First Shai-Hulud Worm Clones Emerge
At least one threat actor has adopted the recently released malware source code in attacks against NPM developers. The post First Shai-Hulud Worm Clones Emerge appeared first on SecurityWeek.
FCRF Excellence Awards 2026 Open Door for Cyber Police Officers to Gain National
Gulshan Rai, former Director General of CERT-In; Dr. Pavan Duggal, advocate at the Supreme Court of India and a prominent voice in cyber law; Maj ...
Critical WordPress Plugin Vulnerability Exposes Websites to Authentication Bypas
A critical vulnerability in a widely used WordPress plugin has exposed over 200,000 websites to full account takeover, raising urgent concerns across the security community. Discovered on May 8, 2026, by Wordfence’s AI-powered PRISM threat intelligence platform, the flaw affects the Burst Statistics
Linus Torvalds Says AI Bug Reports Have Made Linux Security Mailing List Unmanag
Linus Torvalds has warned that a “continued flood” of AI‑generated bug reports is making the Linux security mailing list “almost entirely unmanageable.” The project is now tightening rules on how AI‑found issues should be reported and handled. In the Linux 7.1‑rc4 announcement, Torvalds noted that t
OpenAI asks macOS users to update after TanStack npm supply chain attack
The actions are being taken in light of an expanding supply chain campaign impacting the popular open-source library TanStack and additional npm and PyPI packages tied to several AI companies.
Experts warn of privacy risks as AI firms looks to connect to financial accounts
OpenAI announced Friday that it is rolling out a new ChatGPT feature allowing users to connect all of their financial accounts to the chatbot for personal finance advice.
Grafana refuses to pay ransom after codebase theft
On Saturday night, the company released a statement confirming the incident and outlining their decision not to pay a ransom issued by the hackers behind the attack.
Hackers earn $1,298,250 for 47 zero-days at Pwn2Own Berlin 2026
The Pwn2Own Berlin 2026 hacking contest has concluded, with security researchers collecting $1,298,250 in rewards after exploiting 47 zero-day flaws. [...]
Microsoft confirms Windows 11 security update install issues
Microsoft has confirmed that the May 2026 Windows 11 security update (KB5089549) fails to install on some systems and triggers 0x800f0922 errors. [...]
5 Steps to Managing Shadow AI Tools Without Slowing Down Employees
Many employees already use shadow AI tools at work without security review. Adaptive Security breaks down how teams can build practical AI governance without adding friction for employees. [...]
How to Reduce Phishing Exposure Before It Turns into Business Disruption
What happens when a phishing email looks clean enough to pass through security, but dangerous enough to expose the business after one click? That is the gap many SOCs still struggle with: the attacks that leave teams unsure what was exposed, who else was targeted, and how far the risk has spread. Ea
⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More
Monday opens with a trust problem. A mail server flaw is under active use. A network control system was targeted. Trusted packages were poisoned. A fake model page pushed a stealer. Then came the familiar ransom claim: the data was returned and deleted. The pattern is clear. One weak dependency can
INTERPOL Operation Ramz Disrupts MENA Cybercrime Networks with 201 Arrests
INTERPOL has coordinated a first-of-its-kind cybercrime crackdown across the Middle East and North Africa (MENA) that led to 201 arrests and the identification of an additional 382 suspects. The initiative involved the efforts of 13 countries from the region between October 2025 and February 2026, a
An Indian Platform on the Global Assessment Stage: ExamOnline Named Finalist at
ExamOnline's compliance posture - ISO 27001, ISO 9001, GDPR-compliant, and CERT-In certified - speaks directly to the kind of trust infrastructure ...
IRDAI Directs Insurers to Assess Frontier AI Cyber Risks – VARIndia.
CERT-In continues to provide threat advisories and mitigation guidance for critical infrastructure sectors. This move reflects IRDAI's focus on ...
3i Infotech Flags Ransomware Risk; Operations Unaffected So Far | Whalesbook Cor
While an independent firm investigates, initial assessments indicate no material impact on business continuity or operations, with CERT-in also ...
CISA orders all federal agencies to patch exploited bug in Cisco SD-WAN systems
Cisco released a patch for the vulnerability on Thursday, writing in an advisory that it could “allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.”
Shadow AI Is Growing in Silence While Enterprise Security Falls Behind
By Niall Browne, CEO and Founder, AIBound Shadow AI is accelerating alongside artificial intelligence (AI) adoption at a pace that has outgrown most enterprise governance models. Artificial intelligence (AI) adoption is accelerating at a pace that has outgrown most enterprise governance models. Acco
NCSC Calls for Tight Security and Human Oversight as Agentic AI Use Expands
The UK’s National Cyber Security Centre (NCSC) has warned organizations to take a measured approach toward adopting agentic AI, highlighting the growing cyber and operational risks associated with highly autonomous AI systems. In a new guidance document co-authored with international partners, the N
Exploitation of Critical NGINX Vulnerability Begins
The flaw leads to denial-of-service on default configurations and to remote code execution if ASLR is disabled. The post Exploitation of Critical NGINX Vulnerability Begins appeared first on SecurityWeek.