News
-
Gitea flaw exposed private container images in self-hosted deployments
A Gitea flaw allowed unauthenticated users to pull private container images from self-hosted deployments, affecting versions before 1.26.2. Researchers said more than 30,000 instances may have been exposed.
-
Microsoft says AI chatbot recommendations were used to steer users to cryptojacking sites
Microsoft said it blocked a cryptojacking campaign that used AI chatbot recommendations and search poisoning to steer users to fake software downloads, with more than 150 malicious domains identified and ScreenConnect used to deploy miners.
-
FBI warns Silent Ransom Group is targeting US law firms in in-person data theft attacks
The FBI warned that Silent Ransom Group is targeting U.S. law firms with phishing, callback scams and, if needed, in-person access to steal data. The gang may use remote tools or connect external drives to victim computers.
-
Apple releases quantum-resistant cryptographic code and verification tools
Apple has released quantum-resistant cryptographic code and verification tools for its corecrypto library, including ML-KEM and ML-DSA. The company said the work found a bug that could have broken digital signatures.
-
MuddyWater campaign hit at least nine organizations across four continents, researchers say
MuddyWater was linked to a 2026 campaign that hit at least nine organizations in nine countries. Researchers said the group used DLL side loading, signed binaries and browser-stealing malware to support espionage.
-
Microsoft patches SharePoint flaw that could let authenticated attackers run code
Microsoft has patched a SharePoint remote code execution flaw tracked as CVE-2026-45659, saying an authenticated attacker with Site Member access could exploit it. The update covers several SharePoint Server versions.
-
Iran-linked hackers use new MiniFast backdoor in campaign across U.S., Europe and Middle East
Iran-linked hackers used a new MiniFast backdoor in a campaign targeting aviation and software sectors across several regions, according to a technical analysis. The activity also involved fake job lures, trojanized installers and search engine poisoning.
-
KnowledgeDeliver flaw used in zero-day attacks to deploy Godzilla web shell
A zero-day flaw in Digital Knowledge’s KnowledgeDeliver learning management system was used to deploy the Godzilla web shell and later Cobalt Strike Beacon. The issue stemmed from hard-coded ASP.NET machine keys and affected deployments before Feb. 24, 2026.
-
Anthropic may be preparing public rollout of restricted Claude Mythos model
Anthropic appears to be preparing a public rollout of its restricted Claude Mythos model after it briefly surfaced in Claude Code and Claude Security, following an April preview that said it could generate highly capable cyberattacks.
-
Lazarus Group Uses Memory-Only RemotePE Malware Against Crypto Firms
Researchers say Lazarus Group has used the RemotePE malware family against financial and cryptocurrency targets. The in-memory trojan leaves little forensic evidence and was linked to a multi-stage attack chain with several loaders.
