Collecting Cyber-News from over 60 sources

Tag: tool

DAEMON Tools trojanized in supply-chain attack to deploy backdoor

May 5, 2026 10:48 PM

Tags: attack, backdoor, hacker, software, supply-chain, tool

Hackers trojanized installers for the DAEMON Tools software and since April 8, delivered a backdoor to thousands of systems that downloaded the product from the official website. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/daemon-tools-trojanized-in-supply-chain-attack-to-deploy-backdoor/
DAEMON Tools trojanized in supply-chain attack to deploy backdoor

May 5, 2026 9:48 PM

Tags: attack, backdoor, hacker, software, supply-chain, tool

Hackers trojanized installers for the DAEMON Tools software and since April 8, delivered a backdoor to thousands of systems that downloaded the product from the official website. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/daemon-tools-trojanized-in-supply-chain-attack-to-deploy-backdoor/
The EOL Blind Spot in Your CVE Feed: What SCA Tools Miss

May 5, 2026 8:48 PM

Tags: cve, open-source, software, tool, vulnerability

Critical vulnerabilities can exist in open source software your scanners don’t check. HeroDevs reveals how EOL software creates blind spots in CVE feeds and SCA tools, and how you can receive a free end-of-life scan for your projects. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-eol-blind-spot-in-your-cve-feed-what-sca-tools-miss/
DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware

May 5, 2026 7:48 PM

Tags: attack, kaspersky, malicious, malware, software, supply-chain, tool

A newly identified supply chain attack targeting DAEMON Tools software has compromised its installers to serve a malicious payload, according to findings from Kaspersky.”These installers are distributed from the legitimate website of DAEMON Tools and are signed with digital certificates belonging to DAEMON Tools developers,” Kaspersky researchers Igor Kuznetsov, Georgy Kucherin, Leonid First seen on…
Kaspersky suspects Chinese hackers planted a backdoor into Daemon Tools in ‘widespread’ attack

May 5, 2026 5:49 PM

Tags: attack, backdoor, china, cybersecurity, hacker, infection, kaspersky, malicious, tool, windows

The cybersecurity company says it’s seen thousands of infection attempts, and at least a dozen successful hacks after users installed malicious versions of the popular Windows software. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/05/kaspersky-suspects-chinese-hackers-planted-a-backdoor-into-daemon-tools-in-widespread-attack/
Hackers Abuse DAEMON Tools Distribution Channel to Deliver Malicious Payloads

May 5, 2026 4:49 PM

Tags: attack, cyber, cyberespionage, hacker, malicious, malware, supply-chain, threat, tool

A sophisticated supply-chain attack has compromised the official distribution channel for DAEMON Tools, delivering multi-stage malware to users worldwide. Since April 8, 2026, threat actors have distributed trojanized installers signed with legitimate digital certificates to conduct highly targeted cyberespionage operations. Attackers successfully breached the development pipeline of AVB Disc Soft, the creators of the widely…
The EOL Blind Spot in Your CVE Feed: What SCA Tools Don’t Check.

May 5, 2026 4:49 PM

Tags: cve, open-source, software, tool, vulnerability

Critical vulnerabilities can exist in open source software your scanners don’t check. HeroDevs reveals how EOL software creates blind spots in CVE feeds and SCA tools, and how you can receive a free end-of-life scan for your projects. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-eol-blind-spot-in-your-cve-feed-what-sca-tools-dont-check/
Huntress Expands Channel Partnerships to Boost Cybersecurity Reach Across Mid-Market and Public Sector

May 5, 2026 3:48 PM

Tags: access, cybersecurity, software, tool

Global cybersecurity company Huntress has announced a major expansion of its global channel ecosystem, adding four new distribution partners to accelerate growth across the mid-market, public sector, and EMEA regions. The new partnerships with Ingram Micro, Vertosoft, Liquid PC, and QBS Software are designed to broaden access to enterprise-grade cybersecurity tools for organizations increasingly targeted…
The Back Door Attackers Know About, and Most Security Teams Still Haven’t Closed

May 5, 2026 3:48 PM

Tags: ai, automation, control, google, mfa, microsoft, tool

Every AI tool, workflow automation, and productivity app your employees connected to Google or Microsoft this year left something behind: a persistent OAuth token with no expiration date, no automatic cleanup, and in most organizations, no one watching it. Your perimeter controls don’t see it. Your MFA doesn’t stop it. And when an attacker gets…
Stealthy malware abuses Microsoft Phone Link to siphon SMS OTPs from enterprise PCs

May 5, 2026 1:48 PM

Tags: access, control, credentials, data, detection, infection, infrastructure, malicious, malware, microsoft, phone, rat, rust, startup, theft, threat, tool, update, windows

Multi-stage infection chain: The intrusion begins with an unknown initial access vector, followed by the execution of a malicious file disguised as a ScreenConnect update, Talos said.The initial payload is a Rust-compiled loader using filenames such as “systemupdates.exe,” which drops a .NET loader disguised as a text file in a system directory, the post said.Persistence…
CloudZ malware abuses Microsoft Phone Link to steal SMS and OTPs

