Cyber security blog
Security articles separated by language. Search by title, body, or tag.
How the U.S. government's order to disable Claude Fable 5 and Mythos 5 globally reshapes third-party AI risk, supply chain security, and CISO governance. Plus: Splunk 0-day, AUR supply chain attack, Chinese backdoor campaigns.
xAI faces whistleblower lawsuit over Grok CSAM concerns, Canadian privacy commissioner finds law violations, Bentonville photographer arrested for AI-generated CSAM, Times Square protests. Plus: French Tchap hack, Anthropic Fable 5 guardrail backlash, Microsoft blocks Fable 5, Gentlemen ransomware.
Canada's Privacy Commissioner finds xAI's Grok violated privacy law by generating sexualized deepfakes; Anthropic Claude Fable 5 faces multiple controversies; French government messenger Tchap hacked; JDY botnet expands; Nightmare-Eclipse drops RoguePlanet exploit
Miasma supply chain worm compromises 73 Microsoft repos, record 206-CVE Patch Tuesday, Russian WinRAR zero-day attacks against Ukraine, and Check Point VPN 0-day exploited by ransomware
Check Point VPN zero-day exploited by Qilin ransomware with CISA 4-day mandate; Miasma worm hits 70+ Microsoft repos; Chrome V8 zero-day; Meta blocks NSO WhatsApp phishing; self-replicating AI worm demonstrated.
WFP confirms data breach exposing 600K Gaza families' personal information; C0XMO botnet exploits DD-WRT vulnerabilities; UNC3753 vishing campaign targets US organizations
Microsoft discloses a Claude Code GitHub Action flaw enabling credential theft; Claude services experience major outage; CISA adds SolarWinds Serv-U to KEV catalog
Check Point VPN flaw actively exploited by Qilin ransomware; US CISA orders 4-day patch mandate; Silent Ransom Group targets US law firms; Meta blocks NSO WhatsApp phishing; Anthropic warns Mythos can weaponize patches.
Coordinated IronWorm, Miasma, and Hades supply chain attacks hit npm, PyPI, and GitHub; Chrome 149 patches record 429 vulnerabilities; Check Point VPN zero-day actively exploited.
Key cybersecurity events and threats as of June 04, 2026
Key cybersecurity events and threats as of June 03, 2026
Key cybersecurity events and threats as of June 02, 2026
Key cybersecurity events and threats as of June 01, 2026
Key cybersecurity events and threats as of May 31, 2026
Palo Alto Networks PAN-OS GlobalProtect authentication bypass (CVE-2026-0257) came under active exploitation, the ChatGPhish vulnerability turned ChatGPT web summaries into a phishing attack surface, and Microsoft condemned Chaotic Eclipse for dumping multiple zero-days while announcing automated Defender isolation capabilities.
A critical remote code execution vulnerability in Gogs was disclosed, threat actors actively exploited a FortiClient EMS flaw to deploy credential-stealing malware, Google released Chrome 148 fixing over 150 vulnerabilities, the Fluffy Wolf APT group targeted Russian organizations, and a hacker put 340 million OnlyFans user records up for sale.
Chinese state-sponsored hackers deployed Showboat and JFMBackdoor malware targeting telecom operators, Grandoreiro RAT and BTMOB RAT campaigns hit Latin American users, and CISA mandated patching of a critical cPanel LiteSpeed plugin vulnerability, while a malicious npm package stole files from Claude AI user directories.
Taiwan's EVERY8D OTP platform was breached, North Korean Lazarus Group deployed RemotePE malware targeting financial institutions, and a Ghost CMS SQL injection compromised 700+ sites with ClickFix attacks, while Microsoft patched the UnDefend and RedSun zero-days and the Megalodon malware campaign infected thousands of GitHub repos.
