Latest Cybersecurity News and Articles
03 May 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed security flaw impacting various Linux distributions to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
The vulnerability, tracked as CVE-2026-31431 (CVSS score: 7.8), is a case of local privilege escalation (LPE) flaw that could allow an
02 May 2026
Still under development, Bluekit provides users with automated domain registration and an AI Assistant.
The post New Bluekit Phishing Kit Features AI Assistant appeared first on SecurityWeek.
02 May 2026
Cybersecurity company Trellix has announced that it suffered a breach that enabled unauthorized access to a "portion" of its source code.
It said it "recently identified" the compromise of its source code repository and that it began working with "leading forensic experts" to resolve the matter immediately. It also said it has notified law enforcement of the matter.
Trellix did not disclose the
01 May 2026
A newly discovered Vietnamese-linked operation has been observed using a Google AppSheet as a "phishing relay" to distribute phishing emails with an aim to compromise Facebook accounts.
The activity has been codenamed AccountDumpling by Guardio, with the scheme selling the stolen accounts back through an illicit storefront run by the threat actors. In all, roughly 30,000 Facebook accounts are
01 May 2026
Other noteworthy stories that might have slipped under the radar: OFAC hits Iranian central bank crypto reserves, ADT data leak, CISA guidance for zero trust in OT.
The post In Other News: Scattered Spider Hacker Arrested, SOC Effectiveness Metrics, NSA Tool Vulnerability appeared first on SecurityWeek.
01 May 2026
The maximum reward for a zero-click Pixel Titan M exploit with persistence has increased to $1.5 million.
The post Google Adjusts Bug Bounties: Chrome Payouts Drop as Android Rewards Rise Amid AI Surge appeared first on SecurityWeek.
01 May 2026
Cybersecurity researchers are warning of two cybercrime groups that are carrying out "rapid, high-impact attacks" operating almost within the confines of SaaS environments, while leaving minimal traces of their actions.
The clusters, Cordial Spider (aka BlackFile, CL-CRI-1116, O-UNC-045, and UNC6671) and Snarky Spider (aka O-UNC-025 and UNC6661), have been attributed to high-speed data theft and
01 May 2026
Cybersecurity researchers have disclosed details of a new China-aligned espionage campaign targeting government and defense sectors across South, East, and Southeast Asia, along with one European government belonging to NATO.
Trend Micro has attributed the activity to a threat activity cluster it tracks under the temporary designation SHADOW-EARTH-053. The adversarial collective is assessed to
01 May 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – May. 1, 2026 – Listen to the podcast A quarter-century old article in The Wall Street Journal reported in 1998 that Serge Humpich, a 37-year-old (at the time) programmer approached the French association of
The post Ethical Hacking Gone Wrong In 1999: French Software Engineer Looks Back appeared first on Cybercrime Magazine.
01 May 2026
Ryan Goldberg of Georgia and Kevin Martin of Texas were each sentenced to four years in prison.
The post Two US Security Experts Sentenced to Prison for Helping Ransomware Gang appeared first on SecurityWeek.
01 May 2026
The stealthy Python-based backdoor framework deploys a persistent Windows implant likely designed for espionage.
The post Sophisticated Deep#Door Backdoor Enables Espionage, Disruption appeared first on SecurityWeek.
01 May 2026
The managed security services market is projected to grow from $38.31 billion in 2025 to $69.16 billion by 2030[1], with cybersecurity being the fastest-growing sector[2]. Despite this opportunity, many MSPs leave revenue on the table because their go-to-market strategy fails to connect technical expertise with business needs.
This execution gap is where most deals stall. MSPs often focus on
01 May 2026
The new kit aims to address risks related to poisoned models, regulatory issues, supply chain integrity, and incident response.
The post Cisco Releases Open Source Tool for AI Model Provenance appeared first on SecurityWeek.
01 May 2026
The U.S. Department of Justice (DoJ) on Thursday announced the sentencing of two cybersecurity professionals to four years each in prison for their role in facilitating BlackCat ransomware attacks in 2023.
Ryan Goldberg, 40, of Georgia, and Kevin Martin, 36, of Texas, were accused of deploying the ransomware against multiple victims located throughout the U.S. between April and December 2023.
01 May 2026
A new software supply chain attack campaign has been observed using sleeper packages as a conduit to subsequently push malicious payloads that enabled credential theft, GitHub Actions tampering, and SSH persistence.
The activity has been attributed to the GitHub account "BufferZoneCorp," which has published a set of repositories that are associated with malicious Ruby gems and Go modules. As of
01 May 2026
Threat actors are relying on social engineering to lure users into downloading files containing malicious instructions.
The post Hugging Face, ClawHub Abused for Malware Distribution appeared first on SecurityWeek.
01 May 2026
A new alert from the FBI says criminal enterprises are hacking both brokers and carriers to steal cargo for resale.
The post FBI Warns of Surge in Hacker-Enabled Cargo Theft appeared first on SecurityWeek.
01 May 2026
The compromised Lightning and Intercom packages have a combined monthly download count of nearly 10 million.
The post 1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom appeared first on SecurityWeek.
30 April 2026
With Mythos signaling a new era of near-instant exploitation, Anthropic positions Claude Security to help defenders keep pace.
The post Anthropic Unveils Claude Security to Counter AI-Powered Exploit Surge appeared first on SecurityWeek.
30 April 2026
Industrialized cybercrime delivers attacks with greater scale, speed and success. Defenders must match this with use of AI and automation.
The post AI Fuels ‘Industrial’ Cybercrime as Time-to-Exploit Shrinks to Hours appeared first on SecurityWeek.