The researcher dropped the MiniPlasma exploit that uses the original proof-of-concept (PoC) code targeting the bug. The post Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE appeared first on SecurityWeek.
At least one threat actor has adopted the recently released malware source code in attacks against NPM developers. The post First Shai-Hulud Worm Clones Emerge appeared first on SecurityWeek.
In this weekly roundup from The Cyber Express, the global cybersecurity landscape in 2026 continues to shift rapidly as emerging technologies and evolving cyber threats reshape the digital environment. Governments are increasing oversight of artificial intelligence and data practices, while ransomwa
A critical vulnerability in a widely used WordPress plugin has exposed over 200,000 websites to full account takeover, raising urgent concerns across the security community. Discovered on May 8, 2026, by Wordfence’s AI-powered PRISM threat intelligence platform, the flaw affects the Burst Statistics
Linus Torvalds has warned that a “continued flood” of AI‑generated bug reports is making the Linux security mailing list “almost entirely unmanageable.” The project is now tightening rules on how AI‑found issues should be reported and handled. In the Linux 7.1‑rc4 announcement, Torvalds noted that t
The actions are being taken in light of an expanding supply chain campaign impacting the popular open-source library TanStack and additional npm and PyPI packages tied to several AI companies.
OpenAI announced Friday that it is rolling out a new ChatGPT feature allowing users to connect all of their financial accounts to the chatbot for personal finance advice.
On Saturday night, the company released a statement confirming the incident and outlining their decision not to pay a ransom issued by the hackers behind the attack.
The Pwn2Own Berlin 2026 hacking contest has concluded, with security researchers collecting $1,298,250 in rewards after exploiting 47 zero-day flaws. [...]
Microsoft has confirmed that the May 2026 Windows 11 security update (KB5089549) fails to install on some systems and triggers 0x800f0922 errors. [...]
Many employees already use shadow AI tools at work without security review. Adaptive Security breaks down how teams can build practical AI governance without adding friction for employees. [...]
What happens when a phishing email looks clean enough to pass through security, but dangerous enough to expose the business after one click? That is the gap many SOCs still struggle with: the attacks that leave teams unsure what was exposed, who else was targeted, and how far the risk has spread. Ea
Monday opens with a trust problem. A mail server flaw is under active use. A network control system was targeted. Trusted packages were poisoned. A fake model page pushed a stealer. Then came the familiar ransom claim: the data was returned and deleted. The pattern is clear. One weak dependency can
INTERPOL has coordinated a first-of-its-kind cybercrime crackdown across the Middle East and North Africa (MENA) that led to 201 arrests and the identification of an additional 382 suspects. The initiative involved the efforts of 13 countries from the region between October 2025 and February 2026, a
Cisco released a patch for the vulnerability on Thursday, writing in an advisory that it could “allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.”
By Niall Browne, CEO and Founder, AIBound Shadow AI is accelerating alongside artificial intelligence (AI) adoption at a pace that has outgrown most enterprise governance models. Artificial intelligence (AI) adoption is accelerating at a pace that has outgrown most enterprise governance models. Acco
The UK’s National Cyber Security Centre (NCSC) has warned organizations to take a measured approach toward adopting agentic AI, highlighting the growing cyber and operational risks associated with highly autonomous AI systems. In a new guidance document co-authored with international partners, the N
The flaw leads to denial-of-service on default configurations and to remote code execution if ASLR is disabled. The post Exploitation of Critical NGINX Vulnerability Begins appeared first on SecurityWeek.
A recently patched local privilege escalation vulnerability in the Linux kernel's rxgk module now has a proof-of-concept exploit that allows attackers to gain root access on some Linux systems. [...]
A critical remote code execution (RCE) vulnerability has been discovered in Anthropic’s Claude Code CLI tool, allowing attackers to execute arbitrary commands on a victim’s machine by tricking them into clicking a specially crafted deeplink. The flaw, now patched in Claude Code version 2.1.118, was