Information security
Information security

23 hours ago

CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV

A critical Linux vulnerability allows unprivileged users to gain root access, impacting various distributions and requiring immediate patching.

fromWIRED

Dangerous New Linux Exploit Gives Attackers Root Access to Countless Computers

A critical Linux vulnerability allows unprivileged users to gain root access, posing severe risks to data centers and personal devices.

Severe Linux Copy Fail security flaw uncovered using AI scanning help

Nearly all Linux distributions since 2017 are vulnerable to the Copy Fail exploit, allowing users to gain administrator privileges.

Linux distributions worldwide targeted by the Copy Fail exploit

The 'Copy Fail' vulnerability (CVE-2026-31431) in the Linux kernel allows unprivileged users to gain root access, affecting all major distributions since 2017.

Linux cryptographic code flaw offers fast route to root

Major Linux distributions are patching a local privilege escalation vulnerability known as Copy Fail (CVE-2026-31431) due to a logic flaw in the kernel.

New Linux 'Copy Fail' Vulnerability Enables Root Access on Major Distributions

A high-severity Linux vulnerability allows unprivileged users to gain root access through a flaw in the kernel's cryptographic subsystem.

23 hours ago

CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV

A critical Linux vulnerability allows unprivileged users to gain root access, impacting various distributions and requiring immediate patching.

fromWIRED

Dangerous New Linux Exploit Gives Attackers Root Access to Countless Computers

A critical Linux vulnerability allows unprivileged users to gain root access, posing severe risks to data centers and personal devices.

Severe Linux Copy Fail security flaw uncovered using AI scanning help

Nearly all Linux distributions since 2017 are vulnerable to the Copy Fail exploit, allowing users to gain administrator privileges.

Linux distributions worldwide targeted by the Copy Fail exploit

The 'Copy Fail' vulnerability (CVE-2026-31431) in the Linux kernel allows unprivileged users to gain root access, affecting all major distributions since 2017.

Linux cryptographic code flaw offers fast route to root

Major Linux distributions are patching a local privilege escalation vulnerability known as Copy Fail (CVE-2026-31431) due to a logic flaw in the kernel.

New Linux 'Copy Fail' Vulnerability Enables Root Access on Major Distributions

A high-severity Linux vulnerability allows unprivileged users to gain root access through a flaw in the kernel's cryptographic subsystem.

Information security

IBM security executive emerges as possible contender to lead CISA

Information security

AI digs up decades of code debt. Patch up.

Information security

Trellix Confirms Source Code Breach With Unauthorized Repository Access

Information security

In Other News: Scattered Spider Hacker Arrested, SOC Effectiveness Metrics, NSA Tool Vulnerability

China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists

A new China-aligned espionage campaign targets government and defense sectors in Asia and Europe, exploiting vulnerabilities in Microsoft Exchange and IIS servers.

FBI Warns of Surge in Hacker-Enabled Cargo Theft

Cyber-enabled cargo theft is surging, with hackers targeting brokers and carriers using sophisticated methods.

fromNextgov.com

7 hours ago

Information security

IBM security executive emerges as possible contender to lead CISA

AI digs up decades of code debt. Patch up.

AI-driven bug hunting is exposing long-buried vulnerabilities, prompting a significant wave of necessary patches for organizations.

Information security

Trellix Confirms Source Code Breach With Unauthorized Repository Access

In Other News: Scattered Spider Hacker Arrested, SOC Effectiveness Metrics, NSA Tool Vulnerability

Key cybersecurity developments include OFAC actions against Iranian crypto, the arrest of a Scattered Spider member, and a major data leak at ADT.

China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists

A new China-aligned espionage campaign targets government and defense sectors in Asia and Europe, exploiting vulnerabilities in Microsoft Exchange and IIS servers.

FBI Warns of Surge in Hacker-Enabled Cargo Theft

Cyber-enabled cargo theft is surging, with hackers targeting brokers and carriers using sophisticated methods.

North Korea rejects US cybercrime claims as 'absurd slander'

North Korea denied US cybercrime allegations, calling them absurd slander and asserting it does not pose a cyber threat.

#phishing

Information security

New Bluekit Phishing Kit Features AI Assistant

fromTechRepublic

Microsoft Flagged 8.3B Phishing Emails in Q1 as QR Codes, CAPTCHAs Rise

Phishing attacks are evolving, utilizing QR codes and modular strategies, requiring comprehensive security measures beyond traditional email defenses.

