Oncology Institute Discloses Data Breach
The Oncology Institute says a previously disclosed cybersecurity incident has been confirmed to impact patient information. The Oncology Institute (TOI) is an oncology provider founded…
Author: Cybernoz
Ghost CMS flaw abused to push ClickFix attacks on hundreds of sites
Ghost CMS flaw abused to push ClickFix attacks on hundreds of sites Pierluigi Paganini May 25, 2026 Threat actors are actively exploiting a security flaw,…
As AI speeds coding, CVE Lite CLI keeps security deliberately AI-free
“What developers are missing is early feedback at the point where the dependency decision is made,” Sonu Kapoor, creator and maintainer of the project, told…
AI-powered penetration testing for industrial systems moves from experimental concept to practical toolkit
Researcher Isiah Jones published a broader ‘Security Methodology’ initiative that consolidates projects such as ICSOTPentest, AIpentest 3.1, AI-driven OT security demonstrations, command-line scripts, testing templates,…
NERC CIP Cyber Security Awareness Program
Today, we wanted to discuss what a NERC CIP Cyber Security Awareness Program is all about and what is expected to demonstrate compliance for CIP-004…
Anthropic’s restricted Claude Mythos model may be coming to Claude Code
Anthropic appears to be preparing for the public rollout of “Mythos,” which was announced in April as a restricted model that poses major security risks…
KnowledgeDeliver LMS Zero-Day Exploited to Deploy BLUEBEAM Web Shell
A newly disclosed zero-day vulnerability in the KnowledgeDeliver Learning Management System (LMS) has been actively exploited in the wild to deploy the BLUEBEAM in-memory web…
Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks – Krebs on Security
Authorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by Russia to carry out cyberattacks,…
InvisibleFerret Malware Uses .pyd and .so Files to Evade Script Detection
A North Korea-linked threat group, Void Dokkaebi, also known as Famous Chollima, has significantly upgraded its malware delivery techniques by converting its Python-based InvisibleFerret malware…
Cisco refines its risk-based vulnerability disclosure for the AI era
Security teams already struggle with long lists of vulnerabilities and limited time to patch them. Cisco believes AI could increase that pressure by accelerating vulnerability…
Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks
Ravie LakshmananMay 25, 2026Vulnerability / Web Security Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code…
Kali365 Phishing Kit Hijacks Microsoft 365 Access
The FBI has issued a fresh warning about a growing cybercrime service known as Kali365, a new Phishing-as-a-Service (PhaaS) platform that enables attackers to hijack…