘First VPN’ service used by cybercriminals dismantled in international operation

May 23, 2026 6:00 AM

Tags: cybercrime, international, service, vpn

First seen on scworld.com Jump to article: www.scworld.com/brief/first-vpn-service-used-by-cybercriminals-dismantled-in-international-operation
Moving Beyond Break/Fix: How to Integrate BIA and BCP Services

May 23, 2026 6:00 AM

Tags: service

First seen on scworld.com Jump to article: www.scworld.com/native/moving-beyond-break-fix-how-to-integrate-bia-and-bcp-services
FBI warns of Kali365 phishing-as-a-service after April Microsoft 365 attacks

May 22, 2026 11:00 PM

Tags: access, advisory, attack, cybercrime, law, microsoft, phishing, service

The law enforcement agency published an advisory on Thursday about Kali365, a Telegram-based service for cybercriminals that allows them to capture legitimate “OAuth” tokens enabling widespread access to Microsoft 365 environments. First seen on therecord.media Jump to article: therecord.media/fbi-warns-of-kali365-phishing-attacks
FBI Warns of Kali365 Phishing Service Targeting Microsoft 365 Account

May 22, 2026 11:00 PM

Tags: cybercrime, mfa, microsoft, phishing, scam, service

FBI warns of Kali365, a PaaS scam kit that lets cybercriminals bypass MFA and hijack Microsoft 365 accounts without passwords. First seen on hackread.com Jump to article: hackread.com/fbi-kali365-phishing-service-microsoft-365-account/
IBM Targets AI Inference Costs and VM Modernization With New Red Hat Cloud Services

May 22, 2026 10:00 PM

Tags: ai, cloud, ibm, service

First seen on scworld.com Jump to article: www.scworld.com/news/ibm-targets-ai-inference-costs-and-vm-modernization-with-new-red-hat-cloud-services
Microsoft disrupts Fox Tempest malware-signing service

May 22, 2026 10:00 PM

Tags: malware, microsoft, service

First seen on scworld.com Jump to article: www.scworld.com/brief/microsoft-disrupts-fox-tempest-malware-signing-service
First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups

May 22, 2026 9:00 PM

Tags: attack, data, group, network, ransomware, service, theft, usa, vpn

Authorities in Europe and North America have announced the dismantling of a criminal virtual private network (VPN) service used by criminal actors to obscure the origins of ransomware attacks, data theft, scanning, and denial-of-service attacks.The disruption of First VPN Service was led by France and the Netherlands, with several other nations supporting the investigation since…
Water, the Soft Underbelly of Critical Infrastructure

May 22, 2026 8:00 PM

Tags: cyber, cybersecurity, governance, government, infrastructure, service, threat, usa, vulnerability

Fragmented Governance and Scarce Resources Make America’s Water Sector Vulnerable. America’s water utilities are the nation’s most cyber-vulnerable critical service sector, but their cybersecurity is overseen and supported by an ill-fitting patchwork of government agencies and most lack the resources to meet the threat they face. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/water-soft-underbelly-critical-infrastructure-a-31758
New York regulator calls for additional cyber mitigation amid heightened threat environment

May 22, 2026 6:00 PM

Tags: ai, cyber, finance, iran, mitigation, service, threat

The guidance from the state Department of Financial Services arises from concerns about frontier AI and threats linked to the Iran war and other geopolitical risks. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/new-york-regulator-cyber-mitigation-threat-AI-Iran/820979/
Canadian man arrested, charged for running KimWolf DDos botnet

May 22, 2026 6:00 PM

Tags: botnet, ddos, jobs, service

In court documents unsealed on Thursday, the Justice Department said Jacob Butler ran KimWolf as a DDoS-for-hire service that infected over a million devices worldwide. First seen on therecord.media Jump to article: therecord.media/canadian-man-arrested-charged-running-kimwolf-botnet
Botnetz: 23-Jähriger Kanadier wegen Botnetz-Betrieb verhaftet

May 22, 2026 4:00 PM

Tags: botnet, ddos, jobs, service

Dem Verdächtigen wird vorgeworfen, das Botnetz Kimwolf als DDoS-for-hire-Service angeboten zu haben. First seen on golem.de Jump to article: www.golem.de/news/botnetz-23-jaehriger-kanadier-wegen-botnetz-betrieb-verhaftet-2605-208979.html
Deleted Google API keys keep working for up to 23 minutes, researchers warn