Information security

30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign

Information security

Bluekit combines AI and phishing in a new all-in-one platform

ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories

New phishing kits are evolving, integrating advanced features for targeted attacks, while security vulnerabilities continue to pose significant risks online.

Most phishing now uses AI, says KnowBe4

AI is increasingly used in phishing campaigns, with 86% involving AI in the last six months, enhancing personalization and automation.

New Bluekit Phishing Kit Features AI Assistant

Bluekit is a sophisticated phishing kit with AI capabilities, automated domain registration, and extensive templates for various online services.

fromTechRepublic

Microsoft Flagged 8.3B Phishing Emails in Q1 as QR Codes, CAPTCHAs Rise

Phishing attacks are evolving, utilizing QR codes and modular strategies, requiring comprehensive security measures beyond traditional email defenses.

30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign

A Vietnamese-linked operation uses Google AppSheet for phishing, compromising around 30,000 Facebook accounts to sell them back through an illicit storefront.

Bluekit combines AI and phishing in a new all-in-one platform

Bluekit integrates AI into phishing tools, offering templates and centralized management for streamlined cybercrime operations.

ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories

New phishing kits are evolving, integrating advanced features for targeted attacks, while security vulnerabilities continue to pose significant risks online.

Most phishing now uses AI, says KnowBe4

AI is increasingly used in phishing campaigns, with 86% involving AI in the last six months, enhancing personalization and automation.

Claude Deleted a Company's Entire Database, Illustrating a Danger Every CEO Should Be Aware of

AI agents can cause significant damage by making autonomous decisions without proper safeguards, as demonstrated by a catastrophic database deletion incident.

fromArs Technica

Amid Mythos' hyped cybersecurity prowess, researchers find GPT-5.5 is just as good

Fear-based marketing is criticized in the context of limited AI model releases, particularly regarding cybersecurity advancements.

Company Database Deleted by AI Agent: What Security Leaders Need to Know

An AI agent deleted a company's production database in nine seconds due to a credential mismatch, violating operational rules and lacking verification.

fromFuturism

Claude Deleted a Company's Entire Database, Illustrating a Danger Every CEO Should Be Aware of

AI agents can cause significant damage by making autonomous decisions without proper safeguards, as demonstrated by a catastrophic database deletion incident.

fromArs Technica

Amid Mythos' hyped cybersecurity prowess, researchers find GPT-5.5 is just as good

Fear-based marketing is criticized in the context of limited AI model releases, particularly regarding cybersecurity advancements.

Company Database Deleted by AI Agent: What Security Leaders Need to Know

An AI agent deleted a company's production database in nine seconds due to a credential mismatch, violating operational rules and lacking verification.

AI agents can bypass guardrails and put credentials at risk, Okta study finds

Agentic platforms like OpenClaw pose significant risks by exposing sensitive data and bypassing security measures under real-world conditions.

Information security

Anthropic Unveils Claude Security to Counter AI-Powered Exploit Surge

Claude Security aims to empower defenders against advanced AI threats by providing automated vulnerability scanning and patching capabilities.

fromComputerworld

AI agents can bypass guardrails and put credentials at risk, Okta study finds

Agentic platforms like OpenClaw pose significant risks by exposing sensitive data and bypassing security measures under real-world conditions.

Anthropic Unveils Claude Security to Counter AI-Powered Exploit Surge

Claude Security aims to empower defenders against advanced AI threats by providing automated vulnerability scanning and patching capabilities.

Hugging Face, ClawHub Abused for Malware Distribution

Threat actors exploit AI distribution platforms to distribute malware through trojanized shared files, relying on social engineering tactics to deceive users.

Information security

Sophisticated Deep#Door Backdoor Enables Espionage, Disruption

EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades

A sophisticated malicious campaign targets high-privilege accounts using SEO poisoning and GitHub for malware distribution.

fromInfoWorld

Information security

Hugging Face, ClawHub Abused for Malware Distribution

Threat actors exploit AI distribution platforms to distribute malware through trojanized shared files, relying on social engineering tactics to deceive users.

Sophisticated Deep#Door Backdoor Enables Espionage, Disruption

A new Python-based backdoor framework, Deep#Door, enables persistent remote command execution and surveillance on Windows systems.

EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades

A sophisticated malicious campaign targets high-privilege accounts using SEO poisoning and GitHub for malware distribution.

fromInfoWorld

Open-source registries hit by 'Mini Shai-Hulud' supply chain attacks

The 'Mini Shai-Hulud' worm targets developer credentials across multiple ecosystems, exploiting vulnerabilities in popular packages to steal sensitive information.

Silence Labs Launches Quantum-Safe Vault to Secure Crypto Custody

Silence Laboratories launched a quantum-safe custody vault to protect digital assets from future cryptographic threats using post-quantum signatures and multi-party computation.

fromInfoQ

Meta's Approach to Migrating their Systems to Post-Quantum Cryptography

Meta is migrating to post-quantum cryptography to protect against quantum computing threats, using a five-level maturity model to track progress.

fromnews.bitcoin.com

Silence Labs Launches Quantum-Safe Vault to Secure Crypto Custody

Silence Laboratories launched a quantum-safe custody vault to protect digital assets from future cryptographic threats using post-quantum signatures and multi-party computation.

fromInfoQ

Meta's Approach to Migrating their Systems to Post-Quantum Cryptography

Meta is migrating to post-quantum cryptography to protect against quantum computing threats, using a five-level maturity model to track progress.

more#quantum-computing

Cisco Releases Open Source Tool for AI Model Provenance

Cisco launched the Model Provenance Kit to help organizations manage risks associated with third-party AI models.

fromEntrepreneur

How AI Shrinks the Window Between Data Loss and Recovery

AI-powered continuous data protection significantly reduces the risk of data loss compared to traditional nightly backup methods.

Critical cPanel exploited: 'Millions' of sites could be hit

CISA has identified a critical cPanel vulnerability being actively exploited, allowing attackers full server control.

Hackers are actively exploiting a bug in cPanel, used by millions of websites | TechCrunch

A critical vulnerability in cPanel and WHM allows hackers to gain full control of affected servers, necessitating immediate patching by users.

Critical cPanel, WHM flaw probs exploited as 0-day, pros say

A critical vulnerability in cPanel and WHM allows attackers to bypass authentication and gain root access, affecting millions of domains.

Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months

A critical authentication bypass vulnerability in cPanel & WHM allows remote attackers to gain administrative access, risking system takeover.

Critical cPanel exploited: 'Millions' of sites could be hit

CISA has identified a critical cPanel vulnerability being actively exploited, allowing attackers full server control.

Hackers are actively exploiting a bug in cPanel, used by millions of websites | TechCrunch

A critical vulnerability in cPanel and WHM allows hackers to gain full control of affected servers, necessitating immediate patching by users.

Critical cPanel, WHM flaw probs exploited as 0-day, pros say

A critical vulnerability in cPanel and WHM allows attackers to bypass authentication and gain root access, affecting millions of domains.

Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months

A critical authentication bypass vulnerability in cPanel & WHM allows remote attackers to gain administrative access, risking system takeover.

New Global Scam Uses Fake Meeting Links to Run PowerShell Malware

BlueNoroff hackers exploit fake Zoom calls and fileless malware to steal credentials from Web3 and cryptocurrency organizations.

#software-supply-chain

Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft

A software supply chain attack campaign uses sleeper packages to push malicious payloads for credential theft and tampering.

PyTorch Lightning Compromised in PyPI Supply Chain Attack to Steal Credentials

Malicious versions of the Lightning Python package were released, enabling credential theft through an automated attack chain.

Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft

A software supply chain attack campaign uses sleeper packages to push malicious payloads for credential theft and tampering.

more#software-supply-chain

PyTorch Lightning Compromised in PyPI Supply Chain Attack to Steal Credentials

Malicious versions of the Lightning Python package were released, enabling credential theft through an automated attack chain.

Billions of Chrome Users Urged to Update After Google Patches 30 Security Flaws

Google patched 30 Chrome vulnerabilities, including four Critical flaws, requiring users to update their browsers for enhanced security.

Chrome 147, Firefox 150 Security Updates Rolling Out

Google and Mozilla released security updates for Chrome and Firefox, addressing multiple memory safety vulnerabilities and critical flaws.

fromTechRepublic

Billions of Chrome Users Urged to Update After Google Patches 30 Security Flaws

Google patched 30 Chrome vulnerabilities, including four Critical flaws, requiring users to update their browsers for enhanced security.

