New ZiChatBot Malware Uses Zulip REST APIs as Command and Control Server
A newly discovered malware called ZiChatBot has been found quietly using the REST APIs of a legitimate team chat application called Zulip to receive and…
Month: May 2026
Why Vulnerability Scanning Is Not Penetration Testing, And Why Cisos Should Care
If your organisation runs quarterly vulnerability scans and calls it penetration testing, you are not alone. According to a 2025 SANS Institute survey, over 60%…
Pam Backdoor Targets Linux Systems to Steal SSH Credentials
A newly observed Linux backdoor technique, dubbed Pam, is exploiting the flexibility of Pluggable Authentication Modules (PAM) to capture SSH credentials and maintain persistence on compromised…
ClaudeBleed Vulnerability Lets Hackers Hijack Claude Chrome Extension to Steal Data
Cybersecurity researchers from LayerX have found a major security flaw in the Claude for Chrome browser extension that could allow hackers to take full control…
Why The CISO Role Is Becoming More Demanding In 2026
08 May Why The CISO Role Is Becoming More Demanding In 2026 Posted at 10:09h in Blogs by Taylor Fox This week in cybersecurity from…
Dirty Frag: Unpatched Linux vulnerability delivers root access
A week after Copy Fail, another Linux local privilege escalation vulnerability dubbed “Dirty Frag” has been revealed, along with a PoC exploit. What is Dirty…
Microsoft says Edge’s plaintext password behavior is “by design”
Some time ago, we discussed whether you should allow your browser to remember your passwords. In that article we mentioned the importance of encryption. “With…
Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise
Ravie LakshmananMay 08, 2026Linux / DevOps A previously undocumented Linux implant codenamed Quasar Linux RAT (QLNX) is targeting developers’ systems to establish a silent foothold…
A new frontier: Identity stack evolves for agentic systems
In the existing state, identity is human-centric. Today’s identity and access management (IAM) systems were designed for a world dominated by human users and static…
Online Safety Act Exposes Age Verification System Flaws
The rollout of the UK’s Online Safety Act in July 2025 was intended to create a safer digital environment for children through stricter age verification…
Aus universities and TAFEs investigating exposure to Canvas cyber incident
Australian universities and TAFEs have joined global counterparts in scrambling to understand their potential exposure to a cyber incident involving a popular learning management system.…
Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants
Poland’s Internal Security Agency (ABW) has documented a significant escalation in cyberattacks targeting industrial control systems (ICS) and other operational technology (OT) infrastructure during 2024…