Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive...

What Happened:On 11 May 2026, the UK Information Commissioner’s Office (ICO) fined South Staffordshire Water £963,900 after the Cl0p ransomware group lurked completely undetected in its network...

A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild. The flaw, tracked as CVE-2026-48172 (CVSS score: 10.0), relates...

Or is it just life today, with AI constantly digging through code repositories in search of security holes?

Dirty Frag, Copy Fail, and Fragesia show the new reality

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw impacting Drupal Core to its Known Exploited Vulnerabilities (KEV) catalog,...

Plus: Google publishes a live exploit for an unpatched flaw, the feds arrest two men accused of creating thousands of nonconsensual deepfake nudes, and more.

Italian authorities have dismantled a piracy ecosystem centered around the CINEMAGOAL app that provided access to various streaming platforms, including Netflix, Disney+, and Spotify. [...]

Hey, Gemini, how much can we earn from one pump-and-dump cycle?

Authorities in Europe and North America have announced the dismantling of a criminal virtual private network (VPN) service used by criminal actors to obscure the origins of ransomware attacks,...

The Belarus-aligned threat actor known as Ghostwriter (aka UAC-0057 and UNC1151Ukraine's National Security and Defense Council) has been observed using lures related to Prometheus, a Ukrainian...

The South Pacific Regional Fisheries Management Organization (SPRFMO) needs to regulate squid fishing in the South Pacific. As usual, you can also use this squid post to talk about the security...

Will Jason Statham save us?

Kali365, which was first observed in April, abuses legitimate Microsoft device authorization pages to grant persistent access to cybercriminal-controlled applications. The post FBI warns about...

The bellwether lawsuit was the first of at least 1,200 to be brought by a school district against Meta, Snap, YouTube and TikTok for similar alleged harms. The other cases have not yet been tried.

Since April 2026, LevelBlue SpiderLabs’ Cyber Threat Intelligence team has tracked a series of public zero-day disclosures targeting Microsoft Windows, attributed to an anonymous actor operating...

Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub repositories within a six-hour window. "Using...

1 Introduction This article provides a technical analysis of how many Windows kernel mode drivers can be interacted with from user mode without the hardware they were developed for. This work was...

F5 security advisory (AV26-501)

HPE security advisory (AV26-500)

cPanel security advisory (AV26-499)

Microsoft Edge security advisory (AV26-497)

Ubiquiti security advisory (AV26-498)

New research from Check Point Software Technologies identified that cyberattacks targeting organizations across Germany, Austria and Switzerland surged... The post Germany becomes focal point of...

Cops seize First VPN and share intel on users, Reaper spoofs multiple brands to infect Macs, and two Microsoft Defender zero-days exploited in the wild.

Heap-based Buffer Overflow vulnerability (CVE-2026-8997) has been found in vifm software.

The U.S. Department of Justice (DoJ) on Thursday announced the arrest of a Canadian man in connection with allegedly operating a distributed denial-of-service (DDoS) botnet known as Kimwolf. In...

Crazy story: Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly...

Dear readers, The executive order on vetting powerful new AI models that was expected this week failed to materialize at the last minute. While the security community is waiting to see what the...

Russia’s March 2026 proposal to restrict foreign AI systems, including ChatGPT, Gemini and Claude, on the grounds of protecting “traditional Russian spiritual and moral values” has been largely...