Cyber Daily News

Cyber Daily News for June 5, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - Fake Context Alignment: The Attack That Made Gemini Obey Strangers Through Your Notifications https://securityaffairs.com/193165/ai/fake-context-alignment-the-attack-that-made-gemini-obey-strangers-through-your-notifications.html - Cisco Warns of 7th SD-WAN Zero-Day Exploited in 2026 https://www.securityweek.com/cisco-warns-of-7th-sd-wan-zero-day-exploited-in-2026/ - Study of AI-Assisted Cyberattacks May Reshape How Security Industry Measures Risk https://thecyberexpress.com/study-of-ai-assisted-cyberattacks/ - PCPJack Exposed: Researchers Uncover 230-Node Cloud Email Relay Network https://securityaffairs.com/193189/cyber-crime/pcpjack-exposed-researchers-uncover-230-node-cloud-email-relay-network.html - China's VerdantBamboo Experimented With Three Re-Entries and Three Malware in a Company Network https://thecyberexpress.com/china-verdantbamboo-18-month-campaign/ - Five Eyes: Chinese Spies Target Government, Military Staff With Fake Job Opportunities https://www.securityweek.com/five-eyes-chinese-spies-target-government-military-staff-with-fake-job-opportunities/ - Pink Extortion Group Emerges Targeting Microsoft 365 Data https://thecyberexpress.com/pink-extortion-group-emerges/ - U.S. CISA adds Mirasvit Full Page Cache Warmer flaw to its Known Exploited Vulnerabilities catalog https://securityaffairs.com/193156/security/u-s-cisa-adds-mirasvit-full-page-cache-warmer-flaw-to-its-known-exploited-vulnerabilities-catalog.html

Cyber Daily News for June 4, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - Researcher Drops a New VS Code Zero-Day After Losing Trust in Microsoft's Disclosure Process https://securityaffairs.com/193128/security/researcher-drops-a-new-vs-code-zero-day-after-losing-trust-in-microsofts-disclosure-process.html - Cisco Warns of Available PoC for Critical Unified CM Vulnerability https://www.securityweek.com/cisco-warns-of-available-poc-for-critical-unified-cm-vulnerability/ - Cyber espionage campaign targeted stock exchange executive's Outlook account https://securityaffairs.com/193086/intelligence/cyber-espionage-campaign-targeted-stock-exchange-executives-outlook-account.html - Russia's FSB Says Foreign Spies Infected Officials' Phones With Malware https://securityaffairs.com/193076/security/russias-fsb-says-foreign-spies-infected-officials-phones-with-malware.html - Over 1.4 Million Accounts Disrupted in Cybercrime Crackdown https://www.securityweek.com/over-1-4-million-accounts-disrupted-in-cybercrime-crackdown/ - 29 Arrests, Nine Crime Groups Dismantled: Another Blow to Illegal Streaming https://securityaffairs.com/193099/cyber-crime/29-arrests-nine-crime-groups-dismantled-another-blow-to-illegal-streaming.html - IMA Diligence Services Data Breach Impacts 525,000 People https://www.securityweek.com/ima-diligence-services-data-breach-impacts-525000-people/ - Security of 100 AI Agents Tested and Ranked - What You Need to Know https://www.securityweek.com/security-of-100-ai-agents-tested-and-ranked-what-you-need-to-know/

Cyber Daily News for June 3, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - Google Patches Actively Exploited Android Flaw Affecting Millions of Devices https://securityaffairs.com/193057/breaking-news/google-patches-actively-exploited-android-flaw-affecting-millions-of-devices.html - Instagram Account Hijacks Expose the Security Risks of AI-Powered Support https://securityaffairs.com/193034/hacking/instagram-account-hijacks-expose-the-security-risks-of-ai-powered-support.html - 'HTTP/2 Bomb' Exploit Knocks Web Servers Offline in Seconds https://www.securityweek.com/http-2-bomb-exploit-knocks-web-servers-offline-in-seconds/ - Exclusive: How One Line of Code Put Billions of Microsoft Android App Downloads at Risk https://www.securityweek.com/exclusive-how-one-line-of-code-put-billions-of-microsoft-android-app-downloads-at-risk/ - Ransomware Attacks Surge 30% in 2026 as Qilin and INC Ransom Intensify Operations https://thecyberexpress.com/qilin-inc-ransom-drive-2026-ransomware-surge/ - Why an HP Poly VoIP Phones Bug Could Become an Enterprise Foothold https://securityaffairs.com/193045/security/why-an-hp-poly-voip-phones-bug-could-become-an-enterprise-foothold.html - Microsoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure Backlash https://www.securityweek.com/microsoft-tries-to-calm-legal-threat-fears-after-zero-day-disclosure-backlash/ - U.S. CISA adds Oracle WebLogic flaw to its Known Exploited Vulnerabilities catalog https://securityaffairs.com/193027/security/u-s-cisa-adds-oracle-weblogic-flaw-to-its-known-exploited-vulnerabilities-catalog.html

Cyber Daily News for June 2, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - Meta AI Hands Over High-Profile Instagram Accounts to Hackers https://www.securityweek.com/meta-ai-hands-over-high-profile-instagram-accounts-to-hackers/ - Attackers Hijack Red Hat npm Scope to Steal Cloud Secrets (Miasma / Mini Shai-Hulud) https://thecyberexpress.com/miasma-shai-hulud-supply-chain-attack/ - Critical Windows Netlogon Vulnerability in Attackers' Crosshairs https://www.securityweek.com/critical-windows-netlogon-vulnerability-in-attackers-crosshairs/ - Dutch Police Dismantle Massive 17-Million-Device Botnet https://www.securityweek.com/dutch-police-dismantle-massive-17-million-device-botnet/ - Threat Actor Uses AI to Build EDR Evasion Tools https://www.infosecurity-magazine.com/news/ai-edr-evasion-tooling/ - GoDaddy Found Malware on 1,980 WordPress Sites Using Steam as C2 Infrastructure https://securityaffairs.com/192990/breaking-news/godaddy-found-malware-on-1980-wordpress-sites-using-steam-as-c2-infrastructure.html - Critical Flowise Flaw Gives Attackers Full Server Control https://www.infosecurity-magazine.com/news/flowise-mcp-rce-poc/ - Dashlane Brute-Force Attack Leads to Limited Encrypted Vault Downloads https://www.securityweek.com/dashlane-brute-force-attack-leads-to-limited-encrypted-vault-downloads/

Cyber Daily News for June 1, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - CIFSwitch, a Linux Root Bug Hidden in Plain Sight for 19 Years https://securityaffairs.com/192959/security/a-spacex-security-engineer-used-ai-to-find-a-19-year-old-linux-bug-that-gives-attackers-root.html - Palo Alto Networks PAN-OS Auth Bypass Actively Exploited, Added to CISA KEV https://securityaffairs.com/192951/security/u-s-cisa-adds-palo-alto-networks-pan-os-flaw-to-its-known-exploited-vulnerabilities-catalog.html - The Pentagon Finally Admits That Location Data Is a Battlefield Problem https://securityaffairs.com/192942/cyber-warfare-2/the-pentagon-finally-admits-that-location-data-is-a-battlefield-problem.html - Attackers Abuse Shared Content for ChatGPT Phishing Campaign https://www.infosecurity-magazine.com/news/attackers-shared-content-chatgpt/ - TrapDoor Crypto Stealer Supply Chain Attack Hits 34 Packages Across npm, PyPI, and Crates.io https://socket.dev/blog/trapdoor-crypto-stealer-npm-pypi-crates - New ChatGPhish Technique Uses Prompt Injection to Manipulate ChatGPT Responses https://thecyberexpress.com/chatgphish-prompt-injection-vulnerability/ - Infosecurity Europe: OWASP Forms New Agentic Research Council https://www.infosecurity-magazine.com/news/owasp-new-agentic-research-council/ - CBSE Engages IIT Experts After Admitting OSM Security Vulnerabilities https://thecyberexpress.com/cbse-osm-vulnerability/

Cyber Daily News for May 31, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - ShinyHunters Leaks Charter Communications Data, Potentially Impacting 5 Million Customers https://securityaffairs.com/192907/uncategorized/shinyhunters-leaks-charter-communications-data-potentially-impacting-5-million-customers.html - Russian Spies Are Aggressively Seeking Western Technology as Sanctions Bite, Officials Say https://www.securityweek.com/russian-spies-are-aggressively-seeking-western-technology-as-sanctions-bite-officials-say/ - Exploit Code Published for Critical Flowise RCE Vulnerability https://www.securityweek.com/exploit-code-published-for-critical-flowise-rce-vulnerability/