May 5, 2026 12:49 PM

Tags: access, malicious, malware, microsoft, mobile, phone, tool

A new version of the CloudZ remote access tool (RAT) is deploying a previously unseen malicious plugin called Pheno that hijacks the Microsoft Phone Link connection to steal sensitive codes from mobile devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cloudz-malware-abuses-microsoft-phone-link-to-steal-sms-and-otps/
CISOs step up to the security workforce challenge

May 5, 2026 11:47 AM

Tags: ai, attack, automation, ciso, conference, control, cyber, cyberattack, cybersecurity, jobs, malicious, risk, skills, strategy, technology, threat, tool, training

Gomez-Sanchez and Turpin are speaking at the CSO Cybersecurity Awards & Conference, May 11-13. Reserve your place. And then there’s AI. When it comes to security, AI may help partially offset cyber skills shortages by automating certain tasks, but it also ramps up cyberattack volumes and expands the organizational attack surface, without fixing CISOs’ ongoing talent…
Zugriff auf Quellcode von Trellix: Cyberangriff trifft große Cybersicherheitsfirma

May 5, 2026 10:48 AM

Tags: access, cyberattack, tool

Ein Angreifer konnte auf Quellcode-Repositorys von Trellix zugreifen. Auch Tools anderer Cybersicherheitsfirmen standen zuletzt unter Beschuss. First seen on golem.de Jump to article: www.golem.de/news/cyberangriff-auf-cybersicherheitsfirma-angreifer-gelangt-an-quellcode-von-trellix-2605-208308.html
Cyberangriff auf Cybersicherheitsfirma: Angreifer gelangt an Quellcode von Trellix

May 5, 2026 9:48 AM

Tags: cyberattack, tool

Ein Angreifer konnte auf Quellcode-Repositorys von Trellix zugreifen. Auch Tools anderer Cybersicherheitsfirmen standen zuletzt unter Beschuss. First seen on golem.de Jump to article: www.golem.de/news/cyberangriff-auf-cybersicherheitsfirma-angreifer-gelangt-an-quellcode-von-trellix-2605-208308.html
Feds Indict Ex-Hospital Pharmacist for Spying on Co-Workers

May 5, 2026 1:48 AM

Tags: credentials, healthcare, spy, tool

Defendant Is Also at Center of a Civil Class Action Against His Former Employer. A federal grand jury has indicted a former Maryland hospital pharmacist, alleging he weaponized tech tools – including keylogging – to steal credentials and spy on nearly 200 co-workers and other individuals over an eight-year period. The defendant is also the…
RMM Tools Fuel Stealthy Phishing Campaign

May 4, 2026 11:51 PM

Tags: detection, monitoring, phishing, tool

Attackers are abusing two remote monitoring and management (RMM) tools to evade detection in a campaign that has impacted over 80 organizations so far. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/rmm-tools-stealthy-phishing-campaign
How Mythos Signals Cybersecurity Disruption

May 4, 2026 9:48 PM

Tags: access, ai, attack, banking, browser, business, cybersecurity, data, exploit, finance, government, hacker, healthcare, infrastructure, microsoft, open-source, risk, software, technology, tool, update, vulnerability, zero-day

What is Mythos Mythos is Anthropic’s latest AI model, and it is stirring up a tornado of concern in cybersecurity circles. Even before its release, Mythos discovered thousands of new sensitive vulnerabilities in commercial and open-source software, including all major operating systems and web browsers. One was in existence for over 27 years without the industry…
Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools

May 4, 2026 8:49 PM

Tags: access, monitoring, phishing, software, tool

An active phishing campaign has been observed targeting multiple vectors since at least April 2025, with legitimate Remote Monitoring and Management (RMM) software as a way to establish persistent remote access to compromised hosts.The activity, codenamed VENOMOUS#HELPER, has impacted over 80 organizations, most of which are in the U.S., according to Securonix. It shares overlaps…
FlowCarp Identifies Protocols

May 4, 2026 6:48 PM

Tags: network, tool

I am thrilled to announce the release of a brand new tool called FlowCarp! FlowCarp is a simple command line tool that performs a very complicated task. It identifies the application layer protocol in network traffic without relying on port numbers, static signatures or code that tries to parse the[…] First seen on securityboulevard.com Jump…
New MOVEit vulnerabilities prompt urgent patch warning

May 4, 2026 6:48 PM

Tags: moveIT, software, tool, update, vulnerability

Progress Software warned customers to immediately upgrade the file-transfer tool to fix the serious flaws. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/moveit-vulnerabilities-authentication-bypass-privilege-escalation/819187/
âš¡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & More

May 4, 2026 6:48 PM

Tags: ai, android, breach, control, exploit, github, linux, open-source, phishing, rce, remote-code-execution, saas, tool

This week, the shadows moved faster than the patches.While most teams were still triaging last month’s alerts, attackers had already turned control panels into kill switches, kernels into open doors, and open-source pipelines into silent delivery systems.The game has shifted from breach to occupation. They’re living inside SaaS sessions, pushing code with trusted commits, and…
New MOVEit vulnerabilities prompt urgent vendor warning