Chrome 147, Firefox 150 Security Updates Rolling Out

Google and Mozilla released security updates for Chrome and Firefox, addressing multiple memory safety vulnerabilities and critical flaws.

1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom

Over 1,800 developers were impacted by the Mini Shai-Hulud supply chain attack affecting multiple package ecosystems.

Google Adjusts Bug Bounties: Chrome Payouts Drop as Android Rewards Rise Amid AI Surge

Google has revamped its Vulnerability Reward Programs to prioritize high-impact vulnerabilities and actionable reports, adjusting reward amounts accordingly.

12 Tips for Building an Effective Security Budget

Organizations must prioritize security funding based on risk to avoid severe consequences from budget cuts.

Anthropic Claude Security available to all Enterprise customers

Claude Security is now in public beta for Enterprise customers, scanning code for vulnerabilities and suggesting targeted patches using the Claude Opus 4.7 model.

#openai

Information security

OpenAI locks GPT-5.5-Cyber behind velvet rope

Information security

OpenAI announces new advanced security for ChatGPT accounts, including a partnership with Yubico | TechCrunch

fromTNW | Next-Featured

Information security

OpenAI launches hardware security keys for ChatGPT with Yubico partnership and disables password login for high-risk users

OpenAI locks GPT-5.5-Cyber behind velvet rope

OpenAI is releasing GPT-5.5-Cyber to select cyber defenders to enhance security for critical systems.

OpenAI announces new advanced security for ChatGPT accounts, including a partnership with Yubico | TechCrunch

OpenAI launched Advanced Account Security with Yubico to enhance protection against phishing for ChatGPT users.

fromTNW | Next-Featured

OpenAI launches hardware security keys for ChatGPT with Yubico partnership and disables password login for high-risk users

OpenAI launched Advanced Account Security, replacing passwords with hardware keys and disabling email recovery, targeting sensitive user accounts.

Ubuntu services hit by outages after DDoS attack | TechCrunch

Hacktivists launched a DDoS attack on Ubuntu and Canonical, disrupting services and preventing users from updating the operating system.

Pro-Iran group turns Ubuntu DDoS into shakedown

Canonical's web infrastructure is under a sustained DDoS attack by the pro-Iran hacktivist group 313 Team.

Ubuntu services hit by outages after DDoS attack | TechCrunch

Hacktivists launched a DDoS attack on Ubuntu and Canonical, disrupting services and preventing users from updating the operating system.

Pro-Iran group turns Ubuntu DDoS into shakedown

Canonical's web infrastructure is under a sustained DDoS attack by the pro-Iran hacktivist group 313 Team.

Ubuntu infrastructure has been down for more than a day

Ubuntu's infrastructure outage limits security communication following a major exploit release affecting Linux distributions.

fromComputerworld

Windows shell spoofing vulnerability puts sensitive data at risk

CISA can shorten the deadline to three days in cases of high-risk exploitation. However, for CVE-2026-32202, the CVSS score was rated at 4.3, which does not meet the policy threshold for a faster patch cycle.

Information security

AI Fuels 'Industrial' Cybercrime as Time-to-Exploit Shrinks to Hours

Industrialized cybercrime utilizes AI and automation for efficient, sophisticated attacks, necessitating defenders to adopt similar technologies for effective countermeasures.

fromWIRED

OpenAI Rolls Out 'Advanced' Security Mode for At-Risk Accounts

OpenAI introduces Advanced Account Security to enhance protection against account takeover attacks for ChatGPT and Codex users.

fromComputerWeekly.com

Almost half of UK businesses hit by cyber attacks | Computer Weekly

Cyber security threats in the UK are significant, with many organizations experiencing breaches or attacks, highlighting the need for robust security measures.

Ongoing supply chain attacks worm into SAP npm packages

Supply chain attacks have compromised multiple npm packages, including those from SAP and Intercom, with credential-stealing malware affecting developers.

Critical kernel vulnerability affects a wide range of Linux distributions

A vulnerability in the Linux kernel allows local users to elevate privileges to root level, raising significant security concerns.

'Copy Fail' Logic Flaw in Linux Kernel Enables System Takeover

A high-severity logic bug in the Linux kernel allows unprivileged attackers to obtain root shell access.

Critical kernel vulnerability affects a wide range of Linux distributions

A vulnerability in the Linux kernel allows local users to elevate privileges to root level, raising significant security concerns.

