Latest Cybersecurity News and Articles
12 May 2026
Cybersecurity researchers have flagged a new version of the TrickMo Android banking trojan that uses The Open Network (TON) for command-and-control (C2).
The new variant, observed by ThreatFabric between January and February 2026, has been observed actively targeting banking and cryptocurrency wallet users in France, Italy, and Austria.
"TrickMo relies on a runtime-loaded APK (dex.module),
12 May 2026
The tech giant has also ported the patch for a recent deleted chats recovery issue to older versions of iOS.
The post Apple Patches Dozens of Vulnerabilities in macOS, iOS appeared first on SecurityWeek.
12 May 2026
The flaws could allow attackers to inject malicious code, leading to information disclosure and code execution.
The post SAP Patches Critical S/4HANA, Commerce Vulnerabilities appeared first on SecurityWeek.
12 May 2026
Why do the Riskiest SOC Alerts Go Unanswered?
Security operations teams are drowning in alerts. But the real problem isn't always alert volume; it's the blind spots. The most dangerous alerts are the ones no one is investigating.
A recent report from The Hacker News examined why certain high-risk alert categories - WAF, DLP, OT/IoT, dark web intelligence, and supply chain signals- consistently
12 May 2026
Curl’s lead developer says Mythos claims are marketing, but many in the industry believe the results stem from Curl’s robust security.
The post Claude Mythos Finds Only One Curl Vulnerability; Experts Divided on What It Really Means appeared first on SecurityWeek.
12 May 2026
Many AI-first enterprises have already embraced sovereign architectures for general AI initiatives; cybersecurity—and the SOC—should be next.
The post Is The SOC Obsolete, And We Just Haven’t Admitted It Yet? appeared first on SecurityWeek.
12 May 2026
Agentic AI is already running in production environments across many organizations today. It is executing tasks, consuming data, and taking actions — most likely without meaningful involvement from the security team. The industry conversation has largely framed this as a question of policy: allow it, restrict it, or monitor it? However, that framing misses the point.
The more urgent
12 May 2026
Over 400 malicious versions of 170 packages were published as part of the new Mini Shai-Hulud campaign.
The post TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack appeared first on SecurityWeek.
12 May 2026
TeamPCP, the threat actor behind the recent supply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign.
The affected npm packages have been modified to include an obfuscated JavaScript file ("router_init.js") that's designed to profile the execution
12 May 2026
American educational technology company Instructure, the parent company of Canvas, said it reached an "agreement" with a decentralized cybercrime extortion group after it breached its network and threatened to leak stolen information from thousands of schools and universities.
In an update shared on Monday, the Utah-based firm said it "reached an agreement with the unauthorized actor involved in
12 May 2026
OpenAI has launched Daybreak, a new cybersecurity initiative that brings together frontier artificial intelligence (AI) model capabilities and Codex Security to help organizations identify and patch vulnerabilities before attackers find a way in using the same issues.
"Daybreak combines the intelligence of OpenAI models, the extensibility of Codex as an agentic harness, and our partners across
12 May 2026
Apple on Monday officially released iOS 26.5 with support for end-to-end encryption (E2EE) to Rich Communication Services (RCS) in beta as part of a "cross-industry effort" to replace traditional SMS with a more secure alternative.
To that end, E2EE RCS messaging is rolling out to iPhone users running iOS 26.5 with supported carriers and Android users on the latest version of Google Messages.
11 May 2026
Checkmarx has confirmed that a modified version of the Jenkins AST plugin was published to the Jenkins Marketplace.
"If you are using Checkmarx Jenkins AST plugin, you need to ensure that you are using the version 2.0.13-829.vc72453fa_1c16 that was published on December 17, 2025 or previously," the cybersecurity company said in a statement over the weekend.
As of writing, Checkmarx has released
11 May 2026
A threat actor named Mr_Rot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor codenamed Filemanager on compromised environments.
The attack exploits CVE-2026-41940, a vulnerability impacting cPanel and WebHost Manager (WHM) that could result in an authentication bypass and allow remote attackers to gain elevated control of the control
11 May 2026
Team8, Index Ventures, Picture Capital, Elad Gil, Cerca Partners, and Tesonet invested in Frame Security.
The post Frame Security Emerges From Stealth With $50M for Awareness and Training Platform appeared first on SecurityWeek.
11 May 2026
Google on Monday disclosed that it identified an unknown threat actor using a zero-day exploit that it said was likely developed with an artificial intelligence (AI) system, marking the first time the technology has been put to use in the wild in a malicious context for vulnerability discovery and exploit generation.
The activity is said to be the work of cybercrime threat actors who appear to
11 May 2026
Rather than scanning code alone, Build Application Firewalls inspect runtime behavior inside the software build pipeline.
The post Build Application Firewalls Aim to Stop the Next Supply Chain Attack appeared first on SecurityWeek.
11 May 2026
The zero-day was designed to bypass 2FA and it was developed by a prominent cybercrime group.
The post Google Detects First AI-Generated Zero-Day Exploit appeared first on SecurityWeek.
11 May 2026
Rough Monday.
Somebody poisoned a trusted download again, somebody else turned cloud servers into public housing, and a few crews are still getting into boxes with bugs that should’ve died years ago — the same old holes, same lazy access paths, same “how the hell is this still open” feeling. One report this week basically reads like a guy tripped over root access by accident and decided to stay
11 May 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – May. 11, 2026 – Read the full story from Enterprise Times The 2026 CISO Report from Cybersecurity Ventures in partnership with Sophos points out a structural imbalance in cybersecurity today, with 35,000 CISOs
The post The Answer To India’s Cybersecurity Leadership Gap: AI And Managed Services appeared first on Cybercrime Magazine.