Latest Cybersecurity News and Articles
27 May 2026
Security firms took down all four command-and-control (C&C) channels used by the GlassWorm malware.
The post GlassWorm Botnet Disrupted appeared first on SecurityWeek.
27 May 2026
Cybersecurity researchers have disclosed a security flaw in Gitea, an open-source, self-hosted platform for version control, that allows unauthenticated remote attackers to pull private container images from Gitea deployments without requiring an account, password, or other credentials.
The vulnerability, tracked as CVE-2026-27771 (CVSS score: N/A), affects all versions of Gitea prior to 1.26.2
27 May 2026
The attack was claimed by a hacktivist group, but evidence showed it used infrastructure linked to Iranian government threat actors.
The post LA Metro Cyberattack Linked to Iranian State-Sponsored Hackers appeared first on SecurityWeek.
27 May 2026
The FBI has issued an alert warning of Silent Ransom Group attacks targeting law firms.
The post FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal Data appeared first on SecurityWeek.
27 May 2026
Microsoft has warned of an active cryptojacking campaign that makes use of artificial intelligence (AI) chatbot interactions as a mechanism for surfacing malicious download sites.
"This emerging delivery technique extends social engineering beyond conventional search results and increases the visibility of malicious software recommendations," Microsoft Defender Experts and the Microsoft
27 May 2026
Resolved last week, the vulnerability was exploited in the wild as a zero-day to execute scripts with root privileges.
The post CISA Urges Immediate Patching of Exploited LiteSpeed cPanel Plugin Zero-Day appeared first on SecurityWeek.
27 May 2026
The AI giant says the new plugin, which helps developers find vulnerabilities as they write code, has been used extensively internally.
The post Anthropic Releases New Claude Sandbox, Security Guidance Plugin appeared first on SecurityWeek.
26 May 2026
The Iranian hacking group known as MuddyWater has been linked to a new campaign affecting at least nine organizations across nine countries on four continents in the first quarter of 2026.
The activity targeted industrial and electronics manufacturing, education and public-sector bodies, financial services, and professional services, per the Threat Hunter Team from Symantec and Carbon Black.
26 May 2026
Marlin AI automatically analyzes SaaS misconfigurations, investigates related activity across enterprise environments, and recommends remediation steps — while stopping short of fully autonomous corrective action.
The post AppOmni’s Marlin AI Brings Autonomous Investigation to SaaS Security appeared first on SecurityWeek.
26 May 2026
Nimbus Manticore has continued its operations during and after the US military campaign against Iran.
The post Iranian APT Targets Aviation, Software Companies With Updated Tools appeared first on SecurityWeek.
26 May 2026
The allegedly stolen information leaked by ShinyHunters contains email addresses, names, addresses, and dates of birth.
The post 185,000 Likely Impacted by 7-Eleven Data Breach appeared first on SecurityWeek.
26 May 2026
Every single day, hackers are finding new ways to crash websites and steal data.
But right now, something has changed. Hackers are no longer working alone. They are now using powerful Artificial Intelligence (AI) tools to make their attacks faster, stronger, and much harder to stop.
According to recent updates from The Hacker News, bad actors are using AI to find weak spots in systems and
26 May 2026
Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in attacks without requiring any specialized conditions to be met.
The vulnerability, tracked as CVE-2026-45659, carries a CVSS score of 8.8. It has been assigned an important severity.
"Deserialization of untrusted data in Microsoft Office SharePoint allows
26 May 2026
Notable integrations include CrowdStrike, Palo Alto Networks, Microsoft, Okta, Zscaler, Netskope, Cloudflare, Fortinet, and Wiz.
The post Anthropic Expands Claude’s Enterprise Security Governance With 28 New Integrations appeared first on SecurityWeek.
26 May 2026
Hardcoded machineKey values in a configuration file enabled ViewState deserialization attacks leading to remote code execution.
The post Hackers Exploited KnowledgeDeliver Zero-Day for Web Shell Deployment appeared first on SecurityWeek.
26 May 2026
Register to enjoy free access and explore the tools, strategies, and frameworks needed to build a resilient security program for a world where every minute counts.
The post Watch on Demand: Threat Detection & Incident Response Summit – All Sessions Available appeared first on SecurityWeek.
26 May 2026
DockSec, an OWASP incubator project, correlates findings from multiple container security scanners and uses AI to generate plain-English remediation guidance and exact Dockerfile fixes.
The post Open Source DockSec Uses AI to Cut Through Vulnerability Noise in Docker Images appeared first on SecurityWeek.
26 May 2026
Multi-factor authentication (MFA) was supposed to close a critical gap in identity security. It meant that, even if an attacker possessed the account credentials, they couldn't log in without the second factor. While that logic was sound, attackers have now figured out that they don't need to steal the second factor: they just need the user to hand it over.
If your workforce authenticates with
26 May 2026
Lithuanian authorities are on high alert after a massive data leak involving more than 600,000 entries from national data registers.
The post Lithuania Suspects Foreign Involvement in Data Leak of Over 600,000 National Register Entries appeared first on SecurityWeek.
26 May 2026
The two own Dutch companies that allegedly provided bulletproof hosting services to Russia-aligned threat actors.
The post Admins of Bulletproof Hosting Service Used by Russian Hackers Arrested in Netherlands appeared first on SecurityWeek.