Cyber Daily News for May 30, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - Botnet of 17 Million Devices Dismantled in the Netherlands https://securityaffairs.com/192890/malware/botnet-of-17-million-devices-dismantled-in-the-netherlands.html - Signal Phishing Campaign Targets Journalists and Activists to Steal Backup Recovery Keys https://securityaffairs.com/192899/security/signal-phishing-campaign-targets-journalists-and-activists-to-steal-backup-recovery-keys.html - Charter Communications Data Breach Could Impact Nearly 5 Million https://www.securityweek.com/charter-communications-data-breach-could-impact-nearly-5-million/ - Silent Ransom Group Uses In-Person IT Impersonation to Breach Systems https://www.infosecurity-magazine.com/news/silent-ransom-group-it/ - Meet GREYVIBE, the Russia-Linked Hacking Group Using AI to Target Ukraine and Still Making Rookie Mistakes https://securityaffairs.com/192877/apt/meet-greyvibe-the-russian-linked-hacking-group-using-ai-to-target-ukraine-and-still-making-rookie-mistakes.html - Gogs Zero-Day Exposes Servers to Remote Code Execution https://www.securityweek.com/gogs-zero-day-exposes-servers-to-remote-code-execution/ - In Other News: Trump Mobile Data Breach, FIFA World Cup Phishing, CISA Responds to Supply Chain Attacks https://www.securityweek.com/in-other-news-trump-mobile-data-breach-fifa-world-cup-phishing-cisa-responds-to-supply-chain-attacks/ - MokN Raises $15 Million for Phish-Back Platform https://www.securityweek.com/mokn-raises-15-million-for-phish-back-platform/

Cyber Daily News for May 29, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - Carnival Data Breach Exposes Personal Data of Nearly 6 Million Customers https://securityaffairs.com/192833/uncategorized/carnival-data-breach-exposes-personal-data-of-nearly-6-million-customers.html - CVE-2026-35616: FortiClient EMS Flaw Actively Exploited in Malware Attacks https://securityaffairs.com/192817/malware/cve-2026-35616-forticlient-ems-flaw-actively-exploited-in-malware-attacks.html - Chinese Hackers Exploit Iran War to Target Maritime and Energy Companies https://www.infosecurity-magazine.com/news/chinese-hackers-exploit-iran-war/ - Iranian Hackers Linked to Cyberattack on Los Angeles Transit Network https://thecyberexpress.com/la-public-transport-cyberattack/ - Chrome 148 Update Patches 151 Vulnerabilities https://www.securityweek.com/chrome-148-update-patches-151-vulnerabilities/ - BTMOB RAT Gives Criminals a Point-and-Click Kit to Take Over Your Android Phone https://securityaffairs.com/192846/malware/btmob-rat-gives-criminals-a-point-and-click-kit-to-take-over-your-android-phone.html - AI-Generated npm Malware Leaks Its Own GitHub Token https://www.infosecurity-magazine.com/news/ai-npm-malware-leaks-github-token/ - Resecurity Supports Microsoft DCU in Disrupting Fox Tempest's Cybercriminal Code-Signing Ecosystem https://securityaffairs.com/192818/security/resecurity-supports-microsoft-dcu-in-disrupting-fox-tempest-cybercriminal-code-signing-ecosystem.html

Cyber Daily News for May 28, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - 19.6 Billion Files Are Sitting Open on the Internet. No Password Required https://securityaffairs.com/192787/security/19-6-billion-files-are-sitting-open-on-the-internet-no-password-required.html - U.S. CISA adds LiteSpeed cPanel Plugin flaw to its Known Exploited Vulnerabilities catalog https://securityaffairs.com/192795/hacking/u-s-cisa-adds-litespeed-cpanel-plugin-flaw-to-its-known-exploited-vulnerabilities-catalog.html - CrowdStrike, Google Take Down Glassworm Botnet https://www.infosecurity-magazine.com/news/crowdstrike-google-takedown/ - The LA Metro Attack Wasn't Hacktivism. It Was a State Operation With a Costume On. https://securityaffairs.com/192764/hacktivism/the-la-metro-attack-wasnt-hacktivism-it-was-a-state-operation-with-a-costume-on.html - GCHQ Chief Urges Action as AI Reshapes Cyber Threats https://www.infosecurity-magazine.com/news/gchq-keast-butler-cyber-action-ai/ - Google Unveils AI Threat Defense Platform to Fight AI-Powered Cyberattacks https://www.securityweek.com/google-unveils-ai-threat-defense-platform-to-fight-ai-powered-cyberattacks/ - All Major LLMs Exposed to Multi-Turn Manipulation, Warn Researchers https://www.infosecurity-magazine.com/news/all-major-llms-exposed-to-multi/ - Romanian Hacker Gets Nearly 5 Years in US Prison Over Network Intrusion https://securityaffairs.com/192770/cyber-crime/romanian-hacker-gets-nearly-5-years-in-us-prison-over-network-intrusion.html

Cyber Daily News for May 27, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - FBI: Hackers Sending Operatives in Person to Insert USB Drives and Steal Data https://www.securityweek.com/fbi-hackers-sending-operatives-in-person-to-insert-usb-drives-and-steal-data/ - Microsoft SharePoint Has a New RCE Flaw https://securityaffairs.com/192730/security/microsoft-sharepoint-has-a-new-rce-flaw-if-you-havent-patched-yet-go-do-that.html - SymJack Attack Turns AI Coding Agents Into Supply Chain Attack Delivery Systems https://www.securityweek.com/symjack-attack-turns-ai-coding-agents-into-supply-chain-attack-delivery-systems/ - LA Metro Cyberattack Linked to Iranian State-Sponsored Hackers https://www.securityweek.com/la-metro-cyberattack-linked-to-iranian-state-sponsored-hackers/ - CISA Urges Immediate Patching of Exploited LiteSpeed cPanel Plugin Zero-Day https://www.securityweek.com/cisa-urges-immediate-patching-of-exploited-litespeed-cpanel-plugin-zero-day/ - Dutch Government Blocks American Firm From Buying Critical Digital Infrastructure https://securityaffairs.com/192719/security/dutch-government-just-said-no-to-an-american-firm-buying-the-keys-to-their-digital-state.html - The Hidden Ransomware Economy Running on Exposed Databases https://securityaffairs.com/192711/cyber-crime/the-hidden-ransomware-economy-running-on-exposed-databases.html - GlassWorm Botnet Disrupted https://www.securityweek.com/glassworm-botnet-disrupted/

Cyber Daily News for May 26, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - Megalodon Supply Chain Attack Hits 5,500+ GitHub Repositories in Six Hours https://thecyberexpress.com/megalodon-github-supply-chain-attack/ - Iran-Linked Hackers Target US Aviation with Phishing and SEO Poisoning Campaign https://www.infosecurity-magazine.com/news/iranian-hackers-us-aviation/ - Lazarus APT unveils fileless remote access Trojan designed to evade detection https://securityaffairs.com/192666/apt/lazarus-apt-unveils-fileless-remote-access-trojan-designed-to-evade-detection.html - Ghost CMS flaw abused to push ClickFix attacks on hundreds of sites https://securityaffairs.com/192655/cyber-crime/ghost-cms-flaw-abused-to-push-clickfix-attacks-on-hundreds-of-sites.html - Admins of Bulletproof Hosting Service Used by Russian Hackers Arrested in Netherlands https://www.securityweek.com/admins-of-bulletproof-hosting-service-used-by-russian-hackers-arrested-in-netherlands/ - India's CERT-In Sets 12-Hour Patch Deadline for Exposed Flaws https://www.infosecurity-magazine.com/news/cert-in-12-hour-patch-deadline-ai/ - 340 Million OnlyFans Profiles Allegedly Rebuilt from Leaks https://securityaffairs.com/192643/cyber-crime/340-million-onlyfans-profiles-allegedly-rebuilt-from-leaks.html - Third-Party Cyberattack Impacts Patient Information at The Oncology Institute https://securityaffairs.com/192679/data-breach/third-party-cyberattack-impacts-patient-information-at-the-oncology-institute.html

Cyber Daily News for May 26, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - Megalodon Supply Chain Attack Hits 5,500+ GitHub Repositories in Six Hours https://thecyberexpress.com/megalodon-github-supply-chain-attack/ - Ghost CMS Vulnerability Exploited to Hack Over 700 Websites https://www.securityweek.com/ghost-cms-vulnerability-exploited-to-hack-over-700-websites/ - Lazarus APT unveils fileless remote access Trojan designed to evade detection https://securityaffairs.com/192666/apt/lazarus-apt-unveils-fileless-remote-access-trojan-designed-to-evade-detection.html - Nimbus Manticore Expanded Attacks With AI-Assisted Malware and Fake Zoom Installers https://securityaffairs.com/192689/apt/nimbus-manticore-expanded-attacks-with-ai-assisted-malware-and-fake-zoom-installers.html - India's CERT-In Sets 12-Hour Patch Deadline for Exposed Flaws https://www.infosecurity-magazine.com/news/cert-in-12-hour-patch-deadline-ai/ - Admins of Bulletproof Hosting Service Used by Russian Hackers Arrested in Netherlands https://www.securityweek.com/admins-of-bulletproof-hosting-service-used-by-russian-hackers-arrested-in-netherlands/ - Lithuania Suspects Foreign Involvement in Data Leak of Over 600,000 National Register Entries https://www.securityweek.com/lithuania-suspects-foreign-involvement-in-data-leak-of-over-600000-national-register-entries/ - Third-Party Cyberattack Impacts Patient Information at The Oncology Institute https://securityaffairs.com/192679/data-breach/third-party-cyberattack-impacts-patient-information-at-the-oncology-institute.html

