Tag: threat
-
Maximum Severity Cisco SD-WAN Bug Exploited in the Wild
This is the second time this year a threat actor has leveraged a CVSS 10.0 vulnerability in Cisco’s network control system. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/maximum-severity-cisco-sd-wan-bug-exploited
-
White House cyber official: identity security matters more than ever in the age of AI
While AI tools present unique cybersecurity threats, they still rely on poor identity security by organizations to do the most damage, a White House official said Thursday. First seen on cyberscoop.com Jump to article: cyberscoop.com/white-house-federal-identity-security-ai-risks/
-
ODNI taps officials to coordinate response to foreign election threats
Director of National Intelligence Tulsi Gabbard has tapped two individuals to coordinate work across U.S. spy agencies to monitor threats to the 2026 elections, according to multiple sources familiar with the matter. First seen on therecord.media Jump to article: therecord.media/odni-taps-officials-to-coordinate-response-to-election-threats
-
‘FrostyNeighbor’ APT Carefully Targets Govt Orgs in Poland, Ukraine
Attackers uniquely fingerprint victims before delivering spear-phishing payloads aimed at espionage, in the latest campaign from the Belarussian nation-state threat group. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/frostyneighbor-apt-govt-orgs-poland-ukraine
-
Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike
The Belarus-aligned threat group known as Ghostwriter has been attributed to a fresh set of attacks targeting governmental organizations in Ukraine.Active since at least 2016, Ghostwriter has been linked to both cyber espionage and influence operations targeting neighboring countries, particularly Ukraine. It’s also tracked under the monikers FrostyNeighbor, PUSHCHA, Storm-0257, TA445, UAC”‘0057 First seen on…
-
Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike
The Belarus-aligned threat group known as Ghostwriter has been attributed to a fresh set of attacks targeting governmental organizations in Ukraine.Active since at least 2016, Ghostwriter has been linked to both cyber espionage and influence operations targeting neighboring countries, particularly Ukraine. It’s also tracked under the monikers FrostyNeighbor, PUSHCHA, Storm-0257, TA445, UAC”‘0057 First seen on…
-
TeamPCP, BreachForums Launch $1K Supply-Chain Attack Contest
A new cybercrime campaign is turning supply chain attacks into a public competition, as TeamPCP and BreachForums operators launch a $1,000 contest that encourages hackers to compromise open-source packages. The initiative, first highlighted by Dark Web Informer, signals an escalation in how threat actors are gamifying real-world attacks to recruit participants and expand their reach.…
-
Sandworm Hackers Shift From IT Breaches to Critical OT Targets
A new wave of cyber activity linked to the notorious Sandworm group is raising fresh alarms across global critical infrastructure. Security researchers warn that the Russian state-backed threat actor is no longer just infiltrating IT networks it is actively pivoting into operational technology (OT) environments where real-world disruption becomes possible. The findings are based on…
-
PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure
Threat actors have been observed attempting to exploit a recently disclosed security vulnerability in PraisonAI, an open-source multi-agent orchestration framework, within four hours of public disclosure.The vulnerability in question is CVE-2026-44338 (CVSS score: 7.3), a case of missing authentication that exposes sensitive endpoints to anyone, potentially allowing an attacker to invoke the First seen on…
-
Microsoft Research: AI Can Generate Realistic Command-Line and Process Telemetry
Tags: ai, attack, cloud, cyber, cybersecurity, data, detection, endpoint, incident response, intelligence, microsoft, risk, threatA new approach showing how artificial intelligence can generate highly realistic command-line data and process telemetry potentially transforming how security teams build and test threat detection systems. Logs and telemetry form modern cybersecurity risk, powering threat detection, incident response, and forensic investigations across endpoints and cloud environments. However, collecting high-quality attack telemetry remains a persistent…
-
Palo Alto Networks bets on identity security for autonomous AI with Idira launch
Tags: ai, attack, business, ceo, ciso, cloud, credentials, cybersecurity, governance, identity, injection, intelligence, least-privilege, mfa, network, RedTeam, risk, soc, threat, tool, vulnerabilityCISOs navigate AI risks: For enterprises, the launch reflects a broader industry shift toward identity-centric cybersecurity models as organizations deploy generative AI tools, autonomous agents, and cloud-native applications at scale.Analysts say the growing number of non-human identities is creating operational and security challenges because many existing identity systems were originally built to manage employees and…
-
When ransomware gets physical: cybercriminals turn to threats of violence
Pay up, or we’ll pay someone to pay you a visit. Cybercrime gangs are increasingly turning to real-world threats – and even hiring local muscle to deliver the message. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/ransomware-physical-threats-violence
-
FamousSparrow targets Azerbaijani energy sector in multi-wave espionage campaign
Chinese-linked FamousSparrow repeatedly targeted an Azerbaijani oil and gas company, reusing the same entry point in three intrusions from Dec 2025 to Feb 2026. Chinese-linked threat actor FamousSparrow has conducted a sustained intrusion campaign against an Azerbaijani oil and gas company, returning to the same compromised entry point three separate times between late December 2025…
-
BlackBerry doubles down on secure communications