May 4, 2026 5:48 PM

Tags: moveIT, software, tool, vulnerability

Progress Software warned customers to immediately upgrade to versions of the file-transfer tool that fix the serious flaws. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/moveit-vulnerabilities-authentication-bypass-privilege-escalation/819187/
Security for AI: A strategic framework for closing the AI exposure gap

May 4, 2026 5:48 PM

Tags: access, ai, api, attack, breach, business, ciso, cloud, compliance, control, data, data-breach, detection, endpoint, exploit, flaw, framework, governance, identity, infrastructure, injection, jobs, least-privilege, LLM, malicious, microsoft, risk, risk-analysis, saas, service, software, threat, tool, unauthorized, vulnerability

As AI adoption accelerates, CISOs face a dual challenge: fueling innovation while mitigating the risks of a rapidly expanding attack surface. Tenable’s five-step framework for securing AI offers a systematic approach to reducing AI security risks as your organization races to achieve the productivity benefits of AI. Key takeaways Get a five-step framework to help…
Security for AI: A strategic framework for closing the AI exposure gap

May 4, 2026 5:48 PM

Tags: access, ai, api, attack, breach, business, ciso, cloud, compliance, control, data, data-breach, detection, endpoint, exploit, flaw, framework, governance, identity, infrastructure, injection, jobs, least-privilege, LLM, malicious, microsoft, risk, risk-analysis, saas, service, software, threat, tool, unauthorized, vulnerability

As AI adoption accelerates, CISOs face a dual challenge: fueling innovation while mitigating the risks of a rapidly expanding attack surface. Tenable’s five-step framework for securing AI offers a systematic approach to reducing AI security risks as your organization races to achieve the productivity benefits of AI. Key takeaways Get a five-step framework to help…
KI-Agent löscht Produktionsumgebung

May 4, 2026 3:48 PM

Tags: ai, software, tool

Bei einem Software-Unternehmen ist geschehen, was prinzipiell jedem Unternehmen passieren kann, wenn es KI ohne kontrollierte Zugriffssicherheit einsetzt. Was ist geschehen: Der Gründer von PocketOS, einer Software-Plattform für Autovermietung, berichtet, dass ein KI-Coding-Tool während einer Routineaufgabe eine Berechtigungsabweichung erststellte. Der KI-Agent entschied eigenständig, das Problem zu lösen, indem er ein Volume löschte. Dabei wurden die…
Cisco Launches AI Provenance Tool to Strengthen Security and Compliance

May 4, 2026 3:48 PM

Tags: ai, cisco, compliance, cyber, intelligence, open-source, supply-chain, tool

Artificial intelligence models are integrated into countless enterprise applications, but knowing exactly where these models come from remains a major security hurdle. Cisco recently launched the Model Provenance Kit, an open-source tool for tracing the exact lineage of AI models. This release aims to bring transparency to complex AI supply chains and help organizations meet…
Security agencies draw red lines around agentic AI deployments

May 4, 2026 2:49 PM

Tags: access, advisory, ai, automation, awareness, cisa, control, data, governance, injection, international, monitoring, risk, risk-management, tool

Continuous monitoring with human-in-the-loop control: While the first half of the advisory focused on limiting what agents can do, the second was about watching what they actually do, reacting quickly when things go sideways.”Operators should implement continuous monitoring and auditing to maintain awareness of AI agent operation and ensure traceability for decisions and actions,” CISA…
Probleme mit VSS: Windows-11-Update macht Backup-Tools unbrauchbar

May 4, 2026 2:49 PM

Tags: backup, tool, update, windows

Nutzer mehrerer Backup-Lösungen können seit dem April-Patchday unter Windows 11 keine Datensicherung mehr erstellen. Es kommt zu einem Timeout. First seen on golem.de Jump to article: www.golem.de/news/probleme-mit-vss-windows-11-update-macht-backup-tools-unbrauchbar-2605-208274.html
AI for Security Infrastructure: Rebalancing Cybersecurity for the Decade Ahead

May 4, 2026 1:48 PM

Tags: ai, cybersecurity, tool

An exploration of the shift from reactive “assume breach” mentalities to AI-driven prevention, highlighting how Domain-Specific Language Models (DSLMs) empower security architects to eliminate configuration drift and tool sprawl. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/05/ai-for-security-infrastructure-rebalancing-cybersecurity-for-the-decade-ahead/
Best Oracle GRC Alternatives for Oracle E-Business Suite: Replacing AACG, CCG, TCG and PCG

May 4, 2026 11:48 AM

Tags: access, business, compliance, control, governance, grc, monitoring, oracle, tool

Many organizations still rely on Oracle GRC Advanced Controls for Oracle E-Business Suite”, including AACG, CCG, TCG and PCG”, as the backbone of their access governance, continuous controls monitoring, and compliance efforts. That was a reasonable choice for a long time. But the world those tools were built for”, on-premise ERP, slower change cycles, and…