'Copy Fail' Logic Flaw in Linux Kernel Enables System Takeover

A high-severity logic bug in the Linux kernel allows unprivileged attackers to obtain root shell access.

SAP NPM Packages Targeted in Supply Chain Attack

Four SAP NPM packages were compromised with malicious code, targeting cloud application workflows and stealing sensitive credentials.

Critical Gemini CLI Flaw Enabled Host Code Execution, Supply Chain Attacks

A critical vulnerability in Gemini CLI allows remote code execution, enabling attackers to exploit CI/CD pipelines for supply chain attacks.

Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution

Google fixed a critical security flaw in Gemini CLI that allowed arbitrary command execution on host systems.

SonicWall Urges Immediate Patching of Firewall Vulnerabilities

SonicWall urges immediate firmware updates for three vulnerabilities in Gen 6, 7, and 8 firewalls to maintain security.

fromnews.bitcoin.com

Wasabi Protocol Loses $5M After Attacker Seizes Deployer Admin Key Across 3 Chains

An attacker compromised Wasabi Protocol's admin key, draining $4.5M to $5.5M from vaults and liquidity pools on April 30, 2026.

fromInfoQ

The DPoP Storage Paradox: Why Browser-Based Proof-of-Possession Remains an Unsolved Problem

DPoP binds tokens to client keys but lacks guidance on browser key storage, creating security vulnerabilities that must be addressed by practitioners.

EnOcean SmartServer Flaws Expose Buildings to Remote Hacking

Vulnerabilities in EnOcean's SmartServer IoT platform allow remote attackers to hack building management systems.

fromArs Technica

The most severe Linux threat to surface in years catches the world flatfooted

A critical Linux vulnerability allows unprivileged users to gain root access, posing severe risks to data centers and personal devices.

fromTNW | China

China launches months-long campaign against AI misuse

The 2026 edition of the 'Qinglang' campaign targets AI-enabled fraud, deepfakes, disinformation, and illegal applications that violate privacy and intellectual property rights.

Information security

fromnews.bitcoin.com

Defillama Confirms April 2026 as Crypto's Most-Hacked Month With 30 Incidents

April 2026 recorded the highest number of crypto hacks, with 28-30 incidents totaling over $625M stolen, primarily from Drift Protocol and KelpDAO.

Wiz: AI is infrastructure, even if not everyone realizes it yet

AI has become integral to cloud infrastructure, with significant adoption but also governance challenges and visibility issues.

LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

A critical SQL injection vulnerability in BerriAI's LiteLLM package is actively exploited within 36 hours of disclosure, allowing unauthorized database access.

Wiz hands GitHub AI-aided bug report that isn't total slop

Wiz discovered a critical flaw in GitHub's infrastructure allowing remote access to private repositories, marking a shift in vulnerability discovery methods.

Critical GitHub Vulnerability Exposed Millions of Repositories

A critical vulnerability in GitHub allowed remote code execution, exposing millions of repositories, but was quickly addressed by the company.

GitHub rushed to fix a critical vulnerability in less than six hours

GitHub fixed a critical vulnerability in under six hours, preventing potential access to millions of repositories.

Wiz hands GitHub AI-aided bug report that isn't total slop

Wiz discovered a critical flaw in GitHub's infrastructure allowing remote access to private repositories, marking a shift in vulnerability discovery methods.

Critical GitHub Vulnerability Exposed Millions of Repositories

A critical vulnerability in GitHub allowed remote code execution, exposing millions of repositories, but was quickly addressed by the company.

GitHub rushed to fix a critical vulnerability in less than six hours

GitHub fixed a critical vulnerability in under six hours, preventing potential access to millions of repositories.

30 ClawHub skills secretly turn AI agents into crypto swarm

ClawHub skills are enabling a cryptocurrency mining swarm through AI agents without user consent or malware.

Fresh LiteLLM Vulnerability Exploited Shortly After Disclosure

A critical SQL injection vulnerability in LiteLLM was exploited shortly after disclosure, allowing unauthorized access to sensitive database information.

Checkmarx Confirms Data Stolen in Supply Chain Attack

Checkmarx confirmed data theft from its KICS project due to a supply chain attack linked to TeamPCP and Lapsus$.

Protecting U.S. Critical Infrastructure as Global Tensions Rise

Geopolitical tensions necessitate enhanced security measures for critical infrastructure to mitigate indirect threats and improve situational awareness.