Having sold its Cylance endpoint security portfolio to Arctic Wolf, the former smartphone pioneer is doubling down on military-grade encryption and post-quantum cryptography to shield critical infrastructure from AI-driven threats First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366643081/BlackBerry-doubles-down-on-secure-communications
-
GitLab Security Flaw Allows Cross-Site Scripting and Unauthenticated DoS
GitLab has issued an urgent security update to neutralise a massive wave of vulnerabilities. Threat actors could exploit these newly disclosed flaws to silently hijack developer sessions or completely paralyze continuous integration pipelines with unauthenticated attacks. GitLab Security Flaw On May 13, 2026, GitLab released critical patch versions 18.11.3, 18.10.6, and 18.9.7 for both its…
-
Nitrogen Ransomware claims massive data theft from Foxconn
Foxconn confirmed a cyberattack on some North American factories. The Nitrogen ransomware group claims it stole 8TB of data from the firm. Foxconn confirmed that several of its North American factories were affected by a cyberattack. The manufacturer confirmed it was targeted by threat actors after the Nitrogen ransomware group listed it on its Tor…
-
New Exim BDAT GnuTLS Vulnerability Enables Code Execution Attacks
A critical, stealthy vulnerability is lurking deep within Exim, the software powering a massive share of the world’s email infrastructure. Sitting exposed on the internet’s front lines, these message transfer agents are highly lucrative targets for ruthless threat actors. This newly unmasked memory corruption flaw arms attackers with the terrifying ability to remotely execute malicious…
-
Hackers accessed BWH Hotels reservation system for months
BWH Hotels says hackers accessed guest reservation data, including names and contacts, for over six months across multiple hotel brands. BWH Hotels disclosed a data breach, with threat actors having had access to guest reservation data for more than six months. The incident exposed names and contact details of an undisclosed number of guests. BWH…
-
Google and Amnesty International teamed up to make it harder for spyware vendors to hide
Intrusion Logging marks the first feature from a major device vendor to aid with forensic detection of sophisticated threats, Amnesty International said. First seen on cyberscoop.com Jump to article: cyberscoop.com/google-android-intrusion-logging-amnesty-spyware-detection/
-
Android 17 to expand banking scam call and privacy protections
Android 17, expected to roll out next month, will introduce several security and privacy features focused on device theft, threat detection, and banking scam calls. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/android-17-to-expand-banking-scam-call-and-privacy-protections/
-
Threat Actors Abuse Vercel AI Tools to Mass-Produce Realistic Phishing Sites
Threat actors are rapidly adopting generative AI platforms to scale phishing operations, and Vercel has emerged as a powerful enabler in this shift. Vercel is a cloud-based platform designed to help developers build and deploy modern web applications quickly. Its GenAI-powered tool, v0[.]dev, allows users to generate fully functional websites using simple text prompts. While…
-
Warum eingebaute KI-Leitplanken für Agentic-AI nicht ausreichen
KI-Agenten entwickeln sich rasant zu zentralen Werkzeugen der Automatisierung. Um ihre Aufgaben erfüllen zu können, benötigen sie umfangreiche Zugriffsrechte auf Tools, Datenbanken, SaaS-Anwendungen und das Internet. Ein aktueller Bericht unserer Okta Threat Intelligence warnt nun davor, diesen Systemen unreguliert die Schlüssel zum Stadttor wie Anmeldedaten, API-Schlüssel, persönliche Access-Tokens und OAuth-Tokens zu überreichen. Jüngste […] First…
-
Cushman and Wakefield Confirms Data Breach Impacting Over 310,000 Accounts
Global real estate powerhouse Cushman & Wakefield is the latest casualty in an escalating war of corporate extortion. Following a tense >>pay or leak<< standoff, the notorious ShinyHunters threat syndicate has carried out its threat, dumping hundreds of thousands of corporate records online. This massive exposure highlights the growing danger of identity-based attacks targeting massive…
-
Developer workstations are the new beachhead
Tags: access, application-security, attack, authentication, cloud, container, control, credentials, edr, endpoint, exploit, github, group, Hardware, identity, incident response, infrastructure, malware, mfa, monitoring, network, software, supply-chain, threat, updateThe economics that drive the convergence: A typical developer workstation holds SSH keys, cloud provider credentials, container registry tokens, Git authentication tokens and CI/CD pipeline secrets. Many developers have administrative access to internal package registries and deployment infrastructure. Their machines often sit outside the hardened perimeter that security teams build around production systems.From an attacker’s…
-
Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages
TeamPCP, the threat actor behind the recent supply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign.The affected npm packages have been modified to include an obfuscated JavaScript file (“router_init.js”) that’s designed…
-
84 npm Packages Linked to TanStack Hit by Supply-Chain Breach
A massive supply chain breach affecting 84 npm packages within the widely used TanStack ecosystem. Malicious actors compromised these packages by injecting a sophisticated credential-stealing tool designed to target continuous integration environments such as GitHub Actions. Packages such as React Router, which sees over 12 million weekly downloads, were modified, posing a severe threat to…
-
Google Warns Hackers Are Using AI to Build Working Zero-Day Exploits
Artificial intelligence has officially transitioned from an experimental hacking novelty into an industrial-scale weapon for cybercriminals. Google Threat Intelligence Group (GTIG) adversaries are now actively using generative AI models to discover vulnerabilities and engineer functional zero-day exploits. This marks a significant escalation in the cyber threat landscape, shifting AI’s role from a simple research assistant…

