Malware

A new phishing campaign is targeting Signal users by attempting to steal their backup recovery keys to access encrypted message archives.  The attack is initiated by a text message pretending…

Ravie LakshmananMay 29, 2026Cyber Espionage / Artificial Intelligence A previously undocumented threat actor dubbed GREYVIBE has been attributed to ongoing and persistent attacks targeting Ukraine and Ukraine-related entities since at…

The North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been attributed to a fresh set of cyber attacks targeting South Korean military and corporate entities through…

A convincing fake website is impersonating OpenAI’s ChatGPT download page and infecting visitors with malware designed to steal passwords, browser data, cryptocurrency wallets, and other sensitive information. The site, openew[.]app,…

Ravie LakshmananMay 28, 2026Vulnerability / Open Source A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an authenticated user to execute arbitrary…

A Secure Boot certificate refresh is rolling out across supported Windows devices through Windows Update. In June 2026, the Secure Boot certificates that have shipped inside Windows since 2011 begin…

Ravie LakshmananMay 28, 2026Vulnerability / Endpoint Security Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server (EMS) deployments to deliver credential-stealing malware. “The…

Carnival Corporation, parent of Carnival Cruise Line, is sending out fresh “Notice of Cybersecurity Event” letters dated May 27, 2026. If you feel like you’ve read that sentence before, you’re…

State of AI Usage Report 2026 (full report here) by LayerX Security reveals the extent of the enterprise AI visibility gap and why most organizations still don’t understand where their…

Cybercriminals are abusing Adobe infrastructure in a LinkedIn phishing campaign that steals passwords and redirects victims to the legitimate LinkedIn site afterward. The phishing email masquerades as a business inquiry…

When the Federal Bureau of Investigation (FBI) publishes a dedicated public service announcement about a new phishing kit, it’s worth paying attention to. The agency is now warning about “Kali365,”…

Latin America and Europe become the target of two banking trojan campaigns that are designed to infect Windows and Android devices with Grandoreiro and BTMOB malware, respectively. That’s according to…

A media company and two of its marketing partners have been fined for selling a service which, they said, listened in to people’s conversations through their phones. Actually they did…

Ravie LakshmananMay 27, 2026Vulnerability / Software Security Cybersecurity researchers have disclosed a security flaw in Gitea, an open-source, self-hosted platform for version control, that allows unauthenticated remote attackers to pull…

A pop-up appears on your computer, warning of a virus. You call the “Microsoft technician” in the pop-up message, and they explain that they need remote access to fix it….

During our threat hunting activities, we found fake installers and plugins impersonating popular software including ChatGPT, Claude, AutoTune, and Kontakt on GitHub and SourceForge distributing a Deno backdoor known as…

The Iranian hacking group known as MuddyWater has been linked to a new campaign affecting at least nine organizations across nine countries on four continents in the first quarter of…

The Hacker NewsMay 26, 2026Web Security / Artificial Intelligence Every single day, hackers are finding new ways to crash websites and steal data. But right now, something has changed. Hackers…

Attackers are abusing a critical Ghost Content Management System (CMS) vulnerability to hijack more than 700 legitimate websites and inject a fake Cloudflare verification step that tricks visitors into running…

The Indian Computer Emergency Response Team (CERT-In) has issued new guidelines requiring organizations to patch critical security vulnerabilities in internet-exposed systems within 12 hours of being flagged where “feasible” to…

Ravie LakshmananMay 26, 2026Vulnerability / Threat Intelligence A now-patched high-severity security flaw affecting Digital Knowledge KnowledgeDeliver, a Learning Management System (LMS) popular in Japan, was exploited as a zero-day to…

Ravie LakshmananMay 25, 2026Cybersecurity / Hacking Monday recap. Same mess, new week. A sketchy dev tool got people pwned, old bugs came back from the dead, and security products somehow…

A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware. The campaign, codenamed TrapDoor, spans more than 34 malicious packages across…

Ravie LakshmananMay 23, 2026Software Supply Chain / DevSecOps GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to…

Ravie LakshmananMay 23, 2026Supply Chain Attack / Malware Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver…

Authorities in Europe and North America have announced the dismantling of a criminal virtual private network (VPN) service used by criminal actors to obscure the origins of ransomware attacks, data…

Google has issued updates for the Chrome browser patching a number of high‑severity vulnerabilities.  The update includes fixes for two critical vulnerabilities that can be used for remote code execution…

Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub repositories within a six-hour window. “Using throwaway accounts and…

Ravie LakshmananMay 22, 2026Cybercrime / Law Enforcement The U.S. Department of Justice (DoJ) on Thursday announced the arrest of a Canadian man in connection with allegedly operating a distributed denial-of-service…