Your Purple Team Isn’t Purple — It’s Just Red and Blue in the Same Room
Defending a network at 2 am looks a lot like this: an analyst copy-pasting a hash from a PDF into...
Hacking
Category Added in a WPeMatico Campaign
Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads
Ravie LakshmananMay 11, 2026Supply Chain Attack / Threat Intelligence A malicious Hugging Face repository managed to take a spot in...
Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak
Cybersecurity researchers have disclosed a critical security vulnerability in Ollama that, if successfully exploited, could allow a remote, unauthenticated attacker...
cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now
Ravie LakshmananMay 09, 2026Vulnerability / Web Hosting cPanel has released updates to address three vulnerabilities in cPanel and Web Host...
TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms
Threat hunters have flagged a previously undocumented Brazilian banking trojan dubbed TCLBANKER that's capable of targeting 59 banking, fintech, and...
Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads
Ravie LakshmananMay 08, 2026Android / Mobile Security Cybersecurity researchers have discovered fraudulent apps on the official Google Play Store for...
Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise
Ravie LakshmananMay 08, 2026Linux / DevOps A previously undocumented Linux implant codenamed Quasar Linux RAT (QLNX) is targeting developers' systems...
One Missed Threat Per Week: What 25M Alerts Reveal About Low-Severity Risk
The dark secret of enterprise security operations is that defenders have quietly institutionalized the practice of not looking. This is...
New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials
Ravie LakshmananMay 08, 2026Malware / Threat Intelligence Cybersecurity researchers have disclosed details of a new Linux backdoor named PamDOORa that's...
Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions
Ravie LakshmananMay 08, 2026Linux / Vulnerability Details have emerged about a new, unpatched local privilege escalation (LPE) vulnerability impacting the...
Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access
Ravie LakshmananMay 07, 2026Vulnerability / Network Security Ivanti is warning that a new security flaw impacting Endpoint Manager Mobile (EPMM)...
PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems
Ravie LakshmananMay 07, 2026Threat Intelligence / Cloud Security Cybersecurity researchers have disclosed details of a new credential theft framework dubbed...
One Click, Total Shutdown: The “Patient Zero” Webinar on Killing Stealth Breaches
The Hacker NewsMay 07, 2026Artificial Intelligence / Threat Detection The hardest part of cybersecurity isn't the technology, it’s the people....
PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage
Ravie LakshmananMay 07, 2026Vulnerability / Cyber Espionage Palo Alto Networks has disclosed that threat actors may have attempted to unsuccessfully...
ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories
Ravie LakshmananMay 07, 2026Hacking News / Cybersecurity News Bad week. Turns out the easiest way to get hacked in 2026...
