Security News
Latest Updates

SecurityWeek

Latest cybersecurity news

Exploit Code Published for Critical Flowise RCE Vulnerability - May 30, 2026

The one-click vulnerability allows attackers to execute arbitrary code on self-hosted Flowise servers by tricking users into importing a malicious chatflow.

The post Exploit Code Published for Critical Flowise RCE Vulnerability appeared first on SecurityWeek.

The Hacker News

Cybersecurity news and insights

PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation - May 30, 2026

Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come under active exploitation in the wild.

The vulnerability, tracked as CVE-2026-0257 (CVSS score: 7.8), refers to a case of authentication bypass that could be exploited by bad actors to set up VPN connections.

“Authentication bypass vulnerabilities in the

ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface - May 29, 2026

Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the artificial intelligence (AI) assistant’s implicit trust in Markdown links and images to trigger prompt injections and open the door to phishing attacks.

The technique has been codenamed ChatGPhish by Permiso Security.

“The chatgpt.com response renderer trusts Markdown links and Markdown

SecurityWeek

Latest cybersecurity news

In Other News: Trump Mobile Data Breach, FIFA World Cup Phishing, CISA Responds to Supply Chain Attacks - May 29, 2026

Noteworthy stories that might have slipped under the radar: Trump Mobile exposes customer data, phishers target the 2026 FIFA World Cup, CISA responds to recent supply chain attacks.

The post In Other News: Trump Mobile Data Breach, FIFA World Cup Phishing, CISA Responds to Supply Chain Attacks appeared first on SecurityWeek.

Charter Communications Data Breach Could Impact Nearly 5 Million - May 29, 2026

The notorious ShinyHunters extortion group leaked over 42 million records allegedly stolen from Charter in April.

The post Charter Communications Data Breach Could Impact Nearly 5 Million appeared first on SecurityWeek.

The Hacker News

Cybersecurity news and insights

Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit - May 29, 2026

An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network using a recently disclosed vulnerability.

“The attacker compromised an internet-reachable Marimo notebook via CVE-2026-39987, extracted two cloud credentials from the compromised

SecurityWeek

Latest cybersecurity news

MokN Raises $15 Million for Phish-Back Platform - May 29, 2026

MokN's platform deploys realistic decoy access points to lure attackers into revealing compromised credentials, enabling organizations to respond before abuse occurs.

The post MokN Raises $15 Million for Phish-Back Platform appeared first on SecurityWeek.

Gogs Zero-Day Exposes Servers to Remote Code Execution - May 29, 2026

The critical-severity issue, assigned a CVSS score of 9.4, is an argument injection flaw that can be exploited by authenticated attackers via pull requests with malicious branch names.

The post Gogs Zero-Day Exposes Servers to Remote Code Execution appeared first on SecurityWeek.

California Sues 23andMe, Alleging It Failed to Protect User Data in 2023 Breach - May 29, 2026

Attorney General Rob Bonta filed the lawsuit against Chrome Holding Co., which 23andMe rebranded under after filing for bankruptcy last March.

The post California Sues 23andMe, Alleging It Failed to Protect User Data in 2023 Breach appeared first on SecurityWeek.

Schneier on Security

Security news and analysis by Bruce Schneier

Chilling Effects - May 29, 2026

Younger Americans have soured on the second Donald Trump presidency, but they are not protesting it.

Despite an unpopular Iran war and an even more unpopular Trump administration, college campus protests nationwide have gone silent. And at many schools, student activism is virtually nonexistent.

This silence comes in the wake of a relentless Trump administration war on campus speech that has involved lawsuits, arrests, deportations and expulsions.

Reports cite a range of complicated factors for the restraint, from apathy to technology-induced incapacity. But as ...

The Hacker News

Cybersecurity news and insights

What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks - May 29, 2026

Shadow AI used to mean employees pasting things they shouldn’t into ChatGPT. It now means something bigger: employees building full applications with AI, wiring them into production systems, and publishing them on the open internet. Without Security or IT in the loop.

The artifact moved from a prompt to a product. The risk surface moved with it.

In The Shadow Builders report (get it here), a

SecurityWeek

Latest cybersecurity news

Chrome 148 Update Patches 151 Vulnerabilities - May 29, 2026

The browser update resolves critical-severity security defects that could potentially lead to remote code execution.