Microsoft patches critical SharePoint remote code execution (CVE-2026-45659); Universal Robots discloses critical ICS vulnerabilities; the TrapDoor supply chain campaign targets npm, PyPI, and Crates.io with info-stealers; FBI warns of Kali365 phishing-as-a-service stealing Microsoft 365 tokens; MuddyWater APT conducts DLL side-loading espionage across 9 countries; Mercedes-Benz data breach exposes hundreds of thousands of customer records; KnowledgeDeliver LMS flaw exploited to deploy Godzilla web shells and Cobalt Strike.
CISA confirms active exploitation of a Drupal SQL injection vulnerability; Anthropic Project Glasswing surpasses 30,000 vulnerabilities found by Claude Mythos in one month; SonicWall SSL-VPN devices exploited via MFA bypass to implant backdoors; US and Canadian authorities arrest the 23-year-old administrator of the KimWolf botnet; Hitachi disk array system vulnerabilities disclosed.
Anthropic's Claude Mythos AI uncovers over 10,000 zero-day vulnerabilities in Project Glasswing; supply chain attacks target Packagist (8 packages via GitHub-hosted Linux malware), npm, and the Nx Console VS Code extension; CISA warns of actively exploited Drupal SQL injection; hacker group TeamPCP sells data from nearly 4,000 GitHub repositories.
Lawmakers demanded answers from CISA leadership after the agency suffered a significant data leak; international law enforcement dismantled the first VPN service used by at least 25 ransomware affiliates in a coordinated global takedown; a critical remote code execution vulnerability was disclosed in Drupal; and Anthropic patched a sandbox escape in Claude Code.
Microsoft disclosed mitigation guidance for the YellowKey zero-day vulnerability that bypasses BitLocker full-disk encryption on Windows; the Showboat Linux malware targeted a Middle Eastern telecom provider with a SOCKS5 proxy backdoor; Anthropic quietly fixed a Claude Code sandbox security bypass; and 237 million patient records were exposed in a global healthcare data leak.
Pwn2Own Berlin 2026 concluded with researchers demonstrating 47 zero-day exploits across browsers, OS, and ICS platforms; a new wave of Shai-Hulud supply-chain attacks compromised 600 npm packages; a critical unpatched flaw in OT RobotOS gave attackers remote control over industrial systems; and Microsoft took down a malware-signing service that had been issuing valid code-signing certificates to ransomware groups.
First NGINX CVE-2026-42945 exploitation in the wild, DirtyDecrypt PoC for Linux kernel LPE released, former OpenAI staff warn of xAI safety risks.
OpenClaw four critical CVEs enabling full agent takeover, Iran's fuel tank cyber offensive expands, CISA admin leaks AWS GovCloud keys on GitHub.
NGINX Rift vulnerability actively exploited, Claude Mythos builds working exploits across 50 Cloudflare repos, AI-driven bot attacks surge 12.5x.
Microsoft Exchange Server zero-day under active attack, Funnel Builder WooCommerce skimming affects 40K+ stores, and Grafana GitHub token breach leads to extortion.
Pwn2Own Berlin 2026 reveals 39 zero-days, Turla/Kazuar evolves into modular P2P botnet, and Claude Mythos bypasses Apple M5 security.
Cisco Catalyst SD-WAN auth bypass CVE-2026-20182 actively exploited in wild; F5 patches critical 18-year-old Nginx flaw; Exchange Server RCE exploited via crafted email.
Fragnesia Linux kernel LPE grants root access; 18-year-old Nginx rewrite module flaw enables unauthenticated RCE; Exim critical vulnerability patched.
Nitrogen ransomware group breaches Foxconn, steals 8TB data; Microsoft Patch Tuesday fixes 137 vulns with 30 critical; Apple releases OS 26.5.
Hackers use AI to discover first zero-day and generate exploits; TeamPCP compromises Checkmarx Jenkins plugin; OpenAI launches Daybreak.
RansomHouse claims Trellix source code stolen; LiteLLM SQL injection exploited in active attacks; CISA orders Ivanti MDM zero-day patching.
Anthropic fixes Claude's blackmail behavior, Firefox massive patch release with 423 fixes, Ollama out-of-bounds read vulnerability, and cPanel vulnerability patches.
