Archive
All articles, newest first. Page 10.
Audit Slams NIST Over NVD Collapse: 27,000 CVE Backlog and $200,000 in Wasted Funds
A Department of Commerce OIG audit documents the systemic failure of the National Vulnerability Database pipeline, revealing a backlog…
DNS-AID: Linux Foundation Launches Decentralized Discovery for AI Agents
The Linux Foundation has launched DNS-AID, an open-source protocol that leverages existing DNS infrastructure to enable decentralized…
Shadow AI: First 8-K Filing Signals Shift from Internal Policy to Regulatory Mandate
The first SEC 8-K filing for unauthorized AI use marks a turning point for corporate governance. As Shadow AI evolves into 'vibe-coded…
Microsoft Patched a Critical SharePoint RCE but Omitted the CVE from Official Documentation
CVE-2026-45659, a CVSS 8.8 SharePoint Server RCE, was missing from Microsoft’s May 2026 security update list. While the patch was dist…
CERT-In Mandates 12-Hour Patching Window to Combat AI-Driven Exploits
India’s national cyber agency, CERT-In, has established a new 12-hour remediation standard for internet-facing and 'crown jewel' syste…
Poisoned AI Chatbots: A New Vector for High-Performance GPU Cryptojacking
Microsoft has identified an active campaign that manipulates AI chatbot recommendations to distribute GPU-based cryptojacking malware…
Critical Flowise RCE: Exploit Code Released for CVSS 9.9 Vulnerability
Obsidian Security has published proof-of-concept exploit code for CVE-2026-40933, a critical RCE vulnerability in Flowise. The flaw le…
CIFSwitch: Linux Kernel Bug Grants Root Access on CentOS and Rocky Linux
CIFSwitch enables local privilege escalation to root across multiple Linux distributions. While a public PoC is available and an upstr…
Cyber May: AI Attacks Emerge, but Basic Vectors Remain the Primary Threat
In ESET’s May roundup, Tony Anscombe documents critical infrastructure breaches in Poland, Mexico’s first 'AI-directed' attack, and Go…
AI-Directed Attacks and ICS Vulnerabilities: ESET’s Tony Anscombe on DynoWiper and the First AI Zero-Day
In his May 2026 security review, ESET’s Tony Anscombe analyzes a landscape of extremes: from the first AI-generated zero-day and 'AI-d…
CVE-2026-0257: Active Exploitation Confirmed for GlobalProtect Authentication Bypass
Palo Alto Networks has confirmed active exploitation of CVE-2026-0257 affecting PAN-OS GlobalProtect. CISA has added the vulnerability…
World Cup 2026: A Cyber-Physical Attack Surface Spanning Three Nations
Unit 42 maps the sprawling perimeter of the USA-Mexico-Canada World Cup, identifying critical OT/IT interdependencies across 16 host c…
California AG Sues 23andMe Over Alleged Ransom Negotiations and Deception in 6.9M Record Breach
Attorney General Rob Bonta alleges the company engaged in undisclosed ransom negotiations while publicly downplaying a 2023 credential…
ChatGPhish: ChatGPT Summaries Weaponized as Phishing Traps
The ChatGPhish vulnerability exploits ChatGPT's renderer to inject malicious links and QR codes during web page summarization. OpenAI…
Cyber Brief: Trump Mobile Breach, FIFA Phishing Surge, and CISA Supply Chain Alerts
Three major security incidents converge ahead of the 2026 World Cup: Trump Mobile confirms a third-party data breach, Group-IB uncover…
LLM Agent Conducts Autonomous Post-Exploitation via Marimo RCE
Sysdig documents the first case of an LLM agent completely replacing a human operator in post-exploitation following a critical RCE on…
Dutch Authorities Dismantle Massive 17-Million Device Botnet
Dutch police and the NCSC-NL have seized over 200 servers and neutralized a botnet comprising 17 million infected devices. While autho…
Chrome 148: Google Patches 151 Vulnerabilities, Including 22 Critical Flaws
Google has released Chrome 148, addressing 151 security vulnerabilities with 22 rated at maximum criticality. The update includes over…
Carnival Confirms Social Engineering Breach Impacting 6 Million People
Carnival Corporation has confirmed a data breach affecting 5.99 million individuals following a social engineering attack on an employ…
FortiClient EMS: EKZ Infostealer May Target VPN Management Channels
CVE-2026-35616 (CVSS 9.8): Compromised FortiClient EMS platforms could be transformed into malware delivery vehicles. Attacks in May 2…
Trojan Detection: 33 Behavioral Signals May Challenge Complex Machine Learning Models
A new framework utilizing 33 refined behavioral features aims to detect Windows Trojans with competitive performance on standard enter…