The post Chrome 148 Update Patches 151 Vulnerabilities appeared first on SecurityWeek.

The Hacker News

Cybersecurity news and insights

Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets - May 29, 2026

Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of Brazil’s largest cooperative financial systems, to siphon client IDs and PFX certificates.

According to Socket, versions 2.0.0 through 2.0.4 of “Sicoob.Sdk” contain functionality to exfiltrate sensitive information, including PFX certificates that are used to

Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code - May 28, 2026

A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an authenticated user to execute arbitrary code under certain conditions.

The security flaw, per Rapid7, is rated 9.4 on the CVSS scoring system. It does not have a CVE identifier.

“The vulnerability allows any authenticated user to achieve remote code execution (RCE) on

SecurityWeek

Latest cybersecurity news

Geordie Raises $30 Million for AI Security and Governance Platform - May 28, 2026

The funding round was led by Balderton Capital, with additional support from Crosspoint Capital and previous investors General Catalyst and Ten Eleven Ventures.

The post Geordie Raises $30 Million for AI Security and Governance Platform appeared first on SecurityWeek.

The Hacker News

Cybersecurity news and insights

Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer - May 28, 2026

Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server (EMS) deployments to deliver credential-stealing malware.

“The campaign abused trusted endpoint management infrastructure to deliver malware across managed endpoints,” Arctic Wolf said. “Threat actors disguised the credential stealer payload as a Fortinet endpoint

Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal - May 28, 2026

Microsoft has come out strongly in favor of Coordinated Vulnerability Disclosure (CVD), urging the research community to share their findings and give affected vendors an opportunity to better understand the impact and address them before they are publicly disclosed.

The development comes after a researcher named Chaotic Eclipse (aka Nightmare-Eclipse) disclosed details of multiple zero-day

The Hacker News

Cybersecurity news and insights

Grandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android Users - May 27, 2026

Latin America and Europe become the target of two banking trojan campaigns that are designed to infect Windows and Android devices with Grandoreiro and BTMOB malware, respectively.

That’s according to new findings from WatchGuard and ESET, which have observed the two malware families being used to single out companies in Spain, Portugal, and Mexico, as well as mobile users in Brazil.

The

Malicious npm Package Stole Files From Claude AI User Directory via GitHub - May 27, 2026

Cybersecurity researchers have discovered a new malicious package on the npm registry that comes with information stealing capabilities.

According to OX Security, the package, named “mouse5212-super-formatter,” is designed to upload files from “/mnt/user-data,” a dedicated directory used by Anthropic’s Claude artificial intelligence (AI) tool to handle uploads and outputs in the background. The

SecurityWeek

Latest cybersecurity news

Vulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance Rate - May 27, 2026

Novee researchers discovered an account takeover vulnerability in the open source CFP management tool Pretalx.

The post Vulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance Rate appeared first on SecurityWeek.

Schneier on Security

Security news and analysis by Bruce Schneier

FBI’s 2025 Internet Crime Report - May 27, 2026

The 2025 Internet Crime Report was published a few weeks ago, but I only just saw it.
Lots of interesting statistics.

Press release. News articles.

The Hacker News

Cybersecurity news and insights

5 Steps to Managing Shadow AI Tools Without Slowing Down Employees - May 27, 2026

When an employee installs an AI writing assistant, connects a coding copilot to their IDE, or starts summarizing meetings with a new browser tool, they are doing exactly what a productive employee should do: finding faster ways to work.

Across most organizations today, employees are running three to five AI tools on any given day. Most were never reviewed by IT. A significant portion connects

SecurityWeek

Latest cybersecurity news

SecurityWeek to Host AI Risk Summit August 11-12 at the Ritz-Carlton, Half Moon Bay - May 27, 2026

Now in its third year, the AI Risk Summit is the leading conference that brings together CISOs, security leaders, AI researchers, developers, policymakers, and enterprise risk professionals.

The post SecurityWeek to Host AI Risk Summit August 11-12 at the Ritz-Carlton, Half Moon Bay appeared first on SecurityWeek.

RevEng.AI Raises $15 Million to Hunt for Flaws and Backdoors in Software Binaries - May 27, 2026

Using an AI model called BinNet, RevEng hunts vulnerabilities and backdoors in released software binaries.

The post RevEng.AI Raises $15 Million to Hunt for Flaws and Backdoors in Software Binaries appeared first on SecurityWeek.