ShinyHunters second attack on Instructure, TCLBANKER banking trojan spreads via WhatsApp, Russia's secret hacker school exposed, and cPanel vulnerabilities disclosed.
Linux 'Dirty Frag' local privilege escalation, Ivanti EPMM RCE exploited in the wild, Canvas breach impact spreads, and Google Android verification feature launched.
Trellix source code leak, ShinyHunters claims on Canvas/NVIDIA data, PAN-OS RCE under active exploit, and WhatsApp malicious link vulnerability.
Microsoft Edge password exposure, DAEMON Tools supply chain compromise, Palo Alto firewalls under attack, and US government AI security testing framework announced.
Progress patches critical MOVEit Automation authentication bypass; DigiCert suffers social engineering breach exposing code signing certificates; Google, Microsoft, and xAI agree to US government AI model reviews; CYBERSEC 2026 opens in Taiwan
Linux Copy Fail exploit spreads to cloud environments; Trellix confirms source code breach; global law enforcement arrests 276 and seizes $701M in crypto scam crackdown
Critical cPanel auth bypass (CVE-2026-???) weaponized by Sorry ransomware with 20K+ servers still vulnerable; CISA adds actively exploited Linux root bug CVE-2026-31431 to KEV catalog
Critical Linux kernel vulnerability 'Copy Fail' allows local privilege escalation to root; cybercrime groups launch rapid SaaS extortion via vishing and SSO abuse
cPanel releases emergency patch for 9.8-rated auth bypass exploited in the wild; Anthropic launches Claude Security public beta for enterprise vulnerability scanning
Key cybersecurity events and threats as of 2026-04-30
Key cybersecurity events and threats as of 2026-04-29
Key cybersecurity events and threats as of 2026-04-28
Key cybersecurity events and threats as of 2026-04-27
Key cybersecurity events and threats as of 2026-04-26
FIRESTARTER backdoor hit federal Cisco Firepower device surviving security scans; NASA employees duped in Chinese phishing scheme; CISA adds 4 new KEV entries; Grok AI deepfake sparks identity fraud concerns; Snapdragon chipset vulnerability found by Kaspersky
Tropic Trooper APT targets home routers and Japanese organizations via trojanized SumatraPDF; UNC6692 impersonates IT helpdesk via Microsoft Teams to deploy SNOW malware; Chinese APT abuses cloud tools to spy on Mongolia; LMDeploy CVE exploited within 13 hours of disclosure; AI phishing tops cyberattack methods
Checkmarx suffers supply chain attack compromising KICS Docker images and VS Code extensions; Harvester deploys Linux GoGra backdoor via Microsoft Graph API; Apple patches iOS notification flaw; The Gentlemen ransomware rises to prominence; CISA ICS advisory published
Windows Defender turned into attacker tool via PoC exploits; SystemBC C2 reveals 1,570+ ransomware victims; BlackCat ransomware negotiator pleads guilty; Lotus Wiper targets Venezuelan energy grids; Microsoft patches ASP.NET Core privilege escalation; Mustang Panda deploys LOTUSLITE variant
Vercel employee AI tool access leads to data breach; SGLang CVE-2026-5760 exposes RCE via malicious GGUF models; CISA adds 8 flaws to KEV with federal deadlines; Chinese APT targets Indian banks and Korean policy circles; NGate campaign targets Brazilian NFC payments
Vercel breach tied to Context AI hack exposes customer credentials; ZionSiphon malware targets Israeli water facilities; third Microsoft Defender zero-day disclosed
Anthropic launches Claude Design for visual content creation; DeepSeek reportedly opens first external funding round at $10B+ valuation
APT41 delivers zero-detection backdoor for cloud credentials; FBI dismantles W3LL phishing network; OT attestation gaps persist
Hims health data breach exposes sensitive PHI; Citizen Lab reveals law enforcement used Webloc to track 500M devices; GlassWorm campaign targets developer IDEs
CPUID breach used to distribute STX RAT malware via CPU-Z and HWMonitor; Adobe patches actively exploited Acrobat Reader zero-day CVE-2026-34621