RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded
Ravie LakshmananMay 12, 2026Supply Chain Attack / Software Security RubyGems, the standard package manager for the Ruby programming language, has...
Hacking
Category Added in a WPeMatico Campaign
New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots
Ravie LakshmananMay 12, 2026Malware / Mobile Security Cybersecurity researchers have flagged a new version of the TrickMo Android banking trojan...
Webinar: What the Riskiest SOC Alerts Go Unanswered – and How Radiant Security Can Help
The Hacker NewsMay 12, 2026Threat Detection / AI Security Why do the Riskiest SOC Alerts Go Unanswered? Security operations teams...
Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages
TeamPCP, the threat actor behind the recent supply chain attack spree, has been linked to the compromise of the npm and...
Why Agentic AI Is Security’s Next Blind Spot
Agentic AI is already running in production environments across many organizations today. It is executing tasks, consuming data, and taking...
Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak
Ravie LakshmananMay 12, 2026Vulnerability / Network Security American educational technology company Instructure, the parent company of Canvas, said it reached...
OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation
Ravie LakshmananMay 12, 2026Vulnerability / AI Security OpenAI has launched Daybreak, a new cybersecurity initiative that brings together frontier artificial...
iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android
Ravie LakshmananMay 12, 2026Encryption / Mobile Security Apple on Monday officially released iOS 26.5 with support for end-to-end encryption (E2EE)...
TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack
Ravie LakshmananMay 11, 2026Supply Chain Attack / DevSecOps Checkmarx has confirmed that a modified version of the Jenkins AST plugin...
cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor
Ravie LakshmananMay 11, 2026Vulnerability / Ransomware A threat actor named Mr_Rot13 has been attributed to the exploitation of a recently...
Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation
Google on Monday disclosed that it identified an unknown threat actor using a zero-day exploit that it said was likely...
⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
Ravie LakshmananMay 11, 2026Cybersecurity / Hacking Rough Monday. Somebody poisoned a trusted download again, somebody else turned cloud servers into...
Your Purple Team Isn’t Purple — It’s Just Red and Blue in the Same Room
Defending a network at 2 am looks a lot like this: an analyst copy-pasting a hash from a PDF into...
Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads
Ravie LakshmananMay 11, 2026Supply Chain Attack / Threat Intelligence A malicious Hugging Face repository managed to take a spot in...
Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak
Cybersecurity researchers have disclosed a critical security vulnerability in Ollama that, if successfully exploited, could allow a remote, unauthenticated attacker...