Cyber Daily News for May 25, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - FBI Warns 'Kali365' Phishing Kit Hijacks Microsoft 365 OAuth Tokens https://thecyberexpress.com/kali365-phishing-kit-hijacks-microsoft-365/ - Over 5,500 GitHub Repositories Infected in 'Megalodon' Supply Chain Attack https://www.securityweek.com/over-5500-github-repositories-infected-in-megalodon-supply-chain-attack/ - Dutch authorities dismantle hosting network allegedly used for cyberattacks and disinformation https://securityaffairs.com/192602/intelligence/dutch-authorities-dismantle-hosting-network-allegedly-used-for-cyberattacks-and-disinformation.html - FBI director Kash Patel's brand website taken offline after malware reports https://securityaffairs.com/192613/security/fbi-director-kash-patels-brand-website-taken-offline-after-malware-reports.html - Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects https://www.securityweek.com/anthropic-mythos-detected-23000-potential-vulnerabilities-across-1000-oss-projects/ - Laravel-Lang Packages Poisoned for Malware Delivery https://www.securityweek.com/laravel-lang-packages-poisoned-for-malware-delivery/ - DocketWise Data Breach Impacts 143,000 https://www.securityweek.com/docketwise-data-breach-impacts-143000/ - Taiwan Flags Five Major Cyber Risks After 726 Security Incidents in 2025 https://thecyberexpress.com/taiwan-cyber-risk-726-cybersecurity-incidents/

Cyber Daily News for May 24, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - Anthropic’s Project Glasswing: 10,000+ Vulnerabilities Found in One Month, and the Patching Problem Has Never Been More Obvious https://securityaffairs.com/192576/ai/anthropics-glasswing-10000-vulnerabilities-found-in-one-month-and-the-patching-problem-has-never-been-more-obvious.html - CVE-2026-9082: Drupal’s Highly Critical SQL Injection Flaw Is Already Under Active Attack https://securityaffairs.com/192557/security/cve-2026-9082-drupals-highly-critical-sql-injection-flaw-is-already-under-active-attack.html - U.S. CISA adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog https://securityaffairs.com/192566/uncategorized/u-s-cisa-adds-a-flaw-in-drupal-core-to-its-known-exploited-vulnerabilities-catalog.html - Why pure extortion is replacing traditional ransomware https://securityaffairs.com/192550/cyber-crime/why-pure-extortion-is-replacing-traditional-ransomware.html

Cyber Daily News for May 23, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - Ghostwriter Is Back, Using a Ukrainian Learning Platform as Bait to Hit Government Targets https://securityaffairs.com/192538/apt/ghostwriter-is-back-using-a-ukrainian-learning-platform-as-bait-to-hit-government-targets.html - 'Underminr' Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains https://www.securityweek.com/underminr-vulnerability-lets-attackers-hide-malicious-connections-behind-trusted-domains/ - Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure https://www.securityweek.com/drupal-vulnerability-in-hacker-crosshairs-shortly-after-disclosure/ - Authorities arrest 23-year-old accused of running the Kimwolf botnet https://securityaffairs.com/192533/cyber-crime/authorities-arrest-23-year-old-accused-of-running-the-kimwolf-botnet.html - In Other News: Industrial Router Exploitation, CISA KEV Nomination Form, Gas Station Hacking https://www.securityweek.com/in-other-news-industrial-router-exploitation-cisa-kev-nomination-form-gas-station-hacking/

Cyber Daily News for May 22, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - 'First VPN' Cybercrime Service Disrupted, Administrator Arrested https://www.securityweek.com/first-vpn-cybercrime-service-disrupted-administrator-arrested/ - Cisco fixed maximum severity flaw CVE-2026-20223 in Secure Workload https://securityaffairs.com/192473/security/cisco-fixed-maximum-severity-flaw-cve-2026-20223-in-secure-workload.html - Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack https://www.securityweek.com/grafana-says-codebase-and-other-data-stolen-via-tanstack-supply-chain-attack/ - GitHub Breach Traced to Malicious 'Nx Console' VS Code Extension https://www.infosecurity-magazine.com/news/github-breach-nx-console-vs-code/ - Vulnerability Exploitation Overtakes Stolen Credentials in AI-Driven Cyberattacks https://thecyberexpress.com/vulnerability-exploitation-tops-cyber-breach/ - Attackers are bypassing MFA on SonicWall VPNs because something was wrong with previous fix https://securityaffairs.com/192477/hacking/attackers-are-bypassing-mfa-on-sonicwall-vpns-because-something-was-wrong-with-previous-fix.html - Microsoft Patches Actively Exploited Defender Vulnerabilities Affecting Enterprise Systems https://thecyberexpress.com/cve-2026-41091-cve-2026-45498-cvss-exploit/ - TrendAI Patches Apex One Zero-Day Exploited in the Wild https://www.securityweek.com/trendai-patches-apex-one-zero-day-exploited-in-the-wild/

Cyber Daily News for May 21, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - GitHub Confirms Cyberattack Targeting Thousands of Internal Repositories https://thecyberexpress.com/github-cyberattack-teampcp/ - Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking https://www.securityweek.com/drupal-patches-highly-critical-vulnerability-exposing-websites-to-hacking/ - Mini Shai-Hulud Hits Hundreds of npm Packages in AntV Ecosystem https://www.infosecurity-magazine.com/news/antv-npm-mini-shai-hulud-largest/ - Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days https://www.securityweek.com/microsoft-patches-exploited-undefend-and-redsun-defender-zero-days/ - Microsoft Rolls Out Mitigations for YellowKey BitLocker Bypass https://www.securityweek.com/microsoft-rolls-out-mitigations-for-yellowkey-bitlocker-bypass/ - Discord adds end-to-end encryption to voice and video calls by default https://securityaffairs.com/192463/security/discord-adds-end-to-end-encryption-to-voice-and-video-calls-by-default.html - Anthropic Silently Patches Claude Code Sandbox Bypass https://www.securityweek.com/anthropic-silently-patches-claude-code-sandbox-bypass/ - Carding site B1ack's Stash dumps 4.6 Million stolen cards for free https://securityaffairs.com/192415/cyber-crime/carding-site-b1acks-stash-dumps-4-6-million-stolen-cards-for-free.html

Cyber Daily News for May 20, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - GitHub Confirms Hack Impacting 3,800 Internal Repositories https://www.securityweek.com/github-confirms-hack-impacting-3800-internal-repositories/ - Verizon DBIR 2026: Vulnerability Exploitation Overtakes Credential Theft as Top Breach Vector https://www.securityweek.com/verizon-dbir-2026-vulnerability-exploitation-overtakes-credential-theft-as-top-breach-vector/ - Drupal to Patch Highly Critical Vulnerability at Risk of Quick Exploitation https://www.securityweek.com/drupal-to-patch-highly-critical-vulnerability-at-risk-of-quick-exploitation/ - Microsoft Disrupts Malware-Signing Service Run by Fox Tempest https://www.securityweek.com/microsoft-disrupts-malware-signing-service-run-by-fox-tempest/ - Alleged Huawei zero-day blamed for the 2025 Luxembourg telecom crash https://securityaffairs.com/192431/hacking/alleged-huawei-zero-day-blamed-for-the-2025-luxembourg-telecom-crash.html - Critical ChromaDB Flaw Exposes AI Vector Databases to Remote Code Execution https://thecyberexpress.com/cve-2026-45829-chromatoast-chromadb/ - Massive npm Supply Chain Attack Hits AntV Ecosystem; Hundreds of JavaScript Packages Compromised https://thecyberexpress.com/hundreds-of-antv-packages-compromised/ - DirtyDecrypt: PoC Released for yet another Linux flaw https://securityaffairs.com/192436/uncategorized/dirtydecrypt-poc-released-for-yet-another-linux-flaw.html

Cyber Daily News for May 19, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - Grafana Labs Confirms Hackers Stole Source Code https://securityaffairs.com/192347/breaking-news/grafana-confirms-github-token-breach-cybercrime-group-claims-the-attack.html - Shai-Hulud worm copycats emerge after source code leak https://securityaffairs.com/192366/malware/shai-hulud-worm-copycats-emerge-after-source-code-leak.html - Poland shifts away from Signal following cyberattacks on officials' accounts https://securityaffairs.com/192381/intelligence/poland-shifts-away-from-signal-following-cyberattacks-on-officials-accounts.html - ShinyHunters hack 7-Eleven: franchisee data and Salesforce records exposed https://securityaffairs.com/192336/data-breach/shinyhunters-hack-7-eleven-franchisee-data-and-salesforce-records-exposed.html - Critical NGINX Vulnerability CVE-2026-42945 Now Under Active Attack https://thecyberexpress.com/nginx-rift-cve-2026-42945-active-exploitation/ - Microsoft Details Storm-2949 Cloud Attack on Azure and Microsoft 365 https://thecyberexpress.com/microsoft-storm-2949-azure-m365-cloud-breach/ - Public Amazon bucket leaks sensitive guest data from Japanese hotel platform Tabiq https://securityaffairs.com/192302/data-breach/public-amazon-bucket-leaks-sensitive-guest-data-from-japanese-hotel-platform-tabiq.html - INTERPOL Busts Massive Cybercrime Network Across MENA, 201 Arrested https://thecyberexpress.com/operation-ramz-targets-mena-networks/

