Ransomware crims got a month-long head start on Check Point VPN 0-day that now has a fix
Scumbags, including a Qilin ransomware affiliate, began hitting this hole May 7
Security & Lifecycle News
Aggregated from vendor advisories, security research, and industry publications.
Meta Blocks NSO Group's New WhatsApp Phishing Attack, Files Contempt Order
Meta on Monday said it detected and blocked spear-phishing attempts linked to Israeli spyware vendor NSO Group. In addition, the tech giant said it's filing a federal court contem…
Critical Zcash Vulnerability Found and Fixed
If you’re a user—owner?—of this cryptocurrency, this is important: On May 29, the security researcher Taylor Hornby found a critical vulnerability in Zcash Orchard privacy pool usi…
Canonical sends Ubuntu into the AI agent era
Sandboxed LLM dev environments lead the show, but accessibility may be the real prize
ZTE Demonstrates Integrated AI, Connectivity and Digital Utility Technologies at TNB Energy Transition Conference
PARTNER CONTENT: Driving Grid Modernization and Energy Transition in Malaysia Through Advanced AI and Smart Infrastructure Solutions
NASA's Secret: Moon astronauts will be rocking Prada underwear
What, you think any old liquid-cooled bodysuit would be acceptable to pair with such a fashionable outer layer?
Gogs patches critical zero-day enabling remote code execution
Gogs has patched a critical security zero-day flaw that can allow attackers to compromise Internet-facing instances and access any repositories (including private ones). [...]
'Hades' Campaign Against PyPI Puts New Spin on Shai-Hulud
The latest attacks, which hit 37 PyPI wheels and 19 code packages, show a continued evolution of the persistent software supply chain threat.
Critical UniFi OS bug lets hackers gain root without authentication
Attackers can chain three already fixed vulnerabilities in the Ubiquiti UniFi OS server to execute remote code with root privileges and without authentication. [...]
Ransomware sends Illinois high school on an early summer vacation
Meanwhile, 13 schools in Wales affected by separate attack
Everybody Is Vibe Coding But Nobody Told the Security Team
AI-driven development is not something organizations can or should block. But it must be governed. The post Everybody Is Vibe Coding But Nobody Told the Security Team appeared firs…
NB578: Cisco Goes All-In on AI Ops with Cloud Control; China Floats Underwater Data Center
Take a Network Break! Our Red Alert covers a critical Android vulnerability that could lead to local privilege escalation to root. On the news front, we dig into Cloud Control, Cis…
Amazon Leo's satellite homework is late, but FCC won't flunk it just yet
Orbital broadband biz will miss its July 30 deadline to have 1,616 spacecraft in place
NHS prescribes half a million Copilot licenses for its paperwork headache
After a trial claimed chatbot saved staff 43 minutes a day, NHS England has decided it's time to supersize the experiment
Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups
Check Point has warned of active exploitation of a critical vulnerability impacting Remote Access VPN and Mobile Access deployments that are configured to use the deprecated IKEv1 …
Reducing security operations complexity with Wazuh Cloud
Security teams are increasingly overwhelmed by alert fatigue, infrastructure maintenance, and complex hybrid environments. This article explores how Wazuh Cloud helps simplify SIEM…
GitHub nukes 70+ Microsoft repos, breaks CI/CD pipelines, following suspected worm infections
Miasma worm shapeshifts, but cloud secret-scouting remains the goal
WhatsApp Catches Spyware Firm NSO Defying No-Hacking Court Order
The Meta-owned communications app is filing a federal court contempt order against NSO. The post WhatsApp Catches Spyware Firm NSO Defying No-Hacking Court Order appeared first on …
⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More
Monday again. The weekend was meant to be quiet. It wasn't. Last week had poisoned packages, a broken AI helper, and a worm tearing through repos. The ugly part: basic tricks still…
Check Point links VPN zero-day attacks to Qilin ransomware gang
Israeli cybersecurity company Check Point has released security updates to patch a critical flaw affecting Remote Access VPN and Mobile Access deployments, which was exploited in z…
AI Phishing Is Crushing SOCs with Alert Volume: How to Reduce Tier 1 Overload
Phishing has always been a numbers game. AI has turned it into a volume machine. Attackers can now create convincing emails, fake login pages, and tailored lures in minutes. Every…
Python JIT compiler project under threat after steering council says proper process wasn't followed
No new features to be submitted to main branch, existing code removed in 6 months if new proposal not created and accepted
Cybersecurity M&A Roundup: 26 Deals Announced in May 2026
Significant cybersecurity M&A deals announced by Akamai, Check Point, Cisco, Cyera, Dragos, WatchGuard and Zscaler. The post Cybersecurity M&A Roundup: 26 Deals Announced in May 20…
Everest Forms Vulnerability Exploited to Hack WordPress Sites
The flaw allows attackers to execute arbitrary code remotely and has been exploited in the wild for two months. The post Everest Forms Vulnerability Exploited to Hack WordPress Sit…
NSO Group back in Meta's crosshairs after alleged WhatsApp targeting
Zuckercorp says surveillance-for-hire vendor was still running phishing operations after federal court told it to knock it off
The Hardest Fork
Mythos is real. I know a big chunk of the industry thinks it's a marketing stunt, and I get why. I get it. But I've seen the findings, and they're bad. These aren't "whoops, this l…
UK boffin bait lands 18 international researchers
Global Talent visa program aims to draw in dissatisfied scientists from countries including the US
174,000 Impacted by Lansing Community College Data Breach
Hackers accessed personal information stored on certain Lansing Community College systems in February 2025. The post 174,000 Impacted by Lansing Community College Data Breach appea…
Oxford University discloses data breach after careers platform hack
The University of Oxford disclosed a new data breach last week after being informed by its third-party provider, Group GTI, that its CareerConnect career services platform had been…
Anthropic’s Project Glasswing Update
In April, Anthropic initated Project Glasswing. The idea was to let companies use their new model to find and fix vulnerabilities in their own software. It was a fantastic PR move,…