Skip to content
Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal

Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal

Ravie LakshmananMay 28, 2026Zero Day / Vulnerability Disclosure Microsoft has come out strongly in favor of Coordinated Vulnerability Disclosure (CVD), urging the research community to share their findings and give affected vendors an opportunity to… 

Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More

Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More

Ravie LakshmananMay 28, 2026Hacking News / Cybersecurity News Every time you think the industry has finally stopped doing some reckless, low-effort crap, somebody spins up a fresh box full of sketchy loaders, fake installers, recycled… 

Enterprise AI Risk Is Heavily Concentrated Among a Small Group of AI “Power users”

Enterprise AI Risk Is Heavily Concentrated Among a Small Group of AI “Power users”

State of AI Usage Report 2026 (full report here) by LayerX Security reveals the extent of the enterprise AI visibility gap and why most organizations still don’t understand where their AI exposure is actually coming… 

JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware

JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware

Ravie LakshmananMay 28, 2026Supply Chain Attack / Malware A new campaign orchestrated by a previously undocumented threat actor has targeted cryptocurrency organizations with an aim to facilitate digital asset theft using recruitment-themed social engineering and… 

Grandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android Users

Grandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android Users

Latin America and Europe become the target of two banking trojan campaigns that are designed to infect Windows and Android devices with Grandoreiro and BTMOB malware, respectively. That’s according to new findings from WatchGuard and… 

Malicious npm Package Stole Files From Claude AI User Directory via GitHub

Malicious npm Package Stole Files From Claude AI User Directory via GitHub

Ravie LakshmananMay 27, 2026Threat Intelligence / Supply Chain Attack Cybersecurity researchers have discovered a new malicious package on the npm registry that comes with information stealing capabilities. According to OX Security, the package, named “mouse5212-super-formatter,”… 

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

Ravie LakshmananMay 27, 2026Malware / Threat Intelligence CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control (C2) channels associated with GlassWorm, a persistent software chain campaign targeting… 

Gitea Vulnerability Exposes Private Container Images without Authentication

Gitea Vulnerability Exposes Private Container Images without Authentication

Ravie LakshmananMay 27, 2026Vulnerability / Software Security Cybersecurity researchers have disclosed a security flaw in Gitea, an open-source, self-hosted platform for version control, that allows unauthenticated remote attackers to pull private container images from Gitea…