Cyber Daily News for May 18, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE https://www.securityweek.com/researcher-drops-miniplasma-windows-exploit-for-unpatched-2020-cve/ - Exploitation of Critical NGINX Vulnerability Begins https://www.securityweek.com/exploitation-of-critical-nginx-vulnerability-begins/ - Grafana Confirms Breach After Hackers Claim They Stole Data https://www.securityweek.com/grafana-confirms-breach-after-hackers-claim-they-stole-data/ - Hackers Earn $1.3 Million at Pwn2Own Berlin 2026 https://www.securityweek.com/hackers-earn-1-3-million-at-pwn2own-berlin-2026/ - First Shai-Hulud Worm Clones Emerge https://www.securityweek.com/first-shai-hulud-worm-clones-emerge/ - Attackers exploit Funnel Builder bug to inject e-skimmers into e-stores https://securityaffairs.com/192260/cyber-crime/attackers-exploit-funnel-builder-bug-to-inject-e-skimmers-into-e-stores.html - NCSC Publishes Guidance on Securing Agentic AI Use https://www.infosecurity-magazine.com/news/ncsc-publishes-guidance-securing/ - Bank of England, FCA and Treasury Raise Alarm Over Frontier AI https://www.infosecurity-magazine.com/news/bank-england-fca-treasury-alarm/

Cyber Daily News for May 17, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - Pwn2Own Berlin 2026, Day Three: DEVCORE Crowned Master of Pwn, $1.298 Million Total https://securityaffairs.com/192250/hacking/pwn2own-berlin-2026-day-three-devcore-crowned-master-of-pwn-1-298-million-total.html - U.S. CISA adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog https://securityaffairs.com/192240/hacking/u-s-cisa-adds-a-flaw-in-microsoft-exchange-server-to-its-known-exploited-vulnerabilities-catalog.html - Russian APT Turla builds long-term access tool with Kazuar Botnet evolution https://securityaffairs.com/192231/apt/russian-apt-turla-builds-long-term-access-tool-with-kazuar-botnet-evolution.html

Cyber Daily News for May 16, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - CVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-day https://securityaffairs.com/192204/security/cve-2026-42897-microsoft-confirms-active-exploitation-of-exchange-server-zero-day.html - OpenAI hit by supply chain attack linked to malicious TanStack packages https://securityaffairs.com/192222/hacking/openai-hit-by-supply-chain-attack-linked-to-malicious-tanstack-packages.html - Pwn2Own Berlin 2026, Day Two: $385,750 more, Microsoft Exchange falls, and the running total crosses $900K https://securityaffairs.com/192209/security/pwn2own-berlin-2026-day-two-385750-more-microsoft-exchange-falls-and-the-running-total-crosses-900k.html - PoC Code Published for Critical NGINX Vulnerability https://www.securityweek.com/poc-code-published-for-critical-nginx-vulnerability/ - Gremlin Stealer Evolves into Modular Threat with Advanced Evasion Capabilities https://www.infosecurity-magazine.com/news/gremlin-stealer-evolves-into/ - Microsoft Reports Severe Zero-Day Flaw in On-Prem Exchange Servers https://www.infosecurity-magazine.com/news/microsoft-zeroday-exchange-servers/ - Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild https://www.securityweek.com/microsoft-warns-of-exchange-server-zero-day-exploited-in-the-wild/ - In Other News: Big Tech vs Canada Encryption Bill, Cisco's Free AI Security Spec, Audi App Flaws https://www.securityweek.com/in-other-news-big-tech-vs-canada-encryption-bill-ciscos-free-ai-security-spec-audi-app-flaws/

Cyber Daily News for May 15, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - NGINX Rift: an 18-year-old flaw in the world's most deployed web server just came to light https://securityaffairs.com/192132/hacking/nginx-rift-an-18-year-old-flaw-in-the-worlds-most-deployed-web-server-just-came-to-light.html - OpenAI Confirms Limited Impact From TanStack npm Supply Chain Attack, Urges macOS App Updates https://thecyberexpress.com/tanstack-npm-supply-chain-attack/ - Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026 https://www.securityweek.com/cisco-patches-another-sd-wan-zero-day-the-sixth-exploited-in-2026/ - New Fragnesia Flaw Hands Linux Local Users Root Access https://www.infosecurity-magazine.com/news/fragnesia-linux-kernel-lpe-root/ - Researchers uncover YellowKey and GreenPlasma Windows Zero-Days https://securityaffairs.com/192173/hacking/researchers-uncover-yellowkey-and-greenplasma-windows-zero-days.html - TeamPCP Ups the Game, Releases Shai-Hulud Worm's Source Code https://www.securityweek.com/teampcp-ups-the-game-releases-shai-hulud-worms-source-code/ - Pwn2Own Berlin 2026, Day One: $523,000 paid out, AI products fall https://securityaffairs.com/192183/hacking/pwn2own-berlin-2026-day-one-523000-paid-out-ai-products-fall.html - Chinese APTs Expand Targets, Update Backdoors in Recent Campaigns https://www.securityweek.com/chinese-apts-expand-targets-update-backdoors-in-recent-campaigns/

Cyber Daily News for May 14, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - Microsoft Patch Tuesday for May 2026 fix 138 bugs, some of them are alarming https://securityaffairs.com/192086/uncategorized/microsoft-patch-tuesday-for-may-2026-fix-138-bugs-some-of-them-are-alarming.html - Quest KACE SMA flaw CVE-2025-32975: when one unpatched tool opens the door to 60 organizations https://securityaffairs.com/192067/security/quest-kace-sma-flaw-cve-2025-32975-when-one-unpatched-tool-opens-the-door-to-60-organizations.html - Foxconn Confirms North American Factories Hit by Cyberattack https://www.securityweek.com/foxconn-confirms-north-american-factories-hit-by-cyberattack/ - Exim BDAT Vulnerability Exposes Email Servers to Remote Attacks https://thecyberexpress.com/exim-bdat-vulnerability-cve-2026-45185/ - OpenLoop Health confirms January 2026 Data breach affecting 716,000 https://securityaffairs.com/192066/uncategorized/openloop-health-confirms-january-2026-data-breach-affecting-716000.html - Hackers Targeted PraisonAI Vulnerability Hours After Disclosure https://www.securityweek.com/hackers-targeted-praisonai-vulnerability-hours-after-disclosure/ - FamousSparrow targets Azerbaijani energy sector in multi-wave espionage campaign https://securityaffairs.com/192113/apt/famoussparrow-targets-azerbaijani-energy-sector-in-multi-wave-espionage-campaign.html - Researcher Drops YellowKey, GreenPlasma Windows Zero-Days https://www.securityweek.com/researcher-drops-yellowkey-greenplasma-windows-zero-days/

Cyber Daily News for May 13, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises https://www.securityweek.com/microsoft-patches-critical-zero-click-outlook-vulnerability-threatening-enterprises/ - Microsoft Patches 137 Vulnerabilities in May Patch Tuesday https://www.securityweek.com/microsoft-patches-137-vulnerabilities/ - Critical Fortinet vulnerabilities fixed in FortiSandbox and FortiAuthenticator https://securityaffairs.com/192047/security/critical-fortinet-vulnerabilities-fixed-in-fortisandbox-and-fortiauthenticator.html - Mini Shai-Hulud Hits TanStack npm Packages https://www.infosecurity-magazine.com/news/mini-shai-hulud-tanstack-npm/ - Hundreds of Malicious Packages Force RubyGems to Suspend Registrations https://www.securityweek.com/hundreds-of-malicious-packages-force-rubygems-to-suspend-registrations/ - Hackers accessed BWH Hotels reservation system for months https://securityaffairs.com/192038/data-breach/hackers-accessed-bwh-hotels-reservation-system-for-months.html - End-to-End Encrypted RCS Messaging Arrives Across iPhone and Android https://www.infosecurity-magazine.com/news/apple-google-rcs-end-to-end/ - The world's most Dangerous AI, Anthropic's Mythos, found only one flaw in curl https://securityaffairs.com/192029/hacking/the-worlds-most-dangerous-ai-anthropics-mythos-found-only-one-flaw-in-curl.html

Cyber Daily News for May 12, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - Google Detects First AI-Generated Zero-Day Exploit https://www.securityweek.com/google-detects-first-ai-generated-zero-day-exploit/ - TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack https://www.securityweek.com/tanstack-mistral-ai-uipath-hit-in-fresh-supply-chain-attack/ - WannaCry, the ransomware attack that changed the history of cybersecurity https://securityaffairs.com/192015/malware/wannacry-the-ransomware-attack-that-changed-the-history-of-cybersecurity.html - Rushed Patches Follow Broken Embargo on New Linux Kernel Vulnerabilities https://www.infosecurity-magazine.com/news/dirty-frag-linux-kernel/ - Identity security firm SailPoint discloses GitHub repository breach https://securityaffairs.com/191997/data-breach/identity-security-firm-sailpoint-discloses-github-repository-breach.html - Fake Claude Code Page Pushes PowerShell Stealer at Devs https://www.infosecurity-magazine.com/news/fake-claude-code-installer/ - TrickMo Variant Routes Android Trojan Traffic Through TON https://www.infosecurity-magazine.com/news/trickmo-c-ton-network-android/ - OpenAI Introduces AI Security Platform as Cyber Defense Race Heats Up https://thecyberexpress.com/openai-daybreak-introduces-gpt-5-5/