The Hacker News

Cybersecurity news and insights

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure - May 27, 2026

CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control (C2) channels associated with GlassWorm, a persistent software chain campaign targeting software developers through malicious packages and extensions.

“Since at least early 2025, GlassWorm operators have systematically targeted software developers, a

SecurityWeek

Latest cybersecurity news

Lastwall Raises $11.5 Million for Quantum-Resilient Identity Platform - May 27, 2026

The new funding, led by BDC Capital’s StrongNorth Fund, will accelerate Lastwall’s North American expansion.

The post Lastwall Raises $11.5 Million for Quantum-Resilient Identity Platform appeared first on SecurityWeek.

The Credential Crisis: How Stolen Credentials Defeat Modern Security - May 27, 2026

As AI accelerates phishing, session hijacking, and credential abuse, security teams are racing to close the gap between attacker speed and defensive response.

The post The Credential Crisis: How Stolen Credentials Defeat Modern Security appeared first on SecurityWeek.

‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery Systems - May 27, 2026

Malicious repositories and disguised symlinks can trick AI coding agents into silently installing attacker-controlled MCP servers capable of stealing secrets, compromising CI pipelines, and deploying malicious code.

The post ‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery Systems appeared first on SecurityWeek.

GlassWorm Botnet Disrupted - May 27, 2026

Security firms took down all four command-and-control (C&C) channels used by the GlassWorm malware.

The post GlassWorm Botnet Disrupted appeared first on SecurityWeek.

The Hacker News

Cybersecurity news and insights

Gitea Vulnerability Exposes Private Container Images without Authentication - May 27, 2026

Cybersecurity researchers have disclosed a security flaw in Gitea, an open-source, self-hosted platform for version control, that allows unauthenticated remote attackers to pull private container images from Gitea deployments without requiring an account, password, or other credentials.

The vulnerability, tracked as CVE-2026-27771 (CVSS score: 8.2), affects all versions of Gitea prior to 1.26.2

SecurityWeek

Latest cybersecurity news

LA Metro Cyberattack Linked to Iranian State-Sponsored Hackers - May 27, 2026

The attack was claimed by a hacktivist group, but evidence showed it used infrastructure linked to Iranian government threat actors.

The post LA Metro Cyberattack Linked to Iranian State-Sponsored Hackers appeared first on SecurityWeek.

The Hacker News

Cybersecurity news and insights

AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites - May 27, 2026

Microsoft has warned of an active cryptojacking campaign that makes use of artificial intelligence (AI) chatbot interactions as a mechanism for surfacing malicious download sites.

“This emerging delivery technique extends social engineering beyond conventional search results and increases the visibility of malicious software recommendations,” Microsoft Defender Experts and the Microsoft

MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries - May 26, 2026

The Iranian hacking group known as MuddyWater has been linked to a new campaign affecting at least nine organizations across nine countries on four continents in the first quarter of 2026.

The activity targeted industrial and electronics manufacturing, education and public-sector bodies, financial services, and professional services, per the Threat Hunter Team from Symantec and Carbon Black.

Schneier on Security

Security news and analysis by Bruce Schneier

Identifying People Using Wi-Fi Routers - May 26, 2026

Not identifying people based on their use of Wi-Fi routers, but identifying people using Wi-Fi signals.

This is accomplished through what is known as WiFi sensing, or the use of WiFi signals to infer information about a physical environment. When radio signals like WiFi travel through a space, they interact with the objects and people around them. Those signals can be reflected, scattered, or absorbed. By analyzing how the signal is expected to behave compared with how it is actually received, researchers can infer details about the surrounding environment...

The Hacker News

Cybersecurity news and insights

[THN Webinar] New AI DDoS Attacks Are Smarter. Learn How to Fight Back - May 26, 2026

Every single day, hackers are finding new ways to crash websites and steal data.

But right now, something has changed. Hackers are no longer working alone. They are now using powerful Artificial Intelligence (AI) tools to make their attacks faster, stronger, and much harder to stop.

According to recent updates from The Hacker News, bad actors are using AI to find weak spots in systems and

Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions - May 26, 2026

Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in attacks without requiring any specialized conditions to be met.

The vulnerability, tracked as CVE-2026-45659, carries a CVSS score of 8.8. It has been assigned an important severity.

“Deserialization of untrusted data in Microsoft Office SharePoint allows