Max-severity flaw in ChromaDB for AI apps allows server hijacking
A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to run arbitrary code on exposed servers. The flaw…
Month: May 2026
UAC-0184 Malware Chain Uses bitsadmin and HTA Files for Gated Payload Delivery
A newly documented attack chain linked to the threat group UAC-0184 has been observed using Windows’ built-in bitsadmin tool and HTA files to sneak malicious…
The Invisible Workforce: Why Your Household Apps Now Have Their Own Digital IDs
Most people understand what it means to protect a human identity because the dangers of someone impersonating you online or stealing and cloning your card…
Criminal IP Showcases AI Security at Infosecurity Europe 2026
Torrance, United States / California, May 19th, 2026, CyberNewswire Criminal IP has announced its return to Infosecurity Europe 2026 with a focus on delivering more…
AI Agent Security: Automating Workflow Without Creating Prompt Injection or Data Leak Risks
AI agent security starts with a simple fact: the more authority an agent has, the tighter its access controls need to be. An AI agent…
Canonical ships Ubuntu Core 26 with 15 years of security maintenance
Operators of industrial sensors, edge AI controllers, and connected medical equipment now have a refreshed long-term Linux option for fleets that must stay patched for…
Facebook scam promises cheap Aldi meat boxes, steals payment info instead
Sometimes you spot posts on social media that make you wonder if any moderation takes place at all. Which is concerning, because two–thirds of all…
Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps
Ravie LakshmananMay 19, 2026Malvertising / Mobile Security Cybersecurity researchers have disclosed details of a new ad fraud and malvertising operation dubbed Trapdoor targeting Android device…
Vulnerability exploitation now primary origin of data breaches
Approximately 31% – close to a third – of all data breaches now begin with the exploitation of some form of software vulnerability by a…
Massive Npm Supply Chain Attack Compromises AntV Packages
A major software supply chain attack has compromised hundreds of widely used npm packages tied to the AntV ecosystem, exposing developers and organizations to credential…
Service Stream is checking field work with computer vision
Service Stream is increasingly using computer vision to verify that field work is completed to specification and safely. Service Stream’s head of data and AI…
Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tempest’
Microsoft announced on Tuesday that it has disrupted a cybercrime service that has been helping threat actors distribute ransomware and other malware. According to the…