Cyber Daily News for May 11, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - ShinyHunters Escalates Canvas Extortion with School by School Ransom Campaign https://www.infosecurity-magazine.com/news/shinyhunters-escalates-canvas/ - New 'Dirty Frag' Linux Vulnerability Possibly Exploited in Attacks https://www.securityweek.com/new-dirty-frag-linux-vulnerability-possibly-exploited-in-attacks/ - Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack https://www.securityweek.com/checkmarx-jenkins-ast-plugin-compromised-in-supply-chain-attack/ - Zara Data Breach Impacts Nearly 200,000 Customers https://www.infosecurity-magazine.com/news/zara-data-breach-impacts-200000/ - Official JDownloader site served malware to Windows and Linux users between May 6 and May 7 https://securityaffairs.com/191920/malware/official-jdownloader-site-served-malware-to-windows-and-linux-users.html - SailPoint Discloses GitHub Repository Hack https://www.securityweek.com/sailpoint-discloses-github-repository-hack/ - Over 500 Organizations Hit in Years-Long Phishing Campaign https://www.securityweek.com/over-500-organizations-hit-in-years-long-phishing-campaign/ - U.S. CISA adds a flaw in BerriAI LiteLLM to its Known Exploited Vulnerabilities catalog https://securityaffairs.com/191964/security/u-s-cisa-adds-a-flaw-in-berriai-litellm-to-its-known-exploited-vulnerabilities-catalog.html

Cyber Daily News for May 10, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - Dirty Frag: A new Linux privilege escalation vulnerability is already in the wild https://securityaffairs.com/191847/hacking/dirty-frag-a-new-linux-privilege-escalation-vulnerability-is-already-in-the-wild.html - Cyberattacks on Poland's Water Plants: A Blueprint for Hybrid Warfare https://securityaffairs.com/191868/security/cyberattacks-on-polands-water-plants-a-blueprint-for-hybrid-warfare.html - RansomHouse says it breached Trellix and exposes internal systems https://securityaffairs.com/191879/cyber-crime/ransomhouse-says-it-breached-trellix-and-exposes-internal-systems.html - Quasar Linux RAT (QLNX): A Fileless Linux Implant Built for Stealth and Persistence https://securityaffairs.com/191898/malware/quasar-linux-rat-qlnx-a-fileless-linux-implant-built-for-stealth-and-persistence.html - Braintrust security incident raises concerns over AI supply chain risks https://securityaffairs.com/191888/data-breach/braintrust-security-incident-raises-concerns-over-ai-supply-chain-risks.html - Zara Data Breach: 197,000 Customers Exposed in Third-Party Security Incident https://securityaffairs.com/191859/cyber-crime/zara-data-breach-197000-customers-exposed-in-third-party-security-incident.html - In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner https://www.securityweek.com/in-other-news-train-hacker-arrested-pamdoora-linux-backdoor-new-cisa-director-frontrunner/ - Fake Moustache Trick Raises Questions Over UK Online Safety Act Age Checks https://thecyberexpress.com/online-safety-act-age-verification/

Cyber Daily News for May 9, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - RansomHouse says it breached Trellix and exposes internal systems https://securityaffairs.com/191879/cyber-crime/ransomhouse-says-it-breached-trellix-and-exposes-internal-systems.html - Cyberattacks on Poland's Water Plants: A Blueprint for Hybrid Warfare https://securityaffairs.com/191868/security/cyberattacks-on-polands-water-plants-a-blueprint-for-hybrid-warfare.html - Braintrust security incident raises concerns over AI supply chain risks https://securityaffairs.com/191888/data-breach/braintrust-security-incident-raises-concerns-over-ai-supply-chain-risks.html - Zara Data Breach: 197,000 Customers Exposed in Third-Party Security Incident https://securityaffairs.com/191859/cyber-crime/zara-data-breach-197000-customers-exposed-in-third-party-security-incident.html - In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner https://www.securityweek.com/in-other-news-train-hacker-arrested-pamdoora-linux-backdoor-new-cisa-director-frontrunner/ - The Cyber Express Weekly Roundup: EU AI Act Updates, Malware Expansion, Critical Vulnerabilities, and Rising Cybercrime Trends https://thecyberexpress.com/tce-weekly-roundup-ai-malware-fbi-cyber-alerts/

Cyber Daily News for May 8, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - Palo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking https://www.securityweek.com/palo-alto-zero-day-exploited-in-campaign-bearing-hallmarks-of-chinese-state-hacking/ - Dirty Frag Linux Vulnerability Exposes Major Distributions to Root Access Attacks https://thecyberexpress.com/dirty-frag-linux-lpe-cve-2026-31431/ - OpenAI and Anthropic LLMs Used in Critical Infrastructure Cyber-Attack, Warns Dragos https://www.infosecurity-magazine.com/news/llm-critical-infrastructure/ - Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks https://www.securityweek.com/ivanti-patches-epmm-zero-day-exploited-in-targeted-attacks/ - Cyberattack Hits Canvas System Used by Thousands of Schools as Finals Loom https://www.securityweek.com/cyberattack-hits-canvas-system-used-by-thousands-of-schools-as-finals-loom/ - Ransomware Group Takes Credit for Trellix Hack https://www.securityweek.com/ransomware-group-takes-credit-for-trellix-hack/ - Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking https://www.securityweek.com/claude-code-oauth-tokens-can-be-stolen-through-stealthy-mcp-hijacking/ - Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover https://www.securityweek.com/vulnerability-in-claude-extension-for-chrome-exposes-ai-agent-to-takeover/

Cyber Daily News for May 7, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - Daemon Tools Developer Confirms Software Was Trojanized https://www.infosecurity-magazine.com/news/daemon-tools-confirms-software/ - U.S. CISA adds a flaw in Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities catalog https://securityaffairs.com/191780/security/u-s-cisa-adds-a-flaw-in-palo-alto-networks-pan-os-to-its-known-exploited-vulnerabilities-catalog.html - Global Instructure Breach Hits Queensland Schools Through QLearn Platform https://thecyberexpress.com/qlearn-cybersecurity-incident-hits-schools/ - Claude AI Guided Hackers Toward OT Assets During Water Utility Intrusion https://www.securityweek.com/claude-ai-guided-hackers-toward-ot-assets-during-water-utility-intrusion/ - Taiwan High-Speed Rail Emergency Braking Hack https://securityaffairs.com/191785/hacking/taiwan-high-speed-rail-emergency-braking-hack-how-a-student-stopped-the-trains-and-exposed-a-major-security-gap.html - Iran-Linked APT Posed as Chaos Ransomware Member in Espionage Campaign https://www.infosecurity-magazine.com/news/iran-linked-apt-chaos-ransomware/ - CloudZ Malware Abuses Phone Link to Steal SMS OTPs https://www.infosecurity-magazine.com/news/cloudz-rat-pheno-phone-link-otp/ - Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack https://www.securityweek.com/gemini-cli-vulnerability-could-have-led-to-code-execution-supply-chain-attack/

Cyber Daily News for May 6, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - Palo Alto Networks PAN-OS flaw exploited for remote code execution https://securityaffairs.com/191748/security/palo-alto-networks-pan-os-flaw-exploited-for-remote-code-execution.html - Malicious PyTorch Lightning update hits AI supply chain security https://securityaffairs.com/191732/ai/malicious-pytorch-lightning-update-hits-ai-supply-chain-security.html - Vimeo confirms breach via third-party vendor impacts 119K users https://securityaffairs.com/191715/data-breach/vimeo-confirms-breach-via-third-party-vendor-impacts-119k-users.html - Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations https://www.securityweek.com/microsoft-warns-of-sophisticated-phishing-campaign-targeting-us-organizations/ - New Infostealer Dubbed 'Pheno' Hijacks Windows' Phone Link App to Steal MFA OTPs https://thecyberexpress.com/new-infostealer-pheno-steals-mfa-otps/ - Critical Android vulnerability CVE-2026-0073 fixed by Google https://securityaffairs.com/191710/breaking-news/critical-android-vulnerability-cve-2026-0073-fixed-by-google.html - U.S. court sentences Karakurt ransomware negotiator to 8.5 years https://securityaffairs.com/191722/cyber-crime/u-s-court-sentences-karakurt-ransomware-negotiator-to-8-5-years.html - Critical Bug Could Expose 300,000 Ollama Deployments to Information Theft https://www.securityweek.com/critical-bug-could-expose-300000-ollama-deployments-to-information-theft/