May 22, 2026 3:00 PM

Tags: access, api, credentials, data-breach, google, service

Google API keys are credentials that let applications access Google services, from Maps to the Gemini AI. If a key is leaked, an attacker can use it to make API calls, rack up … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/22/deleted-google-api-keys-risk/
Hackers steal patient and billing data from German hospitals via third-party provider

May 22, 2026 2:00 PM

Tags: breach, data, data-breach, hacker, healthcare, service

The large-scale data breach reportedly hit Unimed, a company that handles billing services for privately insured and self-paying patients on behalf of numerous German hospitals. First seen on therecord.media Jump to article: therecord.media/hackers-steal-patient-billing-data-german-hospitals
Suspected KimWolf botnet admin arrested over DDoShire operation

May 22, 2026 2:00 PM

Tags: attack, botnet, ddos, jobs, service

U.S. and Canadian authorities arrested and charged a Canadian man accused of operating the KimWolf DDoS botnet, a service linked to attacks that infected more than one million … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/22/kimwolf-ddos-botnet-administrator-arrested/
CISA Issues Alert on Exploited Microsoft Defender Zero-Day Vulnerabilities

May 22, 2026 1:00 PM

Tags: cisa, cve, cyber, dos, exploit, kev, microsoft, service, vulnerability, zero-day

CISA has issued an urgent alert warning organizations about two newly disclosed zero-day vulnerabilities affecting Microsoft Defender, both added to the Known Exploited Vulnerabilities (KEV) catalog on May 20, 2026. CVE-2026-45498: Microsoft Defender DoS Vulnerability CVE-2026-45498 is a denial-of-service (DoS) vulnerability in Microsoft Defender that can cause the security service to stop functioning. An attacker…
Microsoft 365 users targeted by new phishing threat that bypasses MFA

May 22, 2026 12:00 PM

Tags: access, mfa, microsoft, phishing, service, threat

Microsoft 365 access tokens are being targeted by an emerging Phishing-as-a-Service (PhaaS) platform called Kali365, the FBI is warning. First observed in April 2026, Kali365 … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/22/kali365-microsoft-365-phishing-fbi-warning/
US and Canada arrest and charge suspected Kimwolf botnet admin

May 22, 2026 12:00 PM

Tags: botnet, service

U.S. and Canadian authorities arrested and charged a Canadian man with operating the KimWolf distributed denial-of-service (DDoS) botnet, which infected nearly two million devices worldwide. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-and-canada-arrest-and-charge-suspected-kimwolf-botnet-admin/
Android Malware Secretly Signs Users Up for Premium Services

May 22, 2026 12:00 PM

Tags: android, cyber, fraud, malware, mobile, service

Android users are being targeted by a large-scale malware campaign that silently subscribes victims to premium mobile services without their knowledge. The malware campaign focuses on carrier billing fraud, abusing premium SMS services to generate revenue for attackers. What makes this operation particularly dangerous is its ability to target victims based on their mobile operator…
Kimwolf DDoS Botnet Operator Arrested in Canada Over DDoSHire Attacks

May 22, 2026 12:00 PM

Tags: attack, botnet, ddos, jobs, offense, service

The U.S. Department of Justice (DoJ) on Thursday announced the arrest of a Canadian man in connection with allegedly operating a distributed denial-of-service (DDoS) botnet known as Kimwolf.In tandem, Jacob Butler (aka Dort), 23, Ottawa, Canada, has been charged with offenses related to the development and operation of the botnet. Kimwolf is assessed to be…
Dynamit-Phishing: Neue OAuth-Angriffe kapern Unternehmenszugänge in Sekunden

May 22, 2026 12:00 PM

Tags: cloud, cyberattack, phishing, service

Mit der zunehmenden Verbreitung von Phishing-as-a-Service und zentralisierten Cloud-Identitäten dürfte die Bedrohung weiter wachsen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/dynamit-phishing-neue-oauth-angriffe-kapern-unternehmenszugaenge-in-sekunden/a45269/