New BTMOB Android Malware Enables Full Device Takeover
The BTMOB remote access trojan (RAT) is becoming a heightened threat to Android users due to its data theft and device takeover capabilities, ESET warns.…
Month: May 2026
U.S. CISA adds Daemon Tools, TanStack, and Nx Console flaws to its Known Exploited Vulnerabilities catalog
U.S. CISA adds Daemon Tools, TanStack, and Nx Console flaws to its Known Exploited Vulnerabilities catalog Pierluigi Paganini May 28, 2026 U.S. Cybersecurity and Infrastructure Security…
Zapier fixes bug chain that researchers say risked widespread account takeover
Security researchers chained together five separate weaknesses in the popular workflow automation service Zapier that, if first discovered by a malicious actor, could have granted…
Authenticated RCE via Argument Injection in Gogs (NOT FIXED)
Overview Rapid7 Labs discovered a critical argument injection (CWE-88) vulnerability in Gogs, a popular open-source self-hosted Git service. Rapid7 Labs scores this vulnerability as CVSSv4…
GlassWorm falls, but the repo problem is far from solved
The CrowdStrike-led takedown, conducted alongside Google and the Shadowserver Foundation, disrupted infrastructure linked to the campaign that had poisoned hundreds of repositories with malicious packages…
OMB cyber directive pushes centralized logging, AI-driven detection to counter cyber threats across IoT and OT systems
The U.S. White House, through its Office of Management and Budget, issued a new federal cybersecurity directive ordering agencies to adopt a risk-based logging and…
GuidePoint Security launches supply chain detection and response service to combat third-party cyber risks
GuidePoint Security, a cybersecurity advisor and services partner organizations rely on to protect what matters most, announced launch of its Supply Chain Detection & Response…
Download pumping: How threat actors use new npm deception technique in supply chain attacks
Learn how attackers exploit automated bot traffic as part of software supply chain attacks to artificially inflate download counters and mask malicious payloads as legitimate.…
Carnival Cruise confirms data breach affecting nearly 6 million people
Carnival Corporation, the world’s largest cruise line operator, has confirmed a data breach affecting nearly 6 million people claimed by the ShinyHunters extortion gang in…
Gitea Container Vulnerability Exposes Private Container Images to Attackers
A critical security vulnerability in Gitea’s built-in container registry exposes private container images to unauthenticated attackers, raising significant concerns for organizations that rely on self-hosted…
Scammers Are Using Your Real Hotel Reservations to Trick You With Spear-Phishing Attacks
“We would not say that every single phishing message we observed was definitively caused by a direct compromise of the hotel’s own internal systems,” the…
VaultJacking Attack Exposes Google Password Vaults via Single PIN
A newly disclosed phishing technique dubbed “VaultJacking” is raising serious concerns across the cybersecurity community after researchers demonstrated how a single captured Google Password Manager…