Cyber Daily News for May 5, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - Microsoft warns of global campaign stealing auth tokens from 35K users https://securityaffairs.com/191695/security/microsoft-warns-of-global-campaign-stealing-auth-tokens-from-35k-users.html - MOVEit automation flaws could enable full system compromise https://securityaffairs.com/191681/security/moveit-automation-flaws-could-enable-full-system-compromise.html - Hackers target governments and MSPs via critical cPanel flaw CVE-2026-41940 https://securityaffairs.com/191666/breaking-news/hackers-target-governments-and-msps-via-critical-cpanel-flaw-cve-2026-41940.html - Trellix Source Code Repository Breached https://www.securityweek.com/trellix-source-code-repository-breached/ - DigiCert Revokes Certificates After Support Portal Hack https://www.securityweek.com/digicert-revokes-certificates-after-support-portal-hack/ - Instructure Confirms Canvas Cybersecurity Incident, User Data Accessed https://thecyberexpress.com/canvas-cybersecurity-incident/ - NCSC Warns of an AI-Fuelled Vulnerability Patch Wave https://www.infosecurity-magazine.com/news/ncsc-warns-aifuelled-vulnerability/ - Cisco Moves to Acquire Astrix Security to Tackle Non-Human Identity Risks https://www.securityweek.com/cisco-moves-to-acquire-astrix-security-to-tackle-non-human-identity-risks/

Cyber Daily News for May 4, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - AI speeds flaw discovery, forcing rapid updates, UK NCSC warns https://securityaffairs.com/191657/security/ai-speeds-flaw-discovery-forcing-rapid-updates-uk-ncsc-warns.html - Over 40,000 Servers Compromised in Ongoing cPanel Exploitation https://www.securityweek.com/over-40000-servers-compromised-in-ongoing-cpanel-exploitation/ - Salt Typhoon breach IBM subsidiary in Italy: a warning for Europe's digital defenses https://securityaffairs.com/191638/apt/salt-typhoon-breach-ibm-subsidiary-in-italy-a-warning-for-europes-digital-defenses.html - Bluekit phishing kit enables automated phishing with 40+ templates and AI tools https://securityaffairs.com/191646/cyber-crime/bluekit-phishing-kit-enables-automated-phishing-with-40-templates-and-ai-tools.html - Exploitation of 'Copy Fail' Linux Vulnerability Begins https://www.securityweek.com/exploitation-of-copy-fail-linux-vulnerability-begins/ - OpenAI Rolls Out Advanced Security for ChatGPT Accounts https://www.securityweek.com/openai-rolls-out-advanced-security-for-chatgpt-accounts/ - FBI Warns of Surge in Cyber-Enabled Cargo Theft Targeting Logistics Firms https://thecyberexpress.com/cyber-enabled-cargo-theft-fbi-issues-alert/ - Edtech Firm Instructure Discloses Data Breach Amid Hacker Leak Threats https://www.securityweek.com/edtech-firm-instructure-discloses-data-breach/

Cyber Daily News for May 3, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - Trellix discloses the breach of a code repository https://securityaffairs.com/191584/data-breach/trellix-discloses-the-breach-of-a-code-repository.html - Google Revamps Bug Bounty Programs: Android Rewards Rise, Chrome Payouts Drop in the Age of AI https://securityaffairs.com/191600/security/google-revamps-bug-bounty-programs-android-rewards-rise-chrome-payouts-drop-in-the-age-of-ai.html - Two US cybersecurity experts sentenced in ransomware case, third awaits July ruling https://securityaffairs.com/191591/cyber-crime/two-us-cybersecurity-experts-sentenced-in-ransomware-case-third-awaits-july-ruling.html

Cyber Daily News for May 2, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - New Deep#Door RAT uses stealth and persistence to target Windows https://securityaffairs.com/191567/malware/new-deepdoor-rat-uses-stealth-and-persistence-to-target-windows.html - Scattered Spider Hacker Arrested https://www.securityweek.com/in-other-news-scattered-spider-hacker-arrested-soc-effectiveness-metrics-nsa-tool-vulnerability/ - Carding service Jerry's Store leak exposes 345,000 stolen payment cards https://securityaffairs.com/191536/cyber-crime/carding-service-jerrys-store-leak-exposes-345000-stolen-payment-cards.html - Digital attacks drive a new wave of cargo theft, FBI says https://securityaffairs.com/191556/cyber-crime/digital-attacks-drive-a-new-wave-of-cargo-theft-fbi-says.html - New Bluekit Phishing Kit Features AI Assistant https://www.securityweek.com/new-bluekit-phishing-kit-features-ai-assistant/ - Google Adjusts Bug Bounties: Chrome Payouts Drop as Android Rewards Rise Amid AI Surge https://www.securityweek.com/google-adjusts-bug-bounties-chrome-payouts-drop-as-android-rewards-rise-amid-ai-surge/ - OFAC sanctions Iranian central bank crypto reserves https://www.securityweek.com/in-other-news-scattered-spider-hacker-arrested-soc-effectiveness-metrics-nsa-tool-vulnerability/ - ADT discloses data leak https://www.securityweek.com/in-other-news-scattered-spider-hacker-arrested-soc-effectiveness-metrics-nsa-tool-vulnerability/

Cyber Daily News for May 1, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - Copy Fail: New Linux bug enables Root via page-cache corruption https://securityaffairs.com/191519/hacking/copy-fail-new-linux-bug-enables-root-via-page-cache-corruption.html - Nine-Year-Old Zero-Day Flaw in Linux Kernel Discovered by AI-Equipped Security Researcher https://www.infosecurity-magazine.com/news/zero-day-2017-linux-kernel/ - SonicWall patches three SonicOS flaws in Gen 6, 7 and 8 firewalls https://securityaffairs.com/191527/security/sonicwall-patches-three-sonicos-flaws-in-gen-6-7-and-8-firewalls-patch-them-now.html - 1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom https://www.securityweek.com/1800-hit-in-mini-shai-hulud-attack-on-sap-lightning-intercom/ - Anthropic launches Claude Security to counter rapid AI-Powered exploits https://securityaffairs.com/191532/ai/anthropic-launches-claude-security-to-counter-rapid-ai-powered-exploits.html - Agent's claims on WhatsApp access spark security concerns https://securityaffairs.com/191515/social-networks/agents-claims-on-whatsapp-access-spark-security-concerns.html - Critical Gemini CLI Flaw Enabled Host Code Execution, Supply Chain Attacks https://www.securityweek.com/critical-gemini-cli-flaw-enabled-host-code-execution-supply-chain-attacks/ - Three Arrested for Hacking Over 610,000 Roblox Accounts https://www.infosecurity-magazine.com/news/three-arrested-over-roblox-hacking/

Cyber Daily News for April 30, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - 'Copy Fail' Logic Flaw in Linux Kernel Enables System Takeover https://www.securityweek.com/copy-fail-logic-flaw-in-linux-kernel-enables-system-takeover/ - CVE-2026-41940: Critical cPanel Authentication Bypass Exposes Hosting Systems https://thecyberexpress.com/cpanel-cve-2026-41940-auth-bypass/ - CVE-2026-42208: LiteLLM bug exploited 36 hours after its disclosure https://securityaffairs.com/191483/hacking/cve-2026-42208-litellm-bug-exploited-36-hours-after-its-disclosure.html - Cursor Extension Flaw Exposes Developer API Keys https://www.infosecurity-magazine.com/news/cursor-extension-flaw-exposes-api/ - Researchers Track 2.9 Billion Compromised Credentials https://www.infosecurity-magazine.com/news/29-billion-compromised-credentials/ - Malicious npm Dependency Linked to AI Assisted Commit Targets Crypto Wallets https://www.infosecurity-magazine.com/news/ai-npm-dependency-targets-crypto/ - Sandhills Medical Says Ransomware Breach Affects 170,000 https://www.securityweek.com/sandhills-medical-says-ransomware-breach-affects-170000/ - Hundreds of Internet-Facing VNC Servers Expose ICS/OT https://www.securityweek.com/hundreds-of-internet-facing-vnc-servers-expose-ics-ot/

Cyber Daily News for April 29, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - Critical GitHub Vulnerability Exposed Millions of Repositories https://www.securityweek.com/critical-github-vulnerability-exposed-millions-of-repositories/ - AI Agent Deleted Production Database in 9 Secs; Then Confessed Every Rule It Broke https://thecyberexpress.com/ai-agent-deleted-production-database-in-9-secs/ - Vimeo Confirms User and Customer Data Breach https://www.securityweek.com/vimeo-confirms-user-and-customer-data-breach/ - Medtronic Confirms Data Breach After ShinyHunters Claims https://www.infosecurity-magazine.com/news/medtronic-data-breach-shinyhunters/ - U.S. CISA adds Microsoft Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog https://securityaffairs.com/191442/security/u-s-cisa-adds-microsoft-windows-shell-and-connectwise-screenconnect-flaws-to-its-known-exploited-vulnerabilities-catalog.html - Critical Flaw Turns Vect Ransomware into Data Destroying Wiper https://www.infosecurity-magazine.com/news/critical-flaw-vect-ransomware-data/ - Iranian Cyber Group Handala Targets US Troops in Bahrain https://www.securityweek.com/iranian-cyber-group-handala-targets-us-troops-in-bahrain/ - Signal Phishing Campaign Targets German Officials in Suspected Russian Operation https://securityaffairs.com/191425/intelligence/signal-phishing-campaign-targets-german-officials-in-suspected-russian-operation.html

