A large-scale phishing campaign has been caught using fake “code of conduct” emails to trick employees into giving up their account credentials. The attackers did not just steal passwords. They went a step further by hijacking active authentication sessions through an adversary-in-the-middle (AiTM) Source: Cybersecurity News
A dangerous piece of Android stalkerware called Cerberus Anti-theft has been hiding in plain sight on the Google Play Store since October 4, 2023. Sold under the package name com.ssurebrec and marketed as a legitimate anti-theft tool, the app is capable of silently photographing victims, tracking th Source: Cybersecurity News
Cambridge, MA, May 5th, 2026, CyberNewswire New right-sized offering brings advanced encryption, easy API integration, and HITRUST-certified compliance to the most underserved segment in healthcare email — with pricing starting at $99/month LuxSci, a leading provider of HIPAA compliant secure health Source: Cybersecurity News
A Chinese-linked threat group known as Silver Fox has been running a calculated phishing campaign, tricking employees at organizations across multiple countries into opening what appear to be official tax authority notices. The emails, disguised as legitimate government communications, led victims t Source: Cybersecurity News
A China-aligned threat group tracked as SHADOW-EARTH-053 has been exploiting unpatched Microsoft Exchange Server vulnerabilities to conduct cyberespionage against government and defense-linked targets across Asia and beyond. The group’s activity dates back to at least December 2024, with campaigns t Source: Cybersecurity News
A North Korea-aligned threat group known as ScarCruft has been caught running a supply chain attack against a video gaming platform serving ethnic Koreans in China’s Yanbian region. The attackers planted backdoors in both Windows and Android versions of the platform’s games, turning a trusted servic Source: Cybersecurity News
AI red team specialist details his methods for manipulating AI guardrails through jailbreaking and data poisoning, helping developers harden machine learning models. The post Hacker Conversations: Joey Melo on Hacking AI appeared first on SecurityWeek. Source: Security Week
The malicious emails claim to contain a conduct report and lure victims to a Microsoft phishing website that leverages AitM. The post Microsoft Warns of Sophisticated Phishing Campaign Targeting US Organizations appeared first on SecurityWeek. Source: Security Week
The Cyber Incident Review Board will carry out no-fault, post-incident reviews of significant cyberattacks on Australian government and industry, focusing on systemic lessons rather than individual or corporate culpability. Source: The Record
The ShinyHunters extortion gang stole personal information belonging to over 119,000 people after hacking the Vimeo online video platform in April, according to data breach notification service Have I Been Pwned. […] Source: BleepingComputer
Critical vulnerabilities can exist in open source software your scanners don't check. HeroDevs reveals how EOL software creates blind spots in CVE feeds and SCA tools, and how you can receive a free end-of-life scan for your projects. […] Source: BleepingComputer
Threat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, according to new findings from VulnCheck. The vulnerability in question is CVE-2026-29014 (CVSS score: 9.8), a code injection flaw that could result in arbitrary Source: The Hacker News
A sophisticated China-nexus advanced persistent threat (APT) group has been attributed to attacks targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025. The activity is being tracked by Cisco Talos under the moniker UAT-8302, w Source: The Hacker News
… CERT-In. The trigger was not a breach, but the recognition that the pace of cyber defence may have to change. Most organisations already know … Source: Forbesindia
pnpm 11 introduces a new default security feature to combat supply chain attacks in the npm ecosystem. This update enables a minimum release age for packages, directly addressing the risk of malicious code injection into developer environments. The move aims to enhance security protections and reduce the overall attack surface for software development. Source: Cybersecurity […]
A security researcher has uncovered a critical vulnerability in Microsoft Edge, revealing that the browser decrypts and stores all saved passwords in cleartext process memory upon launch. This exposure occurs regardless of user activity, making credentials susceptible to memory scraping attacks. The flaw, disclosed by PaloAltoNtwks Norway, highlights a significant risk to user data. Source: […]
Amazon's Simple Email Service (SES) is being exploited by threat actors to launch sophisticated phishing campaigns. These malicious emails are designed to bypass standard security filters and render traditional reputation-based blocking mechanisms ineffective. The technique allows attackers to deliver highly convincing phishing messages directly to inboxes, increasing the risk of compromise. Source: BleepingComputer
India's CERT-In has issued a warning regarding the increasing prevalence of AI-driven cyber threats. The advisory specifically highlights concerns related to a potential threat named 'Mythos'. This alert underscores the evolving landscape of cyber risks powered by artificial intelligence. Source: Cityairnews
Your browser does not support audio playback. About this briefing: AI-generated from the original story. Voices: Neerja & Prabhat. ▶ Read transcript Neerja: Cybersecurity firm Trellix has announced a data breach. Attackers gained unauthorized access to a part of its source code repository. This incident involved their internal development environment. Prabhat: This breach highlights significant […]
A new infostealer malware, MicroStealer, has emerged and is rapidly spreading across the threat landscape. First detected in December 2025, this malware quickly gained traction in sandbox environments. It is actively targeting organizations in the telecom and education sectors. Source: Cybersecurity News