Cyber Daily News for April 28, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - Medtronic Hack Confirmed After ShinyHunters Threatens Data Leak https://www.securityweek.com/medtronic-hack-confirmed-after-shinyhunters-threatens-data-leak/ - OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years https://www.securityweek.com/openssh-flaw-allowing-full-root-shell-access-lurked-for-15-years/ - Incomplete Windows Patch Opens Door to Zero-Click Attacks https://www.securityweek.com/incomplete-windows-patch-opens-door-to-zero-click-attacks/ - North Korean Hackers Target Crypto Firms with ClickFix and AI-Made Zoom Lures https://www.infosecurity-magazine.com/news/bluenoroff-dprk-hackers-target/ - Germany Suspects Russia Is Behind Signal Phishing That Targeted Top Officials https://www.securityweek.com/germany-suspects-russia-is-behind-signal-phishing-that-targeted-top-officials/ - LinkedIn BrowserGate https://securityaffairs.com/191383/security/linkedin-browsergate.html - Notepad++ Releases 8.9.4 Patch to Fix String Injection Vulnerability (CVE-2026-3008) https://thecyberexpress.com/notepad-cve-2026-3008-vulnerability/ - New Android spyware Morpheus linked to Italian surveillance firm https://securityaffairs.com/191398/malware/new-android-spyware-morpheus-linked-to-italian-surveillance-firm.html

Cyber Daily News for April 27, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - Critical bug in CrowdStrike LogScale let attackers access files https://securityaffairs.com/191343/hacking/critical-bug-in-crowdstrike-logscale-let-attackers-access-files.html - Firefox bug CVE-2026-6770 enabled cross-site tracking and Tor fingerprinting https://securityaffairs.com/191374/security/firefox-bug-cve-2026-6770-enabled-cross-site-tracking-and-tor-fingerprinting.html - Easily Exploitable 'Pack2TheRoot' Linux Vulnerability Leads to Root Access https://www.securityweek.com/easily-exploitable-pack2theroot-linux-vulnerability-leads-to-root-access/ - U.S. utility giant Itron discloses a security breach https://securityaffairs.com/191360/data-breach/u-s-utility-giant-itron-discloses-a-security-breach.html - Researchers Identify Fast16 Sabotage Malware That Pre-Dates Stuxnet https://securityaffairs.com/191325/malware/fast16-pre-stuxnet-malware-that-targeted-precision-engineering-software.html - Italy moves to extradite Chinese national to the U.S. over hacking charges https://securityaffairs.com/191368/apt/italy-moves-to-extradite-chinese-national-to-the-u-s-over-hacking-charges.html - eBay Struggles with Widespread Outage, Disrupting Transactions and API Access https://thecyberexpress.com/ebay-outage-april-2026-ddos-attack/ - US Launches Sweeping Crackdown on Southeast Asia Cyberscams and Sanctions Cambodian Senator https://www.securityweek.com/us-launches-sweeping-crackdown-on-southeast-asia-cyberscams-and-sanctions-cambodian-senator/

Cyber Daily News for April 26, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - U.S. CISA adds SimpleHelp, Samsung, and D-Link flaws to its Known Exploited Vulnerabilities catalog https://securityaffairs.com/191281/security/u-s-cisa-adds-simplehelp-samsung-and-d-link-flaws-to-its-known-exploited-vulnerabilities-catalog.html - Checkmarx supply chain attack impacts Bitwarden npm distribution path https://securityaffairs.com/191215/uncategorized/checkmarx-supply-chain-attack-impacts-bitwarden-npm-distribution-path.html - Over 400,000 sites at risk as hackers exploit Breeze Cache plugin flaw (CVE-2026-3844) https://securityaffairs.com/191267/uncategorized/over-400000-sites-at-risk-as-hackers-exploit-breeze-cache-plugin-flaw-cve-2026-3844.html - CISA reports persistent FIRESTARTER backdoor on Cisco ASA device in federal network https://securityaffairs.com/191241/hacking/cisa-reports-persistent-firestarter-backdoor-on-cisco-asa-device-in-federal-network.html - Trigona ransomware adopts custom tool to steal data and evade detection https://securityaffairs.com/191294/cyber-crime/trigona-ransomware-adopts-custom-tool-to-steal-data-and-evade-detection.html - 12-year-old Pack2TheRoot bug lets Linux users gain root privileges https://securityaffairs.com/191231/security/12-year-old-pack2theroot-bug-lets-linux-users-gain-root-privileges.html - Signal phishing campaign targets Germany's Bundestag President Julia Klockner https://securityaffairs.com/191224/intelligence/signal-phishing-campaign-targets-germanys-bundestag-president-julia-klockner.html - Security Affairs newsletter Round 574 by Pierluigi Paganini - INTERNATIONAL EDITION https://securityaffairs.com/191305/breaking-news/security-affairs-newsletter-round-574-by-pierluigi-paganini-international-edition.html

Cyber Daily News for April 25, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - UK Biobank Data Breach: Health Data of 500,000 Listed for Sale in China https://www.infosecurity-magazine.com/news/uk-biobank-data-beach-health-data/ - CISA reports persistent FIRESTARTER backdoor on Cisco ASA device in federal network https://securityaffairs.com/191241/hacking/cisa-reports-persistent-firestarter-backdoor-on-cisco-asa-device-in-federal-network.html - 12-year-old Pack2TheRoot bug lets Linux users gain root privileges https://securityaffairs.com/191231/security/12-year-old-pack2theroot-bug-lets-linux-users-gain-root-privileges.html - Signal phishing campaign targets Germany's Bundestag President Julia Klöckner https://securityaffairs.com/191224/intelligence/signal-phishing-campaign-targets-germanys-bundestag-president-julia-klockner.html - China-Linked APT GopherWhisper Abuses Legitimate Services in Government Attacks https://www.securityweek.com/china-linked-apt-gopherwhisper-abuses-legitimate-services-in-government-attacks/ - Locked Shields 2026: 41 Nations Strengthen Cyber Resilience in World's Biggest Exercise https://www.securityweek.com/locked-shields-2026-41-nations-strengthen-cyber-resilience-in-worlds-biggest-exercise/ - Pre-Stuxnet Sabotage Malware 'Fast16' Linked to US-Iran Cyber Tensions https://www.securityweek.com/pre-stuxnet-sabotage-malware-fast16-linked-to-us-iran-cyber-tensions/ - AI Rush is Reviving Old Cybersecurity Mistakes, Mandiant VP Warns https://www.infosecurity-magazine.com/news/ai-old-cybersecurity-mistakes/

Cyber Daily News for April 24, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - Bitwarden NPM Package Hit in Supply Chain Attack https://www.securityweek.com/bitwarden-npm-package-hit-in-supply-chain-attack/ - China-linked threat actors use consumer device botnets to evade detection, warn UK and partners https://securityaffairs.com/191202/security/china-linked-threat-actors-use-consumer-device-botnets-to-evade-detection-warn-uk-and-partners.html - UK Biobank Leak Prompts Urgent Review of Data Protection in Biomedical Research https://thecyberexpress.com/uk-biobank-data-breach-healthcare/ - Apple Fixes iOS Notification Bug Exposing Deleted Messages https://www.infosecurity-magazine.com/news/apple-ios-notification-bug-deleted/ - Vulnerabilities Patched in CrowdStrike, Tenable Products https://www.securityweek.com/vulnerabilities-patched-in-crowdstrike-tenable-products/ - Chinese Cybersecurity Firm's AI Hacking Claims Draw Comparisons to Claude Mythos https://www.securityweek.com/chinese-cybersecurity-firms-ai-hacking-claims-draw-comparisons-to-claude-mythos/ - Luxury cosmetics giant Rituals discloses data breach impacting member personal details https://securityaffairs.com/191192/data-breach/rituals-discloses-a-data-breach-impacting-member-personal-details.html - Google Favors General-Purpose Gemini Models Over Cybersecurity-Specific AI https://www.infosecurity-magazine.com/news/google-gemini-over-cyber-specific/

Cyber Daily News for April 23, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - U.S. CISA adds a flaw in Microsoft Defender to its Known Exploited Vulnerabilities catalog https://securityaffairs.com/191164/hacking/u-s-cisa-adds-a-flaw-in-microsoft-defender-to-its-known-exploited-vulnerabilities-catalog.html - Microsoft out-of-band updates fixed critical ASP.NET Core privilege escalation flaw https://securityaffairs.com/191130/security/microsoft-out-of-band-updates-fixed-critical-asp-net-core-privilege-escalation-flaw.html - Apple Patches iOS Flaw Allowing Recovery of Deleted Chats https://www.securityweek.com/apple-patches-ios-flaw-allowing-recovery-of-deleted-chats/ - AI Can Autonomously Hack Cloud Systems With Minimal Oversight: Researchers https://www.securityweek.com/ai-can-autonomously-hack-cloud-systems-with-minimal-oversight-researchers/ - Hacker Active Well Beyond Context.ai Compromise, Says Vercel CEO https://thecyberexpress.com/vercel-hacker-active-beyond-context-ai-hack/ - University of Warsaw Data Breach Exposes 200,000+ Sensitive Files on Darknet https://thecyberexpress.com/university-of-warsaw-cyberattack/ - Exposed Server Reveals AI-Assisted Credential Harvesting Factory https://thecyberexpress.com/bissa-scanner-ai-assisted-credential-factory/ - Researchers Uncover 10 In-the-Wild Prompt Injection Payloads Targeting AI Agents https://www.infosecurity-magazine.com/news/researchers-10-wild-indirect/

Cyber Daily News for April 22, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - North Korea's Lazarus APT stole $290M from Kelp DAO https://securityaffairs.com/191092/digital-id/north-koreas-lazarus-apt-stole-290m-from-kelp-dao.html - Oracle Patches 450 Vulnerabilities With April 2026 CPU https://www.securityweek.com/oracle-patches-450-vulnerabilities-with-april-2026-cpu/ - Venezuela energy sector targeted by highly destructive Lotus wiper https://securityaffairs.com/191106/malware/venezuela-energy-sector-targeted-by-highly-destructive-lotus-wiper.html - Ransomware negotiator caught secretly assisting BlackCat extortion scheme https://securityaffairs.com/191100/security/ransomware-negotiator-caught-secretly-assisting-blackcat-extortion-scheme.html - North Korean Hackers Use AppleScript, ClickFix in Fresh macOS Attacks https://www.securityweek.com/north-korean-hackers-use-applescript-clickfix-in-fresh-macos-attacks/ - Unchecked AI Agents Cause Cybersecurity Incidents at Two Thirds of Firms https://www.infosecurity-magazine.com/news/unchecked-ai-agents-cause/ - Google Antigravity in Crosshairs of Security Researchers, Cybercriminals https://www.securityweek.com/google-antigravity-in-crosshairs-of-security-researchers-cybercriminals/ - UK Faces a Cyber 'Perfect Storm' Driven by Tech Advances and Nation State Threats, NCSC Warns https://www.infosecurity-magazine.com/news/uk-faces-a-cyber-perfect-storm-ncsc/

Cyber Daily News for April 21, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - North Korean Blamed for $290m KelpDAO Crypto Heist https://www.infosecurity-magazine.com/news/north-korean-blamed-290m-kelpdao/ - U.S. CISA adds Cisco Catalyst, Kentico Xperience, PaperCut NG/MF, Synacor ZCS, Quest KACE SMA, and JetBrains TeamCity flaws to its Known Exploited Vulnerabilities catalog https://securityaffairs.com/191080/hacking/u-s-cisa-adds-cisco-catalyst-kentico-xperience-papercut-ng-mf-synacor-zcs-quest-kace-sma-and-jetbrains-teamcity-flaws-to-its-known-exploited-vulnerabilities-catalog.html - The US NSA is using Anthropic's Claude Mythos despite supply chain risk https://securityaffairs.com/191087/ai/the-us-nsa-is-using-anthropics-claude-mythos-despite-supply-chain-risk.html - ZionSiphon Malware Targets Water Infrastructure Systems https://www.infosecurity-magazine.com/news/zionsiphon-malware-water/ - Vercel Confirms Cyber Incident After Sophisticated Attacker Exploits Third-Party Tool https://www.infosecurity-magazine.com/news/vercel-cyber-incident-threat-actor/ - Bluesky hit by 24-hour DDoS attack as pro-Iran group claims responsibility https://securityaffairs.com/191059/security/bluesky-hit-by-24-hour-ddos-attack-as-pro-iran-group-claims-responsibility.html - France's ANTS ID System website hit by cyberattack, possible data breach https://securityaffairs.com/191069/data-breach/frances-ants-id-system-website-hit-by-cyberattack-possible-data-breach.html - Scattered Spider member Tyler Buchanan pleads guilty to major crypto theft https://securityaffairs.com/191052/cyber-crime/scattered-spider-member-tyler-buchanan-pleads-guilty-to-major-crypto-theft.html

Cyber Daily News for April 20, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - Next.js Creator Vercel Hacked https://www.securityweek.com/next-js-creator-vercel-hacked/ - AI Model Claude Opus turns bugs into exploits for just $2,283 https://securityaffairs.com/191018/ai/ai-model-claude-opus-turns-bugs-into-exploits-for-just-2283.html - Cisco Patches Critical ISE Vulnerabilities Allowing Remote Code Execution Attacks https://thecyberexpress.com/cisco-ise-vulnerabilities-enable-rce/ - Senate Extends Surveillance Powers Until April 30 After Chaotic Votes in House https://www.securityweek.com/senate-extends-surveillance-powers-until-april-30-after-chaotic-votes-in-house/ - Cyber attacks fuel surge in cargo theft across logistics industry https://securityaffairs.com/191008/security/cyber-attacks-fuel-surge-in-cargo-theft-across-logistics-industry.html - Half of the 6 Million Internet-Facing FTP Servers Lack Encryption https://www.securityweek.com/half-of-the-6-million-internet-facing-ftp-servers-lack-encryption/ - UAE Cyber Security Council Warns 1 in 4 Public Files Contain Sensitive Personal Data https://thecyberexpress.com/cyber-security-council-alerts-on-public/ - Crypto Exchange Grinex Blames Western Spies for $13m Theft https://www.infosecurity-magazine.com/news/crypto-exchange-grinex-western/

Cyber Daily News for April 19, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - Microsoft Defender under attack as three zero-days, two of them still unpatched, enable elevated access https://securityaffairs.com/190961/hacking/microsoft-defender-under-attack-as-three-zero-days-two-of-them-still-unpatched-enable-elevated-access.html - Operation PowerOFF: 53 DDoS domains seized and 3 Million criminal accounts uncovered https://securityaffairs.com/190932/cyber-crime/operation-poweroff-53-ddos-domains-seized-and-3-million-criminal-accounts-uncovered.html - Hidden VMs: how hackers leverage QEMU to stealthily steal data and spread malware https://securityaffairs.com/190982/security/hidden-vms-how-hackers-leverage-qemu-to-stealthily-steal-data-and-spread-malware.html - Commercial AI Models Show Rapid Gains in Vulnerability Research https://www.infosecurity-magazine.com/news/ai-models-rapid-gains/ - Kyrgyzstan-based crypto exchange Grinex shuts down after $13.7M cyber heist, blames Western Intelligence https://securityaffairs.com/190950/security/kyrgyzstan-based-crypto-exchange-grinex-shuts-down-after-13-7m-cyber-heist-blames-western-intelligence.html - Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks https://www.securityweek.com/tycoon-2fa-loses-phishing-kit-crown-amid-surge-in-attacks/ - Nexcorium Mirai variant exploits TBK DVR flaw to launch DDoS attacks https://securityaffairs.com/190974/malware/nexcorium-mirai-variant-exploits-tbk-dvr-flaw-to-launch-ddos-attacks.html - DraftKings hacker sentenced to prison, ordered to pay $1.4 Million https://securityaffairs.com/190943/cyber-crime/draftkings-hacker-sentenced-to-prison-ordered-to-pay-1-4-million.html

Cyber Daily News for April 18, 2026 Cyber Daily News is also available via podcast! https://feeds.transistor.fm/cyber-daily-news Stories mentioned in today's briefing: - Microsoft Defender under attack as three zero-days, two of them still unpatched, enable elevated access https://securityaffairs.com/190961/hacking/microsoft-defender-under-attack-as-three-zero-days-two-of-them-still-unpatched-enable-elevated-access.html - Commercial AI Models Show Rapid Gains in Vulnerability Research https://www.infosecurity-magazine.com/news/ai-models-rapid-gains/ - Nexcorium Mirai variant exploits TBK DVR flaw to launch DDoS attacks https://securityaffairs.com/190974/malware/nexcorium-mirai-variant-exploits-tbk-dvr-flaw-to-launch-ddos-attacks.html - Operation PowerOFF: 53 DDoS domains seized and 3 Million criminal accounts uncovered https://securityaffairs.com/190932/cyber-crime/operation-poweroff-53-ddos-domains-seized-and-3-million-criminal-accounts-uncovered.html - Kyrgyzstan-based crypto exchange Grinex shuts down after $13.7M cyber heist, blames Western Intelligence https://securityaffairs.com/190950/security/kyrgyzstan-based-crypto-exchange-grinex-shuts-down-after-13-7m-cyber-heist-blames-western-intelligence.html - Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks https://www.securityweek.com/tycoon-2fa-loses-phishing-kit-crown-amid-surge-in-attacks/ - DraftKings hacker sentenced to prison, ordered to pay $1.4 Million https://securityaffairs.com/190943/cyber-crime/draftkings-hacker-sentenced-to-prison-ordered-to-pay-1-4-million.html - White House Chief of Staff to Meet With Anthropic CEO Over Its New AI Technology https://www.securityweek.com/white-house-chief-of-staff-to-meet-ith-anthropic-ceo-over-its-new-ai-technology/